Documentation
¶
Overview ¶
Package shimagent implements a protocol to communicate with user via a forwarded ssh-agent.
Index ¶
- type Option
- type Server
- func (s *Server) Add(key agent.AddedKey) (err error)
- func (s *Server) AddHardCert(key ssh.PublicKey, suffix string) error
- func (s *Server) Broadcast(msg byte) error
- func (s *Server) Close() error
- func (s *Server) Extension(extensionType string, contents []byte) ([]byte, error)
- func (s *Server) Forward(req []byte) (resp []byte, err error)
- func (s *Server) List() ([]*agent.Key, error)
- func (s *Server) Lock(passphrase []byte) error
- func (s *Server) Remove(key ssh.PublicKey) error
- func (s *Server) RemoveAll() error
- func (s *Server) Sign(key ssh.PublicKey, data []byte) (*ssh.Signature, error)
- func (s *Server) SignWithFlags(key ssh.PublicKey, data []byte, flags agent.SignatureFlags) (*ssh.Signature, error)
- func (s *Server) Signers() ([]ssh.Signer, error)
- func (s *Server) Unlock(passphrase []byte) error
- func (s *Server) Wait(msg byte) error
- type ShimAgent
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Option ¶
type Option struct {
// Address is used to connect to a YubiAgent Server.
// The definition of address depends on OS.
// For Darwin and Linux, address is a unix socket.
// For Windows, address is a named pipe.
Address string
// NoUpstream indicates whether the server can access to the underlying agent through conn. If it
// is set to true, an in-memory agent is created to handle the request.
// The default value is false.
NoUpstream bool
// PubKeyComp is the compare function to compare ssh public keys.
// The function is useful to list credentials in a specific order.
// The default behavior is to compare the keys by their marshaled key value.
PubKeyComp func(ssh.PublicKey, ssh.PublicKey) bool
}
Option encapsulates the parameters of New function that create new ShimAgent objects.
type Server ¶
type Server struct {
// contains filtered or unexported fields
}
Server is the shim agent service. It aims to "shim" the underlying ssh auth-agent with additional in-memory certificates. It provides some extra functionalities.
- Automatically remove orphan certificates in memory.
- Automatically remove expired certificates in memory and in the underlying agent.
- Provide an option to not list upstream YSSHCA certificates. Note that it is still capable of removing the certificates.
func (*Server) AddHardCert ¶
AddHardCert adds a certificate with private key in the underlying agent. If key is not a certificate, it will be ignored.
func (*Server) Broadcast ¶
Broadcast wakes all goroutines waiting on a specific operation. The value of msg is defined in message.go.
func (*Server) Close ¶
Close closes the underlying `conn`. The underlying `agent` will be unreachable if it is created by the `conn`.
func (*Server) Lock ¶
Lock locks the shim agent. List, Sign, SignWithFlags, Add, Remove and operations of the agent will raise an errAgentLocked error.
func (*Server) SignWithFlags ¶ added in v0.0.13
func (*Server) Signers ¶
Signers returns the available singers from the in-memory certs and underlying agent.
type ShimAgent ¶
type ShimAgent interface {
agent.ExtendedAgent
// Forward is prepared for unknown OpenSSH request,
// it will simply forward the request to the ssh-agent.
Forward(req []byte) (resp []byte, err error)
// AddHardCert adds a certificate with private key in hardware.
// If key is not a certificate, it will be ignored.
AddHardCert(key ssh.PublicKey, comment string) error
// Wait gets blocked until a specific operation is done.
// The value of agentMsg is defined in message.go.
Wait(agentMsg byte) error
// Close closes all the created connections.
// Any blocked Read or Write operations will be unblocked and return errors.
Close() error
}
ShimAgent is an interface that extends the functionality of the Agent interface in golang.org/x/crypto/ssh/agent.
Source Files