blob: 81bf8823b476f04f9919377b0e78eaea45b3a55e [file] [log] [blame]
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="generator" content="doc2go">
<title>ssh</title>
<style>
body {
margin: 1em 2em;
font-family: Helvetica, sans-serif;
background-color: #f8f8f8;
font-size: 1em;
}
h1,
h2,
h3,
h4,
h5,
h6 {
margin-top: 0.3em;
margin-bottom: 0.3em;
}
h1,
h2,
h3,
h4 {
font-weight: 500;
}
h2 {
font-size: 1.75em
}
h3 {
font-size: 1.5em
}
h4 {
font-size: 1.33em
}
h5 {
font-size: 1em
}
a {
text-decoration: none;
color: #0366a5;
}
a:hover {
text-decoration: underline;
}
a.permalink {
display: none;
}
a.permalink:hover {
text-decoration: none;
}
*:hover>a.permalink {
display: inline;
}
nav {
padding: 1em;
background-color: #eee;
border-radius: 0.5em;
display: flex;
flex-wrap: wrap;
}
nav .navbar-right {
margin-left: auto;
}
/* Remove first level of nesting for a package's index section. */
#pkg-index+ul,
#pkg-examples+ul {
list-style-type: none;
padding: 0;
}
code,
kbd,
pre {
font-family: Consolas, monospace;
}
pre {
color: #222;
overflow-x: auto;
border: 1px solid #ccc;
border-radius: 0.5em;
background-color: #eee;
padding: 0.75em;
font-size: 0.9em;
}
details.example>summary {
color: #0366a5;
cursor: pointer;
}
details.deprecated>summary {
list-style: none;
}
span.deprecated-tag {
color: #eee;
background-color: #999;
padding: 0.125rem 0.3rem;
border-radius: 0.3rem;
font-size: 0.7rem;
vertical-align: middle;
cursor: pointer;
}
#search {
margin: 0.3em 0;
}
#generated-by-footer {
font-size: x-small;
}
/* Background */
.bg {
background-color: #ffffff;
}
/* PreWrapper */
.chroma {
background-color: #ffffff;
}
/* Error */
.chroma .err {
color: #a61717;
background-color: #e3d2d2
}
/* LineLink */
.chroma .lnlinks {
outline: none;
text-decoration: none;
color: inherit
}
/* LineTableTD */
.chroma .lntd {
vertical-align: top;
padding: 0;
margin: 0;
border: 0;
}
/* LineTable */
.chroma .lntable {
border-spacing: 0;
padding: 0;
margin: 0;
border: 0;
}
/* LineHighlight */
.chroma .hl {
background-color: #e5e5e5
}
/* LineNumbersTable */
.chroma .lnt {
white-space: pre;
-webkit-user-select: none;
user-select: none;
margin-right: 0.4em;
padding: 0 0.4em 0 0.4em;
color: #7f7f7f
}
/* LineNumbers */
.chroma .ln {
white-space: pre;
-webkit-user-select: none;
user-select: none;
margin-right: 0.4em;
padding: 0 0.4em 0 0.4em;
color: #7f7f7f
}
/* Line */
.chroma .line {
display: flex;
}
/* Keyword */
.chroma .k {
color: #000000;
font-weight: bold
}
/* KeywordConstant */
.chroma .kc {
color: #000000;
font-weight: bold
}
/* KeywordDeclaration */
.chroma .kd {
color: #000000;
font-weight: bold
}
/* KeywordNamespace */
.chroma .kn {
color: #000000;
font-weight: bold
}
/* KeywordPseudo */
.chroma .kp {
color: #000000;
font-weight: bold
}
/* KeywordReserved */
.chroma .kr {
color: #000000;
font-weight: bold
}
/* KeywordType */
.chroma .kt {
color: #445588;
font-weight: bold
}
/* NameAttribute */
.chroma .na {
color: #008080
}
/* NameBuiltin */
.chroma .nb {
color: #0086b3
}
/* NameBuiltinPseudo */
.chroma .bp {
color: #999999
}
/* NameClass */
.chroma .nc {
color: #445588;
font-weight: bold
}
/* NameConstant */
.chroma .no {
color: #008080
}
/* NameDecorator */
.chroma .nd {
color: #3c5d5d;
font-weight: bold
}
/* NameEntity */
.chroma .ni {
color: #800080
}
/* NameException */
.chroma .ne {
color: #990000;
font-weight: bold
}
/* NameFunction */
.chroma .nf {
color: #990000;
font-weight: bold
}
/* NameLabel */
.chroma .nl {
color: #990000;
font-weight: bold
}
/* NameNamespace */
.chroma .nn {
color: #555555
}
/* NameTag */
.chroma .nt {
color: #000080
}
/* NameVariable */
.chroma .nv {
color: #008080
}
/* NameVariableClass */
.chroma .vc {
color: #008080
}
/* NameVariableGlobal */
.chroma .vg {
color: #008080
}
/* NameVariableInstance */
.chroma .vi {
color: #008080
}
/* LiteralString */
.chroma .s {
color: #dd1144
}
/* LiteralStringAffix */
.chroma .sa {
color: #dd1144
}
/* LiteralStringBacktick */
.chroma .sb {
color: #dd1144
}
/* LiteralStringChar */
.chroma .sc {
color: #dd1144
}
/* LiteralStringDelimiter */
.chroma .dl {
color: #dd1144
}
/* LiteralStringDoc */
.chroma .sd {
color: #dd1144
}
/* LiteralStringDouble */
.chroma .s2 {
color: #dd1144
}
/* LiteralStringEscape */
.chroma .se {
color: #dd1144
}
/* LiteralStringHeredoc */
.chroma .sh {
color: #dd1144
}
/* LiteralStringInterpol */
.chroma .si {
color: #dd1144
}
/* LiteralStringOther */
.chroma .sx {
color: #dd1144
}
/* LiteralStringRegex */
.chroma .sr {
color: #009926
}
/* LiteralStringSingle */
.chroma .s1 {
color: #dd1144
}
/* LiteralStringSymbol */
.chroma .ss {
color: #990073
}
/* LiteralNumber */
.chroma .m {
color: #009999
}
/* LiteralNumberBin */
.chroma .mb {
color: #009999
}
/* LiteralNumberFloat */
.chroma .mf {
color: #009999
}
/* LiteralNumberHex */
.chroma .mh {
color: #009999
}
/* LiteralNumberInteger */
.chroma .mi {
color: #009999
}
/* LiteralNumberIntegerLong */
.chroma .il {
color: #009999
}
/* LiteralNumberOct */
.chroma .mo {
color: #009999
}
/* Operator */
.chroma .o {
color: #000000;
font-weight: bold
}
/* OperatorWord */
.chroma .ow {
color: #000000;
font-weight: bold
}
/* Comment */
.chroma .c {
color: #999988;
font-style: italic
}
/* CommentHashbang */
.chroma .ch {
color: #999988;
font-style: italic
}
/* CommentMultiline */
.chroma .cm {
color: #999988;
font-style: italic
}
/* CommentSingle */
.chroma .c1 {
color: #999988;
font-style: italic
}
/* CommentSpecial */
.chroma .cs {
color: #999999;
font-weight: bold;
font-style: italic
}
/* CommentPreproc */
.chroma .cp {
color: #999999;
font-weight: bold;
font-style: italic
}
/* CommentPreprocFile */
.chroma .cpf {
color: #999999;
font-weight: bold;
font-style: italic
}
/* GenericDeleted */
.chroma .gd {
color: #000000;
background-color: #ffdddd
}
/* GenericEmph */
.chroma .ge {
color: #000000;
font-style: italic
}
/* GenericError */
.chroma .gr {
color: #aa0000
}
/* GenericHeading */
.chroma .gh {
color: #999999
}
/* GenericInserted */
.chroma .gi {
color: #000000;
background-color: #ddffdd
}
/* GenericOutput */
.chroma .go {
color: #888888
}
/* GenericPrompt */
.chroma .gp {
color: #555555
}
/* GenericStrong */
.chroma .gs {
font-weight: bold
}
/* GenericSubheading */
.chroma .gu {
color: #aaaaaa
}
/* GenericTraceback */
.chroma .gt {
color: #aa0000
}
/* GenericUnderline */
.chroma .gl {
text-decoration: underline
}
/* TextWhitespace */
.chroma .w {
color: #bbbbbb
}
</style>
</head>
<body>
<main><h2 id="pkg-overview">package ssh</h2>
<pre class="chroma"><span class="kn">import</span> <span class="s">&#34;golang.org/x/crypto/ssh&#34;</span></pre>
<p>Package ssh implements an SSH client and server.
<p>SSH is a transport security protocol, an authentication protocol and a
family of application protocols. The most typical application level
protocol is a remote shell and this is specifically implemented. However,
the multiplexed nature of SSH is exposed to users that wish to support
others.
<p>References:
<pre>[PROTOCOL]: https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/PROTOCOL?rev=HEAD
[PROTOCOL.certkeys]: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/PROTOCOL.certkeys?rev=HEAD
[SSH-PARAMETERS]: http://www.iana.org/assignments/ssh-parameters/ssh-parameters.xml#ssh-parameters-1
</pre>
<p>This package does not fall under the stability promise of the Go language itself,
so its API may be changed when pressing needs arise.
<h3 id="pkg-index">Index</h3>
<ul>
<li><a href="#pkg-constants">Constants</a></li><li><a href="#pkg-variables">Variables</a></li><li><a href="#FingerprintLegacyMD5">func FingerprintLegacyMD5(pubKey PublicKey) string</a></li>
<li><a href="#FingerprintSHA256">func FingerprintSHA256(pubKey PublicKey) string</a></li>
<li><a href="#Marshal">func Marshal(msg interface{}) []byte</a></li>
<li><a href="#MarshalAuthorizedKey">func MarshalAuthorizedKey(key PublicKey) []byte</a></li>
<li><a href="#MarshalPrivateKey">func MarshalPrivateKey(key crypto.PrivateKey, options MarshalPrivateKeyOptions) (*pem.Block, error)</a></li>
<li><a href="#Unmarshal">func Unmarshal(data []byte, out interface{}) error</a></li>
<li>
<a href="#Algorithms">type Algorithms</a>
<ul>
<li><a href="#InsecureAlgorithms">func InsecureAlgorithms() Algorithms</a></li>
<li><a href="#SupportedAlgorithms">func SupportedAlgorithms() Algorithms</a></li>
</ul>
</li>
<li>
<a href="#AuthMethod">type AuthMethod</a>
<ul>
<li><a href="#GSSAPIWithMICAuthMethod">func GSSAPIWithMICAuthMethod(gssAPIClient GSSAPIClient, target string) AuthMethod</a></li>
<li><a href="#KeyboardInteractive">func KeyboardInteractive(challenge KeyboardInteractiveChallenge) AuthMethod</a></li>
<li><a href="#Password">func Password(secret string) AuthMethod</a></li>
<li><a href="#PasswordCallback">func PasswordCallback(prompt func() (secret string, err error)) AuthMethod</a></li>
<li><a href="#PublicKeys">func PublicKeys(signers ...Signer) AuthMethod</a></li>
<li><a href="#PublicKeysCallback">func PublicKeysCallback(getSigners func() (signers []Signer, err error)) AuthMethod</a></li>
<li><a href="#RetryableAuthMethod">func RetryableAuthMethod(auth AuthMethod, maxTries int) AuthMethod</a></li>
</ul>
</li>
<li>
<a href="#BannerCallback">type BannerCallback</a>
<ul>
<li><a href="#BannerDisplayStderr">func BannerDisplayStderr() BannerCallback</a></li>
</ul>
</li>
<li>
<a href="#BannerError">type BannerError</a>
<ul>
<li><a href="#BannerError.Error">func (b *BannerError) Error() string</a></li>
<li><a href="#BannerError.Unwrap">func (b *BannerError) Unwrap() error</a></li>
</ul>
</li>
<li>
<a href="#CertChecker">type CertChecker</a>
<ul>
<li><a href="#CertChecker.Authenticate">func (c *CertChecker) Authenticate(conn ConnMetadata, pubKey PublicKey) (*Permissions, error)</a></li>
<li><a href="#CertChecker.CheckCert">func (c *CertChecker) CheckCert(principal string, cert *Certificate) error</a></li>
<li><a href="#CertChecker.CheckHostKey">func (c *CertChecker) CheckHostKey(addr string, remote net.Addr, key PublicKey) error</a></li>
</ul>
</li>
<li>
<a href="#Certificate">type Certificate</a>
<ul>
<li><a href="#Certificate.Marshal">func (c *Certificate) Marshal() []byte</a></li>
<li><a href="#Certificate.SignCert">func (c *Certificate) SignCert(rand io.Reader, authority Signer) error</a></li>
<li><a href="#Certificate.Type">func (c *Certificate) Type() string</a></li>
<li><a href="#Certificate.Verify">func (c *Certificate) Verify(data []byte, sig *Signature) error</a></li>
</ul>
</li>
<li>
<a href="#Channel">type Channel</a>
<ul>
<li><a href="#Channel.Close">func (c *Channel) Close() error</a></li>
<li><a href="#Channel.CloseWrite">func (c *Channel) CloseWrite() error</a></li>
<li><a href="#Channel.Handle">func (c *Channel) Handle(handler RequestHandler) error</a></li>
<li><a href="#Channel.Read">func (c *Channel) Read(data []byte) (int, error)</a></li>
<li><a href="#Channel.SendRequest">func (c *Channel) SendRequest(name string, wantReply bool, payload []byte) (bool, error)</a></li>
<li><a href="#Channel.SetDeadline">func (c *Channel) SetDeadline(deadline time.Time) error</a></li>
<li><a href="#Channel.SetReadDeadline">func (c *Channel) SetReadDeadline(deadline time.Time) error</a></li>
<li><a href="#Channel.SetWriteDeadline">func (c *Channel) SetWriteDeadline(deadline time.Time) error</a></li>
<li><a href="#Channel.Stderr">func (c *Channel) Stderr() io.ReadWriter</a></li>
<li><a href="#Channel.Write">func (c *Channel) Write(data []byte) (int, error)</a></li>
</ul>
</li>
<li>
<a href="#ChannelHandler">type ChannelHandler</a>
</li>
<li>
<a href="#ChannelHandlerFunc">type ChannelHandlerFunc</a>
<ul>
<li><a href="#ChannelHandlerFunc.NewChannel">func (f ChannelHandlerFunc) NewChannel(ch *NewChannel)</a></li>
</ul>
</li>
<li>
<a href="#Client">type Client</a>
<ul>
<li><a href="#Dial">func Dial(ctx context.Context, network, addr string, config *ClientConfig) (*Client, error)</a></li>
<li><a href="#NewClient">func NewClient(c *ClientConn) *Client</a></li>
<li><a href="#Client.Close">func (c Client) Close() error</a></li>
<li><a href="#Client.Dial">func (c *Client) Dial(ctx context.Context, n, addr string) (net.Conn, error)</a></li>
