This was fixed running the `misspell` linter in fix mode using
`gometalinter`. The exact command I ran was :
```
gometalinter --vendor --disable-all -E misspell --linter='misspell:misspell -w {path}:^(?P<path>.*?\.go):(?P<line>\d+):(?P<col>\d+):\s*(?P<message>.*)$' ./...
```
Some typo were fixed by hand on top of it.
goterm had no license, I quickly replaced it with our own little table
formatter.
also rewrote some tsh commands, that were using home-made formatting, to
the new table, so the output is now much nicer.
- Renamed "dir" format to "openssh"
- Replaced self-made key fingerprinting function with a standard one
- Changed fingerprinting from legacy md5 to sha256
1. Got rid of `tool/tsh/common` package. See below.
2. Fixed logger in config test (it was getting reset by the test itself)
The reason we don't need `tool/tsh/common` is because `tsh` is the same
for OSS or Enterprise versions. This is good for two reasons:
1. Enterprise customers don't need to bother telling users to use a
proprietary binary, they can just get OSS (which will eventually get
pacakged for OSX/Ubuntu/RHEL) and will be one `apt-get` or `brew install` away
2. Easier for us to package/maintain.
Changes:
* Moved identity file code from tctl (because `tctl auth sign` already
does what we need) into `lib/client/identity.go`
* Updated tctl to use the new stuff.
Next steps:
* Change `tsh` to use that code
* Tests
- Switched to new way of building Enterprise
- Removed `tctl tunnels` command (preparation for new resources)
- Removed `tctl auth ls` command (preparation for new resources)
First part of addressing #1033 is ability to load credentials from the
credentials file(s).
This commit adds -i flag processing, i.e. a certificate can be fed via a
cert.file and used to login.
* Add prometheus endpoint to expose system stats
* Add heealthz endpoint
* Add gops endpoint for real time troubleshooting
* Deprecate httprof endpoint
- Added comments to explain the purpose of clientConfig.HostPort
- Fixed typo
- Fixed docker-based 'make release' to include Teleport version into the
produced tarball
- More informative logging around host lookups
* Updated LocalKeyAgent to load both certificate and private key into Teleport and system agent.
* Refactored LocalKeyAgent to consolidate key loading code.
* Added test coverage for LocalKeyAgent.
Before this commit, tsh HAD to know which SSH port the server is
listening on. Meanwhile the proxy _already knows_ which port every
server is listening on! This made it inconvenient to use tsh when
non-default port was used.
This commit makes proxy smarter:
- If `-p` flag is explicitly set, proxy looks for this port and gives an
intelligent error if the port doesn't match what's actually used.
- If `-p` is skipped, the proxy automatically uses the correct port,
and what's cooler it uses port `22` if connecting to OpenSSH servers.
This commit fixes the second issue of #729
This commit adds several improvements to how CLI SSH login works
- Validated keys are added to the SSH agent [1]
- tsh will does not verify host keys twice anymore
- error messages for "access denied" look clean now
[1] This is huge. This means that tsh login can "feed" the keys to the
built-in SSH agents of the OS and OpenSSH can fetch them from there.
QUESTION: why do we even need `tsh agent` option then? ssh-agent is
installed on every Linux/OSX machine.