README
¶
ContainerSSH Security Library
This library provides a security overlay for the sshserver library.
Note: This is a developer documentation.
The user documentation for ContainerSSH is located at containerssh.io.
Using this library
This library is intended as a tie-in to an existing module and does not implement a full SSH backend. Instead, you can use the New() function to create a network connection handler with an appropriate backend:
security, err := security.New(
config,
backend
)
The backend should implement the sshserver.NetworkConnectionHandler interface from the sshserver library. For the details of the configuration structure please see config.go.
Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func New ¶
func New( config Config, backend sshserver.NetworkConnectionHandler, ) (sshserver.NetworkConnectionHandler, error)
New creates a new security backend proxy.
Types ¶
type CommandConfig ¶
type CommandConfig struct {
// Mode configures how to treat command execution (exec) requests by SSH clients.
Mode ExecutionPolicy `json:"mode" yaml:"mode" default:""`
// Allow takes effect when Mode is ExecutionPolicyFilter and only allows the specified commands to be
// executed. Note that the match an exact match is performed to avoid shell injections, etc.
Allow []string
}
CommandConfig controls command executions via SSH (exec requests).
func (CommandConfig) Validate ¶
func (c CommandConfig) Validate() error
Validate validates a shell configuration
type Config ¶
type Config struct {
// DefaultMode sets the default execution policy for all other commands. It is recommended to set this to "disable"
// if for restricted setups to avoid accidentally allowing new features coming in with version upgrades.
DefaultMode ExecutionPolicy `json:"defaultMode" yaml:"defaultMode"`
// ForceCommand behaves similar to the OpenSSH ForceCommand option. When set this command overrides any command
// requested by the client and executes this command instead. The original command supplied by the client will be
// set in the `SSH_ORIGINAL_COMMAND` environment variable.
//
// Setting ForceCommand changes subsystem requests into exec requests for the backends.
ForceCommand string `json:"forceCommand" yaml:"forceCommand"`
// Env controls whether to allow or block setting environment variables.
Env EnvConfig `json:"env" yaml:"env"`
// Command controls whether to allow or block command ("exec") requests via SSh.
Command CommandConfig `json:"command" yaml:"command"`
// Shell controls whether to allow or block shell requests via SSh.
Shell ShellConfig `json:"shell" yaml:"shell"`
// Subsystem controls whether to allow or block subsystem requests via SSH.
Subsystem SubsystemConfig `json:"subsystem" yaml:"subsystem"`
// TTY controls how to treat TTY/PTY requests by clients.
TTY TTYConfig `json:"tty" yaml:"tty"`
// Signal configures how to handle signal requests to running programs.
Signal SignalConfig `json:"signal" yaml:"signal"`
// MaxSessions drives how many session channels can be open at the same time for a single network connection.
// -1 means unlimited. It is strongly recommended to configure this to a sane value, e.g. 10.
MaxSessions int `json:"maxSessions" yaml:"maxSessions" default:"-1"`
}
Config is the configuration structure for security settings.
type EnvConfig ¶
type EnvConfig struct {
// Mode configures how to treat environment variable requests by SSH clients.
Mode ExecutionPolicy `json:"mode" yaml:"mode" default:""`
// Allow takes effect when Mode is ExecutionPolicyFilter and only allows the specified environment variables to be
// set.
Allow []string
// Allow takes effect when Mode is not ExecutionPolicyDisable and disallows the specified environment variables to
// be set.
Deny []string
}
EnvConfig configures setting environment variables.
type ErrTooManySessions ¶
type ErrTooManySessions struct {
}
ErrTooManySessions indicates that too many sessions were opened in the same connection.
func (*ErrTooManySessions) Error ¶
func (e *ErrTooManySessions) Error() string
Error contains the error for the logs.
func (*ErrTooManySessions) Message ¶
func (e *ErrTooManySessions) Message() string
Message contains a message intended for the user.
func (*ErrTooManySessions) Reason ¶
func (e *ErrTooManySessions) Reason() ssh.RejectionReason
Reason contains the rejection code.
type ExecutionPolicy ¶
type ExecutionPolicy string
ExecutionPolicy drives how to treat a certain request.
const ( // ExecutionPolicyUnconfigured falls back to the default mode. If unconfigured on a global level the default is to // "allow". ExecutionPolicyUnconfigured ExecutionPolicy = "" // ExecutionPolicyEnable allows the execution of the specified method unless the specified option matches the // "deny" list. ExecutionPolicyEnable ExecutionPolicy = "enable" // ExecutionPolicyFilter filters the execution against a specified allow list. If the allow list is empty or not // supported this ootion behaves like "disable". ExecutionPolicyFilter ExecutionPolicy = "filter" // ExecutionPolicyDisable disables the specified method and does not take the allow or deny lists into account. ExecutionPolicyDisable ExecutionPolicy = "disable" )
func (ExecutionPolicy) Validate ¶
func (e ExecutionPolicy) Validate() error
Validate validates the execution policy.
type ShellConfig ¶
type ShellConfig struct {
// Mode configures how to treat shell requests by SSH clients.
Mode ExecutionPolicy `json:"mode" yaml:"mode" default:""`
}
ShellConfig controls shell executions via SSH.
func (ShellConfig) Validate ¶
func (s ShellConfig) Validate() error
Validate validates a shell configuration
type SignalConfig ¶
type SignalConfig struct {
// Mode configures how to treat signal requests to running programs
Mode ExecutionPolicy `json:"mode" yaml:"mode" default:""`
// Allow takes effect when Mode is ExecutionPolicyFilter and only allows the specified signals to be forwarded.
Allow []string
// Allow takes effect when Mode is not ExecutionPolicyDisable and disallows the specified signals to be forwarded.
Deny []string
}
SignalConfig configures how signal forwarding requests are treated.
func (SignalConfig) Validate ¶
func (s SignalConfig) Validate() error
Validate validates the signal configuration
type SubsystemConfig ¶
type SubsystemConfig struct {
// Mode configures how to treat subsystem requests by SSH clients.
Mode ExecutionPolicy `json:"mode" yaml:"mode" default:""`
// Allow takes effect when Mode is ExecutionPolicyFilter and only allows the specified subsystems to be
// executed.
Allow []string
// Allow takes effect when Mode is not ExecutionPolicyDisable and disallows the specified subsystems to be executed.
Deny []string
}
SubsystemConfig controls shell executions via SSH.
func (SubsystemConfig) Validate ¶
func (s SubsystemConfig) Validate() error
Validate validates a subsystem configuration
type TTYConfig ¶
type TTYConfig struct {
// Mode configures how to treat TTY/PTY requests by SSH clients.
Mode ExecutionPolicy `json:"mode" yaml:"mode" default:""`
}
TTYConfig controls how to treat TTY/PTY requests by clients.
Source Files