You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The general purpose SSH server build atop Caddy in pure Go is finally here! 🎉 This has been the stress-reliever for so long, and it's finally good to share. Please read the announcement blog post for the rationale behind it and the implementation: Introducing Caddy SSH.
Here is a rundown its features:
Extensible core; almost everything is backed by Caddy modules implementing particular interfaces, which empowers the community to build modules to customize the server to their needs
The server configuration may be built and customized per session by utilizing the same concept of request matchers of Caddy's HTTP app. The current implementation only provides remote_ip and not matchers due to constraints of x/crypto/ssh, but we hope more connection context parameters are present at configuration time in the future.
If you're familiar with handlers from the HTTP app then you will not much out of your comfort zone. Their cousins in ssh app are called actors. There are currently 2 actors: static and shell.
If you're heavy user of tunnels, worry not. Forward and reverse tunnels are supported, and they can be protected behind asker modules as their authorization gate. There are currently deny and allow ask-ees.
Authorization is not limited to tunnels! While authentication flows can only filter out approved/disallowed groups and users, authorizer modules can use any parameter within the session context or outside of them. The app currently provides the following authorizers: public, reject, max_session, and chained.
Signers, aka hostkeys, can be sourced from anywhere if you just use the right module! File-backed hostkeys are commonly known, but what if we fetched them from Hashicorp Vault? Or get them from a microservice that implements custom logic for issuing hostkeys? It's all possible! The currently available implementations are: fallback which will look for existing hostkeys and will generate them if missing (only generates 4096-bit RSA and x25519), and file which is similar to our old friend.
The implementation packages are currently all under internal until the dust settles. Once we are a-ok 👍🏼 with the design and implementation, they will be exported outside of internal.
This discussion was created from the release v0.0.1.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
The general purpose SSH server build atop Caddy in pure Go is finally here! 🎉 This has been the stress-reliever for so long, and it's finally good to share. Please read the announcement blog post for the rationale behind it and the implementation: Introducing Caddy SSH.
Here is a rundown its features:
remote_ip
andnot
matchers due to constraints of x/crypto/ssh, but we hope more connection context parameters are present at configuration time in the future.handlers
from the HTTP app then you will not much out of your comfort zone. Their cousins inssh
app are calledactors
. There are currently 2 actors:static
andshell
.asker
modules as their authorization gate. There are currentlydeny
andallow
ask-ees.public
,reject
,max_session
, andchained
.fallback
which will look for existing hostkeys and will generate them if missing (only generates 4096-bit RSA and x25519), andfile
which is similar to our old friend.The implementation packages are currently all under
internal
until the dust settles. Once we are a-ok 👍🏼 with the design and implementation, they will be exported outside ofinternal
.This discussion was created from the release v0.0.1.
Beta Was this translation helpful? Give feedback.
All reactions