Sasha Klizhentas
de340120fa
web session lifecycle fixes
2017-02-19 11:45:57 -08:00
Alexander Klizhentas
f96117a63c
Merge pull request #779 from gravitational/sasha/webfix
...
Configure web session duration, fixes #691
2017-02-17 18:39:33 -08:00
Sasha Klizhentas
d6ff6f6204
Configure web session duration, fixes #691
...
* Fix bug with OIDC powered sessions logged out after 10 minutes
* Adjust web sessions durations by taking roles into account
* Provide explicit TTL enforced on the server side for bearer tokens
Before this PR the web session TTL was measured using defaults,
10 minutes for local sessions and 1 hour for OIDC sessions and
the system relied on client to renew the bearer token.
With this change bearer token TTL is set to 10 minutes
and the entire web session will expire if not renewed before
The maximum session duration is set to 12 hours, if not
limited to a smaller value by roles in RBAC modules.
2017-02-17 16:16:44 -08:00
Alexander Klizhentas
ad4e4891c6
Merge pull request #776 from gravitational/sasha/reorg
...
move code around
2017-02-17 09:00:19 -08:00
Sasha Klizhentas
202c3fc0b9
move code around
2017-02-15 18:29:17 -08:00
Sasha Klizhentas
b4fcd85848
New release 2.0.0-alpha.6
2017-02-15 17:13:58 -08:00
Alexander Klizhentas
c124e2480d
Merge pull request #774 from byronmccollum/add-node-static-token-example
...
Fix Example for Adding Nodes Using Static Tokens
2017-02-14 09:22:16 -08:00
Byron McCollum
7d6001105c
Merge branch 'master' into add-node-static-token-example
2017-02-14 09:53:51 -06:00
Russell Jones
7d47d1ff12
Merge pull request #775 from gravitational/rjones/agent-fixes
...
SSH Agent Fixes
2017-02-13 22:47:33 -08:00
Russell Jones
57f6f7ab61
Log failures to communicate with system ssh agent don't actually fail.
2017-02-14 06:43:38 +00:00
Russell Jones
2de94536d8
Added debug ssh agent to be used in tests so they can run consistently across platforms.
2017-02-14 06:43:32 +00:00
Russell Jones
fe2afca6b8
Vendor latest golang.org/x/crypto/*.
2017-02-13 16:44:31 -08:00
Byron McCollum
366a04315d
Fix Example for Adding Nodes Using Static Tokens
...
Given the sentence right before the example, the roles to start should be `node` and `proxy`, not `node` and `auth`.
2017-02-13 17:22:14 -06:00
Russell Jones
04fdbd9b52
Merge pull request #772 from russjones/rjones/deduplicate-principals
...
Deduplicate principals for host certificates.
2017-02-13 14:59:24 -08:00
Russell Jones
ff443f7b51
Deduplicate principals for host certificates.
2017-02-13 11:28:36 -08:00
Ev Kontsevoy
c283edb541
Merge pull request #769 from gravitational/sasha/iface
...
Sasha/iface
2017-02-12 16:52:21 -08:00
Sasha Klizhentas
f9bddef532
fixes and vet passing
2017-02-12 14:33:44 -08:00
Sasha Klizhentas
4967287946
fix sessions and web UI
2017-02-12 14:19:01 -08:00
Sasha Klizhentas
e48932e97d
Merge branch 'master' into sasha/iface
2017-02-11 11:09:19 -08:00
Sasha Klizhentas
877bf6ac8d
release internal tag
2017-02-11 11:07:12 -08:00
Sasha Klizhentas
c9c4f73437
another fix
2017-02-11 11:05:09 -08:00
Sasha Klizhentas
1b91689e57
fixes
2017-02-11 10:48:29 -08:00
Sasha Klizhentas
b569b04494
work in progress sessions
2017-02-10 18:55:51 -08:00
Russell Jones
b907f1c65a
Merge pull request #766 from gravitational/rjones/fix-otp-test
...
Fix TOTP test that would occasionally fail due to timing issues.
2017-02-10 14:54:09 -08:00
Russell Jones
8029318647
Use a fake clock in OTP tests.
2017-02-10 22:46:26 +00:00
Russell Jones
6464f3904e
Fix TOTP test that would occasionally fail due to timing issues.
2017-02-10 19:43:57 +00:00
Russell Jones
802535c299
Merge pull request #763 from russjones/rjones/ssh-config-docs
...
Update OpenSSH Documentation
2017-02-09 18:34:01 -08:00
Russell Jones
8c8821b716
Updated Admin Guide for OpenSSH interoperability.
2017-02-09 18:31:38 -08:00
Russell Jones
e71a09d01b
Merge pull request #762 from russjones/rjones/agent-load
...
LocalKeyAgent changes for OpenSSH interoperability
2017-02-09 18:30:52 -08:00
Russell Jones
1539f351fe
Make teleagent use the LocalKeyAgent.
2017-02-09 18:27:10 -08:00
Russell Jones
ac1173bacd
Fixes, refactoring, and tests for LocalKeyAgent.
...
* Updated LocalKeyAgent to load both certificate and private key into Teleport and system agent.
* Refactored LocalKeyAgent to consolidate key loading code.
* Added test coverage for LocalKeyAgent.
2017-02-09 18:27:10 -08:00
Russell Jones
0a6f419f07
Merge pull request #730 from russjones/rjones/principals
...
Multiple Principals
2017-02-09 18:23:23 -08:00
Russell Jones
23f964968c
Admin certificate revered back to only host uuid for backward compatibility.
2017-02-09 16:43:16 -08:00
Russell Jones
6295213815
Host certificate now presents two principals: hostUUID.clusterName and nodeName.clusterName.
2017-02-08 18:34:29 -08:00
Alexey Kontsevoy
0382ec3a50
Merge pull request #761 from gravitational/alexey/connector-schema-fix
...
adding a missing display field to ConnectorV2 schema
2017-02-08 13:23:50 -05:00
Alexey Kontsevoy
0f1bf744ba
adding a missing display field to ConnectorV2 schema
2017-02-08 12:53:45 -05:00
Ev Kontsevoy
2b6d9beb01
Merge pull request #754 from gravitational/ev/712
...
Improvements to make tests more reliable
2017-02-07 13:25:50 -08:00
Ev Kontsevoy
d55d48de85
Merge branch 'master' into ev/712
2017-02-07 13:22:22 -08:00
Ev Kontsevoy
3ec87b20d1
Merge pull request #753 from gravitational/ev/client-ip
...
Web UI passes the true client IP into SSH sessions for correct audit
2017-02-07 13:22:07 -08:00
Ev Kontsevoy
1b4d910f01
Merge branch 'master' into ev/client-ip
2017-02-07 10:54:11 -08:00
Ev Kontsevoy
493e9745c1
Merge branch 'master' into ev/712
2017-02-07 10:53:57 -08:00
Ev Kontsevoy
d34e55fff7
Merge pull request #751 from gravitational/ev/webclient
...
New web client
2017-02-07 10:53:19 -08:00
Ev Kontsevoy
eb12e297df
Improvements to make tests more reliable
...
- Better async test for fs backend
- Slight optimization inside sessions (avoid calling unnecessary
function from goroutines)
2017-02-06 15:48:49 -08:00
Ev Kontsevoy
19f666370f
Web UI now passes the true client IP into SSH sessions
...
This commit closes #735 this is how it works:
- When a web-based client creates a Teleport Client object, it now
passes the true client IP (as taken from HTTP requests) into the
created SSH-to-proxy session via an environment variable.
- The Teleport proxy interprets that variable when it dials the
destination server and passes it on using the same handshake protocol
as a regular teleport CLI client.
2017-02-06 14:45:44 -08:00
Ev Kontsevoy
7d534a7c50
Fixed window resize problems
2017-02-04 01:02:23 -08:00
Ev Kontsevoy
f67d9c4ddf
Error printing fixes
...
Teleport client would sometimes default to stdout, instead of the
defined-by-configuration io.Writer
2017-02-03 23:28:08 -08:00
Ev Kontsevoy
730a44cfb4
Fixed web tests
...
... also fixed web session "closer" leak
2017-02-03 23:12:29 -08:00
Ev Kontsevoy
3b9b78ff19
Polish CLI client integration into web terminal
2017-02-03 17:35:52 -08:00
Ev Kontsevoy
c3b57a8bb5
Removed the old web-based client code
2017-02-03 12:08:09 -08:00
Ev Kontsevoy
2150cb31de
The web UI is not using the CLI client
...
TODO:
- Configure the CLI client to NOT use a keystore
- Configure the CLI client to NOT use ssh-agent
- Fix tests
- Comments
2017-02-02 22:54:48 -08:00