ssh

package module

v0.0.0-...-b2c496c Latest Latest Go to latest Published: Oct 12, 2021 License: Apache-2.0 Imports: 28 Imported by: 1

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/costinm/cert-ssh

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
func DirectTCPIPHandler(ctx context.Context, srv *Server, conn *gossh.ServerConn, ...)
func GetCertHostSigner(sshCA string, privk1 *ecdsa.PrivateKey) (string, gossh.Signer, error)
func GetSSHSignclient(sshCA string) (sshca.SSHCertificateServiceClient, *grpc.ClientConn, error)
func InitFromSecret(sshCM map[string][]byte, ns string)
func KeysEqual(ak, bk gossh.PublicKey) bool
func StartSSHDWithCA(ns string, sshCA string) error
func StartSSHDWithKeys(ns string, sshCA string) error
type Client
type ForwardedTCPHandler
- func (h *ForwardedTCPHandler) HandleSSHRequest(ctx context.Context, srv *Server, req *gossh.Request, conn *gossh.ServerConn) (bool, []byte)
type Pty
type RemoteExec
type Server
- func NewSSHTransport(signer gossh.Signer, name, domain, root string) (*Server, error)
type Signal
type Window

Constants ¶

This section is empty.

Variables ¶

View Source

var (

	// ErrEOF is the error when the terminal exits
	ErrEOF = errors.New("EOF")
)

Functions ¶

func DirectTCPIPHandler ¶

func DirectTCPIPHandler(ctx context.Context, srv *Server, conn *gossh.ServerConn, newChan gossh.NewChannel)

DirectTCPIPHandler can be enabled by adding it to the server's ChannelHandlers under direct-tcpip.

func GetCertHostSigner ¶

func GetCertHostSigner(sshCA string, privk1 *ecdsa.PrivateKey) (string, gossh.Signer, error)

func GetSSHSignclient ¶

func GetSSHSignclient(sshCA string) (sshca.SSHCertificateServiceClient, *grpc.ClientConn, error)

func InitFromSecret ¶

func InitFromSecret(sshCM map[string][]byte, ns string)

InitFromSecret is a helper method to init the sshd using a secret or CA address

func KeysEqual ¶

func KeysEqual(ak, bk gossh.PublicKey) bool

KeysEqual is constant time compare of the keys to avoid timing attacks.

func StartSSHDWithCA ¶

func StartSSHDWithCA(ns string, sshCA string) error

StartSSHDWithCA starts an in-process SSHD using the SSH CA. Fallback to self-signed keys if the CA is not available.

func StartSSHDWithKeys ¶

func StartSSHDWithKeys(ns string, sshCA string) error

Types ¶

type Client ¶

type Client struct {
	SSHCa     string
	SSHD      string
	Namespace string
	User      string

	Signer         ssh.Signer
	RemoteKey      ssh.PublicKey
	RemoteHostname string
	RemoteAddr     net.Addr

	CAKey       ssh.PublicKey
	CertChecker *ssh.CertChecker
	// contains filtered or unexported fields
}

Client is a SSH client, using Istio-like certificates. By default will get a client cert, using the Istio identity, and connect to the specified SSHD.

Will also forward the HBONE ports.

func (*Client) Exec ¶

func (c *Client) Exec(cmd string, env map[string]string) (*RemoteExec, error)

func (*Client) InitSigner ¶

func (c *Client) InitSigner(sshCA string) error

func (*Client) Start ¶

func (c *Client) Start() error

type ForwardedTCPHandler ¶

type ForwardedTCPHandler struct {
	sync.Mutex
	// contains filtered or unexported fields
}

ForwardedTCPHandler can be enabled by creating a ForwardedTCPHandler and adding the HandleSSHRequest callback to the server's RequestHandlers under tcpip-forward and cancel-tcpip-forward.

func (*ForwardedTCPHandler) HandleSSHRequest ¶

func (h *ForwardedTCPHandler) HandleSSHRequest(ctx context.Context, srv *Server, req *gossh.Request, conn *gossh.ServerConn) (bool, []byte)

type Pty ¶

type Pty struct {
	Term   string
	Window Window
}

Pty represents a PTY request and configuration.

type RemoteExec ¶

type RemoteExec struct {
	ssh.Channel
	// contains filtered or unexported fields
}

type Server ¶

type Server struct {
	Port           int
	Shell          string
	AuthorizedKeys []gossh.PublicKey

	CertChecker *gossh.CertChecker
	Address     string
	Listener    net.Listener
	// contains filtered or unexported fields
}

func NewSSHTransport ¶

func NewSSHTransport(signer gossh.Signer, name, domain, root string) (*Server, error)

func (*Server) AddAuthorized ¶

func (s *Server) AddAuthorized(extra string)

func (*Server) AddAuthorizedFile ¶

func (s *Server) AddAuthorizedFile(auth []byte)

func (*Server) AddAuthorizedKeys ¶

func (srv *Server) AddAuthorizedKeys(keys []gossh.PublicKey)

func (*Server) HandleServerConn ¶

func (sshGate *Server) HandleServerConn(nConn net.Conn)

Handles a connection as SSH server, using a net.Conn - which might be tunneled over other transports. SSH handles multiplexing and packets.

func (*Server) Start ¶

func (t *Server) Start()

type Signal ¶

type Signal string

type Window ¶

type Window struct {
	Width  int
	Height int
}

Window represents the size of a PTY window.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
sshc
sshd

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL