Brad Fitzpatrick
0861923c21
ssh/tailssh, tailcfg: add more HoldAndDelegate expansions, document
...
Updates #3802
Change-Id: I447f06b49e2a917bffe36881d0634c9195085512
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-03-22 17:56:45 -07:00
Brad Fitzpatrick
091ea4a4a5
ssh/tailssh: support placeholders in SSHAction.HoldAndDelegate URL
...
Updates #3802
Change-Id: I60f9827409d14fd4f4824d102ba11db49bf0d365
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-03-22 16:02:40 -07:00
Brad Fitzpatrick
f7e976db55
tailcfg, ssh/tailssh: make SSHUser value '=' map ssh-user to same local-user
...
Updates #3802
Change-Id: Icde60d4150ca15c25d615a4effb3d3c236f020a8
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-03-21 10:49:37 -07:00
Brad Fitzpatrick
f30473211b
ssh/tailssh: start of implementing optional session recording
...
To asciinema cast format.
Updates #3802
Change-Id: Ifd3ea31922cd2c99068369cb1650e21f2545b0e1
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-03-19 12:59:51 -07:00
Josh Bleecher Snyder
32fd42430b
all: use cibuild.On
...
Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
2022-03-18 15:19:26 -07:00
Maisem Ali
b775df0b57
ssh/tailssh_test: skip TestSSH/stdin in CI
...
Updates #4051
Signed-off-by: Maisem Ali <maisem@tailscale.com>
2022-03-18 10:57:12 -07:00
Maisem Ali
1e12a29806
ssh/tailssh_test: Skip the env test in CI
...
Updates #4051
Signed-off-by: Maisem Ali <maisem@tailscale.com>
2022-03-17 14:34:49 -07:00
Josh Bleecher Snyder
0868329936
all: use any instead of interface{}
...
My favorite part of generics.
Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
2022-03-17 11:35:09 -07:00
Maisem Ali
45a7f6689c
tailcfg: add field to allow LocalPortForwarding in SSHAction
...
Updates #3802 , #4129
Signed-off-by: Maisem Ali <maisem@tailscale.com>
2022-03-14 13:39:42 -07:00
Maisem Ali
98b45ef12c
ssh/tailssh: add support for agent forwarding.
...
Updates #3802
Signed-off-by: Maisem Ali <maisem@tailscale.com>
2022-03-14 13:38:53 -07:00
Brad Fitzpatrick
6e86bbcb06
ssh/tailssh: add a new sshSession type to clean up existing+future code
...
Updates #3802
Change-Id: I7054dca387f5e5aee1185937ecf41b77a5a07f1a
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
Co-authored-by: Maisem Ali <maisem@tailscale.com>
2022-03-14 12:01:49 -07:00
Maisem Ali
462e75666b
ssh/tailssh: start sending the server version
...
Updates #3802
Signed-off-by: Maisem Ali <maisem@tailscale.com>
2022-03-12 19:40:51 -08:00
Maisem Ali
bf3559171f
ssh/tailssh: set DBUS_SESSION_BUS_ADDRESS and SSH_TTY variables
...
Updates #3802
Signed-off-by: Maisem Ali <maisem@tailscale.com>
2022-03-12 19:40:51 -08:00
Maisem Ali
6d61b7906e
ssh/tailssh: handle terminal opcodes
...
Updates #3802 #4146
Signed-off-by: Maisem Ali <maisem@tailscale.com>
2022-03-12 17:57:07 -08:00
Maisem Ali
da6ce27416
go.mod: move from github.com/gliderlabs/ssh to github.com/tailscale/ssh
...
Updates #4146
Signed-off-by: Maisem Ali <maisem@tailscale.com>
2022-03-12 17:57:07 -08:00
Brad Fitzpatrick
012098ec32
ssh/tailssh: fix terminal corruption (temporary hack)
...
Maisem figured out the real problem but will take several commits
(e.g. tailscale/ssh#2 ) in different repos to get it fixed
properly. This is an interim hack.
Details of real fix:
https://github.com/tailscale/tailscale/issues/4146#issuecomment-1065952947
Updates #4146
Updates #3802
Change-Id: I7b7dc5713baa3e5de75b87b69e7179a6e7549b0b
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-03-12 14:19:45 -08:00
Brad Fitzpatrick
ba1adf6c24
ssh/tailssh: make pty termios options match OpenSSH
...
Still not sure the exact rules of how/when/who's supposed to set
these, but this works for now on making them match. Baby steps.
Will research more and adjust later.
Updates #4146 (but not enough to fix it, something's still wrong)
Updates #3802
Change-Id: I496d8cd7e31d45fe9ede88fc8894f35dc096de67
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-03-11 12:16:10 -08:00
Brad Fitzpatrick
1dd5cf62a5
ssh/tailssh: start login shell, fix arg passing, width/height mismatch
...
Updates #3802
Change-Id: I137d7a79195ee86d5dd7c8999f2797fc3cb57cec
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-03-10 20:11:41 -08:00
Brad Fitzpatrick
efc48b0578
ssh/tailssh, ipnlocal, controlclient: fetch next SSHAction from network
...
Updates #3802
Change-Id: I08e98805ab86d6bbabb6c365ed4526f54742fd8e
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-03-10 13:41:08 -08:00
Maisem Ali
56bf2ce642
ssh/tailssh: handle local port forwarding
...
Updates #3802
Signed-off-by: Maisem Ali <maisem@tailscale.com>
2022-03-09 11:31:04 -08:00
Maisem Ali
598c7a22e7
ssh/tailssh: use lu.Username not lu.Name.
...
Signed-off-by: Maisem Ali <maisem@tailscale.com>
2022-03-08 22:39:03 -08:00
Maisem Ali
06c147d848
ssh/tailssh: create login sessions for new connections
...
Signed-off-by: Maisem Ali <maisem@tailscale.com>
2022-03-08 21:47:19 -08:00
Brad Fitzpatrick
c9a5dadce8
ssh/tailssh: skip flaky test on CI for now
...
Updates #4051
Change-Id: I94f2165dd248eba9ca3f782c907a13bd6dde4a5e
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-03-01 19:57:07 -08:00
Maisem Ali
497324ddf6
ipn/store: add common package for instantiating ipn.StateStores
...
Also move KubeStore and MemStore into their own package.
RELNOTE: tsnet now supports providing a custom ipn.StateStore.
Signed-off-by: Maisem Ali <maisem@tailscale.com>
2022-02-28 13:23:33 -08:00
Brad Fitzpatrick
4b50977422
ssh/tailssh: add more SSH tests, blend in env from ssh session
...
Updates #3802
Change-Id: I568c661cacbb0524afcd8be9577457ddba611f19
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-02-24 16:02:01 -08:00
Brad Fitzpatrick
4cbdc84d27
cmd/tailscaled/childproc: add be-child registration mechanism
...
For ssh and maybe windows service babysitter later.
Updates #3802
Change-Id: I7492b98df98971b3fb72d148ba92c2276cca491f
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-02-24 14:20:20 -08:00
Brad Fitzpatrick
6e4f3614cf
ssh/tailssh: add start of real ssh tests
...
Updates #3802
Change-Id: I9aea4250062d3a06ca7a5e71a81d31c27a988615
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-02-24 14:13:12 -08:00
Brad Fitzpatrick
c9eca9451a
ssh: make it build on darwin
...
For local dev testing initially. Product-wise, it'll probably only be
workable on the two unsandboxed builds.
Updates #3802
Change-Id: Ic352f966e7fb29aff897217d79b383131bf3f92b
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-02-24 13:00:45 -08:00
Brad Fitzpatrick
cce6aad6c0
ssh/tailssh: fix non-interactive commands as non-root user
...
Updates #3802
Change-Id: I89a3f14420b8782bc407b1939dce54a1d24636da
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-02-24 12:13:16 -08:00
Brad Fitzpatrick
e2ed06c53c
ssh/tailssh: break a method into half in prep for testing
...
And add a private context type in the process.
Updates #3802
Change-Id: I257187f4cfb0f2248d95b81c1dfe0911ef203b60
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-02-24 09:59:00 -08:00
Brad Fitzpatrick
1b5bb2e81d
ssh/tailssh: rename sshContext to sshConnInfo
...
So it's not confused for a context.Context and we can add contexts
later and not look like we have two.
Updates #3802
Change-Id: Icf229ae2c020d173f3cbf09a13ccd03a60cbb85e
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-02-24 09:06:21 -08:00
Brad Fitzpatrick
3c2cd854be
ssh/tailssh: flesh out env, support non-pty commands
...
Updates #3802
Change-Id: I7022460117542a5424919144828bf571c7c19ec0
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-02-23 15:00:41 -08:00
Brad Fitzpatrick
03caa95bf2
ssh/tailssh: get login shell when running as non-root
...
And also reject attempts to use other users.
Updates #3802
Change-Id: Iddc85f6ea2dba17d12be66a50408d24c1f92833e
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-02-18 19:22:11 -08:00
Brad Fitzpatrick
e1e20f6d39
ssh/tailssh: evaluate tailcfg.SSHPolicy on incoming connections
...
Updates #3802
Fixes #3960
Change-Id: Ieda2007d462ddce6c217b958167417ae9755774e
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-02-18 18:07:39 -08:00
Brad Fitzpatrick
bb93e29d5c
tailcfg, ipn/ipnlocal: add Hostinfo.SSH_HostKeys, send when SSH enabled
...
(The name SSH_HostKeys is bad but SSHHostKeys is worse.)
Updates #3802
Change-Id: I2a889019c9e8b065b668dd58140db4fcab868a91
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-02-17 15:46:57 -08:00
Brad Fitzpatrick
fbff1555fc
ipnlocal, tailssh: start moving host key stuff into the right spot
...
Make tailssh ask LocalBackend for the SSH hostkeys, as we'll need to
distribute them to peers.
For now only the hacky use-same-as-actual-host mode is implemented.
Updates #3802
Change-Id: I819dcb25c14e42e6692c441186c1dc744441592b
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-02-17 14:01:50 -08:00
Brad Fitzpatrick
1b87e025e9
ssh/tailssh: move SSH code from wgengine/netstack to this new package
...
Still largely incomplete, but in a better home now.
Updates #3802
Change-Id: I46c5ffdeb12e306879af801b06266839157bc624
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-02-15 12:21:01 -08:00