self-hosted/teleport
self-hosted/teleport
1
0
Fork 0
mirror of https://github.com/gravitational/teleport synced 2024-10-20 17:23:22 +00:00
Code Issues Packages Projects Releases Wiki Activity
2272 commits 3230 branches 4169 tags 1.3 GiB
Commit graph

2272 commits

This branch
This branch
All branches
Author SHA1 Message Date
Sasha Klizhentas de340120fa web session lifecycle fixes 2017-02-19 11:45:57 -08:00
Alexander Klizhentas f96117a63c Merge pull request #779 from gravitational/sasha/webfix 
Configure web session duration, fixes #691
 2017-02-17 18:39:33 -08:00
Sasha Klizhentas d6ff6f6204 Configure web session duration, fixes #691 
* Fix bug with OIDC powered sessions logged out after 10 minutes
* Adjust web sessions durations by taking roles into account
* Provide explicit TTL enforced on the server side for bearer tokens

Before this PR the web session TTL was measured using defaults,
10 minutes for local sessions and 1 hour for OIDC sessions and
the system relied on client to renew the bearer token.

With this change bearer token TTL is set to 10 minutes
and the entire web session will expire if not renewed before

The maximum session duration is set to 12 hours, if not
limited to a smaller value by roles in RBAC modules.
 2017-02-17 16:16:44 -08:00
Alexander Klizhentas ad4e4891c6 Merge pull request #776 from gravitational/sasha/reorg 
move code around
 2017-02-17 09:00:19 -08:00
Sasha Klizhentas 202c3fc0b9 move code around 2017-02-15 18:29:17 -08:00
Sasha Klizhentas b4fcd85848 New release 2.0.0-alpha.6 2017-02-15 17:13:58 -08:00
Alexander Klizhentas c124e2480d Merge pull request #774 from byronmccollum/add-node-static-token-example 
Fix Example for Adding Nodes Using Static Tokens
 2017-02-14 09:22:16 -08:00
Byron McCollum 7d6001105c Merge branch 'master' into add-node-static-token-example 2017-02-14 09:53:51 -06:00
Russell Jones 7d47d1ff12 Merge pull request #775 from gravitational/rjones/agent-fixes 
SSH Agent Fixes
 2017-02-13 22:47:33 -08:00
Russell Jones 57f6f7ab61 Log failures to communicate with system ssh agent don't actually fail. 2017-02-14 06:43:38 +00:00
Russell Jones 2de94536d8 Added debug ssh agent to be used in tests so they can run consistently across platforms. 2017-02-14 06:43:32 +00:00
Russell Jones fe2afca6b8 Vendor latest golang.org/x/crypto/*. 2017-02-13 16:44:31 -08:00
Byron McCollum 366a04315d Fix Example for Adding Nodes Using Static Tokens 
Given the sentence right before the example, the roles to start should be `node` and `proxy`, not `node` and `auth`.
 2017-02-13 17:22:14 -06:00
Russell Jones 04fdbd9b52 Merge pull request #772 from russjones/rjones/deduplicate-principals 
Deduplicate principals for host certificates.
 2017-02-13 14:59:24 -08:00
Russell Jones ff443f7b51 Deduplicate principals for host certificates. 2017-02-13 11:28:36 -08:00
Ev Kontsevoy c283edb541 Merge pull request #769 from gravitational/sasha/iface 
Sasha/iface
 2017-02-12 16:52:21 -08:00
Sasha Klizhentas f9bddef532 fixes and vet passing 2017-02-12 14:33:44 -08:00
Sasha Klizhentas 4967287946 fix sessions and web UI 2017-02-12 14:19:01 -08:00
Sasha Klizhentas e48932e97d Merge branch 'master' into sasha/iface 2017-02-11 11:09:19 -08:00
Sasha Klizhentas 877bf6ac8d release internal tag 2017-02-11 11:07:12 -08:00
Sasha Klizhentas c9c4f73437 another fix 2017-02-11 11:05:09 -08:00
Sasha Klizhentas 1b91689e57 fixes 2017-02-11 10:48:29 -08:00
Sasha Klizhentas b569b04494 work in progress sessions 2017-02-10 18:55:51 -08:00
Russell Jones b907f1c65a Merge pull request #766 from gravitational/rjones/fix-otp-test 
Fix TOTP test that would occasionally fail due to timing issues.
 2017-02-10 14:54:09 -08:00
Russell Jones 8029318647 Use a fake clock in OTP tests. 2017-02-10 22:46:26 +00:00
Russell Jones 6464f3904e Fix TOTP test that would occasionally fail due to timing issues. 2017-02-10 19:43:57 +00:00
Russell Jones 802535c299 Merge pull request #763 from russjones/rjones/ssh-config-docs 
Update OpenSSH Documentation
 2017-02-09 18:34:01 -08:00
Russell Jones 8c8821b716 Updated Admin Guide for OpenSSH interoperability. 2017-02-09 18:31:38 -08:00
Russell Jones e71a09d01b Merge pull request #762 from russjones/rjones/agent-load 
LocalKeyAgent changes for OpenSSH interoperability
 2017-02-09 18:30:52 -08:00
Russell Jones 1539f351fe Make teleagent use the LocalKeyAgent. 2017-02-09 18:27:10 -08:00
Russell Jones ac1173bacd Fixes, refactoring, and tests for LocalKeyAgent. 
* Updated LocalKeyAgent to load both certificate and private key into Teleport and system agent.
* Refactored LocalKeyAgent to consolidate key loading code.
* Added test coverage for LocalKeyAgent.
 2017-02-09 18:27:10 -08:00
Russell Jones 0a6f419f07 Merge pull request #730 from russjones/rjones/principals 
Multiple Principals
 2017-02-09 18:23:23 -08:00
Russell Jones 23f964968c Admin certificate revered back to only host uuid for backward compatibility. 2017-02-09 16:43:16 -08:00
Russell Jones 6295213815 Host certificate now presents two principals: hostUUID.clusterName and nodeName.clusterName. 2017-02-08 18:34:29 -08:00
Alexey Kontsevoy 0382ec3a50 Merge pull request #761 from gravitational/alexey/connector-schema-fix 
adding a missing display field to ConnectorV2 schema
 2017-02-08 13:23:50 -05:00
Alexey Kontsevoy 0f1bf744ba adding a missing display field to ConnectorV2 schema 2017-02-08 12:53:45 -05:00
Ev Kontsevoy 2b6d9beb01 Merge pull request #754 from gravitational/ev/712 
Improvements to make tests more reliable
 2017-02-07 13:25:50 -08:00
Ev Kontsevoy d55d48de85 Merge branch 'master' into ev/712 2017-02-07 13:22:22 -08:00
Ev Kontsevoy 3ec87b20d1 Merge pull request #753 from gravitational/ev/client-ip 
Web UI passes the true client IP into SSH sessions for correct audit
 2017-02-07 13:22:07 -08:00
Ev Kontsevoy 1b4d910f01 Merge branch 'master' into ev/client-ip 2017-02-07 10:54:11 -08:00
Ev Kontsevoy 493e9745c1 Merge branch 'master' into ev/712 2017-02-07 10:53:57 -08:00
Ev Kontsevoy d34e55fff7 Merge pull request #751 from gravitational/ev/webclient 
New web client
 2017-02-07 10:53:19 -08:00
Ev Kontsevoy eb12e297df Improvements to make tests more reliable 
- Better async test for fs backend
- Slight optimization inside sessions (avoid calling unnecessary
  function from goroutines)
 2017-02-06 15:48:49 -08:00
Ev Kontsevoy 19f666370f Web UI now passes the true client IP into SSH sessions 
This commit closes #735 this is how it works:

- When a web-based client creates a Teleport Client object, it now
  passes the true client IP (as taken from HTTP requests) into the
  created SSH-to-proxy session via an environment variable.

- The Teleport proxy interprets that variable when it dials the
  destination server and passes it on using the same handshake protocol
  as a regular teleport CLI client.
 2017-02-06 14:45:44 -08:00
Ev Kontsevoy 7d534a7c50 Fixed window resize problems 2017-02-04 01:02:23 -08:00
Ev Kontsevoy f67d9c4ddf Error printing fixes 
Teleport client would sometimes default to stdout, instead of the
defined-by-configuration io.Writer
 2017-02-03 23:28:08 -08:00
Ev Kontsevoy 730a44cfb4 Fixed web tests 
... also fixed web session "closer" leak
 2017-02-03 23:12:29 -08:00
Ev Kontsevoy 3b9b78ff19 Polish CLI client integration into web terminal 2017-02-03 17:35:52 -08:00
Ev Kontsevoy c3b57a8bb5 Removed the old web-based client code 2017-02-03 12:08:09 -08:00
Ev Kontsevoy 2150cb31de The web UI is not using the CLI client 
TODO:
- Configure the CLI client to NOT use a keystore
- Configure the CLI client to NOT use ssh-agent
- Fix tests
- Comments
 2017-02-02 22:54:48 -08:00