sshpop

package

v1.4.1 Latest Latest Go to latest Published: Sep 6, 2022 License: Apache-2.0 Imports: 16 Imported by: 2

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/spiffe/spire

Links

Open Source Insights

Documentation ¶

Overview ¶

Package sshpop implements ssh proof of possession based node attestation.

Index ¶

Constants
Variables
type Client
- func NewClient(configString string) (*Client, error)
- func (c *Client) NewHandshake() *ClientHandshake
type ClientConfig
type ClientHandshake
- func (c *ClientHandshake) AttestationData() ([]byte, error)
- func (c *ClientHandshake) RespondToChallenge(req []byte) ([]byte, error)
type Server
- func NewServer(trustDomain, configString string) (*Server, error)
- func (s *Server) NewHandshake() *ServerHandshake
type ServerConfig
type ServerHandshake

Constants ¶

View Source

const (
	// PluginName is used for identifying this plugin type for protobuf blobs.
	PluginName = "sshpop"
)

Variables ¶

View Source

var (
	// DefaultAgentPathTemplate is the default text/template.
	DefaultAgentPathTemplate = agentpathtemplate.MustParse("/{{ .PluginName}}/{{ .Fingerprint }}")
)

Functions ¶

This section is empty.

Types ¶

type Client ¶

type Client struct {
	// contains filtered or unexported fields
}

Client is a factory for generating client handshake objects.

func NewClient ¶

func NewClient(configString string) (*Client, error)

func (*Client) NewHandshake ¶

func (c *Client) NewHandshake() *ClientHandshake

type ClientConfig ¶

type ClientConfig struct {
	HostKeyPath  string `hcl:"host_key_path"`
	HostCertPath string `hcl:"host_cert_path"`
}

ClientConfig configures the client.

type ClientHandshake ¶

type ClientHandshake struct {
	// contains filtered or unexported fields
}

ClientHandshake is a single-use object for an agent to do node attestation.

The handshake comprises a state machine that is not goroutine safe.

func (*ClientHandshake) AttestationData ¶

func (c *ClientHandshake) AttestationData() ([]byte, error)

func (*ClientHandshake) RespondToChallenge ¶

func (c *ClientHandshake) RespondToChallenge(req []byte) ([]byte, error)

type Server ¶

type Server struct {
	// contains filtered or unexported fields
}

Server is a factory for generating server handshake objects.

func NewServer ¶

func NewServer(trustDomain, configString string) (*Server, error)

func (*Server) NewHandshake ¶

func (s *Server) NewHandshake() *ServerHandshake

type ServerConfig ¶

type ServerConfig struct {
	CertAuthorities     []string `hcl:"cert_authorities"`
	CertAuthoritiesPath string   `hcl:"cert_authorities_path"`
	// CanonicalDomain specifies the domain suffix for validating the hostname against
	// the certificate's valid principals. See CanonicalDomains in ssh_config(5).
	CanonicalDomain   string `hcl:"canonical_domain"`
	AgentPathTemplate string `hcl:"agent_path_template"`
}

ServerConfig configures the server.

type ServerHandshake ¶

type ServerHandshake struct {
	// contains filtered or unexported fields
}

ServerHandshake is a single-use object for a server to do node attestation.

The handshake comprises a state machine that is not goroutine safe.

func (*ServerHandshake) AgentID ¶

func (s *ServerHandshake) AgentID() (spiffeid.ID, error)

func (*ServerHandshake) IssueChallenge ¶

func (s *ServerHandshake) IssueChallenge() ([]byte, error)

func (*ServerHandshake) VerifyAttestationData ¶

func (s *ServerHandshake) VerifyAttestationData(data []byte) error

func (*ServerHandshake) VerifyChallengeResponse ¶

func (s *ServerHandshake) VerifyChallengeResponse(res []byte) error

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL