mirror of
https://github.com/moul/sshportal.git
synced 2024-09-20 15:06:07 +08:00
Small fixes
This commit is contained in:
parent
82f96e457c
commit
cb3c1056e5
|
@ -4,6 +4,7 @@
|
||||||
|
|
||||||
* The default created user now has the same username as the user starting sshportal (was hardcoded "admin")
|
* The default created user now has the same username as the user starting sshportal (was hardcoded "admin")
|
||||||
* Add Telnet support
|
* Add Telnet support
|
||||||
|
* Add TTY audit feature ([#23](https://github.com/moul/sshportal/issues/23)) by [@sabban](https://github.com/sabban)
|
||||||
|
|
||||||
## v1.7.1 (2018-01-03)
|
## v1.7.1 (2018-01-03)
|
||||||
|
|
||||||
|
|
2
Makefile
2
Makefile
|
@ -33,7 +33,7 @@ test:
|
||||||
|
|
||||||
.PHONY: lint
|
.PHONY: lint
|
||||||
lint:
|
lint:
|
||||||
gometalinter --disable-all --enable=errcheck --enable=vet --enable=vetshadow --enable=golint --enable=gas --enable=ineffassign --enable=goconst --enable=goimports --enable=gofmt --exclude="should have comment" --enable=staticcheck --enable=gosimple --enable=misspell --deadline=20s .
|
gometalinter --disable-all --enable=errcheck --enable=vet --enable=vetshadow --enable=golint --enable=gas --enable=ineffassign --enable=goconst --enable=goimports --enable=gofmt --exclude="should have comment" --enable=staticcheck --enable=gosimple --enable=misspell --deadline=60s .
|
||||||
|
|
||||||
.PHONY: backup
|
.PHONY: backup
|
||||||
backup:
|
backup:
|
||||||
|
|
|
@ -37,6 +37,7 @@ Jump host/Jump server without the jump, a.k.a Transparent SSH bastion
|
||||||
* Sensitive data encryption
|
* Sensitive data encryption
|
||||||
* Session management (see active connections, history, stats, stop)
|
* Session management (see active connections, history, stats, stop)
|
||||||
* Audit log (logging every user action)
|
* Audit log (logging every user action)
|
||||||
|
* Record TTY Session
|
||||||
* Host Keys verifications shared across users
|
* Host Keys verifications shared across users
|
||||||
* Healthcheck user (replying OK to any user)
|
* Healthcheck user (replying OK to any user)
|
||||||
* SSH compatibility
|
* SSH compatibility
|
||||||
|
|
8
main.go
8
main.go
|
@ -75,7 +75,7 @@ func main() {
|
||||||
Usage: "Encrypt sensitive data in database (length: 16, 24 or 32)",
|
Usage: "Encrypt sensitive data in database (length: 16, 24 or 32)",
|
||||||
},
|
},
|
||||||
cli.StringFlag{
|
cli.StringFlag{
|
||||||
Name: "logs-location",
|
Name: "logs-location",
|
||||||
Value: "./log",
|
Value: "./log",
|
||||||
Usage: "Store user session files",
|
Usage: "Store user session files",
|
||||||
},
|
},
|
||||||
|
@ -138,16 +138,16 @@ func server(c *cli.Context) error {
|
||||||
// check for the logdir existence
|
// check for the logdir existence
|
||||||
logsLocation, e := os.Stat(c.String("logs-location"))
|
logsLocation, e := os.Stat(c.String("logs-location"))
|
||||||
if e != nil {
|
if e != nil {
|
||||||
err = os.MkdirAll(c.String("logs-location"), os.ModeDir | os.FileMode(0750) )
|
err = os.MkdirAll(c.String("logs-location"), os.ModeDir|os.FileMode(0750))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
if !logsLocation.IsDir() {
|
if !logsLocation.IsDir() {
|
||||||
log.Fatal("log directory cannnot be created")
|
log.Fatal("log directory cannot be created")
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
opts := []ssh.Option{}
|
opts := []ssh.Option{}
|
||||||
// custom PublicKeyAuth handler
|
// custom PublicKeyAuth handler
|
||||||
opts = append(opts, ssh.PublicKeyAuth(publicKeyAuthHandler(db, c)))
|
opts = append(opts, ssh.PublicKeyAuth(publicKeyAuthHandler(db, c)))
|
||||||
|
|
2
ssh.go
2
ssh.go
|
@ -145,7 +145,7 @@ func channelHandler(srv *ssh.Server, conn *gossh.ServerConn, newChan gossh.NewCh
|
||||||
err = bastionsession.ChannelHandler(srv, conn, newChan, ctx, bastionsession.Config{
|
err = bastionsession.ChannelHandler(srv, conn, newChan, ctx, bastionsession.Config{
|
||||||
Addr: host.DialAddr(),
|
Addr: host.DialAddr(),
|
||||||
ClientConfig: clientConfig,
|
ClientConfig: clientConfig,
|
||||||
Logs: logsLocation,
|
Logs: logsLocation,
|
||||||
})
|
})
|
||||||
|
|
||||||
now := time.Now()
|
now := time.Now()
|
||||||
|
|
22
vendor/github.com/arkan/bastion/LICENSE
generated
vendored
Normal file
22
vendor/github.com/arkan/bastion/LICENSE
generated
vendored
Normal file
|
@ -0,0 +1,22 @@
|
||||||
|
MIT License
|
||||||
|
|
||||||
|
Copyright (c) 2016-2017 Florian Bertholin
|
||||||
|
|
||||||
|
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||||
|
of this software and associated documentation files (the "Software"), to deal
|
||||||
|
in the Software without restriction, including without limitation the rights
|
||||||
|
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||||
|
copies of the Software, and to permit persons to whom the Software is
|
||||||
|
furnished to do so, subject to the following conditions:
|
||||||
|
|
||||||
|
The above copyright notice and this permission notice shall be included in all
|
||||||
|
copies or substantial portions of the Software.
|
||||||
|
|
||||||
|
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||||
|
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||||
|
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||||
|
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||||
|
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||||
|
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
||||||
|
SOFTWARE.
|
||||||
|
|
49
vendor/github.com/arkan/bastion/pkg/logchannel/logchannel.go
generated
vendored
Normal file
49
vendor/github.com/arkan/bastion/pkg/logchannel/logchannel.go
generated
vendored
Normal file
|
@ -0,0 +1,49 @@
|
||||||
|
package logchannel
|
||||||
|
|
||||||
|
import (
|
||||||
|
"encoding/binary"
|
||||||
|
"io"
|
||||||
|
"syscall"
|
||||||
|
"time"
|
||||||
|
|
||||||
|
"golang.org/x/crypto/ssh"
|
||||||
|
)
|
||||||
|
|
||||||
|
type logChannel struct {
|
||||||
|
channel ssh.Channel
|
||||||
|
writer io.WriteCloser
|
||||||
|
}
|
||||||
|
|
||||||
|
func writeTTYRecHeader(fd io.Writer, length int) {
|
||||||
|
t := time.Now()
|
||||||
|
|
||||||
|
tv := syscall.NsecToTimeval(t.UnixNano())
|
||||||
|
|
||||||
|
binary.Write(fd, binary.LittleEndian, int32(tv.Sec))
|
||||||
|
binary.Write(fd, binary.LittleEndian, int32(tv.Usec))
|
||||||
|
binary.Write(fd, binary.LittleEndian, int32(length))
|
||||||
|
}
|
||||||
|
|
||||||
|
func New(channel ssh.Channel, writer io.WriteCloser) *logChannel {
|
||||||
|
return &logChannel{
|
||||||
|
channel: channel,
|
||||||
|
writer: writer,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func (l *logChannel) Read(data []byte) (int, error) {
|
||||||
|
return l.Read(data)
|
||||||
|
}
|
||||||
|
|
||||||
|
func (l *logChannel) Write(data []byte) (int, error) {
|
||||||
|
writeTTYRecHeader(l.writer, len(data))
|
||||||
|
l.writer.Write(data)
|
||||||
|
|
||||||
|
return l.channel.Write(data)
|
||||||
|
}
|
||||||
|
|
||||||
|
func (l *logChannel) Close() error {
|
||||||
|
l.writer.Close()
|
||||||
|
|
||||||
|
return l.channel.Close()
|
||||||
|
}
|
6
vendor/vendor.json
vendored
6
vendor/vendor.json
vendored
|
@ -8,6 +8,12 @@
|
||||||
"revision": "648efa622239a2f6ff949fed78ee37b48d499ba4",
|
"revision": "648efa622239a2f6ff949fed78ee37b48d499ba4",
|
||||||
"revisionTime": "2016-10-02T11:37:05Z"
|
"revisionTime": "2016-10-02T11:37:05Z"
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
"checksumSHA1": "MHJo0MQ1wV3xSm0ncSn/aHaZR3Y=",
|
||||||
|
"path": "github.com/arkan/bastion/pkg/logchannel",
|
||||||
|
"revision": "0eb93ed2121907205ca69f46667a25f8b4320fde",
|
||||||
|
"revisionTime": "2018-01-04T15:54:52Z"
|
||||||
|
},
|
||||||
{
|
{
|
||||||
"checksumSHA1": "qe14CYEIsrbHmel1u0gsdZNFPLQ=",
|
"checksumSHA1": "qe14CYEIsrbHmel1u0gsdZNFPLQ=",
|
||||||
"path": "github.com/asaskevich/govalidator",
|
"path": "github.com/asaskevich/govalidator",
|
||||||
|
|
Loading…
Reference in a new issue