sshutils

package
v2.3.2+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 2, 2017 License: Apache-2.0 Imports: 14 Imported by: 14

Documentation

Overview

Copyright 2015 Gravitational, Inc.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Copyright 2015 Gravitational, Inc.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Index

Constants

View Source
const (
	// SessionEnvVar is environment variable for SSH session
	SessionEnvVar = "TELEPORT_SESSION"
	// SetEnvReq sets environment requests
	SetEnvReq = "env"
	// WindowChangeReq is a request to change window
	WindowChangeReq = "window-change"
	// PTYReq is a request for PTY
	PTYReq = "pty-req"
	// AgentReq is ssh agent requesst
	AgentReq = "auth-agent-req@openssh.com"
)
View Source
const (
	// SSHVersionPrefix is the prefix of "server version" string which begins
	// every SSH handshake. It MUST start with "SSH-2.0" according to
	// https://tools.ietf.org/html/rfc4253#page-4
	SSHVersionPrefix = "SSH-2.0-Teleport"

	// ProxyHelloSignature is a string which Teleport proxy will send
	// right after the initial SSH "handshake/version" message if it detects
	// talking to a Teleport server.
	ProxyHelloSignature = "Teleport-Proxy"

	// MaxVersionStringBytes is the maximum number of bytes allowed for a
	// SSH version string
	// https://tools.ietf.org/html/rfc4253
	MaxVersionStringBytes = 255

	// TrueClientAddrVar environment variable is used by the web UI to pass
	// the remote IP (user's IP) from the browser/HTTP session into an SSH session
	TrueClientAddrVar = "TELEPORT_CLIENT_ADDR"
)

Variables

This section is empty.

Functions

func AuthorizedKeyFingerprint added in v1.0.0

func AuthorizedKeyFingerprint(publicKey []byte) (string, error)

AuthorizedKeyFingerprint returns fingerprint from public key in authorized key format

func CloseAll

func CloseAll(closers ...io.Closer) error

func Fingerprint added in v1.0.0

func Fingerprint(key ssh.PublicKey) string

Fingerprint returns SSH RFC4716 fingerprint of the key

func KeysEqual

func KeysEqual(ak, bk ssh.PublicKey) bool

KeysEqual is constant time compare of the keys to avoid timing attacks

func NewSigner

func NewSigner(keyBytes, certBytes []byte) (ssh.Signer, error)

NewSigner returns new ssh Signer from private key + certificate pair. The signer can be used to create "auth methods" i.e. login into Teleport SSH servers.

func PrivateKeyFingerprint added in v1.0.0

func PrivateKeyFingerprint(keyBytes []byte) (string, error)

PrivateKeyFingerprint returns fingerprint of the public key extracted from the PEM encoded private key

Types

type AuthMethods

type AuthMethods struct {
	PublicKey PublicKeyFunc
	Password  PasswordFunc
	NoClient  bool
}

type DirectTCPIPReq

type DirectTCPIPReq struct {
	Host string
	Port uint32

	Orig     string
	OrigPort uint32
}

func ParseDirectTCPIPReq

func ParseDirectTCPIPReq(data []byte) (*DirectTCPIPReq, error)

type EnvReqParams

type EnvReqParams struct {
	Name  string
	Value string
}

EnvReqParams are parameters for env request

type HandshakePayload

type HandshakePayload struct {
	// ClientAddr is the IP address of the remote client
	ClientAddr string `json:"clientAddr,omitempty"`
}

HandshakePayload structure is sent as a JSON blob by the teleport proxy to every SSH server who identifies itself as Teleport server

It allows teleport proxies to communicate additional data to server

type NewChanHandler

type NewChanHandler interface {
	HandleNewChan(net.Conn, *ssh.ServerConn, ssh.NewChannel)
}

type NewChanHandlerFunc

type NewChanHandlerFunc func(net.Conn, *ssh.ServerConn, ssh.NewChannel)

func (NewChanHandlerFunc) HandleNewChan

func (f NewChanHandlerFunc) HandleNewChan(conn net.Conn, sshConn *ssh.ServerConn, ch ssh.NewChannel)

type PTYReqParams

type PTYReqParams struct {
	Env   string
	W     uint32
	H     uint32
	Wpx   uint32
	Hpx   uint32
	Modes string
}

PTYReqParams specifies parameters for pty change window

func (*PTYReqParams) Check

func (p *PTYReqParams) Check() error

Check validates PTY parameters.

func (*PTYReqParams) CheckAndSetDefaults

func (p *PTYReqParams) CheckAndSetDefaults() error

CheckAndSetDefaults validates PTY parameters and ensures parameters are within default values.

type PasswordFunc

type PasswordFunc func(conn ssh.ConnMetadata, password []byte) (*ssh.Permissions, error)

type PublicKeyFunc

type PublicKeyFunc func(conn ssh.ConnMetadata, key ssh.PublicKey) (*ssh.Permissions, error)

type RequestHandler

type RequestHandler interface {
	HandleRequest(r *ssh.Request)
}

type RequestHandlerFunc

type RequestHandlerFunc func(*ssh.Request)

func (RequestHandlerFunc) HandleRequest

func (f RequestHandlerFunc) HandleRequest(r *ssh.Request)

type Server

type Server struct {
	// contains filtered or unexported fields
}

Server is a generic implementation of an SSH server. All Teleport services (auth, proxy, ssh) use this as a base to accept SSH connections.

func NewServer

func NewServer(
	component string,
	a utils.NetAddr,
	h NewChanHandler,
	hostSigners []ssh.Signer,
	ah AuthMethods,
	opts ...ServerOption) (*Server, error)

func (*Server) Addr

func (s *Server) Addr() string

func (*Server) Close

func (s *Server) Close() error

Close closes listening socket and stops accepting connections

func (*Server) Start

func (s *Server) Start() error

func (*Server) Wait

func (s *Server) Wait()

type ServerOption

type ServerOption func(cfg *Server) error

ServerOption is a functional argument for server

func SetCiphers

func SetCiphers(ciphers []string) ServerOption

func SetKEXAlgorithms

func SetKEXAlgorithms(kexAlgorithms []string) ServerOption

func SetLimiter added in v1.0.0

func SetLimiter(limiter *limiter.Limiter) ServerOption

func SetMACAlgorithms

func SetMACAlgorithms(macAlgorithms []string) ServerOption

func SetRequestHandler

func SetRequestHandler(req RequestHandler) ServerOption

func SetSSHConfig

func SetSSHConfig(cfg ssh.ServerConfig) ServerOption

type WinChangeReqParams

type WinChangeReqParams struct {
	W   uint32
	H   uint32
	Wpx uint32
	Hpx uint32
}

WinChangeReqParams specifies parameters for window changes

Directories

Path Synopsis
Package scp handles file uploads and downloads via scp command
Package scp handles file uploads and downloads via scp command

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL