Documentation
¶
Overview ¶
Package ssh provides an SSH server that routes connections to sandbox containers. It uses the username as the session ID to identify which container to connect to. This enables VS Code Remote SSH to connect to sandbox sessions.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Config ¶
type Config struct {
// Address to listen on (e.g., ":2222")
Address string
// HostKeyPath is the path to the SSH host key file.
// If the file doesn't exist, a new key will be generated.
HostKeyPath string
// SandboxProvider is used to route connections to containers.
SandboxProvider sandbox.Provider
// SandboxEnsurer is called on each incoming connection to ensure the sandbox
// is started before channels are opened. If nil, connections to non-running
// sandboxes are rejected.
SandboxEnsurer SandboxEnsurer
// UserInfoFetcher is used to get the default user for sandbox sessions.
// If nil, commands run as root.
UserInfoFetcher UserInfoFetcher
// EnvVarFetcher is used to get environment variables from the session. If nil,
// no runtime-managed env vars are applied.
EnvVarFetcher EnvVarFetcher
// ConnectionTracker is notified when SSH connections are established and closed.
// If nil, connection tracking is disabled.
ConnectionTracker ConnectionTracker
}
Config holds SSH server configuration.
type ConnectionTracker ¶
type ConnectionTracker interface {
// Track registers an active connection for sessionID and returns a release
// function that must be called when the connection ends.
Track(sessionID string) func()
}
ConnectionTracker tracks active connections per session. Implementations must be safe for concurrent use.
type EnvVarFetcher ¶
type EnvVarFetcher interface {
// GetEnvVarsForSession returns the merged environment variables to inject into
// SSH sessions before applying client-provided env overrides.
GetEnvVarsForSession(ctx context.Context, sessionID string) (map[string]string, error)
}
EnvVarFetcher fetches environment variables for a session from runtime-managed sources like visible credentials.
type SandboxEnsurer ¶
SandboxEnsurer ensures a sandbox is running before an SSH connection is established. It is called in handleConnection before any channels are opened. If nil, sandboxes that are not running will cause the connection to be rejected.
type Server ¶
type Server struct {
// contains filtered or unexported fields
}
Server is an SSH server that routes connections to sandbox containers.
func (*Server) SetSandboxEnsurer ¶
func (s *Server) SetSandboxEnsurer(e SandboxEnsurer)
SetSandboxEnsurer sets the SandboxEnsurer used to start stopped sandboxes on incoming SSH connections. It may be called after New to break initialization ordering cycles (e.g. when the ensurer depends on the dispatcher which is created after the SSH server).
type UserInfoFetcher ¶
type UserInfoFetcher interface {
// GetUserInfo returns the default user for a sandbox.
// Returns username, uid, gid, and any error.
GetUserInfo(ctx context.Context, sessionID string) (username string, uid, gid int, err error)
}
UserInfoFetcher fetches user info from a sandbox. This is used to determine which user to run commands as.
Source Files