self-hosted/teleport
self-hosted/teleport
1
0
Fork 0
mirror of https://github.com/gravitational/teleport synced 2024-10-21 09:44:51 +00:00
Code Issues Packages Projects Releases Wiki Activity
6559 commits 3228 branches 4169 tags 1.3 GiB
Commit graph

173 commits

Author SHA1 Message Date
Ev Kontsevoy 0ce13c8b1b Fixed shell globbing for scp 2017-06-08 22:18:09 -07:00
Ev Kontsevoy 369cab4698 Re-vendored osext dependency 2017-06-02 16:01:55 -07:00
Russell Jones 5215b07612 Revendor gosaml2 and goxmldsig. 2017-06-02 13:39:48 -07:00
Sasha Klizhentas 9fa1ea56dc update deps 2017-05-27 15:36:14 -07:00
Sasha Klizhentas 91b4a663b9 instrument with monitoring tools, fixes #935 
* Add prometheus endpoint to expose system stats
* Add heealthz endpoint
* Add gops endpoint for real time troubleshooting
* Deprecate httprof endpoint
 2017-05-13 18:32:10 -07:00
Russell Jones 836517251d Revendor gosaml2 and goxmldsig. 2017-05-12 14:10:19 -07:00
Sasha Klizhentas f8641681f6 SAML 2.0 initial implementation 2017-05-12 14:10:18 -07:00
Russell Jones 6686592e30 Use shellescape library which uses single quotes so environment 
variables are not expanded.
 2017-05-03 16:52:39 -07:00
Sasha Klizhentas 684c6207fd add hdr histogram 2017-04-30 16:28:07 -07:00
Russell Jones f5c90a02e6 Removed shell parsing for scp code as well. 2017-04-19 12:02:17 -07:00
Sasha Klizhentas 3c2570fa35 Sasha High Availability. 2017-04-07 16:54:15 -07:00
Russell Jones c7956899d5 Merge claims from UserInfo endpoint into claims from ID token. Also, 
fallback to Base64 decoding if Base64-URL decoding fails.
 2017-03-30 17:40:00 -07:00
Russell Jones f7934b5be4 Set default PTY size if an invalid size is requested and 
correctly split command.
 2017-03-21 16:50:07 -07:00
Russell Jones fe2afca6b8 Vendor latest golang.org/x/crypto/*. 2017-02-13 16:44:31 -08:00
Ev Kontsevoy 4a07dd3e22 Improved CLI login procedure 
This commit adds several improvements to how CLI SSH login works

- Validated keys are added to the SSH agent [1]
- tsh will does not verify host keys twice anymore
- error messages for "access denied" look clean now

[1] This is huge. This means that tsh login can "feed" the keys to the
    built-in SSH agents of the OS and OpenSSH can fetch them from there.

QUESTION: why do we even need `tsh agent` option then? ssh-agent is
installed on every Linux/OSX machine.
 2017-01-24 19:54:41 -08:00
Ev Kontsevoy 123dbe8b56 This commit improves error reporting in tsh 
It does two things:

1. Forwards the original HTTP error to the user without replacing it
   with generic "object not found". Related PR for trace package:
   https://github.com/gravitational/trace/pull/27

2. Adds proper handling for `-d` (debug) CLI flag. When passed, `tsh`
   will print the call stack along with the error message.
 2017-01-22 18:31:52 -08:00
Russell Jones 233c68e9d1 Vendor dependencies for TOTP. 2017-01-17 11:24:52 -08:00
Sasha Klizhentas a45e2869fb fix data race and vendor deps 2016-12-30 17:07:54 -08:00
Sasha Klizhentas 13bbc4bd6f vendor things and fix U2F console 2016-12-23 09:51:36 -08:00
Ev Kontsevoy b834c1020c Better error handling for connecting via reverse tunnel 
Prior to this fix Teleport would not relay proxy errors from remote
clusters.

In other words, the following command:

```
$ tsh --cluster=remote ssh non-existing-host
```

Would print an error like:
"Cannot find a remote tunnel connection. ssh subsystem request failed"

Insead, it should say something like:
"dial non-existing-host error: no such host"

This commit fixes it. It works by:

- Sending net.Dial() error from the remote proxy back via stderr over
  reverse tunnel.

- Carefully handling this error to distinguish it from tunnel-related
  network errors.
 2016-12-18 21:30:24 -08:00
jcj83429 3af9672643 revendor gravitational/trace to get trace.DebugReport 2016-12-09 14:44:19 -08:00
Jay Dahiya 21ffbffde0 Merge branch 'master' into u2f 2016-12-06 13:15:49 -08:00
Sasha Klizhentas 3dda13347b Revendor go-oidc 2016-12-05 17:08:48 -08:00
jcj83429 8f71df9480 vendor github.com/tstranex/u2f library 2016-11-29 23:50:21 -08:00
Sasha Klizhentas fa11210099 cleanup godeps artefacts 2016-10-12 09:18:29 -07:00
Ev Kontsevoy 0f6be57fdb Re-vendored new version of cstrings 
Fixes #517
 2016-09-09 11:53:22 -07:00
Yifan Gao e5b4a4330e update buger/goterm: fix build error on 32bit environment 2016-08-09 02:39:29 +08:00
Ev Kontsevoy 828e6a77aa Simpler version implementation 2016-06-14 18:03:06 -07:00
Ev Kontsevoy 6e6e951650 Intermediate commit 2016-05-25 22:33:07 -07:00
Ev Kontsevoy bd9ad5782c Merge remote-tracking branch 'origin/master' into ev/log 2016-05-08 11:53:57 -07:00
Ev Kontsevoy cca475924b tsh now respects --user flag 
Fixes #392
Fixes #396

Teleport now respects `--user` flag and, if --user is specified,
forces the certificate to belong to the given user.

This changes the file structure in `~/.tsh` directory. If a user logs in
under two different accounts, say "ekontsevoy" and "vince", it looks
like this:

```
~/.tsh/
├── keys
│   └── localhost
│       ├── ekontsevoy.cert
│       ├── ekontsevoy.key
│       ├── ekontsevoy.pub
│       ├── vince.cert
│       ├── vince.key
│       └── vince.pub
└── known_hosts

```

Also, to make tests more believable, I have added 3 more pre-generated
keys to 'testauthority' fixture, so instead of returning the same key
over and over, it now returns a random 1 of 4
 2016-05-06 21:57:39 -07:00
Ev Kontsevoy bf4d053764 UGHHHH!!! 2016-05-04 20:38:14 -07:00
Ev Kontsevoy ce1c4d4a38 A great number of bugfixes: 
- replay now works in both web and CLI
- fixed two nasty connection bugs in web sessions
- removed verbose logging/diagnostics
- refactoring of web code by Alexey
 2016-05-03 21:30:17 -07:00
Ev Kontsevoy 5629f76868 Added utf-8 encoding of terminal streams 2016-04-29 00:55:58 -07:00
Ev Kontsevoy 6f111e39e2 Removed lunk + old events + old recorder 2016-04-26 17:39:46 -07:00
klizhentas be83b63d13 update trace package 2016-04-15 14:17:47 -07:00
klizhentas 1c6ea8ecb5 update trace 2016-04-14 17:51:08 -07:00
klizhentas d68e693cad migrate to trace errors 2016-04-12 11:07:14 -07:00
klizhentas bd2f21be37 vendor godeps 2016-04-07 15:01:43 -07:00
klizhentas 7e6990d512 update logrus to fix data race 2016-04-05 17:55:00 -07:00
klizhentas e8585c9891 vendor lemma and use nacl to prevent MITM 2016-04-03 16:09:11 -07:00
klizhentas a8f011295d vendor deps 2016-04-03 11:38:32 -07:00
Ev Kontsevoy 0abcb5119a Re-vendored deps 2016-04-02 13:33:52 -07:00
klizhentas ef024821d4 downgrade term package due to conflicts 2016-03-29 11:51:42 -07:00
klizhentas 0d88af39ef introduce source release and binary release targets 2016-03-22 17:03:58 -07:00
klizhentas 5a412ba2a9 vendor deps 2016-03-16 18:30:51 -07:00
klizhentas f6ea757299 add license 2016-03-14 11:29:35 -07:00
klizhentas 19788c25ce introduce teleport version, fixes #241 
Here's how it works:

* It takes the closest tag that is present in the build
* Automatically applies this tag
* Adds git commit as well
* Is 100% go gettable
* No external deps, all vendored
 2016-03-14 11:22:49 -07:00
klizhentas 1b5b207648 fix dependencies 2016-03-10 17:42:11 -08:00
klizhentas d4e741ffc7 report errors in case of SSH access denied, fixes #179 2016-03-08 16:29:08 -08:00
klizhentas 62ecc63604 fix trace output 2016-03-04 17:41:23 -08:00
klizhentas 332212dcd4 add session log 2016-03-04 16:53:11 -08:00
klizhentas e05fc50baf fix data races found in tests, fixes #165 2016-03-04 14:38:19 -08:00
klizhentas 866b1e18c3 add support for session resizing 2016-03-01 13:19:43 -08:00
klizhentas 5220c43b29 keep old session valid until it expires 2016-02-26 15:24:38 -08:00
klizhentas df59710382 push fixes and tests 2016-02-24 13:19:36 -08:00
klizhentas 6ef5f36037 refactor API to use JSON instead of forms, unify error handling 2016-02-23 12:03:34 -08:00
Ev Kontsevoy ddcd4bf704 Brought back configure/cstrings 2016-02-22 17:12:59 -08:00
Ev Kontsevoy 0a63a557bc Merge remote-tracking branch 'origin/master' into ev/133-newconf 
Conflicts:
	lib/reversetunnel/srv.go
 2016-02-22 14:18:51 -08:00
klizhentas 011d91d73d fix vendoring 2016-02-21 14:46:18 -08:00
klizhentas 1f4afad8f4 add support for direct access to sites without reverse tunnels, fixes #114 2016-02-21 14:39:32 -08:00
Ev Kontsevoy fff0d8875a Merge remote-tracking branch 'origin/master' into ev/133-newconf 
Conflicts:
	Godeps/Godeps.json
	lib/service/cfg_test.go
	tool/teleport/main_test.go
	vendor/github.com/gravitational/configure/README.md
	vendor/github.com/gravitational/configure/cli.go
	vendor/github.com/gravitational/configure/cstrings/split.go
	vendor/github.com/gravitational/configure/kv.go
	vendor/github.com/gravitational/configure/schema/schema.go
 2016-02-20 15:02:39 -08:00
klizhentas bcdd46ff46 check user logins, fixes #117 2016-02-18 14:32:28 -08:00
klizhentas 7012d465bc list active nodes, fixes #129 2016-02-18 12:22:44 -08:00
klizhentas 9fcc861e09 Replace dependencies with code.google.com paths, remove unused code 
* Remove usage of lemma/secret and gravitational/session
* Replace deps using code.google.com with alternatives
* Vendor test keys to the code base
 2016-02-17 18:36:52 -08:00
klizhentas 6cdaba2ef6 user mappings should be deleted if user is deleted, fixes #116 
This commit includes refactoring and cleanup of cert authority sybsystem:

* User keys methods are deleted
* Authorities CRUD is simplified
* Lots of code removed
 2016-02-17 15:29:01 -08:00
Ev Kontsevoy b0aa774178 Intermediate commit 
- Removed gravitational/configure
- Played with different ideas for YAML persistence
 2016-02-15 22:24:56 -08:00
klizhentas 26b3dabaae fixed #121 2016-02-13 12:03:01 -08:00
Ev Kontsevoy 7829880507 Moved to a forked kingpin for CLI arg parsing 2016-02-05 11:44:46 -08:00
Ev Kontsevoy 4262ad693f Updated kingpin to the latest version 
It had features we need, namely customization of --help flag
 2016-02-03 17:37:51 -08:00
Ev Kontsevoy 31893e7f61 Removed gravitational/log from Godeps 2016-02-02 18:14:43 -08:00
Ev Kontsevoy 1e5c85c6d5 Vendored logrus (+dependencies) 2016-02-02 17:07:49 -08:00
Alex Lyulkov a56b5236ac Moved to go1.5 vendoring 2016-01-20 18:52:25 +03:00