Documentation ¶
Overview ¶
Package regular implements SSH server that supports multiplexing tunneling, SSH connections proxying and only supports Key based auth
Index ¶
- type NodesGetter
- type Server
- func (s *Server) Addr() string
- func (s *Server) AdvertiseAddr() string
- func (s *Server) Close() error
- func (s *Server) Component() string
- func (s *Server) Context() context.Context
- func (s *Server) GetAccessPoint() srv.AccessPoint
- func (s *Server) GetBPF() bpf.BPF
- func (s *Server) GetClock() clockwork.Clock
- func (s *Server) GetCreateHostUser() bool
- func (s *Server) GetDataDir() string
- func (s *Server) GetHostUsers() srv.HostUsers
- func (s *Server) GetInfo() types.Server
- func (s *Server) GetLockWatcher() *services.LockWatcher
- func (s *Server) GetNamespace() string
- func (s *Server) GetPAM() (*pam.Config, error)
- func (s *Server) GetRestrictedSessionManager() restricted.Manager
- func (s *Server) GetUtmpPath() (string, string)
- func (s *Server) HandleConnection(conn net.Conn)
- func (s *Server) HandleNewChan(ctx context.Context, ccx *sshutils.ConnectionContext, nch ssh.NewChannel)
- func (s *Server) HandleNewConn(ctx context.Context, ccx *sshutils.ConnectionContext) (context.Context, error)
- func (s *Server) HandleRequest(ctx context.Context, r *ssh.Request)
- func (s *Server) HostUUID() string
- func (s *Server) ID() string
- func (s *Server) PermitUserEnvironment() bool
- func (s *Server) Serve(l net.Listener) error
- func (s *Server) Shutdown(ctx context.Context) error
- func (s *Server) Start() error
- func (s *Server) TargetMetadata() apievents.ServerMetadata
- func (s *Server) UseTunnel() bool
- func (s *Server) Wait()
- type ServerOption
- func SetAllowFileCopying(allow bool) ServerOption
- func SetAllowTCPForwarding(allow bool) ServerOption
- func SetBPF(ebpf bpf.BPF) ServerOption
- func SetCiphers(ciphers []string) ServerOption
- func SetClock(clock clockwork.Clock) ServerOption
- func SetConnectedProxyGetter(getter *reversetunnel.ConnectedProxyGetter) ServerOption
- func SetCreateHostUser(createUser bool) ServerOption
- func SetEmitter(emitter events.StreamEmitter) ServerOption
- func SetFIPS(fips bool) ServerOption
- func SetInventoryControlHandle(handle inventory.DownstreamHandle) ServerOption
- func SetKEXAlgorithms(kexAlgorithms []string) ServerOption
- func SetLabels(staticLabels map[string]string, cmdLabels services.CommandLabels, ...) ServerOption
- func SetLimiter(limiter *limiter.Limiter) ServerOption
- func SetLockWatcher(lockWatcher *services.LockWatcher) ServerOption
- func SetMACAlgorithms(macAlgorithms []string) ServerOption
- func SetNamespace(namespace string) ServerOption
- func SetNodeWatcher(nodeWatcher *services.NodeWatcher) ServerOption
- func SetOnHeartbeat(fn func(error)) ServerOption
- func SetPAMConfig(pamConfig *pam.Config) ServerOption
- func SetPermitUserEnvironment(permitUserEnvironment bool) ServerOption
- func SetProxyMode(peerAddr string, tsrv reversetunnel.Tunnel, ap auth.ReadProxyAccessPoint) ServerOption
- func SetRestrictedSessionManager(m restricted.Manager) ServerOption
- func SetRotationGetter(getter services.RotationGetter) ServerOption
- func SetShell(shell string) ServerOption
- func SetStoragePresenceService(service *local.PresenceService) ServerOption
- func SetTracerProvider(provider oteltrace.TracerProvider) ServerOption
- func SetUUID(uuid string) ServerOption
- func SetUseTunnel(useTunnel bool) ServerOption
- func SetUtmpPath(utmpPath, wtmpPath string) ServerOption
- func SetX11ForwardingConfig(xc *x11.ServerConfig) ServerOption
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type NodesGetter ¶
NodesGetter is a function that retrieves a subset of nodes matching the filter criteria.
type Server ¶
type Server struct { sync.Mutex *logrus.Entry // StreamEmitter points to the auth service and emits audit events events.StreamEmitter // contains filtered or unexported fields }
Server implements SSH server that uses configuration backend and certificate-based authentication
func New ¶
func New(addr utils.NetAddr, hostname string, signers []ssh.Signer, authService srv.AccessPoint, dataDir string, advertiseAddr string, proxyPublicAddr utils.NetAddr, auth auth.ClientI, options ...ServerOption, ) (*Server, error)
New returns an unstarted server
func (*Server) AdvertiseAddr ¶
AdvertiseAddr returns an address this server should be publicly accessible as, in "ip:host" form
func (*Server) GetAccessPoint ¶
func (s *Server) GetAccessPoint() srv.AccessPoint
func (*Server) GetCreateHostUser ¶
GetCreateHostUser determines whether users should be created on the host automatically
func (*Server) GetHostUsers ¶
GetHostUsers returns the HostUsers instance being used to manage host user provisioning
func (*Server) GetLockWatcher ¶
func (s *Server) GetLockWatcher() *services.LockWatcher
GetLockWatcher gets the server's lock watcher.
func (*Server) GetNamespace ¶
func (*Server) GetRestrictedSessionManager ¶
func (s *Server) GetRestrictedSessionManager() restricted.Manager
GetRestrictedSessionManager returns the manager for restricting user activity.
func (*Server) GetUtmpPath ¶
GetUtmpPath returns the optional override of the utmp and wtmp path.
