README
¶
go-sshlib
About
A library to handle ssh easily with Golang.It can do multiple proxy, x11 forwarding, etc.
- This program refactors the processing performed by lssh(https://github.com/blacknon/lssh) so that it can be treated as a library.
Usage
Example
// Copyright (c) 2019 Blacknon. All rights reserved.
// Use of this source code is governed by an MIT license
// that can be found in the LICENSE file.
// Shell connection Example file.
// Change the value of the variable and compile to make sure that you can actually connect.
//
// This file uses password authentication. Please replace as appropriate.
package main
import (
"fmt"
"os"
sshlib "github.com/blacknon/go-sshlib"
"golang.org/x/crypto/ssh"
)
var (
host = "target.com"
port = "22"
user = "user"
password = "password"
termlog = "./test_termlog"
)
func main() {
// Create sshlib.Connect
con := &sshlib.Connect{
// If you use x11 forwarding, please set to true.
ForwardX11: false,
// If you use ssh-agent forwarding, please set to true.
// And after, run `con.ConnectSshAgent()`.
ForwardAgent: false,
}
// Create ssh.AuthMethod
authMethod := sshlib.CreateAuthMethodPassword(password)
// If you use ssh-agent forwarding, uncomment it.
// con.ConnectSshAgent()
// Connect ssh server
err := con.CreateClient(host, user, port, []ssh.AuthMethod{authMethod})
if err != nil {
fmt.Println(err)
os.Exit(1)
}
// Set terminal log
con.SetLog(termlog, false)
// Start ssh shell
con.Shell()
}
Documentation
¶
Overview ¶
Package sshlib is a library to easily connect with ssh by go. You can perform multiple proxy, x11 forwarding, PKCS11 authentication, etc...
Example simple ssh shell ¶
It is example code. simple connect ssh shell. You can also do tab completion, send sigint signal(Ctrl+C).
package main
import (
"fmt"
"os"
sshlib "github.com/blacknon/go-sshlib"
"golang.org/x/crypto/ssh"
)
var (
host = "target.com"
port = "22"
user = "user"
password = "password"
termlog = "./test_termlog"
)
func main() {
// Create sshlib.Connect
con := &sshlib.Connect{
// If you use x11 forwarding, please set to true.
ForwardX11: false,
// If you use ssh-agent forwarding, please set to true.
// And after, run `con.ConnectSshAgent()`.
ForwardAgent: false,
}
// Create ssh.AuthMethod
authMethod := sshlib.CreateAuthMethodPassword(password)
// If you use ssh-agent forwarding, uncomment it.
// con.ConnectSshAgent()
// Connect ssh server
err := con.CreateClient(host, user, port, []ssh.AuthMethod{authMethod})
if err != nil {
fmt.Println(err)
os.Exit(1)
}
// Set terminal log
con.SetLog(termlog, false)
// Start ssh shell
con.Shell()
}
Example simple ssh proxy shell ¶
Multple proxy by ssh connection is also available. Please refer to the sample code for usage with http and socks5 proxy.
