mirrors/tailscale
1
0
Fork 0
mirror of https://github.com/tailscale/tailscale.git synced 2025-10-31 16:22:03 +01:00
Code Issues Packages Projects Releases Wiki Activity
9,760 Commits 935 Branches 198 Tags
Commit Graph

78 Commits

Author SHA1 Message Date
Brad Fitzpatrick
7eaf5e509f net/netaddr: start migrating to net/netip via new netaddr adapter package 
Updates #5162

Change-Id: Id7bdec303b25471f69d542f8ce43805328d56c12
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2022-07-25 16:20:43 -07:00
Maisem Ali
480fd6c797 ssh/tailssh: handle not-authenticated-yet connections in matchRule 
Also make more fields in conn.info thread safe, there was previously a
data race here.

Fixes #5110

Signed-off-by: Maisem Ali <maisem@tailscale.com>
 2022-07-21 12:42:31 -07:00
Maisem Ali
c434e47f2d ssh/tailssh: always use current time for policy evaluation 
Whenever the SSH policy changes we revaluate all open connections to
make sure they still have access. This check was using the wrong
timestamp and would match against expired policies, however this really
isn't a problem today as we don't have policy that would be impacted by
this check. Fixing it for future use.

Signed-off-by: Maisem Ali <maisem@tailscale.com>
 2022-06-27 12:25:04 -07:00
Maisem Ali
a7d2024e35 ssh/tailssh: allow multiple sessions on the same conn 
Fixes #4920
Fixes tailscale/corp#5633
Updates #4479

Signed-off-by: Maisem Ali <maisem@tailscale.com>
 2022-06-27 11:54:54 -07:00
James Tucker
c2eff20008 ssh/tailssh: avoid user ssh configuration in tests 
Signed-off-by: James Tucker <james@tailscale.com>
 2022-04-21 19:17:34 -07:00
Brad Fitzpatrick
8ac4d52b59 ssh/tailssh: filter accepted environment variables 
Noted by @danderson

Updates #3802

Change-Id: Iac70717ed57f11726209ac1ea93ddc6696605f94
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2022-04-21 14:44:46 -07:00
Maisem Ali
2b8b887d55 ssh/tailssh: send banner messages during auth, move more to conn 
(VSCode Live Share between Brad & Maisem!)

Updates #3802

Change-Id: Id8edca4481b0811debfdf56d4ccb1a46f71dd6d3
Co-Authored-By: Brad Fitzpatrick <bradfitz@tailscale.com>
Signed-off-by: Maisem Ali <maisem@tailscale.com>
 2022-04-20 18:34:11 -07:00
Brad Fitzpatrick
f74ee80abe ssh/tailssh: support expansions in public key fetch URL too 
Updates #3802

Change-Id: I5aa98bdab14fd1c1c00ba63b93f8d7e670f72437
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2022-04-20 14:04:50 -07:00
Maisem Ali
14d077fc3a ssh/tailssh: terminate ssh auth early if no policy can match 
Also bump github.com/tailscale/golang-x-crypto/ssh

Updates #3802

Signed-off-by: Maisem Ali <maisem@tailscale.com>
 2022-04-20 13:44:04 -07:00
Brad Fitzpatrick
93221b4535 ssh/tailssh: cache public keys fetched from URLs 
Updates #3802

Change-Id: I96715bae02bce6ea19f16b1736d1bbcd7bcf3534
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2022-04-18 07:46:38 -07:00
Brad Fitzpatrick
da14e024a8 tailcfg, ssh/tailssh: optionally support SSH public keys in wire policy 
And clean up logging.

Updates #3802

Change-Id: I756dc2d579a16757537142283d791f1d0319f4f0
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2022-04-15 13:36:57 -07:00
Brad Fitzpatrick
5a44f9f5b5 tempfork: temporarily fork gliderlabs/ssh and x/crypto/ssh 
While we rearrange/upstream things.

gliderlabs/ssh is forked into tempfork from our prior fork
at be8b7add40

x/crypto/ssh OTOH is forked at
https://github.com/tailscale/golang-x-crypto because it was gnarlier
to vendor with various internal packages, etc.
Its git history shows where it starts (2c7772ba30643b7a2026cbea938420dce7c6384d).

Updates #3802

Change-Id: I546e5cdf831cfc030a6c42557c0ad2c58766c65f
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2022-03-26 21:07:01 -07:00
Brad Fitzpatrick
091ea4a4a5 ssh/tailssh: support placeholders in SSHAction.HoldAndDelegate URL 
Updates #3802

Change-Id: I60f9827409d14fd4f4824d102ba11db49bf0d365
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2022-03-22 16:02:40 -07:00
Brad Fitzpatrick
f7e976db55 tailcfg, ssh/tailssh: make SSHUser value '=' map ssh-user to same local-user 
Updates #3802

Change-Id: Icde60d4150ca15c25d615a4effb3d3c236f020a8
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2022-03-21 10:49:37 -07:00
Josh Bleecher Snyder
32fd42430b all: use cibuild.On 
Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
 2022-03-18 15:19:26 -07:00
Maisem Ali
b775df0b57 ssh/tailssh_test: skip TestSSH/stdin in CI 
Updates #4051

Signed-off-by: Maisem Ali <maisem@tailscale.com>
 2022-03-18 10:57:12 -07:00
Maisem Ali
1e12a29806 ssh/tailssh_test: Skip the env test in CI 
Updates #4051

Signed-off-by: Maisem Ali <maisem@tailscale.com>
 2022-03-17 14:34:49 -07:00
Brad Fitzpatrick
6e86bbcb06 ssh/tailssh: add a new sshSession type to clean up existing+future code 
Updates #3802

Change-Id: I7054dca387f5e5aee1185937ecf41b77a5a07f1a
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
Co-authored-by: Maisem Ali <maisem@tailscale.com>
 2022-03-14 12:01:49 -07:00
Maisem Ali
da6ce27416 go.mod: move from github.com/gliderlabs/ssh to github.com/tailscale/ssh 
Updates #4146

Signed-off-by: Maisem Ali <maisem@tailscale.com>
 2022-03-12 17:57:07 -08:00
Maisem Ali
56bf2ce642 ssh/tailssh: handle local port forwarding 
Updates #3802

Signed-off-by: Maisem Ali <maisem@tailscale.com>
 2022-03-09 11:31:04 -08:00
Maisem Ali
06c147d848 ssh/tailssh: create login sessions for new connections 
Signed-off-by: Maisem Ali <maisem@tailscale.com>
 2022-03-08 21:47:19 -08:00
Brad Fitzpatrick
c9a5dadce8 ssh/tailssh: skip flaky test on CI for now 
Updates #4051

Change-Id: I94f2165dd248eba9ca3f782c907a13bd6dde4a5e
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2022-03-01 19:57:07 -08:00
Maisem Ali
497324ddf6 ipn/store: add common package for instantiating ipn.StateStores 
Also move KubeStore and MemStore into their own package.

RELNOTE: tsnet now supports providing a custom ipn.StateStore.

Signed-off-by: Maisem Ali <maisem@tailscale.com>
 2022-02-28 13:23:33 -08:00
Brad Fitzpatrick
4b50977422 ssh/tailssh: add more SSH tests, blend in env from ssh session 
Updates #3802

Change-Id: I568c661cacbb0524afcd8be9577457ddba611f19
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2022-02-24 16:02:01 -08:00
Brad Fitzpatrick
6e4f3614cf ssh/tailssh: add start of real ssh tests 
Updates #3802

Change-Id: I9aea4250062d3a06ca7a5e71a81d31c27a988615
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2022-02-24 14:13:12 -08:00
Brad Fitzpatrick
c9eca9451a ssh: make it build on darwin 
For local dev testing initially. Product-wise, it'll probably only be
workable on the two unsandboxed builds.

Updates #3802

Change-Id: Ic352f966e7fb29aff897217d79b383131bf3f92b
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2022-02-24 13:00:45 -08:00
Brad Fitzpatrick
1b5bb2e81d ssh/tailssh: rename sshContext to sshConnInfo 
So it's not confused for a context.Context and we can add contexts
later and not look like we have two.

Updates #3802

Change-Id: Icf229ae2c020d173f3cbf09a13ccd03a60cbb85e
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2022-02-24 09:06:21 -08:00
Brad Fitzpatrick
e1e20f6d39 ssh/tailssh: evaluate tailcfg.SSHPolicy on incoming connections 
Updates #3802
Fixes #3960

Change-Id: Ieda2007d462ddce6c217b958167417ae9755774e
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2022-02-18 18:07:39 -08:00