MyFavMirrors
/
headscale
mirror of https://github.com/juanfont/headscale.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Allow nodes to use SSH agent forwarding (#2145)

This commit is contained in:
David Mell 2024-09-23 01:59:16 -08:00 committed by GitHub
parent f3fca8302a
commit 07b596d3cc
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 7 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@ -3,6 +3,7 @@
## Next ## Next
- Improved compatibilty of built-in DERP server with clients connecting over WebSocket. - Improved compatibilty of built-in DERP server with clients connecting over WebSocket.
- Allow nodes to use SSH agent forwarding [#2145](https://github.com/juanfont/headscale/pull/2145)
## 0.23.0 (2024-09-18) ## 0.23.0 (2024-09-18)

4
hscontrol/policy/acls.go
View File

@ -292,7 +292,7 @@ func (pol *ACLPolicy) CompileSSHPolicy(
Reject: false, Reject: false,
Accept: true, Accept: true,
SessionDuration: 0, SessionDuration: 0,
AllowAgentForwarding: false, AllowAgentForwarding: true,
HoldAndDelegate: "", HoldAndDelegate: "",
AllowLocalPortForwarding: true, AllowLocalPortForwarding: true,
} }
@ -401,7 +401,7 @@ func sshCheckAction(duration string) (*tailcfg.SSHAction, error) {
Reject: false, Reject: false,
Accept: true, Accept: true,
SessionDuration: sessionLength, SessionDuration: sessionLength,
AllowAgentForwarding: false, AllowAgentForwarding: true,
HoldAndDelegate: "", HoldAndDelegate: "",
AllowLocalPortForwarding: true, AllowLocalPortForwarding: true,
}, nil }, nil

8
hscontrol/policy/acls_test.go
View File

@ -3323,7 +3323,7 @@ func TestSSHRules(t *testing.T) {
SSHUsers: map[string]string{ SSHUsers: map[string]string{
"autogroup:nonroot": "=", "autogroup:nonroot": "=",
}, },
Action: &tailcfg.SSHAction{Accept: true, AllowLocalPortForwarding: true}, Action: &tailcfg.SSHAction{Accept: true, AllowAgentForwarding: true, AllowLocalPortForwarding: true},
}, },
{ {
SSHUsers: map[string]string{ SSHUsers: map[string]string{
@ -3334,7 +3334,7 @@ func TestSSHRules(t *testing.T) {
Any: true, Any: true,
}, },
}, },
Action: &tailcfg.SSHAction{Accept: true, AllowLocalPortForwarding: true}, Action: &tailcfg.SSHAction{Accept: true, AllowAgentForwarding: true, AllowLocalPortForwarding: true},
}, },
{ {
Principals: []*tailcfg.SSHPrincipal{ Principals: []*tailcfg.SSHPrincipal{
@ -3345,7 +3345,7 @@ func TestSSHRules(t *testing.T) {
SSHUsers: map[string]string{ SSHUsers: map[string]string{
"autogroup:nonroot": "=", "autogroup:nonroot": "=",
}, },
Action: &tailcfg.SSHAction{Accept: true, AllowLocalPortForwarding: true}, Action: &tailcfg.SSHAction{Accept: true, AllowAgentForwarding: true, AllowLocalPortForwarding: true},
}, },
{ {
SSHUsers: map[string]string{ SSHUsers: map[string]string{
@ -3356,7 +3356,7 @@ func TestSSHRules(t *testing.T) {
Any: true, Any: true,
}, },
}, },
Action: &tailcfg.SSHAction{Accept: true, AllowLocalPortForwarding: true}, Action: &tailcfg.SSHAction{Accept: true, AllowAgentForwarding: true, AllowLocalPortForwarding: true},
}, },
}}, }},
}, },