Documentation ¶
Index ¶
- Constants
- Variables
- func GenerateConnectionID() string
- func RunConformanceTests(t *testing.T, backendFactories map[string]ConformanceTestBackendFactory)
- type AbstractHandler
- type AbstractNetworkConnectionHandler
- func (a *AbstractNetworkConnectionHandler) OnAuthGSSAPI(_ metadata.ConnectionMetadata) auth.GSSAPIServer
- func (a *AbstractNetworkConnectionHandler) OnAuthKeyboardInteractive(pendingMeta metadata.ConnectionAuthPendingMetadata, ...) (response AuthResponse, meta metadata.ConnectionAuthenticatedMetadata, ...)
- func (a *AbstractNetworkConnectionHandler) OnAuthPassword(pendingMeta metadata.ConnectionAuthPendingMetadata, _ []byte) (response AuthResponse, meta metadata.ConnectionAuthenticatedMetadata, ...)
- func (a *AbstractNetworkConnectionHandler) OnAuthPubKey(pendingMeta metadata.ConnectionAuthPendingMetadata, _ publicAuth.PublicKey) (response AuthResponse, meta metadata.ConnectionAuthenticatedMetadata, ...)
- func (a *AbstractNetworkConnectionHandler) OnDisconnect()
- func (a *AbstractNetworkConnectionHandler) OnHandshakeFailed(_ metadata.ConnectionMetadata, _ error)
- func (a *AbstractNetworkConnectionHandler) OnHandshakeSuccess(meta metadata.ConnectionAuthenticatedMetadata) (SSHConnectionHandler, metadata.ConnectionAuthenticatedMetadata, error)
- func (a *AbstractNetworkConnectionHandler) OnShutdown(_ context.Context)
- type AbstractSSHConnectionHandler
- func (s *AbstractSSHConnectionHandler) OnFailedDecodeGlobalRequest(_ uint64, _ string, _ []byte, _ error)
- func (a *AbstractSSHConnectionHandler) OnSessionChannel(_ metadata.ChannelMetadata, _ []byte, _ SessionChannel) (channel SessionChannelHandler, failureReason ChannelRejection)
- func (a *AbstractSSHConnectionHandler) OnShutdown(_ context.Context)
- func (a *AbstractSSHConnectionHandler) OnUnsupportedChannel(_ uint64, _ string, _ []byte)
- func (a *AbstractSSHConnectionHandler) OnUnsupportedGlobalRequest(_ uint64, _ string, _ []byte)
- type AbstractSessionChannelHandler
- func (a *AbstractSessionChannelHandler) OnClose()
- func (a *AbstractSessionChannelHandler) OnEnvRequest(_ uint64, _ string, _ string) error
- func (a *AbstractSessionChannelHandler) OnExecRequest(_ uint64, _ string) error
- func (a *AbstractSessionChannelHandler) OnFailedDecodeChannelRequest(_ uint64, _ string, _ []byte, _ error)
- func (a *AbstractSessionChannelHandler) OnPtyRequest(_ uint64, _ string, _ uint32, _ uint32, _ uint32, _ uint32, _ []byte) error
- func (a *AbstractSessionChannelHandler) OnShell(_ uint64) error
- func (a *AbstractSessionChannelHandler) OnShutdown(_ context.Context)
- func (a *AbstractSessionChannelHandler) OnSignal(_ uint64, _ string) error
- func (a *AbstractSessionChannelHandler) OnSubsystem(_ uint64, _ string) error
- func (a *AbstractSessionChannelHandler) OnUnsupportedChannelRequest(_ uint64, _ string, _ []byte)
- func (a *AbstractSessionChannelHandler) OnWindow(_ uint64, _ uint32, _ uint32, _ uint32, _ uint32) error
- func (s *AbstractSessionChannelHandler) OnX11Request(requestID uint64, singleConnection bool, protocol string, cookie string, ...) error
- type AuthResponse
- type ChannelRejection
- type ConformanceTestBackendFactory
- type ExitStatus
- type ForwardChannel
- type Handler
- type KeyboardInteractiveAnswers
- type KeyboardInteractiveQuestion
- type KeyboardInteractiveQuestions
- type NetworkConnectionHandler
- type ReverseForward
- type ReverseForwardHandler
- func (r *ReverseForwardHandler) NewChannelTCP(connectedAddress string, connectedPort uint32, originatorAddress string, ...) (ForwardChannel, uint64, error)
- func (r *ReverseForwardHandler) NewChannelUnix(path string) (ForwardChannel, uint64, error)
- func (r *ReverseForwardHandler) NewChannelX11(originatorAddress string, originatorPort uint32) (ForwardChannel, uint64, error)
- type SSHConnectionHandler
- type Server
- type SessionChannel
- type SessionChannelHandler
- type TestClient
- type TestClientConnection
- type TestClientSession
- type TestServer
- type TestUser
- func (u *TestUser) AddKeyboardInteractiveChallengeResponse(challenge string, expectedResponse string)
- func (u *TestUser) GenerateKey() (privateKeyPEM string, publicKeyAuthorizedKeys string)
- func (u *TestUser) GetAuthMethods() []ssh.AuthMethod
- func (u *TestUser) GetAuthorizedKeys() []string
- func (u *TestUser) KeyboardInteractiveChallengeResponse() (questions KeyboardInteractiveQuestions)
- func (u *TestUser) Password() string
- func (u *TestUser) RandomPassword()
- func (u *TestUser) SetPassword(password string)
- func (u *TestUser) Username() string
Constants ¶
const ( ChannelTypeSession string = "session" ChannelTypeDirectTCPIP string = "direct-tcpip" ChannelTypeReverseForward string = "forwarded-tcpip" ChannelTypeX11 string = "x11" ChannelTypeDirectStreamLocal string = "direct-streamlocal@openssh.com" ChannelTypeForwardedStreamLocal string = "forwarded-streamlocal@openssh.com" )
Variables ¶
var ErrAuthenticationFailed = errors.New("authentication failed")
ErrAuthenticationFailed is the error that is returned from TestClient.Connect when the authentication failed.
