3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-07-07 11:58:12 +02:00
Code Issues Projects Releases Packages Wiki Activity

ssh: add envoy configuration (#5659)

Browse source 
## Summary

Adds the envoy listener config logic for ssh.

## Related issues

<!-- For example...
- #159
-->

## User Explanation

<!-- How would you explain this change to the user? If this
change doesn't create any user-facing changes, you can leave
this blank. If filled out, add the `docs` label -->

## Checklist

- [ ] reference any related issues
- [ ] updated unit tests
- [ ] add appropriate label (`enhancement`, `bug`, `breaking`,
`dependencies`, `ci`)
- [ ] ready for review
This commit is contained in:
Joe Kralicky 2025-06-30 15:15:05 -04:00 committed by GitHub
parent 6a65c52a6c
commit ac76aeb279
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
10 changed files with 409 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

21
config/options.go
View file

@ -242,11 +242,22 @@ type Options struct {
// SSH Settings
SSHAddr string `mapstructure:"ssh_address" yaml:"ssh_address,omitempty"`
SSHHostKeyFiles *[]string `mapstructure:"ssh_host_key_files" yaml:"ssh_host_key_files,omitempty"`
SSHHostKeys *[]string `mapstructure:"ssh_host_keys" yaml:"ssh_host_keys,omitempty"`
SSHUserCAKeyFile string `mapstructure:"ssh_user_ca_key_file" yaml:"ssh_user_ca_key_file,omitempty"`
SSHUserCAKey string `mapstructure:"ssh_user_ca_key" yaml:"ssh_user_ca_key,omitempty"`
// Address/Port to bind to for the SSH server. If unset, SSH will be disabled.
SSHAddr string `mapstructure:"ssh_address" yaml:"ssh_address,omitempty"`
// List of host key files for the SSH server.
// Files must not be group/world-readable on disk.
// If multiple keys are given, they must each have unique algorithms.
SSHHostKeyFiles *[]string `mapstructure:"ssh_host_key_files" yaml:"ssh_host_key_files,omitempty"`
// String contents of host keys for the SSH server. If both ssh_host_keys
// and ssh_host_key_files are set, they will be combined.
SSHHostKeys *[]string `mapstructure:"ssh_host_keys" yaml:"ssh_host_keys,omitempty"`
// SSH key used to sign ephemeral certificate keys for upstream authentication.
// This key must not be group/world-readable on disk, and should not itself be
// a certificate key.
SSHUserCAKeyFile string `mapstructure:"ssh_user_ca_key_file" yaml:"ssh_user_ca_key_file,omitempty"`
// String contents of SSH key used to sign ephemeral certificate keys for
// upstream authentication. Mutually exclusive with ssh_user_ca_key_file.
SSHUserCAKey string `mapstructure:"ssh_user_ca_key" yaml:"ssh_user_ca_key,omitempty"`
// DataBrokerURLString is the routable destination of the databroker service's gRPC endpoint.
DataBrokerURLString string `mapstructure:"databroker_service_url" yaml:"databroker_service_url,omitempty"`