Package db contains methods for working with database connection profiles that combine connection parameters for a particular database.

Package escape implements client-side escape character logic.

Package identityfile handles formatting and parsing of identity files.

CreatePROXYHeaderGetter returns PROXY headers signer with embedded client source/destination IP addresses, which are taken from the context.

ExportAuthorities returns the list of authorities in OpenSSH compatible formats as a string.

ExportAuthoritiesSecrets exports the Authority Certificate secrets (private keys).

GenerateRSAKey generates a new unsigned key.

GetKubeTLSServerName returns k8s server name used in KUBECONFIG to leverage TLS Routing.

GetPaginatedSessions grabs up to 'max' sessions.

GetSessionFromResponse creates a [types.WebSession] if a cookie named [websession.CookieName] is present in the provided [roundtrip.Response].

GetWebConfig is used by teleterm to fetch webconfig.js from proxies.

HostCredentials is used to fetch host credentials for a node.

InsecureSkipHostKeyChecking is used when the user passes in "StrictHostKeyChecking yes".

IsNoCredentialsError returns whether the given error is an ErrNoCredentials error.

LoadKeysToKubeFromStore loads the keys for a given teleport cluster and kube cluster from the store.

MakeDefaultConfig returns default client config.

MFARequiredUnknown creates a new MFARequiredUnknownErr that wraps the error encountered attempting to determine if the mfa ceremony should proceed.

NewClient creates a TeleportClient object and fully configures it.

NewMemClientStore initializes an FS backed client store with the given base dir.

NewFSKeyStore initializes a new FSClientStore.

NewFSProfileStore creates a new instance of FSProfileStore.

NewFSTrustedCertsStore creates a new instance of FSTrustedCertsStore.

NewKey creates a new Key for the given private key.

NewKubeSession joins a live kubernetes session.

NewLocalAgent reads all available credentials from the provided LocalKeyStore and loads them into the local and system agent.

NewMemClientStore initializes a new in-memory client store.

NewMemProfileStore creates a new instance of MemProfileStore.

NewMemTrustedCertsStore creates a new instance of MemTrustedCertsStore.

NewNodeClient constructs a NodeClient that is connected to the node at nodeAddress.

NewRedirector returns new local web server redirector.

ParseDynamicPortForwardSpec parses the dynamic port forwarding spec passed in the -D flag.

ParseLabelSpec parses a string like 'name=value,"long name"="quoted value"` into a map like { "name" -> "value", "long name" -> "quoted value" }.

ParsePortForwardSpec parses parameter to -L flag, i.e.

ParseProxyHost parses a ProxyHost string of the format <hostname>:<proxy_web_port>,<proxy_ssh_port> and returns the parsed components.

ParseSearchKeywords parses a string ie: foo,bar,"quoted value"` into a slice of strings: ["foo", "bar", "quoted value"].

PerformMFACeremony issues single-use certificates via GenerateUserCerts, following its recommended RPC flow.

PlayFile plays the recorded session from a tar file.

ProfileNameFromProxyAddress converts proxy address to profile name or returns the current profile if the proxyAddr is not set.

ProxyHost returns the hostname of the proxy server (without any port numbers).

RetryWithRelogin is a helper error handling method, attempts to relogin and retry the function once.

RunALPNAuthTunnel runs a local authenticated ALPN proxy to another service.

RunPresenceTask periodically performs and MFA ceremony to detect that a user is still present and attentive.

SSHAgentHeadlessLogin begins the headless login ceremony, returning new user certificates if successful.

SSHAgentLogin is used by tsh to fetch local user credentials.

SSHAgentLoginWeb is used by tsh to fetch local user credentials via the web api.

SSHAgentMFALogin requests a MFA challenge via the proxy.

SSHAgentMFAWebSessionLogin requests a MFA challenge via the proxy web api.

SSHAgentPasswordlessLogin requests a passwordless MFA challenge via the proxy.

SSHAgentPasswordlessLoginWeb requests a passwordless MFA challenge via the proxy web api.