Functions ¶
func GenerateConnectionID ¶
func GenerateConnectionID() string
GenerateConnectionID generates a globally unique connection ID consisting of hexadecimal characters.
func RunConformanceTests ¶
func RunConformanceTests(t *testing.T, backendFactories map[string]ConformanceTestBackendFactory)
RunConformanceTests runs a suite of conformance tests against the provided backends supporting a standard Linux shell.
Types ¶
type AbstractHandler ¶
type AbstractHandler struct { }
AbstractHandler is the abstract implementation of the Handler interface that can be embedded to get a partial implementation.
func (*AbstractHandler) OnNetworkConnection ¶
func (a *AbstractHandler) OnNetworkConnection(_ net.TCPAddr, _ string) (NetworkConnectionHandler, error)
OnNetworkConnection is called when a new network connection is opened. It must either return a NetworkConnectionHandler object or an error. In case of an error the network connection is closed.
The ip parameter provides the IP address of the connecting user. The connectionID parameter provides an opaque binary identifier for the connection that can be used to track the connection across multiple subsystems.
func (*AbstractHandler) OnReady ¶
func (a *AbstractHandler) OnReady() error
OnReady is called when the server is ready to receive connections. It has an opportunity to return an error to
abort the startup.
func (*AbstractHandler) OnShutdown ¶
func (a *AbstractHandler) OnShutdown(_ context.Context)
OnShutdown is called when a shutdown of the SSH server is desired. The shutdownContext is passed as a deadline
for the shutdown, after which the server should abort all running connections and return as fast as possible.
type AbstractNetworkConnectionHandler ¶
type AbstractNetworkConnectionHandler struct { }
AbstractNetworkConnectionHandler is an empty implementation for the NetworkConnectionHandler interface.
func (*AbstractNetworkConnectionHandler) OnAuthGSSAPI ¶
func (a *AbstractNetworkConnectionHandler) OnAuthGSSAPI(_ metadata.ConnectionMetadata) auth.GSSAPIServer
func (*AbstractNetworkConnectionHandler) OnAuthKeyboardInteractive ¶
func (a *AbstractNetworkConnectionHandler) OnAuthKeyboardInteractive( pendingMeta metadata.ConnectionAuthPendingMetadata, _ func( instruction string, questions KeyboardInteractiveQuestions, ) (answers KeyboardInteractiveAnswers, err error), ) (response AuthResponse, meta metadata.ConnectionAuthenticatedMetadata, reason error)
OnAuthKeyboardInteractive is a callback for interactive authentication. The implementer will be passed a callback function that can be used to issue challenges to the user. These challenges can, but do not have to contain questions.
func (*AbstractNetworkConnectionHandler) OnAuthPassword ¶
func (a *AbstractNetworkConnectionHandler) OnAuthPassword( pendingMeta metadata.ConnectionAuthPendingMetadata, _ []byte, ) (response AuthResponse, meta metadata.ConnectionAuthenticatedMetadata, reason error)
OnAuthPassword is called when a user attempts a password authentication. The implementation must always supply
AuthResponse and may supply error as a reason description.
func (*AbstractNetworkConnectionHandler) OnAuthPubKey ¶
func (a *AbstractNetworkConnectionHandler) OnAuthPubKey( pendingMeta metadata.ConnectionAuthPendingMetadata, _ publicAuth.PublicKey, ) (response AuthResponse, meta metadata.ConnectionAuthenticatedMetadata, reason error)
OnAuthPubKey is called when a user attempts a pubkey authentication. The implementation must always supply
AuthResponse and may supply error as a reason description. The pubKey parameter is an SSH key in the form of "ssh-rsa KEY HERE".
func (*AbstractNetworkConnectionHandler) OnDisconnect ¶
func (a *AbstractNetworkConnectionHandler) OnDisconnect()
OnDisconnect is called when the network connection is closed.
func (*AbstractNetworkConnectionHandler) OnHandshakeFailed ¶
func (a *AbstractNetworkConnectionHandler) OnHandshakeFailed(_ metadata.ConnectionMetadata, _ error)
OnHandshakeFailed is called when the SSH handshake failed. This method is also called after an authentication
failure. After this method is the connection will be closed and the OnDisconnect method will be called.
func (*AbstractNetworkConnectionHandler) OnHandshakeSuccess ¶
func (a *AbstractNetworkConnectionHandler) OnHandshakeSuccess(meta metadata.ConnectionAuthenticatedMetadata) ( SSHConnectionHandler, metadata.ConnectionAuthenticatedMetadata, error, )
OnHandshakeSuccess is called when the SSH handshake was successful. It returns connection to process
requests, or failureReason to indicate that a backend error has happened. In this case, the connection will be closed and OnDisconnect will be called.
func (*AbstractNetworkConnectionHandler) OnShutdown ¶
func (a *AbstractNetworkConnectionHandler) OnShutdown(_ context.Context)
OnShutdown is called when a shutdown of the SSH server is desired. The shutdownContext is passed as a deadline
for the shutdown, after which the server should abort all running connections and return as fast as possible.
type AbstractSSHConnectionHandler ¶
type AbstractSSHConnectionHandler struct { }
AbstractSSHConnectionHandler is an empty implementation of the SSHConnectionHandler providing default methods.
func (*AbstractSSHConnectionHandler) OnFailedDecodeGlobalRequest ¶
func (s *AbstractSSHConnectionHandler) OnFailedDecodeGlobalRequest(_ uint64, _ string, _ []byte, _ error)
func (*AbstractSSHConnectionHandler) OnSessionChannel ¶
func (a *AbstractSSHConnectionHandler) OnSessionChannel(_ metadata.ChannelMetadata, _ []byte, _ SessionChannel) ( channel SessionChannelHandler, failureReason ChannelRejection, )
OnSessionChannel is called when a channel of the session type is requested. The implementer must either return
the channel result if the channel was successful, or failureReason to state why the channel should be rejected.
func (*AbstractSSHConnectionHandler) OnShutdown ¶
func (a *AbstractSSHConnectionHandler) OnShutdown(_ context.Context)
OnShutdown is called when a shutdown of the SSH server is desired. The shutdownContext is passed as a deadline
for the shutdown, after which the server should abort all running connections and return as fast as possible.
func (*AbstractSSHConnectionHandler) OnUnsupportedChannel ¶
func (a *AbstractSSHConnectionHandler) OnUnsupportedChannel(_ uint64, _ string, _ []byte)
OnUnsupportedChannel is called when a new channel is requested of an unsupported type. This gives the implementer
the ability to log unsupported channel requests.
channelID is an ID uniquely identifying the channel within the connection. channelType is the type of channel requested by the client. We only support the "session" channel type extraData contains the binary extra data submitted by the client. This is usually empty.
func (*AbstractSSHConnectionHandler) OnUnsupportedGlobalRequest ¶
func (a *AbstractSSHConnectionHandler) OnUnsupportedGlobalRequest(_ uint64, _ string, _ []byte)
OnUnsupportedGlobalRequest captures all global SSH requests and gives the implementation an opportunity to log
the request.
requestID is an ID uniquely identifying the request within the scope connection. The same ID may appear within
a channel.
type AbstractSessionChannelHandler ¶
type AbstractSessionChannelHandler struct { }
AbstractSessionChannelHandler is an abstract implementation of SessionChannelHandler providing default implementations.
func (*AbstractSessionChannelHandler) OnClose ¶
func (a *AbstractSessionChannelHandler) OnClose()
OnClose is called when the channel is closed.
func (*AbstractSessionChannelHandler) OnEnvRequest ¶
func (a *AbstractSessionChannelHandler) OnEnvRequest( _ uint64, _ string, _ string, ) error
OnEnvRequest is called when the client requests an environment variable to be set. The implementation can return
an error to reject the request.
func (*AbstractSessionChannelHandler) OnExecRequest ¶
func (a *AbstractSessionChannelHandler) OnExecRequest( _ uint64, _ string, ) error
OnExecRequest is called when the client request a program to be executed. The implementation can return an error
to reject the request. This method MUST NOT block beyond initializing the program.
func (*AbstractSessionChannelHandler) OnFailedDecodeChannelRequest ¶
func (a *AbstractSessionChannelHandler) OnFailedDecodeChannelRequest( _ uint64, _ string, _ []byte, _ error, )
OnFailedDecodeChannelRequest is called when a supported channel request was received, but the payload could not
be decoded.
requestID is an incrementing number uniquely identifying this request within the channel. RequestType contains the SSH request type. payload is the binary payload. reason is the reason why the decoding failed.
func (*AbstractSessionChannelHandler) OnPtyRequest ¶
func (a *AbstractSessionChannelHandler) OnPtyRequest( _ uint64, _ string, _ uint32, _ uint32, _ uint32, _ uint32, _ []byte, ) error
OnPtyRequest is called when the client requests an interactive terminal to be allocated. The implementation can
return an error to reject the request.
requestID is an incrementing number uniquely identifying this request within the channel. Term is the terminal Name. This is usually set in the TERM environment variable. Columns is the number of Columns in the terminal. Rows is the number of Rows in the terminal. Width is the Width of the terminal in pixels. Height is the Height of a terminal in pixels. ModeList are the encoded terminal modes the client desires. See RFC4254 section 8 and RFC8160 for details.
func (*AbstractSessionChannelHandler) OnShell ¶
func (a *AbstractSessionChannelHandler) OnShell( _ uint64, ) error
OnShell is called when the client requests a shell to be started. The implementation can return an error to
reject the request. The implementation should send the IO handling into background. It should also respect the shutdown context on the Handler. This method MUST NOT block beyond initializing the shell.
func (*AbstractSessionChannelHandler) OnShutdown ¶
func (a *AbstractSessionChannelHandler) OnShutdown(_ context.Context)
OnShutdown is called when a shutdown of the SSH server is desired. The shutdownContext is passed as a deadline
for the shutdown, after which the server should abort all running connections and return as fast as possible.
