server

package
v0.22.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 14, 2026 License: Apache-2.0 Imports: 41 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	DefaultSessionTTL    = 30 * time.Minute       // Default TTL for session data in Consul
	DefaultConsulTimeout = 5 * time.Second        // Default timeout for Consul operations
	DefaultWatchTimeout  = 10 * time.Minute       // Default timeout for Consul watch operations (long-polling)
	DefaultMaxRetries    = 3                      // Default number of retries for Consul operations
	DefaultRetryDelay    = 100 * time.Millisecond // Default delay between retries
	DefaultKeyPrefix     = "uptermd"              // Default key prefix for Consul storage
	UnusedNodeAddress    = "localhost"            // Placeholder address for node registration (not used but required by Consul)
)

Variables

View Source 
var (
	ErrListnerClosed = errors.New("routing: listener closed")
)
View Source 
var File_server_proto protoreflect.FileDescriptor

Functions

func Start 

func Start(ctx context.Context, opt Opt, logger *slog.Logger) error

Types

type AuthRequest 

type AuthRequest struct {
	ClientVersion string `protobuf:"bytes,1,opt,name=client_version,json=clientVersion,proto3" json:"client_version,omitempty"`
	RemoteAddr    string `protobuf:"bytes,2,opt,name=remote_addr,json=remoteAddr,proto3" json:"remote_addr,omitempty"`
	AuthorizedKey []byte `protobuf:"bytes,3,opt,name=authorized_key,json=authorizedKey,proto3" json:"authorized_key,omitempty"`
	// contains filtered or unexported fields
}

func (*AuthRequest) Descriptor deprecated 

func (*AuthRequest) Descriptor() ([]byte, []int)

Deprecated: Use AuthRequest.ProtoReflect.Descriptor instead.

func (*AuthRequest) GetAuthorizedKey 

func (x *AuthRequest) GetAuthorizedKey() []byte

func (*AuthRequest) GetClientVersion 

func (x *AuthRequest) GetClientVersion() string

func (*AuthRequest) GetRemoteAddr 

func (x *AuthRequest) GetRemoteAddr() string

func (*AuthRequest) ProtoMessage 

func (*AuthRequest) ProtoMessage()

func (*AuthRequest) ProtoReflect added in v0.5.0 

func (x *AuthRequest) ProtoReflect() protoreflect.Message

func (*AuthRequest) Reset 

func (x *AuthRequest) Reset()

func (*AuthRequest) String 

func (x *AuthRequest) String() string

type CreateSessionRequest 

type CreateSessionRequest struct {
	HostUser             string   `protobuf:"bytes,1,opt,name=hostUser,proto3" json:"hostUser,omitempty"`
	HostPublicKeys       [][]byte `protobuf:"bytes,2,rep,name=hostPublicKeys,proto3" json:"hostPublicKeys,omitempty"`
	ClientAuthorizedKeys [][]byte `protobuf:"bytes,3,rep,name=clientAuthorizedKeys,proto3" json:"clientAuthorizedKeys,omitempty"`
	// contains filtered or unexported fields
}

func (*CreateSessionRequest) Descriptor deprecated 

func (*CreateSessionRequest) Descriptor() ([]byte, []int)

Deprecated: Use CreateSessionRequest.ProtoReflect.Descriptor instead.

func (*CreateSessionRequest) GetClientAuthorizedKeys 

func (x *CreateSessionRequest) GetClientAuthorizedKeys() [][]byte

func (*CreateSessionRequest) GetHostPublicKeys 

func (x *CreateSessionRequest) GetHostPublicKeys() [][]byte

func (*CreateSessionRequest) GetHostUser 

func (x *CreateSessionRequest) GetHostUser() string

func (*CreateSessionRequest) ProtoMessage 

func (*CreateSessionRequest) ProtoMessage()

func (*CreateSessionRequest) ProtoReflect added in v0.5.0 

func (x *CreateSessionRequest) ProtoReflect() protoreflect.Message

func (*CreateSessionRequest) Reset 

func (x *CreateSessionRequest) Reset()

