defaults

package

v2.2.7+incompatible Latest Latest Go to latest Published: Aug 28, 2017 License: Apache-2.0 Imports: 4 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/rvichery/teleport

Links

Open Source Insights

Documentation ¶

Overview ¶

Package defaults contains default constants set in various parts of teleport codebase

Index ¶

Constants
Variables
func AuthConnectAddr() *utils.NetAddr
func AuthListenAddr() *utils.NetAddr
func ConfigureLimiter(lc *limiter.LimiterConfig)
func ProxyListenAddr() *utils.NetAddr
func ProxyWebListenAddr() *utils.NetAddr
func ReverseTunnellListenAddr() *utils.NetAddr
func SSHServerListenAddr() *utils.NetAddr

Constants ¶

View Source

const (
	// Web UI over HTTP(s)
	HTTPListenPort = 3080

	// When running in "SSH Server" mode behind a proxy, this
	// listening port will be used to connect users to:
	SSHServerListenPort = 3022

	// When running in "SSH Proxy" role this port will be used to
	// accept incoming client connections and proxy them to SSHServerListenPort of
	// one of many SSH nodes
	SSHProxyListenPort = 3023

	// When running in "SSH Proxy" role this port will be used for incoming
	// connections from SSH nodes who wish to use "reverse tunnell" (when they
	// run behind an environment/firewall which only allows outgoing connections)
	SSHProxyTunnelListenPort = 3024

	// When running as a "SSH Proxy" this port will be used to
	// serve auth requests.
	AuthListenPort = 3025

	// Default DB to use for persisting state. Another options is "etcd"
	BackendType = "bolt"

	// Name of events bolt database file stored in DataDir
	EventsBoltFile = "events.db"

	// By default SSH server (and SSH proxy) will bind to this IP
	BindIP = "0.0.0.0"

	// By default all users use /bin/bash
	DefaultShell = "/bin/bash"

	// CacheTTL is a default cache TTL for persistent node cache
	CacheTTL = 20 * time.Hour

	// InviteTokenTTL sets the lifespan of tokens used for adding nodes and users
	// to a cluster
	InviteTokenTTL = 15 * time.Minute

	// DefaultDialTimeout is a default TCP dial timeout we set for our
	// connection attempts
	DefaultDialTimeout = 10 * time.Second

	// HTTPIdleTimeout is a default timeout for idle HTTP connections
	HTTPIdleTimeout = 30 * time.Second

	// DefaultThrottleTimeout is a timemout used to throttle failed auth servers
	DefaultThrottleTimeout = 10 * time.Second

	// DefaultIdleConnectionDuration indicates for how long Teleport will hold
	// the SSH connection open if there are no reads/writes happening over it.
	DefaultIdleConnectionDuration = 20 * time.Minute

	// DefaultReadHeadersTimeout is a default TCP timeout when we wait
	// for the response headers to arrive
	DefaultReadHeadersTimeout = time.Second

	// MaxSignupTokenTTL is a maximum TTL for a web signup one time token
	// clients can reduce this time, not increase it
	MaxSignupTokenTTL = time.Hour

	// ProvisioningTokenTTL is a the default TTL for server provisioning
	// tokens. When a user generates a token without an explicit TTL, this
	// value is used.
	ProvisioningTokenTTL = 30 * time.Minute

	// HOTPFirstTokensRange is amount of lookahead tokens we remember
	// for sync purposes
	HOTPFirstTokensRange = 4

	// HOTPTokenDigits is the number of digits in each token
	HOTPTokenDigits = 6

	// MinPasswordLength is minimum password length
	MinPasswordLength = 6

	// MaxPasswordLength is maximum password length (for sanity)
	MaxPasswordLength = 128

	// IterationLimit is a default limit if it's not set
	IterationLimit = 100

	// MaxIterationLimit is max iteration limit
	MaxIterationLimit = 1000

	// ActiveSessionTTL is a TTL when session is marked as inactive
	ActiveSessionTTL = 30 * time.Second

	// ActivePartyTTL is a TTL when party is marked as inactive
	ActivePartyTTL = 30 * time.Second

	// OIDCAuthRequestTTL is TTL of internally stored auth request created by client
	OIDCAuthRequestTTL = 10 * 60 * time.Second

	// SAMLAuthRequestTTL is TTL of internally stored auth request created by client
	SAMLAuthRequestTTL = 10 * 60 * time.Second

	// LogRotationPeriod defines how frequently to rotate the audit log file
	LogRotationPeriod = (time.Hour * 24)

	// MaxLoginAttempts sets the max. number of allowed failed login attempts
	// before a user account is locked for AccountLockInterval
	MaxLoginAttempts int = 5

	// AccountLockInterval defines a time interval during which a user account
	// is locked after MaxLoginAttempts
	AccountLockInterval = time.Duration(20 * time.Minute)

	// Namespace is default namespace
	Namespace = "default"