func (*AbstractSessionChannelHandler) OnSignal ¶
func (a *AbstractSessionChannelHandler) OnSignal( _ uint64, _ string, ) error
OnSignal is called when the client requests a Signal to be sent to the running process. The implementation can
return an error to reject the request.
func (*AbstractSessionChannelHandler) OnSubsystem ¶
func (a *AbstractSessionChannelHandler) OnSubsystem( _ uint64, _ string, ) error
OnSubsystem is called when the client calls a well-known Subsystem (e.g. sftp). The implementation can return an
error to reject the request. The implementation should send the IO handling into background. It should also respect the shutdown context on the Handler. This method MUST NOT block beyond initializing the subsystem.
func (*AbstractSessionChannelHandler) OnUnsupportedChannelRequest ¶
func (a *AbstractSessionChannelHandler) OnUnsupportedChannelRequest( _ uint64, _ string, _ []byte, )
OnUnsupportedChannelRequest captures channel requests of unsupported types.
requestID is an incrementing number uniquely identifying this request within the channel. RequestType contains the SSH request type. payload is the binary payload.
func (*AbstractSessionChannelHandler) OnWindow ¶
func (a *AbstractSessionChannelHandler) OnWindow( _ uint64, _ uint32, _ uint32, _ uint32, _ uint32, ) error
OnWindow is called when the client requests the window size to be changed. This method may be called
after a program is started. The implementation can return an error to reject the request.
requestID is an incrementing number uniquely identifying this request within the channel. Columns is the number of Columns in the terminal. Rows is the number of Rows in the terminal. Width is the Width of the terminal in pixels. Height is the Height of a terminal in pixels.
func (*AbstractSessionChannelHandler) OnX11Request ¶
func (s *AbstractSessionChannelHandler) OnX11Request( requestID uint64, singleConnection bool, protocol string, cookie string, screen uint32, reverseHandler ReverseForward, ) error
OnX11Request is called when the client requests the forwarding of X11 connections from the container to the client. This method may be called after a program is started. The implementation can return an error to reject the request.
requestID is an incrementing number uniquely identifying the request within the channel. singleConnection is a flag determining whether only one or multiple connections should be forwarded protocol is the authentication protocol for the X11 connections cookie is the authentication cookie for the X11 connections screen is the X11 screen number reverseHandler is a callback interface to signal when new connections are made
type AuthResponse ¶
type AuthResponse uint8
AuthResponse is the result of the authentication process.
const ( // AuthResponseSuccess indicates that the authentication was successful. AuthResponseSuccess AuthResponse = 1 // AuthResponseFailure indicates that the authentication failed for invalid credentials. AuthResponseFailure AuthResponse = 2 // to respond. AuthResponseUnavailable AuthResponse = 3 )
type ChannelRejection ¶
type ChannelRejection interface { message2.Message // Reason contains the SSH-specific reason for the rejection. Reason() ssh.RejectionReason }
ChannelRejection is an error type that also contains a Message and a Reason
func NewChannelRejection ¶
func NewChannelRejection( Reason ssh.RejectionReason, Code string, UserMessage string, Explanation string, Args ...interface{}, ) ChannelRejection
NewChannelRejection constructs a Message that rejects a channel.
Reason is the SSH rejection reason.
Code is an error code allowing an administrator to identify the error that happened.
UserMessage is the message that can be printed to the user if needed.
Explanation is the explanation string to the system administrator. This is an fmt.Sprintf-compatible string
Args are the arguments to Explanation to create a formatted message. It is recommended that these arguments also be added as labels to allow system administrators to index the error properly.
type ConformanceTestBackendFactory ¶
type ConformanceTestBackendFactory = func(t *testing.T, logger log.Logger) (NetworkConnectionHandler, error)
ConformanceTestBackendFactory is a method to creating a network connection conformanceTestHandler for testing purposes.
type ExitStatus ¶
type ExitStatus uint32
ExitStatus contains the status code with which the program exited. See RFC 4254 section 6.10: Returning Exit Status for details. ( https://tools.ietf.org/html/rfc4254#section-6.10 )
type ForwardChannel ¶
type ForwardChannel interface { Read([]byte) (int, error) Write([]byte) (int, error) Close() error }
ForwardChannel represents a network forwarding channel
type Handler ¶
type Handler interface { // OnReady is called when the server is ready to receive connections. It has an opportunity to return an error to // abort the startup. OnReady() error // OnShutdown is called when a shutdown of the SSH server is desired. The shutdownContext is passed as a deadline // for the shutdown, after which the server should abort all running connections and return as fast as // possible. OnShutdown(shutdownContext context.Context) // OnNetworkConnection is called when a new network connection is opened. It must either return a // NetworkConnectionHandler object or an error. In case of an error the network connection is closed. OnNetworkConnection(metadata.ConnectionMetadata) (NetworkConnectionHandler, metadata.ConnectionMetadata, error) }
Handler is the basic conformanceTestHandler for SSH connections. It contains several methods to handle startup and operations of the
server
func NewTestAuthenticationHandler ¶
NewTestAuthenticationHandler creates a new backend that authenticates a user based on the users variable and passes all further calls to the backend.
