Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func VerifyOTP ¶
func VerifyOTP(req *SSHVerifyRequest) error
Reads the OTP from the prompt and sends the OTP to vault server. Server searches for an entry corresponding to the OTP. If there exists one, it responds with the IP address and username associated with it. The username returned should match the username for which authentication is requested (environment variable PAM_USER holds this value).
IP address returned by vault should match the addresses of network interfaces or it should belong to the list of allowed CIDR blocks in the config file.
This method is also used to verify if the communication between ssh-helper and Vault server can be established with the given configuration data. If OTP in the request matches the echo request message, then the echo response message is expected in the response, which indicates successful connection establishment.
Types ¶
type SSHVerifyRequest ¶
type SSHVerifyRequest struct { // Http client to communicate with Vault Client *api.Client // Mount point of SSH backend at Vault MountPoint string // This can be either an echo request message, which if set Vault will // respond with echo response message. OR, it can be the one-time-password // entered by the user at the prompt. OTP string // Structure containing configuration parameters of ssh-helper Config *api.SSHHelperConfig }
Structure representing the ssh-helper's verification request.