* Updated LocalKeyAgent to load both certificate and private key into Teleport and system agent.
* Refactored LocalKeyAgent to consolidate key loading code.
* Added test coverage for LocalKeyAgent.
Before this commit, tsh HAD to know which SSH port the server is
listening on. Meanwhile the proxy _already knows_ which port every
server is listening on! This made it inconvenient to use tsh when
non-default port was used.
This commit makes proxy smarter:
- If `-p` flag is explicitly set, proxy looks for this port and gives an
intelligent error if the port doesn't match what's actually used.
- If `-p` is skipped, the proxy automatically uses the correct port,
and what's cooler it uses port `22` if connecting to OpenSSH servers.
This commit fixes the second issue of #729
This commit adds several improvements to how CLI SSH login works
- Validated keys are added to the SSH agent [1]
- tsh will does not verify host keys twice anymore
- error messages for "access denied" look clean now
[1] This is huge. This means that tsh login can "feed" the keys to the
built-in SSH agents of the OS and OpenSSH can fetch them from there.
QUESTION: why do we even need `tsh agent` option then? ssh-agent is
installed on every Linux/OSX machine.
Changes:
- Added a proper help message for `--ttl` flag
- Added `--out` flag to specify where to store the keys
- Removed 3 flags for file names
- File names (keys, cert) are generated using `tsh` naming convention
Fixes#636
Functionality:
`teleport` binary now serves web assets from its own binary file.
Unless `DEBUG` environment variable is set to "1" or "true", in
this case it will look for ../web/dist (as located in github repo)
which can be used for development.
Design:
To avoid accumulating 3rd party dependencies with a ton of extra
features and licenses, this implementation uses minimalistic
implementation of http.FileSystem interface on top of the embedded ZIP
archive.
1. The assets are zipped into assets.zip during build process
2. assets.zip gets appended to the end of `teleport` binary
3. The resulting file is converted into a self-extracting ZIP
4. Teleport opens itself using the built-in zip unarchiver, and loads
the assets on demand.
Notes:
1. LOC is tiny (dozens)
2. RAM consumption is CONSTANT regardless of the ZIP size, about 500Kb
increase vs load-from-file, and most of it is linking zip archive
code from the standard library. Tested with a 20MB ZIP archive.