	// AttemptTTL is TTL for login attempt
	AttemptTTL = time.Hour * 24 * 7
)

Default port numbers used by all teleport tools

View Source

const (
	// Number of max. simultaneous connections to a service
	LimiterMaxConnections = 1000

	// Number of max. simultaneous connected users/logins
	LimiterMaxConcurrentUsers = 250
)

Default connection limits, they can be applied separately on any of the Teleport services (SSH, auth, proxy)

View Source

const (
	// MinCertDuration specifies minimum duration of validity of issued cert
	MinCertDuration = time.Minute
	// MaxCertDuration limits maximum duration of validity of issued cert
	MaxCertDuration = 30 * time.Hour
	// CertDuration is a default certificate duration
	// 12 is default as it' longer than average working day (I hope so)
	CertDuration = 12 * time.Hour
)

View Source

const (
	// RoleNode is SSH stateless node
	RoleNode = "node"
	// RoleProxy is a stateless SSH access proxy (bastion)
	RoleProxy = "proxy"
	// RoleAuthService is authentication and authorization service,
	// the only stateful role in the system
	RoleAuthService = "auth"
)

list of roles teleport service can run as:

View Source

const (
	// path to a self-signed TLS PRIVATE key file for HTTPS connection for the web proxy
	SelfSignedKeyPath = "webproxy_key.pem"
	// path to a self-signed TLS PUBLIC key file for HTTPS connection for the web proxy
	SelfSignedPubPath = "webproxy_pub.pem"
	// path to a self-signed TLS cert file for HTTPS connection for the web proxy
	SelfSignedCertPath = "webproxy_cert.pem"
)

TLS constants for Web Proxy HTTPS connection

View Source

const (
	// This is hardcoded in the U2F library
	U2FChallengeTimeout = 5 * time.Minute
)

Variables ¶

View Source

var (
	// ReverseTunnelAgentHeartbeatPeriod is the period between agent heartbeat messages
	ReverseTunnelAgentHeartbeatPeriod = 5 * time.Second

	// ServerHeartbeatTTL is a period between heartbeats
	// Median sleep time between node pings is this value / 2 + random
	// deviation added to this time to avoid lots of simultaneous
	// heartbeats coming to auth server
	ServerHeartbeatTTL = 90 * time.Second

	// AuthServersRefreshPeriod is a period for clients to refresh their
	// their stored list of auth servers
	AuthServersRefreshPeriod = 30 * time.Second

	// SessionRefreshPeriod is how often tsh polls information about session
	// TODO(klizhentas) all polling periods should go away once backend
	// releases events
	SessionRefreshPeriod = 2 * time.Second

	// TerminalSizeRefreshPeriod is how frequently clients who share sessions sync up
	// their terminal sizes
	TerminalSizeRefreshPeriod = 2 * time.Second
)

View Source

var (
	// ConfigFilePath is default path to teleport config file
	ConfigFilePath = "/etc/teleport.yaml"

	// DataDir  is where all mutable data is stored (user keys, recorded sessions,
	// registered SSH servers, etc):
	DataDir = "/var/lib/teleport"

	// StartRoles is default roles teleport assumes when started via 'start' command
	StartRoles = []string{RoleProxy, RoleNode, RoleAuthService}

	// ETCDPrefix is default key in ETCD clustered configurations
	ETCDPrefix = "/teleport"

	// ConfigEnvar is a name of teleport's configuration environment variable
	ConfigEnvar = "TELEPORT_CONFIG"
)

Functions ¶

func AuthConnectAddr ¶

func AuthConnectAddr() *utils.NetAddr

AuthConnectAddr returns the default address to search for auth. service on

func AuthListenAddr ¶

func AuthListenAddr() *utils.NetAddr

AuthListenAddr returns the default listening address for the Auth service

func ConfigureLimiter ¶

func ConfigureLimiter(lc *limiter.LimiterConfig)

ConfigureLimiter assigns the default parameters to a connection throttler (AKA limiter)

func ProxyListenAddr ¶

func ProxyListenAddr() *utils.NetAddr

ProxyListenAddr returns the default listening address for the SSH Proxy service

func ProxyWebListenAddr ¶

func ProxyWebListenAddr() *utils.NetAddr

ProxyWebListenAddr returns the default listening address for the Web-based SSH Proxy service

func ReverseTunnellListenAddr ¶

func ReverseTunnellListenAddr() *utils.NetAddr

ReverseTunnellListenAddr returns the default listening address for the SSH Proxy service used by the SSH nodes to establish proxy<->ssh_node connection from behind a firewall which blocks inbound connecions to ssh_nodes

func SSHServerListenAddr ¶

func SSHServerListenAddr() *utils.NetAddr

SSHServerListenAddr returns the default listening address for the Web-based SSH Proxy service

Types ¶

This section is empty.

Source Files ¶

View all Source files

defaults.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL