Ev Kontsevoy
7c0897ac79
Merge remote-tracking branch 'origin/master' into ev/tunnels
2016-06-07 13:52:01 -07:00
Roman Tkachenko
213edbf699
Merge pull request #442 from gravitational/roman/error
...
Do not lose an error on reverse tunnel startup
2016-06-06 21:59:28 -07:00
Roman Tkachenko
38470803cc
Do not lose an error on reverse tunnel startup
2016-06-06 21:43:29 -07:00
Alexander Klizhentas
75c864b063
Merge pull request #441 from ernado/ernado/linguist
...
fix linguist stats for project
2016-06-02 11:23:51 -07:00
Aleksandr Razumov
43735d4040
fix linguist stats for project
2016-06-02 20:50:30 +03:00
Ev Kontsevoy
d928ff02b8
Intermediate commit
2016-06-01 18:56:48 -07:00
Ev Kontsevoy
f75a1c8356
Merge remote-tracking branch 'origin/master' into ev/tunnels
2016-06-01 17:12:49 -07:00
Alexander Klizhentas
b0ff554d83
Merge pull request #439 from gravitational/ev/logout
...
tsh logout implementation
2016-06-01 17:05:56 -07:00
Ev Kontsevoy
029233b11f
tsh logout implementation
...
Fixes #420
2016-06-01 17:02:39 -07:00
Alexander Klizhentas
e546e0b815
Merge pull request #438 from gravitational/ev/296
...
Proxy HTTPS fixes
2016-06-01 15:00:39 -07:00
Ev Kontsevoy
44ff78af9f
Merge branch 'ev/296' into ev/tunnels
2016-06-01 14:39:21 -07:00
Ev Kontsevoy
0ae6270c05
Proxy HTTPS fixes
...
- Self-signed cert is now compatible with Golang HTTP client
- Fixes #296
- Changed the expiration date for self-signed cert
from 1 to 10 years.
2016-06-01 14:38:27 -07:00
Ev Kontsevoy
f4a4fa628a
Intermediate commit
2016-06-01 13:22:00 -07:00
Ev Kontsevoy
b7a24e24f2
Merge pull request #436 from gravitational/ev/tunnels
...
Some minor improvements
2016-06-01 12:46:47 -07:00
Ev Kontsevoy
cd135b899e
Merge remote-tracking branch 'origin/master' into ev/tunnels
...
Conflicts:
tool/tctl/main.go
2016-06-01 12:39:36 -07:00
Ev Kontsevoy
3b5231da85
Minor changes
...
- some unused code removal
- better error messages
2016-06-01 00:20:58 -07:00
Ev Kontsevoy
cddaf6e5c8
Some minor improvements
...
- `tctl auth ls` lists all CAs by default
- Documented `authorize_ip` better
2016-05-31 18:59:07 -07:00
Alexander Klizhentas
5cb821e6d0
Merge pull request #435 from gravitational/ev/https
...
Changed how self-signed HTTPS cert is generated
2016-05-31 18:42:41 -07:00
Ev Kontsevoy
ed0948659b
Changed how self-signed HTTPS cert is generated
...
Fixes #434
Changes:
- Certificate is not "CA" anymore
- Added "*" for CN field
2016-05-31 18:36:51 -07:00
Alexander Klizhentas
afc6f1a549
Merge pull request #433 from gravitational/ev/tctl
...
A bunch of configuration fixes.
2016-05-31 15:45:09 -07:00
Ev Kontsevoy
92b30c3c77
Configuration changes
...
1. data_dir is now a global setting in teleport.yaml (instead of being
inside of "storage" sub-section)
2. changing data_dir in one place causes all of teleport to use it,
not just bolt backends.
3. moving auth server to listen on non-default ports properly adjusts
the global auth_servers setting
4. `tctl` now accepts -c flag just like Teleport, so you can pass
`teleprot.yaml` to it.
Fixes #432
Fixes #431
Fixes #430
2016-05-31 14:58:55 -07:00
Ev Kontsevoy
721b0af4a5
tctl "clusters" command to control reverse tunnels
...
It always existed as undocumentd 'rts' command.
Making it more user friendly and visible
Refs #309
2016-05-31 12:39:45 -07:00
Ev Kontsevoy
06fa66b574
Removed debugging panics from the code
2016-05-31 11:22:35 -07:00
Alexander Klizhentas
032e743ca6
Merge pull request #428 from gravitational/ev/lock
...
Account lock after N unsuccessful login attempts
2016-05-30 20:31:49 -07:00
Ev Kontsevoy
f74cbde928
Replaced "upssert" with "compare & swap"
...
...for login attempt counting
2016-05-30 20:29:48 -07:00
Ev Kontsevoy
0720fbc8c2
Improvements to "max login attempts" feature
...
- increasing login attempt is now atomic within a process
- renamed some functions to be less confusing
2016-05-30 19:11:14 -07:00
Ev Kontsevoy
9f9c586989
Account lock after N unsuccessful login attempts
2016-05-30 16:17:47 -07:00
Alexander Klizhentas
c430ea4e5a
Merge pull request #427 from gravitational/ev/var
...
Permissions adjustment for data dir
2016-05-30 14:45:34 -07:00
Ev Kontsevoy
9b9c6901a5
Permissions adjustment for data dir
...
Teleport's data dir (`/var/lib/teleport` by default) was created using
umask.
Now it's created with `0600` (readable only by Teleport user).
2016-05-30 14:23:58 -07:00
Alexander Klizhentas
e727a2625c
Merge pull request #426 from gravitational/ev/c
...
SSH to HTTP tunnel improvements
2016-05-30 14:11:34 -07:00
Ev Kontsevoy
c7902c6afe
Cleaned up SSH-HTTP tunnel auth integration
2016-05-30 13:52:23 -07:00
Ev Kontsevoy
3f0ba645a2
1st draft at passing SSH user into auth HTTP API
2016-05-30 01:27:33 -07:00
Alexander Klizhentas
1ae4778214
Merge pull request #424 from gravitational/ev/scp
...
PR comments - implemented!
2016-05-27 11:42:50 -07:00
Ev Kontsevoy
7c3b74d8ff
PR comments - implemented!
2016-05-27 11:26:48 -07:00
Alexander Klizhentas
f6aa265318
Merge pull request #422 from gravitational/ev/scp
...
SCP/Exec improvements
2016-05-27 10:46:14 -07:00
Ev Kontsevoy
ee7b1251f2
Exec behaviour is more compatible with OpenSSH
2016-05-26 18:35:49 -07:00
Ev Kontsevoy
ce3bbbde3f
SCP error messages are proper now
...
`tsh scp` now reports the same error messages as OpenSSH scp:
- when talking to Teleport servers
- when talking to OpenSSH servers
2016-05-26 18:00:40 -07:00
Ev Kontsevoy
48a74fbeca
Intermediate commit (scp up/down works agaisnt openSSH servers)
2016-05-26 14:46:56 -07:00
Ev Kontsevoy
6e6e951650
Intermediate commit
2016-05-25 22:33:07 -07:00
Ev Kontsevoy
227c62912e
Direct execution of commands via SSH
...
Before this commit, command execution was done via "shell -c", now
Teleport executes them directly
2016-05-25 15:08:39 -07:00
Ev Kontsevoy
dc87ef5aec
Clean error reporting for SSH exec
...
- stdout and stderr are separated
- exit status is inherited by tsh
2016-05-24 18:00:26 -07:00
Ev Kontsevoy
9c5235ac90
Minor changes
2016-05-23 23:56:45 -07:00
Ev Kontsevoy
2d566ecbe2
Intermediate commit
2016-05-23 15:50:53 -07:00
Ev Kontsevoy
4abc70c024
Merge pull request #421 from gravitational/ev/advertise-ip
...
TunClient changes
2016-05-20 21:56:56 -07:00
Ev Kontsevoy
87b9569ea3
PR stuff, + some Vagrant improvements
2016-05-20 21:41:14 -07:00
Ev Kontsevoy
c990b67d12
PR comments incorporated
2016-05-20 21:00:53 -07:00
Ev Kontsevoy
64393d8d27
Fixed tests
2016-05-20 20:09:13 -07:00
Ev Kontsevoy
ab278f0a06
TunClient changes
...
TunClient always tries to dial the statically configured auth server
first, before trying "discovered" ones.
The rationale is that --auth flag must override whatever dynamic auth
servers have been discovered (because sometimes their IPs are wrong, if
advertise-ip was misconfigured)
Closes #416
Fixes #416
2016-05-20 19:38:20 -07:00
Ev Kontsevoy
d7f756cac1
Auth server heartbeat presence cleanup
2016-05-20 17:14:04 -07:00
Ev Kontsevoy
3055285edd
Removed obsolete data files
2016-05-18 09:47:24 -07:00