Documentation ¶
Index ¶
- Constants
- Variables
- func DiscardRequests(ctx Context, in <-chan *ssh.Request)
- func WrapAuthLogCallback(callback AuthLogCallback) func(conn ssh.ConnMetadata, method string, err error)
- func WrapBannerCallback(callback BannerCallback) func(conn ssh.ConnMetadata) string
- func WrapKeyboardInteractiveChallenger(callback KeyboardInteractiveChallengeCallback) ...
- func WrapPasswdCallback(callback PasswdCallback) func(conn ssh.ConnMetadata, password []byte) (*ssh.Permissions, error)
- func WrapPublicKeyCallback(callback PublicKeyCallback) func(conn ssh.ConnMetadata, key ssh.PublicKey) (*ssh.Permissions, error)
- type AuthLogCallback
- type BannerCallback
- type Channel
- type ChannelOpenDirectMsg
- type ConnMetadata
- type Context
- type ContextBuilder
- type ExecMsg
- type GlobalRequestCallback
- type KeyboardInteractiveChallenge
- type KeyboardInteractiveChallengeCallback
- type LookupUserCallback
- type NewChannel
- type NewChannelHandleFunc
- type PasswdCallback
- type Permissions
- type PermitNotAllowedError
- type PlatformNotSupportError
- type PtyRequestMsg
- type PtyWindowChangeMsg
- type PublicKey
- type PublicKeyCallback
- type RejectionReason
- type RemoteForwardCancelRequestMsg
- type RemoteForwardChannelDataMsg
- type RemoteForwardRequestMsg
- type RemoteForwardSuccessMsg
- type Request
- type SSHConn
- type SSHConnFailedLogCallback
- type SSHConnLogCallback
- type SSHContext
- func (ctx *SSHContext) ClientVersion() string
- func (ctx *SSHContext) Conn() ssh.Conn
- func (ctx *SSHContext) LocalAddr() net.Addr
- func (ctx *SSHContext) Permissions() *Permissions
- func (ctx *SSHContext) RemoteAddr() net.Addr
- func (ctx *SSHContext) Server() *SSHServer
- func (ctx *SSHContext) ServerVersion() string
- func (ctx *SSHContext) SessionID() string
- func (ctx *SSHContext) SetClientVersion(version string)
- func (ctx *SSHContext) SetConn(conn ssh.Conn)
- func (ctx *SSHContext) SetLocalAddr(addr net.Addr)
- func (ctx *SSHContext) SetPermissions(permissions *Permissions)
- func (ctx *SSHContext) SetRemoteAddr(addr net.Addr)
- func (ctx *SSHContext) SetServerVersion(version string)
- func (ctx *SSHContext) SetUser(user *User)
- func (ctx *SSHContext) SetValue(key, value interface{})
- func (ctx *SSHContext) UseConnMeta(meta ConnMetadata)
- func (ctx *SSHContext) User() *User
- type SSHServer
- func (sshd *SSHServer) AddHostKey(hostKey []byte) error
- func (sshd *SSHServer) AddHostSigner(signer Signer)
- func (sshd *SSHServer) Close() error
- func (sshd *SSHServer) DelSSHConn(conn SSHConn)
- func (sshd *SSHServer) HandleConn(conn net.Conn)
- func (sshd *SSHServer) ListenAndServe(address string) error
- func (sshd *SSHServer) LoadHostKey(path string) error
- func (sshd *SSHServer) NewChannel(ctype string, handleFunc NewChannelHandleFunc)
- func (sshd *SSHServer) NewGlobalRequest(ctype string, handleFunc GlobalRequestCallback)
- func (sshd *SSHServer) Serve(listener net.Listener) error
- func (sshd *SSHServer) SetAuthLogCallback(cb AuthLogCallback)
- func (sshd *SSHServer) SetBannerCallback(cb BannerCallback)
- func (sshd *SSHServer) SetKeyboardInteractiveChallengeCallback(cb KeyboardInteractiveChallengeCallback)
- func (sshd *SSHServer) SetPasswdCallback(cb PasswdCallback)
- func (sshd *SSHServer) SetPublicKeyCallback(cb PublicKeyCallback)
- func (sshd *SSHServer) SetVersion(version int, suffix string)
- func (sshd *SSHServer) Shutdown() error
- type SetenvRequest
- type Signal
- type SignalMsg
- type Signer
- type SubsystemRequestMsg
- type TransformConnCallback
- type User
- type UserNotExistError
Constants ¶
const ( SessionTypeChannel = "session" // session 类型的 channel open 请求. RFC 4254 6.1. DirectTcpIpChannel = "direct-tcpip" // direct-tcpip 类型的 channel open 请求. RFC 4254 7.2. X11Channel = "x11" // x11 类型的 channel open 请求. RFC 4254 6.3.2 ForwardedTCPIPChannel = "forwarded-tcpip" // forwarded-tcpip 类型的 channel open 请求. RFC 4254 7.2. )
RFC 4254 规定的 4 种 channel 类型
const ( Prohibited RejectionReason = 1 ConnectionFailed = 2 UnknownChannelType = 3 ResourceShortage = 4 )
const ( GlobalReqTcpIpForward = "tcpip-forward" GlobalReqCancelTcpIpForward = "cancel-tcpip-forward" ForwardedTcpIpChannelType = "forwarded-tcpip" )
const ( ReqShell = "shell" ReqPty = "pty-req" ReqExec = "exec" ReqWinCh = "window-change" ReqEnv = "env" ReqSignal = "signal" ReqSubsystem = "subsystem" ReqExit = "exit" ExitStatus = "exit-status" )
const ( Version1 = "SSH-1.0-" Version2 = "SSH-2.0-" )
Variables ¶
var NoContextBuilderErr = errors.New("no context builder")
var PreferredCiphers = []string{
"aes128-gcm@openssh.com",
"chacha20-poly1305@openssh.com",
"aes128-ctr", "aes192-ctr", "aes256-ctr",
}
PreferredCiphers 默认使用的加密算法
var PreferredKexAlgos = []string{
kexAlgoCurve25519SHA256, kexAlgoCurve25519SHA256LibSSH,
kexAlgoECDH256, kexAlgoECDH384, kexAlgoECDH521,
kexAlgoDH14SHA256, kexAlgoDH14SHA1,
}
PreferredKexAlgos 默认的密钥交换算法
var Signals = map[Signal]int{ SIGABRT: 6, SIGALRM: 14, SIGFPE: 8, SIGHUP: 1, SIGILL: 4, SIGINT: 2, SIGKILL: 9, SIGPIPE: 13, SIGQUIT: 3, SIGSEGV: 11, SIGTERM: 15, }
var SupportedCiphers = []string{
"aes128-ctr", "aes192-ctr", "aes256-ctr",
"aes128-gcm@openssh.com",
"chacha20-poly1305@openssh.com",
"arcfour256", "arcfour128", "arcfour",
"aes128-cbc",
"3des-cbc",
}
SupportedCiphers 支持的加密算法
var SupportedMACs = []string{
"hmac-sha2-256-etm@openssh.com", "hmac-sha2-256", "hmac-sha1", "hmac-sha1-96",
}
SupportedMACs 支持的消息摘要算法
Functions ¶
func DiscardRequests ¶
DiscardRequests 拒绝所有的 Request,可由 ctx 取消执行
func WrapAuthLogCallback ¶
func WrapAuthLogCallback(callback AuthLogCallback) func(conn ssh.ConnMetadata, method string, err error)
WrapAuthLogCallback 生成 ssh.ServerConfig 可接受的参数函数:AuthLogCallback
func WrapBannerCallback ¶
func WrapBannerCallback(callback BannerCallback) func(conn ssh.ConnMetadata) string
WrapBannerCallback 生成 ssh.ServerConfig 可接受的参数函数:BannerCallback
func WrapKeyboardInteractiveChallenger ¶
func WrapKeyboardInteractiveChallenger(callback KeyboardInteractiveChallengeCallback) func(conn ssh.ConnMetadata, client ssh.KeyboardInteractiveChallenge) (*ssh.Permissions, error)
WrapKeyboardInteractiveChallenger 生成 ssh.ServerConfig 可接受的参数:KeyboardInteractiveChallengeCallback
func WrapPasswdCallback ¶
func WrapPasswdCallback(callback PasswdCallback) func(conn ssh.ConnMetadata, password []byte) (*ssh.Permissions, error)
WrapPasswdCallback 生成 ssh.ServerConfig 可接受的函数参数:PasswordCallback
func WrapPublicKeyCallback ¶
func WrapPublicKeyCallback(callback PublicKeyCallback) func(conn ssh.ConnMetadata, key ssh.PublicKey) (*ssh.Permissions, error)
WrapPublicKeyCallback 生成 ssh.ServerConfig 可接受的参数:PublicKeyCallback
Types ¶
type AuthLogCallback ¶
type AuthLogCallback func(conn ConnMetadata, method string, err error)
AuthLogCallback ssh 包下定义的身份认证回调函数被调用时的回调函数的包装
type BannerCallback ¶
type BannerCallback func(metadata ConnMetadata) string
BannerCallback 当建立 SSH 连接时,在身份认证之前向客户端发送的字符串信息 注意:并不是所有的客户端都会对该信息进行处理
type ChannelOpenDirectMsg ¶
type ChannelOpenDirectMsg struct { Dest string // host to connect DPort uint32 // port to connect Src string // originator IP address SPort uint32 // originator port }
ChannelOpenDirectMsg 客户端发送的 channel 建立请求中附带的额外数据,用于指明转发地址与端口 RFC 4254 7.2.
