Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AuthResponse ¶
type AuthResponse uint8
AuthResponse indicates the various response states for the authentication process.
const ( // AuthResponseSuccess indicates that the authentication was successful. AuthResponseSuccess AuthResponse = 1 // AuthResponseFailure indicates that the authentication failed for invalid credentials. AuthResponseFailure AuthResponse = 2 // to respond. AuthResponseUnavailable AuthResponse = 3 )
type ChannelRejection ¶
type ChannelRejection interface { error // Message contains a message intended for the user. Message() string // Reason contains the SSH-specific reason for the rejection. Reason() ssh.RejectionReason }
ChannelRejection is an error type that also contains a Message and a Reason
type Cipher ¶
type Cipher string
Cipher is the SSH cipher
const ( CipherChaCha20Poly1305 Cipher = "chacha20-poly1305@openssh.com" CipherAES256GCM Cipher = "aes256-gcm@openssh.com" CipherAES128GCM Cipher = "aes128-gcm@openssh.com" CipherAES256CTE Cipher = "aes256-ctr" CipherAES192CTR Cipher = "aes192-ctr" CipherAES128CTR Cipher = "aes128-ctr" CipherAES128CBC Cipher = "aes128-cbc" CipherArcFour256 Cipher = "arcfour256" CipherArcFour128 Cipher = "arcfour128" CipherArcFour Cipher = "arcfour" CipherTripleDESCBCID Cipher = "tripledescbcID" )
Cipher is the SSH cipher
type Config ¶
type Config struct { // Listen is the listen address for the SSH server Listen string `json:"listen" yaml:"listen" default:"0.0.0.0:2222"` // ServerVersion is the version sent to the client. // Must be in the format of "SSH-protoversion-softwareversion SPACE comments". // See https://tools.ietf.org/html/rfc4253#page-4 section 4.2. Protocol Version Exchange // The trailing CR and LF characters should NOT be added to this string. ServerVersion string `json:"serverVersion" yaml:"serverVersion" default:"SSH-2.0-ContainerSSH"` // Ciphers are the ciphers offered to the client. Ciphers []Cipher `` /* 205-byte string literal not displayed */ // KexAlgorithms are the key exchange algorithms offered to the client. KexAlgorithms []Kex `` /* 176-byte string literal not displayed */ // MACs are the MAC algorithms offered to the client. MACs []MAC `` /* 150-byte string literal not displayed */ // Banner is the banner sent to the client on connecting. Banner string `json:"banner" yaml:"banner" comment:"Host banner to show after the username" default:""` // HostKeys are the host keys either in PEM format, or filenames to load. HostKeys []ssh.Signer `json:"hostkeys" yaml:"hostkeys" comment:"Host keys in PEM format or files to load PEM host keys from."` }
Config is the base configuration structure of the SSH server.
func DefaultConfig ¶
func DefaultConfig() Config
DefaultConfig returns the config structure with the default settings. Only the HostKeys option will need to be
filled.
func (*Config) GenerateHostKey ¶
GenerateHostKey generates a random host key and adds it to Config
func (*Config) UnmarshalJSON ¶
UnmarshalJSON decodes a JSON data structure into the configuration.
type ExitStatus ¶ added in v0.9.2
type ExitStatus uint32
ExitStatus contains the status code with which the program exited. See RFC 4254 section 6.10: Returning Exit Status for details. ( https://tools.ietf.org/html/rfc4254#section-6.10 )
type Handler ¶
type Handler interface { // OnReady is called when the server is ready to receive connections. It has an opportunity to return an error to // abort the startup. OnReady() error // OnShutdown is called when a shutdown of the SSH server is desired. The shutdownContext is passed as a deadline // for the shutdown, after which the server should abort all running connections and return as fast as // possible. OnShutdown(shutdownContext context.Context) // OnNetworkConnection is called when a new network connection is opened. It must either return a // NetworkConnectionHandler object or an error. In case of an error the network connection is closed. // // The ip parameter provides the IP address of the connecting user. The connectionID parameter provides an opaque // binary identifier for the connection that can be used to track the connection across multiple subsystems. OnNetworkConnection(client net.TCPAddr, connectionID string) (NetworkConnectionHandler, error) }
Handler is the basic handler for SSH connections. It contains several methods to handle startup and operations of the
server
type HostKeyAlgo ¶
type HostKeyAlgo string
HostKeyAlgo are supported host key algorithms.
