server

package
v0.15.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 30, 2025 License: Apache-2.0 Imports: 42 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	DefaultSessionTTL    = 30 * time.Minute       // Default TTL for session data in Consul
	DefaultConsulTimeout = 5 * time.Second        // Default timeout for Consul operations
	DefaultWatchTimeout  = 10 * time.Minute       // Default timeout for Consul watch operations (long-polling)
	DefaultMaxRetries    = 3                      // Default number of retries for Consul operations
	DefaultRetryDelay    = 100 * time.Millisecond // Default delay between retries
	DefaultKeyPrefix     = "uptermd"              // Default key prefix for Consul storage
	UnusedNodeAddress    = "localhost"            // Placeholder address for node registration (not used but required by Consul)
)

Variables

View Source 
var (
	ErrListnerClosed = errors.New("routing: listener closed")
)
View Source 
var File_server_proto protoreflect.FileDescriptor

Functions

func Start 

func Start(opt Opt) error

Types

type AuthRequest 

type AuthRequest struct {
	ClientVersion string `protobuf:"bytes,1,opt,name=client_version,json=clientVersion,proto3" json:"client_version,omitempty"`
	RemoteAddr    string `protobuf:"bytes,2,opt,name=remote_addr,json=remoteAddr,proto3" json:"remote_addr,omitempty"`
	AuthorizedKey []byte `protobuf:"bytes,3,opt,name=authorized_key,json=authorizedKey,proto3" json:"authorized_key,omitempty"`
	// contains filtered or unexported fields
}

func (*AuthRequest) Descriptor deprecated 

func (*AuthRequest) Descriptor() ([]byte, []int)

Deprecated: Use AuthRequest.ProtoReflect.Descriptor instead.

func (*AuthRequest) GetAuthorizedKey 

func (x *AuthRequest) GetAuthorizedKey() []byte

func (*AuthRequest) GetClientVersion 

func (x *AuthRequest) GetClientVersion() string

func (*AuthRequest) GetRemoteAddr 

func (x *AuthRequest) GetRemoteAddr() string

func (*AuthRequest) ProtoMessage 

func (*AuthRequest) ProtoMessage()

func (*AuthRequest) ProtoReflect added in v0.5.0 

func (x *AuthRequest) ProtoReflect() protoreflect.Message

func (*AuthRequest) Reset 

func (x *AuthRequest) Reset()

func (*AuthRequest) String 

func (x *AuthRequest) String() string

type CreateSessionRequest 

type CreateSessionRequest struct {
	HostUser             string   `protobuf:"bytes,1,opt,name=hostUser,proto3" json:"hostUser,omitempty"`
	HostPublicKeys       [][]byte `protobuf:"bytes,2,rep,name=hostPublicKeys,proto3" json:"hostPublicKeys,omitempty"`
	ClientAuthorizedKeys [][]byte `protobuf:"bytes,3,rep,name=clientAuthorizedKeys,proto3" json:"clientAuthorizedKeys,omitempty"`
	// contains filtered or unexported fields
}

func (*CreateSessionRequest) Descriptor deprecated 

func (*CreateSessionRequest) Descriptor() ([]byte, []int)

Deprecated: Use CreateSessionRequest.ProtoReflect.Descriptor instead.

func (*CreateSessionRequest) GetClientAuthorizedKeys 

func (x *CreateSessionRequest) GetClientAuthorizedKeys() [][]byte

func (*CreateSessionRequest) GetHostPublicKeys 

func (x *CreateSessionRequest) GetHostPublicKeys() [][]byte

func (*CreateSessionRequest) GetHostUser 

func (x *CreateSessionRequest) GetHostUser() string

func (*CreateSessionRequest) ProtoMessage 

func (*CreateSessionRequest) ProtoMessage()

func (*CreateSessionRequest) ProtoReflect added in v0.5.0 

func (x *CreateSessionRequest) ProtoReflect() protoreflect.Message

func (*CreateSessionRequest) Reset 

func (x *CreateSessionRequest) Reset()

func (*CreateSessionRequest) String 

func (x *CreateSessionRequest) String() string

type CreateSessionResponse 

type CreateSessionResponse struct {
	SessionID string `protobuf:"bytes,1,opt,name=sessionID,proto3" json:"sessionID,omitempty"`
	NodeAddr  string `protobuf:"bytes,2,opt,name=nodeAddr,proto3" json:"nodeAddr,omitempty"`
	SshUser   string `protobuf:"bytes,3,opt,name=ssh_user,json=sshUser,proto3" json:"ssh_user,omitempty"` // SSH username for client connections
	// contains filtered or unexported fields
}

func (*CreateSessionResponse) Descriptor deprecated 

func (*CreateSessionResponse) Descriptor() ([]byte, []int)

Deprecated: Use CreateSessionResponse.ProtoReflect.Descriptor instead.

func (*CreateSessionResponse) GetNodeAddr 

func (x *CreateSessionResponse) GetNodeAddr() string

func (*CreateSessionResponse) GetSessionID 

func (x *CreateSessionResponse) GetSessionID() string

func (*CreateSessionResponse) GetSshUser added in v0.15.0 

func (x *CreateSessionResponse) GetSshUser() string

func (*CreateSessionResponse) ProtoMessage 

func (*CreateSessionResponse) ProtoMessage()

func (*CreateSessionResponse) ProtoReflect added in v0.5.0 

func (x *CreateSessionResponse) ProtoReflect() protoreflect.Message

func (*CreateSessionResponse) Reset 

func (x *CreateSessionResponse) Reset()

func (*CreateSessionResponse) String 

func (x *CreateSessionResponse) String() string

type ErrSessionNotFound added in v0.15.1 

type ErrSessionNotFound struct {
	SessionID string
}

ErrSessionNotFound represents a non-retryable session not found error

func (*ErrSessionNotFound) Error added in v0.15.1 

func (e *ErrSessionNotFound) Error() string

type HostCertSigner added in v0.5.0 

type HostCertSigner struct {
	Hostnames []string
}

func (*HostCertSigner) SignCert added in v0.5.0 

func (s *HostCertSigner) SignCert(signer ssh.Signer) (ssh.Signer, error)

type MemoryProvider 

type MemoryProvider struct {
	SocketPath string
	// contains filtered or unexported fields
}

func (*MemoryProvider) Name 

func (p *MemoryProvider) Name() string

func (*MemoryProvider) Opts 

func (p *MemoryProvider) Opts() string

func (*MemoryProvider) SSHD 

func (p *MemoryProvider) SSHD() SSHDDialListener

func (*MemoryProvider) Session 

func (p *MemoryProvider) Session() SessionDialListener

func (*MemoryProvider) SetOpts 

func (p *MemoryProvider) SetOpts(opts NetworkOptions) error

type NetworkOptions 

type NetworkOptions map[string]string

type NetworkProvider 

type NetworkProvider interface {
	SetOpts(opts NetworkOptions) error
	Session() SessionDialListener
	SSHD() SSHDDialListener
	Name() string
	Opts() string
}

type Opt 

type Opt struct {
	SSHAddr          string       `mapstructure:"ssh-addr"`
	SSHProxyProtocol bool         `mapstructure:"ssh-proxy-protocol"`
	WSAddr           string       `mapstructure:"ws-addr"`
	NodeAddr         string       `mapstructure:"node-addr"`
	PrivateKeys      []string     `mapstructure:"private-key"`
	Hostnames        []string     `mapstructure:"hostname"`
	Network          string       `mapstructure:"network"`
	NetworkOpts      []string     `mapstructure:"network-opt"`
	MetricAddr       string       `mapstructure:"metric-addr"`
	Debug            bool         `mapstructure:"debug"`
	Routing          routing.Mode `mapstructure:"routing"`
	ConsulURL        string       `mapstructure:"consul-url"`
	ConsulSessionTTL string       `mapstructure:"consul-session-ttl"`
}

func (*Opt) Validate added in v0.15.0 

func (opt *Opt) Validate() error

Validate validates the server configuration

type SSHDDialListener 

type SSHDDialListener interface {
	Listen() (net.Listener, error)
	Dial() (net.Conn, error)
}

