SSHProxyConfig is the configuration for the SSH proxy module.
| 13 | |
| 14 | // SSHProxyConfig is the configuration for the SSH proxy module. |
| 15 | type SSHProxyConfig struct { |
| 16 | // Server is the IP address or hostname of the backing server. |
| 17 | Server string `json:"server" yaml:"server"` |
| 18 | // Port is the TCP port to connect to. |
| 19 | Port uint16 `json:"port" yaml:"port" default:"22"` |
| 20 | // UsernamePassThrough means that the username should be taken from the connecting client. |
| 21 | UsernamePassThrough bool `json:"usernamePassThrough" yaml:"usernamePassThrough"` |
| 22 | // Username is the username to pass to the backing SSH server for authentication. |
| 23 | Username string `json:"username" yaml:"username"` |
| 24 | // Password is the password to offer to the backing SSH server for authentication. |
| 25 | Password string `json:"password" yaml:"password"` |
| 26 | // PrivateKey is the private key to use for authenticating with the backing server. |
| 27 | PrivateKey string `json:"privateKey" yaml:"privateKey"` |
| 28 | // AllowedHostKeyFingerprints lists which fingerprints we accept |
| 29 | AllowedHostKeyFingerprints SSHProxyAllowedHostKeyFingerprints `json:"allowedHostKeyFingerprints" yaml:"allowedHostKeyFingerprints"` |
| 30 | // Ciphers are the ciphers supported for the backend connection. |
| 31 | Ciphers SSHCipherList `json:"ciphers" yaml:"ciphers" default:"[\"chacha20-poly1305@openssh.com\",\"aes256-gcm@openssh.com\",\"aes128-gcm@openssh.com\",\"aes256-ctr\",\"aes192-ctr\",\"aes128-ctr\"]" comment:"Cipher suites to use"` |
| 32 | // KexAlgorithms are the key exchange algorithms for the backend connection. |
| 33 | KexAlgorithms SSHKexList `json:"kex" yaml:"kex" default:"[\"curve25519-sha256@libssh.org\",\"ecdh-sha2-nistp521\",\"ecdh-sha2-nistp384\",\"ecdh-sha2-nistp256\"]" comment:"Key exchange algorithms to use"` |
| 34 | // MACs are the MAC algorithms for the backend connection. |
| 35 | MACs SSHMACList `json:"macs" yaml:"macs" default:"[\"hmac-sha2-256-etm@openssh.com\",\"hmac-sha2-256\"]" comment:"MAC algorithms to use"` |
| 36 | // HostKeyAlgorithms is a list of algorithms for host keys. The server can offer multiple host keys and this list |
| 37 | // are the ones we want to accept. The fingerprints for the accepted algorithms should be added to |
| 38 | // AllowedHostKeyFingerprints. |
| 39 | HostKeyAlgorithms SSHKeyAlgoList `json:"hostKeyAlgos" yaml:"hostKeyAlgos" default:"[\"ssh-rsa-cert-v01@openssh.com\",\"ssh-dss-cert-v01@openssh.com\",\"ecdsa-sha2-nistp256-cert-v01@openssh.com\",\"ecdsa-sha2-nistp384-cert-v01@openssh.com\",\"ecdsa-sha2-nistp521-cert-v01@openssh.com\",\"ssh-ed25519-cert-v01@openssh.com\",\"ssh-rsa\",\"ssh-dss\",\"ssh-ed25519\"]"` |
| 40 | // Timeout is the time ContainerSSH is willing to wait for the backing connection to be established. |
| 41 | Timeout time.Duration `json:"timeout" yaml:"timeout" default:"60s"` |
| 42 | // ClientVersion is the version sent to the server. |
| 43 | // Must be in the format of "SSH-protoversion-softwareversion SPACE comments". |
| 44 | // See https://tools.ietf.org/html/rfc4253#page-4 section 4.2. Protocol Version Exchange |
| 45 | // The trailing CR and LF characters should NOT be added to this string. |
| 46 | ClientVersion SSHProxyClientVersion `json:"clientVersion" yaml:"clientVersion" default:"SSH-2.0-ContainerSSH"` |
| 47 | } |
| 48 | |
| 49 | // Validate checks the configuration for the backing SSH server. |
| 50 | func (c SSHProxyConfig) Validate() error { |
nothing calls this directly
no outgoing calls
no test coverage detected