summaryrefslogtreecommitdiffhomepage
path: root/ssh/tailssh/tailssh_test.go
AgeCommit message (Collapse)AuthorFilesLines
2022-07-25all: use various net/netip parse funcs directlyBrad Fitzpatrick1-4/+4
Mechanical change with perl+goimports. Changed {Must,}Parse{IP,IPPrefix,IPPort} to their netip variants, then goimports -d . Finally, removed the net/netaddr wrappers, to prevent future use. Updates #5162 Change-Id: I59c0e38b5fbca5a935d701645789cddf3d7863ad Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-07-25net/netaddr: start migrating to net/netip via new netaddr adapter packageBrad Fitzpatrick1-1/+1
Updates #5162 Change-Id: Id7bdec303b25471f69d542f8ce43805328d56c12 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-07-21ssh/tailssh: handle not-authenticated-yet connections in matchRuleMaisem Ali1-0/+14
Also make more fields in conn.info thread safe, there was previously a data race here. Fixes #5110 Signed-off-by: Maisem Ali <maisem@tailscale.com>
2022-06-27ssh/tailssh: always use current time for policy evaluationMaisem Ali1-1/+0
Whenever the SSH policy changes we revaluate all open connections to make sure they still have access. This check was using the wrong timestamp and would match against expired policies, however this really isn't a problem today as we don't have policy that would be impacted by this check. Fixing it for future use. Signed-off-by: Maisem Ali <maisem@tailscale.com>
2022-06-27ssh/tailssh: allow multiple sessions on the same connMaisem Ali1-1/+2
Fixes #4920 Fixes tailscale/corp#5633 Updates #4479 Signed-off-by: Maisem Ali <maisem@tailscale.com>
2022-04-21ssh/tailssh: avoid user ssh configuration in testsJames Tucker1-0/+2
Signed-off-by: James Tucker <james@tailscale.com>
2022-04-21ssh/tailssh: filter accepted environment variablesBrad Fitzpatrick1-0/+19
Noted by @danderson Updates #3802 Change-Id: Iac70717ed57f11726209ac1ea93ddc6696605f94 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-04-20ssh/tailssh: send banner messages during auth, move more to connMaisem Ali1-14/+19
(VSCode Live Share between Brad & Maisem!) Updates #3802 Change-Id: Id8edca4481b0811debfdf56d4ccb1a46f71dd6d3 Co-Authored-By: Brad Fitzpatrick <bradfitz@tailscale.com> Signed-off-by: Maisem Ali <maisem@tailscale.com>
2022-04-20ssh/tailssh: support expansions in public key fetch URL tooBrad Fitzpatrick1-0/+20
Updates #3802 Change-Id: I5aa98bdab14fd1c1c00ba63b93f8d7e670f72437 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-04-20ssh/tailssh: terminate ssh auth early if no policy can matchMaisem Ali1-5/+8
Also bump github.com/tailscale/golang-x-crypto/ssh Updates #3802 Signed-off-by: Maisem Ali <maisem@tailscale.com>
2022-04-18ssh/tailssh: cache public keys fetched from URLsBrad Fitzpatrick1-0/+67
Updates #3802 Change-Id: I96715bae02bce6ea19f16b1736d1bbcd7bcf3534 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-04-15tailcfg, ssh/tailssh: optionally support SSH public keys in wire policyBrad Fitzpatrick1-1/+4
And clean up logging. Updates #3802 Change-Id: I756dc2d579a16757537142283d791f1d0319f4f0 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-03-26tempfork: temporarily fork gliderlabs/ssh and x/crypto/sshBrad Fitzpatrick1-1/+1
While we rearrange/upstream things. gliderlabs/ssh is forked into tempfork from our prior fork at https://github.com/tailscale/ssh/commit/be8b7add4057ef5a8e458b42331a7633c06d026a x/crypto/ssh OTOH is forked at https://github.com/tailscale/golang-x-crypto because it was gnarlier to vendor with various internal packages, etc. Its git history shows where it starts (2c7772ba30643b7a2026cbea938420dce7c6384d). Updates #3802 Change-Id: I546e5cdf831cfc030a6c42557c0ad2c58766c65f Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-03-22ssh/tailssh: support placeholders in SSHAction.HoldAndDelegate URLBrad Fitzpatrick1-1/+2
Updates #3802 Change-Id: I60f9827409d14fd4f4824d102ba11db49bf0d365 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-03-21tailcfg, ssh/tailssh: make SSHUser value '=' map ssh-user to same local-userBrad Fitzpatrick1-0/+12
Updates #3802 Change-Id: Icde60d4150ca15c25d615a4effb3d3c236f020a8 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-03-18all: use cibuild.OnJosh Bleecher Snyder1-6/+3
Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
2022-03-18ssh/tailssh_test: skip TestSSH/stdin in CIMaisem Ali1-0/+5
Updates #4051 Signed-off-by: Maisem Ali <maisem@tailscale.com>
2022-03-17ssh/tailssh_test: Skip the env test in CIMaisem Ali1-3/+5
Updates #4051 Signed-off-by: Maisem Ali <maisem@tailscale.com>
2022-03-14ssh/tailssh: add a new sshSession type to clean up existing+future codeBrad Fitzpatrick1-4/+2
Updates #3802 Change-Id: I7054dca387f5e5aee1185937ecf41b77a5a07f1a Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com> Co-authored-by: Maisem Ali <maisem@tailscale.com>
2022-03-12go.mod: move from github.com/gliderlabs/ssh to github.com/tailscale/sshMaisem Ali1-1/+1
Updates #4146 Signed-off-by: Maisem Ali <maisem@tailscale.com>
2022-03-09ssh/tailssh: handle local port forwardingMaisem Ali1-1/+4
Updates #3802 Signed-off-by: Maisem Ali <maisem@tailscale.com>
2022-03-08ssh/tailssh: create login sessions for new connectionsMaisem Ali1-8/+10
Signed-off-by: Maisem Ali <maisem@tailscale.com>
2022-03-01ssh/tailssh: skip flaky test on CI for nowBrad Fitzpatrick1-0/+3
Updates #4051 Change-Id: I94f2165dd248eba9ca3f782c907a13bd6dde4a5e Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-02-28ipn/store: add common package for instantiating ipn.StateStoresMaisem Ali1-2/+2
Also move KubeStore and MemStore into their own package. RELNOTE: tsnet now supports providing a custom ipn.StateStore. Signed-off-by: Maisem Ali <maisem@tailscale.com>
2022-02-24ssh/tailssh: add more SSH tests, blend in env from ssh sessionBrad Fitzpatrick1-7/+77
Updates #3802 Change-Id: I568c661cacbb0524afcd8be9577457ddba611f19 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-02-24ssh/tailssh: add start of real ssh testsBrad Fitzpatrick1-0/+85
Updates #3802 Change-Id: I9aea4250062d3a06ca7a5e71a81d31c27a988615 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-02-24ssh: make it build on darwinBrad Fitzpatrick1-2/+2
For local dev testing initially. Product-wise, it'll probably only be workable on the two unsandboxed builds. Updates #3802 Change-Id: Ic352f966e7fb29aff897217d79b383131bf3f92b Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-02-24ssh/tailssh: rename sshContext to sshConnInfoBrad Fitzpatrick1-11/+11
So it's not confused for a context.Context and we can add contexts later and not look like we have two. Updates #3802 Change-Id: Icf229ae2c020d173f3cbf09a13ccd03a60cbb85e Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-02-18ssh/tailssh: evaluate tailcfg.SSHPolicy on incoming connectionsBrad Fitzpatrick1-0/+157
Updates #3802 Fixes #3960 Change-Id: Ieda2007d462ddce6c217b958167417ae9755774e Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
Copyright © 2025 - 2026 Wayne Cole. WTFPL. Attribution appreciated. No warranty. Not liable for bodily damages.