const ( HostKeyAlgoSSHRSACertv01 HostKeyAlgo = "ssh-rsa-cert-v01@openssh.com" HostKeyAlgoSSHDSSCertv01 HostKeyAlgo = "ssh-dss-cert-v01@openssh.com" HostKeyAlgoECDSASHA2NISTp256Certv01 HostKeyAlgo = "ecdsa-sha2-nistp256-cert-v01@openssh.com" HostKeyAlgoECDSASHA2NISTp384Certv01 HostKeyAlgo = "ecdsa-sha2-nistp384-cert-v01@openssh.com" HostKeyAlgoECDSASHA2NISTp521Certv01 HostKeyAlgo = "ecdsa-sha2-nistp521-cert-v01@openssh.com" HostKeyAlgoSSHED25519Certv01 HostKeyAlgo = "ssh-ed25519-cert-v01@openssh.com" HostKeyAlgoSSHRSA HostKeyAlgo = "ssh-rsa" HostKeyAlgoSSHDSS HostKeyAlgo = "ssh-dss" HostKeyAlgoSSHED25519 HostKeyAlgo = "ssh-ed25519" )
HostKeyAlgo are supported host key algorithms.
func (HostKeyAlgo) String ¶
func (h HostKeyAlgo) String() string
String creates a string representation.
type Kex ¶
type Kex string
Kex are the SSH key exchange algorithms
const ( KexCurve25519SHA256 Kex = "curve25519-sha256@libssh.org" KexECDHSHA2NISTp521 Kex = "ecdh-sha2-nistp521" KexECDHSHA2Nistp384 Kex = "ecdh-sha2-nistp384" KexECDHSHA2Nistp256 Kex = "ecdh-sha2-nistp256" KexDHGroup14SHA1 Kex = "diffie-hellman-group14-sha1" KexDHGroup1SHA1 Kex = "diffie-hellman-group1-sha1" )
Kex are the SSH key exchange algorithms
type MAC ¶
type MAC string
MAC are the SSH mac algorithms.
type NetworkConnectionHandler ¶
type NetworkConnectionHandler interface { // OnAuthPassword is called when a user attempts a password authentication. The implementation must always supply // AuthResponse and may supply error as a reason description. OnAuthPassword(username string, password []byte) (response AuthResponse, reason error) // OnAuthPassword is called when a user attempts a pubkey authentication. The implementation must always supply // AuthResponse and may supply error as a reason description. The pubKey parameter is an SSH key in // the form of "ssh-rsa KEY HERE". OnAuthPubKey(username string, pubKey string) (response AuthResponse, reason error) // OnHandshakeFailed is called when the SSH handshake failed. This method is also called after an authentication // failure. After this method is the connection will be closed and the OnDisconnect method will be // called. OnHandshakeFailed(reason error) // OnHandshakeSuccess is called when the SSH handshake was successful. It returns connection to process // requests, or failureReason to indicate that a backend error has happened. In this case, the // connection will be closed and OnDisconnect will be called. OnHandshakeSuccess(username string) (connection SSHConnectionHandler, failureReason error) // OnDisconnect is called when the network connection is closed. OnDisconnect() }
NetworkConnectionHandler is an object that is used to represent the underlying network connection and the SSH handshake.
type SSHConnectionHandler ¶
type SSHConnectionHandler interface { // OnUnsupportedGlobalRequest captures all global SSH requests and gives the implementation an opportunity to log // the request. // // requestID is an ID uniquely identifying the request within the scope connection. The same ID may appear within // a channel. OnUnsupportedGlobalRequest(requestID uint64, requestType string, payload []byte) // OnUnsupportedChannel is called when a new channel is requested of an unsupported type. This gives the implementer // the ability to log unsupported channel requests. // // channelID is an ID uniquely identifying the channel within the connection. // channelType is the type of channel requested by the client. We only support the "session" channel type // extraData contains the binary extra data submitted by the client. This is usually empty. OnUnsupportedChannel(channelID uint64, channelType string, extraData []byte) // OnSessionChannel is called when a channel of the session type is requested. The implementer must either return // the channel result if the channel was successful, or failureReason to state why the channel // should be rejected. // // channelID is an ID uniquely identifying the channel within the connection. // extraData contains the binary extra data submitted by the client. This is usually empty. OnSessionChannel(channelID uint64, extraData []byte) (channel SessionChannelHandler, failureReason ChannelRejection) }
SSHConnectionHandler represents an established SSH connection that is ready to receive requests.