func NewTestHandler ¶
func NewTestHandler() Handler
NewTestHandler creates a conformanceTestHandler that can be used for testing purposes. It does not authenticate, that can be done using the NewTestAuthenticationHandler
type KeyboardInteractiveAnswers ¶
type KeyboardInteractiveAnswers struct {
// contains filtered or unexported fields
}
KeyboardInteractiveAnswers is a set of answer to a keyboard-interactive challenge.
func (*KeyboardInteractiveAnswers) Get ¶
func (k *KeyboardInteractiveAnswers) Get(question KeyboardInteractiveQuestion) (string, error)
Get returns the answer for a question, or an error if no answer is present.
func (*KeyboardInteractiveAnswers) GetByQuestionText ¶
func (k *KeyboardInteractiveAnswers) GetByQuestionText(question string) (string, error)
GetByQuestionText returns the answer for a question text, or an error if no answer is present.
type KeyboardInteractiveQuestion ¶
type KeyboardInteractiveQuestion struct { // ID is an optional opaque ID that can be used to identify a question in an answer. Can be left empty. ID string // Question is the question text sent to the user. Question string // EchoResponse should be set to true to show the typed response to the user. EchoResponse bool }
KeyboardInteractiveQuestion contains a question issued to a user as part of the keyboard-interactive exchange.
type KeyboardInteractiveQuestions ¶
type KeyboardInteractiveQuestions []KeyboardInteractiveQuestion
KeyboardInteractiveQuestions is a list of questions for keyboard-interactive authentication
func (*KeyboardInteractiveQuestions) Add ¶
func (k *KeyboardInteractiveQuestions) Add(question KeyboardInteractiveQuestion)
type NetworkConnectionHandler ¶
type NetworkConnectionHandler interface { // OnAuthPassword is called when a user attempts a password authentication. The implementation must always supply // AuthResponse and may supply error as a reason description. OnAuthPassword(meta metadata.ConnectionAuthPendingMetadata, password []byte) ( AuthResponse, metadata.ConnectionAuthenticatedMetadata, error, ) // OnAuthPubKey is called when a user attempts a pubkey authentication. The implementation must always supply // AuthResponse and may supply error as a reason description. The pubKey parameter is an SSH key in // the form of "ssh-rsa KEY HERE". OnAuthPubKey(meta metadata.ConnectionAuthPendingMetadata, pubKey auth.PublicKey) ( AuthResponse, metadata.ConnectionAuthenticatedMetadata, error, ) // OnAuthKeyboardInteractive is a callback for interactive authentication. The implementer will be passed a callback // function that can be used to issue challenges to the user. These challenges can, but do not have to contain // questions. OnAuthKeyboardInteractive( meta metadata.ConnectionAuthPendingMetadata, challenge func( instruction string, questions KeyboardInteractiveQuestions, ) (answers KeyboardInteractiveAnswers, err error), ) (AuthResponse, metadata.ConnectionAuthenticatedMetadata, error) // OnAuthGSSAPI returns a GSSAPIServer which can perform a GSSAPI authentication. OnAuthGSSAPI(metadata metadata.ConnectionMetadata) auth2.GSSAPIServer // OnHandshakeFailed is called when the SSH handshake failed. This method is also called after an authentication // failure. After this method is the connection will be closed and the OnDisconnect method will be // called. OnHandshakeFailed(metadata metadata.ConnectionMetadata, reason error) // OnHandshakeSuccess is called when the SSH handshake was successful. It returns metadata to process // requests, or failureReason to indicate that a backend error has happened. In this case, the // metadata will be closed and OnDisconnect will be called. OnHandshakeSuccess(metadata.ConnectionAuthenticatedMetadata) ( connection SSHConnectionHandler, meta metadata.ConnectionAuthenticatedMetadata, failureReason error, ) // OnDisconnect is called when the network connection is closed. OnDisconnect() // OnShutdown is called when a shutdown of the SSH server is desired. The shutdownContext is passed as a deadline // for the shutdown, after which the server should abort all running connections and return as fast as // possible. OnShutdown(shutdownContext context.Context) }
NetworkConnectionHandler is an object that is used to represent the underlying network connection and the SSH handshake.