func (*CreateSessionRequest) String 

func (x *CreateSessionRequest) String() string

type CreateSessionResponse 

type CreateSessionResponse struct {
	SessionID string `protobuf:"bytes,1,opt,name=sessionID,proto3" json:"sessionID,omitempty"`
	NodeAddr  string `protobuf:"bytes,2,opt,name=nodeAddr,proto3" json:"nodeAddr,omitempty"`
	SshUser   string `protobuf:"bytes,3,opt,name=ssh_user,json=sshUser,proto3" json:"ssh_user,omitempty"` // SSH username for client connections
	// contains filtered or unexported fields
}

func (*CreateSessionResponse) Descriptor deprecated 

func (*CreateSessionResponse) Descriptor() ([]byte, []int)

Deprecated: Use CreateSessionResponse.ProtoReflect.Descriptor instead.

func (*CreateSessionResponse) GetNodeAddr 

func (x *CreateSessionResponse) GetNodeAddr() string

func (*CreateSessionResponse) GetSessionID 

func (x *CreateSessionResponse) GetSessionID() string

func (*CreateSessionResponse) GetSshUser added in v0.15.0 

func (x *CreateSessionResponse) GetSshUser() string

func (*CreateSessionResponse) ProtoMessage 

func (*CreateSessionResponse) ProtoMessage()

func (*CreateSessionResponse) ProtoReflect added in v0.5.0 

func (x *CreateSessionResponse) ProtoReflect() protoreflect.Message

func (*CreateSessionResponse) Reset 

func (x *CreateSessionResponse) Reset()

func (*CreateSessionResponse) String 

func (x *CreateSessionResponse) String() string

type ErrSessionNotFound added in v0.15.1 

type ErrSessionNotFound struct {
	SessionID string
}

ErrSessionNotFound represents a non-retryable session not found error

func (*ErrSessionNotFound) Error added in v0.15.1 

func (e *ErrSessionNotFound) Error() string

type HostCertSigner added in v0.5.0 

type HostCertSigner struct {
	Hostnames []string
}

func (*HostCertSigner) SignCert added in v0.5.0 

func (s *HostCertSigner) SignCert(signer ssh.Signer) (ssh.Signer, error)

type MemoryProvider 

type MemoryProvider struct {
	SocketPath string
	// contains filtered or unexported fields
}

func (*MemoryProvider) Name 

func (p *MemoryProvider) Name() string

func (*MemoryProvider) Opts 

func (p *MemoryProvider) Opts() string

func (*MemoryProvider) SSHD 

func (p *MemoryProvider) SSHD() SSHDDialListener

func (*MemoryProvider) Session 

func (p *MemoryProvider) Session() SessionDialListener

func (*MemoryProvider) SetOpts 

func (p *MemoryProvider) SetOpts(opts NetworkOptions) error

type NetworkOptions 

type NetworkOptions map[string]string

type NetworkProvider 

type NetworkProvider interface {
	SetOpts(opts NetworkOptions) error
	Session() SessionDialListener
	SSHD() SSHDDialListener
	Name() string
	Opts() string
}

type Opt 

type Opt struct {
	SSHAddr          string       `mapstructure:"ssh-addr"`
	SSHProxyProtocol bool         `mapstructure:"ssh-proxy-protocol"`
	WSAddr           string       `mapstructure:"ws-addr"`
	NodeAddr         string       `mapstructure:"node-addr"`
	PrivateKeys      []string     `mapstructure:"private-key"`
	Hostnames        []string     `mapstructure:"hostname"`
	Network          string       `mapstructure:"network"`
	NetworkOpts      []string     `mapstructure:"network-opt"`
	MetricAddr       string       `mapstructure:"metric-addr"`
	Debug            bool         `mapstructure:"debug"`
	Routing          routing.Mode `mapstructure:"routing"`
	ConsulURL        string       `mapstructure:"consul-url"`
	ConsulSessionTTL string       `mapstructure:"consul-session-ttl"`
	SentryDSN        string       `mapstructure:"sentry-dsn"`
}

