self-hosted/teleport
self-hosted/teleport
1
0
Fork 0
mirror of https://github.com/gravitational/teleport synced 2024-10-22 02:03:24 +00:00
Code Issues Packages Projects Releases Wiki Activity
2207 commits 3216 branches 4173 tags 1.3 GiB
Commit graph

39 commits

Author SHA1 Message Date
Sasha Klizhentas f3a3104934 lift permission restriction 2016-12-06 16:43:43 -08:00
Sasha Klizhentas ab19c70032 implement cert gen CLI tool 2016-12-06 10:43:19 -08:00
Ev Kontsevoy d0e6e42015 Bufix: certificate expiration issue 
This commit closes #529

Teleport was using nanoseconds to set the certificate expiration,
instead of milliseconds.

Changes:

- Switched from nanoseconds to seconds
- Switched from UTC to native time (because that's what golang/x/ssh
  uses internally)
 2016-09-12 17:55:31 -07:00
Ev Kontsevoy 48a74fbeca Intermediate commit (scp up/down works agaisnt openSSH servers) 2016-05-26 14:46:56 -07:00
Ev Kontsevoy 6e6e951650 Intermediate commit 2016-05-25 22:33:07 -07:00
Ev Kontsevoy 0b26b7fc47 Teleport Host Certificates support multiple roles now 
Teleport CA-signed host certificates used to support only one
server role per cert.

This commit adds the ability to store multiple roles in a
certificate, paving the road for multi-role node support in
a near future.
 2016-05-10 20:27:18 -07:00
Ev Kontsevoy b8788be4d4 Teleport was constantly asking for username+HOTP+password 
The problem was in `time.Unix()` instead of `time.Unixnano()`
I'm not even sure how Unix() got in there...
 2016-04-21 19:41:10 -07:00
Ev Kontsevoy e28f21922c Certificate TTL improvements 
1. Server now always uses UTC timestamps for certificates it ussues
2. Client doesn't store cert validBefore time in separate files, it
   parses the cert itself.

Fixes #370
 2016-04-19 16:09:22 -07:00
klizhentas d68e693cad migrate to trace errors 2016-04-12 11:07:14 -07:00
Ev Kontsevoy 0168cd954d Removed keygen mocking 2016-04-08 10:49:36 -07:00
Ev Kontsevoy b7be49bc49 Added new integration test (not turned on yet) 2016-04-07 18:20:38 -07:00
Ev Kontsevoy 757c34a755 Added the ability to stop teleport without restarting the process 2016-04-03 12:17:28 -07:00
klizhentas ca7e3820d7 This commit adds ability to preconfigure the cluster without running 
auth server. This is needed when you configure cluster from scratch and
all nodes including auth server spin up simultaneously.

* Add tctl tools to generate keys and certificates

  + Command "tctl authorities gen" generates public and private keypair.
  + Command "tctl authorities gencert" generates public and private keypair signed
    by existng private key
  + Command "tctl authorities export" was modified to be able to export exisitng private
    CA keys to local storage

   All of these commands are hidden by default.

section "static configuration"

* Add ability to configure teleport from environment variable

Environment variable TELEPORT_CONFIG can contain base64 encoded
YAML file config file of the standard file format, so teleport will use it on start

* Add special secrets section to the config file

Section "secrets" was updated to support pre-configured trusted CA keys and pre-generated keys

* Add special rts hidden section to add support for provisioning
 2016-03-28 12:58:34 -07:00
klizhentas 7a2a9e334f add support for TELEPORT_DEBUG_TESTS environment variable turning on verbose testing 2016-03-14 14:07:45 -07:00
klizhentas 0e503ca376 Add proper integration with OpenSSH on both sides 2016-03-09 19:39:15 -08:00
Ev Kontsevoy 06ff8f81aa Bugfixes in the new tsh code 2016-02-28 14:22:52 -08:00
klizhentas 278420174f refactor roles and certificates handling 2016-02-18 18:07:43 -08:00
Alex Lyulkov d2f50cf4b6 Fixed tests logging 2016-02-05 17:09:21 +03:00
Alex Lyulkov ed3a5088e8 Merged: added user mapping 2016-02-05 03:29:49 +03:00
Alex Lyulkov 566933b541 Fixed code style 2016-02-05 02:03:05 +03:00
klizhentas cad989ef9a fix broken build 2016-02-04 13:52:44 -08:00
Alex Lyulkov c90fffef6c now native Close() implements io.closer 2016-02-04 20:42:13 +03:00
Alex Lyulkov acd9cf4943 Added user mapping, web shell restarts after exit 2016-02-04 20:19:42 +03:00
Alex Lyulkov f3fef1b5d7 new keypairs precalculation with go channels 2016-01-30 01:44:43 +03:00
Alex Lyulkov 4e4ab2f9da Modified keypairs precalculating 2016-01-27 18:09:21 +03:00
Alex Lyulkov b38a6236ef Fixed precalculation, fixed the tests affected by additional parallel calculations 2016-01-26 20:29:45 +03:00
Alex Lyulkov ea7b88e6d9 Modified keys precompiling 2016-01-26 01:01:11 +03:00
Alex Lyulkov 85d74d6ddc Fixed mutex unlocking 2016-01-25 22:39:22 +03:00
Alex Lyulkov ef71410567 Added precompiled auth key-pairs to reduce login time 2016-01-25 18:15:13 +03:00
Alex Lyulkov a56b5236ac Moved to go1.5 vendoring 2016-01-20 18:52:25 +03:00
Alex Lyulkov 8c7f849805 Added tests for permissions, everythink works 2015-11-13 19:47:59 -08:00
Alex Lyulkov 390714b842 Integrated permissions checker, replaced special tun requests by API calls. 2015-11-12 17:32:45 -08:00
Alex Lyulkov 15e80c0a4f Deleted http api, added api via memory pipe, added permissions checker 2015-11-11 14:21:11 -08:00
Alex Lyulkov 850a113e98 Now ssh servers check certificates ttl 2015-11-08 19:11:16 -08:00
klizhentas 00ef621e6b Apply apache license to teleport 2015-10-31 11:56:49 -07:00
Alex Lyulkov 76d09e1174 Fixed certificates ttl limiting 2015-10-27 16:56:10 -07:00
Alex Lyulkov 8f40a04b3a Fixed certificates ttl limiting 2015-10-27 16:41:47 -07:00
Alex Lyulkov a4ef8d5cba Added time limits for certificates 2015-10-27 16:30:16 -07:00
Alex Lyulkov a3db86b236 More folders arrangments 2015-10-05 20:36:55 +03:00