Documentation
¶
Index ¶
- Constants
- type Comparer
- type Config
- func (c Config) InteractiveCallback(ctx session.Context) ...
- func (c Config) PasswordCallback(ctx session.Context) func(conn gossh.ConnMetadata, password []byte) (*gossh.Permissions, error)
- func (c *Config) Provision(ctx caddy.Context) error
- func (c Config) PublicKeyCallback(ctx session.Context) func(conn gossh.ConnMetadata, key gossh.PublicKey) (*gossh.Permissions, error)
- type Group
- type InteractiveFlow
- type PasswordAuthFlow
- type PublicKeyFlow
- type User
- type UserCertificateAuthenticator
- type UserInteractiveAuthenticator
- type UserPasswordAuthenticator
- type UserPublicKeyAuthenticator
Constants ¶
const (
// The context key pointing to the authenticated user value
UserCtxKey ctxKey = "user"
)
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Comparer ¶
type Comparer interface {
// Compare returns true if the result of hashing
// plaintextPassword with salt is hashedPassword,
// false otherwise. An error is returned only if
// there is a technical/configuration error.
Compare(hashedPassword, plaintextPassword, salt []byte) (bool, error)
}
Comparer is a type that can securely compare a plaintext password with a hashed password in constant-time. Comparers should hash the plaintext password and then use constant-time comparison. As defined in github.com/caddyserver/caddy
type Config ¶
type Config struct {
AllowUsers []string `json:"allow_users,omitempty"`
DenyUsers []string `json:"deny_users,omitempty"`
AllowGroups []string `json:"allow_groups,omitempty"`
DenyGroups []string `json:"deny_groups,omitempty"`
// UsernamePassword holds the configuration of the password-based
// authentication flow. nil value disables the authentication flow.
UsernamePassword *PasswordAuthFlow `json:"username_password,omitempty"`
// PublicKey holds the configuration of the public-key-based
// authentication flow. nil value disables the authentication flow.
PublicKey *PublicKeyFlow `json:"public_key,omitempty"`
// Interactive holds the configuration of the interactive-based
// authentication flow. nil value disables the authentication flow.
Interactive *InteractiveFlow `json:"interactive,omitempty"`
// contains filtered or unexported fields
}
Config holds the configuration of the various authentication flows, including allow/deny users/groups.
func (Config) InteractiveCallback ¶
func (c Config) InteractiveCallback(ctx session.Context) func(conn gossh.ConnMetadata, client gossh.KeyboardInteractiveChallenge) (*gossh.Permissions, error)
InteractiveCallback returns an authentiction callback conforming to the interactive authentication callback func needed by ServerConfig of golang.org/x/crypto/ssh. The method returns nil if the field Interactive is nil to disable interactive authentication.
func (Config) PasswordCallback ¶
func (c Config) PasswordCallback(ctx session.Context) func(conn gossh.ConnMetadata, password []byte) (*gossh.Permissions, error)
PasswordCallback returns an authentiction callback conforming to the password callback func needed by ServerConfig of golang.org/x/crypto/ssh. The method returns nil if the field UsernamePassword is nil to disable password authentication.
func (*Config) Provision ¶
Provision sets up the allowed/denied users/groups and provisions the non-nil authentication flows
func (Config) PublicKeyCallback ¶
func (c Config) PublicKeyCallback(ctx session.Context) func(conn gossh.ConnMetadata, key gossh.PublicKey) (*gossh.Permissions, error)
PublicKeyCallback returns an authentiction callback conforming to the public key authentication callback func needed by ServerConfig of golang.org/x/crypto/ssh. The method returns nil if the field PublicKey is nil to disable public key authentication.
type Group ¶
Group is an abstraction of the group of the authenticated user when stored in the session context
type InteractiveFlow ¶
type InteractiveFlow struct {
// A set of authentication providers implementing the UserInteractiveAuthenticator interface. If none are specified,
// all requests will always be unauthenticated.
ProvidersRaw caddy.ModuleMap `json:"providers,omitempty" caddy:"namespace=ssh.providers.interactive"`
// contains filtered or unexported fields
}
InteractiveFlow holds the interactive authentication providers
func (InteractiveFlow) CaddyModule ¶
func (upf InteractiveFlow) CaddyModule() caddy.ModuleInfo
This method indicates that the type is a Caddy module. The returned ModuleInfo must have both a name and a constructor function. This method must not have any side-effects.
func (*InteractiveFlow) Provision ¶
func (upf *InteractiveFlow) Provision(ctx caddy.Context) error
Provision sets up and loads the providers of conforming to UserInteractiveAuthenticator interface
type PasswordAuthFlow ¶
type PasswordAuthFlow struct {
// A set of authentication providers implementing the UserPasswordAuthenticator interface. If none are specified,
// all requests will always be unauthenticated.
ProvidersRaw caddy.ModuleMap `json:"providers,omitempty" caddy:"namespace=ssh.authentication.providers.password"`
PermitEmptyPasswords bool `json:"permit_empty_passwords,omitempty"`
// contains filtered or unexported fields
}
// PasswordAuthFlow holds the password-based authentication providers
func (PasswordAuthFlow) CaddyModule ¶
func (paf PasswordAuthFlow) CaddyModule() caddy.ModuleInfo
This method indicates that the type is a Caddy module. The returned ModuleInfo must have both a name and a constructor function. This method must not have any side-effects.
func (*PasswordAuthFlow) Provision ¶
func (paf *PasswordAuthFlow) Provision(ctx caddy.Context) error
Provision sets up and loads the providers of conforming to UserPasswordAuthenticator interface
type PublicKeyFlow ¶
type PublicKeyFlow struct {
// A set of authentication providers implementing the UserPublicKeyAuthenticator interface. If none are specified,
// all requests will always be unauthenticated.
ProvidersRaw caddy.ModuleMap `json:"providers,omitempty" caddy:"namespace=ssh.authentication.providers.public_key"`
// contains filtered or unexported fields
}
PublicKeyFlow holds the public key authentication providers
func (PublicKeyFlow) CaddyModule ¶
func (PublicKeyFlow) CaddyModule() caddy.ModuleInfo
This method indicates that the type is a Caddy module. The returned ModuleInfo must have both a name and a constructor function. This method must not have any side-effects.
func (*PublicKeyFlow) Provision ¶
func (pk *PublicKeyFlow) Provision(ctx caddy.Context) error
Provision sets up and loads the providers of conforming to UserPublicKeyAuthenticator interface
type User ¶
type User interface {
Uid() string
Gid() string
Username() string
Name() string
HomeDir() string
GroupIDs() ([]string, error)
Groups() []Group
Metadata() map[string]interface{}
Permissions() *gossh.Permissions
}
User is the type of the authenticated user when stored in the session context
type UserCertificateAuthenticator ¶
type UserCertificateAuthenticator interface {
AuthenticateUser(ctx session.ConnMetadata, key gossh.PublicKey) (User, bool, error)
}
TODO: TBD -- the implementation should take into consideration: https://pkg.go.dev/golang.org/x/crypto/ssh#CertChecker
type UserInteractiveAuthenticator ¶
type UserInteractiveAuthenticator interface {
AuthenticateUser(conn session.ConnMetadata, client gossh.KeyboardInteractiveChallenge) (User, bool, error)
}
UserInteractiveAuthenticator is the interface authentication providers should implement to be used in ssh.authentication.flows.interactive
type UserPasswordAuthenticator ¶
type UserPasswordAuthenticator interface {
AuthenticateUser(ctx session.ConnMetadata, password []byte) (User, bool, error)
}
UserPasswordAuthenticator is the interface authentication providers should implement to be used in ssh.authentication.flows.password_auth
type UserPublicKeyAuthenticator ¶
type UserPublicKeyAuthenticator interface {
AuthenticateUser(ctx session.ConnMetadata, key gossh.PublicKey) (User, bool, error)
}
UserPublicKeyAuthenticator is the interface authentication providers should implement to be used in ssh.authentication.flows.public_key
Source Files
Directories