ContainerSSH Authentication Library

⚠⚠⚠ Deprecated: ⚠⚠⚠
This repository is deprecated in favor of libcontainerssh for ContainerSSH 0.5.

This library provides the server and client components for the authentication webhook

Creating a server

As a core component for your authentication server you will have to implement the Handler interface:

type myHandler struct {
}

func (h *myHandler) OnPassword(
    Username string,
    Password []byte,
    RemoteAddress string,
    ConnectionID string,
) (bool, error) {
    if Username == "foo" && string(Password) == "bar" {
        return true, nil
    }
    if Username == "crash" {
        // Simulate a database failure
        return false, fmt.Errorf("database error")
    }
    return false, nil
}

func (h *myHandler) OnPubKey(
    Username string,
    // PublicKey is the public key in the authorized key format.
    PublicKey string,
    RemoteAddress string,
    ConnectionID string,
) (bool, error) {
    // Handle public key auth here
}

Then you can use this handler to create a simple web server using the http library. The server requires using the lifecycle facility from the service library. You can create the server as follows:

server := auth.NewServer(
    http.ServerConfiguration{
        Listen: "127.0.0.1:8080",
    },
    &myHandler{},
    logger,
)

lifecycle := service.NewLifecycle(server)

go func() {
    if err := lifecycle.Run(); err != nil {
        // Handle error
    }
}

// When done, shut down server with an optional context for the shutdown deadline
lifecycle.Stop(context.Background())

The logger is a logger from the github.com/containerssh/log package. The server configuration optionally allows you to configure mutual TLS authentication. See the documentation for details.

You can also use the authentication handler with the native Go HTTP library:

func main() {
    logger := log.New(...)
    httpHandler := auth.NewHandler(&myHandler{}, logger)
    http.Handle("/auth", httpHandler)
    http.ListenAndServe(":8090", nil)
}

Creating a client

This library also provides a HTTP client for authentication servers. This library can be used as follows:

client := auth.NewHttpAuthClient(
    auth.ClientConfig{
        URL: "http://localhost:8080"
        Password: true,
        PubKey: false,
        // This is the timeout for individual requests.
        Timeout: 2 * time.Second,
        // This is the overall timeout for the authentication process.
        AuthTimeout: 60 * time.Second,
    },
    logger,
)

success, err := client.Password(
    "foo",
    []byte("bar"),
    "0123456789ABCDEF",
    ip
) (bool, error)

success, err := client.PubKey(
    "foo",
    "ssh-rsa ...",
    "0123456789ABCDEF",
    ip
) (bool, error)

Name		Name	Last commit message	Last commit date
Latest commit History 39 Commits
.github		.github
.gitignore		.gitignore
.golangci.yml		.golangci.yml
CHANGELOG.md		CHANGELOG.md
CODES.md		CODES.md
CODE_OF_CONDUCT.md		CODE_OF_CONDUCT.md
CONTRIBUTING.md		CONTRIBUTING.md
LICENSE.md		LICENSE.md
METRICS.md		METRICS.md
README.md		README.md
SECURITY.md		SECURITY.md
client.go		client.go
client_config.go		client_config.go
client_factory.go		client_factory.go
client_impl.go		client_impl.go
client_test.go		client_test.go
codes.go		codes.go
codes_doc.go		codes_doc.go
go.mod		go.mod
go.sum		go.sum
handler.go		handler.go
handler_factory.go		handler_factory.go
handler_impl.go		handler_impl.go
integration_test.go		integration_test.go
metrics.go		metrics.go
protocol.go		protocol.go
server.go		server.go

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

ContainerSSH Authentication Library

Creating a server

Creating a client

About

Releases 10

Contributors 2

Languages

License

ContainerSSH/auth

Folders and files

Latest commit

History

Repository files navigation

ContainerSSH Authentication Library

Creating a server

Creating a client

About

Topics

Resources

License

Code of conduct

Security policy

Stars

Watchers

Forks

Releases 10

Contributors 2

Languages