teleport

package
v0.0.0-...-3ac0d25 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 8, 2022 License: Apache-2.0 Imports: 19 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var AllOptions = map[string]map[string]bool{
	"AddKeysToAgent":                   {"yes": true},
	"AddressFamily":                    {},
	"BatchMode":                        {},
	"BindAddress":                      {},
	"CanonicalDomains":                 {},
	"CanonicalizeFallbackLocal":        {},
	"CanonicalizeHostname":             {},
	"CanonicalizeMaxDots":              {},
	"CanonicalizePermittedCNAMEs":      {},
	"CertificateFile":                  {},
	"ChallengeResponseAuthentication":  {},
	"CheckHostIP":                      {},
	"Cipher":                           {},
	"Ciphers":                          {},
	"ClearAllForwardings":              {},
	"Compression":                      {},
	"CompressionLevel":                 {},
	"ConnectionAttempts":               {},
	"ConnectTimeout":                   {},
	"ControlMaster":                    {},
	"ControlPath":                      {},
	"ControlPersist":                   {},
	"DynamicForward":                   {},
	"EscapeChar":                       {},
	"ExitOnForwardFailure":             {},
	"FingerprintHash":                  {},
	"ForwardAgent":                     {"yes": true, "no": true},
	"ForwardX11":                       {},
	"ForwardX11Timeout":                {},
	"ForwardX11Trusted":                {},
	"GatewayPorts":                     {},
	"GlobalKnownHostsFile":             {},
	"GSSAPIAuthentication":             {},
	"GSSAPIDelegateCredentials":        {},
	"HashKnownHosts":                   {},
	"Host":                             {},
	"HostbasedAuthentication":          {},
	"HostbasedKeyTypes":                {},
	"HostKeyAlgorithms":                {},
	"HostKeyAlias":                     {},
	"HostName":                         {},
	"IdentityFile":                     {},
	"IdentitiesOnly":                   {},
	"IPQoS":                            {},
	"KbdInteractiveAuthentication":     {},
	"KbdInteractiveDevices":            {},
	"KexAlgorithms":                    {},
	"LocalCommand":                     {},
	"LocalForward":                     {},
	"LogLevel":                         {},
	"MACs":                             {},
	"Match":                            {},
	"NoHostAuthenticationForLocalhost": {},
	"NumberOfPasswordPrompts":          {},
	"PasswordAuthentication":           {},
	"PermitLocalCommand":               {},
	"PKCS11Provider":                   {},
	"Port":                             {},
	"PreferredAuthentications":         {},
	"Protocol":                         {},
	"ProxyCommand":                     {},
	"ProxyUseFdpass":                   {},
	"PubkeyAcceptedKeyTypes":           {},
	"PubkeyAuthentication":             {},
	"RekeyLimit":                       {},
	"RemoteForward":                    {},
	"RequestTTY":                       {"yes": true, "no": true},
	"RhostsRSAAuthentication":          {},
	"RSAAuthentication":                {},
	"SendEnv":                          {},
	"ServerAliveInterval":              {},
	"ServerAliveCountMax":              {},
	"StreamLocalBindMask":              {},
	"StreamLocalBindUnlink":            {},
	"StrictHostKeyChecking":            {"yes": true, "no": true},
	"TCPKeepAlive":                     {},
	"Tunnel":                           {},
	"TunnelDevice":                     {},
	"UpdateHostKeys":                   {},
	"UsePrivilegedPort":                {},
	"User":                             {},
	"UserKnownHostsFile":               {},
	"VerifyHostKeyDNS":                 {},
	"VisualHostKey":                    {},
	"XAuthLocation":                    {},
}

AllOptions is a listing of all known OpenSSH options.

Functions

This section is empty.

