forward

package
v0.0.0-...-5c79d48 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 15, 2024 License: AGPL-3.0 Imports: 35 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Server 

type Server struct {

	// StreamEmitter points to the auth service and emits audit events
	events.StreamEmitter
	// contains filtered or unexported fields
}

Server is a forwarding server. Server is used to create a single in-memory SSH server that will forward connections to a remote server. It's used along with the recording proxy to allow Teleport to record sessions with OpenSSH nodes at the proxy level.

To create a forwarding server and serve a single SSH connection on it: 

serverConfig := forward.ServerConfig{
   ...
}
remoteServer, err := forward.New(serverConfig)
if err != nil {
	return nil, trace.Wrap(err)
}
go remoteServer.Serve()

conn, err := remoteServer.Dial()
if err != nil {
	return nil, trace.Wrap(err)
}

func New 

func New(c ServerConfig) (*Server, error)

New creates a new unstarted Server.

func (*Server) AdvertiseAddr 

func (s *Server) AdvertiseAddr() string

AdvertiseAddr is the address of the remote host this forwarding server is connected to.

func (*Server) Close 

func (s *Server) Close() error

Close will close all underlying connections that the forwarding server holds.

func (*Server) Component 

func (s *Server) Component() string

Component is the type of node this server is.

func (*Server) Context 

func (s *Server) Context() context.Context

Context returns parent context, used to signal that parent server has been closed

func (*Server) Dial 

func (s *Server) Dial() (net.Conn, error)

Dial returns the client connection created by pipeAddrConn.

func (*Server) GetAccessPoint 

func (s *Server) GetAccessPoint() srv.AccessPoint

GetAccessPoint returns a srv.AccessPoint for this cluster.

func (*Server) GetBPF 

func (s *Server) GetBPF() bpf.BPF

GetBPF returns the BPF service used by enhanced session recording. BPF for the forwarding server makes no sense (it has to run on the actual node), so return a NOP implementation.

func (*Server) GetClock 

func (s *Server) GetClock() clockwork.Clock

GetClock returns server clock implementation

func (*Server) GetCreateHostUser 

func (s *Server) GetCreateHostUser() bool

GetCreateHostUser determines whether users should be created on the host automatically

func (*Server) GetDataDir 

func (s *Server) GetDataDir() string

GetDataDir returns server local storage

func (*Server) GetHostSudoers 

func (s *Server) GetHostSudoers() srv.HostSudoers

GetHostSudoers returns the HostSudoers instance being used to manage sudoer file provisioning, unimplemented for the forwarder server.

func (*Server) GetHostUsers 

func (s *Server) GetHostUsers() srv.HostUsers

GetHostUsers returns the HostUsers instance being used to manage host user provisioning, unimplemented for the forwarder server.

func (*Server) GetInfo 

func (s *Server) GetInfo() types.Server

GetInfo returns a services.Server that represents this server.

func (*Server) GetLockWatcher 

func (s *Server) GetLockWatcher() *services.LockWatcher

GetLockWatcher gets the server's lock watcher.

func (*Server) GetNamespace 

func (s *Server) GetNamespace() string

GetNamespace returns the namespace the forwarding server resides in.

func (*Server) GetPAM 

func (s *Server) GetPAM() (*servicecfg.PAMConfig, error)

GetPAM returns the PAM configuration for a server. Because the forwarding server runs in-memory, it does not support PAM.

func (*Server) GetUserAccountingPaths 

func (s *Server) GetUserAccountingPaths() (string, string, string)

GetUserAccountingPaths returns the optional override of the utmp, wtmp, and btmp path. These values are never set for the forwarding server because utmp, wtmp, and btmp are updated by the target server and not the forwarding server.

func (*Server) HostUUID 

func (s *Server) HostUUID() string

HostUUID is the UUID of the underlying proxy that the forwarding server is running in.

func (*Server) ID 

func (s *Server) ID() string

ID returns the ID of the proxy that creates the in-memory forwarding server.

func (*Server) PermitUserEnvironment 

func (s *Server) PermitUserEnvironment() bool

PermitUserEnvironment is always false because it's up the the remote host to decide if the user environment will be read or not.

func (*Server) Serve 

func (s *Server) Serve()

func (*Server) TargetMetadata 

func (s *Server) TargetMetadata() apievents.ServerMetadata

TargetMetadata returns metadata about the forwarding target.

func (*Server) UseTunnel 

func (s *Server) UseTunnel() bool

UseTunnel used to determine if this node has connected to this cluster using reverse tunnel.

type ServerConfig 

type ServerConfig struct {
	// LocalAuthClient is a client that provides access to this local cluster.
	// This is used for actions that should always happen on the local cluster
	// and not remote clusters, such as session recording.
	LocalAuthClient auth.ClientI
	// TargetClusterAccessPoint is a client that provides access to the cluster
	// of the server being connected to, whether it is the local cluster or a
	// remote cluster.
	TargetClusterAccessPoint srv.AccessPoint
	UserAgent                teleagent.Agent
	TargetConn               net.Conn
	SrcAddr                  net.Addr
	DstAddr                  net.Addr
	HostCertificate          ssh.Signer

	// AgentlessSigner is used for client authentication when no SSH
	// user agent is provided, ie when connecting to agentless nodes.
	AgentlessSigner ssh.Signer

	// UseTunnel indicates of this server is connected over a reverse tunnel.
	UseTunnel bool

	// Address is the name of the host certificate.
	Address string

	// Ciphers is a list of ciphers that the server supports. If omitted,
	// the defaults will be used.
	Ciphers []string

	// KEXAlgorithms is a list of key exchange (KEX) algorithms that the
	// server supports. If omitted, the defaults will be used.
	KEXAlgorithms []string

	// MACAlgorithms is a list of message authentication codes (MAC) that
	// the server supports. If omitted the defaults will be used.
	MACAlgorithms []string

	// DataDir is a local data directory used for local server storage
	DataDir string

	// Clock is an optoinal clock to override default real time clock
	Clock clockwork.Clock

	// FIPS mode means Teleport started in a FedRAMP/FIPS 140-2 compliant
	// configuration.
	FIPS bool

	// HostUUID is the UUID of the underlying proxy that the forwarding server
	// is running in.
	HostUUID string

	// Emitter is audit events emitter
	Emitter events.StreamEmitter

	// ParentContext is a parent context, used to signal global
	// closure
	ParentContext context.Context

	// LockWatcher is a lock watcher.
	LockWatcher *services.LockWatcher

	// TracerProvider is used to create tracers capable
	// of starting spans.
	TracerProvider oteltrace.TracerProvider

	TargetID, TargetAddr, TargetHostname string

	// TargetServer is the host that the connection is being established for.
	// It **MUST** only be populated when the target is a teleport ssh server
	// or an agentless server.
	TargetServer types.Server

	// IsAgentlessNode indicates whether the targetServer is a Node with an OpenSSH server (no teleport agent).
	// This includes Nodes whose sub kind is OpenSSH and OpenSSHEphemeralKey.
	IsAgentlessNode bool
}

ServerConfig is the configuration needed to create an instance of a Server.

func (*ServerConfig) CheckDefaults 

func (s *ServerConfig) CheckDefaults() error

CheckDefaults makes sure all required parameters are passed in.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.