func (*Opt) Validate added in v0.15.0 

func (opt *Opt) Validate() error

Validate validates the server configuration

type SSHDDialListener 

type SSHDDialListener interface {
	Listen() (net.Listener, error)
	Dial() (net.Conn, error)
}

type SSHRouting 

type SSHRouting struct {
	HostSigners     []ssh.Signer
	AuthPiper       *authPiper
	Decoder         routing.Decoder
	Logger          *slog.Logger
	MetricsProvider provider.Provider
	// contains filtered or unexported fields
}

func (*SSHRouting) Serve 

func (p *SSHRouting) Serve(ln net.Listener) error

func (*SSHRouting) Shutdown 

func (p *SSHRouting) Shutdown() error

type Server 

type Server struct {
	NodeAddr        string
	HostSigners     []ssh.Signer
	Signers         []ssh.Signer
	NetworkProvider NetworkProvider
	MetricsProvider provider.Provider
	SessionManager  *SessionManager
	Logger          *slog.Logger
	// contains filtered or unexported fields
}

func (*Server) ServeWithContext 

func (s *Server) ServeWithContext(ctx context.Context, sshln net.Listener, wsln net.Listener) error

func (*Server) Shutdown 

func (s *Server) Shutdown() error

type ServerInfo 

type ServerInfo struct {
	NodeAddr string
}

type Session added in v0.15.0 

type Session struct {
	ID                   string
	NodeAddr             string
	HostUser             string
	HostPublicKeys       []ssh.PublicKey
	ClientAuthorizedKeys []ssh.PublicKey
}

Session represents the complete session information

func NewSession added in v0.15.0 

func NewSession(sessionID, nodeAddr, hostUser string, hostPublicKeys, clientAuthorizedKeys [][]byte) *Session

NewSession creates Session from session parameters

func (*Session) IsClientKeyAllowed added in v0.15.0 

func (s *Session) IsClientKeyAllowed(key ssh.PublicKey) bool

IsClientKeyAllowed checks if a client key is authorized for this session

func (*Session) MarshalJSON added in v0.15.0 

func (s *Session) MarshalJSON() ([]byte, error)

MarshalJSON implements custom JSON marshaling for Session

func (*Session) UnmarshalJSON added in v0.15.0 

func (s *Session) UnmarshalJSON(data []byte) error

UnmarshalJSON implements custom JSON unmarshaling for Session

type SessionDialListener 

type SessionDialListener interface {
	Listen(sesisonID string) (net.Listener, error)
	Dial(sessionID string) (net.Conn, error)
}

type SessionManager added in v0.15.0 

type SessionManager struct {
	// contains filtered or unexported fields
}

SessionManager provides a high-level interface for session management, combining session storage with connection ID encoding based on routing mode

func NewSessionManager added in v0.15.0 

func NewSessionManager(mode routing.Mode, opts ...SessionManagerOption) (*SessionManager, error)

NewSessionManager creates a new SessionManager with the specified routing mode and options

Examples: 

// Embedded mode (simple, with default logger)
sm, err := NewSessionManager(routing.ModeEmbedded)

// Embedded mode with custom logger
sm, err := NewSessionManager(routing.ModeEmbedded, WithSessionManagerLogger(logger))

// Consul mode with minimal configuration
sm, err := NewSessionManager(routing.ModeConsul, WithSessionManagerConsulURL("http://localhost:8500"))

// Consul mode with full configuration
sm, err := NewSessionManager(routing.ModeConsul,
    WithSessionManagerLogger(logger),
    WithSessionManagerConsulURL("http://consul.example.com:8500"),
    WithSessionManagerConsulTTL(1*time.Hour))

func (*SessionManager) CreateSession added in v0.15.0 

func (sm *SessionManager) CreateSession(session *Session) (string, error)

CreateSession stores the session and returns the encoded SSH user identifier

func (*SessionManager) DeleteSession added in v0.15.0 

func (sm *SessionManager) DeleteSession(sessionID string) error

DeleteSession removes a session by ID

func (*SessionManager) GetEncodeDecoder added in v0.15.0 

func (sm *SessionManager) GetEncodeDecoder() routing.EncodeDecoder

GetEncodeDecoder returns the EncodeDecoder used by this session manager

func (*SessionManager) GetRoutingMode added in v0.15.0 

func (sm *SessionManager) GetRoutingMode() routing.Mode

GetRoutingMode returns the routing mode of this session manager

func (*SessionManager) GetSession added in v0.15.0 

func (sm *SessionManager) GetSession(sessionID string) (*Session, error)

