self-hosted/teleport
self-hosted/teleport
1
0
Fork 0
mirror of https://github.com/gravitational/teleport synced 2024-10-21 17:53:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
4995 commits 3226 branches 4171 tags 1.3 GiB
Commit graph

228 commits

Author SHA1 Message Date
Ev Kontsevoy 1755870f27 Logging fixes and more 
- Fixed logging. Closes #875
- Removed dead code
- Fixed 'exec' tests on OSX
 2017-03-29 17:12:50 -07:00
Ev Kontsevoy dd9db5ec2e Minor cosmetic commit 
- Added comments to explain the purpose of clientConfig.HostPort
- Fixed typo
- Fixed docker-based 'make release' to include Teleport version into the
  produced tarball
- More informative logging around host lookups
 2017-03-29 17:12:50 -07:00
Russell Jones 8af04a1355 Added --load flag to "tsh agent". 2017-03-14 14:10:36 -07:00
Russell Jones 49c2d31a33 Remove --identity flag from tctl. Cleaned up tsh and, updated 
documentation.
 2017-02-28 15:08:35 -08:00
Russell Jones cfe92d7ad2 Fixed bugs created in #783. Updated response returned from /webapi/ping and 
/web/config.js. Added support for authentication selection based off ping
response in tsh.
 2017-02-23 13:45:19 -08:00
Sasha Klizhentas 202c3fc0b9 move code around 2017-02-15 18:29:17 -08:00
Sasha Klizhentas f9bddef532 fixes and vet passing 2017-02-12 14:33:44 -08:00
Russell Jones 1539f351fe Make teleagent use the LocalKeyAgent. 2017-02-09 18:27:10 -08:00
Russell Jones ac1173bacd Fixes, refactoring, and tests for LocalKeyAgent. 
* Updated LocalKeyAgent to load both certificate and private key into Teleport and system agent.
* Refactored LocalKeyAgent to consolidate key loading code.
* Added test coverage for LocalKeyAgent.
 2017-02-09 18:27:10 -08:00
Ev Kontsevoy e988630783 tsh logout + tctl create 
This commit closes #667

- `tsh logout` will now log you out of everything
- `tctl upsert` has been renamed to `tctl create`
 2017-01-29 19:26:27 -08:00
Ev Kontsevoy e7f44bfcd6 SSH port lookup on the proxy side 
Before this commit, tsh HAD to know which SSH port the server is
listening on. Meanwhile the proxy _already knows_ which port every
server is listening on! This made it inconvenient to use tsh when
non-default port was used.

This commit makes proxy smarter:

- If `-p` flag is explicitly set, proxy looks for this port and gives an
  intelligent error if the port doesn't match what's actually used.

- If `-p` is skipped, the proxy automatically uses the correct port,
  and what's cooler it uses port `22` if connecting to OpenSSH servers.

This commit fixes the second issue of #729
 2017-01-29 16:58:50 -08:00
Ev Kontsevoy c52ca519db Found the reason for tsh ls issue 
... it requres 'host login' even though you're not loggin into any host
 2017-01-27 23:03:09 -08:00
Ev Kontsevoy ff2fd9ca47 Code review changes 2017-01-25 13:45:46 -08:00
Ev Kontsevoy 4a07dd3e22 Improved CLI login procedure 
This commit adds several improvements to how CLI SSH login works

- Validated keys are added to the SSH agent [1]
- tsh will does not verify host keys twice anymore
- error messages for "access denied" look clean now

[1] This is huge. This means that tsh login can "feed" the keys to the
    built-in SSH agents of the OS and OpenSSH can fetch them from there.

QUESTION: why do we even need `tsh agent` option then? ssh-agent is
installed on every Linux/OSX machine.
 2017-01-24 19:54:41 -08:00
Sasha Klizhentas 2cc1a548c5 finished changes 2016-12-30 15:13:45 -08:00
dmitri 53e059a11a Add context support to ProxyClient.ConnectToNode to be able to timeout the connection. 
The method is otherwise blocking and might hang upon establishing a connection if the other side closes the connection.
 2016-12-23 20:50:32 +01:00
Sasha Klizhentas bacfc33ef4 add missing error report 2016-12-21 15:56:57 -08:00
Sasha Klizhentas 41a4d2872c Merge branch 'sasha/corruption' into sasha/rbac 2016-12-20 11:06:16 -08:00
Ev Kontsevoy a4ff1117c0 Minor change 2016-12-15 08:21:42 -08:00
Ev Kontsevoy c40c0139df Removed automatic profile saving on every successful session 
Now, profiles are created when you explicitly type `tsh login`
 2016-12-14 16:47:35 -08:00
Sasha Klizhentas 2dceb42547 Merge branch 'master' into sasha/rbac 2016-12-14 16:36:55 -08:00
Sasha Klizhentas 7e97b10032 add support for namespaces almost everywhere 2016-12-14 15:48:36 -08:00
Sasha Klizhentas a8533fde66 Merge branch 'jcj83429-u2f' 2016-12-13 12:16:26 -08:00
Ev Kontsevoy e880643d46 Added --quiet flag to tsh clusters command 
Fixes #635
 2016-12-11 22:37:13 -08:00
Alex Charles 9e743f803a Some cleanup for PR. Mostly appId -> appID, U2f -> U2F 2016-12-08 02:23:51 -08:00
Jay ade8b1dc7b Fixed merge conflicts with original repository 2016-11-30 17:08:20 -08:00
Ev Kontsevoy 30a1724927 .tsh profile change 
`tsh` profiles shoudl only "kick in" when no --proxy flag is given.
If a user explicitly specifies --proxy flag, profiles should be ignored.
 2016-11-30 15:46:36 -08:00
jcj83429 4bbca0b2eb Merge branch 'master' into u2f 2016-11-29 20:54:17 -08:00
Ev Kontsevoy c6c77a183c SCP improvements 
- Removed strange handling of the ending / symbol, causing directories
  not being created. Fixes #606

- Added per-file progress indicator (reports "XXX uploaded").
 2016-11-03 20:06:43 -07:00
Ev Kontsevoy 888e53aa03 Fixes #604 2016-11-03 14:54:52 -07:00
jcj83429 2cff2aaa66 Merge upstream 'master' into u2f 
Conflicts:
	lib/config/fileconf.go
	tool/tsh/main.go
 2016-10-24 00:08:26 -07:00
jcj83429 739308c5ae got u2f login working on the CLI client. 
also grouped the u2f webapi endpoints together,
and fixed the default u2f AppID so it works out of the box
 2016-10-22 20:43:44 -07:00
Ev Kontsevoy 7964bfc54e Client profiles for TSH 2016-10-22 12:54:16 -07:00
Ev Kontsevoy a6127227f3 Proper handling of attached/detached terminals 
Also Teleport now will try to get the type of terminal you're already
on, looking at $TERM
 2016-09-10 21:59:16 -07:00
Ev Kontsevoy 4aa39f0897 Added '-t' flag 
This means "allocate TTY"
 2016-09-08 21:38:45 -07:00
Ev Kontsevoy 79152b2d08 Minor code refactoring 
Moved code which parses OpenSSH-style port forwarding spec (-L flag)
from tsh/main into lib/client
 2016-08-25 22:12:08 -07:00
Ev Kontsevoy 3060cf2650 Adds the ability to specify non-standard HTTPS proxy port 
This commit fixes #491

Now `tsh` accepts `--proxy=host:port,port` allowing to specify two
ports, one for SSH and another for HTTPS.
 2016-08-05 15:46:12 -07:00
Ev Kontsevoy 6383b755c5 Multi-cluster tsh 
`tsh` has always supported reverse tunnels via undocumented "sites"
command.

This commit:

1. Renames "sites" to "clusters" to be consistent with the rest of
   Teleport naming conventions
2. Adds --cluster flag to `tsh ssh`
3. Updates the User Manual in the documentation dir

Refs #437
 2016-06-11 20:04:53 -07:00
Ev Kontsevoy 029233b11f tsh logout implementation 
Fixes #420
 2016-06-01 17:02:39 -07:00
Ev Kontsevoy 6e6e951650 Intermediate commit 2016-05-25 22:33:07 -07:00
Ev Kontsevoy dc87ef5aec Clean error reporting for SSH exec 
- stdout and stderr are separated
- exit status is inherited by tsh
 2016-05-24 18:00:26 -07:00
Sasha Klizhentas 39d9f076c2 Env var for TELEPORT_USER, refs #408 2016-05-10 15:34:35 -07:00
Ev Kontsevoy bd9ad5782c Merge remote-tracking branch 'origin/master' into ev/log 2016-05-08 11:53:57 -07:00
Ev Kontsevoy cca475924b tsh now respects --user flag 
Fixes #392
Fixes #396

Teleport now respects `--user` flag and, if --user is specified,
forces the certificate to belong to the given user.

This changes the file structure in `~/.tsh` directory. If a user logs in
under two different accounts, say "ekontsevoy" and "vince", it looks
like this:

```
~/.tsh/
├── keys
│   └── localhost
│       ├── ekontsevoy.cert
│       ├── ekontsevoy.key
│       ├── ekontsevoy.pub
│       ├── vince.cert
│       ├── vince.key
│       └── vince.pub
└── known_hosts

```

Also, to make tests more believable, I have added 3 more pre-generated
keys to 'testauthority' fixture, so instead of returning the same key
over and over, it now returns a random 1 of 4
 2016-05-06 21:57:39 -07:00
Ev Kontsevoy 65215cf539 Decent quality session replay command 2016-04-30 22:00:53 -07:00
Ev Kontsevoy dc162fd250 First draft of "play" command for tsh 2016-04-30 17:32:54 -07:00
klizhentas b5eb171a06 set env vars 2016-04-23 17:47:29 -07:00
klizhentas ce33368e58 fix various 2FA and OIDC login hiccups 2016-04-19 14:56:01 -07:00
Alexander Klizhentas 89673725e3 Few changes: 
- added getProxyLogin() method to TeleportClient. It now uses the
  default approved principal to login into proxy or defaults to "host
  login"

- covered a bit more of TeleportClient functionality with basic unit
  tests
 2016-04-17 20:46:34 -07:00
Ev Kontsevoy 42c4eaf269 Addded integration tests for: 
- interactive SSH (with shell)
- joining sessions
 2016-04-14 14:17:56 -07:00
Ev Kontsevoy 0dcdc4c278 Added ability to specify which console to use 
...by teleport clients + servers, meaning:

1. Servers do not default to stdout when printing startup messages
2. Clients can use arbitrary input/output instead of stdin/stdout when
   doing SSH/join. This helps with integration testing.
 2016-04-14 13:56:53 -07:00
Ev Kontsevoy 885d755158 FIxed the build 2016-04-11 16:32:37 -07:00
klizhentas de930e7ed9 introduce experimental multi-site and OIDC hidden flags to tctl and tsh 2016-04-07 17:41:44 -07:00
Ev Kontsevoy 8fe9b3eeb7 Teleport Client API refactoring 
Goal: Easier manipulation of client keys

- configurable key store
- easier public API to sign & save keys (prior to this only tc.Login()
  could create a signed key) - this allows to implement custom Login
  logic in other clients.
 2016-04-05 18:53:30 -07:00
Ev Kontsevoy ba381fd54e Implemented local command execution 
Added two things to `tsh`:

1. `--local` flag. This tells `tsh` to execute a given command
   _locally_. This is useful in combination with `-L` flag (port
   forwarding)

2. Added support for "bind_interface" for `-L` flag for compatibility
   with OpenSSH

3. Minor refactoring

4. Updated docs
 2016-03-31 16:02:39 -07:00
Ev Kontsevoy 3b823691a1 Updated documentation with port forwarding info 2016-03-31 14:36:23 -07:00
Ev Kontsevoy ee52838792 Implemented actual forwarding via SSH 2016-03-31 14:23:09 -07:00
Ev Kontsevoy 56d210d7c3 Added -L flag to 'tsh ssh' 
+ test
 2016-03-31 13:38:05 -07:00
Ev Kontsevoy b36b3cde61 Merge remote-tracking branch 'origin/master' into taylor/docs 
Conflicts:
	Makefile
	tool/tctl/main.go
 2016-03-22 10:11:12 -07:00
klizhentas 55388db74b migrate to time UUID in session log, fixes #266 
this commit restricts session id and session party id to be time UUID v1
and uses this fact to create a sorted session log
 2016-03-19 18:16:06 -07:00
Ev Kontsevoy 6c9e14fceb Merge remote-tracking branch 'origin/master' into ev/docs 
Conflicts:
	Makefile
	build.assets/Dockerfile
	build.assets/Makefile
 2016-03-19 09:59:22 -07:00
Ev Kontsevoy f87601bdab Added port number flag for scp 2016-03-18 17:49:14 -07:00
Ev Kontsevoy 23eda5780b User manual edits 2016-03-18 12:36:33 -07:00
Ev Kontsevoy 3de1d72921 Cleaned up Makefiles 2016-03-15 20:41:12 -07:00
Ev Kontsevoy b184319181 Implemented label filtering on TSH 
Works with:
- ssh
- ls
- scp
 2016-03-14 18:44:28 -07:00
Ev Kontsevoy 3418ac80b6 Merge remote-tracking branch 'origin/master' into ev/ssh-api 
Conflicts:
	tool/tctl/main.go
	tool/teleport/main.go
	tool/tsh/main.go
 2016-03-14 14:27:43 -07:00
Ev Kontsevoy db390585d8 Implemented tsh join 
closes #243
 2016-03-14 14:16:18 -07:00
klizhentas 19788c25ce introduce teleport version, fixes #241 
Here's how it works:

* It takes the closest tag that is present in the build
* Automatically applies this tag
* Adds git commit as well
* Is 100% go gettable
* No external deps, all vendored
 2016-03-14 11:22:49 -07:00
Ev Kontsevoy 5b97e83986 Intermediate commit 2016-03-13 19:23:30 -07:00
Ev Kontsevoy 7521b57e56 Rough implementation of SCP 
Refs #244
Closes #244
 2016-03-13 16:18:08 -07:00
Ev Kontsevoy 35185a49e6 Started implementing #244 2016-03-13 00:15:00 -08:00
Ev Kontsevoy 9dca79d883 Fixes #233 
Closes #233
 2016-03-11 15:15:16 -08:00
klizhentas 0e503ca376 Add proper integration with OpenSSH on both sides 2016-03-09 19:39:15 -08:00
klizhentas 519f07611b fix data races and remove sleep from tests 
* fix data race with advertise ip
* remove global variable
* simplify pings logic and fix ping bug
* fix potential bug in dynamic labels
 2016-03-08 18:41:05 -08:00
Ev Kontsevoy 39382dc41a tsh ls works 
similarly to tctl nodes ls
closes #181
 2016-03-08 16:30:32 -08:00
klizhentas 35852bdca9 remove hangouts, report errors from subsystems, refs #179 2016-03-08 12:02:45 -08:00
Ev Kontsevoy 3bed94a7c6 Hostname handling changes: 
1. `--name` setting is passed through into AuthServer as "AuthServiceName".
   This will be used in UIs when there are multiple clusters, and also
   in places like Google Authenticator

2. `tctl nodes ls` now lists both host name and host UUID

3. Changed `--name` setting to `--nodename` to be consistent with the
   config file.

Closes #194
 2016-03-05 16:54:58 -08:00
klizhentas 5e8ecd53b0 only support TLS in web proxy 2016-03-02 15:07:59 -08:00
klizhentas 583d1e06ac Merge branch 'master' into web 
Conflicts:
	lib/client/client_test.go
	lib/srv/srv.go
	web/dist/app/app
 2016-03-01 14:01:01 -08:00
klizhentas 59b16d1ca4 rename to terminal params 2016-03-01 13:26:15 -08:00
Ev Kontsevoy 317393c821 CLI flag parsing for 'tsh ssh' 2016-02-28 14:22:52 -08:00
Alex Lyulkov bd61f6793f Changed limiter initialization 2016-02-26 16:59:35 +03:00
Alex Lyulkov 45654a0ddb rebased 2016-02-25 22:46:30 +03:00
Alex Lyulkov 07c0ca47f9 Fixed tsh tests, changed tests ports 2016-02-25 20:30:44 +03:00
klizhentas 71a5dbc2c4 refactor 2016-02-24 17:58:22 -08:00
klizhentas d5f24e5c39 implement new session management and user signup API 2016-02-23 17:26:23 -08:00
Alex Lyulkov 824f98e8e3 Fixed password reading, changed hangouts dir to ioutils.Tempdir() 2016-02-22 23:59:20 +03:00
Alex Lyulkov eec2217e56 Fixed client test, fixed srv test, minor changes 2016-02-22 22:38:37 +03:00
Alex Lyulkov 2ebb3d07a2 Added tests for hangouts 2016-02-20 01:54:42 +03:00
Alex Lyulkov 042212ad65 Joined regular and hangouts reverse tunnels, changed authentication, minor fixes 2016-02-19 00:23:22 +03:00
Alex Lyulkov 5741526bf4 Merged from alex/share-rebased 2016-02-18 22:10:34 +03:00
klizhentas 9fcc861e09 Replace dependencies with code.google.com paths, remove unused code 
* Remove usage of lemma/secret and gravitational/session
* Replace deps using code.google.com with alternatives
* Vendor test keys to the code base
 2016-02-17 18:36:52 -08:00
klizhentas 6cdaba2ef6 user mappings should be deleted if user is deleted, fixes #116 
This commit includes refactoring and cleanup of cert authority sybsystem:

* User keys methods are deleted
* Authorities CRUD is simplified
* Lots of code removed
 2016-02-17 15:29:01 -08:00
Alex Lyulkov bcb6411a7b merged from alex/sharing 2016-02-17 22:58:28 +03:00
Alex Lyulkov caee704e83 changes for rebase 2016-02-17 21:59:18 +03:00
Alex Lyulkov 2fb458ca2c Changed hangout authentication and url 2016-02-17 21:24:11 +03:00
Alex Lyulkov ed430daaa9 Minor code style fixes 2016-02-16 21:07:21 +03:00
Alex Lyulkov d0fd7b26d3 Hangouts: everything works 2016-02-16 20:06:25 +03:00
Alex Lyulkov 66dd4436e9 working hangouts 2016-02-16 15:51:33 +03:00
Alex Lyulkov f35f74cb46 working on tsh share 2016-02-12 18:25:54 +03:00
Ev Kontsevoy 68badf4bc2 Moved the default build output from ./ to out/ 
Otherwise tctl, teleport and tsh binaries were causing issues with
.gitignore conflicts (we have directories with these names in tool)
 2016-02-09 15:05:02 -08:00
Ev Kontsevoy 2db4d98213 Incorporated PR comments from here: 
https://github.com/gravitational/teleport/pull/115
 2016-02-09 13:46:34 -08:00
Ev Kontsevoy 458d8984a1 Fixed Build errors... 2016-02-08 10:41:25 -08:00
Ev Kontsevoy cfa2997671 Merge branch 'master' into ev/105 2016-02-07 11:45:41 -08:00
Alex Lyulkov c2b6d96485 Fixed OS username in tests 2016-02-06 15:15:01 +03:00
Ev Kontsevoy b5fd2e1253 Merge branch 'master' into ev/105 
Conflicts:
	tool/tsh/main.go
 2016-02-05 15:35:19 -08:00
Ev Kontsevoy 7829880507 Moved to a forked kingpin for CLI arg parsing 2016-02-05 11:44:46 -08:00
Alex Lyulkov d2f50cf4b6 Fixed tests logging 2016-02-05 17:09:21 +03:00
Alex Lyulkov ed3a5088e8 Merged: added user mapping 2016-02-05 03:29:49 +03:00
Alex Lyulkov acd9cf4943 Added user mapping, web shell restarts after exit 2016-02-04 20:19:42 +03:00
Ev Kontsevoy 60b009c83a Applied new kingpin UsageTemplate to tctl and teleport 
Initially only `tsh` used the new UsageTemplate
See [this PR](/gravitational/teleport/pull/104)

This commit applies the same change to `tctl` and `teleport`
Now all 3 tools:

* Use the same logger initialization procedure
* Use the same command line argument parsing/reporting
 2016-02-03 22:00:54 -08:00
Ev Kontsevoy 4262ad693f Updated kingpin to the latest version 
It had features we need, namely customization of --help flag
 2016-02-03 17:37:51 -08:00
Ev Kontsevoy 128d6fc8a1 Added our own custom kingpin usage template 2016-02-03 17:34:05 -08:00
Ev Kontsevoy 83f2d30d12 Replaced our own logger with logrus 2016-02-02 17:53:21 -08:00
Ev Kontsevoy 91288d01e5 Added Logrus initialization 2016-02-02 12:14:59 -08:00
alexlyulkov ff8c8c4dd6 Merge pull request #95 from gravitational/alex/connected-auth 
Added init encryption keys for auth backend config, backend configs a…
 2016-02-01 16:53:00 +03:00
Alex Lyulkov e87fbfb720 Now tsh client closes on 'exit' command 2016-01-29 22:24:04 +03:00
Alex Lyulkov 40a77cfe06 tsh: added -p and -P flags, ssh command now argument not flag 2016-01-29 20:26:47 +03:00
Alex Lyulkov 67bcda7b82 Added init encryption keys for auth backend config, backend configs are JSON now, all complex env configs are JSON now 2016-01-29 19:17:12 +03:00
Alex Lyulkov 2b1a05f53c Added provisioning token role information inside the output token string 2016-01-26 03:16:58 +03:00
Alex Lyulkov a56b5236ac Moved to go1.5 vendoring 2016-01-20 18:52:25 +03:00
Alex Lyulkov e9a1a04ddf Added parallel scp, moved Download and Upload functions from client app to api 2016-01-19 23:54:46 +03:00
Alex Lyulkov 20e15fe7c6 Client app: added scp command, added multiplexing 2016-01-18 20:09:37 +03:00
Alex Lyulkov 17d120bde8 Moved multi authMethod and local certificates management to client lib 2016-01-12 19:21:09 +03:00
Alex Lyulkov 67d3d61e3f Added embedded agent 2016-01-10 01:33:30 +03:00
Alex Lyulkov fc7cfdc026 Changed client GetServers formatting 2015-12-30 17:23:19 +03:00
Alex Lyulkov 4c02338225 Tsh client. Everything works. 2015-12-25 02:24:47 +03:00
Alex Lyulkov a952217066 Client application draft 2015-12-23 02:33:56 +03:00