feature

package
v0.2.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 1, 2022 License: MIT Imports: 15 Imported by: 0

Documentation

Overview

Package feature provides several re-usable features for ssh servers.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func AllowForwardFrom 

func AllowForwardFrom(logger logging.Logger, addresses []NetworkAddress) ssh.ReversePortForwardingCallback

AllowForwardFrom returns a ssh.ReversePortForwardingCallback that allows reading traffic to the provided addresses only.

logger is called whenever a request from a caller is allowed or denied.

func AllowForwardTo 

func AllowForwardTo(logger logging.Logger, addresses []NetworkAddress) ssh.LocalPortForwardingCallback

AllowForwardTo returns a ssh.LocalPortForwardingCallback that allows forwarding traffic to the provided addresses only.

logger is called whenever a request from a caller is allowed or denied.

func AllowPortForwarding 

func AllowPortForwarding(logger logging.Logger, server *ssh.Server, toAddresses []NetworkAddress, fromAddresses []NetworkAddress)

AllowPortForwarding enables port forwarding on the provided server only to and from the given addresses. This function also calls EnablePortForwarding, please see appropriate documentation

See also AllowForwardTo, AllowForwardFrom and EnablePortForwarding.

func AuthorizeKeys 

func AuthorizeKeys(logger logging.Logger, keyfinder func(ctx ssh.Context) (keys []ssh.PublicKey, err error)) ssh.PublicKeyHandler

AuthorizeKeys returns an ssh.PublicKeysHandler that calls keyfinder() and authorizes all keys returned by the handler.

logger is a logger that is called when the keyfinder returns an error. keyfinder is a function that is called for a provided context and should return a list of keys that are authorized.

This function protects against timing attacks by always checking all keys even though a quicker implementation could be possible. To further improve against timing attacks, keyfinder should always return the same number of keys (for any session).

func EnablePortForwarding 

func EnablePortForwarding(server *ssh.Server, localCallback ssh.LocalPortForwardingCallback, reverseCallback ssh.ReversePortForwardingCallback)

EnablePortForwarding enables portforwarding with the given callbacks on the ssh Server server. This includes tcpip forward requests as well as direct-tcpip channels.

This function overwrites any already configured LocalPortForwardingCallback and ReversePortForwardingCallback functions. It will furthermore remove the 'tcpip-forward' and 'cancel-tcpip-forward' request handlers along with the 'direct-tcpip' channel handler.

func ReadOrMakeHostKey 

func ReadOrMakeHostKey(logger logging.Logger, privateKeyPath string, algorithm HostKeyAlgorithm) (key gossh.Signer, err error)

ReadOrMakeHostKey attempts to load a host key from the given privateKeyPath. If the path does not exist, a new key is generated.

This function assumes that if there is a host key in privateKeyPath it uses the provided HostKeyAlgorithm. It makes no attempt at verifiying this; the key mail fail to load and return an error, or it may load incorrect data.

logger is called whenever a new host key algorithm is being generated.

func UseOrMakeHostKey 

func UseOrMakeHostKey(logger logging.Logger, server *ssh.Server, privateKeyPath string, algorithm HostKeyAlgorithm) error

UseOrMakeHostKey attempts to load a host key from the given privateKeyPath. If the path does not exist, a new host key is generated. It then adds this hostkey to the priovided server.

All parameters except the server are passed to ReadOrMakeHostKey. Please see the appropriate documentation for that function.

logger is called whenever a new host key algorithm is being generated.

func UseOrMakeHostKeys 

func UseOrMakeHostKeys(logger logging.Logger, server *ssh.Server, privateKeyPath string, algorithms []HostKeyAlgorithm) error

UseOrMakeHostKeys is like UseOrMakeHostKey except that it accepts multiple HostKeyAlgorithms. For each key algorithm, the privateKeyPath is appended with "_" + the name of the algorithm in question.

When algorithms is nil, picks a reasonable set of default algorithms.

Types

type HostKey 

type HostKey interface {
	ssh.Signer

	// Algorithm is the Algorithm used by this HostKey implementation.
	Algorithm() HostKeyAlgorithm

	// Generate generates a new HostKey, discarding whatever was previsouly contained.
	//
	// keySize is the desired public key size in bits. When keySize is 0, a sensible default is used.
	// random is the source of randomness. If random is nil, crypto/rand.Reader will be used.
	Generate(keySize int, random io.Reader) error

	// MarshalPEM marshals the private key into a pem.Block to be used for exporting.
	// The format is not guaranteed to follow any kind of standard, only that it is readable with the corresponding UnmarshalPEM.
	MarshalPEM() (*pem.Block, error)

	// UnmarshalPEM unmarshals the private key from a pem.Block.
	// It is only compatible with whatever MarshalPEM() outputted.
	UnmarshalPEM(block *pem.Block) error
}

HostKey represents an pair of ssh private key and algorithm. Once the hostkey is generated or loaded, it is safe for concurrent accesses.

func NewHostKey 

func NewHostKey(algorithm HostKeyAlgorithm) HostKey

NewHostKey returns a new empty HostKey for the provided HostKey Algorithm. An unsupported HostKeyAlgorithm will result in a call to panic().

type HostKeyAlgorithm 

type HostKeyAlgorithm string

HostKeyAlgorithm is an enumerated value that represents a specific algorithm used for host keys. 

const (
	// RSAAlgorithm represents the RSA Algorithm
	RSAAlgorithm HostKeyAlgorithm = "rsa"

	// ED25519Algorithm represents the ED25519 algorithm
	ED25519Algorithm HostKeyAlgorithm = "ed25519"
)

type NetworkAddress 

type NetworkAddress struct {
	Hostname string
	Port     NetworkPort
}

NetworkAddress is a network address consisting of a hostname and a port

func MustParseNetworkAddress 

func MustParseNetworkAddress(s string) NetworkAddress

MustParseNetworkAddress is like ParseNetworkAddress except that it calls panic() instead of returning an error.

This function is intended to be used for test cases.

func ParseNetworkAddress 

func ParseNetworkAddress(s string) (p NetworkAddress, err error)

ParseNetworkAddress parses a network address of the form 'Hostname:Port'. See function net.Dial, in particular the hostport for allowed combinations.

When parsing fails a non-nil error is returned. Otherwise, error is nil.

func (NetworkAddress) String 

func (p NetworkAddress) String() string

String turns this NetworkAddress into a string of the form "host:port". This string is guaranteed to be parsable by ParseNetworkAddress() as well as "net".Dial and friends.

type NetworkAddressListVar 

type NetworkAddressListVar struct {
	Addresses *[]NetworkAddress
}

NetworkAddressListVar represents a "flag".Value that contains a list of network addresses. It can be passed multiple times, and collects all NetworkAddress in an ordered list.

func (*NetworkAddressListVar) Set 

func (p *NetworkAddressListVar) Set(value string) (err error)

Set sets the value of this NetworkAddressListVar This function is intedned to be called by flag.Var()

func (*NetworkAddressListVar) String 

func (p *NetworkAddressListVar) String() string

String turns this NetworkAddressListVar into a comma-seperated list of network addresses.

type NetworkPort 

type NetworkPort uint16

NetworkPort represents the NetworkPort of a NetworkAddress

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.