security

package module
v0.9.7 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 8, 2021 License: MIT Imports: 5 Imported by: 4

README

ContainerSSH - Launch Containers on Demand

ContainerSSH Security Library

Go Report Card LGTM Alerts

This library provides a security overlay for the sshserver library.

⚠⚠⚠ Warning: This is a developer documentation. ⚠⚠⚠
The user documentation for ContainerSSH is located at containerssh.io.

Using this library

This library is intended as a tie-in to an existing module and does not implement a full SSH backend. Instead, you can use the New() function to create a network connection handler with an appropriate backend:

security, err := security.New(
    config,
    backend
)

The backend should implement the sshserver.NetworkConnectionHandler interface from the sshserver library. For the details of the configuration structure please see config.go.

Documentation

Index

Constants

View Source 
const EEnvRejected = "SECURITY_ENV_REJECTED"

ContainerSSH rejected setting the environment variable because it does not pass the security settings.

View Source 
const EExecRejected = "SECURITY_EXEC_REJECTED"

A program execution request has been rejected because it doesn't conform to the security settings.

View Source 
const EFailedSetEnv = "SECURITY_EXEC_FAILED_SETENV"

Program execution failed in conjunction with the forceCommand option because ContainerSSH could not set the `SSH_ORIGINAL_COMMAND` environment variable on the backend.

View Source 
const EMaxSessions = "SECURITY_MAX_SESSIONS"

The client has reached the maximum number of configured sessions, the new session request is therefore rejected.

View Source 
const EShellRejected = "SECURITY_SHELL_REJECTED"

ContainerSSH rejected launching a shell due to the security settings.

View Source 
const ESignalRejected = "SECURITY_SIGNAL_REJECTED"

ContainerSSH rejected delivering a signal because it does not pass the security settings.

View Source 
const ESubsystemRejected = "SECURITY_SUBSYSTEM_REJECTED"

ContainerSSH rejected the subsystem because it does pass the security settings.

View Source 
const ETTYRejected = "SECURITY_TTY_REJECTED"

ContainerSSH rejected the pseudoterminal request because of the security settings.

View Source 
const MForcingCommand = "SECURITY_EXEC_FORCING_COMMAND"

ContainerSSH is replacing the command passed from the client (if any) to the specified command and is setting the `SSH_ORIGINAL_COMMAND` environment variable.

Variables

This section is empty.

Functions

func New 

func New(
	config Config,
	backend sshserver.NetworkConnectionHandler,
	logger log.Logger,
) (sshserver.NetworkConnectionHandler, error)

New creates a new security backend proxy.

Types

type CommandConfig 

type CommandConfig struct {
	// Mode configures how to treat command execution (exec) requests by SSH clients.
	Mode ExecutionPolicy `json:"mode" yaml:"mode" default:""`
	// Allow takes effect when Mode is ExecutionPolicyFilter and only allows the specified commands to be
	// executed. Note that the match an exact match is performed to avoid shell injections, etc.
	Allow []string
}

CommandConfig controls command executions via SSH (exec requests).

func (CommandConfig) Validate 

func (c CommandConfig) Validate() error

Validate validates a shell configuration

type Config 

type Config struct {
	// DefaultMode sets the default execution policy for all other commands. It is recommended to set this to "disable"
	// if for restricted setups to avoid accidentally allowing new features coming in with version upgrades.
	DefaultMode ExecutionPolicy `json:"defaultMode" yaml:"defaultMode"`

	// ForceCommand behaves similar to the OpenSSH ForceCommand option. When set this command overrides any command
	// requested by the client and executes this command instead. The original command supplied by the client will be
	// set in the `SSH_ORIGINAL_COMMAND` environment variable.
	//
	// Setting ForceCommand changes subsystem requests into exec requests for the backends.
	ForceCommand string `json:"forceCommand" yaml:"forceCommand"`

	// Env controls whether to allow or block setting environment variables.
	Env EnvConfig `json:"env" yaml:"env"`
	// Command controls whether to allow or block command ("exec") requests via SSh.
	Command CommandConfig `json:"command" yaml:"command"`
	// Shell controls whether to allow or block shell requests via SSh.
	Shell ShellConfig `json:"shell" yaml:"shell"`
	// Subsystem controls whether to allow or block subsystem requests via SSH.
	Subsystem SubsystemConfig `json:"subsystem" yaml:"subsystem"`

	// TTY controls how to treat TTY/PTY requests by clients.
	TTY TTYConfig `json:"tty" yaml:"tty"`

	// Signal configures how to handle signal requests to running programs.
	Signal SignalConfig `json:"signal" yaml:"signal"`

	// MaxSessions drives how many session channels can be open at the same time for a single network connection.
	// -1 means unlimited. It is strongly recommended to configure this to a sane value, e.g. 10.
	MaxSessions int `json:"maxSessions" yaml:"maxSessions" default:"-1"`
}

Config is the configuration structure for security settings.

func (Config) Validate 

func (c Config) Validate() error

Validate validates a shell configuration

type EnvConfig 

type EnvConfig struct {
	// Mode configures how to treat environment variable requests by SSH clients.
	Mode ExecutionPolicy `json:"mode" yaml:"mode" default:""`
	// Allow takes effect when Mode is ExecutionPolicyFilter and only allows the specified environment variables to be
	// set.
	Allow []string
	// Allow takes effect when Mode is not ExecutionPolicyDisable and disallows the specified environment variables to
	// be set.
	Deny []string
}

EnvConfig configures setting environment variables.

func (EnvConfig) Validate 

func (e EnvConfig) Validate() error

Validate validates a shell configuration

type ErrTooManySessions 

type ErrTooManySessions struct {
	// contains filtered or unexported fields
}

ErrTooManySessions indicates that too many sessions were opened in the same connection.

func (*ErrTooManySessions) Code added in v0.9.7 

func (e *ErrTooManySessions) Code() string

Code returns the error code.

func (*ErrTooManySessions) Error 

func (e *ErrTooManySessions) Error() string

Error contains the error for the logs.

func (*ErrTooManySessions) Explanation added in v0.9.7 

func (e *ErrTooManySessions) Explanation() string

Explanation is the message intended for the administrator.

func (*ErrTooManySessions) Label added in v0.9.7 

func (e *ErrTooManySessions) Label(name log.LabelName, value log.LabelValue) log.Message

Label adds a label to the message.

func (*ErrTooManySessions) Labels added in v0.9.7 

func (e *ErrTooManySessions) Labels() log.Labels

Labels returns the list of labels for this message.

func (*ErrTooManySessions) Message 

func (e *ErrTooManySessions) Message() string

Message contains a message intended for the user.

func (*ErrTooManySessions) Reason 

func (e *ErrTooManySessions) Reason() ssh.RejectionReason

Reason contains the rejection code.

func (*ErrTooManySessions) String added in v0.9.7 

func (e *ErrTooManySessions) String() string

String returns the string representation of this message.

func (*ErrTooManySessions) UserMessage added in v0.9.7 

func (e *ErrTooManySessions) UserMessage() string

UserMessage contains a message intended for the user.

type ExecutionPolicy 

type ExecutionPolicy string

ExecutionPolicy drives how to treat a certain request. 

const (
	// ExecutionPolicyUnconfigured falls back to the default mode. If unconfigured on a global level the default is to
	// "allow".
	ExecutionPolicyUnconfigured ExecutionPolicy = ""

	// ExecutionPolicyEnable allows the execution of the specified method unless the specified option matches the
	// "deny" list.
	ExecutionPolicyEnable ExecutionPolicy = "enable"

	// ExecutionPolicyFilter filters the execution against a specified allow list. If the allow list is empty or not
	// supported this ootion behaves like "disable".
	ExecutionPolicyFilter ExecutionPolicy = "filter"

	// ExecutionPolicyDisable disables the specified method and does not take the allow or deny lists into account.
	ExecutionPolicyDisable ExecutionPolicy = "disable"
)

func (ExecutionPolicy) Validate 

func (e ExecutionPolicy) Validate() error

Validate validates the execution policy.

type ShellConfig 

type ShellConfig struct {
	// Mode configures how to treat shell requests by SSH clients.
	Mode ExecutionPolicy `json:"mode" yaml:"mode" default:""`
}

ShellConfig controls shell executions via SSH.

func (ShellConfig) Validate 

func (s ShellConfig) Validate() error

Validate validates a shell configuration

type SignalConfig 

type SignalConfig struct {
	// Mode configures how to treat signal requests to running programs
	Mode ExecutionPolicy `json:"mode" yaml:"mode" default:""`
	// Allow takes effect when Mode is ExecutionPolicyFilter and only allows the specified signals to be forwarded.
	Allow []string
	// Allow takes effect when Mode is not ExecutionPolicyDisable and disallows the specified signals to be forwarded.
	Deny []string
}

SignalConfig configures how signal forwarding requests are treated.

func (SignalConfig) Validate 

func (s SignalConfig) Validate() error

Validate validates the signal configuration

type SubsystemConfig 

type SubsystemConfig struct {
	// Mode configures how to treat subsystem requests by SSH clients.
	Mode ExecutionPolicy `json:"mode" yaml:"mode" default:""`
	// Allow takes effect when Mode is ExecutionPolicyFilter and only allows the specified subsystems to be
	// executed.
	Allow []string
	// Allow takes effect when Mode is not ExecutionPolicyDisable and disallows the specified subsystems to be executed.
	Deny []string
}

SubsystemConfig controls shell executions via SSH.

func (SubsystemConfig) Validate 

func (s SubsystemConfig) Validate() error

Validate validates a subsystem configuration

type TTYConfig 

type TTYConfig struct {
	// Mode configures how to treat TTY/PTY requests by SSH clients.
	Mode ExecutionPolicy `json:"mode" yaml:"mode" default:""`
}

TTYConfig controls how to treat TTY/PTY requests by clients.

func (TTYConfig) Validate 

func (t TTYConfig) Validate() error

Validate validates the TTY configuration

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.