type SSHRouting 

type SSHRouting struct {
	HostSigners     []ssh.Signer
	AuthPiper       *authPiper
	Decoder         routing.Decoder
	Logger          log.FieldLogger
	MetricsProvider provider.Provider
	// contains filtered or unexported fields
}

func (*SSHRouting) Serve 

func (p *SSHRouting) Serve(ln net.Listener) error

func (*SSHRouting) Shutdown 

func (p *SSHRouting) Shutdown() error

type Server 

type Server struct {
	NodeAddr        string
	HostSigners     []ssh.Signer
	Signers         []ssh.Signer
	NetworkProvider NetworkProvider
	MetricsProvider provider.Provider
	SessionManager  *SessionManager
	Logger          log.FieldLogger
	// contains filtered or unexported fields
}

func (*Server) ServeWithContext 

func (s *Server) ServeWithContext(ctx context.Context, sshln net.Listener, wsln net.Listener) error

func (*Server) Shutdown 

func (s *Server) Shutdown() error

type ServerInfo 

type ServerInfo struct {
	NodeAddr string
}

type Session added in v0.15.0 

type Session struct {
	ID                   string
	NodeAddr             string
	HostUser             string
	HostPublicKeys       []ssh.PublicKey
	ClientAuthorizedKeys []ssh.PublicKey
}

Session represents the complete session information

func NewSession added in v0.15.0 

func NewSession(sessionID, nodeAddr, hostUser string, hostPublicKeys, clientAuthorizedKeys [][]byte) *Session

NewSession creates Session from session parameters

func (*Session) IsClientKeyAllowed added in v0.15.0 

func (s *Session) IsClientKeyAllowed(key ssh.PublicKey) bool

IsClientKeyAllowed checks if a client key is authorized for this session

func (*Session) MarshalJSON added in v0.15.0 

func (s *Session) MarshalJSON() ([]byte, error)

MarshalJSON implements custom JSON marshaling for Session

func (*Session) UnmarshalJSON added in v0.15.0 

func (s *Session) UnmarshalJSON(data []byte) error

UnmarshalJSON implements custom JSON unmarshaling for Session

type SessionDialListener 

type SessionDialListener interface {
	Listen(sesisonID string) (net.Listener, error)
	Dial(sessionID string) (net.Conn, error)
}

type SessionManager added in v0.15.0 

type SessionManager struct {
	// contains filtered or unexported fields
}

SessionManager provides a high-level interface for session management, combining session storage with connection ID encoding based on routing mode

func NewSessionManager added in v0.15.0 

func NewSessionManager(mode routing.Mode, opts ...SessionManagerOption) (*SessionManager, error)

NewSessionManager creates a new SessionManager with the specified routing mode and options

Examples: 

// Embedded mode (simple, with default logger)
sm, err := NewSessionManager(routing.ModeEmbedded)

// Embedded mode with custom logger
sm, err := NewSessionManager(routing.ModeEmbedded, WithSessionManagerLogger(logger))

// Consul mode with minimal configuration
sm, err := NewSessionManager(routing.ModeConsul, WithSessionManagerConsulURL("http://localhost:8500"))

// Consul mode with full configuration
sm, err := NewSessionManager(routing.ModeConsul,
    WithSessionManagerLogger(logger),
    WithSessionManagerConsulURL("http://consul.example.com:8500"),
    WithSessionManagerConsulTTL(1*time.Hour))

func (*SessionManager) CreateSession added in v0.15.0 

func (sm *SessionManager) CreateSession(session *Session) (string, error)

CreateSession stores the session and returns the encoded SSH user identifier

func (*SessionManager) DeleteSession added in v0.15.0 

func (sm *SessionManager) DeleteSession(sessionID string) error

DeleteSession removes a session by ID

func (*SessionManager) GetEncodeDecoder added in v0.15.0 

func (sm *SessionManager) GetEncodeDecoder() routing.EncodeDecoder

GetEncodeDecoder returns the EncodeDecoder used by this session manager

func (*SessionManager) GetRoutingMode added in v0.15.0 

func (sm *SessionManager) GetRoutingMode() routing.Mode

GetRoutingMode returns the routing mode of this session manager

func (*SessionManager) GetSession added in v0.15.0 

func (sm *SessionManager) GetSession(sessionID string) (*Session, error)

