diff --git a/README.md b/README.md index f37ce4710..c10292773 100644 --- a/README.md +++ b/README.md @@ -114,6 +114,12 @@ This is compatible with `--authorized-keys`. $ upterm host --gitlab-user username ``` +Host a terminal session that only allows specified SourceHut user client public key(s) to connect. +This is compatible with `--authorized-keys`. +```console +$ upterm host --srht-user username +``` + Host a session with a custom command ```console $ upterm host -- docker run --rm -ti ubuntu bash diff --git a/cmd/upterm/command/host.go b/cmd/upterm/command/host.go index 39ec37a5f..17037e0f9 100644 --- a/cmd/upterm/command/host.go +++ b/cmd/upterm/command/host.go @@ -29,6 +29,7 @@ var ( flagAuthorizedKeys string flagGitHubUsers []string flagGitLabUsers []string + flagSourceHutUsers []string flagReadOnly bool ) @@ -70,6 +71,7 @@ func hostCmd() *cobra.Command { cmd.PersistentFlags().StringVarP(&flagAuthorizedKeys, "authorized-key", "a", "", "an authorized_keys file that lists public keys that are permitted to connect.") cmd.PersistentFlags().StringSliceVar(&flagGitHubUsers, "github-user", nil, "this GitHub user public keys are permitted to connect.") cmd.PersistentFlags().StringSliceVar(&flagGitLabUsers, "gitlab-user", nil, "this GitLab user public keys are permitted to connect.") + cmd.PersistentFlags().StringSliceVar(&flagSourceHutUsers, "srht-user", nil, "this SourceHut user public keys are permitted to connect.") cmd.PersistentFlags().BoolVarP(&flagReadOnly, "read-only", "r", false, "host a read-only session. Clients won't be able to interact.") return cmd @@ -155,6 +157,13 @@ func shareRunE(c *cobra.Command, args []string) error { } authorizedKeys = append(authorizedKeys, gitLabUserKeys...) } + if flagSourceHutUsers != nil { + sourceHutUserKeys, err := host.SourceHutUserKeys(flagSourceHutUsers) + if err != nil { + return fmt.Errorf("error reading SourceHut user keys: %w", err) + } + authorizedKeys = append(authorizedKeys, sourceHutUserKeys...) + } signers, cleanup, err := host.Signers(flagPrivateKeys) if err != nil { diff --git a/docs/upterm.md b/docs/upterm.md index 8279d4551..452f31227 100644 --- a/docs/upterm.md +++ b/docs/upterm.md @@ -40,4 +40,4 @@ Upterm is an open-source solution for sharing terminal sessions instantly with t * [upterm upgrade](upterm_upgrade.md) - Upgrade the CLI * [upterm version](upterm_version.md) - Show version -###### Auto generated by spf13/cobra on 29-Sep-2023 +###### Auto generated by spf13/cobra on 30-Sep-2023 diff --git a/docs/upterm_host.md b/docs/upterm_host.md index 0a7f84e9f..42186a2c7 100644 --- a/docs/upterm_host.md +++ b/docs/upterm_host.md @@ -44,10 +44,11 @@ upterm host [flags] -i, --private-key strings private key file for public key authentication against the upterm server (default [/Users/owen/.ssh/id_ed25519]) -r, --read-only host a read-only session. Clients won't be able to interact. --server string upterm server address (required), supported protocols are ssh, ws, or wss. (default "ssh://uptermd.upterm.dev:22") + --srht-user strings this SourceHut user public keys are permitted to connect. ``` ### SEE ALSO * [upterm](upterm.md) - Secure Terminal Sharing -###### Auto generated by spf13/cobra on 29-Sep-2023 +###### Auto generated by spf13/cobra on 30-Sep-2023 diff --git a/docs/upterm_proxy.md b/docs/upterm_proxy.md index f26cc1df3..0c0b8930c 100644 --- a/docs/upterm_proxy.md +++ b/docs/upterm_proxy.md @@ -30,4 +30,4 @@ upterm proxy [flags] * [upterm](upterm.md) - Secure Terminal Sharing -###### Auto generated by spf13/cobra on 29-Sep-2023 +###### Auto generated by spf13/cobra on 30-Sep-2023 diff --git a/docs/upterm_session.md b/docs/upterm_session.md index 8b233de0e..11ad32505 100644 --- a/docs/upterm_session.md +++ b/docs/upterm_session.md @@ -15,4 +15,4 @@ Display session * [upterm session info](upterm_session_info.md) - Display session by name * [upterm session list](upterm_session_list.md) - List shared sessions -###### Auto generated by spf13/cobra on 29-Sep-2023 +###### Auto generated by spf13/cobra on 30-Sep-2023 diff --git a/docs/upterm_session_current.md b/docs/upterm_session_current.md index 47d606256..a7b1ad240 100644 --- a/docs/upterm_session_current.md +++ b/docs/upterm_session_current.md @@ -30,4 +30,4 @@ upterm session current [flags] * [upterm session](upterm_session.md) - Display session -###### Auto generated by spf13/cobra on 29-Sep-2023 +###### Auto generated by spf13/cobra on 30-Sep-2023 diff --git a/docs/upterm_session_info.md b/docs/upterm_session_info.md index 36e77e862..ce1db0469 100644 --- a/docs/upterm_session_info.md +++ b/docs/upterm_session_info.md @@ -27,4 +27,4 @@ upterm session info [flags] * [upterm session](upterm_session.md) - Display session -###### Auto generated by spf13/cobra on 29-Sep-2023 +###### Auto generated by spf13/cobra on 30-Sep-2023 diff --git a/docs/upterm_session_list.md b/docs/upterm_session_list.md index 0c20a685e..ef7e8f1cb 100644 --- a/docs/upterm_session_list.md +++ b/docs/upterm_session_list.md @@ -27,4 +27,4 @@ upterm session list [flags] * [upterm session](upterm_session.md) - Display session -###### Auto generated by spf13/cobra on 29-Sep-2023 +###### Auto generated by spf13/cobra on 30-Sep-2023 diff --git a/docs/upterm_upgrade.md b/docs/upterm_upgrade.md index 9682c1dc1..43c234926 100644 --- a/docs/upterm_upgrade.md +++ b/docs/upterm_upgrade.md @@ -26,4 +26,4 @@ upterm upgrade [flags] * [upterm](upterm.md) - Secure Terminal Sharing -###### Auto generated by spf13/cobra on 29-Sep-2023 +###### Auto generated by spf13/cobra on 30-Sep-2023 diff --git a/docs/upterm_version.md b/docs/upterm_version.md index 15d465faa..0932fe525 100644 --- a/docs/upterm_version.md +++ b/docs/upterm_version.md @@ -16,4 +16,4 @@ upterm version [flags] * [upterm](upterm.md) - Secure Terminal Sharing -###### Auto generated by spf13/cobra on 29-Sep-2023 +###### Auto generated by spf13/cobra on 30-Sep-2023 diff --git a/etc/completion/upterm.bash_completion.sh b/etc/completion/upterm.bash_completion.sh index b7b52f730..ef4016423 100644 --- a/etc/completion/upterm.bash_completion.sh +++ b/etc/completion/upterm.bash_completion.sh @@ -418,6 +418,8 @@ _upterm_host() flags+=("-r") flags+=("--server=") two_word_flags+=("--server") + flags+=("--srht-user=") + two_word_flags+=("--srht-user") must_have_one_flag=() must_have_one_noun=() diff --git a/etc/man/man1/upterm-host.1 b/etc/man/man1/upterm-host.1 index fac9a6047..5db69cbfa 100644 --- a/etc/man/man1/upterm-host.1 +++ b/etc/man/man1/upterm-host.1 @@ -53,6 +53,10 @@ Host a terminal session over a reverse SSH tunnel to the Upterm server with the \fB--server\fP="ssh://uptermd.upterm.dev:22" upterm server address (required), supported protocols are ssh, ws, or wss. +.PP +\fB--srht-user\fP=[] + this SourceHut user public keys are permitted to connect. + .SH EXAMPLE .PP @@ -88,4 +92,4 @@ Host a terminal session over a reverse SSH tunnel to the Upterm server with the .SH HISTORY .PP -29-Sep-2023 Auto generated by spf13/cobra +30-Sep-2023 Auto generated by spf13/cobra diff --git a/etc/man/man1/upterm-proxy.1 b/etc/man/man1/upterm-proxy.1 index e63f8df00..9f5d69c89 100644 --- a/etc/man/man1/upterm-proxy.1 +++ b/etc/man/man1/upterm-proxy.1 @@ -44,4 +44,4 @@ Proxy a terminal session over WebSocket. This must be used in conjunction with S .SH HISTORY .PP -29-Sep-2023 Auto generated by spf13/cobra +30-Sep-2023 Auto generated by spf13/cobra diff --git a/etc/man/man1/upterm-session-current.1 b/etc/man/man1/upterm-session-current.1 index e7d585563..e68ad0f34 100644 --- a/etc/man/man1/upterm-session-current.1 +++ b/etc/man/man1/upterm-session-current.1 @@ -47,4 +47,4 @@ Display the current session. By default, the command fetches the current session .SH HISTORY .PP -29-Sep-2023 Auto generated by spf13/cobra +30-Sep-2023 Auto generated by spf13/cobra diff --git a/etc/man/man1/upterm-session-info.1 b/etc/man/man1/upterm-session-info.1 index 3cbb02414..cd469931d 100644 --- a/etc/man/man1/upterm-session-info.1 +++ b/etc/man/man1/upterm-session-info.1 @@ -41,4 +41,4 @@ Display session by name. .SH HISTORY .PP -29-Sep-2023 Auto generated by spf13/cobra +30-Sep-2023 Auto generated by spf13/cobra diff --git a/etc/man/man1/upterm-session-list.1 b/etc/man/man1/upterm-session-list.1 index 167904d35..2eaa684a9 100644 --- a/etc/man/man1/upterm-session-list.1 +++ b/etc/man/man1/upterm-session-list.1 @@ -41,4 +41,4 @@ List shared sessions. Session admin sockets are located in ~/.upterm. .SH HISTORY .PP -29-Sep-2023 Auto generated by spf13/cobra +30-Sep-2023 Auto generated by spf13/cobra diff --git a/etc/man/man1/upterm-session.1 b/etc/man/man1/upterm-session.1 index 2a6e1aad9..4268ceb0f 100644 --- a/etc/man/man1/upterm-session.1 +++ b/etc/man/man1/upterm-session.1 @@ -29,4 +29,4 @@ Display session .SH HISTORY .PP -29-Sep-2023 Auto generated by spf13/cobra +30-Sep-2023 Auto generated by spf13/cobra diff --git a/etc/man/man1/upterm-upgrade.1 b/etc/man/man1/upterm-upgrade.1 index 2d06c4313..956e962b6 100644 --- a/etc/man/man1/upterm-upgrade.1 +++ b/etc/man/man1/upterm-upgrade.1 @@ -44,4 +44,4 @@ Upgrade the CLI .SH HISTORY .PP -29-Sep-2023 Auto generated by spf13/cobra +30-Sep-2023 Auto generated by spf13/cobra diff --git a/etc/man/man1/upterm-version.1 b/etc/man/man1/upterm-version.1 index be31692f3..884d4f165 100644 --- a/etc/man/man1/upterm-version.1 +++ b/etc/man/man1/upterm-version.1 @@ -29,4 +29,4 @@ Show version .SH HISTORY .PP -29-Sep-2023 Auto generated by spf13/cobra +30-Sep-2023 Auto generated by spf13/cobra diff --git a/etc/man/man1/upterm.1 b/etc/man/man1/upterm.1 index 962c57123..046a0ac3d 100644 --- a/etc/man/man1/upterm.1 +++ b/etc/man/man1/upterm.1 @@ -54,4 +54,4 @@ Upterm is an open-source solution for sharing terminal sessions instantly with t .SH HISTORY .PP -29-Sep-2023 Auto generated by spf13/cobra +30-Sep-2023 Auto generated by spf13/cobra diff --git a/host/signer.go b/host/signer.go index b42b77af2..d516339da 100644 --- a/host/signer.go +++ b/host/signer.go @@ -23,6 +23,7 @@ const ( errCannotDecodeEncryptedPrivateKeys = "cannot decode encrypted private keys" gitHubKeysUrlFmt = "https://github.com/%s" gitLabKeysUrlFmt = "https://gitlab.com/%s" + sourceHutKeysUrlFmt = "https://meta.sr.ht/~%s" ) type errDescryptingPrivateKey struct { @@ -96,6 +97,10 @@ func GitLabUserKeys(usernames []string) ([]ssh.PublicKey, error) { return getPublicKeys(gitLabKeysUrlFmt, usernames) } +func SourceHutUserKeys(usernames []string) ([]ssh.PublicKey, error) { + return getPublicKeys(sourceHutKeysUrlFmt, usernames) +} + // Signers return signers based on the folllowing conditions: // If SSH agent is running and has keys, it returns signers from SSH agent, otherwise return signers from private keys; // If neither works, it generates a signer on the fly.