Documentation ¶
Index ¶
- Constants
- func ReadSSHAuthorizedKeys(authorizedKeysDir string) (map[string]map[string]bool, error)
- func ReadSSHPrivateKey(path string) (ssh.Signer, error)
- type Client
- type ClientConfig
- type Server
- type ServerConfig
- type Signer
- type SigningRequest
- type SigningRequestAlias
- type SigningResponse
- type WireSigningRequest
Constants ¶
View Source
const (
ClientDefaultSessionKeyBits = 2048
)
Variables ¶
This section is empty.
Functions ¶
func ReadSSHAuthorizedKeys ¶
ReadSSHAuthorizedKeys reads multiple authorized keys from given directory. Keys are stored in a map by username and public key.
Types ¶
type Client ¶
type Client struct {
// contains filtered or unexported fields
}
func NewClient ¶
func NewClient(c ClientConfig) *Client
type ClientConfig ¶
type ClientConfig struct {
BaseDir string
}
type Server ¶
type Server struct {
// contains filtered or unexported fields
}
func NewServer ¶
func NewServer(c ServerConfig) *Server
func (*Server) ListenAndServe ¶
type ServerConfig ¶
type Signer ¶
type Signer struct {
// contains filtered or unexported fields
}
func (*Signer) HandleRequest ¶
func (s *Signer) HandleRequest(req *SigningRequest) (*SigningResponse, error)
type SigningRequest ¶
type SigningRequest struct { IPAddress string `json:"ip_address,omitempty"` Username string `json:"username,omitempty"` // PublicKey in authorized keys format PublicKey ssh.PublicKey `json:"-"` // Signature verifies the integrity of the transmitted public key Signature *ssh.Signature `json:"signature,omitempty"` }
SigningRequest contains a user and a public key and is transmitted to bastion / server to get signed
func (*SigningRequest) MarshalJSON ¶
func (s *SigningRequest) MarshalJSON() ([]byte, error)
func (*SigningRequest) UnmarshalJSON ¶
func (s *SigningRequest) UnmarshalJSON(data []byte) error
type SigningRequestAlias ¶
type SigningRequestAlias SigningRequest
type SigningResponse ¶
type SigningResponse struct { //TODO add more metadata ValidUntil time.Time Certificate *ssh.Certificate Signature *ssh.Signature }
func NewFromGrpcResponse ¶
func NewFromGrpcResponse() (*SigningResponse, error)
func (*SigningResponse) Bytes ¶
func (s *SigningResponse) Bytes() []byte
type WireSigningRequest ¶
type WireSigningRequest struct { SigningRequestAlias PublicKey []byte `json:"public_key,omitempty"` }
func NewWireSigningRequest ¶
func NewWireSigningRequest(req *SigningRequest) *WireSigningRequest
func (*WireSigningRequest) SigningRequest ¶
func (w *WireSigningRequest) SigningRequest() (*SigningRequest, error)
Click to show internal directories.
Click to hide internal directories.