ssh

package

v0.0.0-...-109c5d9 Latest Latest Go to latest Published: Mar 13, 2021 License: Apache-2.0 Imports: 21 Imported by: 1

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/costinm/wpgate

Documentation ¶

Index ¶

Constants
func LoadPrivateOpenSSH(file string) (interface{}, error)
func MaintainVPNConnection(gw *mesh.Gateway)
type SSHConn
type SSHGate
- func NewSSHGate(gw *mesh.Gateway, certs *auth.Auth) *SSHGate
type SSHServerConn

Constants ¶

View Source

const H2_MESH_PORT = 5228

View Source

const ROLE_GUEST = "guest"

View Source

const SSH_MESH_PORT = 5222

View Source

const SSH_MSG = true

Variables ¶

This section is empty.

Functions ¶

func LoadPrivateOpenSSH ¶

func LoadPrivateOpenSSH(file string) (interface{}, error)

Can parse existing openssh RSA and ed25519 private keys, from ~/.ssh

- RSA PRIVATE KEY block - OPENSSH PRIVATE KEY block, can only parse rsa or ed - PRIVATE KEY - x509 PKCS8 - EC PRIVATE KEY - (DSA)

func MaintainVPNConnection ¶

func MaintainVPNConnection(gw *mesh.Gateway)

Maintain the keep-alive connection to the VPN master server receive messages from the remote, send messages to the remote and handle forwarding TODO: attempt to create a circuit using Up connections.

Types ¶

type SSHConn ¶

type SSHConn struct {

	// Remote address (IP:port or host:port) of the directly
	// connected peer.
	Addr string

	Connect             time.Time
	SubscriptionsToSend []string

	VIP6 net.IP

	Node *ugate.DMNode
	// contains filtered or unexported fields
}

Base connection - use SSHClientConn or SSHServerConn

func (*SSHConn) AcceptDialLegacy ¶

func (sshC *SSHConn) AcceptDialLegacy() error

func (*SSHConn) Close ¶

func (sshC *SSHConn) Close() error

func (*SSHConn) DialProxy ¶

func (sshC *SSHConn) DialProxy(tp *ugate.Stream) error

DialProxy will use a SSH client connection MUX to reach a remote server. Part of MuxedConn interface used to connect to a destination over this connection. On success, tp.Server[In|Out] will be set with a connection to

tp.Dest:tp.DestPort

Uses the equivalent of "-L".

func (*SSHConn) RemoteAccept ¶

func (sshC *SSHConn) RemoteAccept(remoteListenAddr string, dest string) error

Use the connection to a remote SSHClientConn server to listen to a port. Accepted connections will be handled using the handler.

vpn is the address of the vpn server dest is the address to forward incoming listener connections, passed as parameter to handler handler is a function capable of 2-way forwarding.

func (*SSHConn) RemoteVIP ¶

func (sc *SSHConn) RemoteVIP() net.IP

func (*SSHConn) SendMessageToRemote ¶

func (sc *SSHConn) SendMessageToRemote(ev *msgs.Message) error

func (*SSHConn) Wait ¶

func (sshC *SSHConn) Wait() error

AcceptDial create a virtual listener (magic port 5222) on the server. The server will be able to initiate connections in reverse to this client. TODO: make it work with standard ssh servers - for example get a dynamic port, and bounce it as an incoming ssh connection.

type SSHGate ¶

type SSHGate struct {

	// Active outbound SSHClientConn tunnels. May be direct to a neighbor/reachable IP, or tunneled in sshUp.
	// Key is the host:Port or IP:port used in Dial
	// Clients typically open at least port -R :5222, so it is possible
	// to initiate 'push' connections.
	SshClients map[string]*SSHConn

	// Accepted connections. If the server is running as VPN server, connections from all clients.
	// If this node is an AP or mesh node, connections from immediate neighbors.
	// Key is the VIP
	SshConn map[uint64]*SSHServerConn

	ConnectTimeout time.Duration
	// contains filtered or unexported fields
}

Main SSH gateway interface. Each node can have multiple client and server connections. Primary port is 5222, but connections may be received over tunnels. A SSH gateway has one key pair and set of configs.

func NewSSHGate ¶

func NewSSHGate(gw *mesh.Gateway, certs *auth.Auth) *SSHGate

Initialize the SSH gateway.

func (*SSHGate) ConnectStream ¶

func (sshGate *SSHGate) ConnectStream(node *ugate.DMNode,
	addr string,
	conn net.Conn) (func() error, error)

ConnectStream creates a MuxedConn over an established conn addr may be empty.

If node has a VIP or public key it will be checked. The resulting MuxedConn will be set a node.TunClient

func (*SSHGate) DialCon ¶

func (sshGate *SSHGate) DialCon(conn net.Conn, addr string,
	pub []byte) (ugate.MuxedConn, error)

func (*SSHGate) DialMUX ¶

func (sshGate *SSHGate) DialMUX(addr string,
	pub []byte, subs []string) (ugate.MuxedConn, error)

func (*SSHGate) DirectConnect ¶

func (sshGate *SSHGate) DirectConnect(node *ugate.DMNode) (chan error, error)

func (*SSHGate) HandleServerConn ¶

func (sshGate *SSHGate) HandleServerConn(nConn net.Conn)

Handles a connection as SSH server, using a net.Conn - which might be tunneled over other transports. SSH handles multiplexing and packets.

func (*SSHGate) InitServer ¶

func (sshGate *SSHGate) InitServer() error

func (*SSHGate) ListenSSH ¶

func (sshGate *SSHGate) ListenSSH(address string) error

Start listening. Typically address is :0, and the default port is 5222 A single server is usually sufficient for a node.

type SSHServerConn ¶

type SSHServerConn struct {
	SSHConn
}

Server connection from one SSHClientConn client - inbound

func (*SSHServerConn) AcceptForward ¶

func (sshS *SSHServerConn) AcceptForward(in io.ReadCloser, out io.Writer,
	ip net.IP, port int, hostKey string, portKey uint32)

For -R, when a remote conn is received on a TCP accept. Will open a 'forwarded-tcpip' channel from server to client, associated with the previous -R. Called from acceptor, for an explicit listen port.

func (*SSHServerConn) Close ¶

func (sshS *SSHServerConn) Close() error

func (*SSHServerConn) DialForwarded ¶

func (sshS *SSHServerConn) DialForwarded(ctx context.Context,
	remote net.Addr,
	hostKey string, portKey uint32) (net.Conn, error)

func (*SSHServerConn) DialProxy ¶

func (sshS *SSHServerConn) DialProxy(tp *ugate.Stream) error

DialProxy uses an existing server connection (this node accepted the request) to create a virtual tunnel where this node is the client.

For SSH it relies on "forwarded-tcpip", which is typically used for -R/accept channels, with a custom header at the beginning (TODO: use CONNECT, and make it consistent for all channels)

This only works if the clients are compatible with this extension

func (*SSHServerConn) DialProxyLegacy ¶

func (sshS *SSHServerConn) DialProxyLegacy(tp *ugate.Stream) error

Attemtping to use std forward - it requires the other side to understand the header. This may work if remote is doing a -R 0:localSocks or localConnect.

For now legacy is not a priority.

func (*SSHServerConn) RemoteAccept ¶

func (sshS *SSHServerConn) RemoteAccept(r, f string) error

func (*SSHServerConn) RemoteVIP ¶

func (sshS *SSHServerConn) RemoteVIP() net.IP

func (*SSHServerConn) Wait ¶

func (sshS *SSHServerConn) Wait() error

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL