ssh

Documentation

Index

• Constants
• func LoadPrivateOpenSSH(file string) (interface{}, error)
• func MaintainVPNConnection(gw *mesh.Gateway)
• type SSHConn
  • func (sshC *SSHConn) AcceptDialLegacy() error
  • func (sshC *SSHConn) Close() error
  • func (sshC *SSHConn) DialProxy(tp *ugate.Stream) error
  • func (sshC *SSHConn) RemoteAccept(remoteListenAddr string, dest string) error
  • func (sc *SSHConn) RemoteVIP() net.IP
  • func (sc *SSHConn) SendMessageToRemote(ev *msgs.Message) error
  • func (sshC *SSHConn) Wait() error
• type SSHGate
  • func NewSSHGate(gw *mesh.Gateway, certs *auth.Auth) *SSHGate
  • func (sshGate *SSHGate) ConnectStream(node *ugate.DMNode, addr string, conn net.Conn) (func() error, error)
  • func (sshGate *SSHGate) DialCon(conn net.Conn, addr string, pub []byte) (ugate.MuxedConn, error)
  • func (sshGate *SSHGate) DialMUX(addr string, pub []byte, subs []string) (ugate.MuxedConn, error)
  • func (sshGate *SSHGate) DirectConnect(node *ugate.DMNode) (chan error, error)
  • func (sshGate *SSHGate) HandleServerConn(nConn net.Conn)
  • func (sshGate *SSHGate) InitServer() error
  • func (sshGate *SSHGate) ListenSSH(address string) error
• type SSHServerConn
  • func (sshS *SSHServerConn) AcceptForward(in io.ReadCloser, out io.Writer, ip net.IP, port int, hostKey string, ...)
  • func (sshS *SSHServerConn) Close() error
  • func (sshS *SSHServerConn) DialForwarded(ctx context.Context, remote net.Addr, hostKey string, portKey uint32) (net.Conn, error)
  • func (sshS *SSHServerConn) DialProxy(tp *ugate.Stream) error
  • func (sshS *SSHServerConn) DialProxyLegacy(tp *ugate.Stream) error
  • func (sshS *SSHServerConn) RemoteAccept(r, f string) error
  • func (sshS *SSHServerConn) RemoteVIP() net.IP
  • func (sshS *SSHServerConn) Wait() error

Constants

const H2_MESH_PORT = 5228

const ROLE_GUEST = "guest"

const SSH_MESH_PORT = 5222

const SSH_MSG = true

Functions

func LoadPrivateOpenSSH

func LoadPrivateOpenSSH(file string) (interface{}, error)

Can parse existing openssh RSA and ed25519 private keys, from ~/.ssh

- RSA PRIVATE KEY block - OPENSSH PRIVATE KEY block, can only parse rsa or ed - PRIVATE KEY - x509 PKCS8 - EC PRIVATE KEY - (DSA)

func MaintainVPNConnection

func MaintainVPNConnection(gw *mesh.Gateway)

Maintain the keep-alive connection to the VPN master server receive messages from the remote, send messages to the remote and handle forwarding TODO: attempt to create a circuit using Up connections.

Types

type SSHConn

type SSHConn struct {

	// Remote address (IP:port or host:port) of the directly
	// connected peer.
	Addr string

	Connect             time.Time
	SubscriptionsToSend []string

	VIP6 net.IP

	Node *ugate.DMNode
	// contains filtered or unexported fields
}

Base connection - use SSHClientConn or SSHServerConn

func (*SSHConn) AcceptDialLegacy

func (sshC *SSHConn) AcceptDialLegacy() error

func (*SSHConn) Close

func (sshC *SSHConn) Close() error

func (*SSHConn) DialProxy

func (sshC *SSHConn) DialProxy(tp *ugate.Stream) error

DialProxy will use a SSH client connection MUX to reach a remote server. Part of MuxedConn interface used to connect to a destination over this connection. On success, tp.Server[In|Out] will be set with a connection to

tp.Dest:tp.DestPort

Uses the equivalent of "-L".

func (*SSHConn) RemoteAccept

func (sshC *SSHConn) RemoteAccept(remoteListenAddr string, dest string) error

Use the connection to a remote SSHClientConn server to listen to a port. Accepted connections will be handled using the handler.

vpn is the address of the vpn server dest is the address to forward incoming listener connections, passed as parameter to handler handler is a function capable of 2-way forwarding.

