ovh/the-bastion
1
1
Fork 0
mirror of https://github.com/ovh/the-bastion.git synced 2025-02-26 08:35:02 +08:00
Code Issues Projects Releases Packages Wiki Activity
665 commits 8 branches 50 tags 9.7 MiB
Commit graph

665 commits

This branch
This branch
All branches
Author SHA1 Message Date
Stéphane Lesimple
eb866bd16b release v3.17.00 2024-10-14 17:01:02 +02:00
Stéphane Lesimple
c93498c762 fix: opensuse: add procps package (for pkill) 2024-10-14 17:01:02 +02:00
Stéphane Lesimple
790f4c3e92 fix: osh.pl: propagate signals to plugins before exiting 2024-10-14 15:53:32 +02:00
Stéphane Lesimple
4196a5b1c7 release v3.16.99-rc3 2024-09-25 11:54:09 +02:00
Stéphane Lesimple
3ee9a5d896 fix: regression introduced by 932e72e for stealth stdout in ssh 
Before 932e72e, plugin-scoped stealthStdout was ignored, which was
fixed by 932e72e which in turn made ssh ignore the pattern-based egress ssh
stealthStdout option.

This fix ensures stealthStdout is honored for both plugins and egress ssh.
 2024-09-25 11:53:51 +02:00
Stéphane Lesimple
a0ec3ff9ee release v3.16.99-rc2 2024-09-17 14:45:36 +02:00
Stéphane Lesimple
accd50eea7 feat: add rsync support to --protocol 2024-09-17 14:44:28 +02:00
Stéphane Lesimple
858bb5157e enh: plugins: add validate_tuple() so a plugin can validate user@host:port independently 2024-09-17 14:44:28 +02:00
Stéphane Lesimple
19ef1b2668 enh: plugins: add --protocol to handle scp, sftp, rsync 
Replace --sftp --scpup --scpdown by --protocol PROTOCOL.
Also take the opportunity to replace --user-any by --user * and --port-any by --port *.
All the legacy options are still supported but are now undocumented.
 2024-09-17 14:44:28 +02:00
Stéphane Lesimple
454c16b4ce refacto: move special protocols checks into a lib 2024-09-17 14:44:28 +02:00
Stéphane Lesimple
4ef9c6ddde feat: add --egress-session-multiplexing option to accountModify 2024-09-17 11:19:49 +02:00
Stéphane Lesimple
733e67ef1d enh: add lock for group ACL change to avoid race conditions 2024-08-30 16:57:43 +02:00
Stéphane Lesimple
85c448d60c fixupo 2024-08-12 13:42:51 +02:00
Stéphane Lesimple
164247414a chore: freebsd: ignore OS version mismatch with packages 2024-08-12 13:42:51 +02:00
Stéphane Lesimple
f4de5957a3 feat: add groupSetServers 2024-08-12 13:42:51 +02:00
Stéphane Lesimple
97c0252605 enh: selfPlaySession: remove sqliteLog.ttyrecfile dependency 
We'll try to find the ttyrec file ourselves, given the uniqid.
This also enables ttyplaying for osh plugins.
 2024-07-25 10:48:35 +02:00
Stéphane Lesimple
f09a2064d7 chore: selfMFASetupPassword: clearer message 2024-07-24 18:07:32 +02:00
Stéphane Lesimple
3d2cf21e0b release v3.16.99-rc1 2024-07-03 18:31:59 +02:00
Stéphane Lesimple
932e72eb83 fix: stealth_stdout/stderr was ignored for plugins (fix #482) 2024-07-03 17:38:40 +02:00
Stéphane Lesimple
3ba789ed34 chore: adapt help messages for wildcard --user support 2024-07-02 17:54:28 +02:00
Stéphane Lesimple
2e96603300 feat: support wildcards in --user (fix #461) 2024-07-02 17:54:28 +02:00
Stéphane Lesimple
e368bb37e9 chore: install-ttyrec: bump latest known version fallback 2024-07-02 16:08:46 +02:00
Stéphane Lesimple
77ab1e2336 fix: tests: Ubuntu 24.04 adjustments 2024-07-02 16:08:46 +02:00
Stéphane Lesimple
603425b31e fix: install under FreeBSD 13.2 2024-07-02 16:08:46 +02:00
Stéphane Lesimple
b1396b2ed7 fix: accountFreeze: restore json results 2024-07-02 16:08:46 +02:00
Stéphane Lesimple
cccbdc09f3 chg: Debian12, Ubuntu20+: enable sntrup KEX by default 2024-07-02 16:08:46 +02:00
Stéphane Lesimple
e3f9fee4d9 chg: bump OpenSUSE Leap from 15.5 to 15.6 2024-07-02 16:08:46 +02:00
Stéphane Lesimple
357e4de158 chg: add Ubuntu 24.04 LTS 2024-07-02 16:08:46 +02:00
Stéphane Lesimple
914d8b30b4 chg: remove support for EOL CentOS 7 2024-07-02 16:08:46 +02:00
Stéphane Lesimple
560598b447 enh: autologin: set term to raw noecho when --no-tty is used 2024-06-27 17:03:47 +02:00
Stéphane Lesimple
47b51c79ee feat: accountFreeze: terminate running sessions if any 2024-06-27 17:03:07 +02:00
Stéphane Lesimple
b3361d3ed1 fix: selfGenerateProxyPassword: help message was incorrect 2024-06-27 17:02:13 +02:00
Stéphane Lesimple
15e6869be0 fix: ignore transient errors during global destruction 2024-06-25 14:09:54 +02:00
Stéphane Lesimple
4b781b821a release v3.16.01 2024-05-22 16:16:41 +02:00
Stéphane Lesimple
8c35c2783f chore: add README file into install/modules to ensure the folder exists even if empty 2024-04-17 14:38:19 +02:00
Stéphane Lesimple
72b757457c enh: info: removed uname dependency, added configuration 2024-04-17 14:38:19 +02:00
Stéphane Lesimple
b971aa03fb chore: linters: limit to known directories 2024-04-17 14:38:19 +02:00
Stéphane Lesimple
29437466dd chg: bastion-sync-helper.sh: use sh instead of bash 2024-04-17 14:03:31 +02:00
Stéphane Lesimple
1f6e6c3639 fix: alive: don't mask signals 2024-04-15 11:32:35 +02:00
Stéphane Lesimple
3646badbdf release 3.16.00 2024-04-10 14:16:10 +02:00
Stéphane Lesimple
7487597d61 fix: tests: don't test FIDO2 on unsupported distros 2024-04-10 10:51:01 +02:00
perrze
0b13371165 Adding tests for secure keys feature 2024-04-10 10:51:01 +02:00
Stéphane Lesimple
3c9382a192 enh: use print_accepted_key_algorithms everywhere 2024-04-10 10:51:01 +02:00
Stéphane Lesimple
321c592d51 chore: perltidy 2024-04-10 10:51:01 +02:00
Pierre-Elliott Bécue
99dfa9d351 Drop an unused variable in print_accepted_key_algorithms 2024-04-10 10:51:01 +02:00
Pierre-Elliott Bécue
1e44092c16 Factor out in a generic function the helper listing allowed ssh key algorithm 2024-04-10 10:51:01 +02:00
Pierre-Elliott Bécue
7dce5734fd Escape dots in regex patterns for ssh algorithms 
Co-authored-by: Stéphane Lesimple <speed47_github@speed47.net>
 2024-04-10 10:51:01 +02:00
Pierre-Elliott Bécue
d0ac9eabb9 Implement Ingress Secure Keys 2024-04-10 10:51:01 +02:00
Stéphane Lesimple
a1efcec582 feat: replace --wait by a tcp-based connection try 2024-04-09 18:23:17 +02:00
Louis Laporte
dac0fedb89 feat: add option to wait for a specific port open 2024-04-09 18:23:17 +02:00