Categorygithub.com/containerssh/security
modulepackage
1.0.0
Repository: https://github.com/containerssh/security.git
Documentation: pkg.go.dev
Overview
Versions
2
Dependencies
6
Dependents
6
Files
617 SLOC

# README

ContainerSSH - Launch Containers on Demand

ContainerSSH Security Library

Go Report Card LGTM Alerts

This library provides a security overlay for the sshserver library.

⚠⚠⚠ Warning: This is a developer documentation. ⚠⚠⚠
The user documentation for ContainerSSH is located at containerssh.io.

Using this library

This library is intended as a tie-in to an existing module and does not implement a full SSH backend. Instead, you can use the New() function to create a network connection handler with an appropriate backend:

security, err := security.New(
    config,
    backend
)

The backend should implement the sshserver.NetworkConnectionHandler interface from the sshserver library. For the details of the configuration structure please see config.go.

# Functions

New creates a new security backend proxy.goland:noinspection GoUnusedExportedFunction.

# Constants

ContainerSSH rejected setting the environment variable because it does not pass the security settings.
A program execution request has been rejected because it doesn't conform to the security settings.
Program execution failed in conjunction with the forceCommand option because ContainerSSH could not set the `SSH_ORIGINAL_COMMAND` environment variable on the backend.
The client has reached the maximum number of configured sessions, the new session request is therefore rejected.
ContainerSSH rejected launching a shell due to the security settings.
ContainerSSH rejected delivering a signal because it does not pass the security settings.
ContainerSSH rejected the subsystem because it does pass the security settings.
ContainerSSH rejected the pseudoterminal request because of the security settings.
ExecutionPolicyDisable disables the specified method and does not take the allow or deny lists into account.
ExecutionPolicyEnable allows the execution of the specified method unless the specified option matches the "deny" list.
ExecutionPolicyFilter filters the execution against a specified allow list.
ExecutionPolicyUnconfigured falls back to the default mode.
ContainerSSH is replacing the command passed from the client (if any) to the specified command and is setting the `SSH_ORIGINAL_COMMAND` environment variable.

# Structs

CommandConfig controls command executions via SSH (exec requests).
Config is the configuration structure for security settings.
EnvConfig configures setting environment variables.
ErrTooManySessions indicates that too many sessions were opened in the same connection.
ShellConfig controls shell executions via SSH.
SignalConfig configures how signal forwarding requests are treated.
SubsystemConfig controls shell executions via SSH.
TTYConfig controls how to treat TTY/PTY requests by clients.

# Type aliases

ExecutionPolicy drives how to treat a certain request.