ssh with go ssh with go
play

SSH with Go SSH with Go GoSF Meetup GoSF Meetup 25 August 2016 - PowerPoint PPT Presentation

Aug 26, 2023 •368 likes •538 views

SSH with Go SSH with Go GoSF Meetup GoSF Meetup 25 August 2016 25 August 2016 Chris Roche Chris Roche Software Engineer, Lyft Software Engineer, Lyft Who am I? Who am I? Core Services Team at Lyft Core Services Team at Lyft Libraries

  1. SSH with Go SSH with Go GoSF Meetup GoSF Meetup 25 August 2016 25 August 2016 Chris Roche Chris Roche Software Engineer, Lyft Software Engineer, Lyft

  2. Who am I? Who am I? Core Services Team at Lyft Core Services Team at Lyft Libraries Libraries Previously, Core Platform & DevOps at VSCO Previously, Core Platform & DevOps at VSCO Services Services Libraries Libraries Deployment/Infrastructure Tools Deployment/Infrastructure Tools

  3. Why not just `ssh example.com`? Why not just `ssh example.com`?

  4. Because golang.org/x/crypto/ssh gives you: Because golang.org/x/crypto/ssh gives you: Cross platform code Cross platform code Testability Testability Better error handling Better error handling More capabilities More capabilities Ergonomics: Ergonomics: Either: Either: $ ssh -o ProxyCommand='ssh proxy.example.com nc example.com 22' example.com $ ssh -o ProxyCommand='ssh proxy.example.com nc example.com 22' example.com Or: Or: $ sshThru proxy.example.com example.com $ sshThru proxy.example.com example.com

  5. Opening A Connection Opening A Connection func Connect(host string, methods ...ssh.AuthMethod) (*ssh.Client, error) { func Connect(host string, methods ...ssh.AuthMethod) (*ssh.Client, error) { cfg := ssh.ClientConfig{ cfg := ssh.ClientConfig{ User: "chris", User: "chris", Auth: methods, Auth: methods, } } return ssh.Dial("tcp", host, &cfg) return ssh.Dial("tcp", host, &cfg) } } Can also specify timeouts, host checks, & more SSH goodies Can also specify timeouts, host checks, & more SSH goodies Each AuthMethod AuthMethod is attempted in order is attempted in order Each Handful of types: Handful of types: ssh.Password // static secret ssh.Password // static secret ssh.PasswordCallback // ask the user ssh.PasswordCallback // ask the user ssh.KeyboardInteractive // server-provided prompts ssh.KeyboardInteractive // server-provided prompts ssh.RetryableAuthMethod // decorator for above ssh.RetryableAuthMethod // decorator for above ssh.PublicKeys // key pairs ssh.PublicKeys // key pairs ssh.PublicKeysCallback // SSH-Agent ssh.PublicKeysCallback // SSH-Agent

  6. Authentication Methods Authentication Methods func KeyPair(keyFile string) (ssh.AuthMethod, error) { func KeyPair(keyFile string) (ssh.AuthMethod, error) { pem, err := ioutil.ReadFile(keyFile) pem, err := ioutil.ReadFile(keyFile) if err != nil { if err != nil { return nil, err return nil, err } } key, err := ssh.ParsePrivateKey(pem) key, err := ssh.ParsePrivateKey(pem) if err != nil { if err != nil { return nil, err return nil, err } } return ssh.PublicKeys(key), nil return ssh.PublicKeys(key), nil } } func SSHAgent() (ssh.AuthMethod, error) { func SSHAgent() (ssh.AuthMethod, error) { agentSock, err := net.Dial("unix", os.Getenv("SSH_AUTH_SOCK")) agentSock, err := net.Dial("unix", os.Getenv("SSH_AUTH_SOCK")) if err != nil { if err != nil { return nil, err return nil, err } } return ssh.PublicKeysCallback(agent.NewClient(agentSock).Signers), nil return ssh.PublicKeysCallback(agent.NewClient(agentSock).Signers), nil } }

  7. Auth + Connect Auth + Connect agent, err := SSHAgent() agent, err := SSHAgent() // handle error // handle error keyPair, err := KeyPair("/home/chris/.ssh/id_rsa") keyPair, err := KeyPair("/home/chris/.ssh/id_rsa") // handle error // handle error client, err := Connect("example.com:22", agent, keyPair) client, err := Connect("example.com:22", agent, keyPair) // handle error // handle error defer client.Close() defer client.Close() Don't forget Don't forget client.Close() client.Close() ! ! Need crypto/x509 crypto/x509 if keys are password-protected / PKCS8 if keys are password-protected / PKCS8 Need