<li><a href="#Client.DialTCP">func (c *Client) DialTCP(ctx context.Context, n string, laddr, raddr *net.TCPAddr) (net.Conn, error)</a></li>
<li><a href="#Client.HandleChannelOpen">func (c *Client) HandleChannelOpen(channelType string, handler ChannelHandler) error</a></li>
<li><a href="#Client.Listen">func (c *Client) Listen(n, addr string) (net.Listener, error)</a></li>
<li><a href="#Client.ListenUnix">func (c *Client) ListenUnix(socketPath string) (net.Listener, error)</a></li>
<li><a href="#Client.NewSession">func (c *Client) NewSession() (*Session, error)</a></li>
</ul>
</li>
<li>
<a href="#ClientConfig">type ClientConfig</a>
</li>
<li>
<a href="#ClientConn">type ClientConn</a>
<ul>
<li><a href="#NewClientConn">func NewClientConn(c net.Conn, addr string, config *ClientConfig) (*ClientConn, error)</a></li>
<li><a href="#ClientConn.Close">func (c ClientConn) Close() error</a></li>
<li><a href="#ClientConn.Handle">func (c *ClientConn) Handle(channelHandler ChannelHandler, requestHandler RequestHandler) error</a></li>
</ul>
</li>
<li>
<a href="#ClientHandler">type ClientHandler</a>
</li>
<li>
<a href="#ClientHandlerFunc">type ClientHandlerFunc</a>
<ul>
<li><a href="#ClientHandlerFunc.HandleClient">func (f ClientHandlerFunc) HandleClient(conn *ServerConn)</a></li>
</ul>
</li>
<li>
<a href="#Config">type Config</a>
<ul>
<li><a href="#Config.SetDefaults">func (c *Config) SetDefaults()</a></li>
</ul>
</li>
<li>
<a href="#ConnMetadata">type ConnMetadata</a>
<ul>
<li><a href="#ConnMetadata.ClientVersion">func (c ConnMetadata) ClientVersion() []byte</a></li>
<li><a href="#ConnMetadata.LocalAddr">func (c ConnMetadata) LocalAddr() net.Addr</a></li>
<li><a href="#ConnMetadata.RemoteAddr">func (c ConnMetadata) RemoteAddr() net.Addr</a></li>
<li><a href="#ConnMetadata.ServerVersion">func (c ConnMetadata) ServerVersion() []byte</a></li>
<li><a href="#ConnMetadata.SessionID">func (c ConnMetadata) SessionID() []byte</a></li>
<li><a href="#ConnMetadata.User">func (c ConnMetadata) User() string</a></li>
</ul>
</li>
<li>
<a href="#CryptoPublicKey">type CryptoPublicKey</a>
</li>
<li>
<a href="#ExitError">type ExitError</a>
<ul>
<li><a href="#ExitError.Error">func (e *ExitError) Error() string</a></li>
</ul>
</li>
<li>
<a href="#ExitMissingError">type ExitMissingError</a>
<ul>
<li><a href="#ExitMissingError.Error">func (e *ExitMissingError) Error() string</a></li>
</ul>
</li>
<li>
<a href="#GSSAPIClient">type GSSAPIClient</a>
</li>
<li>
<a href="#GSSAPIServer">type GSSAPIServer</a>
</li>
<li>
<a href="#GSSAPIWithMICConfig">type GSSAPIWithMICConfig</a>
</li>
<li>
<a href="#HostKeyCallback">type HostKeyCallback</a>
<ul>
<li><a href="#FixedHostKey">func FixedHostKey(key PublicKey) HostKeyCallback</a></li>
<li><a href="#InsecureIgnoreHostKey">func InsecureIgnoreHostKey() HostKeyCallback</a></li>
</ul>
</li>
<li>
<a href="#KeyboardInteractiveChallenge">type KeyboardInteractiveChallenge</a>
</li>
<li>
<a href="#MarshalPrivateKeyOptions">type MarshalPrivateKeyOptions</a>
</li>
<li>
<a href="#NewChannel">type NewChannel</a>
<ul>
<li><a href="#NewChannel.Accept">func (c *NewChannel) Accept() (*Channel, error)</a></li>
<li><a href="#NewChannel.ChannelType">func (c *NewChannel) ChannelType() string</a></li>
<li><a href="#NewChannel.ExtraData">func (c *NewChannel) ExtraData() []byte</a></li>
<li><a href="#NewChannel.Reject">func (c *NewChannel) Reject(reason RejectionReason, message string) error</a></li>
</ul>
</li>
<li>
<a href="#OpenChannelError">type OpenChannelError</a>
<ul>
<li><a href="#OpenChannelError.Error">func (e *OpenChannelError) Error() string</a></li>
</ul>
</li>
<li>
<a href="#PartialSuccessError">type PartialSuccessError</a>
<ul>
<li><a href="#PartialSuccessError.Error">func (p *PartialSuccessError) Error() string</a></li>
</ul>
</li>
<li>
<a href="#PassphraseMissingError">type PassphraseMissingError</a>
<ul>
<li><a href="#PassphraseMissingError.Error">func (*PassphraseMissingError) Error() string</a></li>
</ul>
</li>
<li>
<a href="#Permissions">type Permissions</a>
</li>
<li>
<a href="#PrivateKeySigner">type PrivateKeySigner</a>
<ul>
<li><a href="#ParsePrivateKey">func ParsePrivateKey(pemBytes []byte) (*PrivateKeySigner, error)</a></li>
<li><a href="#ParsePrivateKeyWithPassphrase">func ParsePrivateKeyWithPassphrase(pemBytes, passphrase []byte) (*PrivateKeySigner, error)</a></li>
<li><a href="#PrivateKeySigner.CryptoSigner">func (k *PrivateKeySigner) CryptoSigner() crypto.Signer</a></li>
</ul>
</li>
<li>
<a href="#PublicKey">type PublicKey</a>
<ul>
<li><a href="#NewPublicKey">func NewPublicKey(key crypto.PublicKey) (PublicKey, error)</a></li>
<li><a href="#ParseAuthorizedKey">func ParseAuthorizedKey(in []byte) (out PublicKey, comment string, options []string, rest []byte, err error)</a></li>
<li><a href="#ParseKnownHosts">func ParseKnownHosts(in []byte) (marker string, hosts []string, pubKey PublicKey, comment string, rest []byte, ...)</a></li>
<li><a href="#ParsePublicKey">func ParsePublicKey(in []byte) (out PublicKey, err error)</a></li>
</ul>
</li>
<li>
<a href="#RejectionReason">type RejectionReason</a>
<ul>
<li><a href="#RejectionReason.String">func (r RejectionReason) String() string</a></li>
</ul>
</li>
<li>
<a href="#Request">type Request</a>
<ul>
<li><a href="#Request.Reply">func (r *Request) Reply(ok bool, payload []byte) error</a></li>
</ul>
</li>
<li>
<a href="#RequestHandler">type RequestHandler</a>
</li>
<li>
<a href="#RequestHandlerFunc">type RequestHandlerFunc</a>
<ul>
<li><a href="#RequestHandlerFunc.NewRequest">func (f RequestHandlerFunc) NewRequest(req *Request)</a></li>
</ul>
</li>
<li>
<a href="#Server">type Server</a>
<ul>
<li><a href="#Server.AddHostKey">func (s *Server) AddHostKey(key Signer)</a></li>
<li><a href="#Server.Close">func (s *Server) Close() error</a></li>
<li><a href="#Server.ListenAndServe">func (s *Server) ListenAndServe(addr string) error</a></li>
<li><a href="#Server.Serve">func (s *Server) Serve(l net.Listener) error</a></li>
</ul>
</li>
<li>
<a href="#ServerAuthCallbacks">type ServerAuthCallbacks</a>
</li>
<li>
<a href="#ServerAuthError">type ServerAuthError</a>
<ul>
<li><a href="#ServerAuthError.Error">func (l ServerAuthError) Error() string</a></li>
</ul>
</li>
<li>
<a href="#ServerConn">type ServerConn</a>
<ul>
<li><a href="#NewServerConn">func NewServerConn(ctx context.Context, c net.Conn, config *Server) (*ServerConn, error)</a></li>
<li><a href="#ServerConn.Close">func (c *ServerConn) Close() error</a></li>
<li><a href="#ServerConn.Handle">func (c *ServerConn) Handle(channelHandler ChannelHandler, requestHandler RequestHandler) error</a></li>
</ul>
</li>
<li>
<a href="#Session">type Session</a>
<ul>
<li><a href="#Session.Close">func (s *Session) Close() error</a></li>
<li><a href="#Session.CombinedOutput">func (s *Session) CombinedOutput(cmd string) ([]byte, error)</a></li>
<li><a href="#Session.Output">func (s *Session) Output(cmd string) ([]byte, error)</a></li>
<li><a href="#Session.RequestPty">func (s *Session) RequestPty(term string, h, w int, termmodes TerminalModes) error</a></li>
<li><a href="#Session.RequestSubsystem">func (s *Session) RequestSubsystem(subsystem string) error</a></li>
<li><a href="#Session.Run">func (s *Session) Run(cmd string) error</a></li>
<li><a href="#Session.SendRequest">func (s *Session) SendRequest(name string, wantReply bool, payload []byte) (bool, error)</a></li>
<li><a href="#Session.Setenv">func (s *Session) Setenv(name, value string) error</a></li>
<li><a href="#Session.Shell">func (s *Session) Shell() error</a></li>
<li><a href="#Session.Signal">func (s *Session) Signal(sig Signal) error</a></li>
<li><a href="#Session.Start">func (s *Session) Start(cmd string) error</a></li>
<li><a href="#Session.StderrPipe">func (s *Session) StderrPipe() (io.Reader, error)</a></li>
<li><a href="#Session.StdinPipe">func (s *Session) StdinPipe() (io.WriteCloser, error)</a></li>
<li><a href="#Session.StdoutPipe">func (s *Session) StdoutPipe() (io.Reader, error)</a></li>
<li><a href="#Session.Wait">func (s *Session) Wait() error</a></li>
<li><a href="#Session.WindowChange">func (s *Session) WindowChange(h, w int) error</a></li>
</ul>
</li>
<li>
<a href="#Signal">type Signal</a>
</li>
<li>
<a href="#Signature">type Signature</a>
</li>
<li>
<a href="#Signer">type Signer</a>
<ul>
<li><a href="#NewCertSigner">func NewCertSigner(cert *Certificate, signer Signer) (Signer, error)</a></li>
<li><a href="#NewSigner">func NewSigner(signer crypto.Signer) (Signer, error)</a></li>
<li><a href="#NewSignerWithAlgorithms">func NewSignerWithAlgorithms(signer Signer, algorithms []string) (Signer, error)</a></li>
</ul>
</li>
<li>
<a href="#TerminalModes">type TerminalModes</a>
</li>
<li>
<a href="#Waitmsg">type Waitmsg</a>
<ul>
<li><a href="#Waitmsg.ExitStatus">func (w Waitmsg) ExitStatus() int</a></li>
<li><a href="#Waitmsg.Lang">func (w Waitmsg) Lang() string</a></li>
<li><a href="#Waitmsg.Msg">func (w Waitmsg) Msg() string</a></li>
<li><a href="#Waitmsg.Signal">func (w Waitmsg) Signal() string</a></li>
<li><a href="#Waitmsg.String">func (w Waitmsg) String() string</a></li>
</ul>
</li>
</ul><h4 id="pkg-examples">Examples</h4>
<ul>
<li><a href="#example-Certificate.SignCert">Certificate.SignCert</a></li>
<li><a href="#example-Client.Listen">Client.Listen</a></li>
<li><a href="#example-Dial">Dial</a></li>
<li><a href="#example-NewServerConn">NewServerConn</a></li>
<li><a href="#example-PublicKeys">PublicKeys</a></li>
<li><a href="#example-RetryableAuthMethod">RetryableAuthMethod</a></li>
<li><a href="#example-Server.AddHostKey">Server.AddHostKey</a></li>
<li><a href="#example-Server.ListenAndServe">Server.ListenAndServe</a></li>
<li><a href="#example-Session.RequestPty">Session.RequestPty</a></li>
</ul><h3 id="pkg-constants">Constants</h3>
<pre class="chroma"><span class="kd">const</span> <span class="p">(</span>
<span id="CertAlgoRSAv01"><span class="nx">CertAlgoRSAv01</span></span> <span class="p">=</span> <span class="s">&#34;ssh-rsa-cert-v01@openssh.com&#34;</span>
<span id="CertAlgoECDSA256v01"><span class="nx">CertAlgoECDSA256v01</span></span> <span class="p">=</span> <span class="s">&#34;ecdsa-sha2-nistp256-cert-v01@openssh.com&#34;</span>
<span id="CertAlgoECDSA384v01"><span class="nx">CertAlgoECDSA384v01</span></span> <span class="p">=</span> <span class="s">&#34;ecdsa-sha2-nistp384-cert-v01@openssh.com&#34;</span>
<span id="CertAlgoECDSA521v01"><span class="nx">CertAlgoECDSA521v01</span></span> <span class="p">=</span> <span class="s">&#34;ecdsa-sha2-nistp521-cert-v01@openssh.com&#34;</span>
<span id="CertAlgoSKECDSA256v01"><span class="nx">CertAlgoSKECDSA256v01</span></span> <span class="p">=</span> <span class="s">&#34;sk-ecdsa-sha2-nistp256-cert-v01@openssh.com&#34;</span>
<span id="CertAlgoED25519v01"><span class="nx">CertAlgoED25519v01</span></span> <span class="p">=</span> <span class="s">&#34;ssh-ed25519-cert-v01@openssh.com&#34;</span>
<span id="CertAlgoSKED25519v01"><span class="nx">CertAlgoSKED25519v01</span></span> <span class="p">=</span> <span class="s">&#34;sk-ssh-ed25519-cert-v01@openssh.com&#34;</span>
<span class="c1">// CertAlgoRSASHA256v01 and CertAlgoRSASHA512v01 can&#39;t appear as a
</span><span class="c1"></span> <span class="c1">// Certificate.Type (or PublicKey.Type), but only in
</span><span class="c1"></span> <span class="c1">// ClientConfig.HostKeyAlgorithms.
</span><span class="c1"></span> <span id="CertAlgoRSASHA256v01"><span class="nx">CertAlgoRSASHA256v01</span></span> <span class="p">=</span> <span class="s">&#34;rsa-sha2-256-cert-v01@openssh.com&#34;</span>
<span id="CertAlgoRSASHA512v01"><span class="nx">CertAlgoRSASHA512v01</span></span> <span class="p">=</span> <span class="s">&#34;rsa-sha2-512-cert-v01@openssh.com&#34;</span>
<span class="p">)</span></pre>
<p>Certificate algorithm names from [PROTOCOL.certkeys]. These values can appear
in Certificate.Type, PublicKey.Type, and ClientConfig.HostKeyAlgorithms.
Unlike key algorithm names, these are not passed to AlgorithmSigner nor
returned by MultiAlgorithmSigner and don&apos;t appear in the Signature.Format
field.
<pre class="chroma"><span class="kd">const</span> <span class="p">(</span>
<span id="UserCert"><span class="nx">UserCert</span></span> <span class="p">=</span> <span class="mi">1</span>
<span id="HostCert"><span class="nx">HostCert</span></span> <span class="p">=</span> <span class="mi">2</span>
<span class="p">)</span></pre>
<p>Certificate types distinguish between host and user
certificates. The values can be set in the CertType field of
Certificate.
<pre class="chroma"><span class="kd">const</span> <span class="p">(</span>
<span id="CipherAES128GCM"><span class="nx">CipherAES128GCM</span></span> <span class="p">=</span> <span class="s">&#34;aes128-gcm@openssh.com&#34;</span>
<span id="CipherAES256GCM"><span class="nx">CipherAES256GCM</span></span> <span class="p">=</span> <span class="s">&#34;aes256-gcm@openssh.com&#34;</span>
<span id="CipherChacha20Poly1305"><span class="nx">CipherChacha20Poly1305</span></span> <span class="p">=</span> <span class="s">&#34;chacha20-poly1305@openssh.com&#34;</span>
<span id="CipherAES128CTR"><span class="nx">CipherAES128CTR</span></span> <span class="p">=</span> <span class="s">&#34;aes128-ctr&#34;</span>
<span id="CipherAES192CTR"><span class="nx">CipherAES192CTR</span></span> <span class="p">=</span> <span class="s">&#34;aes192-ctr&#34;</span>
<span id="CipherAES256CTR"><span class="nx">CipherAES256CTR</span></span> <span class="p">=</span> <span class="s">&#34;aes256-ctr&#34;</span>
<span id="InsecureCipherAES128CBC"><span class="nx">InsecureCipherAES128CBC</span></span> <span class="p">=</span> <span class="s">&#34;aes128-cbc&#34;</span>
<span id="InsecureCipherTripleDESCBC"><span class="nx">InsecureCipherTripleDESCBC</span></span> <span class="p">=</span> <span class="s">&#34;3des-cbc&#34;</span>
<span id="InsecureCipherRC4"><span class="nx">InsecureCipherRC4</span></span> <span class="p">=</span> <span class="s">&#34;arcfour&#34;</span>
<span id="InsecureCipherRC4128"><span class="nx">InsecureCipherRC4128</span></span> <span class="p">=</span> <span class="s">&#34;arcfour128&#34;</span>
<span id="InsecureCipherRC4256"><span class="nx">InsecureCipherRC4256</span></span> <span class="p">=</span> <span class="s">&#34;arcfour256&#34;</span>
<span class="p">)</span></pre>
<p>Implemented ciphers algorithms.
<pre class="chroma"><span class="kd">const</span> <span class="p">(</span>
<span id="InsecureKeyExchangeDH1SHA1"><span class="nx">InsecureKeyExchangeDH1SHA1</span></span> <span class="p">=</span> <span class="s">&#34;diffie-hellman-group1-sha1&#34;</span>
<span id="InsecureKeyExchangeDH14SHA1"><span class="nx">InsecureKeyExchangeDH14SHA1</span></span> <span class="p">=</span> <span class="s">&#34;diffie-hellman-group14-sha1&#34;</span>
<span id="KeyExchangeDH14SHA256"><span class="nx">KeyExchangeDH14SHA256</span></span> <span class="p">=</span> <span class="s">&#34;diffie-hellman-group14-sha256&#34;</span>
<span id="KeyExchangeDH16SHA512"><span class="nx">KeyExchangeDH16SHA512</span></span> <span class="p">=</span> <span class="s">&#34;diffie-hellman-group16-sha512&#34;</span>
<span id="KeyExchangeECDHP256"><span class="nx">KeyExchangeECDHP256</span></span> <span class="p">=</span> <span class="s">&#34;ecdh-sha2-nistp256&#34;</span>
<span id="KeyExchangeECDHP384"><span class="nx">KeyExchangeECDHP384</span></span> <span class="p">=</span> <span class="s">&#34;ecdh-sha2-nistp384&#34;</span>
<span id="KeyExchangeECDHP521"><span class="nx">KeyExchangeECDHP521</span></span> <span class="p">=</span> <span class="s">&#34;ecdh-sha2-nistp521&#34;</span>
<span id="KeyExchangeCurve25519SHA256"><span class="nx">KeyExchangeCurve25519SHA256</span></span> <span class="p">=</span> <span class="s">&#34;curve25519-sha256&#34;</span>
<span id="InsecureKeyExchangeDHGEXSHA1"><span class="nx">InsecureKeyExchangeDHGEXSHA1</span></span> <span class="p">=</span> <span class="s">&#34;diffie-hellman-group-exchange-sha1&#34;</span>
<span id="KeyExchangeDHGEXSHA256"><span class="nx">KeyExchangeDHGEXSHA256</span></span> <span class="p">=</span> <span class="s">&#34;diffie-hellman-group-exchange-sha256&#34;</span>
<span class="p">)</span></pre>
<p>Implemented key exchanges algorithms.
<pre class="chroma"><span class="kd">const</span> <span class="p">(</span>
<span id="HMACSHA256ETM"><span class="nx">HMACSHA256ETM</span></span> <span class="p">=</span> <span class="s">&#34;hmac-sha2-256-etm@openssh.com&#34;</span>
<span id="HMACSHA512ETM"><span class="nx">HMACSHA512ETM</span></span> <span class="p">=</span> <span class="s">&#34;hmac-sha2-512-etm@openssh.com&#34;</span>
<span id="HMACSHA256"><span class="nx">HMACSHA256</span></span> <span class="p">=</span> <span class="s">&#34;hmac-sha2-256&#34;</span>
<span id="HMACSHA512"><span class="nx">HMACSHA512</span></span> <span class="p">=</span> <span class="s">&#34;hmac-sha2-512&#34;</span>
<span id="InsecureHMACSHA1"><span class="nx">InsecureHMACSHA1</span></span> <span class="p">=</span> <span class="s">&#34;hmac-sha1&#34;</span>
<span id="InsecureHMACSHA196"><span class="nx">InsecureHMACSHA196</span></span> <span class="p">=</span> <span class="s">&#34;hmac-sha1-96&#34;</span>
<span class="p">)</span></pre>
<p>Implemented message authentication code (MAC) algorithms.
<pre class="chroma"><span class="kd">const</span> <span class="p">(</span>
<span id="KeyTypeRSA"><span class="nx">KeyTypeRSA</span></span> <span class="p">=</span> <span class="s">&#34;ssh-rsa&#34;</span>
<span id="KeyTypeECDSA256"><span class="nx">KeyTypeECDSA256</span></span> <span class="p">=</span> <span class="s">&#34;ecdsa-sha2-nistp256&#34;</span>
<span id="KeyTypeECDSA384"><span class="nx">KeyTypeECDSA384</span></span> <span class="p">=</span> <span class="s">&#34;ecdsa-sha2-nistp384&#34;</span>
<span id="KeyTypeECDSA521"><span class="nx">KeyTypeECDSA521</span></span> <span class="p">=</span> <span class="s">&#34;ecdsa-sha2-nistp521&#34;</span>
<span id="KeyTypeSKECDSA256"><span class="nx">KeyTypeSKECDSA256</span></span> <span class="p">=</span> <span class="s">&#34;sk-ecdsa-sha2-nistp256@openssh.com&#34;</span>
<span id="KeyTypeED25519"><span class="nx">KeyTypeED25519</span></span> <span class="p">=</span> <span class="s">&#34;ssh-ed25519&#34;</span>
<span id="KeyTypeSKED25519"><span class="nx">KeyTypeSKED25519</span></span> <span class="p">=</span> <span class="s">&#34;sk-ssh-ed25519@openssh.com&#34;</span>
<span class="p">)</span></pre>
<p>Implemented public key types.
<pre class="chroma"><span class="kd">const</span> <span class="p">(</span>
<span id="KeyAlgoRSA"><span class="nx">KeyAlgoRSA</span></span> <span class="p">=</span> <span class="s">&#34;ssh-rsa&#34;</span>
<span id="KeyAlgoECDSA256"><span class="nx">KeyAlgoECDSA256</span></span> <span class="p">=</span> <span class="s">&#34;ecdsa-sha2-nistp256&#34;</span>
<span id="KeyAlgoSKECDSA256"><span class="nx">KeyAlgoSKECDSA256</span></span> <span class="p">=</span> <span class="s">&#34;sk-ecdsa-sha2-nistp256@openssh.com&#34;</span>
<span id="KeyAlgoECDSA384"><span class="nx">KeyAlgoECDSA384</span></span> <span class="p">=</span> <span class="s">&#34;ecdsa-sha2-nistp384&#34;</span>
<span id="KeyAlgoECDSA521"><span class="nx">KeyAlgoECDSA521</span></span> <span class="p">=</span> <span class="s">&#34;ecdsa-sha2-nistp521&#34;</span>
<span id="KeyAlgoED25519"><span class="nx">KeyAlgoED25519</span></span> <span class="p">=</span> <span class="s">&#34;ssh-ed25519&#34;</span>
<span id="KeyAlgoSKED25519"><span class="nx">KeyAlgoSKED25519</span></span> <span class="p">=</span> <span class="s">&#34;sk-ssh-ed25519@openssh.com&#34;</span>
<span class="c1">// KeyAlgoRSASHA256 and KeyAlgoRSASHA512 are only public key algorithms, not
</span><span class="c1"></span> <span class="c1">// public key formats, so they can&#39;t appear as a PublicKey.Type. The
</span><span class="c1"></span> <span class="c1">// corresponding PublicKey.Type is KeyAlgoRSA. See RFC 8332, Section 2.
</span><span class="c1"></span> <span id="KeyAlgoRSASHA256"><span class="nx">KeyAlgoRSASHA256</span></span> <span class="p">=</span> <span class="s">&#34;rsa-sha2-256&#34;</span>
<span id="KeyAlgoRSASHA512"><span class="nx">KeyAlgoRSASHA512</span></span> <span class="p">=</span> <span class="s">&#34;rsa-sha2-512&#34;</span>
<span class="p">)</span></pre>
<p>Public key algorithms names. These values can appear in PublicKey.Type,
ClientConfig.HostKeyAlgorithms, Signature.Format, or as AlgorithmSigner
arguments.
<pre class="chroma"><span class="kd">const</span> <span class="p">(</span>
<span id="VINTR"><span class="nx">VINTR</span></span> <span class="p">=</span> <span class="mi">1</span>
<span id="VQUIT"><span class="nx">VQUIT</span></span> <span class="p">=</span> <span class="mi">2</span>
<span id="VERASE"><span class="nx">VERASE</span></span> <span class="p">=</span> <span class="mi">3</span>
<span id="VKILL"><span class="nx">VKILL</span></span> <span class="p">=</span> <span class="mi">4</span>
<span id="VEOF"><span class="nx">VEOF</span></span> <span class="p">=</span> <span class="mi">5</span>
<span id="VEOL"><span class="nx">VEOL</span></span> <span class="p">=</span> <span class="mi">6</span>
<span id="VEOL2"><span class="nx">VEOL2</span></span> <span class="p">=</span> <span class="mi">7</span>
<span id="VSTART"><span class="nx">VSTART</span></span> <span class="p">=</span> <span class="mi">8</span>
<span id="VSTOP"><span class="nx">VSTOP</span></span> <span class="p">=</span> <span class="mi">9</span>
<span id="VSUSP"><span class="nx">VSUSP</span></span> <span class="p">=</span> <span class="mi">10</span>
<span id="VDSUSP"><span class="nx">VDSUSP</span></span> <span class="p">=</span> <span class="mi">11</span>
<span id="VREPRINT"><span class="nx">VREPRINT</span></span> <span class="p">=</span> <span class="mi">12</span>
<span id="VWERASE"><span class="nx">VWERASE</span></span> <span class="p">=</span> <span class="mi">13</span>
<span id="VLNEXT"><span class="nx">VLNEXT</span></span> <span class="p">=</span> <span class="mi">14</span>
<span id="VFLUSH"><span class="nx">VFLUSH</span></span> <span class="p">=</span> <span class="mi">15</span>
<span id="VSWTCH"><span class="nx">VSWTCH</span></span> <span class="p">=</span> <span class="mi">16</span>
<span id="VSTATUS"><span class="nx">VSTATUS</span></span> <span class="p">=</span> <span class="mi">17</span>
<span id="VDISCARD"><span class="nx">VDISCARD</span></span> <span class="p">=</span> <span class="mi">18</span>
<span id="IGNPAR"><span class="nx">IGNPAR</span></span> <span class="p">=</span> <span class="mi">30</span>
<span id="PARMRK"><span class="nx">PARMRK</span></span> <span class="p">=</span> <span class="mi">31</span>
<span id="INPCK"><span class="nx">INPCK</span></span> <span class="p">=</span> <span class="mi">32</span>
<span id="ISTRIP"><span class="nx">ISTRIP</span></span> <span class="p">=</span> <span class="mi">33</span>
<span id="INLCR"><span class="nx">INLCR</span></span> <span class="p">=</span> <span class="mi">34</span>
<span id="IGNCR"><span class="nx">IGNCR</span></span> <span class="p">=</span> <span class="mi">35</span>
<span id="ICRNL"><span class="nx">ICRNL</span></span> <span class="p">=</span> <span class="mi">36</span>
<span id="IUCLC"><span class="nx">IUCLC</span></span> <span class="p">=</span> <span class="mi">37</span>
<span id="IXON"><span class="nx">IXON</span></span> <span class="p">=</span> <span class="mi">38</span>
<span id="IXANY"><span class="nx">IXANY</span></span> <span class="p">=</span> <span class="mi">39</span>
<span id="IXOFF"><span class="nx">IXOFF</span></span> <span class="p">=</span> <span class="mi">40</span>
<span id="IMAXBEL"><span class="nx">IMAXBEL</span></span> <span class="p">=</span> <span class="mi">41</span>
<span id="IUTF8"><span class="nx">IUTF8</span></span> <span class="p">=</span> <span class="mi">42</span> <span class="c1">// RFC 8160
</span><span class="c1"></span> <span id="ISIG"><span class="nx">ISIG</span></span> <span class="p">=</span> <span class="mi">50</span>
<span id="ICANON"><span class="nx">ICANON</span></span> <span class="p">=</span> <span class="mi">51</span>
<span id="XCASE"><span class="nx">XCASE</span></span> <span class="p">=</span> <span class="mi">52</span>
<span id="ECHO"><span class="nx">ECHO</span></span> <span class="p">=</span> <span class="mi">53</span>
<span id="ECHOE"><span class="nx">ECHOE</span></span> <span class="p">=</span> <span class="mi">54</span>
<span id="ECHOK"><span class="nx">ECHOK</span></span> <span class="p">=</span> <span class="mi">55</span>
<span id="ECHONL"><span class="nx">ECHONL</span></span> <span class="p">=</span> <span class="mi">56</span>
<span id="NOFLSH"><span class="nx">NOFLSH</span></span> <span class="p">=</span> <span class="mi">57</span>
<span id="TOSTOP"><span class="nx">TOSTOP</span></span> <span class="p">=</span> <span class="mi">58</span>
<span id="IEXTEN"><span class="nx">IEXTEN</span></span> <span class="p">=</span> <span class="mi">59</span>
<span id="ECHOCTL"><span class="nx">ECHOCTL</span></span> <span class="p">=</span> <span class="mi">60</span>
<span id="ECHOKE"><span class="nx">ECHOKE</span></span> <span class="p">=</span> <span class="mi">61</span>
<span id="PENDIN"><span class="nx">PENDIN</span></span> <span class="p">=</span> <span class="mi">62</span>
<span id="OPOST"><span class="nx">OPOST</span></span> <span class="p">=</span> <span class="mi">70</span>
<span id="OLCUC"><span class="nx">OLCUC</span></span> <span class="p">=</span> <span class="mi">71</span>
<span id="ONLCR"><span class="nx">ONLCR</span></span> <span class="p">=</span> <span class="mi">72</span>
<span id="OCRNL"><span class="nx">OCRNL</span></span> <span class="p">=</span> <span class="mi">73</span>
<span id="ONOCR"><span class="nx">ONOCR</span></span> <span class="p">=</span> <span class="mi">74</span>
<span id="ONLRET"><span class="nx">ONLRET</span></span> <span class="p">=</span> <span class="mi">75</span>
<span id="CS7"><span class="nx">CS7</span></span> <span class="p">=</span> <span class="mi">90</span>
<span id="CS8"><span class="nx">CS8</span></span> <span class="p">=</span> <span class="mi">91</span>
<span id="PARENB"><span class="nx">PARENB</span></span> <span class="p">=</span> <span class="mi">92</span>
<span id="PARODD"><span class="nx">PARODD</span></span> <span class="p">=</span> <span class="mi">93</span>
<span id="TTY_OP_ISPEED"><span class="nx">TTY_OP_ISPEED</span></span> <span class="p">=</span> <span class="mi">128</span>
<span id="TTY_OP_OSPEED"><span class="nx">TTY_OP_OSPEED</span></span> <span class="p">=</span> <span class="mi">129</span>
<span class="p">)</span></pre>
<p>POSIX terminal mode flags as listed in RFC 4254 Section 8.
<pre class="chroma"><span class="kd">const</span> <span id="CertTimeInfinity"><span class="nx">CertTimeInfinity</span></span> <span class="p">=</span> <span class="mi">1</span><span class="o">&lt;&lt;</span><span class="mi">64</span> <span class="o">-</span> <span class="mi">1</span></pre>
<p>CertTimeInfinity can be used for OpenSSHCertV01.ValidBefore to indicate that
a certificate does not expire.
<h3 id="pkg-variables">Variables</h3>
<pre class="chroma"><span class="kd">var</span> <span id="ErrNoAuth"><span class="nx">ErrNoAuth</span></span> <span class="p">=</span> <a href="https://pkg.go.dev/errors"><span class="nx">errors</span></a><span class="p">.</span><a href="https://pkg.go.dev/errors#New"><span class="nf">New</span></a><span class="p">(</span><span class="s">&#34;ssh: no auth passed yet&#34;</span><span class="p">)</span></pre>
<p>ErrNoAuth is the error value returned if no
authentication method has been passed yet. This happens as a normal
part of the authentication loop, since the client first tries
&apos;none&apos; authentication to discover available methods.
It is returned in ServerAuthError.Errors from NewServerConn.
<h3 id="pkg-functions">Functions</h3>
<h3 id="FingerprintLegacyMD5">func FingerprintLegacyMD5</h3>
<pre class="chroma"><span class="kd">func</span> <span class="nf">FingerprintLegacyMD5</span><span class="p">(</span><span class="nx">pubKey</span> <a href="#PublicKey"><span class="nx">PublicKey</span></a><span class="p">)</span> <a href="https://pkg.go.dev/builtin#string"><span class="kt">string</span></a></pre>
<p>FingerprintLegacyMD5 returns the user presentation of the key&apos;s
fingerprint as described by RFC 4716 section 4.
<h3 id="FingerprintSHA256">func FingerprintSHA256</h3>
<pre class="chroma"><span class="kd">func</span> <span class="nf">FingerprintSHA256</span><span class="p">(</span><span class="nx">pubKey</span> <a href="#PublicKey"><span class="nx">PublicKey</span></a><span class="p">)</span> <a href="https://pkg.go.dev/builtin#string"><span class="kt">string</span></a></pre>
<p>FingerprintSHA256 returns the user presentation of the key&apos;s
fingerprint as unpadded base64 encoded sha256 hash.
This format was introduced from OpenSSH 6.8.
<a href="https://www.openssh.com/txt/release-6.8">https://www.openssh.com/txt/release-6.8</a>
<a href="https://tools.ietf.org/html/rfc4648#section-3.2">https://tools.ietf.org/html/rfc4648#section-3.2</a> (unpadded base64 encoding)
<h3 id="Marshal">func Marshal</h3>
<pre class="chroma"><span class="kd">func</span> <span class="nf">Marshal</span><span class="p">(</span><span class="nx">msg</span> <span class="kd">interface</span><span class="p">{})</span> <span class="p">[]</span><a href="https://pkg.go.dev/builtin#byte"><span class="kt">byte</span></a></pre>
<p>Marshal serializes the message in msg to SSH wire format. The msg
argument should be a struct or pointer to struct. If the first
member has the &quot;sshtype&quot; tag set to a number in decimal, that
number is prepended to the result. If the last of member has the
&quot;ssh&quot; tag set to &quot;rest&quot;, its contents are appended to the output.
<h3 id="MarshalAuthorizedKey">func MarshalAuthorizedKey</h3>
<pre class="chroma"><span class="kd">func</span> <span class="nf">MarshalAuthorizedKey</span><span class="p">(</span><span class="nx">key</span> <a href="#PublicKey"><span class="nx">PublicKey</span></a><span class="p">)</span> <span class="p">[]</span><a href="https://pkg.go.dev/builtin#byte"><span class="kt">byte</span></a></pre>
<p>MarshalAuthorizedKey serializes key for inclusion in an OpenSSH
authorized_keys file. The return value ends with newline.
<h3 id="MarshalPrivateKey">func MarshalPrivateKey</h3>
<pre class="chroma"><span class="kd">func</span> <span class="nf">MarshalPrivateKey</span><span class="p">(</span><span class="nx">key</span> <a href="https://pkg.go.dev/crypto"><span class="nx">crypto</span></a><span class="p">.</span><a href="https://pkg.go.dev/crypto#PrivateKey"><span class="nx">PrivateKey</span></a><span class="p">,</span> <span class="nx">options</span> <a href="#MarshalPrivateKeyOptions"><span class="nx">MarshalPrivateKeyOptions</span></a><span class="p">)</span> <span class="p">(</span><span class="o">*</span><a href="https://pkg.go.dev/encoding/pem"><span class="nx">pem</span></a><span class="p">.</span><a href="https://pkg.go.dev/encoding/pem#Block"><span class="nx">Block</span></a><span class="p">,</span> <a href="https://pkg.go.dev/builtin#error"><span class="kt">error</span></a><span class="p">)</span></pre>
<p>MarshalPrivateKey returns a PEM block with the private key serialized in the
OpenSSH format.
<h3 id="Unmarshal">func Unmarshal</h3>
<pre class="chroma"><span class="kd">func</span> <span class="nf">Unmarshal</span><span class="p">(</span><span class="nx">data</span> <span class="p">[]</span><a href="https://pkg.go.dev/builtin#byte"><span class="kt">byte</span></a><span class="p">,</span> <span class="nx">out</span> <span class="kd">interface</span><span class="p">{})</span> <a href="https://pkg.go.dev/builtin#error"><span class="kt">error</span></a></pre>
<p>Unmarshal parses data in SSH wire format into a structure. The out
argument should be a pointer to struct. If the first member of the
struct has the &quot;sshtype&quot; tag set to a &apos;|&apos;-separated set of numbers
in decimal, the packet must start with one of those numbers. In
case of error, Unmarshal returns a ParseError or
UnexpectedMessageError.
<h3 id="pkg-types">Types</h3>
<h3 id="Algorithms">type Algorithms</h3>
<pre class="chroma"><span class="kd">type</span> <span class="nx">Algorithms</span> <span class="kd">struct</span> <span class="p">{</span>
<span id="Algorithms.KeyExchanges"><span class="nx">KeyExchanges</span></span> <span class="p">[]</span><a href="https://pkg.go.dev/builtin#string"><span class="kt">string</span></a>
<span id="Algorithms.Ciphers"><span class="nx">Ciphers</span></span> <span class="p">[]</span><a href="https://pkg.go.dev/builtin#string"><span class="kt">string</span></a>
<span id="Algorithms.MACs"><span class="nx">MACs</span></span> <span class="p">[]</span><a href="https://pkg.go.dev/builtin#string"><span class="kt">string</span></a>
<span id="Algorithms.HostKeys"><span class="nx">HostKeys</span></span> <span class="p">[]</span><a href="https://pkg.go.dev/builtin#string"><span class="kt">string</span></a>
<span id="Algorithms.PublicKeyAuths"><span class="nx">PublicKeyAuths</span></span> <span class="p">[]</span><a href="https://pkg.go.dev/builtin#string"><span class="kt">string</span></a>
<span class="p">}</span></pre>
<p>Algorithms defines a set of algorithms that can be configured in the client
or server config for negotiation during a handshake.
<h4 id="InsecureAlgorithms">func InsecureAlgorithms</h4>
<pre class="chroma"><span class="kd">func</span> <span class="nf">InsecureAlgorithms</span><span class="p">()</span> <a href="#Algorithms"><span class="nx">Algorithms</span></a></pre>
<p>InsecureAlgorithms returns algorithms currently implemented by this package
and which have security issues.
<h4 id="SupportedAlgorithms">func SupportedAlgorithms</h4>
<pre class="chroma"><span class="kd">func</span> <span class="nf">SupportedAlgorithms</span><span class="p">()</span> <a href="#Algorithms"><span class="nx">Algorithms</span></a></pre>
<p>SupportedAlgorithms returns algorithms currently implemented by this package,
excluding those with security issues, which are returned by
InsecureAlgorithms. The algorithms listed here are in preference order.
<h3 id="AuthMethod">type AuthMethod</h3>
<pre class="chroma"><span class="kd">type</span> <span class="nx">AuthMethod</span> <span class="kd">interface</span> <span class="p">{</span>
<span class="c1">// contains filtered or unexported methods
</span><span class="c1"></span><span class="p">}</span></pre>
<p>An AuthMethod represents an instance of an RFC 4252 authentication method.
<h4 id="GSSAPIWithMICAuthMethod">func GSSAPIWithMICAuthMethod</h4>
<pre class="chroma"><span class="kd">func</span> <span class="nf">GSSAPIWithMICAuthMethod</span><span class="p">(</span><span class="nx">gssAPIClient</span> <a href="#GSSAPIClient"><span class="nx">GSSAPIClient</span></a><span class="p">,</span> <span class="nx">target</span> <a href="https://pkg.go.dev/builtin#string"><span class="kt">string</span></a><span class="p">)</span> <a href="#AuthMethod"><span class="nx">AuthMethod</span></a></pre>
<p>GSSAPIWithMICAuthMethod is an AuthMethod with &quot;gssapi-with-mic&quot; authentication.
See RFC 4462 section 3
gssAPIClient is implementation of the GSSAPIClient interface, see the definition of the interface for details.
target is the server host you want to log in to.
<h4 id="KeyboardInteractive">func KeyboardInteractive</h4>
<pre class="chroma"><span class="kd">func</span> <span class="nf">KeyboardInteractive</span><span class="p">(</span><span class="nx">challenge</span> <a href="#KeyboardInteractiveChallenge"><span class="nx">KeyboardInteractiveChallenge</span></a><span class="p">)</span> <a href="#AuthMethod"><span class="nx">AuthMethod</span></a></pre>
<p>KeyboardInteractive returns an AuthMethod using a prompt/response
sequence controlled by the server.
<h4 id="Password">func Password</h4>
<pre class="chroma"><span class="kd">func</span> <span class="nf">Password</span><span class="p">(</span><span class="nx">secret</span> <a href="https://pkg.go.dev/builtin#string"><span class="kt">string</span></a><span class="p">)</span> <a href="#AuthMethod"><span class="nx">AuthMethod</span></a></pre>
<p>Password returns an AuthMethod using the given password.
<h4 id="PasswordCallback">func PasswordCallback</h4>
<pre class="chroma"><span class="kd">func</span> <span class="nf">PasswordCallback</span><span class="p">(</span><span class="nx">prompt</span> <span class="kd">func</span><span class="p">()</span> <span class="p">(</span><span class="nx">secret</span> <a href="https://pkg.go.dev/builtin#string"><span class="kt">string</span></a><span class="p">,</span> <span class="nx">err</span> <a href="https://pkg.go.dev/builtin#error"><span class="kt">error</span></a><span class="p">))</span> <a href="#AuthMethod"><span class="nx">AuthMethod</span></a></pre>
<p>PasswordCallback returns an AuthMethod that uses a callback for
fetching a password.
<h4 id="PublicKeys">func PublicKeys</h4>
<pre class="chroma"><span class="kd">func</span> <span class="nf">PublicKeys</span><span class="p">(</span><span class="nx">signers</span> <span class="o">...</span><a href="#Signer"><span class="nx">Signer</span></a><span class="p">)</span> <a href="#AuthMethod"><span class="nx">AuthMethod</span></a></pre>
<p>PublicKeys returns an AuthMethod that uses the given key
pairs.
<details id="example-PublicKeys" class="example">
<summary>Example</summary>
<pre class="chroma"><span class="kn">package</span> <span class="nx">main</span>
<span class="kn">import</span> <span class="p">(</span>
<span class="s">&#34;context&#34;</span>
<span class="s">&#34;log&#34;</span>
<span class="s">&#34;os&#34;</span>
<span class="s">&#34;golang.org/x/crypto/ssh&#34;</span>
<span class="p">)</span>
<span class="kd">func</span> <span class="nf">main</span><span class="p">()</span> <span class="p">{</span>
<span class="kd">var</span> <span class="nx">hostKey</span> <span class="nx">ssh</span><span class="p">.</span><span class="nx">PublicKey</span>
<span class="c1">// A public key may be used to authenticate against the remote
</span><span class="c1"></span> <span class="c1">// server by using an unencrypted PEM-encoded private key file.
</span><span class="c1"></span> <span class="c1">//
</span><span class="c1"></span> <span class="c1">// If you have an encrypted private key, the crypto/x509 package
</span><span class="c1"></span> <span class="c1">// can be used to decrypt it.
</span><span class="c1"></span> <span class="nx">key</span><span class="p">,</span> <span class="nx">err</span> <span class="o">:=</span> <span class="nx">os</span><span class="p">.</span><span class="nf">ReadFile</span><span class="p">(</span><span class="s">&#34;/home/user/.ssh/id_rsa&#34;</span><span class="p">)</span>
<span class="k">if</span> <span class="nx">err</span> <span class="o">!=</span> <span class="kc">nil</span> <span class="p">{</span>
<span class="nx">log</span><span class="p">.</span><span class="nf">Fatalf</span><span class="p">(</span><span class="s">&#34;unable to read private key: %v&#34;</span><span class="p">,</span> <span class="nx">err</span><span class="p">)</span>
<span class="p">}</span>
<span class="c1">// Create the Signer for this private key.
</span><span class="c1"></span> <span class="nx">signer</span><span class="p">,</span> <span class="nx">err</span> <span class="o">:=</span> <span class="nx">ssh</span><span class="p">.</span><span class="nf">ParsePrivateKey</span><span class="p">(</span><span class="nx">key</span><span class="p">)</span>
<span class="k">if</span> <span class="nx">err</span> <span class="o">!=</span> <span class="kc">nil</span> <span class="p">{</span>
<span class="nx">log</span><span class="p">.</span><span class="nf">Fatalf</span><span class="p">(</span><span class="s">&#34;unable to parse private key: %v&#34;</span><span class="p">,</span> <span class="nx">err</span><span class="p">)</span>
<span class="p">}</span>
<span class="nx">config</span> <span class="o">:=</span> <span class="o">&amp;</span><span class="nx">ssh</span><span class="p">.</span><span class="nx">ClientConfig</span><span class="p">{</span>
<span class="nx">User</span><span class="p">:</span> <span class="s">&#34;user&#34;</span><span class="p">,</span>
<span class="nx">Auth</span><span class="p">:</span> <span class="p">[]</span><span class="nx">ssh</span><span class="p">.</span><span class="nx">AuthMethod</span><span class="p">{</span>
<span class="c1">// Use the PublicKeys method for remote authentication.
</span><span class="c1"></span> <span class="nx">ssh</span><span class="p">.</span><span class="nf">PublicKeys</span><span class="p">(</span><span class="nx">signer</span><span class="p">),</span>
<span class="p">},</span>
<span class="nx">HostKey</span><span class="p">:</span> <span class="nx">ssh</span><span class="p">.</span><span class="nf">FixedHostKey</span><span class="p">(</span><span class="nx">hostKey</span><span class="p">),</span>
<span class="p">}</span>
<span class="c1">// Connect to the remote server and perform the SSH handshake.
</span><span class="c1"></span> <span class="nx">client</span><span class="p">,</span> <span class="nx">err</span> <span class="o">:=</span> <span class="nx">ssh</span><span class="p">.</span><span class="nf">Dial</span><span class="p">(</span><span class="nx">context</span><span class="p">.</span><span class="nf">Background</span><span class="p">(),</span> <span class="s">&#34;tcp&#34;</span><span class="p">,</span> <span class="s">&#34;host.com:22&#34;</span><span class="p">,</span> <span class="nx">config</span><span class="p">)</span>
<span class="k">if</span> <span class="nx">err</span> <span class="o">!=</span> <span class="kc">nil</span> <span class="p">{</span>
<span class="nx">log</span><span class="p">.</span><span class="nf">Fatalf</span><span class="p">(</span><span class="s">&#34;unable to connect: %v&#34;</span><span class="p">,</span> <span class="nx">err</span><span class="p">)</span>
<span class="p">}</span>
<span class="k">defer</span> <span class="nx">client</span><span class="p">.</span><span class="nf">Close</span><span class="p">()</span>
<span class="p">}</span></pre>
</details>
<h4 id="PublicKeysCallback">func PublicKeysCallback</h4>
<pre class="chroma"><span class="kd">func</span> <span class="nf">PublicKeysCallback</span><span class="p">(</span><span class="nx">getSigners</span> <span class="kd">func</span><span class="p">()</span> <span class="p">(</span><span class="nx">signers</span> <span class="p">[]</span><a href="#Signer"><span class="nx">Signer</span></a><span class="p">,</span> <span class="nx">err</span> <a href="https://pkg.go.dev/builtin#error"><span class="kt">error</span></a><span class="p">))</span> <a href="#AuthMethod"><span class="nx">AuthMethod</span></a></pre>
<p>PublicKeysCallback returns an AuthMethod that runs the given
function to obtain a list of key pairs.
<h4 id="RetryableAuthMethod">func RetryableAuthMethod</h4>
<pre class="chroma"><span class="kd">func</span> <span class="nf">RetryableAuthMethod</span><span class="p">(</span><span class="nx">auth</span> <a href="#AuthMethod"><span class="nx">AuthMethod</span></a><span class="p">,</span> <span class="nx">maxTries</span> <a href="https://pkg.go.dev/builtin#int"><span class="kt">int</span></a><span class="p">)</span> <a href="#AuthMethod"><span class="nx">AuthMethod</span></a></pre>
<p>RetryableAuthMethod is a decorator for other auth methods enabling them to
be retried up to maxTries before considering that AuthMethod itself failed.
If maxTries is &lt;= 0, will retry indefinitely
<p>This is useful for interactive clients using challenge/response type
authentication (e.g. Keyboard-Interactive, Password, etc) where the user
could mistype their response resulting in the server issuing a
SSH_MSG_USERAUTH_FAILURE (rfc4252 #8 [password] and rfc4256 #3.4
[keyboard-interactive]); Without this decorator, the non-retryable
AuthMethod would be removed from future consideration, and never tried again
(and so the user would never be able to retry their entry).
<details id="example-RetryableAuthMethod" class="example">
<summary>Example</summary>
<pre class="chroma"><span class="nx">user</span> <span class="o">:=</span> <span class="s">&#34;testuser&#34;</span>
<span class="nx">NumberOfPrompts</span> <span class="o">:=</span> <span class="mi">3</span>
<span class="c1">// Normally this would be a callback that prompts the user to answer the
</span><span class="c1">// provided questions
</span><span class="c1"></span><span class="nx">Cb</span> <span class="o">:=</span> <span class="kd">func</span><span class="p">(</span><span class="nx">user</span><span class="p">,</span> <span class="nx">instruction</span> <span class="kt">string</span><span class="p">,</span> <span class="nx">questions</span> <span class="p">[]</span><span class="kt">string</span><span class="p">,</span> <span class="nx">echos</span> <span class="p">[]</span><span class="kt">bool</span><span class="p">)</span> <span class="p">(</span><span class="nx">answers</span> <span class="p">[]</span><span class="kt">string</span><span class="p">,</span> <span class="nx">err</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span>
<span class="k">return</span> <span class="p">[]</span><span class="kt">string</span><span class="p">{</span><span class="s">&#34;answer1&#34;</span><span class="p">,</span> <span class="s">&#34;answer2&#34;</span><span class="p">},</span> <span class="kc">nil</span>
<span class="p">}</span>
<span class="nx">config</span> <span class="o">:=</span> <span class="o">&amp;</span><span class="nx">ClientConfig</span><span class="p">{</span>
<span class="nx">HostKey</span><span class="p">:</span> <span class="nf">InsecureIgnoreHostKey</span><span class="p">(),</span>
<span class="nx">User</span><span class="p">:</span> <span class="nx">user</span><span class="p">,</span>
<span class="nx">Auth</span><span class="p">:</span> <span class="p">[]</span><span class="nx">AuthMethod</span><span class="p">{</span>
<span class="nf">RetryableAuthMethod</span><span class="p">(</span><span class="nf">KeyboardInteractiveChallenge</span><span class="p">(</span><span class="nx">Cb</span><span class="p">),</span> <span class="nx">NumberOfPrompts</span><span class="p">),</span>
<span class="p">},</span>
<span class="p">}</span>
<span class="nx">host</span> <span class="o">:=</span> <span class="s">&#34;mysshserver&#34;</span>
<span class="nx">netConn</span><span class="p">,</span> <span class="nx">err</span> <span class="o">:=</span> <span class="nx">net</span><span class="p">.</span><span class="nf">Dial</span><span class="p">(</span><span class="s">&#34;tcp&#34;</span><span class="p">,</span> <span class="nx">host</span><span class="p">)</span>
<span class="k">if</span> <span class="nx">err</span> <span class="o">!=</span> <span class="kc">nil</span> <span class="p">{</span>
<span class="nx">log</span><span class="p">.</span><span class="nf">Fatal</span><span class="p">(</span><span class="nx">err</span><span class="p">)</span>
<span class="p">}</span>
<span class="nx">sshConn</span><span class="p">,</span> <span class="nx">err</span> <span class="o">:=</span> <span class="nf">NewClientConn</span><span class="p">(</span><span class="nx">netConn</span><span class="p">,</span> <span class="nx">host</span><span class="p">,</span> <span class="nx">config</span><span class="p">)</span>
<span class="k">if</span> <span class="nx">err</span> <span class="o">!=</span> <span class="kc">nil</span> <span class="p">{</span>
<span class="nx">log</span><span class="p">.</span><span class="nf">Fatal</span><span class="p">(</span><span class="nx">err</span><span class="p">)</span>
<span class="p">}</span>
<span class="nx">_</span> <span class="p">=</span> <span class="nx">sshConn</span></pre>
</details>
<h3 id="BannerCallback">type BannerCallback</h3>
<pre class="chroma"><span class="kd">type</span> <span class="nx">BannerCallback</span> <span class="kd">func</span><span class="p">(</span><span class="nx">message</span> <a href="https://pkg.go.dev/builtin#string"><span class="kt">string</span></a><span class="p">)</span> <a href="https://pkg.go.dev/builtin#error"><span class="kt">error</span></a></pre>
<p>BannerCallback is the function type used for treat the banner sent by
the server. A BannerCallback receives the message sent by the remote server.
<h4 id="BannerDisplayStderr">func BannerDisplayStderr</h4>
<pre class="chroma"><span class="kd">func</span> <span class="nf">BannerDisplayStderr</span><span class="p">()</span> <a href="#BannerCallback"><span class="nx">BannerCallback</span></a></pre>
<p>BannerDisplayStderr returns a function that can be used for
ClientConfig.BannerCallback to display banners on os.Stderr.
<h3 id="BannerError">type BannerError</h3>
<pre class="chroma"><span class="kd">type</span> <span class="nx">BannerError</span> <span class="kd">struct</span> <span class="p">{</span>
<span id="BannerError.Err"><span class="nx">Err</span></span> <a href="https://pkg.go.dev/builtin#error"><span class="kt">error</span></a>
<span id="BannerError.Message"><span class="nx">Message</span></span> <a href="https://pkg.go.dev/builtin#string"><span class="kt">string</span></a>
<span class="p">}</span></pre>
<p>BannerError is an error that can be returned by authentication handlers in
Server to send a banner message to the client.
<h4 id="BannerError.Error">func (*BannerError) Error</h4>
<pre class="chroma"><span class="kd">func</span> <span class="p">(</span><span class="nx">b</span> <span class="o">*</span><a href="#BannerError"><span class="nx">BannerError</span></a><span class="p">)</span> <span class="nf">Error</span><span class="p">()</span> <a href="https://pkg.go.dev/builtin#string"><span class="kt">string</span></a></pre>
<h4 id="BannerError.Unwrap">func (*BannerError) Unwrap</h4>
<pre class="chroma"><span class="kd">func</span> <span class="p">(</span><span class="nx">b</span> <span class="o">*</span><a href="#BannerError"><span class="nx">BannerError</span></a><span class="p">)</span> <span class="nf">Unwrap</span><span class="p">()</span> <a href="https://pkg.go.dev/builtin#error"><span class="kt">error</span></a></pre>
<h3 id="CertChecker">type CertChecker</h3>
<pre class="chroma"><span class="kd">type</span> <span class="nx">CertChecker</span> <span class="kd">struct</span> <span class="p">{</span>
<span class="c1">// SupportedCriticalOptions lists the CriticalOptions that the
</span><span class="c1"></span> <span class="c1">// server application layer understands. These are only used
</span><span class="c1"></span> <span class="c1">// for user certificates.
</span><span class="c1"></span> <span id="CertChecker.SupportedCriticalOptions"><span class="nx">SupportedCriticalOptions</span></span> <span class="p">[]</span><a href="https://pkg.go.dev/builtin#string"><span class="kt">string</span></a>
<span class="c1">// IsUserAuthority should return true if the key is recognized as an
</span><span class="c1"></span> <span class="c1">// authority for the given user certificate. This allows for
</span><span class="c1"></span> <span class="c1">// certificates to be signed by other certificates. This must be set
</span><span class="c1"></span> <span class="c1">// if this CertChecker will be checking user certificates.
</span><span class="c1"></span> <span id="CertChecker.IsUserAuthority"><span class="nx">IsUserAuthority</span></span> <span class="kd">func</span><span class="p">(</span><span class="nx">auth</span> <a href="#PublicKey"><span class="nx">PublicKey</span></a><span class="p">)</span> <a href="https://pkg.go.dev/builtin#bool"><span class="kt">bool</span></a>
<span class="c1">// IsHostAuthority should report whether the key is recognized as
</span><span class="c1"></span> <span class="c1">// an authority for this host. This allows for certificates to be
</span><span class="c1"></span> <span class="c1">// signed by other keys, and for those other keys to only be valid
</span><span class="c1"></span> <span class="c1">// signers for particular hostnames. This must be set if this
</span><span class="c1"></span> <span class="c1">// CertChecker will be checking host certificates.
</span><span class="c1"></span> <span id="CertChecker.IsHostAuthority"><span class="nx">IsHostAuthority</span></span> <span class="kd">func</span><span class="p">(</span><span class="nx">auth</span> <a href="#PublicKey"><span class="nx">PublicKey</span></a><span class="p">,</span> <span class="nx">address</span> <a href="https://pkg.go.dev/builtin#string"><span class="kt">string</span></a><span class="p">)</span> <a href="https://pkg.go.dev/builtin#bool"><span class="kt">bool</span></a>
<span class="c1">// Clock is used for verifying time stamps. If nil, time.Now
</span><span class="c1"></span> <span class="c1">// is used.
</span><span class="c1"></span> <span id="CertChecker.Clock"><span class="nx">Clock</span></span> <span class="kd">func</span><span class="p">()</span> <a href="https://pkg.go.dev/time"><span class="nx">time</span></a><span class="p">.</span><a href="https://pkg.go.dev/time#Time"><span class="nx">Time</span></a>
<span class="c1">// UserKeyFallback is called when CertChecker.Authenticate encounters a
</span><span class="c1"></span> <span class="c1">// public key that is not a certificate. It must implement validation
</span><span class="c1"></span> <span class="c1">// of user keys or else, if nil, all such keys are rejected.
</span><span class="c1"></span> <span id="CertChecker.UserKeyFallback"><span class="nx">UserKeyFallback</span></span> <span class="kd">func</span><span class="p">(</span><span class="nx">conn</span> <a href="#ConnMetadata"><span class="nx">ConnMetadata</span></a><span class="p">,</span> <span class="nx">key</span> <a href="#PublicKey"><span class="nx">PublicKey</span></a><span class="p">)</span> <span class="p">(</span><span class="o">*</span><a href="#Permissions"><span class="nx">Permissions</span></a><span class="p">,</span> <a href="https://pkg.go.dev/builtin#error"><span class="kt">error</span></a><span class="p">)</span>
<span class="c1">// HostKeyFallback is called when CertChecker.CheckHostKey encounters a
</span><span class="c1"></span> <span class="c1">// public key that is not a certificate. It must implement host key
</span><span class="c1"></span> <span class="c1">// validation or else, if nil, all such keys are rejected.
</span><span class="c1"></span> <span id="CertChecker.HostKeyFallback"><span class="nx">HostKeyFallback</span></span> <a href="#HostKeyCallback"><span class="nx">HostKeyCallback</span></a>
<span class="c1">// IsRevoked is called for each certificate so that revocation checking
</span><span class="c1"></span> <span class="c1">// can be implemented. It should return true if the given certificate
</span><span class="c1"></span> <span class="c1">// is revoked and false otherwise. If nil, no certificates are
</span><span class="c1"></span> <span class="c1">// considered to have been revoked.
</span><span class="c1"></span> <span id="CertChecker.IsRevoked"><span class="nx">IsRevoked</span></span> <span class="kd">func</span><span class="p">(</span><span class="nx">cert</span> <span class="o">*</span><a href="#Certificate"><span class="nx">Certificate</span></a><span class="p">)</span> <a href="https://pkg.go.dev/builtin#bool"><span class="kt">bool</span></a>
<span class="p">}</span></pre>
<p>CertChecker does the work of verifying a certificate. Its methods
can be plugged into ClientConfig.HostKeyCallback and
Server.PublicKeyCallback. For the CertChecker to work,
minimally, the IsAuthority callback should be set.
<h4 id="CertChecker.Authenticate">func (*CertChecker) Authenticate</h4>
<pre class="chroma"><span class="kd">func</span> <span class="p">(</span><span class="nx">c</span> <span class="o">*</span><a href="#CertChecker"><span class="nx">CertChecker</span></a><span class="p">)</span> <span class="nf">Authenticate</span><span class="p">(</span><span class="nx">conn</span> <a href="#ConnMetadata"><span class="nx">ConnMetadata</span></a><span class="p">,</span> <span class="nx">pubKey</span> <a href="#PublicKey"><span class="nx">PublicKey</span></a><span class="p">)</span> <span class="p">(</span><span class="o">*</span><a href="#Permissions"><span class="nx">Permissions</span></a><span class="p">,</span> <a href="https://pkg.go.dev/builtin#error"><span class="kt">error</span></a><span class="p">)</span></pre>
<p>Authenticate checks a user certificate. Authenticate can be used as
a value for Server.PublicKeyCallback.
<h4 id="CertChecker.CheckCert">func (*CertChecker) CheckCert</h4>
<pre class="chroma"><span class="kd">func</span> <span class="p">(</span><span class="nx">c</span> <span class="o">*</span><a href="#CertChecker"><span class="nx">CertChecker</span></a><span class="p">)</span> <span class="nf">CheckCert</span><span class="p">(</span><span class="nx">principal</span> <a href="https://pkg.go.dev/builtin#string"><span class="kt">string</span></a><span class="p">,</span> <span class="nx">cert</span> <span class="o">*</span><a href="#Certificate"><span class="nx">Certificate</span></a><span class="p">)</span> <a href="https://pkg.go.dev/builtin#error"><span class="kt">error</span></a></pre>
<p>CheckCert checks CriticalOptions, ValidPrincipals, revocation, timestamp and
the signature of the certificate.
<h4 id="CertChecker.CheckHostKey">func (*CertChecker) CheckHostKey</h4>
<pre class="chroma"><span class="kd">func</span> <span class="p">(</span><span class="nx">c</span> <span class="o">*</span><a href="#CertChecker"><span class="nx">CertChecker</span></a><span class="p">)</span> <span class="nf">CheckHostKey</span><span class="p">(</span><span class="nx">addr</span> <a href="https://pkg.go.dev/builtin#string"><span class="kt">string</span></a><span class="p">,</span> <span class="nx">remote</span> <a href="https://pkg.go.dev/net"><span class="nx">net</span></a><span class="p">.</span><a href="https://pkg.go.dev/net#Addr"><span class="nx">Addr</span></a><span class="p">,</span> <span class="nx">key</span> <a href="#PublicKey"><span class="nx">PublicKey</span></a><span class="p">)</span> <a href="https://pkg.go.dev/builtin#error"><span class="kt">error</span></a></pre>
<p>CheckHostKey checks a host key certificate. This method can be
plugged into ClientConfig.HostKeyCallback.
<h3 id="Certificate">type Certificate</h3>
<pre class="chroma"><span class="kd">type</span> <span class="nx">Certificate</span> <span class="kd">struct</span> <span class="p">{</span>
<span id="Certificate.Nonce"><span class="nx">Nonce</span></span> <span class="p">[]</span><a href="https://pkg.go.dev/builtin#byte"><span class="kt">byte</span></a>
<span id="Certificate.Key"><span class="nx">Key</span></span> <a href="#PublicKey"><span class="nx">PublicKey</span></a>
<span id="Certificate.Serial"><span class="nx">Serial</span></span> <a href="https://pkg.go.dev/builtin#uint64"><span class="kt">uint64</span></a>
<span id="Certificate.CertType"><span class="nx">CertType</span></span> <a href="https://pkg.go.dev/builtin#uint32"><span class="kt">uint32</span></a>
<span id="Certificate.KeyId"><span class="nx">KeyId</span></span> <a href="https://pkg.go.dev/builtin#string"><span class="kt">string</span></a>
<span id="Certificate.ValidPrincipals"><span class="nx">ValidPrincipals</span></span> <span class="p">[]</span><a href="https://pkg.go.dev/builtin#string"><span class="kt">string</span></a>
<span id="Certificate.ValidAfter"><span class="nx">ValidAfter</span></span> <a href="https://pkg.go.dev/builtin#uint64"><span class="kt">uint64</span></a>
<span id="Certificate.ValidBefore"><span class="nx">ValidBefore</span></span> <a href="https://pkg.go.dev/builtin#uint64"><span class="kt">uint64</span></a>
<a href="#Permissions"><span class="nx">Permissions</span></a>
<span id="Certificate.Reserved"><span class="nx">Reserved</span></span> <span class="p">[]</span><a href="https://pkg.go.dev/builtin#byte"><span class="kt">byte</span></a>
<span id="Certificate.SignatureKey"><span class="nx">SignatureKey</span></span> <a href="#PublicKey"><span class="nx">PublicKey</span></a>
<span id="Certificate.Signature"><span class="nx">Signature</span></span> <span class="o">*</span><a href="#Signature"><span class="nx">Signature</span></a>
<span class="p">}</span></pre>
<p>An Certificate represents an OpenSSH certificate as defined in
[PROTOCOL.certkeys]?rev=1.8. The Certificate type implements the
PublicKey interface, so it can be unmarshaled using
ParsePublicKey.
<h4 id="Certificate.Marshal">func (*Certificate) Marshal</h4>
<pre class="chroma"><span class="kd">func</span> <span class="p">(</span><span class="nx">c</span> <span class="o">*</span><a href="#Certificate"><span class="nx">Certificate</span></a><span class="p">)</span> <span class="nf">Marshal</span><span class="p">()</span> <span class="p">[]</span><a href="https://pkg.go.dev/builtin#byte"><span class="kt">byte</span></a></pre>
<p>Marshal serializes c into OpenSSH&apos;s wire format. It is part of the
PublicKey interface.
<h4 id="Certificate.SignCert">func (*Certificate) SignCert</h4>
<pre class="chroma"><span class="kd">func</span> <span class="p">(</span><span class="nx">c</span> <span class="o">*</span><a href="#Certificate"><span class="nx">Certificate</span></a><span class="p">)</span> <span class="nf">SignCert</span><span class="p">(</span><span class="nx">rand</span> <a href="https://pkg.go.dev/io"><span class="nx">io</span></a><span class="p">.</span><a href="https://pkg.go.dev/io#Reader"><span class="nx">Reader</span></a><span class="p">,</span> <span class="nx">authority</span> <a href="#Signer"><span class="nx">Signer</span></a><span class="p">)</span> <a href="https://pkg.go.dev/builtin#error"><span class="kt">error</span></a></pre>
<p>SignCert signs the certificate with an authority, setting the Nonce,
SignatureKey, and Signature fields. If the authority implements the
MultiAlgorithmSigner interface the first algorithm in the list is used. This
is useful if you want to sign with a specific algorithm.
<details id="example-Certificate.SignCert" class="example">
<summary>Example</summary>
<pre class="chroma"><span class="kn">package</span> <span class="nx">main</span>
<span class="kn">import</span> <span class="p">(</span>
<span class="s">&#34;crypto/rand&#34;</span>
<span class="s">&#34;crypto/rsa&#34;</span>
<span class="s">&#34;fmt&#34;</span>
<span class="s">&#34;log&#34;</span>
<span class="s">&#34;golang.org/x/crypto/ssh&#34;</span>
<span class="p">)</span>
<span class="kd">func</span> <span class="nf">main</span><span class="p">()</span> <span class="p">{</span>
<span class="c1">// Sign a certificate with a specific algorithm.
</span><span class="c1"></span> <span class="nx">privateKey</span><span class="p">,</span> <span class="nx">err</span> <span class="o">:=</span> <span class="nx">rsa</span><span class="p">.</span><span class="nf">GenerateKey</span><span class="p">(</span><span class="nx">rand</span><span class="p">.</span><span class="nx">Reader</span><span class="p">,</span> <span class="mi">3072</span><span class="p">)</span>
<span class="k">if</span> <span class="nx">err</span> <span class="o">!=</span> <span class="kc">nil</span> <span class="p">{</span>
<span class="nx">log</span><span class="p">.</span><span class="nf">Fatal</span><span class="p">(</span><span class="s">&#34;unable to generate RSA key: &#34;</span><span class="p">,</span> <span class="nx">err</span><span class="p">)</span>
<span class="p">}</span>
<span class="nx">publicKey</span><span class="p">,</span> <span class="nx">err</span> <span class="o">:=</span> <span class="nx">ssh</span><span class="p">.</span><span class="nf">NewPublicKey</span><span class="p">(</span><span class="o">&amp;</span><span class="nx">privateKey</span><span class="p">.</span><span class="nx">PublicKey</span><span class="p">)</span>
<span class="k">if</span> <span class="nx">err</span> <span class="o">!=</span> <span class="kc">nil</span> <span class="p">{</span>
<span class="nx">log</span><span class="p">.</span><span class="nf">Fatal</span><span class="p">(</span><span class="s">&#34;unable to get RSA public key: &#34;</span><span class="p">,</span> <span class="nx">err</span><span class="p">)</span>
<span class="p">}</span>
<span class="nx">caKey</span><span class="p">,</span> <span class="nx">err</span> <span class="o">:=</span> <span class="nx">rsa</span><span class="p">.</span><span class="nf">GenerateKey</span><span class="p">(</span><span class="nx">rand</span><span class="p">.</span><span class="nx">Reader</span><span class="p">,</span> <span class="mi">3072</span><span class="p">)</span>
<span class="k">if</span> <span class="nx">err</span> <span class="o">!=</span> <span class="kc">nil</span> <span class="p">{</span>
<span class="nx">log</span><span class="p">.</span><span class="nf">Fatal</span><span class="p">(</span><span class="s">&#34;unable to generate CA key: &#34;</span><span class="p">,</span> <span class="nx">err</span><span class="p">)</span>
<span class="p">}</span>
<span class="nx">signer</span><span class="p">,</span> <span class="nx">err</span> <span class="o">:=</span> <span class="nx">ssh</span><span class="p">.</span><span class="nf">NewSigner</span><span class="p">(</span><span class="nx">caKey</span><span class="p">)</span>
<span class="k">if</span> <span class="nx">err</span> <span class="o">!=</span> <span class="kc">nil</span> <span class="p">{</span>
<span class="nx">log</span><span class="p">.</span><span class="nf">Fatal</span><span class="p">(</span><span class="s">&#34;unable to generate signer from key: &#34;</span><span class="p">,</span> <span class="nx">err</span><span class="p">)</span>
<span class="p">}</span>
<span class="nx">mas</span><span class="p">,</span> <span class="nx">err</span> <span class="o">:=</span> <span class="nx">ssh</span><span class="p">.</span><span class="nf">NewSignerWithAlgorithms</span><span class="p">(</span><span class="nx">signer</span><span class="p">,</span> <span class="p">[]</span><span class="kt">string</span><span class="p">{</span><span class="nx">ssh</span><span class="p">.</span><span class="nx">KeyAlgoRSASHA256</span><span class="p">})</span>
<span class="k">if</span> <span class="nx">err</span> <span class="o">!=</span> <span class="kc">nil</span> <span class="p">{</span>
<span class="nx">log</span><span class="p">.</span><span class="nf">Fatal</span><span class="p">(</span><span class="s">&#34;unable to create signer with algorithms: &#34;</span><span class="p">,</span> <span class="nx">err</span><span class="p">)</span>
<span class="p">}</span>
<span class="nx">certificate</span> <span class="o">:=</span> <span class="nx">ssh</span><span class="p">.</span><span class="nx">Certificate</span><span class="p">{</span>
<span class="nx">Key</span><span class="p">:</span> <span class="nx">publicKey</span><span class="p">,</span>
<span class="nx">CertType</span><span class="p">:</span> <span class="nx">ssh</span><span class="p">.</span><span class="nx">UserCert</span><span class="p">,</span>
<span class="p">}</span>
<span class="k">if</span> <span class="nx">err</span> <span class="o">:=</span> <span class="nx">certificate</span><span class="p">.</span><span class="nf">SignCert</span><span class="p">(</span><span class="nx">rand</span><span class="p">.</span><span class="nx">Reader</span><span class="p">,</span> <span class="nx">mas</span><span class="p">);</span> <span class="nx">err</span> <span class="o">!=</span> <span class="kc">nil</span> <span class="p">{</span>
<span class="nx">log</span><span class="p">.</span><span class="nf">Fatal</span><span class="p">(</span><span class="s">&#34;unable to sign certificate: &#34;</span><span class="p">,</span> <span class="nx">err</span><span class="p">)</span>
<span class="p">}</span>
<span class="c1">// Save the public key to a file and check that rsa-sha-256 is used for
</span><span class="c1"></span> <span class="c1">// signing:
</span><span class="c1"></span> <span class="c1">// ssh-keygen -L -f &lt;path to the file&gt;
</span><span class="c1"></span> <span class="nx">fmt</span><span class="p">.</span><span class="nf">Println</span><span class="p">(</span><span class="nb">string</span><span class="p">(</span><span class="nx">ssh</span><span class="p">.</span><span class="nf">MarshalAuthorizedKey</span><span class="p">(</span><span class="o">&amp;</span><span class="nx">certificate</span><span class="p">)))</span>
<span class="p">}</span></pre>
</details>
<h4 id="Certificate.Type">func (*Certificate) Type</h4>
<pre class="chroma"><span class="kd">func</span> <span class="p">(</span><span class="nx">c</span> <span class="o">*</span><a href="#Certificate"><span class="nx">Certificate</span></a><span class="p">)</span> <span class="nf">Type</span><span class="p">()</span> <a href="https://pkg.go.dev/builtin#string"><span class="kt">string</span></a></pre>
<p>Type returns the certificate algorithm name. It is part of the PublicKey interface.
<h4 id="Certificate.Verify">func (*Certificate) Verify</h4>
<pre class="chroma"><span class="kd">func</span> <span class="p">(</span><span class="nx">c</span> <span class="o">*</span><a href="#Certificate"><span class="nx">Certificate</span></a><span class="p">)</span> <span class="nf">Verify</span><span class="p">(</span><span class="nx">data</span> <span class="p">[]</span><a href="https://pkg.go.dev/builtin#byte"><span class="kt">byte</span></a><span class="p">,</span> <span class="nx">sig</span> <span class="o">*</span><a href="#Signature"><span class="nx">Signature</span></a><span class="p">)</span> <a href="https://pkg.go.dev/builtin#error"><span class="kt">error</span></a></pre>
<p>Verify verifies a signature against the certificate&apos;s public
key. It is part of the PublicKey interface.
<h3 id="Channel">type Channel</h3>
<pre class="chroma"><span class="kd">type</span> <span class="nx">Channel</span> <span class="kd">struct</span> <span class="p">{</span>
<span class="c1">// contains filtered or unexported fields
</span><span class="c1"></span><span class="p">}</span></pre>
<p>A Channel is an ordered, reliable, flow-controlled, duplex stream
that is multiplexed over an SSH connection.
<h4 id="Channel.Close">func (*Channel) Close</h4>
<pre class="chroma"><span class="kd">func</span> <span class="p">(</span><span class="nx">c</span> <span class="o">*</span><a href="#Channel"><span class="nx">Channel</span></a><span class="p">)</span> <span class="nf">Close</span><span class="p">()</span> <a href="https://pkg.go.dev/builtin#error"><span class="kt">error</span></a></pre>
<p>Close signals end of channel use. No data may be sent after this call.
<h4 id="Channel.CloseWrite">func (*Channel) CloseWrite</h4>
<pre class="chroma"><span class="kd">func</span> <span class="p">(</span><span class="nx">c</span> <span class="o">*</span><a href="#Channel"><span class="nx">Channel</span></a><span class="p">)</span> <span class="nf">CloseWrite</span><span class="p">()</span> <a href="https://pkg.go.dev/builtin#error"><span class="kt">error</span></a></pre>
<p>CloseWrite signals the end of sending in-band data. Requests may still be
sent, and the other side may still send data.
<h4 id="Channel.Handle">func (*Channel) Handle</h4>
<pre class="chroma"><span class="kd">func</span> <span class="p">(</span><span class="nx">c</span> <span class="o">*</span><a href="#Channel"><span class="nx">Channel</span></a><span class="p">)</span> <span class="nf">Handle</span><span class="p">(</span><span class="nx">handler</span> <a href="#RequestHandler"><span class="nx">RequestHandler</span></a><span class="p">)</span> <a href="https://pkg.go.dev/builtin#error"><span class="kt">error</span></a></pre>
<p>Handle must be called to handle channel&apos;s requests. Handle blocks. If
requestHandler is nil, requests will be discarded.
<h4 id="Channel.Read">func (*Channel) Read</h4>
<pre class="chroma"><span class="kd">func</span> <span class="p">(</span><span class="nx">c</span> <span class="o">*</span><a href="#Channel"><span class="nx">Channel</span></a><span class="p">)</span> <span class="nf">Read</span><span class="p">(</span><span class="nx">data</span> <span class="p">[]</span><a href="https://pkg.go.dev/builtin#byte"><span class="kt">byte</span></a><span class="p">)</span> <span class="p">(</span><a href="https://pkg.go.dev/builtin#int"><span class="kt">int</span></a><span class="p">,</span> <a href="https://pkg.go.dev/builtin#error"><span class="kt">error</span></a><span class="p">)</span></pre>
<p>Read reads up to len(data) bytes from the channel.
<h4 id="Channel.SendRequest">func (*Channel) SendRequest</h4>
<pre class="chroma"><span class="kd">func</span> <span class="p">(</span><span class="nx">c</span> <span class="o">*</span><a href="#Channel"><span class="nx">Channel</span></a><span class="p">)</span> <span class="nf">SendRequest</span><span class="p">(</span><span class="nx">name</span> <a href="https://pkg.go.dev/builtin#string"><span class="kt">string</span></a><span class="p">,</span> <span class="nx">wantReply</span> <a href="https://pkg.go.dev/builtin#bool"><span class="kt">bool</span></a><span class="p">,</span> <span class="nx">payload</span> <span class="p">[]</span><a href="https://pkg.go.dev/builtin#byte"><span class="kt">byte</span></a><span class="p">)</span> <span class="p">(</span><a href="https://pkg.go.dev/builtin#bool"><span class="kt">bool</span></a><span class="p">,</span> <a href="https://pkg.go.dev/builtin#error"><span class="kt">error</span></a><span class="p">)</span></pre>
<p>SendRequest sends a channel request. If wantReply is true, it will wait for a
reply and return the result as a boolean, otherwise the return value will be
false. Channel requests are out-of-band messages so they may be sent even if
the data stream is closed or blocked by flow control. If the channel is
closed before a reply is returned, io.EOF is returned.
<h4 id="Channel.SetDeadline">func (*Channel) SetDeadline</h4>
<pre class="chroma"><span class="kd">func</span> <span class="p">(</span><span class="nx">c</span> <span class="o">*</span><a href="#Channel"><span class="nx">Channel</span></a><span class="p">)</span> <span class="nf">SetDeadline</span><span class="p">(</span><span class="nx">deadline</span> <a href="https://pkg.go.dev/time"><span class="nx">time</span></a><span class="p">.</span><a href="https://pkg.go.dev/time#Time"><span class="nx">Time</span></a><span class="p">)</span> <a href="https://pkg.go.dev/builtin#error"><span class="kt">error</span></a></pre>
<p>SetDeadline sets the read and write deadlines associated with the
channel. It is equivalent to calling both SetReadDeadline and
SetWriteDeadline. Deadlines errors are not fatal, the Channel can be used
again after resetting the deadlines.
<h4 id="Channel.SetReadDeadline">func (*Channel) SetReadDeadline</h4>
<pre class="chroma"><span class="kd">func</span> <span class="p">(</span><span class="nx">c</span> <span class="o">*</span><a href="#Channel"><span class="nx">Channel</span></a><span class="p">)</span> <span class="nf">SetReadDeadline</span><span class="p">(</span><span class="nx">deadline</span> <a href="https://pkg.go.dev/time"><span class="nx">time</span></a><span class="p">.</span><a href="https://pkg.go.dev/time#Time"><span class="nx">Time</span></a><span class="p">)</span> <a href="https://pkg.go.dev/builtin#error"><span class="kt">error</span></a></pre>
<p>SetReadDeadline sets the deadline for future Read calls and unblock Read
calls waiting for data. A zero value for t means Read will not time out.
<h4 id="Channel.SetWriteDeadline">func (*Channel) SetWriteDeadline</h4>
<pre class="chroma"><span class="kd">func</span> <span class="p">(</span><span class="nx">c</span> <span class="o">*</span><a href="#Channel"><span class="nx">Channel</span></a><span class="p">)</span> <span class="nf">SetWriteDeadline</span><span class="p">(</span><span class="nx">deadline</span> <a href="https://pkg.go.dev/time"><span class="nx">time</span></a><span class="p">.</span><a href="https://pkg.go.dev/time#Time"><span class="nx">Time</span></a><span class="p">)</span> <a href="https://pkg.go.dev/builtin#error"><span class="kt">error</span></a></pre>
<p>SetWriteDeadline sets the deadline for future Write calls and unblock
Write calls waiting for window capacity. A zero value for t means Write
will not time out.
<h4 id="Channel.Stderr">func (*Channel) Stderr</h4>
<pre class="chroma"><span class="kd">func</span> <span class="p">(</span><span class="nx">c</span> <span class="o">*</span><a href="#Channel"><span class="nx">Channel</span></a><span class="p">)</span> <span class="nf">Stderr</span><span class="p">()</span> <a href="https://pkg.go.dev/io"><span class="nx">io</span></a><span class="p">.</span><a href="https://pkg.go.dev/io#ReadWriter"><span class="nx">ReadWriter</span></a></pre>
<p>Stderr returns an io.ReadWriter that writes to this channel with the extended
data type set to stderr. Stderr may safely be read and written from a
different goroutine than Read and Write respectively.
<h4 id="Channel.Write">func (*Channel) Write</h4>
<pre class="chroma"><span class="kd">func</span> <span class="p">(</span><span class="nx">c</span> <span class="o">*</span><a href="#Channel"><span class="nx">Channel</span></a><span class="p">)</span> <span class="nf">Write</span><span class="p">(</span><span class="nx">data</span> <span class="p">[]</span><a href="https://pkg.go.dev/builtin#byte"><span class="kt">byte</span></a><span class="p">)</span> <span class="p">(</span><a href="https://pkg.go.dev/builtin#int"><span class="kt">int</span></a><span class="p">,</span> <a href="https://pkg.go.dev/builtin#error"><span class="kt">error</span></a><span class="p">)</span></pre>
<p>Write writes len(data) bytes to the channel.
<h3 id="ChannelHandler">type ChannelHandler</h3>
<pre class="chroma"><span class="kd">type</span> <span class="nx">ChannelHandler</span> <span class="kd">interface</span> <span class="p">{</span>
<span id="ChannelHandler.NewChannel"><span class="nf">NewChannel</span></span><span class="p">(</span><span class="nx">ch</span> <span class="o">*</span><a href="#NewChannel"><span class="nx">NewChannel</span></a><span class="p">)</span>
<span class="p">}</span></pre>
<p>ChannelHandler defines the interface to handle new channel requests.
<h3 id="ChannelHandlerFunc">type ChannelHandlerFunc</h3>
<pre class="chroma"><span class="kd">type</span> <span class="nx">ChannelHandlerFunc</span> <span class="kd">func</span><span class="p">(</span><span class="nx">ch</span> <span class="o">*</span><a href="#NewChannel"><span class="nx">NewChannel</span></a><span class="p">)</span></pre>
<p>ChannelHandlerFunc is an adapter to allow the use of ordinary function as
<a href="#ChannelHandler">ChannelHandler</a>. If f is a function with the appropriate signature,
ChannelHandlerFunc(f) is a <a href="#ChannelHandler">ChannelHandler</a> that calls f.
<h4 id="ChannelHandlerFunc.NewChannel">func (ChannelHandlerFunc) NewChannel</h4>
<pre class="chroma"><span class="kd">func</span> <span class="p">(</span><span class="nx">f</span> <a href="#ChannelHandlerFunc"><span class="nx">ChannelHandlerFunc</span></a><span class="p">)</span> <span class="nf">NewChannel</span><span class="p">(</span><span class="nx">ch</span> <span class="o">*</span><a href="#NewChannel"><span class="nx">NewChannel</span></a><span class="p">)</span></pre>
<p>NewChannel calls f(ch).
<h3 id="Client">type Client</h3>
<pre class="chroma"><span class="kd">type</span> <span class="nx">Client</span> <span class="kd">struct</span> <span class="p">{</span>
<span class="c1">// contains filtered or unexported fields
</span><span class="c1"></span><span class="p">}</span></pre>
<p>Client implements a traditional SSH client that supports shells,
subprocesses, TCP port/streamlocal forwarding and tunneled dialing.
<h4 id="Dial">func Dial</h4>
<pre class="chroma"><span class="kd">func</span> <span class="nf">Dial</span><span class="p">(</span><span class="nx">ctx</span> <a href="https://pkg.go.dev/context"><span class="nx">context</span></a><span class="p">.</span><a href="https://pkg.go.dev/context#Context"><span class="nx">Context</span></a><span class="p">,</span> <span class="nx">network</span><span class="p">,</span> <span class="nx">addr</span> <a href="https://pkg.go.dev/builtin#string"><span class="kt">string</span></a><span class="p">,</span> <span class="nx">config</span> <span class="o">*</span><a href="#ClientConfig"><span class="nx">ClientConfig</span></a><span class="p">)</span> <span class="p">(</span><span class="o">*</span><a href="#Client"><span class="nx">Client</span></a><span class="p">,</span> <a href="https://pkg.go.dev/builtin#error"><span class="kt">error</span></a><span class="p">)</span></pre>
<p>Dial starts a client connection to the given SSH server. It is a
convenience function that connects to the given network address,
initiates the SSH handshake, and then sets up a Client. For access
to incoming channels and requests, use net.Dial with NewClientConn
instead.
<details id="example-Dial" class="example">
<summary>Example</summary>
<pre class="chroma"><span class="kn">package</span> <span class="nx">main</span>
<span class="kn">import</span> <span class="p">(</span>
<span class="s">&#34;bytes&#34;</span>
<span class="s">&#34;context&#34;</span>
<span class="s">&#34;fmt&#34;</span>
<span class="s">&#34;log&#34;</span>
<span class="s">&#34;time&#34;</span>
<span class="s">&#34;golang.org/x/crypto/ssh&#34;</span>
<span class="p">)</span>
<span class="kd">func</span> <span class="nf">main</span><span class="p">()</span> <span class="p">{</span>
<span class="kd">var</span> <span class="nx">hostKey</span> <span class="nx">ssh</span><span class="p">.</span><span class="nx">PublicKey</span>
<span class="c1">// An SSH client is represented with a ClientConn.
</span><span class="c1"></span> <span class="c1">//
</span><span class="c1"></span> <span class="c1">// To authenticate with the remote server you must pass at least one
</span><span class="c1"></span> <span class="c1">// implementation of AuthMethod via the Auth field in ClientConfig,
</span><span class="c1"></span> <span class="c1">// and provide a HostKeyCallback.
</span><span class="c1"></span> <span class="nx">config</span> <span class="o">:=</span> <span class="o">&amp;</span><span class="nx">ssh</span><span class="p">.</span><span class="nx">ClientConfig</span><span class="p">{</span>
<span class="nx">User</span><span class="p">:</span> <span class="s">&#34;username&#34;</span><span class="p">,</span>
<span class="nx">Auth</span><span class="p">:</span> <span class="p">[]</span><span class="nx">ssh</span><span class="p">.</span><span class="nx">AuthMethod</span><span class="p">{</span>
<span class="nx">ssh</span><span class="p">.</span><span class="nf">Password</span><span class="p">(</span><span class="s">&#34;yourpassword&#34;</span><span class="p">),</span>
<span class="p">},</span>
<span class="nx">HostKey</span><span class="p">:</span> <span class="nx">ssh</span><span class="p">.</span><span class="nf">FixedHostKey</span><span class="p">(</span><span class="nx">hostKey</span><span class="p">),</span>
<span class="p">}</span>
<span class="c1">// Allow at most 10 seconds to complete the handshake and create the Client.
</span><span class="c1"></span> <span class="nx">ctx</span><span class="p">,</span> <span class="nx">cancel</span> <span class="o">:=</span> <span class="nx">context</span><span class="p">.</span><span class="nf">WithTimeout</span><span class="p">(</span><span class="nx">context</span><span class="p">.</span><span class="nf">Background</span><span class="p">(),</span> <span class="mi">10</span><span class="o">*</span><span class="nx">time</span><span class="p">.</span><span class="nx">Second</span><span class="p">)</span>
<span class="k">defer</span> <span class="nf">cancel</span><span class="p">()</span>
<span class="nx">client</span><span class="p">,</span> <span class="nx">err</span> <span class="o">:=</span> <span class="nx">ssh</span><span class="p">.</span><span class="nf">Dial</span><span class="p">(</span><span class="nx">ctx</span><span class="p">,</span> <span class="s">&#34;tcp&#34;</span><span class="p">,</span> <span class="s">&#34;yourserver.com:22&#34;</span><span class="p">,</span> <span class="nx">config</span><span class="p">)</span>
<span class="k">if</span> <span class="nx">err</span> <span class="o">!=</span> <span class="kc">nil</span> <span class="p">{</span>
<span class="nx">log</span><span class="p">.</span><span class="nf">Fatal</span><span class="p">(</span><span class="s">&#34;Failed to dial: &#34;</span><span class="p">,</span> <span class="nx">err</span><span class="p">)</span>
<span class="p">}</span>
<span class="k">defer</span> <span class="nx">client</span><span class="p">.</span><span class="nf">Close</span><span class="p">()</span>
<span class="c1">// Each ClientConn can support multiple interactive sessions,
</span><span class="c1"></span> <span class="c1">// represented by a Session.
</span><span class="c1"></span> <span class="nx">session</span><span class="p">,</span> <span class="nx">err</span> <span class="o">:=</span> <span class="nx">client</span><span class="p">.</span><span class="nf">NewSession</span><span class="p">()</span>
<span class="k">if</span> <span class="nx">err</span> <span class="o">!=</span> <span class="kc">nil</span> <span class="p">{</span>
<span class="nx">log</span><span class="p">.</span><span class="nf">Fatal</span><span class="p">(</span><span class="s">&#34;Failed to create session: &#34;</span><span class="p">,</span> <span class="nx">err</span><span class="p">)</span>
<span class="p">}</span>
<span class="k">defer</span> <span class="nx">session</span><span class="p">.</span><span class="nf">Close</span><span class="p">()</span>
<span class="c1">// Once a Session is created, you can execute a single command on
</span><span class="c1"></span> <span class="c1">// the remote side using the Run method.
</span><span class="c1"></span> <span class="kd">var</span> <span class="nx">b</span> <span class="nx">bytes</span><span class="p">.</span><span class="nx">Buffer</span>
<span class="nx">session</span><span class="p">.</span><span class="nx">Stdout</span> <span class="p">=</span> <span class="o">&amp;</span><span class="nx">b</span>
<span class="k">if</span> <span class="nx">err</span> <span class="o">:=</span> <span class="nx">session</span><span class="p">.</span><span class="nf">Run</span><span class="p">(</span><span class="s">&#34;/usr/bin/whoami&#34;</span><span class="p">);</span> <span class="nx">err</span> <span class="o">!=</span> <span class="kc">nil</span> <span class="p">{</span>
<span class="nx">log</span><span class="p">.</span><span class="nf">Fatal</span><span class="p">(</span><span class="s">&#34;Failed to run: &#34;</span> <span class="o">+</span> <span class="nx">err</span><span class="p">.</span><span class="nf">Error</span><span class="p">())</span>
<span class="p">}</span>
<span class="nx">fmt</span><span class="p">.</span><span class="nf">Println</span><span class="p">(</span><span class="nx">b</span><span class="p">.</span><span class="nf">String</span><span class="p">())</span>
<span class="p">}</span></pre>
</details>
<h4 id="NewClient">func NewClient</h4>
<pre class="chroma"><span class="kd">func</span> <span class="nf">NewClient</span><span class="p">(</span><span class="nx">c</span> <span class="o">*</span><a href="#ClientConn"><span class="nx">ClientConn</span></a><span class="p">)</span> <span class="o">*</span><a href="#Client"><span class="nx">Client</span></a></pre>
<p>NewClient creates a Client on top of the given connection.
<h4 id="Client.Close">func (Client) Close</h4>
<pre class="chroma"><span class="kd">func</span> <span class="p">(</span><span class="nx">c</span> <span class="nx">Client</span><span class="p">)</span> <span class="nf">Close</span><span class="p">()</span> <a href="https://pkg.go.dev/builtin#error"><span class="kt">error</span></a></pre>
<h4 id="Client.Dial">func (*Client) Dial</h4>
<pre class="chroma"><span class="kd">func</span> <span class="p">(</span><span class="nx">c</span> <span class="o">*</span><a href="#Client"><span class="nx">Client</span></a><span class="p">)</span> <span class="nf">Dial</span><span class="p">(</span><span class="nx">ctx</span> <a href="https://pkg.go.dev/context"><span class="nx">context</span></a><span class="p">.</span><a href="https://pkg.go.dev/context#Context"><span class="nx">Context</span></a><span class="p">,</span> <span class="nx">n</span><span class="p">,</span> <span class="nx">addr</span> <a href="https://pkg.go.dev/builtin#string"><span class="kt">string</span></a><span class="p">)</span> <span class="p">(</span><a href="https://pkg.go.dev/net"><span class="nx">net</span></a><span class="p">.</span><a href="https://pkg.go.dev/net#Conn"><span class="nx">Conn</span></a><span class="p">,</span> <a href="https://pkg.go.dev/builtin#error"><span class="kt">error</span></a><span class="p">)</span></pre>
<p>Dial initiates a connection to the addr from the remote host.
The resulting connection has a zero LocalAddr() and RemoteAddr().
<h4 id="Client.DialTCP">func (*Client) DialTCP</h4>
<pre class="chroma"><span class="kd">func</span> <span class="p">(</span><span class="nx">c</span> <span class="o">*</span><a href="#Client"><span class="nx">Client</span></a><span class="p">)</span> <span class="nf">DialTCP</span><span class="p">(</span><span class="nx">ctx</span> <a href="https://pkg.go.dev/context"><span class="nx">context</span></a><span class="p">.</span><a href="https://pkg.go.dev/context#Context"><span class="nx">Context</span></a><span class="p">,</span> <span class="nx">n</span> <a href="https://pkg.go.dev/builtin#string"><span class="kt">string</span></a><span class="p">,</span> <span class="nx">laddr</span><span class="p">,</span> <span class="nx">raddr</span> <span class="o">*</span><a href="https://pkg.go.dev/net"><span class="nx">net</span></a><span class="p">.</span><a href="https://pkg.go.dev/net#TCPAddr"><span class="nx">TCPAddr</span></a><span class="p">)</span> <span class="p">(</span><a href="https://pkg.go.dev/net"><span class="nx">net</span></a><span class="p">.</span><a href="https://pkg.go.dev/net#Conn"><span class="nx">Conn</span></a><span class="p">,</span> <a href="https://pkg.go.dev/builtin#error"><span class="kt">error</span></a><span class="p">)</span></pre>
<p>DialTCP connects to the remote address raddr on the network net,
which must be &quot;tcp&quot;, &quot;tcp4&quot;, or &quot;tcp6&quot;. If laddr is not nil, it is used
as the local address for the connection.
<h4 id="Client.HandleChannelOpen">func (*Client) HandleChannelOpen</h4>
<pre class="chroma"><span class="kd">func</span> <span class="p">(</span><span class="nx">c</span> <span class="o">*</span><a href="#Client"><span class="nx">Client</span></a><span class="p">)</span> <span class="nf">HandleChannelOpen</span><span class="p">(</span><span class="nx">channelType</span> <a href="https://pkg.go.dev/builtin#string"><span class="kt">string</span></a><span class="p">,</span> <span class="nx">handler</span> <a href="#ChannelHandler"><span class="nx">ChannelHandler</span></a><span class="p">)</span> <a href="https://pkg.go.dev/builtin#error"><span class="kt">error</span></a></pre>
<p>HandleChannelOpen allows to define a <a href="#ChannelHandler">ChannelHandler</a> for the specified
channel type. An error is returned if an handler for the specified type is
already registered.
<h4 id="Client.Listen">func (*Client) Listen</h4>
<pre class="chroma"><span class="kd">func</span> <span class="p">(</span><span class="nx">c</span> <span class="o">*</span><a href="#Client"><span class="nx">Client</span></a><span class="p">)</span> <span class="nf">Listen</span><span class="p">(</span><span class="nx">n</span><span class="p">,</span> <span class="nx">addr</span> <a href="https://pkg.go.dev/builtin#string"><span class="kt">string</span></a><span class="p">)</span> <span class="p">(</span><a href="https://pkg.go.dev/net"><span class="nx">net</span></a><span class="p">.</span><a href="https://pkg.go.dev/net#Listener"><span class="nx">Listener</span></a><span class="p">,</span> <a href="https://pkg.go.dev/builtin#error"><span class="kt">error</span></a><span class="p">)</span></pre>
<p>Listen requests the remote peer open a listening socket on
addr. Incoming connections will be available by calling Accept on
the returned net.Listener. The listener must be serviced, or the
SSH connection may hang.
N must be &quot;tcp&quot;, &quot;tcp4&quot;, &quot;tcp6&quot;, or &quot;unix&quot;.
<details id="example-Client.Listen" class="example">
<summary>Example</summary>
<pre class="chroma"><span class="kn">package</span> <span class="nx">main</span>
<span class="kn">import</span> <span class="p">(</span>
<span class="s">&#34;context&#34;</span>
<span class="s">&#34;fmt&#34;</span>
<span class="s">&#34;log&#34;</span>
<span class="s">&#34;net/http&#34;</span>
<span class="s">&#34;golang.org/x/crypto/ssh&#34;</span>
<span class="p">)</span>
<span class="kd">func</span> <span class="nf">main</span><span class="p">()</span> <span class="p">{</span>
<span class="kd">var</span> <span class="nx">hostKey</span> <span class="nx">ssh</span><span class="p">.</span><span class="nx">PublicKey</span>
<span class="nx">config</span> <span class="o">:=</span> <span class="o">&amp;</span><span class="nx">ssh</span><span class="p">.</span><span class="nx">ClientConfig</span><span class="p">{</span>
<span class="nx">User</span><span class="p">:</span> <span class="s">&#34;username&#34;</span><span class="p">,</span>
<span class="nx">Auth</span><span class="p">:</span> <span class="p">[]</span><span class="nx">ssh</span><span class="p">.</span><span class="nx">AuthMethod</span><span class="p">{</span>
<span class="nx">ssh</span><span class="p">.</span><span class="nf">Password</span><span class="p">(</span><span class="s">&#34;password&#34;</span><span class="p">),</span>
<span class="p">},</span>
<span class="nx">HostKey</span><span class="p">:</span> <span class="nx">ssh</span><span class="p">.</span><span class="nf">FixedHostKey</span><span class="p">(</span><span class="nx">hostKey</span><span class="p">),</span>
<span class="p">}</span>
<span class="c1">// Dial your ssh server.
</span><span class="c1"></span> <span class="nx">conn</span><span class="p">,</span> <span class="nx">err</span> <span class="o">:=</span> <span class="nx">ssh</span><span class="p">.</span><span class="nf">Dial</span><span class="p">(</span><span class="nx">context</span><span class="p">.</span><span class="nf">Background</span><span class="p">(),</span> <span class="s">&#34;tcp&#34;</span><span class="p">,</span> <span class="s">&#34;localhost:22&#34;</span><span class="p">,</span> <span class="nx">config</span><span class="p">)</span>
<span class="k">if</span> <span class="nx">err</span> <span class="o">!=</span> <span class="kc">nil</span> <span class="p">{</span>
<span class="nx">log</span><span class="p">.</span><span class="nf">Fatal</span><span class="p">(</span><span class="s">&#34;unable to connect: &#34;</span><span class="p">,</span> <span class="nx">err</span><span class="p">)</span>
<span class="p">}</span>
<span class="k">defer</span> <span class="nx">conn</span><span class="p">.</span><span class="nf">Close</span><span class="p">()</span>
<span class="c1">// Request the remote side to open port 8080 on all interfaces.
</span><span class="c1"></span> <span class="nx">l</span><span class="p">,</span> <span class="nx">err</span> <span class="o">:=</span> <span class="nx">conn</span><span class="p">.</span><span class="nf">Listen</span><span class="p">(</span><span class="s">&#34;tcp&#34;</span><span class="p">,</span> <span class="s">&#34;0.0.0.0:8080&#34;</span><span class="p">)</span>
<span class="k">if</span> <span class="nx">err</span> <span class="o">!=</span> <span class="kc">nil</span> <span class="p">{</span>
<span class="nx">log</span><span class="p">.</span><span class="nf">Fatal</span><span class="p">(</span><span class="s">&#34;unable to register tcp forward: &#34;</span><span class="p">,</span> <span class="nx">err</span><span class="p">)</span>
<span class="p">}</span>
<span class="k">defer</span> <span class="nx">l</span><span class="p">.</span><span class="nf">Close</span><span class="p">()</span>
<span class="c1">// Serve HTTP with your SSH server acting as a reverse proxy.
</span><span class="c1"></span> <span class="nx">http</span><span class="p">.</span><span class="nf">Serve</span><span class="p">(</span><span class="nx">l</span><span class="p">,</span> <span class="nx">http</span><span class="p">.</span><span class="nf">HandlerFunc</span><span class="p">(</span><span class="kd">func</span><span class="p">(</span><span class="nx">resp</span> <span class="nx">http</span><span class="p">.</span><span class="nx">ResponseWriter</span><span class="p">,</span> <span class="nx">req</span> <span class="o">*</span><span class="nx">http</span><span class="p">.</span><span class="nx">Request</span><span class="p">)</span> <span class="p">{</span>
<span class="nx">fmt</span><span class="p">.</span><span class="nf">Fprintf</span><span class="p">(</span><span class="nx">resp</span><span class="p">,</span> <span class="s">&#34;Hello world!\n&#34;</span><span class="p">)</span>
<span class="p">}))</span>
<span class="p">}</span></pre>
</details>
<h4 id="Client.ListenUnix">func (*Client) ListenUnix</h4>
<pre class="chroma"><span class="kd">func</span> <span class="p">(</span><span class="nx">c</span> <span class="o">*</span><a href="#Client"><span class="nx">Client