GetSession retrieves a session by ID

func (*SessionManager) GetStore added in v0.15.0 

func (sm *SessionManager) GetStore() SessionStore

GetStore returns the underlying SessionStore for compatibility

func (*SessionManager) ResolveSSHUser added in v0.15.0 

func (sm *SessionManager) ResolveSSHUser(sshUser string) (sessionID, nodeAddr string, err error)

ResolveSSHUser resolves an SSH username by decoding it and conditionally validating session existence In embedded mode: only decodes (session may be on another node) In consul mode: decodes and validates (shared store across all nodes)

func (*SessionManager) Shutdown added in v0.15.0 

func (sm *SessionManager) Shutdown(nodeAddr string) error

Shutdown cleans up sessions created by this node during server shutdown

type SessionManagerConfig added in v0.15.0 

type SessionManagerConfig struct {
	Mode      routing.Mode
	Logger    *slog.Logger
	ConsulURL *url.URL
	ConsulTTL time.Duration
}

SessionManagerConfig holds configuration for creating a SessionManager

type SessionManagerOption added in v0.15.0 

type SessionManagerOption func(*SessionManagerConfig)

SessionManagerOption is a functional option for configuring SessionManager

func WithSessionManagerConsulTTL added in v0.15.0 

func WithSessionManagerConsulTTL(ttl time.Duration) SessionManagerOption

WithSessionManagerConsulTTL sets the session TTL for consul mode

func WithSessionManagerConsulURL added in v0.15.1 

func WithSessionManagerConsulURL(consulURL *url.URL) SessionManagerOption

WithSessionManagerConsulURL sets the Consul URL for consul mode

func WithSessionManagerLogger added in v0.15.0 

func WithSessionManagerLogger(logger *slog.Logger) SessionManagerOption

WithSessionManagerLogger sets the logger for the session manager

type SessionStore added in v0.15.0 

type SessionStore interface {
	// Store complete session data
	Store(session *Session) error
	// Get complete session data
	Get(sessionID string) (*Session, error)
	// Delete session data
	Delete(sessionID string) error
	// BatchDelete multiple sessions efficiently
	BatchDelete(sessionIDs []string) error
	// List all sessions (for cleanup and management)
	List() ([]*Session, error)
	// Close cleans up resources and stops background processes
	Close() error
}

SessionStore defines the interface for session storage

type UnixProvider 

type UnixProvider struct {
	// contains filtered or unexported fields
}

func (*UnixProvider) Name 

func (p *UnixProvider) Name() string

func (*UnixProvider) Opts 

func (p *UnixProvider) Opts() string

func (*UnixProvider) SSHD 

func (p *UnixProvider) SSHD() SSHDDialListener

func (*UnixProvider) Session 

func (p *UnixProvider) Session() SessionDialListener

func (*UnixProvider) SetOpts 

func (p *UnixProvider) SetOpts(opts NetworkOptions) error

type UserCertChecker added in v0.5.0 

type UserCertChecker struct {
	UserKeyFallback func(user string, key ssh.PublicKey) (ssh.PublicKey, error)
}

func (*UserCertChecker) Authenticate added in v0.5.0 

func (c *UserCertChecker) Authenticate(user string, key ssh.PublicKey) (*AuthRequest, ssh.PublicKey, error)

Authenticate tries to pass auth request and public key from a cert. If the public key is not a cert, it calls the UserKeyFallback func. Otherwise it returns an error.

type UserCertSigner added in v0.5.0 

type UserCertSigner struct {
	SessionID   string
	User        string
	AuthRequest *AuthRequest
}

func (*UserCertSigner) SignCert added in v0.5.0 

func (g *UserCertSigner) SignCert(signer ssh.Signer) (ssh.Signer, error)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.