type Context ¶
type Context interface { context.Context // 用于存储键值数据,以及获取该 context 实例相关 cancel,使退出 handler 函数的执行 sync.Locker // 不同处理器争夺临界资源时可能会用到 SetValue(name interface{}, data interface{}) SetClientVersion(version string) SetConn(conn ssh.Conn) SetServerVersion(version string) // SetPermissions 应在 ssh 身份验证的回调函数中进行填充 SetPermissions(permissions *Permissions) SetLocalAddr(addr net.Addr) SetRemoteAddr(addr net.Addr) SetUser(user *User) User() *User ClientVersion() string ServerVersion() string RemoteAddr() net.Addr LocalAddr() net.Addr // Permissions 用于身份验证回调函数的返回值,包含用户的权限信息,取决于具体的身份认证 callback 实现 Permissions() *Permissions Conn() ssh.Conn Server() *SSHServer }
Context 包含各类 handler 所需信息以及一个 context.Context ,必要信息应该保证在 handler 调用之前被添加。 Context 的作用域为单个客户端的整个连接过程。
func NewContext ¶
func NewContext(sshd *SSHServer) (Context, context.CancelFunc)
NewContext 创建一个 SSHContext
type ContextBuilder ¶
type ContextBuilder func(sshd *SSHServer) (Context, context.CancelFunc)
type GlobalRequestCallback ¶
GlobalRequestCallback 当成功建立连接后,对于全局请求的处理,例如 “tcpip-forward” 以及 “cancel-tcpip-forward“ 等请求处理, 这类要求通常是为了客户端让服务端向客户端打开一个通道,进行数据转发。
type KeyboardInteractiveChallenge ¶
type KeyboardInteractiveChallenge func(name, instruction string, questions []string, echos []bool) (answers []string, err error)
KeyboardInteractiveChallenge ssh 定义的轮询问答认证回调函数
type KeyboardInteractiveChallengeCallback ¶
type KeyboardInteractiveChallengeCallback func(conn ConnMetadata, client KeyboardInteractiveChallenge) (*Permissions, error)
KeyboardInteractiveChallengeCallback ssh 包下定义的公钥认证回调函数类型的包装
type LookupUserCallback ¶
type LookupUserCallback func(metadata ConnMetadata) (*User, error)
LookupUserCallback 根据用户名,获取用户详细数据实例
type NewChannel ¶
type NewChannel interface { ssh.NewChannel }
type NewChannelHandleFunc ¶
type NewChannelHandleFunc func(ctx Context, channel NewChannel)
type PasswdCallback ¶
type PasswdCallback func(conn ConnMetadata, password []byte) (*Permissions, error)
PasswdCallback ssh 包下定义的密码认证回调函数类型的包装
type Permissions ¶
Permissions 用于保存身份认证信息,最终会被存到 Context 中
type PermitNotAllowedError ¶
type PermitNotAllowedError struct {
Msg string
}
func (PermitNotAllowedError) Error ¶
func (e PermitNotAllowedError) Error() string
type PlatformNotSupportError ¶
type PlatformNotSupportError struct {
Function string
}
func (PlatformNotSupportError) Error ¶
func (e PlatformNotSupportError) Error() string
type PtyRequestMsg ¶
type PtyWindowChangeMsg ¶
type PublicKeyCallback ¶
type PublicKeyCallback func(conn ConnMetadata, key PublicKey) (*Permissions, error)
PublicKeyCallback ssh 包下定义的公钥认证回调函数类型的包装
type RejectionReason ¶
type RejectionReason uint32
RejectionReason 拒绝客户端通道建立请求的原因, 定义于 RFC 4254 5.1.