type ReverseForward ¶
type ReverseForward interface { // NewChannelTCP requests the opening of a reverse forwarding TCP channel // // connectedAddress is the address that was connected to // connectedPort is the port that was connected to // originatorAddress is the address of the initiator of the connection // originatorPort is the port of the initiator of the connection NewChannelTCP(connectedAddress string, connectedPort uint32, originatorAddress string, originatorPort uint32) (ForwardChannel, uint64, error) // NewChannelUnix requests the opening of a reverse forwarding unix socket channel // // path is the container-based path to the unix socket that is being forwarded NewChannelUnix(path string) (ForwardChannel, uint64, error) // NewChannelX11 requests the opening of an X11 channel // // originatorAddress is the address that initiated the X11 request // originatorPort is the port that originated the X11 request NewChannelX11(originatorAddress string, originatorPort uint32) (ForwardChannel, uint64, error) }
ReverseForward contains a set of callbacks for backends to request the opening of a new channel
type ReverseForwardHandler ¶
type ReverseForwardHandler struct {
// contains filtered or unexported fields
}
func (*ReverseForwardHandler) NewChannelTCP ¶
func (r *ReverseForwardHandler) NewChannelTCP( connectedAddress string, connectedPort uint32, originatorAddress string, originatorPort uint32, ) (ForwardChannel, uint64, error)
func (*ReverseForwardHandler) NewChannelUnix ¶
func (r *ReverseForwardHandler) NewChannelUnix( path string, ) (ForwardChannel, uint64, error)
func (*ReverseForwardHandler) NewChannelX11 ¶
func (r *ReverseForwardHandler) NewChannelX11( originatorAddress string, originatorPort uint32, ) (ForwardChannel, uint64, error)
type SSHConnectionHandler ¶
type SSHConnectionHandler interface { // OnUnsupportedGlobalRequest captures all global SSH requests and gives the implementation an opportunity to log // the request. // // requestID is an ID uniquely identifying the request within the scope connection. The same ID may appear within // a channel. OnUnsupportedGlobalRequest(requestID uint64, requestType string, payload []byte) // OnFailedDecodeGlobalRequest is called when a global request was received but the payload could not be decoded // // requestID is an ID uniquely identifying the request within the scope of the connection. The same ID may appear within a channel OnFailedDecodeGlobalRequest(requestID uint64, requestType string, payload []byte, reason error) // OnUnsupportedChannel is called when a new channel is requested of an unsupported type. This gives the implementer // the ability to log unsupported channel requests. // // channelID is an ID uniquely identifying the channel within the connection. // channelType is the type of channel requested by the client. We only support the "session" channel type // extraData contains the binary extra data submitted by the client. This is usually empty. OnUnsupportedChannel(channelID uint64, channelType string, extraData []byte) // OnSessionChannel is called when a channel of the session type is requested. The implementer must either return // the channel result if the channel was successful, or failureReason to state why the channel // should be rejected. // // channelMetadata contains the metadata for the channel. // extraData contains the binary extra data submitted by the client. This is usually empty. // session contains a set of calls that can be used to manipulate the SSH session. OnSessionChannel( channelMetadata metadata.ChannelMetadata, extraData []byte, session SessionChannel, ) (channel SessionChannelHandler, failureReason ChannelRejection) // OnTCPForwardChannel is called when a channel of the direct-tcpip type is requested. The implementer must either return // the channel result if the channel was successful, or failureReason to state why the channel // should be rejected. // // channelID is an ID uniquely identifying the channel within then connection. // hostToConnect contains the IP address or hostname to connect to // portToConnect contains the port to connect to // originatorHost contains the IP address or hostname the connection originates from // originatorPort contains the port the connection originates from OnTCPForwardChannel( channelID uint64, hostToConnect string, portToConnect uint32, originatorHost string, originatorPort uint32, ) (channel ForwardChannel, failureReason ChannelRejection) // OnRequestTCPReverseForward is called when a request is received to start listening on a tcp port and forward all connections from it. The implementer must listen on the host and port provided and signal new connections via the reverseHandler calling the appropriate function (NewChannelTCP) // // bindHost is the interface to listen on // bindPort is the port to listen on // reverseHandler is a set of callbacks to signal new connections OnRequestTCPReverseForward(bindHost string, bindPort uint32, reverseHandler ReverseForward) error // OnRequestCancelTCPReverseForward is called when a request to cancel an existing tcp port forwarding is received // // bindHost is the interface of the forwarding to be cancelled // bindPort is the port of the forwarding to be cancelled OnRequestCancelTCPReverseForward(bindHost string, bindPort uint32) error // OnDirectStreamLocal is called when a new forwarding channel is opened to connect and forward data to a unix socket within a container // // channelID is the channelID of the channel that was opened // path is the path to the unix socket to be used OnDirectStreamLocal( channelID uint64, path string, ) (channel ForwardChannel, failureReason ChannelRejection) // OnRequestStreamLocal is called when unix socket forwarding from the container to the client is requested. The implementer must listen on socket path provided and signal new connections via the reverseHandler calling the appropriate function (NewChannelTCP) // // path is the path to the unix socket to be forwarded // reverseHandler is a set of callbacks to signal new connections OnRequestStreamLocal( path string, reverseHandler ReverseForward, ) error // OnRequestCancelStreamLocal is called when a request to cancel an existing tcp port forwarding is received // // bindHost is the interface of the forwarding to be cancelled // bindPort is the port of the forwarding to be cancelled OnRequestCancelStreamLocal( path string, ) error // OnShutdown is called when a shutdown of the SSH server is desired. The shutdownContext is passed as a deadline // for the shutdown, after which the server should abort all running connections and return as fast as // possible. OnShutdown(shutdownContext context.Context) }
SSHConnectionHandler represents an established SSH connection that is ready to receive requests.
type Server ¶
Server is the main SSH server interface, compatible with the Service library. It should always be used in conjunction with the Lifecycle interface from the service library.
type SessionChannel ¶
type SessionChannel interface { // Stdin returns the reader for the standard input. Stdin() io.Reader // Stdout returns the writer for the standard output. Stdout() io.Writer // Stderr returns the writer for the standard error. Stderr() io.Writer // ExitStatus sends the program exit status to the client. ExitStatus(code uint32) // ExitSignal sends a message to the client indicating that the program exited violently. ExitSignal(signal string, coreDumped bool, errorMessage string, languageTag string) // CloseWrite sends an EOF to the client indicating that no more data will be sent on stdout or stderr. CloseWrite() error // Close closes the channel for reading and writing. Close() error }
SessionChannel contains a set of calls to manipulate the session channel.
