revssh

package module
v0.0.0-...-e3bf6e5 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 27, 2017 License: GPL-3.0 Imports: 22 Imported by: 0

README

Reverse SSH client / server

Documentation

Overview

Package revssh is the backend code for the reverseclient and server packages.

A reverseclient connects to a revssh server, registers itself as a reverse client, and acceps sshd connections on incoming reverse ssh channels.

Any ssh client can then connect to the revssh server, and request a JumpProxy with the hostname registered by a reverseclient, and connect through it.

Binaries are build from "cmd/server/" and "cmd/reverseclient/"

Index

Constants

View Source 
const RFC425342 string = "SSH-2.0-"

RFC425342 defines the RFC425342 Section 4.2 server version constant as "SSH-2.0-"

View Source 
const VERSION string = "revssh-0.1"

VERSION of this package

Variables

This section is empty.

Functions

This section is empty.

Types

type ClientSettingsHandler 

type ClientSettingsHandler interface {
	KeyManager
	Remote() string
	User() string
	Hostname() string
}

A ClientSettingsHandler abstracts client settings from the underlying mechanics of retrieving and setting them.

type FileClientSettings 

type FileClientSettings struct {
	KeyManager
	// contains filtered or unexported fields
}

FileClientSettings ...

func NewFileClientSettings 

func NewFileClientSettings() *FileClientSettings

NewFileClientSettings ...

func (*FileClientSettings) Hostname 

func (s *FileClientSettings) Hostname() string

func (*FileClientSettings) Listen 

func (s *FileClientSettings) Listen() string

func (*FileClientSettings) Remote 

func (s *FileClientSettings) Remote() string

func (*FileClientSettings) User 

func (s *FileClientSettings) User() string

type FileKeyManager 

type FileKeyManager struct {
	// contains filtered or unexported fields
}

FileKeyManager ...

func NewFileKeyManager 

func NewFileKeyManager(path string) *FileKeyManager

NewFileKeyManager ...

func (*FileKeyManager) GetAuthorizedKeys 

func (km *FileKeyManager) GetAuthorizedKeys() []ssh.PublicKey

GetAuthorizedKeys returns all public keys that are authorized to connect to this server.

func (*FileKeyManager) GetPrivateKeys 

func (km *FileKeyManager) GetPrivateKeys() []ssh.Signer

GetPrivateKeys returns a list of signers. If no private keys are available, one should be created.

func (*FileKeyManager) GetPublicKeys 

func (km *FileKeyManager) GetPublicKeys(username string) ([]ssh.PublicKey, error)

GetPublicKeys returns all publickeys for a specific username.

func (*FileKeyManager) IsKnownHost 

func (km *FileKeyManager) IsKnownHost(hostname string, remote net.Addr, key ssh.PublicKey) error

IsKnownHost , like a ssh.HostKeyCallback, must return nil if the host key is OK, or an error to reject it. If no entry is found, it will add it.

type FileServerSettings 

type FileServerSettings struct {
	KeyManager
	Listen string
}

FileServerSettings ...

func NewFileServerSettings 

func NewFileServerSettings() *FileServerSettings

NewFileServerSettings ...

type KeyManager 

type KeyManager interface {
	// GetPublicKeys returns all publickeys for a specific username.
	GetPublicKeys(username string) ([]ssh.PublicKey, error)
	// GetAuthorizedKeys returns all public keys that are authorized to connect to this server.
	GetAuthorizedKeys() []ssh.PublicKey
	// AddKnownHost registers a hostname to a specific public key.
	// AddKnownHost(hostname string, pubKey ssh.PublicKey) error
	// GetKnownHost returns the pub key that registered this hostname, if any.
	// GetKnownHost(hostname string) (ssh.PublicKey, error)
	// IsKnownHost , like a ssh.HostKeyCallback, must return nil if the host key is OK,
	// or an error to reject it. If no entry is found, it will add it.
	IsKnownHost(hostname string, remote net.Addr, key ssh.PublicKey) error
	// GetPrivateKeys returns a list of signers.
	// If no private keys are available, one should be created.
	GetPrivateKeys() []ssh.Signer
}

A KeyManager handles all public key related functionality.

type ReverseClient 

type ReverseClient struct {
	// Username used for this client connection.
	// Also defines what username will be accepted for incoming connections.
	// Username string
	// Remote server to connect to.
	// Remote string
	// Hostname to register yourself as.
	// Hostname string
	Settings ClientSettingsHandler
	// contains filtered or unexported fields
}

A ReverseClient represents an instance of a reverse client.

func NewReverseClient 

func NewReverseClient() *ReverseClient

NewReverseClient returns a ReverseClient instance, with some sane defaults.

func (*ReverseClient) Connect 

func (rc *ReverseClient) Connect() error

Connect to a server. Connections will be retried with a backoff mechanism. If the error is unrecoverable (no ssh keys set etc), this wil exit with an error.

func (*ReverseClient) Reverse 

func (rc *ReverseClient) Reverse(conn *ssh.Client) error

Reverse the connection, sending a reverse-client global request to the server to register ourselves as a reverse client. Listen to incoming `reverse` channel requests, and bind an sshd to this channel.

func (*ReverseClient) VersionString 

func (rc *ReverseClient) VersionString() string

VersionString returns a proper ssh server string as per RFC 4253 Section 4.2

type ReverseClientData 

type ReverseClientData struct {
	Version       string   // Implementation version.
	Hostname      string   // Hostname to register.
	Username      string   // Username to register the ssh keys under.
	PublicKeysHex []string // list of ssh Publickeys, in hex. (for marshalling purposes)
}

ReverseClientData contains the ssh reverse channel data, as per RFC 4254 Section 4

type ReverseClientHandler 

type ReverseClientHandler struct {
	SSHConn  ssh.Conn        // ssh connection from a reverseclient.
	Hostname string          // Hostname for this reverseclient.
	Username string          // Username this reverseclient will accept.
	KeyList  []ssh.PublicKey // list of ssh.PublicKeys for this reverseclient.