type RemoteForwardRequestMsg ¶
type RemoteForwardSuccessMsg ¶
type RemoteForwardSuccessMsg struct {
BindPort uint32
}
type SSHConnFailedLogCallback ¶
SSHConnFailedLogCallback 尝试建立 SSH 连接失败之后,要立即执行的回调函数,用于记录失败信息等
type SSHConnLogCallback ¶
SSHConnLogCallback 建立 SSH 连接成功之后,要立即执行的回调函数。 此时的 sshCtx 中已经包含了基本的数据; 当该函数返回的 error 不为 nil 时,将会停止下一步,且 SSH 连接会被关闭。
type SSHContext ¶
type SSHContext struct { context.Context // 应该用于退出该 context 实例相关的 handler 函数的执行 sync.Mutex // contains filtered or unexported fields }
SSHContext 基本的上下文
func (*SSHContext) ClientVersion ¶
func (ctx *SSHContext) ClientVersion() string
func (*SSHContext) Conn ¶
func (ctx *SSHContext) Conn() ssh.Conn
func (*SSHContext) LocalAddr ¶
func (ctx *SSHContext) LocalAddr() net.Addr
func (*SSHContext) Permissions ¶
func (ctx *SSHContext) Permissions() *Permissions
func (*SSHContext) RemoteAddr ¶
func (ctx *SSHContext) RemoteAddr() net.Addr
func (*SSHContext) Server ¶
func (ctx *SSHContext) Server() *SSHServer
func (*SSHContext) ServerVersion ¶
func (ctx *SSHContext) ServerVersion() string
func (*SSHContext) SessionID ¶
func (ctx *SSHContext) SessionID() string
func (*SSHContext) SetClientVersion ¶
func (ctx *SSHContext) SetClientVersion(version string)
func (*SSHContext) SetConn ¶
func (ctx *SSHContext) SetConn(conn ssh.Conn)
func (*SSHContext) SetLocalAddr ¶
func (ctx *SSHContext) SetLocalAddr(addr net.Addr)
func (*SSHContext) SetPermissions ¶
func (ctx *SSHContext) SetPermissions(permissions *Permissions)
func (*SSHContext) SetRemoteAddr ¶
func (ctx *SSHContext) SetRemoteAddr(addr net.Addr)
func (*SSHContext) SetServerVersion ¶
func (ctx *SSHContext) SetServerVersion(version string)
func (*SSHContext) SetUser ¶
func (ctx *SSHContext) SetUser(user *User)
func (*SSHContext) SetValue ¶
func (ctx *SSHContext) SetValue(key, value interface{})
SetValue 设置值,会上锁
func (*SSHContext) UseConnMeta ¶
func (ctx *SSHContext) UseConnMeta(meta ConnMetadata)
func (*SSHContext) User ¶
func (ctx *SSHContext) User() *User
type SSHServer ¶
type SSHServer struct { *sync.Mutex ssh.ServerConfig // ssh 包下的 ServerConfig ContextBuilder // 用于生成自定义的 Context // 用于建立连接后,通过用户名,找到用户信息,如果返回的 err 不为 nil,则将终止连接 LookupUserCallback // 该字段作用于身份认证之前,对服务器接受的网络连接接口实例进行相应操作, // 用于设置超时、原始数据处理等,也可以返回相应的接口升级实例;如果返回 error 不为 nil 则将终止该连接。 TransformConnCallback SSHConnFailedLogCallback // 用于记录 ssh 建立失败原因 SSHConnLogCallback // 建立 ssh 连接后的处理函数,如果返回 error 不为 nil,则终止连接 GlobalRequestHandlers map[string]GlobalRequestCallback // 建立 ssh 连接后的处理全局的 request;如果未设置则拒绝其请求 // 当接收到客户端通道建立请求是,会根据类型由对应的回调函数进行处理。 NewChannelHandlers map[string]NewChannelHandleFunc // 当 ChannelHandlers 中不存在对应类型 channel 的处理器时,由该 handler 进行处理 // contains filtered or unexported fields }
func (*SSHServer) AddHostKey ¶
AddHostKey 加载密钥,hostkey 应该是服务端私钥文件的全部内容 返回的 err 不为 nil 说明密钥内容解析失败。
