README
¶
tskagent
(T)ailscale (S)SH (K)ey Agent, a Go implementation of an SSH agent that stores keys in setec.
Documentation
¶
Overview ¶
Package tskagent implements an SSH key agent backed by the setec service.
A Server implements an agent.Agent that serves SSH keys stored in the specified setec server. Each secret whose name matches a designated prefix and contains an SSH private key in OpenSSH PEM format is offered by the agent to callers on the local system.
Index ¶
- type Config
- type Server
- func (s *Server) Add(key agent.AddedKey) error
- func (s *Server) List() ([]*agent.Key, error)
- func (s *Server) Lock(passphrase []byte) error
- func (s *Server) Remove(key ssh.PublicKey) error
- func (s *Server) RemoveAll() error
- func (s *Server) Serve(ctx context.Context, lst net.Listener)
- func (s *Server) ServeOne(conn io.ReadWriter) error
- func (s *Server) Sign(key ssh.PublicKey, data []byte) (*ssh.Signature, error)
- func (s *Server) Signers() ([]ssh.Signer, error)
- func (s *Server) Unlock(passphrase []byte) error
- func (s *Server) Update(ctx context.Context) error
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Config ¶
type Config struct {
// Client is the client for the secrets service. It must be set.
Client setec.Client
// Prefix is the secret name prefix to be served. It must be non-empty.
Prefix string
// Logf, if set, is used to write logs. If nil, logs are discarded.
Logf func(string, ...any)
}
Config carries the settings for a Server.
type Server ¶
type Server struct {
// contains filtered or unexported fields
}
Server implements the SSH key agent server protocol. The caller must call agent.ServeAgent to expose the server to clients.
func NewServer ¶
NewServer constructs a new Server that fetches SSH keys matching the specified configuration in setec.
The caller must call Server.Update at least once to initialize the list of keys available to the agent. Thereafter, the caller may call Update again as often as desired to update the list. The server does not automatically perform updates.
func (*Server) Add ¶
Add implements part of the agent.Agent interface. This implementation does not support adding keys.
func (*Server) List ¶
List implements part of the agent.Agent interface.
func (*Server) Lock ¶
Lock implements part of the agent.Agent interface.
func (*Server) Remove ¶
Remove implements part of the agent.Agent interface.
This implementation only removes the key from the local list, it does not affect what is stored on the secrets server.
func (*Server) RemoveAll ¶
RemoveAll implements part of the agent.Agent interface.
This implementation only removes keys from the local list, it does not affect what is stored on the secrets server.
func (*Server) Serve ¶
Serve accepts connections from lst and serve the agent to each in its own goroutine. It runs until lst closes or ctx ends.
func (*Server) ServeOne ¶
func (s *Server) ServeOne(conn io.ReadWriter) error
ServeOne serves the agent to the specified connection. It is safe to call ServeOne concurrently from multiple goroutines with separate connections, including while Serve is running.
func (*Server) Sign ¶
Sign implements part of the agent.Agent interface.
func (*Server) Signers ¶
Signers implements part of the agent.Agent interface.
func (*Server) Unlock ¶
Unlock implements part of the agent.Agent interface.
Source Files
Directories