MCPcopy
hub / github.com/ContainerSSH/ContainerSSH / SSHProxyConfig

Struct SSHProxyConfig

config/sshproxy.go:15–47  ·  view source on GitHub ↗

SSHProxyConfig is the configuration for the SSH proxy module.

Source from the content-addressed store, hash-verified

13
14// SSHProxyConfig is the configuration for the SSH proxy module.
15type SSHProxyConfig struct {
16 // Server is the IP address or hostname of the backing server.
17 Server string `json:"server" yaml:"server"`
18 // Port is the TCP port to connect to.
19 Port uint16 `json:"port" yaml:"port" default:"22"`
20 // UsernamePassThrough means that the username should be taken from the connecting client.
21 UsernamePassThrough bool `json:"usernamePassThrough" yaml:"usernamePassThrough"`
22 // Username is the username to pass to the backing SSH server for authentication.
23 Username string `json:"username" yaml:"username"`
24 // Password is the password to offer to the backing SSH server for authentication.
25 Password string `json:"password" yaml:"password"`
26 // PrivateKey is the private key to use for authenticating with the backing server.
27 PrivateKey string `json:"privateKey" yaml:"privateKey"`
28 // AllowedHostKeyFingerprints lists which fingerprints we accept
29 AllowedHostKeyFingerprints SSHProxyAllowedHostKeyFingerprints `json:"allowedHostKeyFingerprints" yaml:"allowedHostKeyFingerprints"`
30 // Ciphers are the ciphers supported for the backend connection.
31 Ciphers SSHCipherList `json:"ciphers" yaml:"ciphers" default:"[\"chacha20-poly1305@openssh.com\",\"aes256-gcm@openssh.com\",\"aes128-gcm@openssh.com\",\"aes256-ctr\",\"aes192-ctr\",\"aes128-ctr\"]" comment:"Cipher suites to use"`
32 // KexAlgorithms are the key exchange algorithms for the backend connection.
33 KexAlgorithms SSHKexList `json:"kex" yaml:"kex" default:"[\"curve25519-sha256@libssh.org\",\"ecdh-sha2-nistp521\",\"ecdh-sha2-nistp384\",\"ecdh-sha2-nistp256\"]" comment:"Key exchange algorithms to use"`
34 // MACs are the MAC algorithms for the backend connection.
35 MACs SSHMACList `json:"macs" yaml:"macs" default:"[\"hmac-sha2-256-etm@openssh.com\",\"hmac-sha2-256\"]" comment:"MAC algorithms to use"`
36 // HostKeyAlgorithms is a list of algorithms for host keys. The server can offer multiple host keys and this list
37 // are the ones we want to accept. The fingerprints for the accepted algorithms should be added to
38 // AllowedHostKeyFingerprints.
39 HostKeyAlgorithms SSHKeyAlgoList `json:"hostKeyAlgos" yaml:"hostKeyAlgos" default:"[\"ssh-rsa-cert-v01@openssh.com\",\"ssh-dss-cert-v01@openssh.com\",\"ecdsa-sha2-nistp256-cert-v01@openssh.com\",\"ecdsa-sha2-nistp384-cert-v01@openssh.com\",\"ecdsa-sha2-nistp521-cert-v01@openssh.com\",\"ssh-ed25519-cert-v01@openssh.com\",\"ssh-rsa\",\"ssh-dss\",\"ssh-ed25519\"]"`
40 // Timeout is the time ContainerSSH is willing to wait for the backing connection to be established.
41 Timeout time.Duration `json:"timeout" yaml:"timeout" default:"60s"`
42 // ClientVersion is the version sent to the server.
43 // Must be in the format of "SSH-protoversion-softwareversion SPACE comments".
44 // See https://tools.ietf.org/html/rfc4253#page-4 section 4.2. Protocol Version Exchange
45 // The trailing CR and LF characters should NOT be added to this string.
46 ClientVersion SSHProxyClientVersion `json:"clientVersion" yaml:"clientVersion" default:"SSH-2.0-ContainerSSH"`
47}
48
49// Validate checks the configuration for the backing SSH server.
50func (c SSHProxyConfig) Validate() error {

Callers

nothing calls this directly

Calls

no outgoing calls

Tested by

no test coverage detected