SSHAgentSSOLogin is used by tsh to fetch user credentials using OpenID Connect (OIDC) or SAML.

TrustedCertsFromCACerts converts the given TLS CA certificates and KnownHosts files into a list of Trusted Certs.

Username returns the current user's username.

ValidateAgentKeyOption validates that a string is a valid option for the AddKeysToAgent parameter.

VirtualPathAppParams returns parameters for selecting specific apps by name.

VirtualPathCAParams returns parameters for selecting CA certificates.

VirtualPathDatabaseParams returns parameters for selecting specific database certificates.

VirtualPathEnvName formats a single virtual path environment variable name.

VirtualPathEnvNames determines an ordered list of environment variables that should be checked to resolve an env var override.

VirtualPathKubernetesParams returns parameters for selecting k8s clusters by name.

WithBeforeLogin is a functional option for configuring a function that will be called before the login attempt.

WithHostAddress returns a SSHOptions which overrides the target host address with the one provided.

WithLabeledOutput labels each line of output from a command with the node's hostname.

WithMFARequired is an IssueUserCertsOpt that sets the MFA required check result in provided bool ptr.

WithNodeHostname sets the hostname to display for the connected node.

WithPresenceClock sets the clock to be used by RunPresenceTask.

WithSSHLogDir sets the directory to write command output to when running commands on multiple nodes.

CertCacheDrop indicates that all user certificates should be dropped as part of the re-issue process.

CertCacheKeep indicates that all user certificates (except those explicitly updated by the re-issue) should be preserved across the re-issue process.

HTTPS is https prefix.

LoginFailedBadCallbackRedirectURL is a redirect URL when an SSO error specific to auth connector's callback was encountered.

LoginFailedRedirectURL is the default redirect URL when an SSO error was encountered.

LoginFailedUnauthorizedRedirectURL is a redirect URL for when an SSO authenticates successfully, but the user has no matching roles in Teleport.

LoginSuccessRedirectURL is a redirect URL when login was successful without errors.

VirtualPathEnvPrefix is the env var name prefix shared by all virtual path vars.

WSS is secure web sockets prefix.

ErrNoCredentials is returned by the client store when a specific key is not found.

WithAllCerts lists all known CertOptions.

ALPNAuthTunnelConfig contains the required fields used to create an authed ALPN Proxy.

AuthenticateSSHUserRequest are passed by web client to authenticate against teleport server and receive a temporary cert signed by auth server authority.

CachePolicy defines cache policy for local clients.

ClusterClient facilitates communicating with both the Auth and Proxy services of a cluster.

Config is a client config.

CreateSSHCertReq are passed by web client to authenticate against teleport server and receive a temporary cert signed by auth server authority.

CreateWebSessionReq is a request for the web api to initiate a new web session.

CreateWebSessionResponse is a response from the web api to a [CreateWebSessionReq] request.

DBCertChecker is a middleware that ensures that the local proxy has valid TLS database certs.

DynamicForwardedPort local port for dynamic application-level port forwarding.

ExportAuthoritiesRequest has the required fields to create an export authorities request.

ForwardedPort specifies local tunnel to remote destination managed by the client, is equivalent of ssh -L src:host:dst command.

FSKeyStore is an on-disk implementation of the KeyStore interface.

FSProfileStore is an on-disk implementation of the ProfileStore interface.

FSTrustedCertsStore is an on-disk implementation of the TrustedCAStore interface.

Key describes a complete (signed) client key.

KeyIndex helps to identify a key in the store.

KubeSession a joined kubernetes session from the client side.

LocalAgentConfig contains parameters for creating the local keys agent.

LocalKeyAgent holds Teleport certificates for a user connected to a cluster.

MemProfileStore is an in-memory implementation of ProfileStore.

MemTrustedCertsStore is an in-memory implementation of TrustedCertsStore.

MFAAuthenticateChallenge is an MFA authentication challenge sent on user login / authentication ceremonies.

MFAChallengeRequest is a request from the client for a MFA challenge from the server.

MFAChallengeResponse holds the response to a MFA challenge.

MFARegisterChallenge is an MFA register challenge sent on new MFA register.

MFARequiredUnknownErr indicates that connections to an instance failed due to being unable to determine if mfa is required.

NodeClient implements ssh client to a ssh node (teleport or any regular ssh node) NodeClient can run shell and commands or upload and download files.

NodeDetails provides connection information for a node.

ParsedProxyHost holds the hostname and Web & SSH proxy addresses parsed out of a WebProxyAddress string.

PerformMFACeremonyParams are the input parameters for [PerformMFACeremony].

ProfileStatus combines metadata from the logged in profile and associated SSH certificate.

ProxyClient implements ssh client to a teleport proxy It can provide list of nodes or connect to nodes.

Redirector handles SSH redirect flow with the Teleport server.

RedirectorConfig allows customization of Redirector.

ReissueParams encodes optional parameters for user certificate reissue.

RunCommandOptions is a set of options for NodeClient.RunCommand.

SSHLogin contains common SSH login parameters.

SSHLoginDirect contains SSH login parameters for direct (user/pass/OTP) login.

SSHLoginMFA contains SSH login parameters for MFA login.

SSHLoginPasswordless contains SSH login parameters for passwordless login.

SSHLoginSSO contains SSH login parameters for SSO login.

SSHOptions allow overriding configuration used when connecting to a host via [TeleportClient.SSH].

SSOLoginConsoleReq is used to SSO for tsh.

SSOLoginConsoleResponse is a response to SSO console request.

Store is a storage interface for client data.

TeleportClient is a wrapper around SSH client with teleport specific workflow built in.

TOTPRegisterChallenge contains a TOTP challenge.

WebClient is a package local lightweight client used in tests and some functions to handle errors properly.

WithAppCerts is a CertOption for handling application access certificates.

WithDBCerts is a CertOption for handling database access certificates.

WithKubeCerts is a CertOption for handling kubernetes certificates.

WithSSHCerts is a CertOption for handling SSH certificates.

ALPNAuthClient contains the required auth.ClientI methods to create a local ALPN proxy.

CertOption is an additional step to run when loading/deleting user certificates.

KeyStore is a storage interface for client session keys and certificates.

PerformMFACurrentClient is a subset of Auth methods required for MFA.

PerformMFARootClient is a subset of Auth methods required for MFA.

PresenceMaintainer allows maintaining presence with the Auth service.

ProfileStore is a storage interface for client profile data.

TrustedCertsStore is a storage interface for trusted CA certificates and public keys.

AgentForwardingMode describes how the user key agent will be forwarded to a remote machine, if at all.

CertCachePolicy describes what should happen to the certificate cache when a user certificate is re-issued.

DTAuthnRunCeremonyFunc matches the signature of [dtauthn.Ceremony.Run].

DynamicForwardedPorts is a slice of locally forwarded dynamic ports (SOCKS5).

ForwardedPorts contains an array of forwarded port structs.

HostKeyCallback is called by SSH client when it needs to check remote host key or certificate validity.

IssueUserCertsOpt is an option func for issuing user certs.

NodeClientOption is a functional argument for NewNodeClient.

PresenceOption a functional option for RunPresenceTask.

PromptMFAChallengeHandler is a handler for MFA challenges.

RetryWithReloginOption is a functional option for configuring the RetryWithRelogin helper.

RunCommandOption is a functional argument for NodeClient.RunCommand.

ShellCreatedCallback can be supplied for every teleport client.

SSHLoginFunc is a function which carries out authn with an auth server and returns an auth response.

SSOLoginFunc is a function used in tests to mock SSO logins.

VirtualPathKind is the suffix component for env vars denoting the type of file that will be loaded.

VirtualPathParams are an ordered list of additional optional parameters for a virtual path.

WebauthnLoginFunc matches the signature of [wancli.Login].

WebLoginFunc is a function which carries out authn with the web server and returns a web session and cookies.