Adam Eijdenberg
5e34bd61c8
ssh/tailssh: limit setgroups to 16 on macOS
...
Fixes #4938
Signed-off-by: Adam Eijdenberg <adam@continusec.com>
(cherry picked from commit 9294a14a37
)
2022-07-05 09:56:51 -07:00
Adam Eijdenberg
0f8e4b22b1
ssh/tailssh: fix /usr/bin/login args on macOS
...
Fixes #4931
Signed-off-by: Adam Eijdenberg <adam@continusec.com>
(cherry picked from commit 7f807fef6c
)
2022-07-05 09:56:51 -07:00
Maisem Ali
760740905e
ssh/tailssh: only use login
with TTY sessions
...
Otherwise, the shell exits immediately causing applications like mosh
and VSCode to fail.
Signed-off-by: Maisem Ali <maisem@tailscale.com>
2022-05-28 21:03:40 +05:00
Maisem Ali
5cd56fe8d5
ssh/tailssh: exec into login
when launching a shell
...
This has the added benefit of displaying the MOTD and reducing our
dependency on the DBus interface.
Fixes #4627
Updates #3802
Signed-off-by: Maisem Ali <maisem@tailscale.com>
2022-05-09 19:17:52 -07:00
Maisem Ali
a253057fc3
ssh/tailssh: refactor incubator flags
...
Signed-off-by: Maisem Ali <maisem@tailscale.com>
2022-05-09 19:17:52 -07:00
David Anderson
a364bf2b62
ssh/tailssh: various typo fixes, clarifications.
...
Signed-off-by: David Anderson <danderson@tailscale.com>
2022-04-21 15:04:13 -07:00
Maisem Ali
337c77964b
ssh/tailssh: set groups and gid in the incubated process
...
Updates #3802
Signed-off-by: Maisem Ali <maisem@tailscale.com>
2022-04-21 14:48:34 -07:00
Brad Fitzpatrick
8ac4d52b59
ssh/tailssh: filter accepted environment variables
...
Noted by @danderson
Updates #3802
Change-Id: Iac70717ed57f11726209ac1ea93ddc6696605f94
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-04-21 14:44:46 -07:00
Maisem Ali
695f8a1d7e
ssh/tailssh: add support for sftp
...
Updates #3802
Signed-off-by: Maisem Ali <maisem@tailscale.com>
2022-04-21 10:52:22 -07:00
Maisem Ali
2b8b887d55
ssh/tailssh: send banner messages during auth, move more to conn
...
(VSCode Live Share between Brad & Maisem!)
Updates #3802
Change-Id: Id8edca4481b0811debfdf56d4ccb1a46f71dd6d3
Co-Authored-By: Brad Fitzpatrick <bradfitz@tailscale.com>
Signed-off-by: Maisem Ali <maisem@tailscale.com>
2022-04-20 18:34:11 -07:00
Brad Fitzpatrick
da14e024a8
tailcfg, ssh/tailssh: optionally support SSH public keys in wire policy
...
And clean up logging.
Updates #3802
Change-Id: I756dc2d579a16757537142283d791f1d0319f4f0
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-04-15 13:36:57 -07:00
Brad Fitzpatrick
5a44f9f5b5
tempfork: temporarily fork gliderlabs/ssh and x/crypto/ssh
...
While we rearrange/upstream things.
gliderlabs/ssh is forked into tempfork from our prior fork
at be8b7add40
x/crypto/ssh OTOH is forked at
https://github.com/tailscale/golang-x-crypto because it was gnarlier
to vendor with various internal packages, etc.
Its git history shows where it starts (2c7772ba30643b7a2026cbea938420dce7c6384d).
Updates #3802
Change-Id: I546e5cdf831cfc030a6c42557c0ad2c58766c65f
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-03-26 21:07:01 -07:00
Maisem Ali
98b45ef12c
ssh/tailssh: add support for agent forwarding.
...
Updates #3802
Signed-off-by: Maisem Ali <maisem@tailscale.com>
2022-03-14 13:38:53 -07:00
Brad Fitzpatrick
6e86bbcb06
ssh/tailssh: add a new sshSession type to clean up existing+future code
...
Updates #3802
Change-Id: I7054dca387f5e5aee1185937ecf41b77a5a07f1a
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
Co-authored-by: Maisem Ali <maisem@tailscale.com>
2022-03-14 12:01:49 -07:00
Maisem Ali
bf3559171f
ssh/tailssh: set DBUS_SESSION_BUS_ADDRESS and SSH_TTY variables
...
Updates #3802
Signed-off-by: Maisem Ali <maisem@tailscale.com>
2022-03-12 19:40:51 -08:00
Maisem Ali
6d61b7906e
ssh/tailssh: handle terminal opcodes
...
Updates #3802 #4146
Signed-off-by: Maisem Ali <maisem@tailscale.com>
2022-03-12 17:57:07 -08:00
Maisem Ali
da6ce27416
go.mod: move from github.com/gliderlabs/ssh to github.com/tailscale/ssh
...
Updates #4146
Signed-off-by: Maisem Ali <maisem@tailscale.com>
2022-03-12 17:57:07 -08:00
Brad Fitzpatrick
ba1adf6c24
ssh/tailssh: make pty termios options match OpenSSH
...
Still not sure the exact rules of how/when/who's supposed to set
these, but this works for now on making them match. Baby steps.
Will research more and adjust later.
Updates #4146 (but not enough to fix it, something's still wrong)
Updates #3802
Change-Id: I496d8cd7e31d45fe9ede88fc8894f35dc096de67
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-03-11 12:16:10 -08:00
Brad Fitzpatrick
1dd5cf62a5
ssh/tailssh: start login shell, fix arg passing, width/height mismatch
...
Updates #3802
Change-Id: I137d7a79195ee86d5dd7c8999f2797fc3cb57cec
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-03-10 20:11:41 -08:00
Maisem Ali
598c7a22e7
ssh/tailssh: use lu.Username not lu.Name.
...
Signed-off-by: Maisem Ali <maisem@tailscale.com>
2022-03-08 22:39:03 -08:00
Maisem Ali
06c147d848
ssh/tailssh: create login sessions for new connections
...
Signed-off-by: Maisem Ali <maisem@tailscale.com>
2022-03-08 21:47:19 -08:00