type Server ¶
Server is the main SSH server interface, compatible with the Service library. It should always be used in conjunction with the Lifecycle interface from the service library.
type SessionChannelHandler ¶
type SessionChannelHandler interface { // OnUnsupportedChannelRequest captures channel requests of unsupported types. // // requestID is an incrementing number uniquely identifying this request within the channel. // requestType contains the SSH request type. // payload is the binary payload. OnUnsupportedChannelRequest( requestID uint64, requestType string, payload []byte, ) // OnFailedDecodeChannelRequest is called when a supported channel request was received, but the payload could not // be decoded. // // requestID is an incrementing number uniquely identifying this request within the channel. // requestType contains the SSH request type. // payload is the binary payload. // reason is the reason why the decoding failed. OnFailedDecodeChannelRequest( requestID uint64, requestType string, payload []byte, reason error, ) // OnEnvRequest is called when the client requests an environment variable to be set. The implementation can return // an error to reject the request. OnEnvRequest( requestID uint64, name string, value string, ) error // OnPtyRequest is called when the client requests an interactive terminal to be allocated. The implementation can // return an error to reject the request. // // requestID is an incrementing number uniquely identifying this request within the channel. // term is the terminal name. This is usually set in the TERM environment variable. // columns is the number of columns in the terminal. // rows is the number of rows in the terminal. // width is the width of the terminal in pixels. // height is the height of a terminal in pixels. // modelist are the encoded terminal modes the client desires. See RFC4254 section 8 and RFC8160 for details. OnPtyRequest( requestID uint64, term string, columns uint32, rows uint32, width uint32, height uint32, modeList []byte, ) error // OnExecRequest is called when the client request a program to be executed. The implementation can return an error // to reject the request. // // requestID is an incrementing number uniquely identifying this request within the channel. // program is the name of the program to be executed. // stdin is a reader for the shell or program to read the stdin. // stdout is a writer for the shell or program standard output. // stderr is a writer for the shell or program standard error. // onExit is a callback to send the exit status back to the client. OnExecRequest( requestID uint64, program string, stdin io.Reader, stdout io.Writer, stderr io.Writer, onExit func(exitStatus ExitStatus), ) error // OnShell is called when the client requests a shell to be started. The implementation can return an error to // reject the request. The implementation should send the IO handling into background. It should also // respect the shutdown context on the Handler. // // requestID is an incrementing number uniquely identifying this request within the channel. // stdin is a reader for the shell or program to read the stdin. // stdout is a writer for the shell or program standard output. // stderr is a writer for the shell or program standard error. // onExit is a callback to send the exit status back to the client. OnShell( requestID uint64, stdin io.Reader, stdout io.Writer, stderr io.Writer, onExit func(exitStatus ExitStatus), ) error // OnSubsystem is called when the client calls a well-known subsystem (e.g. sftp). The implementation can return an // error to reject the request. The implementation should send the IO handling into background. It // should also respect the shutdown context on the Handler. // // requestID is an incrementing number uniquely identifying this request within the channel. // stdin is a reader for the shell or program to read the stdin. // stdout is a writer for the shell or program standard output. // stderr is a writer for the shell or program standard error. // onExit is a callback to send the exit status back to the client. OnSubsystem( requestID uint64, subsystem string, stdin io.Reader, stdout io.Writer, stderr io.Writer, onExit func(exitStatus ExitStatus), ) error // OnSignal is called when the client requests a signal to be sent to the running process. The implementation can // return an error to reject the request. OnSignal( requestID uint64, signal string, ) error // OnWindow is called when the client requests requests the window size to be changed. This method may be called // after a program is started. The implementation can return an error to reject the request. // // requestID is an incrementing number uniquely identifying this request within the channel. // columns is the number of columns in the terminal. // rows is the number of rows in the terminal. // width is the width of the terminal in pixels. // height is the height of a terminal in pixels. OnWindow( requestID uint64, columns uint32, rows uint32, width uint32, height uint32, ) error }
SessionChannelHandler is a channel of the "session" type used for interactive and non-interactive sessions