Documentation
¶
Overview ¶
Package sshagent implements a filtering SSH agent proxy.
Index ¶
- func Fingerprint(keyBlob []byte) string
- type AgentClient
- type AuditEvent
- type AuditFunc
- type Identity
- type Proxy
- func (p *Proxy) AllowKey(fingerprint string, hosts []string)
- func (p *Proxy) Close() error
- func (p *Proxy) GetCurrentHost() string
- func (p *Proxy) List() ([]*Identity, error)
- func (p *Proxy) SetAuditFunc(fn AuditFunc)
- func (p *Proxy) SetCurrentHost(host string)
- func (p *Proxy) Sign(key *Identity, data []byte) ([]byte, error)
- type Server
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func Fingerprint ¶
Fingerprint computes the SHA256 fingerprint of a public key blob. Returns the fingerprint in the format "SHA256:<base64>".
Types ¶
type AgentClient ¶
type AgentClient interface {
// List returns all identities (public keys) from the agent.
List() ([]*Identity, error)
// Sign requests the agent to sign data using the specified key.
Sign(key *Identity, data []byte) ([]byte, error)
// Close closes the connection to the agent.
Close() error
}
AgentClient is the interface for SSH agent operations.
func ConnectAgent ¶
func ConnectAgent(socketPath string) (AgentClient, error)
ConnectAgent connects to an SSH agent at the given socket path.
type AuditEvent ¶
type AuditEvent struct {
Action string // "list", "sign_allowed", "sign_denied"
Host string // target host (for sign operations)
Fingerprint string // key fingerprint (for sign operations)
Error string // error message (for denied operations)
}
AuditEvent represents an auditable SSH agent operation.
type Identity ¶
Identity represents an SSH key identity from the agent.
func (*Identity) Fingerprint ¶
Fingerprint returns the SHA256 fingerprint of the key.
type Proxy ¶
type Proxy struct {
// contains filtered or unexported fields
}
Proxy is a filtering SSH agent proxy that only exposes keys for granted hosts.
func NewProxy ¶
func NewProxy(upstream AgentClient) *Proxy
NewProxy creates a new filtering SSH agent proxy.
func (*Proxy) GetCurrentHost ¶
GetCurrentHost returns the current target host.
func (*Proxy) SetAuditFunc ¶
SetAuditFunc sets the audit callback function.
func (*Proxy) SetCurrentHost ¶
SetCurrentHost sets the target host for sign request validation. This is called by the SSH wrapper to indicate which host is being connected to.
type Server ¶
type Server struct {
// contains filtered or unexported fields
}
Server listens for SSH agent protocol connections and proxies requests. It can listen on either a Unix socket or TCP, depending on configuration.
func NewTCPServer ¶
NewTCPServer creates a new SSH agent server listening on TCP. The addr should be in the form "host:port" or ":port".
func (*Server) SocketPath ¶
SocketPath returns the path to the Unix socket (empty if using TCP).
Source Files