type SessionChannelHandler ¶
type SessionChannelHandler interface { // OnUnsupportedChannelRequest captures channel requests of unsupported types. // // requestID is an incrementing number uniquely identifying this request within the channel. // RequestType contains the SSH request type. // payload is the binary payload. OnUnsupportedChannelRequest( requestID uint64, requestType string, payload []byte, ) // OnFailedDecodeChannelRequest is called when a supported channel request was received, but the payload could not // be decoded. // // requestID is an incrementing number uniquely identifying this request within the channel. // RequestType contains the SSH request type. // payload is the binary payload. // reason is the reason why the decoding failed. OnFailedDecodeChannelRequest( requestID uint64, requestType string, payload []byte, reason error, ) // OnEnvRequest is called when the client requests an environment variable to be set. The implementation can return // an error to reject the request. OnEnvRequest( requestID uint64, name string, value string, ) error // OnPtyRequest is called when the client requests an interactive terminal to be allocated. The implementation can // return an error to reject the request. // // requestID is an incrementing number uniquely identifying this request within the channel. // Term is the terminal Name. This is usually set in the TERM environment variable. // Columns is the number of Columns in the terminal. // Rows is the number of Rows in the terminal. // Width is the Width of the terminal in pixels. // Height is the Height of a terminal in pixels. // ModeList are the encoded terminal modes the client desires. See RFC4254 section 8 and RFC8160 for details. OnPtyRequest( requestID uint64, term string, columns uint32, rows uint32, width uint32, height uint32, modeList []byte, ) error // OnX11Request is called when the client requests the forwarding of X11 connections from the container to the client. // This method may be called after a program is started. The implementation can return an error to reject the request. // // requestID is an incrementing number uniquely identifying the request within the channel. // singleConnection is a flag determining whether only one or multiple connections should be forwarded // protocol is the authentication protocol for the X11 connections // cookie is the authentication cookie for the X11 connections // screen is the X11 screen number // reverseHandler is a callback interface to signal when new connections are made OnX11Request( requestID uint64, singleConnection bool, protocol string, cookie string, screen uint32, reverseHandler ReverseForward, ) error // OnExecRequest is called when the client request a program to be executed. The implementation can return an error // to reject the request. This method MUST NOT block beyond initializing the program. // // requestID is an incrementing number uniquely identifying this request within the channel. // program is the Name of the program to be executed. OnExecRequest( requestID uint64, program string, ) error // OnShell is called when the client requests a shell to be started. The implementation can return an error to // reject the request. The implementation should send the IO handling into background. It should also // respect the shutdown context on the Handler. This method MUST NOT block beyond initializing the shell. // // requestID is an incrementing number uniquely identifying this request within the channel. // stdin is a reader for the shell or program to read the stdin. // stdout is a writer for the shell or program standard output. // stderr is a writer for the shell or program standard error. // writeClose closes the stdout and stderr for writing. // onExit is a callback to send the exit status back to the client. OnShell( requestID uint64, ) error // OnSubsystem is called when the client calls a well-known Subsystem (e.g. sftp). The implementation can return an // error to reject the request. The implementation should send the IO handling into background. It // should also respect the shutdown context on the Handler. This method MUST NOT block beyond // initializing the subsystem. // // requestID is an incrementing number uniquely identifying this request within the channel. // subsystem is the name of the subsystem to be launched (e.g. sftp) OnSubsystem( requestID uint64, subsystem string, ) error // OnSignal is called when the client requests a Signal to be sent to the running process. The implementation can // return an error to reject the request. OnSignal( requestID uint64, signal string, ) error // OnWindow is called when the client requests the window size to be changed. This method may be called // after a program is started. The implementation can return an error to reject the request. // // requestID is an incrementing number uniquely identifying this request within the channel. // Columns is the number of Columns in the terminal. // Rows is the number of Rows in the terminal. // Width is the Width of the terminal in pixels. // Height is the Height of a terminal in pixels. OnWindow( requestID uint64, columns uint32, rows uint32, width uint32, height uint32, ) error // OnClose is called when the channel is closed. OnClose() // OnShutdown is called when a shutdown of the SSH server is desired. The shutdownContext is passed as a deadline // for the shutdown, after which the server should abort all running connections and return as fast as // possible. OnShutdown(shutdownContext context.Context) }
SessionChannelHandler is a channel of the "session" type used for interactive and non-interactive sessions
type TestClient ¶
type TestClient interface { // Connect establishes a connection to the server. Connect() (TestClientConnection, error) // MustConnect is identical to Connect, but panics it if it cannot connect. MustConnect() TestClientConnection }
TestClient is an SSH client intended solely for testing purposes.
func NewTestClient ¶
func NewTestClient( server string, hostPrivateKey string, user *TestUser, logger log.Logger, ) TestClient
NewTestClient creates a new TestClient instance with the specified parameters
- server is the host and IP pair of the server. - hostPrivateKey is the PEM-encoded private host key. The public key and fingerprint are automatically extracted. - username is the username. - password is the password used for authentication.
type TestClientConnection ¶
type TestClientConnection interface { // Session establishes a new session channel Session() (TestClientSession, error) //MustSession is identical to Session but panics if a session cannot be requested. MustSession() TestClientSession // Close closes the connection and all sessions in it. Close() error }
TestClientConnection is an individual established connection to the server
type TestClientSession ¶
type TestClientSession interface { // SetEnv sets an environment variable or returns with an error. SetEnv(name string, value string) error // MustSetEnv is identical to SetEnv, but panics if an error happens. MustSetEnv(name string, value string) // Window requests the terminal window to be resized to a certain size. Window(cols int, rows int) error // MustWindow is identical to Window, but panics if an error happens. MustWindow(cols int, rows int) // RequestPTY requests the server to open a PTY/TTY for this channel. Returns an error if the request failed. RequestPTY(term string, cols int, rows int) error // MustRequestPTY is identical to RequestPTY but panics if an error happens. MustRequestPTY(term string, cols int, rows int) // Signal sends a signal to the process Signal(signal string) error // MustSignal is equal to Signal but panics if an error happens. MustSignal(signal string) // Shell requests a shell to be opened. After this call returns I/O interactions are possible. Shell() error // MustShell is identical to Shell but panics if an error happens. MustShell() // Exec requests a specific program to be executed. After this call returns I/O interactions are possible. Exec(program string) error // MustExec is identical to Exec but panics if an error happens. MustExec(program string) // Subsystem requests a specific subsystem to be executed. After this call returns I/O interactions are possible. Subsystem(name string) error // MustSubsystem is identical to Subsystem but panics if an error happens. MustSubsystem(name string) // Write writes to the stdin of the session. Write(data []byte) (int, error) // Type writes to the stdin slowly with 50 ms delays Type(data []byte) error // Read reads from the stdout of the session. Read(data []byte) (int, error) // ReadRemaining reads the remaining bytes from stdout until EOF. ReadRemaining() // ReadRemainingStderr reads the remaining bytes from stderr until EOF. ReadRemainingStderr() // WaitForStdout waits for a specific byte sequence to appear on the stdout. WaitForStdout(ctx context.Context, data []byte) error // Stderr returns the reader for the stdout. Stderr() io.Reader // Wait waits for the session to terminate. Wait() error // ExitCode returns the exit code received from the session, or -1 if not received. ExitCode() int // Close closes the session. Close() error }
TestClientSession is a representation of a session channel inside a test client connection.
type TestServer ¶
type TestServer interface { // GetHostKey returns the hosts private key in PEM format. This can be used to extract the public key. GetHostKey() string // Start starts the server in the background. Start() // Stop stops the server running in the background. Stop(timeout time.Duration) // GetListen returns the listen IP and port GetListen() string }
TestServer describes
func NewTestServer ¶
func NewTestServer(t *testing.T, handler Handler, logger log.Logger, config *config2.SSHConfig) TestServer
NewTestServer is a simplified API to start and stop a test server.
type TestUser ¶
type TestUser struct {
// contains filtered or unexported fields
}
TestUser is a container for a username, a password and public keys
func NewTestUser ¶
NewTestUser creates a user that can be used with NewTestHandler and NewTestClient.
func (*TestUser) AddKeyboardInteractiveChallengeResponse ¶
func (u *TestUser) AddKeyboardInteractiveChallengeResponse(challenge string, expectedResponse string)
AddKeyboardInteractiveChallengeResponse adds a challenge with an expected response for keyboard-interactive authentication.
func (*TestUser) GenerateKey ¶
GenerateKey generates a public and private key pair that can be used to authenticate with this user.
func (*TestUser) GetAuthMethods ¶
func (u *TestUser) GetAuthMethods() []ssh.AuthMethod
func (*TestUser) GetAuthorizedKeys ¶
GetAuthorizedKeys returns a slice of the authorized keys of this user.
func (*TestUser) KeyboardInteractiveChallengeResponse ¶
func (u *TestUser) KeyboardInteractiveChallengeResponse() (questions KeyboardInteractiveQuestions)
KeyboardInteractiveChallengeResponse returns a construct of KeyboardInteractiveQuestions
func (*TestUser) RandomPassword ¶
func (u *TestUser) RandomPassword()
RandomPassword generates a random password for this user.
func (*TestUser) SetPassword ¶
SetPassword sets a specific password for this user.
Source Files ¶
- AbstractHandler.go
- AbstractNetworkConnectionHandler.go
- AbstractSSHConnectionHandler.go
- AbstractSessionChannelHandler.go
- ConformanceTestBackendFactory.go
- New.go
- NewTestAuthenticationHandler.go
- NewTestClient.go
- NewTestHandler.go
- NewTestServer.go
- NewTestUser.go
- RunConformanceTests.go
- Server.go
- ServerVersion.go
- TestClient.go
- TestClientConnection.go
- TestClientSession.go
- TestServer.go
- TestUser.go
- channelWrapper.go
- conformanceShellCommand.go
- conformanceTestHandler.go
- conformanceTestSuite.go
- connectionid.go
- handler.go
- networkConnectionWrapper.go
- newConformanceTestHandler.go
- rejection.go
- reverseForwardHandlerImpl.go
- serverImpl.go
- serverImpl_unix.go
- shutdownCloser.go
- shutdownRegistry.go
- syncContextPipe.go
- testAuthenticationHandler.go
- testAuthenticationNetworkHandler.go
- testClientConnectionImpl.go
- testClientImpl.go
- testClientSessionImpl.go
- testHandlerImpl.go
- testNetworkHandlerImpl.go
- testSSHHandler.go
- testServerImpl.go
- testSessionChannel.go