func (*Server) HandleConnection ¶
HandleConnection is called after a connection has been accepted and starts to perform the SSH handshake immediately.
func (*Server) HandleNewChan ¶
func (s *Server) HandleNewChan(ctx context.Context, ccx *sshutils.ConnectionContext, nch ssh.NewChannel)
HandleNewChan is called when new channel is opened
func (*Server) HandleNewConn ¶
func (s *Server) HandleNewConn(ctx context.Context, ccx *sshutils.ConnectionContext) (context.Context, error)
HandleNewConn is called by sshutils.Server once for each new incoming connection, prior to handling any channels or requests. Currently this callback's only function is to apply session control restrictions.
func (*Server) HandleRequest ¶
HandleRequest processes global out-of-band requests. Global out-of-band requests are processed in order (this way the originator knows which request we are responding to). If Teleport does not support the request type or an error occurs while processing that request Teleport will reply req.Reply(false, nil).
For more details: https://tools.ietf.org/html/rfc4254.html#page-4
func (*Server) HostUUID ¶
HostUUID is the ID of the server. This value is the same as ID, it is different from the forwarding server.
func (*Server) PermitUserEnvironment ¶
PermitUserEnvironment returns if ~/.tsh/environment will be read before a session is created by this server.
func (*Server) TargetMetadata ¶
func (s *Server) TargetMetadata() apievents.ServerMetadata
TargetMetadata returns metadata about the server.
type ServerOption ¶
ServerOption is a functional option passed to the server
func SetAllowFileCopying ¶
func SetAllowFileCopying(allow bool) ServerOption
SetAllowFileCopying sets whether the server is allowed to handle SCP/SFTP requests.
func SetAllowTCPForwarding ¶
func SetAllowTCPForwarding(allow bool) ServerOption
SetAllowTCPForwarding sets the TCP port forwarding mode that this server is allowed to offer. The default value is SSHPortForwardingModeAll, i.e. port forwarding is allowed.
func SetBPF ¶
func SetBPF(ebpf bpf.BPF) ServerOption
func SetCiphers ¶
func SetCiphers(ciphers []string) ServerOption
func SetClock ¶
func SetClock(clock clockwork.Clock) ServerOption
SetClock is a functional server option to override the internal clock
func SetConnectedProxyGetter ¶
func SetConnectedProxyGetter(getter *reversetunnel.ConnectedProxyGetter) ServerOption
SetConnectedProxyGetter sets the ConnectedProxyGetter.
func SetCreateHostUser ¶
func SetCreateHostUser(createUser bool) ServerOption
SetCreateHostUser configures host user creation on a server
func SetEmitter ¶
func SetEmitter(emitter events.StreamEmitter) ServerOption
SetEmitter assigns an audit event emitter for this server
func SetFIPS ¶
func SetFIPS(fips bool) ServerOption
func SetInventoryControlHandle ¶
func SetInventoryControlHandle(handle inventory.DownstreamHandle) ServerOption
SetInventoryControlHandle sets the server's downstream inventory control handle.
func SetKEXAlgorithms ¶
func SetKEXAlgorithms(kexAlgorithms []string) ServerOption
func SetLabels ¶
func SetLabels(staticLabels map[string]string, cmdLabels services.CommandLabels, cloudLabels labels.Importer) ServerOption
SetLabels sets dynamic and static labels that server will report to the auth servers.
func SetLimiter ¶
func SetLimiter(limiter *limiter.Limiter) ServerOption
SetLimiter sets rate and connection limiter for this server
func SetLockWatcher ¶
func SetLockWatcher(lockWatcher *services.LockWatcher) ServerOption
SetLockWatcher sets the server's lock watcher.
func SetMACAlgorithms ¶
func SetMACAlgorithms(macAlgorithms []string) ServerOption
func SetNamespace ¶
func SetNamespace(namespace string) ServerOption
func SetNodeWatcher ¶
func SetNodeWatcher(nodeWatcher *services.NodeWatcher) ServerOption
SetNodeWatcher sets the server's node watcher.
func SetOnHeartbeat ¶
func SetOnHeartbeat(fn func(error)) ServerOption
func SetPAMConfig ¶
func SetPAMConfig(pamConfig *pam.Config) ServerOption
func SetPermitUserEnvironment ¶
func SetPermitUserEnvironment(permitUserEnvironment bool) ServerOption
SetPermitUserEnvironment allows you to set the value of permitUserEnvironment.
func SetProxyMode ¶
func SetProxyMode(peerAddr string, tsrv reversetunnel.Tunnel, ap auth.ReadProxyAccessPoint) ServerOption
SetProxyMode starts this server in SSH proxying mode
func SetRestrictedSessionManager ¶
func SetRestrictedSessionManager(m restricted.Manager) ServerOption
func SetRotationGetter ¶
func SetRotationGetter(getter services.RotationGetter) ServerOption
SetRotationGetter sets rotation state getter
func SetShell ¶
func SetShell(shell string) ServerOption
SetShell sets default shell that will be executed for interactive sessions
func SetStoragePresenceService ¶
func SetStoragePresenceService(service *local.PresenceService) ServerOption
SetStoragePresenceService configures host user creation on a server
func SetTracerProvider ¶
func SetTracerProvider(provider oteltrace.TracerProvider) ServerOption
SetTracerProvider sets the tracer provider.
func SetUseTunnel ¶
func SetUseTunnel(useTunnel bool) ServerOption
func SetUtmpPath ¶
func SetUtmpPath(utmpPath, wtmpPath string) ServerOption
SetUtmpPath is a functional server option to override the user accounting database and log path.
func SetX11ForwardingConfig ¶
func SetX11ForwardingConfig(xc *x11.ServerConfig) ServerOption
SetX11ForwardingConfig sets the server's X11 forwarding configuration