}

A ReverseClientHandler holds all the metadata of a reverse client connection. This is part of the ReverseClientList

type ReverseClientList 

type ReverseClientList struct {
	sync.RWMutex
	// contains filtered or unexported fields
}

A ReverseClientList maintains a list of active reverse clients, and provides lookup mechanisms.

func (*ReverseClientList) AddSession 

func (rcl *ReverseClientList) AddSession(sessionID []byte, key ssh.PublicKey) error

AddSession registers a session to a certain public key.

func (*ReverseClientList) GetPublicKeys 

func (rcl *ReverseClientList) GetPublicKeys(username string) ([]ssh.PublicKey, error)

GetPublicKeys returns a list of ssh.PublicKeys registered for a specific username by reverseclients.

func (*ReverseClientList) GetReverseClient 

func (rcl *ReverseClientList) GetReverseClient(hostname string, username string) (*ReverseClientHandler, error)

GetReverseClient returns a reverseclient from a hostname and username.

func (*ReverseClientList) GetSession 

func (rcl *ReverseClientList) GetSession(sessionID []byte) ssh.PublicKey

GetSession returns the ssh.PublicKey used by a session.

func (*ReverseClientList) NewReverseClient 

func (rcl *ReverseClientList) NewReverseClient(sshConn *ssh.ServerConn, data *ReverseClientData) error

NewReverseClient registers a new reverse client to the list, and logs which pubkey was used to do so. If a previous entry for this hostname exists with the same pubkey, it is overwritten. If a previous entry for this hostname exists with another pubkey, the registration is rejected.

func (*ReverseClientList) RemoveReverseClient 

func (rcl *ReverseClientList) RemoveReverseClient(sessionID []byte) error

RemoveReverseClient removes a reverseclient from the list.

func (*ReverseClientList) RemoveSession 

func (rcl *ReverseClientList) RemoveSession(sessionID []byte) error

RemoveSession removes a session from the lookup table.

type SSHChannelConn 

type SSHChannelConn struct {
	ssh.Channel
}

SSHChannelConn wraps an ssh.Channel to make it compatible with a net.Conn interface.

func NewSSHChannelConn 

func NewSSHChannelConn(schan ssh.Channel) *SSHChannelConn

NewSSHChannelConn returns a new SSHChannelConn instanced from an ssh.Channel.

func (*SSHChannelConn) LocalAddr 

func (cc *SSHChannelConn) LocalAddr() net.Addr

LocalAddr always returns 'reverse-channel', as this is an ssh.Channel wrapper.

func (*SSHChannelConn) RemoteAddr 

func (cc *SSHChannelConn) RemoteAddr() net.Addr

RemoteAddr always returns 'reverse-channel', as this is an ssh.Channel wrapper.

func (*SSHChannelConn) SetDeadline 

func (cc *SSHChannelConn) SetDeadline(t time.Time) error

SetDeadline does nothing, as this is an ssh.Channel wrapper.

func (*SSHChannelConn) SetReadDeadline 

func (cc *SSHChannelConn) SetReadDeadline(t time.Time) error

SetReadDeadline wrapper, as this is an ssh.Channel wrapper.

func (*SSHChannelConn) SetWriteDeadline 

func (cc *SSHChannelConn) SetWriteDeadline(t time.Time) error

SetWriteDeadline wrappes, as this is an ssh.Channel wrapper.

type Server 

type Server struct {
	ReverseClientList
	Addr         string // listen address
	MaxAuthTries int    // maximum auth retries a client can do. See ssh.ServerConfig MaxAuthTries.
	AllowReverse bool   // does this server register reverseclients?
	Settings     ServerSettingsHandler
	// contains filtered or unexported fields
}

A Server represents an instance of an ssh server.

func NewServer 

func NewServer() *Server

NewServer returns a new ssh Server instance.

func (*Server) ServeChan 

func (srv *Server) ServeChan(chans <-chan ssh.NewChannel) error

ServeChan accepts incoming connections on an ssh channel, and serves an ssh server on them.

func (*Server) ServeTCP 

func (srv *Server) ServeTCP() error

ServeTCP opens a TCP socket and starts an sshd server on it.

func (*Server) ServerVersionString 

func (srv *Server) ServerVersionString() string

ServerVersionString returns a proper ssh server string as per RFC 4253 Section 4.2

type ServerSettingsHandler 

type ServerSettingsHandler interface {
	KeyManager
}

A ServerSettingsHandler takes care of abstracting settings and config data.

Source Files

View all Source files

Directories

Path Synopsis
cmd
reverseclient
reverseclient binary
 reverseclient binary
server
Package revutil supplies various utilities needed by revssh.
 Package revutil supplies various utilities needed by revssh.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.