Skip to content

Commit

Permalink
update
Browse files Browse the repository at this point in the history
  • Loading branch information
@smallinsky
smallinsky committed Mar 25, 2022
1 parent 208d111 commit fa0e61a
Showing 1 changed file with 30 additions and 4 deletions.
34 changes: 30 additions & 4 deletions lib/client/api.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2325,17 +2325,17 @@ func makeProxySSHClient(ctx context.Context, tc *TeleportClient, sshConfig *ssh.
}

log.Infof("Connecting to proxy=%v login=%q", sshProxyAddr, sshConfig.User)
client, err := makeProxySSHClientDirect(tc, sshConfig)
client, err := makeProxySSHClientDirect(tc, sshConfig, sshProxyAddr)
if err != nil {
return nil, trace.Wrap(err, "failed to authenticate with proxy %v", sshProxyAddr)
}
log.Infof("Successful auth with proxy %v.", sshProxyAddr)
return client, nil
}

func makeProxySSHClientDirect(tc *TeleportClient, sshConfig *ssh.ClientConfig) (*ssh.Client, error) {
func makeProxySSHClientDirect(tc *TeleportClient, sshConfig *ssh.ClientConfig, proxyAddr string) (*ssh.Client, error) {
dialer := proxy.DialerFromEnvironment(tc.Config.SSHProxyAddr)
return dialer.Dial("tcp", tc.Config.SSHProxyAddr, sshConfig)
return dialer.Dial("tcp", proxyAddr, sshConfig)
}

func makeProxySSHClientWithTLSWrapper(ctx context.Context, tc *TeleportClient, sshConfig *ssh.ClientConfig, proxyAddr string) (*ssh.Client, error) {
Expand All @@ -2349,6 +2349,28 @@ func makeProxySSHClientWithTLSWrapper(ctx context.Context, tc *TeleportClient, s
return dialer.Dial("tcp", proxyAddr, sshConfig)
}

func makeProxySSHClientWithTLSWrapper2(ctx context.Context, tc *TeleportClient, sshConfig *ssh.ClientConfig, proxyAddr string) (*ssh.Client, error) {
cfg := tc.Config
clientTLSConf, err := tc.loadTLSConfig()
if err != nil {
return nil, trace.Wrap(err)
}

clientTLSConf.NextProtos = []string{string(alpncommon.ProtocolProxySSH)}
clientTLSConf.InsecureSkipVerify = cfg.InsecureSkipVerify

tlsConn, err := tls.Dial("tcp", proxyAddr, clientTLSConf)
if err != nil {
return nil, trace.Wrap(err, "failed to dial tls %v", proxyAddr)
}
c, chans, reqs, err := ssh.NewClientConn(tlsConn, proxyAddr, sshConfig)
if err != nil {
// tlsConn is closed inside ssh.NewClientConn function
return nil, trace.Wrap(err, "failed to authenticate with proxy %v", proxyAddr)
}
return ssh.NewClient(c, chans, reqs), nil
}

func (tc *TeleportClient) rootClusterName() (string, error) {
if tc.localAgent == nil {
return "", trace.NotFound("cannot load root cluster name without local agent")
Expand Down Expand Up @@ -3308,8 +3330,12 @@ func (tc *TeleportClient) loadTLSConfig() (*tls.Config, error) {
if err != nil {
return nil, trace.Wrap(err)
}
clusters := []string{rootCluster}
if tc.SiteName != "" && rootCluster != tc.SiteName {
clusters = append(clusters, tc.SiteName)
}

tlsConfig, err := tlsKey.TeleportClientTLSConfig(nil, []string{rootCluster})
tlsConfig, err := tlsKey.TeleportClientTLSConfig(nil, clusters)
if err != nil {
return nil, trace.Wrap(err, "failed to generate client TLS config")
}
Expand Down

0 comments on commit fa0e61a

Please sign in to comment.