func (*SSHServer) AddHostSigner ¶
AddHostSigner 加载 Signer 形式的密钥, 返回的 err 不为 nil 说明密钥内容解析失败。
func (*SSHServer) Close ¶
Close 关闭服务器网络监听器,关闭所有的已经建立的 SSH 连接 注意:该方法并不保证 ChannelHandler 与 RequestHandler 运行时开启的协程被取消,这取决于传入的接口的实现方式, 所以需要保证开启的协程可以成功接收到 Context Done() 方法的信号,并退出协程
func (*SSHServer) DelSSHConn ¶
DelSSHConn 执行 conn 对应的cancel 并删除 conn
func (*SSHServer) HandleConn ¶
func (*SSHServer) ListenAndServe ¶
ListenAndServe 监听tcp网络并启动 SSH 服务 network 为 "tcp", "tcp4", "tcp6", "unix" or "unixpacket"
func (*SSHServer) LoadHostKey ¶
LoadHostKey 从指定的文件中加载密钥, 返回的 err 不为 nil 说明密钥内容解析失败。
func (*SSHServer) NewChannel ¶
func (sshd *SSHServer) NewChannel(ctype string, handleFunc NewChannelHandleFunc)
NewChannel 添加对应类型的 channel 请求处理函数
func (*SSHServer) NewGlobalRequest ¶
func (sshd *SSHServer) NewGlobalRequest(ctype string, handleFunc GlobalRequestCallback)
NewGlobalRequest 添加对应类型的 global request 请求处理函数
func (*SSHServer) SetAuthLogCallback ¶
func (sshd *SSHServer) SetAuthLogCallback(cb AuthLogCallback)
SetAuthLogCallback SSH 服务器与客户端进行身份认证时,调用的函数;可以利用该回调函数记录连接信息与验证方式,并做出对应处理
func (*SSHServer) SetBannerCallback ¶
func (sshd *SSHServer) SetBannerCallback(cb BannerCallback)
SetBannerCallback 当服务器成功与客户端建立 SSH 连接时,发送至给客户端的字符串信息。
func (*SSHServer) SetKeyboardInteractiveChallengeCallback ¶
func (sshd *SSHServer) SetKeyboardInteractiveChallengeCallback(cb KeyboardInteractiveChallengeCallback)
SetKeyboardInteractiveChallengeCallback 设置轮询问答认证处理回调函数
func (*SSHServer) SetPasswdCallback ¶
func (sshd *SSHServer) SetPasswdCallback(cb PasswdCallback)
SetPasswdCallback 设置密码认证处理回调函数
func (*SSHServer) SetPublicKeyCallback ¶
func (sshd *SSHServer) SetPublicKeyCallback(cb PublicKeyCallback)
SetPublicKeyCallback 设置主机公钥认证处理回调
func (*SSHServer) SetVersion ¶
SetVersion 设置服务端版本号,1 表示 'SSH-1.0-';其它 表示 'SSH-2.0-'; suffix 为紧跟着版本号的后缀。
type SetenvRequest ¶
type Signal ¶
type Signal string
const ( SIGABRT Signal = "ABRT" SIGALRM Signal = "ALRM" SIGFPE Signal = "FPE" SIGHUP Signal = "HUP" SIGILL Signal = "ILL" SIGINT Signal = "INT" SIGKILL Signal = "KILL" SIGPIPE Signal = "PIPE" SIGQUIT Signal = "QUIT" SIGSEGV Signal = "SEGV" SIGTERM Signal = "TERM" SIGUSR1 Signal = "USR1" SIGUSR2 Signal = "USR2" )
type SubsystemRequestMsg ¶
type SubsystemRequestMsg struct {
Subsystem string
}
type TransformConnCallback ¶
TransformConnCallback listener 监听并接受一个网络连接后,要立即执行的回调函数;返回 当返回的 error 不为 nil 时,将停止继续处理并关闭该网络连接
type User ¶
type User struct { UserName string // 用户名 PasswordFlag string // 密码标志位 Uid string // 用户id Gid string // 用户组id GECOS string // 用户描述 HomeDir string // 用户的主目录 Shell string // 用户的默认shell Extensions map[string]string // 可能会用到的额外信息 }
User 根据 Unix 系统的 passwd 文件设置的用户字段结构体
type UserNotExistError ¶
type UserNotExistError struct {
User string
}
func (UserNotExistError) Error ¶
func (e UserNotExistError) Error() string