func (*SSHConn) RemoteVIP

func (sc *SSHConn) RemoteVIP() net.IP

func (*SSHConn) SendMessageToRemote

func (sc *SSHConn) SendMessageToRemote(ev *msgs.Message) error

func (*SSHConn) Wait

func (sshC *SSHConn) Wait() error

AcceptDial create a virtual listener (magic port 5222) on the server. The server will be able to initiate connections in reverse to this client. TODO: make it work with standard ssh servers - for example get a dynamic port, and bounce it as an incoming ssh connection.

type SSHGate

type SSHGate struct {

	// Active outbound SSHClientConn tunnels. May be direct to a neighbor/reachable IP, or tunneled in sshUp.
	// Key is the host:Port or IP:port used in Dial
	// Clients typically open at least port -R :5222, so it is possible
	// to initiate 'push' connections.
	SshClients map[string]*SSHConn

	// Accepted connections. If the server is running as VPN server, connections from all clients.
	// If this node is an AP or mesh node, connections from immediate neighbors.
	// Key is the VIP
	SshConn map[uint64]*SSHServerConn

	ConnectTimeout time.Duration
	// contains filtered or unexported fields
}

Main SSH gateway interface. Each node can have multiple client and server connections. Primary port is 5222, but connections may be received over tunnels. A SSH gateway has one key pair and set of configs.

func NewSSHGate

func NewSSHGate(gw *mesh.Gateway, certs *auth.Auth) *SSHGate

Initialize the SSH gateway.

func (*SSHGate) ConnectStream

func (sshGate *SSHGate) ConnectStream(node *ugate.DMNode,
	addr string,
	conn net.Conn) (func() error, error)

ConnectStream creates a MuxedConn over an established conn addr may be empty.

If node has a VIP or public key it will be checked. The resulting MuxedConn will be set a node.TunClient

func (*SSHGate) DialCon

func (sshGate *SSHGate) DialCon(conn net.Conn, addr string,
	pub []byte) (ugate.MuxedConn, error)

func (*SSHGate) DialMUX

func (sshGate *SSHGate) DialMUX(addr string,
	pub []byte, subs []string) (ugate.MuxedConn, error)

func (*SSHGate) DirectConnect

func (sshGate *SSHGate) DirectConnect(node *ugate.DMNode) (chan error, error)

func (*SSHGate) HandleServerConn

func (sshGate *SSHGate) HandleServerConn(nConn net.Conn)

Handles a connection as SSH server, using a net.Conn - which might be tunneled over other transports. SSH handles multiplexing and packets.

func (*SSHGate) InitServer

func (sshGate *SSHGate) InitServer() error

func (*SSHGate) ListenSSH

func (sshGate *SSHGate) ListenSSH(address string) error

Start listening. Typically address is :0, and the default port is 5222 A single server is usually sufficient for a node.

type SSHServerConn

type SSHServerConn struct {
	SSHConn
}

Server connection from one SSHClientConn client - inbound

func (*SSHServerConn) AcceptForward

func (sshS *SSHServerConn) AcceptForward(in io.ReadCloser, out io.Writer,
	ip net.IP, port int, hostKey string, portKey uint32)

For -R, when a remote conn is received on a TCP accept. Will open a 'forwarded-tcpip' channel from server to client, associated with the previous -R. Called from acceptor, for an explicit listen port.

func (*SSHServerConn) Close

func (sshS *SSHServerConn) Close() error

func (*SSHServerConn) DialForwarded

func (sshS *SSHServerConn) DialForwarded(ctx context.Context,
	remote net.Addr,
	hostKey string, portKey uint32) (net.Conn, error)

func (*SSHServerConn) DialProxy

func (sshS *SSHServerConn) DialProxy(tp *ugate.Stream) error

DialProxy uses an existing server connection (this node accepted the request) to create a virtual tunnel where this node is the client.

For SSH it relies on "forwarded-tcpip", which is typically used for -R/accept channels, with a custom header at the beginning (TODO: use CONNECT, and make it consistent for all channels)

This only works if the clients are compatible with this extension

func (*SSHServerConn) DialProxyLegacy

func (sshS *SSHServerConn) DialProxyLegacy(tp *ugate.Stream) error

Attemtping to use std forward - it requires the other side to understand the header. This may work if remote is doing a -R 0:localSocks or localConnect.

For now legacy is not a priority.

func (*SSHServerConn) RemoteAccept

func (sshS *SSHServerConn) RemoteAccept(r, f string) error

func (*SSHServerConn) RemoteVIP

func (sshS *SSHServerConn) RemoteVIP() net.IP

func (*SSHServerConn) Wait

func (sshS *SSHServerConn) Wait() error