regular

package
v0.0.0-...-5c79d48 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 15, 2024 License: AGPL-3.0 Imports: 53 Imported by: 0

Documentation

Overview

Package regular implements SSH server that supports multiplexing tunneling, SSH connections proxying and only supports Key based auth

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type CertAuthorityGetter 

type CertAuthorityGetter = func(ctx context.Context, id types.CertAuthID, loadKeys bool) (types.CertAuthority, error)

CertAuthorityGetter allows to get cluster's host CA for verification of signed PROXY headers. We define our own version to avoid circular dependencies in multiplexer package (it can't depend on 'services'), where this function is used.

type PROXYHeaderSigner 

type PROXYHeaderSigner interface {
	SignPROXYHeader(source, destination net.Addr) ([]byte, error)
}

PROXYHeaderSigner allows to sign PROXY headers for securely propagating original client IP information

type Server 

type Server struct {
	sync.Mutex

	*logrus.Entry

	// StreamEmitter points to the auth service and emits audit events
	events.StreamEmitter
	// contains filtered or unexported fields
}

Server implements SSH server that uses configuration backend and certificate-based authentication

func New 

func New(
	ctx context.Context,
	addr utils.NetAddr,
	hostname string,
	signers []ssh.Signer,
	authService srv.AccessPoint,
	dataDir string,
	advertiseAddr string,
	proxyPublicAddr utils.NetAddr,
	auth auth.ClientI,
	options ...ServerOption,
) (*Server, error)

New returns an unstarted server

func (*Server) ActiveConnections 

func (s *Server) ActiveConnections() int32

ActiveConnections returns the number of connections that are being served.

func (*Server) Addr 

func (s *Server) Addr() string

Addr returns server address

func (*Server) AdvertiseAddr 

func (s *Server) AdvertiseAddr() string

AdvertiseAddr returns an address this server should be publicly accessible as, in "ip:host" form

func (*Server) Close 

func (s *Server) Close() error

Close closes listening socket and stops accepting connections

func (*Server) Component 

func (s *Server) Component() string

func (*Server) Context 

func (s *Server) Context() context.Context

Context returns server shutdown context

func (*Server) GetAccessPoint 

func (s *Server) GetAccessPoint() srv.AccessPoint

func (*Server) GetBPF 

func (s *Server) GetBPF() bpf.BPF

GetBPF returns the BPF service used by enhanced session recording.

func (*Server) GetClock 

func (s *Server) GetClock() clockwork.Clock

GetClock returns server clock implementation

func (*Server) GetCreateHostUser 

func (s *Server) GetCreateHostUser() bool

GetCreateHostUser determines whether users should be created on the host automatically

func (*Server) GetDataDir 

func (s *Server) GetDataDir() string

GetDataDir returns server data dir

func (*Server) GetHostSudoers 

func (s *Server) GetHostSudoers() srv.HostSudoers

GetHostSudoers returns the HostSudoers instance being used to manage sudoers file provisioning

func (*Server) GetHostUsers 

func (s *Server) GetHostUsers() srv.HostUsers

GetHostUsers returns the HostUsers instance being used to manage host user provisioning

func (*Server) GetInfo 

func (s *Server) GetInfo() types.Server

GetInfo returns a services.Server that represents this server.

func (*Server) GetLockWatcher 

func (s *Server) GetLockWatcher() *services.LockWatcher

GetLockWatcher gets the server's lock watcher.

func (*Server) GetNamespace 

func (s *Server) GetNamespace() string

func (*Server) GetPAM 

func (s *Server) GetPAM() (*servicecfg.PAMConfig, error)

GetPAM returns the PAM configuration for this server.

func (*Server) GetUserAccountingPaths 

func (s *Server) GetUserAccountingPaths() (string, string, string)

GetUserAccountingPaths returns the optional override of the utmp, wtmp, and btmp paths.

func (*Server) HandleConnection 

func (s *Server) HandleConnection(conn net.Conn)

HandleConnection is called after a connection has been accepted and starts to perform the SSH handshake immediately.

func (*Server) HandleNewChan 

func (s *Server) HandleNewChan(ctx context.Context, ccx *sshutils.ConnectionContext, nch ssh.NewChannel)

HandleNewChan is called when new channel is opened

func (*Server) HandleNewConn 

func (s *Server) HandleNewConn(ctx context.Context, ccx *sshutils.ConnectionContext) (context.Context, error)

HandleNewConn is called by sshutils.Server once for each new incoming connection, prior to handling any channels or requests. Currently this callback's only function is to apply session control restrictions.

func (*Server) HandleRequest 

func (s *Server) HandleRequest(ctx context.Context, r *ssh.Request)

HandleRequest processes global out-of-band requests. Global out-of-band requests are processed in order (this way the originator knows which request we are responding to). If Teleport does not support the request type or an error occurs while processing that request Teleport will reply req.Reply(false, nil).

For more details: https://tools.ietf.org/html/rfc4254.html#page-4

func (*Server) HostUUID 

func (s *Server) HostUUID() string

HostUUID is the ID of the server. This value is the same as ID, it is different from the forwarding server.

func (*Server) ID 

func (s *Server) ID() string

ID returns server ID

func (*Server) PermitUserEnvironment 

func (s *Server) PermitUserEnvironment() bool

PermitUserEnvironment returns if ~/.tsh/environment will be read before a session is created by this server.

func (*Server) Serve 

func (s *Server) Serve(l net.Listener) error

Serve servers service on started listener

func (*Server) Shutdown 

func (s *Server) Shutdown(ctx context.Context) error

Shutdown performs graceful shutdown

func (*Server) Start 

func (s *Server) Start() error

Start starts server

func (*Server) TargetMetadata 

func (s *Server) TargetMetadata() apievents.ServerMetadata

TargetMetadata returns metadata about the server.

func (*Server) UseTunnel 

func (s *Server) UseTunnel() bool

UseTunnel used to determine if this node has connected to this cluster using reverse tunnel.

func (*Server) Wait 

func (s *Server) Wait()

Wait waits until server stops

type ServerOption 

type ServerOption func(s *Server) error

ServerOption is a functional option passed to the server

func SetAllowFileCopying 

func SetAllowFileCopying(allow bool) ServerOption

SetAllowFileCopying sets whether the server is allowed to handle SCP/SFTP requests.

func SetAllowTCPForwarding 

func SetAllowTCPForwarding(allow bool) ServerOption

SetAllowTCPForwarding sets the TCP port forwarding mode that this server is allowed to offer. The default value is SSHPortForwardingModeAll, i.e. port forwarding is allowed.

func SetBPF 

func SetBPF(ebpf bpf.BPF) ServerOption

func SetCAGetter 

func SetCAGetter(caGetter CertAuthorityGetter) ServerOption

SetCAGetter sets the cert authority getter

func SetCiphers 

func SetCiphers(ciphers []string) ServerOption

func SetClock 

func SetClock(clock clockwork.Clock) ServerOption

SetClock is a functional server option to override the internal clock

func SetConnectedProxyGetter 

func SetConnectedProxyGetter(getter *reversetunnel.ConnectedProxyGetter) ServerOption

SetConnectedProxyGetter sets the ConnectedProxyGetter.

func SetCreateHostUser 

func SetCreateHostUser(createUser bool) ServerOption

SetCreateHostUser configures host user creation on a server

func SetEmitter 

func SetEmitter(emitter events.StreamEmitter) ServerOption

SetEmitter assigns an audit event emitter for this server

func SetFIPS 

func SetFIPS(fips bool) ServerOption

func SetIngressReporter 

func SetIngressReporter(service string, r *ingress.Reporter) ServerOption

SetIngressReporter sets the reporter for reporting new and active connections.

func SetInventoryControlHandle 

func SetInventoryControlHandle(handle inventory.DownstreamHandle) ServerOption

SetInventoryControlHandle sets the server's downstream inventory control handle.

func SetKEXAlgorithms 

func SetKEXAlgorithms(kexAlgorithms []string) ServerOption

func SetLabels 

func SetLabels(staticLabels map[string]string, cmdLabels services.CommandLabels, cloudLabels labels.Importer) ServerOption

SetLabels sets dynamic and static labels that server will report to the auth servers.

func SetLimiter 

func SetLimiter(limiter *limiter.Limiter) ServerOption

SetLimiter sets rate and connection limiter for this server

func SetLockWatcher 

func SetLockWatcher(lockWatcher *services.LockWatcher) ServerOption

SetLockWatcher sets the server's lock watcher.

func SetMACAlgorithms 

func SetMACAlgorithms(macAlgorithms []string) ServerOption

func SetNamespace 

func SetNamespace(namespace string) ServerOption

func SetNodeWatcher 

func SetNodeWatcher(nodeWatcher *services.NodeWatcher) ServerOption

SetNodeWatcher sets the server's node watcher.

func SetOnHeartbeat 

func SetOnHeartbeat(fn func(error)) ServerOption

func SetPAMConfig 

func SetPAMConfig(pamConfig *servicecfg.PAMConfig) ServerOption

func SetPROXYSigner 

func SetPROXYSigner(proxySigner PROXYHeaderSigner) ServerOption

SetPROXYSigner sets the PROXY headers signer

func SetPermitUserEnvironment 

func SetPermitUserEnvironment(permitUserEnvironment bool) ServerOption

SetPermitUserEnvironment allows you to set the value of permitUserEnvironment.

func SetProxyMode 

func SetProxyMode(peerAddr string, tsrv reversetunnelclient.Tunnel, ap auth.ReadProxyAccessPoint, router *proxy.Router) ServerOption

SetProxyMode starts this server in SSH proxying mode

func SetPublicAddrs 

func SetPublicAddrs(addrs []utils.NetAddr) ServerOption

SetPublicAddrs sets the server's public addresses

func SetRotationGetter 

func SetRotationGetter(getter services.RotationGetter) ServerOption

SetRotationGetter sets rotation state getter

func SetSessionController 

func SetSessionController(controller *srv.SessionController) ServerOption

SetSessionController sets the session controller.

func SetShell 

func SetShell(shell string) ServerOption

SetShell sets default shell that will be executed for interactive sessions

func SetStoragePresenceService 

func SetStoragePresenceService(service *local.PresenceService) ServerOption

SetStoragePresenceService configures host user creation on a server

func SetTracerProvider 

func SetTracerProvider(provider oteltrace.TracerProvider) ServerOption

SetTracerProvider sets the tracer provider.

func SetUUID 

func SetUUID(uuid string) ServerOption

SetUUID sets server unique ID

func SetUseTunnel 

func SetUseTunnel(useTunnel bool) ServerOption

func SetUserAccountingPaths 

func SetUserAccountingPaths(utmpPath, wtmpPath, btmpPath string) ServerOption

SetUserAccountingPaths is a functional server option to override the user accounting database and log path.

func SetX11ForwardingConfig 

func SetX11ForwardingConfig(xc *x11.ServerConfig) ServerOption

SetX11ForwardingConfig sets the server's X11 forwarding configuration

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.