  8. Run Command Run Command sess, err := client.NewSession() sess, err := client.NewSession() // handle error // handle error defer sess.Close() defer sess.Close() sess.Stdout = os.Stdout sess.Stdout = os.Stdout sess.Setenv("LS_COLORS", os.Getenv("LS_COLORS")) sess.Setenv("LS_COLORS", os.Getenv("LS_COLORS")) err = sess.Run("ls -lah") err = sess.Run("ls -lah") // handle error // handle error One command or shell, one One command or shell, one ssh.Session ssh.Session Similar API to os/exec.Cmd os/exec.Cmd Similar API to Don't forget sess.Close() sess.Close() ! ! Don't forget

  9. Open Shell Open Shell sess.Stdin = os.Stdin sess.Stdin = os.Stdin sess.Stdout = os.Stdout sess.Stdout = os.Stdout sess.Stderr = os.Stderr sess.Stderr = os.Stderr modes := ssh.TerminalModes{ modes := ssh.TerminalModes{ ssh.ECHO: 1, // please print what I type ssh.ECHO: 1, // please print what I type ssh.ECHOCTL: 0, // please don't print control chars ssh.ECHOCTL: 0, // please don't print control chars ssh.TTY_OP_ISPEED: 115200, // baud in ssh.TTY_OP_ISPEED: 115200, // baud in ssh.TTY_OP_OSPEED: 115200, // baud out ssh.TTY_OP_OSPEED: 115200, // baud out } } termFD := int(os.Stdin.Fd()) termFD := int(os.Stdin.Fd()) w, h, _ := terminal.GetSize(termFD) w, h, _ := terminal.GetSize(termFD) termState, _ := terminal.MakeRaw(termFD) termState, _ := terminal.MakeRaw(termFD) defer terminal.Restore(termFD, termState) defer terminal.Restore(termFD, termState) sess.RequestPty("xterm-256color", h, w, modes) sess.RequestPty("xterm-256color", h, w, modes) sess.Shell() sess.Shell() sess.Wait() sess.Wait()

  10. Proxy Through Bastion Proxy Through Bastion func Proxy(bastion *ssh.Client, host string, clientCfg *ssh.ClientConfig) *ssh.Client { func Proxy(bastion *ssh.Client, host string, clientCfg *ssh.ClientConfig) *ssh.Client { netConn, _ := bastion.Dial("tcp", host) netConn, _ := bastion.Dial("tcp", host) conn, chans, reqs, _ := ssh.NewClientConn(netConn, host, clientCfg) conn, chans, reqs, _ := ssh.NewClientConn(netConn, host, clientCfg) return ssh.NewClient(conn, chans, reqs) return ssh.NewClient(conn, chans, reqs) } }

  11. Multiplex Commands Multiplex Commands func TailLog(name string, client *ssh.Client, lines chan<- string) { func TailLog(name string, client *ssh.Client, lines chan<- string) { sess, _ := client.NewSession() sess, _ := client.NewSession() defer sess.Close() defer sess.Close() out, _ := sess.StdoutPipe() out, _ := sess.StdoutPipe() scanner := bufio.NewScanner(out) scanner := bufio.NewScanner(out) scanner.Split(bufio.ScanLines) scanner.Split(bufio.ScanLines) sess.Start("tail -f /var/log/app.log") sess.Start("tail -f /var/log/app.log") for scanner.Scan() { for scanner.Scan() { lines <- fmt.Sprintf("[%s] %s", name, scanner.Text()) lines <- fmt.Sprintf("[%s] %s", name, scanner.Text()) } } sess.Wait() sess.Wait() } }

  12. Multiplex Commands Multiplex Commands func MultiTail(bastion *ssh.Client, hosts []string, cfg *ssh.ClientConfig) { func MultiTail(bastion *ssh.Client, hosts []string, cfg *ssh.ClientConfig) { lines := make(chan string) lines := make(chan string) for _, remote := range hosts { for _, remote := range hosts { go TailLog( go TailLog( remote, remote, Proxy(bastion, remote, cfg), Proxy(bastion, remote, cfg), lines, lines, ) ) } } for l := range lines { for l := range lines { log.Print(l) log.Print(l) } } } }

  13. Tunnel Tunnel func Tunnel(client *ssh.Client, localHost, remoteHost string) { func Tunnel(client *ssh.Client, localHost, remoteHost string) { listener, _ := net.Listen("tcp", localHost) listener, _ := net.Listen("tcp", localHost) defer listener.Close() defer listener.Close() for { for { localConn, _ := listener.Accept() localConn, _ := listener.Accept() remoteConn, _ := client.Dial("tcp", remoteHost) remoteConn, _ := client.Dial("tcp", remoteHost) go copy(localConn, remoteConn) go copy(localConn, remoteConn) go copy(remoteConn, localConn) go copy(remoteConn, localConn) } } } }

  14. Reverse Tunnel / Proxy Reverse Tunnel / Proxy func ReverseTunnel(client *ssh.Client, remoteHost string) { func ReverseTunnel(client *ssh.Client, remoteHost string) { listener, _ := client.Listen("tcp", remoteHost) listener, _ := client.Listen("tcp", remoteHost) defer listener.Close() defer listener.Close() handler := func(res http.ResponseWriter, req *http.Request) { handler := func(res http.ResponseWriter, req *http.Request) { fmt.Fprint(res, "Hello, GoSF!") fmt.Fprint(res, "Hello, GoSF!") } } http.Serve(listener, http.HandlerFunc(handler)) http.Serve(listener, http.HandlerFunc(handler)) } }

  15. Thank you Thank you Chris Roche Chris Roche Software Engineer, Lyft Software Engineer, Lyft http://rodaine.com (http://rodaine.com) http://rodaine.com (http://rodaine.com) http://github.com/rodaine (http://github.com/rodaine) http://github.com/rodaine (http://github.com/rodaine) @rodaine (http://twitter.com/rodaine) @rodaine (http://twitter.com/rodaine)

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

CACHE-TIMING ATTACKS ON RSA KEY GENERATION Conference on Cryptographic Hardware and Embedded

CACHE-TIMING ATTACKS ON RSA KEY GENERATION Conference on Cryptographic Hardware and Embedded

CACHE-TIMING ATTACKS ON RSA KEY GENERATION Conference on Cryptographic Hardware and Embedded Systems (CHES) 2019 Alejandro Cabrera Aldaya 1 , Cesar Pereida Garca 2 , Luis Manuel Alvarez Tapia 1 , Billy Bob Brumley 2 , {aldaya,

371 views • 21 slides
DIGITALLY DRIVEN WORLD In todays digitized world, connecting its systems is a must for any

DIGITALLY DRIVEN WORLD In todays digitized world, connecting its systems is a must for any

SSO . SINGLE SIGN ON ACROSS DRUPAL 8. I w a n t h a L e k a m g e | A s s o c i a t e T e c h n i c a l L e a d | W S O 2 DIGITALLY DRIVEN WORLD In todays digitized world, connecting its systems is a must for any organization.

674 views • 30 slides
Models for LTI systems LTI system stands for linear time invariant system Model describing LTI

Models for LTI systems LTI system stands for linear time invariant system Model describing LTI

Models for LTI systems LTI system stands for linear time invariant system Model describing LTI system using an input-output relation y k = G ( q ) u k + H ( q ) e k with output (time) series y = { y k : k = 0 , 1 , . . . , N } input (time) series

1.28k views • 91 slides
Email Security Guevara Noubir Network Security Northeastern

Email Security Guevara Noubir Network Security Northeastern

Email Security Guevara Noubir Network Security Northeastern University Email Security 1 Email One of the most widely used applica&gt;ons of the

360 views • 14 slides
Closed-Loop Applicability of the Sign-Perturbed Sums Method aji 1 Erik Weyer 2 Bal azs Csan

Closed-Loop Applicability of the Sign-Perturbed Sums Method aji 1 Erik Weyer 2 Bal azs Csan

Closed-Loop Applicability of the Sign-Perturbed Sums Method aji 1 Erik Weyer 2 Bal azs Csan ad Cs 1 Institute for Computer Science and Control (SZTAKI), Hungarian Academy of Sciences, Hungary 2 Department of Electrical and Electronic

766 views • 21 slides
SSL and IPSec CS461/ECE422 Fall 2010 Based on slides provided by Matt Bishop for use with

SSL and IPSec CS461/ECE422 Fall 2010 Based on slides provided by Matt Bishop for use with

SSL and IPSec CS461/ECE422 Fall 2010 Based on slides provided by Matt Bishop for use with Computer Slide #11-1 Security: Art and Science Reading Chapter 11 in Computer Science: Art and Science Stallings book Can also look at

628 views • 58 slides
Detection and Incident Response With osquery Javier Marcos @javutin $ whoami Security

Detection and Incident Response With osquery Javier Marcos @javutin $ whoami Security

Detection and Incident Response With osquery Javier Marcos @javutin $ whoami Security Engineer/Incident Responder Open source contributor (github.com/javuto) Former IBM, Facebook, Uber and Airbnb Current BitMEX Agenda Part 1:

981 views • 59 slides
InRouter300 Compact Industrial LTE Router September 2020 Speakers Louis Tao Zilla Li Business

InRouter300 Compact Industrial LTE Router September 2020 Speakers Louis Tao Zilla Li Business

InRouter300 Compact Industrial LTE Router September 2020 Speakers Louis Tao Zilla Li Business Development Manager, Europe Technical Support 2 Contents About InHand Networks Introducing InRouter300 Applications Selection Guide Q &amp; A

622 views • 33 slides
Issues with XML-Signature Syntax and Processing and Rectifying Approaches Jeff Hodges, Scott

Issues with XML-Signature Syntax and Processing and Rectifying Approaches Jeff Hodges, Scott

Issues with XML-Signature Syntax and Processing and Rectifying Approaches Jeff Hodges, Scott Cantor XMLdsig Workshop Mtv View 25-Sep-2007 Not about performance, per se Position paper was grouped under the title of performance, but

84 views • 6 slides
Language Technology: Research and Development Science and Research Sara Stymne Uppsala

Language Technology: Research and Development Science and Research Sara Stymne Uppsala

Language Technology: Research and Development Science and Research Sara Stymne Uppsala University Department of Linguistics and Philology sara.stymne@lingfil.uu.se Language Technology: Research and Development Research and Development

777 views • 50 slides
Course Home Page Course Design Course Structure main source reading-intensive course

Course Home Page Course Design Course Structure main source reading-intensive course

Course Home Page Course Design Course Structure main source reading-intensive course lectures/readings readings, lecture slides, all information reading front-loaded in first 9 weeks weeks 1-9 (no classes week 8) (less than in past: using

755 views • 4 slides
BY T- INVARIANTS Monika Heiner INRIA / Rocquencourt, projet CONTRAINTES on sabbatical leave

BY T- INVARIANTS Monika Heiner INRIA / Rocquencourt, projet CONTRAINTES on sabbatical leave

MOCA W ORKSHOP , P ARIS , J UNE 2007 PN &amp; Systems Biology M ODULARIZATION BY T- INVARIANTS Monika Heiner INRIA / Rocquencourt, projet CONTRAINTES on sabbatical leave from BTU Cottbus, Dept. of CS monika.heiner@informatik.tu-cottbus.de

407 views • 11 slides
CSPSAT Projects and My Research Topics . Takehide Soh March 18, 2014 at NII Takehide Soh

CSPSAT Projects and My Research Topics . Takehide Soh March 18, 2014 at NII Takehide Soh

Outline . CSPSAT Projects and My Research Topics . Takehide Soh March 18, 2014 at NII Takehide Soh CSPSAT Projects and My Research Topics Outline . Self Introduction . . . 2008.04-2011.11 1 SOKENDAI, Ph.D., in Inoue Lab. Studied

689 views • 22 slides
Atomtronics: Probing Mesoscopic Transport with Ultracold Atoms Kunal K. Das Kutztown University

Atomtronics: Probing Mesoscopic Transport with Ultracold Atoms Kunal K. Das Kutztown University

Atomtronics: Probing Mesoscopic Transport with Ultracold Atoms Kunal K. Das Kutztown University of Pennsylvania Supported by NSF Outline I: Atomtronics and Mesoscopic Transport - A brief Review II: Atomtronics Transport - The Wavepacket

708 views • 57 slides
Pepper: An Elastic Web Server Farm for Cloud based on Hadoop Subramaniam Krishnan, Jean

Pepper: An Elastic Web Server Farm for Cloud based on Hadoop Subramaniam Krishnan, Jean

Pepper: An Elastic Web Server Farm for Cloud based on Hadoop Subramaniam Krishnan, Jean Christophe Counio Yahoo! Inc. MAPRED 1 st December 2010 Agenda Motivation Design Features Applications Evaluation Conclusion

523 views • 24 slides
Human-Pepper Interaction Mayte Lzaro, Luca Iocchi Who is Pepper? Pepper is a robot

Human-Pepper Interaction Mayte Lzaro, Luca Iocchi Who is Pepper? Pepper is a robot

Human-Pepper Interaction Mayte Lzaro, Luca Iocchi Who is Pepper? Pepper is a robot developed by Softbank robotics Human-like 1.2m tall Arms/head/body movement Gestures Emotions Holonomic mobile base

430 views • 13 slides
CS 61: Database Systems Security With great power comes great responsibility OR William

CS 61: Database Systems Security With great power comes great responsibility OR William

CS 61: Database Systems Security With great power comes great responsibility OR William Lamb, 2nd Spider Mans Viscount Melbourne uncle Ben 2 Source: Wikipedia Agenda 1. MySQL permissions 2. Demo: SQL injection attacks 3.

542 views • 29 slides
Get your port on! porting to Native Client as of Pepper 18 Colt &quot;MainRoach&quot; McAnlis

Get your port on! porting to Native Client as of Pepper 18 Colt &quot;MainRoach&quot; McAnlis

Get your port on! porting to Native Client as of Pepper 18 Colt &quot;MainRoach&quot; McAnlis 3.05.2012 Getting Started gonacl.com It works! Native Client runs C++ code in a web page No plug-in required The Gist C++ code GCC / G++ NEXE

588 views • 34 slides
IMAGE FILTERING INEL 6088 Computer Vision References: Chapter 4 Jain et al, Chapter 3 Davies 2.3

IMAGE FILTERING INEL 6088 Computer Vision References: Chapter 4 Jain et al, Chapter 3 Davies 2.3

IMAGE FILTERING INEL 6088 Computer Vision References: Chapter 4 Jain et al, Chapter 3 Davies 2.3 Convolutions and Point Spread Functions 39 at perfectly good algorithm strategies that mysteriously turn out not to work well in practice! 2.3

556 views • 28 slides
707.009 Foundations of Knowledge Management g g Overview and Motivation Markus

707.009 Foundations of Knowledge Management g g Overview and Motivation Markus

Knowledge Management Institute 707.009 Foundations of Knowledge Management g g Overview and Motivation Markus Strohmaier Univ. Ass. / Assistant Professor Knowledge Management Institute Graz University of Technology, Austria e-mail:

661 views • 42 slides
Chapter 3 Tight-frame Applications 1 Outline 1. Inpainting 1. Inpainting 2. Impulse Noise

Chapter 3 Tight-frame Applications 1 Outline 1. Inpainting 1. Inpainting 2. Impulse Noise

Chapter 3 Tight-frame Applications 1 Outline 1. Inpainting 1. Inpainting 2. Impulse Noise Removal 2. Impulse Noise Removal 3. Inpainting in the Transformed Domain 3. Inpainting in the Transformed Domain 2 1 Inpainting 3 Notations

376 views • 36 slides
First Quarter 2017 Earnings Conference Call April 26, 2017 1 Safe Harbor Statement &amp;

First Quarter 2017 Earnings Conference Call April 26, 2017 1 Safe Harbor Statement &amp;

First Quarter 2017 Earnings Conference Call April 26, 2017 1 Safe Harbor Statement &amp; Non-GAAP Information Safe Harbor Statement This presentation contains forward-looking statements within the meaning of Section 27A of the Securities Act

156 views • 11 slides
PPP Flexibility Act: How it Alters PPP Loan Forgiveness July 1, 2020 Mary Brown Sandys,

PPP Flexibility Act: How it Alters PPP Loan Forgiveness July 1, 2020 Mary Brown Sandys,

PPP Flexibility Act: How it Alters PPP Loan Forgiveness July 1, 2020 Mary Brown Sandys, Moderator Chief Marketing &amp; Communications Officer Small Business Investor Alliance Jude Covas Matt Dwyer Managing Principal Principal Matthews,

665 views • 40 slides
Security Summer 2016 Cornell University 1 Today Security policies Enforcement

Security Summer 2016 Cornell University 1 Today Security policies Enforcement

CS 4410 Operating Systems Security Summer 2016 Cornell University 1 Today Security policies Enforcement Authenticating people Passwords 2 Security policy Security policies prescribe what must be done and what must not be

431 views • 13 slides

More recommend