Types

type CLIConf

type CLIConf struct {
	// UserHost contains "[login]@hostname" argument to SSH command
	UserHost string
	// Commands to execute on a remote host
	RemoteCommand []string
	// DesiredRoles indicates one or more roles which should be requested.
	DesiredRoles string
	// RequestReason indicates the reason for an access request.
	RequestReason string
	// SuggestedReviewers is a list of suggested request reviewers.
	SuggestedReviewers string
	// NoWait can be used with an access request to exit without waiting for a request resolution.
	NoWait bool
	// RequestedResourceIDs is a list of resources to request access to.
	RequestedResourceIDs []string
	// RequestID is an access request ID
	RequestID string
	// RequestIDs is a list of access request IDs
	RequestIDs []string
	// ReviewReason indicates the reason for an access review.
	ReviewReason string
	// ReviewableRequests indicates that only requests which can be reviewed should
	// be listed.
	ReviewableRequests bool
	// SuggestedRequests indicates that only requests which suggest the current user
	// as a reviewer should be listed.
	SuggestedRequests bool
	// MyRequests indicates that only requests created by the current user
	// should be listed.
	MyRequests bool
	// Approve/Deny indicates the desired review kind.
	Approve, Deny bool
	// ResourceKind is the resource kind to search for
	ResourceKind string
	// Username is the Teleport user's username (to login into proxies)
	Username string
	// ExplicitUsername is true if Username was initially set by the end-user
	// (for example, using command-line flags).
	ExplicitUsername bool
	// Proxy keeps the hostname:port of the SSH proxy to use
	Proxy string
	// TTL defines how long a session must be active (in minutes)
	MinsToLive int32
	// SSH Port on a remote SSH host
	NodePort int32
	// Login on a remote SSH host
	NodeLogin string
	// InsecureSkipVerify bypasses verification of HTTPS certificate when talking to web proxy
	InsecureSkipVerify bool
	// SessionID identifies the session tsh is operating on.
	// For `tsh join`, it is the ID of the session to join.
	// For `tsh play`, it is either the ID of the session to play,
	// or the path to a local session file which has already been
	// downloaded.
	SessionID string
	// Src:dest parameter for SCP
	CopySpec []string
	// -r flag for scp
	RecursiveCopy bool
	// -L flag for ssh. Local port forwarding like 'ssh -L 80:remote.host:80 -L 443:remote.host:443'
	LocalForwardPorts []string
	// DynamicForwardedPorts is port forwarding using SOCKS5. It is similar to
	// "ssh -D 8080 example.com".
	DynamicForwardedPorts []string
	// ForwardAgent agent to target node. Equivalent of -A for OpenSSH.
	ForwardAgent bool
	// ProxyJump is an optional -J flag pointing to the list of jumphosts,
	// it is an equivalent of --proxy flag in tsh interpretation
	ProxyJump string
	// --local flag for ssh
	LocalExec bool
	// SiteName specifies remote site go login to
	SiteName string
	// KubernetesCluster specifies the kubernetes cluster to login to.
	KubernetesCluster string
	// DaemonAddr is the daemon listening address.
	DaemonAddr string
	// DaemonCertsDir is the directory containing certs used to create secure gRPC connection with daemon service
	DaemonCertsDir string
	// DatabaseService specifies the database proxy server to log into.
	DatabaseService string
	// DatabaseUser specifies database user to embed in the certificate.
	DatabaseUser string
	// DatabaseName specifies database name to embed in the certificate.
	DatabaseName string
	// AppName specifies proxied application name.
	AppName string
	// Interactive, when set to true, launches remote command with the terminal attached
	Interactive bool
	// Quiet mode, -q command (disables progress printing)
	Quiet bool
	// Namespace is used to select cluster namespace
	Namespace string
	// NoCache is used to turn off client cache for nodes discovery
	NoCache bool
	// BenchDuration is a duration for the benchmark
	BenchDuration time.Duration
	// BenchRate is a requests per second rate to maintain
	BenchRate int
	// BenchInteractive indicates that we should create interactive session
	BenchInteractive bool
	// BenchExport exports the latency profile
	BenchExport bool
	// BenchExportPath saves the latency profile in provided path
	BenchExportPath string
	// BenchTicks ticks per half distance
	BenchTicks int32
	// BenchValueScale value at which to scale the values recorded
	BenchValueScale float64
	// Context is a context to control execution
	Context context.Context
	// IdentityFileIn is an argument to -i flag (path to the private key+cert file)
	IdentityFileIn string
	// Compatibility flags, --compat, specifies OpenSSH compatibility flags.
	Compatibility string
	// CertificateFormat defines the format of the user SSH certificate.
	CertificateFormat string
	// IdentityFileOut is an argument to -out flag
	IdentityFileOut string
	// IdentityFormat (used for --format flag for 'tsh login') defines which
	// format to use with --out to store a freshly retrieved certificate
	IdentityFormat identityfile.Format
	// IdentityOverwrite when true will overwrite any existing identity file at
	// IdentityFileOut. When false, user will be prompted before overwriting
	// any files.
	IdentityOverwrite bool

	// BindAddr is an address in the form of host:port to bind to
	// during `tsh login` command
	BindAddr string

	// AuthConnector is the name of the connector to use.
	AuthConnector string

	// MFAMode is the preferred mode for MFA/Passwordless assertions.
	MFAMode string

	// SkipVersionCheck skips version checking for client and server
	SkipVersionCheck bool

	// Options is a list of OpenSSH options in the format used in the
	// configuration file.
	Options []string

	// Verbose is used to print extra output.
	Verbose bool

	// Format is used to change the format of output
	Format string

	// SearchKeywords is a list of search keywords to match against resource field values.
	SearchKeywords string

