serveonssh

package module

v0.0.0-...-8f457c0 Latest Latest Go to latest Published: Nov 2, 2021 License: MIT Imports: 4 Imported by: 3

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/johnsiilver/serveonssh

Links

Open Source Insights

README ¶

Serve On SSH

Open SSH Logo

Introduction

There is often a need to offer services for administrative purposes on servers or even for microservices that are running on a device. And while there are many way to secure them, one of the most convenient ways is to do it behind SSH.

This package provides a Proxy type and a Dialer that can be used with HTTP/gRPC/... packages to serve connections behind SSH. In addition, we use Unix sockets for serving traffic, so there are no exposed ports on the server side.

This has several advantages for real world admin traffic:

SSH is much easier to setup than standard AAA for web services
SSH is probably already running
You can easily block SSH to servers from the public without complex filters

So for your admin traffic, block SSH externally and now only your VPN clients and internal service can reach any administrative endpoints. These endpoints are now secured using the same technology trusted for your logins. SSH is already logging and can be scraped for bad actors.

Examples

We offer two examples of this running:

example/
	http/
	grpc/

Inside these directories are README.md that will explain how you can run the demo and see the code behind each.

As always

Have fun!

Documentation ¶

Overview ¶

Package serveonssh provides a type that allows communicating with services on an SSH endpoint that are listening on a domain socket.

Index ¶

type Dialer
type Proxy
- func New(sshEndpoint, remoteSocket string, config *ssh.ClientConfig) (Proxy, error)
- func (p Proxy) Close() error
- func (p Proxy) Dialer() Dialer

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Dialer ¶

type Dialer func() (net.Conn, error)

Dialer returns a connection to a unix socket on a remote machine.

type Proxy ¶

type Proxy struct {
	// contains filtered or unexported fields
}

Proxy handles forwarding traffic sent on a domain socket over SSH to a remote domain socket.

func New ¶

func New(sshEndpoint, remoteSocket string, config *ssh.ClientConfig) (Proxy, error)

New creates a new Proxy and Dialer. sshEnpoint is the host:port of the remote machine. remoteSocket is the path to the Unix socket that the service will be listening to. config is the SSH config needed to dial. Proxy is doing the forwarding of our traffic to the remote side. Dialer dials the remote side over SSH.

func (Proxy) Close ¶

func (p Proxy) Close() error

Close closes the underlying SSH client.

func (Proxy) Dialer ¶

func (p Proxy) Dialer() Dialer

Dialer returns the Dialer that opens a connection to the remote Unix socket.

Source Files ¶

View all Source files

serveonssh.go

Directories ¶

Path	Synopsis
examples
grpc/app
grpc/proto
grpc/service
http/app
http/service

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL