Documentation ¶
Overview ¶
Package feature provides several re-usable features for ssh servers.
Index ¶
- func AllowForwardFrom(logger logging.Logger, addresses []NetworkAddress) ssh.ReversePortForwardingCallback
- func AllowForwardTo(logger logging.Logger, addresses []NetworkAddress) ssh.LocalPortForwardingCallback
- func AllowPortForwarding(logger logging.Logger, server *ssh.Server, toAddresses []NetworkAddress, ...)
- func AuthorizeKeys(logger logging.Logger, ...) ssh.PublicKeyHandler
- func EnablePortForwarding(server *ssh.Server, localCallback ssh.LocalPortForwardingCallback, ...)
- func ReadOrMakeHostKey(logger logging.Logger, privateKeyPath string, algorithm HostKeyAlgorithm) (key gossh.Signer, err error)
- func UseOrMakeHostKey(logger logging.Logger, server *ssh.Server, privateKeyPath string, ...) error
- func UseOrMakeHostKeys(logger logging.Logger, server *ssh.Server, privateKeyPath string, ...) error
- type HostKey
- type HostKeyAlgorithm
- type NetworkAddress
- type NetworkAddressListVar
- type NetworkPort
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func AllowForwardFrom ¶
func AllowForwardFrom(logger logging.Logger, addresses []NetworkAddress) ssh.ReversePortForwardingCallback
AllowForwardFrom returns a ssh.ReversePortForwardingCallback that allows reading traffic to the provided addresses only.
logger is called whenever a request from a caller is allowed or denied.
func AllowForwardTo ¶
func AllowForwardTo(logger logging.Logger, addresses []NetworkAddress) ssh.LocalPortForwardingCallback
AllowForwardTo returns a ssh.LocalPortForwardingCallback that allows forwarding traffic to the provided addresses only.
logger is called whenever a request from a caller is allowed or denied.
func AllowPortForwarding ¶
func AllowPortForwarding(logger logging.Logger, server *ssh.Server, toAddresses []NetworkAddress, fromAddresses []NetworkAddress)
AllowPortForwarding enables port forwarding on the provided server only to and from the given addresses. This function also calls EnablePortForwarding, please see appropriate documentation
See also AllowForwardTo, AllowForwardFrom and EnablePortForwarding.
func AuthorizeKeys ¶
func AuthorizeKeys(logger logging.Logger, keyfinder func(ctx ssh.Context) (keys []ssh.PublicKey, err error)) ssh.PublicKeyHandler
AuthorizeKeys returns an ssh.PublicKeysHandler that calls keyfinder() and authorizes all keys returned by the handler.
logger is a logger that is called when the keyfinder returns an error. keyfinder is a function that is called for a provided context and should return a list of keys that are authorized.
This function protects against timing attacks by always checking all keys even though a quicker implementation could be possible. To further improve against timing attacks, keyfinder should always return the same number of keys (for any session).
func EnablePortForwarding ¶
func EnablePortForwarding(server *ssh.Server, localCallback ssh.LocalPortForwardingCallback, reverseCallback ssh.ReversePortForwardingCallback)
EnablePortForwarding enables portforwarding with the given callbacks on the ssh Server server. This includes tcpip forward requests as well as direct-tcpip channels.
This function overwrites any already configured LocalPortForwardingCallback and ReversePortForwardingCallback functions. It will furthermore remove the 'tcpip-forward' and 'cancel-tcpip-forward' request handlers along with the 'direct-tcpip' channel handler.
func ReadOrMakeHostKey ¶
func ReadOrMakeHostKey(logger logging.Logger, privateKeyPath string, algorithm HostKeyAlgorithm) (key gossh.Signer, err error)
ReadOrMakeHostKey attempts to load a host key from the given privateKeyPath. If the path does not exist, a new key is generated.
This function assumes that if there is a host key in privateKeyPath it uses the provided HostKeyAlgorithm. It makes no attempt at verifiying this; the key mail fail to load and return an error, or it may load incorrect data.
logger is called whenever a new host key algorithm is being generated.
func UseOrMakeHostKey ¶
func UseOrMakeHostKey(logger logging.Logger, server *ssh.Server, privateKeyPath string, algorithm HostKeyAlgorithm) error
UseOrMakeHostKey attempts to load a host key from the given privateKeyPath. If the path does not exist, a new host key is generated. It then adds this hostkey to the priovided server.