GetSession retrieves a session by ID

func (*SessionManager) GetStore added in v0.15.0 

func (sm *SessionManager) GetStore() SessionStore

GetStore returns the underlying SessionStore for compatibility

func (*SessionManager) ResolveSSHUser added in v0.15.0 

func (sm *SessionManager) ResolveSSHUser(sshUser string) (sessionID, nodeAddr string, err error)

ResolveSSHUser resolves an SSH username by decoding it and conditionally validating session existence In embedded mode: only decodes (session may be on another node) In consul mode: decodes and validates (shared store across all nodes)

func (*SessionManager) Shutdown added in v0.15.0 

func (sm *SessionManager) Shutdown(nodeAddr string) error

Shutdown cleans up sessions created by this node during server shutdown

type SessionManagerConfig added in v0.15.0 

type SessionManagerConfig struct {
	Mode      routing.Mode
	Logger    log.FieldLogger
	ConsulURL *url.URL
	ConsulTTL time.Duration
}

SessionManagerConfig holds configuration for creating a SessionManager

type SessionManagerOption added in v0.15.0 

type SessionManagerOption func(*SessionManagerConfig)

SessionManagerOption is a functional option for configuring SessionManager

func WithSessionManagerConsulTTL added in v0.15.0 

func WithSessionManagerConsulTTL(ttl time.Duration) SessionManagerOption

WithSessionManagerConsulTTL sets the session TTL for consul mode

func WithSessionManagerConsulURL added in v0.15.1 

func WithSessionManagerConsulURL(consulURL *url.URL) SessionManagerOption

WithSessionManagerConsulURL sets the Consul URL for consul mode

func WithSessionManagerLogger added in v0.15.0 

func WithSessionManagerLogger(logger log.FieldLogger) SessionManagerOption

WithSessionManagerLogger sets the logger for the session manager

type SessionStore added in v0.15.0 

type SessionStore interface {
	// Store complete session data
	Store(session *Session) error
	// Get complete session data
	Get(sessionID string) (*Session, error)
	// Delete session data
	Delete(sessionID string) error
	// BatchDelete multiple sessions efficiently
	BatchDelete(sessionIDs []string) error
	// List all sessions (for cleanup and management)
	List() ([]*Session, error)
	// Close cleans up resources and stops background processes
	Close() error
}

SessionStore defines the interface for session storage

type UnixProvider 

type UnixProvider struct {
	// contains filtered or unexported fields
}

func (*UnixProvider) Name 

func (p *UnixProvider) Name() string

func (*UnixProvider) Opts 

func (p *UnixProvider) Opts() string

func (*UnixProvider) SSHD 

func (p *UnixProvider) SSHD() SSHDDialListener

func (*UnixProvider) Session 

func (p *UnixProvider) Session() SessionDialListener

func (*UnixProvider) SetOpts 

func (p *UnixProvider) SetOpts(opts NetworkOptions) error

type UserCertChecker added in v0.5.0 

type UserCertChecker struct {
	UserKeyFallback func(user string, key ssh.PublicKey) (ssh.PublicKey, error)
}

func (*UserCertChecker) Authenticate added in v0.5.0 

func (c *UserCertChecker) Authenticate(user string, key ssh.PublicKey) (*AuthRequest, ssh.PublicKey, error)

Authenticate tries to pass auth request and public key from a cert. If the public key is not a cert, it calls the UserKeyFallback func. Otherwise it returns an error.

type UserCertSigner added in v0.5.0 

type UserCertSigner struct {
	SessionID   string
	User        string
	AuthRequest *AuthRequest
}

func (*UserCertSigner) SignCert added in v0.5.0 

func (g *UserCertSigner) SignCert(signer ssh.Signer) (ssh.Signer, error)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.