package main
import (
"fmt"
"os"
sshlib "github.com/blacknon/go-sshlib"
"golang.org/x/crypto/ssh"
)
var (
// Proxy ssh server
host1 = "proxy.com"
port1 = "22"
user1 = "user"
password1 = "password"
// Target ssh server
host2 = "target.com"
port2 = "22"
user2 = "user"
password2 = "password"
termlog = "./test_termlog"
)
func main() {
// ==========
// proxy connect
// ==========
// Create proxy sshlib.Connect
proxyCon := &sshlib.Connect{}
// Create proxy ssh.AuthMethod
proxyAuthMethod := sshlib.CreateAuthMethodPassword(password1)
// Connect proxy server
err := proxyCon.CreateClient(host1, user1, port1, []ssh.AuthMethod{proxyAuthMethod})
if err != nil {
fmt.Println(err)
os.Exit(1)
}
// ==========
// target connect
// ==========
// Create target sshlib.Connect
targetCon := &sshlib.Connect{
ProxyDialer: proxyCon.Client,
}
// Create target ssh.AuthMethod
targetAuthMethod := sshlib.CreateAuthMethodPassword(password2)
// Connect target server
err = targetCon.CreateClient(host2, user2, port2, []ssh.AuthMethod{targetAuthMethod})
if err != nil {
fmt.Println(err)
os.Exit(1)
}
// Set terminal log
targetCon.SetLog(termlog, false)
// Start ssh shell
targetCon.Shell()
}
This library was created for my ssh client (https://github.com/blacknon/lssh)
Index ¶
- func CreateAuthMethodCertificate(cert string, keySigner ssh.Signer) (auth ssh.AuthMethod, err error)
- func CreateAuthMethodPKCS11(provider, pin string) (auth []ssh.AuthMethod, err error)
- func CreateAuthMethodPassword(password string) (auth ssh.AuthMethod)
- func CreateAuthMethodPublicKey(key, password string) (auth ssh.AuthMethod, err error)
- func CreateSignerAgent(sshAgent interface{}) (signers []ssh.Signer, err error)
- func CreateSignerCertificate(cert string, keySigner ssh.Signer) (certSigner ssh.Signer, err error)
- func CreateSignerPKCS11(provider, pin string) (signers []ssh.Signer, err error)
- func CreateSignerPKCS11Prompt(provider, pin string) (signers []ssh.Signer, err error)
- func CreateSignerPublicKey(key, password string) (signer ssh.Signer, err error)
- func CreateSignerPublicKeyData(keyData []byte, password string) (signer ssh.Signer, err error)
- func CreateSignerPublicKeyPrompt(key, password string) (signer ssh.Signer, err error)
- func RequestTty(session *ssh.Session) (err error)
- type AgentInterface
- type Connect
- func (c *Connect) AddKeySshAgent(sshAgent interface{}, key interface{})
- func (c *Connect) CheckClientAlive() error
- func (c *Connect) CmdShell(session *ssh.Session, command string) (err error)
- func (c *Connect) Command(command string) (err error)
- func (c *Connect) CreateClient(host, port, user string, authMethods []ssh.AuthMethod) (err error)
- func (c *Connect) CreateSession() (session *ssh.Session, err error)
- func (c *Connect) ForwardSshAgent(session *ssh.Session)
- func (c *Connect) SendKeepAlive(session *ssh.Session)
- func (c *Connect) SetLog(path string, timestamp bool)
- func (c *Connect) Shell(session *ssh.Session) (err error)
- func (c *Connect) TCPDynamicForward(address, port string) (err error)
- func (c *Connect) TCPLocalForward(localAddr, remoteAddr string) (err error)
- func (c *Connect) TCPRemoteForward(localAddr, remoteAddr string) (err error)
- func (c *Connect) X11Forward(session *ssh.Session) (err error)
- type NetPipe
- type PKCS11
- type Proxy
- func (p *Proxy) CreateHttpProxyDialer() (proxyDialer proxy.Dialer, err error)
- func (p *Proxy) CreateProxyCommandProxyDialer() (proxyDialer proxy.Dialer, err error)
- func (p *Proxy) CreateProxyDialer() (proxyDialer proxy.Dialer, err error)
- func (p *Proxy) CreateSocks5ProxyDialer() (proxyDialer proxy.Dialer, err error)
Examples ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func CreateAuthMethodCertificate ¶
func CreateAuthMethodCertificate(cert string, keySigner ssh.Signer) (auth ssh.AuthMethod, err error)
CreateAuthMethodCertificate returns ssh.AuthMethod generated from Certificate. To generate an AuthMethod from a certificate, you will need the certificate's private key Signer. Signer should be generated from CreateSignerPublicKey() or CreateSignerPKCS11().
func CreateAuthMethodPKCS11 ¶
func CreateAuthMethodPKCS11(provider, pin string) (auth []ssh.AuthMethod, err error)
CreateAuthMethodPKCS11 return []ssh.AuthMethod generated from pkcs11 token. PIN is required to generate a AuthMethod from a PKCS 11 token.
WORNING: Does not work if multiple tokens are stuck at the same time.
func CreateAuthMethodPassword ¶
func CreateAuthMethodPassword(password string) (auth ssh.AuthMethod)
CreateAuthMethodPassword returns ssh.AuthMethod generated from password.
func CreateAuthMethodPublicKey ¶
func CreateAuthMethodPublicKey(key, password string) (auth ssh.AuthMethod, err error)
CreateAuthMethodPublicKey returns ssh.AuthMethod generated from PublicKey. If you have not specified a passphrase, please specify a empty character("").
func CreateSignerAgent ¶ added in v0.1.1
CreateSignerAgent return []ssh.Signer from ssh-agent. In sshAgent, put agent.Agent or agent.ExtendedAgent.
func CreateSignerCertificate ¶
CreateSignerCertificate returns ssh.Signer generated from Certificate. To generate an AuthMethod from a certificate, you will need the certificate's private key Signer. Signer should be generated from CreateSignerPublicKey() or CreateSignerPKCS11().
func CreateSignerPKCS11 ¶
CreateSignerCertificate returns []ssh.Signer generated from PKCS11 token. PIN is required to generate a Signer from a PKCS 11 token.
WORNING: Does not work if multiple tokens are stuck at the same time.
func CreateSignerPKCS11Prompt ¶ added in v0.1.1
CreateSignerPKCS11Prompt rapper CreateSignerPKCS11. Output a PIN input prompt if the PIN is not entered or incorrect.
Only Support UNIX-like OS.
func CreateSignerPublicKey ¶
CreateSignerPublicKey returns []ssh.Signer generated from public key. If you have not specified a passphrase, please specify a empty character("").
func CreateSignerPublicKeyData ¶ added in v0.1.1
func CreateSignerPublicKeyPrompt ¶ added in v0.1.1
CreateSignerPublicKeyPrompt rapper CreateSignerPKCS11. Output a passphrase input prompt if the passphrase is not entered or incorrect.
Only Support UNIX-like OS.
func RequestTty ¶
RequestTty requests the association of a pty with the session on the remote host. Terminal size is obtained from the currently connected terminal
Types ¶
type AgentInterface ¶
type AgentInterface interface{}
AgentInterface Interface for storing agent.Agent or agent.ExtendedAgent.
type Connect ¶
type Connect struct {
// Client *ssh.Client
Client *ssh.Client
// Session
Session *ssh.Session
// Session Stdin, Stdout, Stderr...
Stdin io.Reader
Stdout io.Writer
Stderr io.Writer
// ProxyDialer
ProxyDialer proxy.Dialer
// Connect timeout second.
ConnectTimeout int
// SendKeepAliveMax and SendKeepAliveInterval
SendKeepAliveMax int
SendKeepAliveInterval int
// Session use tty flag.
TTY bool
// Forward ssh agent flag.
ForwardAgent bool
// ssh-agent interface.
// agent.Agent or agent.ExtendedAgent
Agent AgentInterface
// Forward x11 flag.
ForwardX11 bool
// contains filtered or unexported fields
}
Connect structure to store contents about ssh connection.
func (*Connect) AddKeySshAgent ¶
func (c *Connect) AddKeySshAgent(sshAgent interface{}, key interface{})
AddKeySshAgent is rapper agent.Add(). key must be a *rsa.PrivateKey, *dsa.PrivateKey or *ecdsa.PrivateKey, which will be inserted into the agent.
Should use `ssh.ParseRawPrivateKey()` or `ssh.ParseRawPrivateKeyWithPassphrase()`.
func (*Connect) CheckClientAlive ¶
CheckClientAlive check alive ssh.Client.
func (*Connect) CmdShell ¶ added in v0.1.1
Shell connect command shell over ssh. Used to start a shell with a specified command.
func (*Connect) Command ¶ added in v0.1.1
Cmd connect and run command over ssh. Output data is processed by channel because it is executed in parallel. If specification is troublesome, it is good to generate and process session from ssh package.
func (*Connect) CreateClient ¶
func (c *Connect) CreateClient(host, port, user string, authMethods []ssh.AuthMethod) (err error)
CreateClient
func (*Connect) CreateSession ¶
CreateSession
func (*Connect) ForwardSshAgent ¶
ForwardAgent forward ssh-agent in session.
func (*Connect) SendKeepAlive ¶
SendKeepAlive send packet to session. TODO(blacknon): Interval及びMaxを設定できるようにする(v0.1.1)
func (*Connect) TCPDynamicForward ¶ added in v0.1.1
TCPDynamicForward forwarding tcp data. Like Dynamic port forward (ssh -D). listen port Socks5 proxy server.
func (*Connect) TCPLocalForward ¶ added in v0.1.1
TCPLocalForward forwarding tcp data. Like Local port forward (ssh -L). localAddr, remoteAddr is write as "address:port".
example) "127.0.0.1:22", "abc.com:9977"
func (*Connect) TCPRemoteForward ¶ added in v0.1.1
TCPRemoteForward forwarding tcp data. Like Remote port forward (ssh -R). localAddr, remoteAddr is write as "address:port".
example) "127.0.0.1:22", "abc.com:9977"
func (*Connect) X11Forward ¶
X11Forward send x11-req to ssh server and do x11 forwarding. Since the display number of the transfer destination and the PATH of the socket communication file are checked from the local environment variable DISPLAY, this does not work if it is not set.
Also, the value of COOKIE transfers the local value as it is. This will be addressed in the future.
Example ¶
// Create session
session, err := c.CreateSession()
if err != nil {
return
}
// X11 forwarding
err = c.X11Forward(session)
if err != nil {
log.Fatal(err)
}
type PKCS11 ¶
type PKCS11 struct {
// pkcs11 provider path
Pkcs11Provider string
Ctx *pkcs11.Ctx
Label string
SlotID uint
KeyID map[int][]byte
PIN string
SessionHandle pkcs11.SessionHandle
}
PKCS11 struct for pkcs11 processing.
func (*PKCS11) CreateCtx ¶
CreateCtx create and into PKCS11.Ctx. This is the first process to be performed when processing with PKCS11.
func (*PKCS11) GetCryptoSigner ¶
GetCryptoSigner return []crypto.Signer
func (*PKCS11) GetPIN ¶ added in v0.1.1
GetPin prompt for PIN if P11.Pin is blank Only Support UNIX-like OS.
func (*PKCS11) GetTokenLabel ¶
GetTokenLabel get pkcs11 token label. and into PKCS11.Label. Only one token is supported.
func (*PKCS11) RecreateCtx ¶
RecreateCtx exchange PKCS11.Ctx with PIN accessible ctx. Recreate Ctx to access information after PIN entry.
type Proxy ¶
type Proxy struct {
// Type set proxy type.
// Can specify `http`, `https`, `socks`, `socks5`, `command`.
//
// It is read at the time of specification depending on the type.
Type string
// Addr set proxy address.
//
Addr string
// Port set proxy port.
//
Port string
// Port set proxy user.
//
User string
// Port set proxy user.
//
Password string
// Command only use Type `command`.
//
Command string
// Forwarder set Dialer.
Forwarder proxy.Dialer
}
func (*Proxy) CreateHttpProxyDialer ¶
CreateHttpProxy return proxy.Dialer as http proxy.
func (*Proxy) CreateProxyCommandProxyDialer ¶
CreateProxyCommandProxyDialer as ProxyCommand. When passing ProxyCommand, replace %h, %p and %r etc...
func (*Proxy) CreateProxyDialer ¶
CreateProxyDialer retrun proxy.Dialer.
Source Files
Directories