All parameters except the server are passed to ReadOrMakeHostKey. Please see the appropriate documentation for that function.
logger is called whenever a new host key algorithm is being generated.
func UseOrMakeHostKeys ¶
func UseOrMakeHostKeys(logger logging.Logger, server *ssh.Server, privateKeyPath string, algorithms []HostKeyAlgorithm) error
UseOrMakeHostKeys is like UseOrMakeHostKey except that it accepts multiple HostKeyAlgorithms. For each key algorithm, the privateKeyPath is appended with "_" + the name of the algorithm in question.
When algorithms is nil, picks a reasonable set of default algorithms.
Types ¶
type HostKey ¶
type HostKey interface { ssh.Signer // Algorithm is the Algorithm used by this HostKey implementation. Algorithm() HostKeyAlgorithm // Generate generates a new HostKey, discarding whatever was previsouly contained. // // keySize is the desired public key size in bits. When keySize is 0, a sensible default is used. // random is the source of randomness. If random is nil, crypto/rand.Reader will be used. Generate(keySize int, random io.Reader) error // MarshalPEM marshals the private key into a pem.Block to be used for exporting. // The format is not guaranteed to follow any kind of standard, only that it is readable with the corresponding UnmarshalPEM. MarshalPEM() (*pem.Block, error) // UnmarshalPEM unmarshals the private key from a pem.Block. // It is only compatible with whatever MarshalPEM() outputted. UnmarshalPEM(block *pem.Block) error }
HostKey represents an pair of ssh private key and algorithm. Once the hostkey is generated or loaded, it is safe for concurrent accesses.
func NewHostKey ¶
func NewHostKey(algorithm HostKeyAlgorithm) HostKey
NewHostKey returns a new empty HostKey for the provided HostKey Algorithm. An unsupported HostKeyAlgorithm will result in a call to panic().
type HostKeyAlgorithm ¶
type HostKeyAlgorithm string
HostKeyAlgorithm is an enumerated value that represents a specific algorithm used for host keys.
const ( // RSAAlgorithm represents the RSA Algorithm RSAAlgorithm HostKeyAlgorithm = "rsa" // ED25519Algorithm represents the ED25519 algorithm ED25519Algorithm HostKeyAlgorithm = "ed25519" )
type NetworkAddress ¶
type NetworkAddress struct { Hostname string Port NetworkPort }
NetworkAddress is a network address consisting of a hostname and a port
func MustParseNetworkAddress ¶
func MustParseNetworkAddress(s string) NetworkAddress
MustParseNetworkAddress is like ParseNetworkAddress except that it calls panic() instead of returning an error.
This function is intended to be used for test cases.
func ParseNetworkAddress ¶
func ParseNetworkAddress(s string) (p NetworkAddress, err error)
ParseNetworkAddress parses a network address of the form 'Hostname:Port'. See function net.Dial, in particular the hostport for allowed combinations.
When parsing fails a non-nil error is returned. Otherwise, error is nil.
func (NetworkAddress) String ¶
func (p NetworkAddress) String() string
String turns this NetworkAddress into a string of the form "host:port". This string is guaranteed to be parsable by ParseNetworkAddress() as well as "net".Dial and friends.
type NetworkAddressListVar ¶
type NetworkAddressListVar struct {
Addresses *[]NetworkAddress
}
NetworkAddressListVar represents a "flag".Value that contains a list of network addresses. It can be passed multiple times, and collects all NetworkAddress in an ordered list.
func (*NetworkAddressListVar) Set ¶
func (p *NetworkAddressListVar) Set(value string) (err error)
Set sets the value of this NetworkAddressListVar This function is intedned to be called by flag.Var()
func (*NetworkAddressListVar) String ¶
func (p *NetworkAddressListVar) String() string
String turns this NetworkAddressListVar into a comma-seperated list of network addresses.
type NetworkPort ¶
type NetworkPort uint16
NetworkPort represents the NetworkPort of a NetworkAddress