	// PredicateExpression defines boolean conditions that will be matched against the resource.
	PredicateExpression string

	// NoRemoteExec will not execute a remote command after connecting to a host,
	// will block instead. Useful when port forwarding. Equivalent of -N for OpenSSH.
	NoRemoteExec bool

	// X11ForwardingUntrusted will set up untrusted X11 forwarding for the session ('ssh -X')
	X11ForwardingUntrusted bool

	// X11Forwarding will set up trusted X11 forwarding for the session ('ssh -Y')
	X11ForwardingTrusted bool

	// X11ForwardingTimeout can optionally set to set a timeout for untrusted X11 forwarding.
	X11ForwardingTimeout time.Duration

	// Debug sends debug logs to stdout.
	Debug bool

	// Browser can be used to pass the name of a browser to override the system default
	// (not currently implemented), or set to 'none' to suppress browser opening entirely.
	Browser string

	// UseLocalSSHAgent set to false will prevent this client from attempting to
	// connect to the local ssh-agent (or similar) socket at $SSH_AUTH_SOCK.
	//
	// Deprecated in favor of `AddKeysToAgent`.
	UseLocalSSHAgent bool

	// AddKeysToAgent specifies the behavior of how certs are handled.
	AddKeysToAgent string

	// EnableEscapeSequences will scan stdin for SSH escape sequences during
	// command/shell execution. This also requires stdin to be an interactive
	// terminal.
	EnableEscapeSequences bool

	// PreserveAttrs preserves access/modification times from the original file.
	PreserveAttrs bool

	// HomePath is where tsh stores profiles
	HomePath string

	// GlobalTshConfigPath is a path to global TSH config. Can be overridden with TELEPORT_GLOBAL_TSH_CONFIG.
	GlobalTshConfigPath string

	// LocalProxyPort is a port used by local proxy listener.
	LocalProxyPort string
	// LocalProxyCertFile is the client certificate used by local proxy.
	LocalProxyCertFile string
	// LocalProxyKeyFile is the client key used by local proxy.
	LocalProxyKeyFile string
	// LocalProxyTunnel specifies whether local proxy will open auth'd tunnel.
	LocalProxyTunnel bool

	// AWSRole is Amazon Role ARN or role name that will be used for AWS CLI access.
	AWSRole string
	// AWSCommandArgs contains arguments that will be forwarded to AWS CLI binary.
	AWSCommandArgs []string
	// AWSEndpointURLMode is an AWS proxy mode that serves an AWS endpoint URL
	// proxy instead of an HTTPS proxy.
	AWSEndpointURLMode bool

	// Reason is the reason for starting an ssh or kube session.
	Reason string

	// Invited is a list of invited users to an ssh or kube session.
	Invited []string

	// JoinMode is the participant mode someone is joining a session as.
	JoinMode string

	// ListAll specifies if an ls command should return results from all clusters and proxies.
	ListAll bool
	// SampleTraces indicates whether traces should be sampled.
	SampleTraces bool

	// TracingProvider is the provider to use to create tracers, from which spans can be created.
	TracingProvider oteltrace.TracerProvider

	// FromUTC is the start time to use for the range of sessions listed by the session recordings listing command
	FromUTC string

	// ToUTC is the start time to use for the range of sessions listed by the session recordings listing command
	ToUTC string
	// contains filtered or unexported fields
}

CLIConf stores command line arguments and flags:

func CreateConfig

func CreateConfig() CLIConf

CreateConfig creates a configuration

type Options

type Options struct {
	// AddKeysToAgent specifies whether keys should be automatically added to a
	// running SSH agent. Supported options values are "yes".
	AddKeysToAgent bool

	// ForwardAgent specifies whether the connection to the authentication
	// agent will be forwarded to the remote machine. Supported option values
	// are "yes" and "no".
	ForwardAgent bool

	// RequestTTY specifies whether to request a pseudo-tty for the session.
	// Supported option values are "yes" and "no".
	RequestTTY bool

	// StrictHostKeyChecking is used control if tsh will automatically add host
	// keys to the ~/.tsh/known_hosts file. Supported option values are "yes"
	// and "no".
	StrictHostKeyChecking bool
}

Options holds parsed values of OpenSSH options.

type Teleport

type Teleport struct {
	Config CLIConf
}

func NewTeleport

func NewTeleport() *Teleport

func (*Teleport) ConnectToNode

func (t *Teleport) ConnectToNode() error

func (*Teleport) DescribeStatus

func (t *Teleport) DescribeStatus() error

func (*Teleport) ListNode

func (t *Teleport) ListNode() error

func (*Teleport) Login

func (t *Teleport) Login() error

func (*Teleport) SelectNode

func (t *Teleport) SelectNode() (string, error)

SelectNode select node

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL