regular

package
v0.0.0-...-5c79d48 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 15, 2024 License: AGPL-3.0 Imports: 53 Imported by: 0

Documentation

Overview

Package regular implements SSH server that supports multiplexing tunneling, SSH connections proxying and only supports Key based auth

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type CertAuthorityGetter

type CertAuthorityGetter = func(ctx context.Context, id types.CertAuthID, loadKeys bool) (types.CertAuthority, error)

CertAuthorityGetter allows to get cluster's host CA for verification of signed PROXY headers. We define our own version to avoid circular dependencies in multiplexer package (it can't depend on 'services'), where this function is used.

type PROXYHeaderSigner

type PROXYHeaderSigner interface {
	SignPROXYHeader(source, destination net.Addr) ([]byte, error)
}

PROXYHeaderSigner allows to sign PROXY headers for securely propagating original client IP information

type Server

type Server struct {
	sync.Mutex

	*logrus.Entry

	// StreamEmitter points to the auth service and emits audit events
	events.StreamEmitter
	// contains filtered or unexported fields
}

Server implements SSH server that uses configuration backend and certificate-based authentication

func New

func New(
	ctx context.Context,
	addr utils.NetAddr,
	hostname string,
	signers []ssh.Signer,
	authService srv.AccessPoint,
	dataDir string,
	advertiseAddr string,
	proxyPublicAddr utils.NetAddr,
	auth auth.ClientI,
	options ...ServerOption,
) (*Server, error)

New returns an unstarted server

func (*Server) ActiveConnections

func (s *Server) ActiveConnections() int32

ActiveConnections returns the number of connections that are being served.

func (*Server) Addr

func (s *Server) Addr() string

Addr returns server address

func (*Server) AdvertiseAddr

func (s *Server) AdvertiseAddr() string

AdvertiseAddr returns an address this server should be publicly accessible as, in "ip:host" form

func (*Server) Close

func (s *Server) Close() error

Close closes listening socket and stops accepting connections

func (*Server) Component

func (s *Server) Component() string

func (*Server) Context

func (s *Server) Context() context.Context

Context returns server shutdown context

func (*Server) GetAccessPoint

func (s *Server) GetAccessPoint() srv.AccessPoint

func (*Server) GetBPF

func (s *Server) GetBPF() bpf.BPF

GetBPF returns the BPF service used by enhanced session recording.

func (*Server) GetClock

func (s *Server) GetClock() clockwork.Clock

GetClock returns server clock implementation

func (*Server) GetCreateHostUser

func (s *Server) GetCreateHostUser() bool

GetCreateHostUser determines whether users should be created on the host automatically

func (*Server) GetDataDir

func (s *Server) GetDataDir() string

GetDataDir returns server data dir

func (*Server) GetHostSudoers

func (s *Server) GetHostSudoers() srv.HostSudoers

GetHostSudoers returns the HostSudoers instance being used to manage sudoers file provisioning

func (*Server) GetHostUsers

func (s *Server) GetHostUsers() srv.HostUsers

GetHostUsers returns the HostUsers instance being used to manage host user provisioning

func (*Server) GetInfo

func (s *Server) GetInfo() types.Server

GetInfo returns a services.Server that represents this server.

func (*Server) GetLockWatcher

func (s *Server) GetLockWatcher() *services.LockWatcher

GetLockWatcher gets the server's lock watcher.

func (*Server) GetNamespace

func (s *Server) GetNamespace() string

func (*Server) GetPAM

func (s *Server) GetPAM() (*servicecfg.PAMConfig, error)

GetPAM returns the PAM configuration for this server.

func (*Server) GetUserAccountingPaths

func (s *Server) GetUserAccountingPaths() (string, string, string)

GetUserAccountingPaths returns the optional override of the utmp, wtmp, and btmp paths.

func (*Server) HandleConnection

func (s *Server) HandleConnection(conn net.Conn)

HandleConnection is called after a connection has been accepted and starts to perform the SSH handshake immediately.

func (*Server) HandleNewChan

func (s *Server) HandleNewChan(ctx context.Context, ccx *sshutils.ConnectionContext, nch ssh.NewChannel)

HandleNewChan is called when new channel is opened

func (*Server) HandleNewConn

func (s *Server) HandleNewConn(ctx context.Context, ccx *sshutils.ConnectionContext) (context.Context, error)

HandleNewConn is called by sshutils.Server once for each new incoming connection, prior to handling any channels or requests. Currently this callback's only function is to apply session control restrictions.

func (*Server) HandleRequest

func (s *Server) HandleRequest(ctx context.Context, r *ssh.Request)

HandleRequest processes global out-of-band requests. Global out-of-band requests are processed in order (this way the originator knows which request we are responding to). If Teleport does not support the request type or an error occurs while processing that request Teleport will reply req.Reply(false, nil).

For more details: https://tools.ietf.org/html/rfc4254.html#page-4

func (*Server) HostUUID

func (s *Server) HostUUID() string

HostUUID is the ID of the server. This value is the same as ID, it is different from the forwarding server.

func (*Server) ID

func (s *Server) ID() string

ID returns server ID

func (*Server) PermitUserEnvironment

func (s *Server) PermitUserEnvironment() bool

PermitUserEnvironment returns if ~/.tsh/environment will be read before a session is created by this server.

func (*Server) Serve

func (s *Server) Serve(l net.Listener) error

Serve servers service on started listener

func (*Server) Shutdown

func (s *Server) Shutdown(ctx context.Context) error

Shutdown performs graceful shutdown

func (*Server) Start

func (s *Server) Start() error

Start starts server

func (*Server) TargetMetadata

func (s *Server) TargetMetadata() apievents.ServerMetadata

TargetMetadata returns metadata about the server.

func (*Server) UseTunnel

func (s *Server) UseTunnel() bool

UseTunnel used to determine if this node has connected to this cluster using reverse tunnel.

func (*Server) Wait

func (s *Server) Wait()

Wait waits until server stops

type ServerOption

type ServerOption func(s *Server) error

ServerOption is a functional option passed to the server

func SetAllowFileCopying

func SetAllowFileCopying(allow bool) ServerOption

SetAllowFileCopying sets whether the server is allowed to handle SCP/SFTP requests.

func SetAllowTCPForwarding

func SetAllowTCPForwarding(allow bool) ServerOption

SetAllowTCPForwarding sets the TCP port forwarding mode that this server is allowed to offer. The default value is SSHPortForwardingModeAll, i.e. port forwarding is allowed.

func SetBPF

func SetBPF(ebpf bpf.BPF) ServerOption

func SetCAGetter

func SetCAGetter(caGetter CertAuthorityGetter) ServerOption

SetCAGetter sets the cert authority getter

func SetCiphers

func SetCiphers(ciphers []string) ServerOption

func SetClock

func SetClock(clock clockwork.Clock) ServerOption

SetClock is a functional server option to override the internal clock

func SetConnectedProxyGetter

func SetConnectedProxyGetter(getter *reversetunnel.ConnectedProxyGetter) ServerOption

SetConnectedProxyGetter sets the ConnectedProxyGetter.

func SetCreateHostUser

func SetCreateHostUser(createUser bool) ServerOption

SetCreateHostUser configures host user creation on a server

func SetEmitter

func SetEmitter(emitter events.StreamEmitter) ServerOption

SetEmitter assigns an audit event emitter for this server

func SetFIPS

func SetFIPS(fips bool) ServerOption

func SetIngressReporter

func SetIngressReporter(service string, r *ingress.Reporter) ServerOption

SetIngressReporter sets the reporter for reporting new and active connections.

func SetInventoryControlHandle

func SetInventoryControlHandle(handle inventory.DownstreamHandle) ServerOption

SetInventoryControlHandle sets the server's downstream inventory control handle.

func SetKEXAlgorithms

func SetKEXAlgorithms(kexAlgorithms []string) ServerOption

func SetLabels

func SetLabels(staticLabels map[string]string, cmdLabels services.CommandLabels, cloudLabels labels.Importer) ServerOption

SetLabels sets dynamic and static labels that server will report to the auth servers.

func SetLimiter

func SetLimiter(limiter *limiter.Limiter) ServerOption

SetLimiter sets rate and connection limiter for this server

func SetLockWatcher

func SetLockWatcher(lockWatcher *services.LockWatcher) ServerOption

SetLockWatcher sets the server's lock watcher.

func SetMACAlgorithms

func SetMACAlgorithms(macAlgorithms []string) ServerOption

func SetNamespace

func SetNamespace(namespace string) ServerOption

func SetNodeWatcher

func SetNodeWatcher(nodeWatcher *services.NodeWatcher) ServerOption

SetNodeWatcher sets the server's node watcher.

func SetOnHeartbeat

func SetOnHeartbeat(fn func(error)) ServerOption

func SetPAMConfig

func SetPAMConfig(pamConfig *servicecfg.PAMConfig) ServerOption

func SetPROXYSigner

func SetPROXYSigner(proxySigner PROXYHeaderSigner) ServerOption

SetPROXYSigner sets the PROXY headers signer

func SetPermitUserEnvironment

func SetPermitUserEnvironment(permitUserEnvironment bool) ServerOption

SetPermitUserEnvironment allows you to set the value of permitUserEnvironment.

func SetProxyMode

func SetProxyMode(peerAddr string, tsrv reversetunnelclient.Tunnel, ap auth.ReadProxyAccessPoint, router *proxy.Router) ServerOption

SetProxyMode starts this server in SSH proxying mode

func SetPublicAddrs

func SetPublicAddrs(addrs []utils.NetAddr) ServerOption

SetPublicAddrs sets the server's public addresses

func SetRotationGetter

func SetRotationGetter(getter services.RotationGetter) ServerOption

SetRotationGetter sets rotation state getter

func SetSessionController

func SetSessionController(controller *srv.SessionController) ServerOption

SetSessionController sets the session controller.

func SetShell

func SetShell(shell string) ServerOption

SetShell sets default shell that will be executed for interactive sessions

func SetStoragePresenceService

func SetStoragePresenceService(service *local.PresenceService) ServerOption

SetStoragePresenceService configures host user creation on a server

func SetTracerProvider

func SetTracerProvider(provider oteltrace.TracerProvider) ServerOption

SetTracerProvider sets the tracer provider.

func SetUUID

func SetUUID(uuid string) ServerOption

SetUUID sets server unique ID

func SetUseTunnel

func SetUseTunnel(useTunnel bool) ServerOption

func SetUserAccountingPaths

func SetUserAccountingPaths(utmpPath, wtmpPath, btmpPath string) ServerOption

SetUserAccountingPaths is a functional server option to override the user accounting database and log path.

func SetX11ForwardingConfig

func SetX11ForwardingConfig(xc *x11.ServerConfig) ServerOption

SetX11ForwardingConfig sets the server's X11 forwarding configuration

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL