Documentation ¶
Overview ¶
Package sshd implements an SSH server.
See https://tools.ietf.org/html/rfc4254
This was copied over (and effectively forked from) cookoo-ssh. Mainly this differs from the cookoo-ssh version in that this does not act like a stand-alone SSH server.
Index ¶
- Constants
- func AuthKey(c cookoo.Context, p *cookoo.Params) (interface{}, cookoo.Interrupt)
- func Configure(c cookoo.Context, p *cookoo.Params) (interface{}, cookoo.Interrupt)
- func GenSSHKeys(c cookoo.Context, p *cookoo.Params) (interface{}, cookoo.Interrupt)
- func ParseHostKeys(c cookoo.Context, p *cookoo.Params) (interface{}, cookoo.Interrupt)
- func Ping(c cookoo.Context, p *cookoo.Params) (interface{}, cookoo.Interrupt)
- func Serve(reg *cookoo.Registry, router *cookoo.Router, serverCircuit *Circuit, ...) cookoo.Interrupt
- type Circuit
- type CircuitState
- type Config
- type EnvVar
- type ExecCmd
- type GenericMessage
- type RepositoryLock
Constants ¶
const ( // HostKeys is the context key for Host Keys list. HostKeys string = "ssh.HostKeys" // Address is the context key for SSH address. Address string = "ssh.Address" // ServerConfig is the context key for ServerConfig object. ServerConfig string = "ssh.ServerConfig" )
Variables ¶
This section is empty.
Functions ¶
func AuthKey ¶
AuthKey authenticates based on a public key.
Params:
- metadata (ssh.ConnMetadata)
- key (ssh.PublicKey)
Returns:
*ssh.Permissions
func Configure ¶
Configure creates a new SSH configuration object.
Config sets a PublicKeyCallback handler that forwards public key auth requests to the route named "pubkeyAuth".
This assumes certain details about our environment, like the location of the host keys. It also provides only key-based authentication. ConfigureServerSshConfig
Returns:
An *ssh.ServerConfig
func GenSSHKeys ¶
GenSSHKeys generates the default set of SSH host keys.
func ParseHostKeys ¶
ParseHostKeys parses the host key files.
By default it looks in /etc/ssh for host keys of the patterh ssh_host_{{TYPE}}_key.
Params:
- keytypes ([]string): Key types to parse. Defaults to []string{rsa, dsa, ecdsa}
- enableV1 (bool): Allow V1 keys. By default this is disabled.
- path (string): Override the lookup pattern. If %s, it will be replaced with the keytype.
Returns:
[]ssh.Signer
func Ping ¶
Ping handles a simple test SSH exec.
Returns the string PONG and exit status 0.
Params:
- channel (ssh.Channel): The channel to respond on.
- request (*ssh.Request): The request.
func Serve ¶
func Serve( reg *cookoo.Registry, router *cookoo.Router, serverCircuit *Circuit, gitHomeDir string, concurrentPushLock RepositoryLock, c cookoo.Context) cookoo.Interrupt
Serve starts a native SSH server.
The general design of the server is that it acts as a main server for a Cookoo app. It assumes that certain things have been configured for it, like an ssh.ServerConfig. Once it runs, it will block until the main process terminates. If you want to stop it prior to that, you can grab the closer ("sshd.Closer") out of the context and send it a signal.
Currently, the service is not generic. It only runs git hooks.
This expects the following Context variables.
- ssh.Hostkeys ([]ssh.Signer): Host key, as an unparsed byte slice.
- ssh.Address (string): Address/port
- ssh.ServerConfig (*ssh.ServerConfig): The server config to use.
This puts the following variables into the context:
- ssh.Closer (chan interface{}): Send a message to this to shutdown the server.
Types ¶
type Circuit ¶
type Circuit struct {
// contains filtered or unexported fields
}
Circuit is a concurrency-safe data structure that can take one of two states at any point in time:
- OpenState - non functional - ClosedState - functional
The circuit is intended as a point-in-time indicator of functionality. It has no backoff mechanism, jitter or ramp-up/ramp-down functionality.
func NewCircuit ¶
func NewCircuit() *Circuit
NewCircuit creates a new circuit, in the open (non-functional) state.
func (*Circuit) Close ¶
Close closes the circuit if it wasn't already closed. Returns true if it had to be closed, false if it was already closed.
func (*Circuit) Open ¶
Open opens the circuit if it wasn't already closed. Returns true if it had to be opened, false if it was already open.
func (*Circuit) State ¶
func (c *Circuit) State() CircuitState
State returns the current state of the circuit. Note that concurrent modifications may be happening, so the state may be different than what's returned.
type CircuitState ¶
type CircuitState uint32
CircuitState represents the state of a Circuit.
const ( // OpenState indicates that the circuit is in the open state, and thus non-functional. OpenState CircuitState = 0 // ClosedState indicates that the circuit is in the closed state, and thus functional. ClosedState CircuitState = 1 )
func (CircuitState) String ¶
func (c CircuitState) String() string
String is the fmt.Stringer interface implementation.
type Config ¶
type Config struct { SSHHostIP string `envconfig:"SSH_HOST_IP" default:"0.0.0.0" required:"true"` SSHHostPort int `envconfig:"SSH_HOST_PORT" default:"2223" required:"true"` HealthSrvPort int `envconfig:"HEALTH_SERVER_PORT" default:"8092"` HealthSrvTestStorageRegion string `envconfig:"STORAGE_REGION" default:"us-east-1"` CleanerPollSleepDurationSec int `envconfig:"CLEANER_POLL_SLEEP_DURATION_SEC" default:"1"` StorageType string `envconfig:"BUILDER_STORAGE" default:"minio"` SlugBuilderImagePullPolicy string `envconfig:"SLUG_BUILDER_IMAGE_PULL_POLICY" default:"Always"` DockerBuilderImagePullPolicy string `envconfig:"DOCKER_BUILDER_IMAGE_PULL_POLICY" default:"Always"` }
Config represents the required SSH server configuration.
func (Config) CleanerPollSleepDuration ¶
CleanerPollSleepDuration returns c.CleanerPollSleepDurationSec as a time.Duration.
type GenericMessage ¶
type GenericMessage struct {
Value string
}
GenericMessage describes a simple string message, which is common in SSH.
type RepositoryLock ¶
type RepositoryLock interface { // Lock acquires a lock for a repository. In the case the repository is already locked // it waits until a timeout to get the lock. If it was not possible to get the // lock after the timeout an error is returned. Lock(repoName string, timeout time.Duration) error // Unlock releases the lock for a repository or returns an error if the specified // name doesn't exist. In the case the repository is already locked it waits until // a timeout to get the lock. If it was not possible to get the lock after the timeout // an error is returned. Unlock(repoName string, timeout time.Duration) error }
RepositoryLock interface that allows the creation of a lock associated with a repository name to avoid simultaneous git operations.
func NewInMemoryRepositoryLock ¶
func NewInMemoryRepositoryLock() RepositoryLock
NewInMemoryRepositoryLock returns a new instance of a RepositoryLock.