sshutils

package

v7.0.0-...-185e5fd Latest Latest Go to latest Published: Jul 29, 2021 License: Apache-2.0 Imports: 16 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

Documentation ¶

Overview ¶

Package sshutils defines several functions and types used across the Teleport API and other Teleport packages when working with SSH.

Index ¶

Constants
func AsAgentKeys(sshCert *ssh.Certificate, privKey []byte) ([]agent.AddedKey, error)
func AsAuthMethod(sshCert *ssh.Certificate, privKey []byte) (ssh.AuthMethod, error)
func AsSigner(sshCert *ssh.Certificate, privKey []byte) (ssh.Signer, error)
func HostKeyCallback(caCerts [][]byte) (ssh.HostKeyCallback, error)
func KeysEqual(ak, bk ssh.PublicKey) bool
func NewClientConnWithDeadline(conn net.Conn, addr string, config *ssh.ClientConfig) (*ssh.Client, error)
func ParseCertificate(buf []byte) (*ssh.Certificate, error)
func ProxyClientSSHConfig(sshCert, privKey []byte, caCerts [][]byte) (*ssh.ClientConfig, error)
type ChConn
type DialReq
- func (d *DialReq) CheckAndSetDefaults() error

Constants ¶

View Source

const (
	// ConnectionTypeRequest is a request sent over a SSH channel that returns a
	// boolean which indicates the connection type (direct or tunnel).
	ConnectionTypeRequest = "x-teleport-connection-type"
)

Variables ¶

This section is empty.

Functions ¶

func AsAgentKeys ¶

func AsAgentKeys(sshCert *ssh.Certificate, privKey []byte) ([]agent.AddedKey, error)

AsAgentKeys converts Key struct to a []*agent.AddedKey. All elements of the []*agent.AddedKey slice need to be loaded into the agent!

func AsAuthMethod ¶

func AsAuthMethod(sshCert *ssh.Certificate, privKey []byte) (ssh.AuthMethod, error)

AsAuthMethod returns an "auth method" interface, a common abstraction used by Golang SSH library. This is how you actually use a Key to feed it into the SSH lib.

func AsSigner ¶

func AsSigner(sshCert *ssh.Certificate, privKey []byte) (ssh.Signer, error)

AsSigner returns an ssh.Signer from raw marshaled key and certificate.

func HostKeyCallback ¶

func HostKeyCallback(caCerts [][]byte) (ssh.HostKeyCallback, error)

HostKeyCallback returns an ssh.HostKeyCallback that validates host keys/certs against SSH CAs in the Key.

If not CAs are present in the Key, the returned ssh.HostKeyCallback is nil. This causes golang.org/x/crypto/ssh to prompt the user to verify host key fingerprint (same as OpenSSH does for an unknown host).

func KeysEqual ¶

func KeysEqual(ak, bk ssh.PublicKey) bool

KeysEqual is constant time compare of the keys to avoid timing attacks

func NewClientConnWithDeadline ¶

func NewClientConnWithDeadline(conn net.Conn, addr string, config *ssh.ClientConfig) (*ssh.Client, error)

NewClientConnWithDeadline establishes new client connection with specified deadline

func ParseCertificate ¶

func ParseCertificate(buf []byte) (*ssh.Certificate, error)

ParseCertificate parses an SSH certificate from the authorized_keys format.

func ProxyClientSSHConfig ¶

func ProxyClientSSHConfig(sshCert, privKey []byte, caCerts [][]byte) (*ssh.ClientConfig, error)

ProxyClientSSHConfig returns an ssh.ClientConfig with SSH credentials from this Key and HostKeyCallback matching SSH CAs in the Key.

The config is set up to authenticate to proxy with the first available principal.

Types ¶

type ChConn ¶

type ChConn struct {
	ssh.Channel
	// contains filtered or unexported fields
}

ChConn is a net.Conn like object that uses SSH channel

func ConnectProxyTransport ¶

func ConnectProxyTransport(sconn ssh.Conn, req *DialReq, exclusive bool) (*ChConn, bool, error)

ConnectProxyTransport opens a channel over the remote tunnel and connects to the requested host.

func NewChConn ¶

func NewChConn(conn ssh.Conn, ch ssh.Channel) *ChConn

NewChConn returns a new net.Conn implemented over SSH channel

func NewExclusiveChConn ¶

func NewExclusiveChConn(conn ssh.Conn, ch ssh.Channel) *ChConn

NewExclusiveChConn returns a new net.Conn implemented over SSH channel, whenever this connection closes

func (*ChConn) Close ¶

func (c *ChConn) Close() error

Close closes channel and if the ChConn is exclusive, connection as well

func (*ChConn) LocalAddr ¶

func (c *ChConn) LocalAddr() net.Addr

LocalAddr returns a local address of a connection Uses underlying net.Conn implementation

func (*ChConn) Read ¶

func (c *ChConn) Read(data []byte) (int, error)

Read reads from the channel.

func (*ChConn) RemoteAddr ¶

func (c *ChConn) RemoteAddr() net.Addr

RemoteAddr returns a remote address of a connection Uses underlying net.Conn implementation

func (*ChConn) SetDeadline ¶

func (c *ChConn) SetDeadline(t time.Time) error

SetDeadline sets a connection deadline.

func (*ChConn) SetReadDeadline ¶

func (c *ChConn) SetReadDeadline(t time.Time) error

SetReadDeadline sets a connection read deadline.

func (*ChConn) SetWriteDeadline ¶

func (c *ChConn) SetWriteDeadline(t time.Time) error

SetWriteDeadline sets write deadline on a connection ignored for the channel connection

type DialReq ¶

type DialReq struct {
	// Address is the target host to make a connection to.
	Address string `json:"address,omitempty"`

	// ServerID is the hostUUID.clusterName of the node. ServerID is used when
	// dialing through a tunnel to SSH and application nodes.
	ServerID string `json:"server_id,omitempty"`

	// ConnType is the type of connection requested, either node or application.
	ConnType types.TunnelType `json:"conn_type"`
}

DialReq is a request for the address to connect to. Supports special non-resolvable addresses and search names if connection over a tunnel.

func (*DialReq) CheckAndSetDefaults ¶

func (d *DialReq) CheckAndSetDefaults() error

CheckAndSetDefaults verifies all the values are valid.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL