sshutils

package
v7.0.0-...-185e5fd Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 29, 2021 License: Apache-2.0 Imports: 16 Imported by: 0

Documentation

Overview

Package sshutils defines several functions and types used across the Teleport API and other Teleport packages when working with SSH.

Index

Constants

View Source 
const (
	// ConnectionTypeRequest is a request sent over a SSH channel that returns a
	// boolean which indicates the connection type (direct or tunnel).
	ConnectionTypeRequest = "x-teleport-connection-type"
)

Variables

This section is empty.

Functions

func AsAgentKeys 

func AsAgentKeys(sshCert *ssh.Certificate, privKey []byte) ([]agent.AddedKey, error)

AsAgentKeys converts Key struct to a []*agent.AddedKey. All elements of the []*agent.AddedKey slice need to be loaded into the agent!

func AsAuthMethod 

func AsAuthMethod(sshCert *ssh.Certificate, privKey []byte) (ssh.AuthMethod, error)

AsAuthMethod returns an "auth method" interface, a common abstraction used by Golang SSH library. This is how you actually use a Key to feed it into the SSH lib.

func AsSigner 

func AsSigner(sshCert *ssh.Certificate, privKey []byte) (ssh.Signer, error)

AsSigner returns an ssh.Signer from raw marshaled key and certificate.

func HostKeyCallback 

func HostKeyCallback(caCerts [][]byte) (ssh.HostKeyCallback, error)

HostKeyCallback returns an ssh.HostKeyCallback that validates host keys/certs against SSH CAs in the Key.

If not CAs are present in the Key, the returned ssh.HostKeyCallback is nil. This causes golang.org/x/crypto/ssh to prompt the user to verify host key fingerprint (same as OpenSSH does for an unknown host).

func KeysEqual 

func KeysEqual(ak, bk ssh.PublicKey) bool

KeysEqual is constant time compare of the keys to avoid timing attacks

func NewClientConnWithDeadline 

func NewClientConnWithDeadline(conn net.Conn, addr string, config *ssh.ClientConfig) (*ssh.Client, error)

NewClientConnWithDeadline establishes new client connection with specified deadline

func ParseCertificate 

func ParseCertificate(buf []byte) (*ssh.Certificate, error)

ParseCertificate parses an SSH certificate from the authorized_keys format.

func ProxyClientSSHConfig 

func ProxyClientSSHConfig(sshCert, privKey []byte, caCerts [][]byte) (*ssh.ClientConfig, error)

ProxyClientSSHConfig returns an ssh.ClientConfig with SSH credentials from this Key and HostKeyCallback matching SSH CAs in the Key.

The config is set up to authenticate to proxy with the first available principal.

Types

type ChConn 

type ChConn struct {
	ssh.Channel
	// contains filtered or unexported fields
}

ChConn is a net.Conn like object that uses SSH channel

func ConnectProxyTransport 

func ConnectProxyTransport(sconn ssh.Conn, req *DialReq, exclusive bool) (*ChConn, bool, error)

ConnectProxyTransport opens a channel over the remote tunnel and connects to the requested host.

func NewChConn 

func NewChConn(conn ssh.Conn, ch ssh.Channel) *ChConn

NewChConn returns a new net.Conn implemented over SSH channel

func NewExclusiveChConn 

func NewExclusiveChConn(conn ssh.Conn, ch ssh.Channel) *ChConn

NewExclusiveChConn returns a new net.Conn implemented over SSH channel, whenever this connection closes

func (*ChConn) Close 

func (c *ChConn) Close() error

Close closes channel and if the ChConn is exclusive, connection as well

func (*ChConn) LocalAddr 

func (c *ChConn) LocalAddr() net.Addr

LocalAddr returns a local address of a connection Uses underlying net.Conn implementation

func (*ChConn) Read 

func (c *ChConn) Read(data []byte) (int, error)

Read reads from the channel.

func (*ChConn) RemoteAddr 

func (c *ChConn) RemoteAddr() net.Addr

RemoteAddr returns a remote address of a connection Uses underlying net.Conn implementation

func (*ChConn) SetDeadline 

func (c *ChConn) SetDeadline(t time.Time) error

SetDeadline sets a connection deadline.

func (*ChConn) SetReadDeadline 

func (c *ChConn) SetReadDeadline(t time.Time) error

SetReadDeadline sets a connection read deadline.

func (*ChConn) SetWriteDeadline 

func (c *ChConn) SetWriteDeadline(t time.Time) error

SetWriteDeadline sets write deadline on a connection ignored for the channel connection

type DialReq 

type DialReq struct {
	// Address is the target host to make a connection to.
	Address string `json:"address,omitempty"`

	// ServerID is the hostUUID.clusterName of the node. ServerID is used when
	// dialing through a tunnel to SSH and application nodes.
	ServerID string `json:"server_id,omitempty"`

	// ConnType is the type of connection requested, either node or application.
	ConnType types.TunnelType `json:"conn_type"`
}

DialReq is a request for the address to connect to. Supports special non-resolvable addresses and search names if connection over a tunnel.

func (*DialReq) CheckAndSetDefaults 

func (d *DialReq) CheckAndSetDefaults() error

CheckAndSetDefaults verifies all the values are valid.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.