Skip to content

[vnet] feat: write VNet SSH keys to TELEPORT_HOME #55228

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
nklaassen merged 1 commit into from
Jun 1, 2025
Merged

[vnet] feat: write VNet SSH keys to TELEPORT_HOME #55228

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
27 changes: 27 additions & 0 deletions api/utils/keypaths/keypaths.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -73,6 +73,15 @@ const (
profileFileExt = ".yaml"
// oracleWalletDirSuffix is the suffix of the oracle wallet database directory.
oracleWalletDirSuffix = "-wallet"
// VNetClientSSHKey is the file name of the SSH key used by third-party SSH
// clients to connect to VNet SSH.
VNetClientSSHKey = "id_vnet"
// VNetClientSSHKeyPub is the file name of the SSH public key matching
// VNetClientSSHKey.
VNetClientSSHKeyPub = VNetClientSSHKey + fileExtPub
// vnetKnownHosts is the file name of the known_hosts file trusted by
// third-party SSH clients connecting to VNet SSH.
vnetKnownHosts = "vnet_known_hosts"
Comment on lines +82 to +84
Copy link
Copy Markdown
Contributor

@rosstimothy rosstimothy May 30, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggestion: maybe move the constant within the VNetKnownHostsPath function if it's not intended to be consumed outside of the function?

)

// Here's the file layout of all these keypaths.
Expand All @@ -81,6 +90,9 @@ const (
// ├── one.example.com.yaml --> file containing profile details for proxy "one.example.com"
// ├── two.example.com.yaml --> file containing profile details for proxy "two.example.com"
// ├── known_hosts --> trusted certificate authorities (their keys) in a format similar to known_hosts
// ├── id_vnet --> SSH Private Key for third-party clients of VNet SSH
// ├── id_vnet.pub --> SSH Public Key for third-party clients of VNet SSH
Comment thread
espadolini marked this conversation as resolved.
// ├── vnet_known_hosts --> trusted certificate authorities (their keys) for third-party clients of VNet SSH
// └── keys --> session keys directory
// ├── one.example.com --> Proxy hostname
// │ ├── certs.pem --> TLS CA certs for the Teleport CA
Expand Down Expand Up @@ -429,6 +441,21 @@ func IdentitySSHCertPath(path string) string {
return path + fileExtSSHCert
}

// VNetClientSSHKeyPath returns the path to the VNet client SSH private key.
func VNetClientSSHKeyPath(baseDir string) string {
return filepath.Join(baseDir, VNetClientSSHKey)
}

// VNetClientSSHKeyPubPath returns the path to the VNet client SSH public key.
func VNetClientSSHKeyPubPath(baseDir string) string {
return filepath.Join(baseDir, VNetClientSSHKeyPub)
}

// VNetKnownHostsPath returns the path to the VNet known_hosts file.
func VNetKnownHostsPath(baseDir string) string {
return filepath.Join(baseDir, vnetKnownHosts)
}

// TrimKeyPathSuffix returns the given path with any key suffix/extension trimmed off.
func TrimKeyPathSuffix(path string) string {
return strings.TrimSuffix(path, fileExtTLSKey)
Expand Down
147 changes: 125 additions & 22 deletions gen/proto/go/teleport/lib/vnet/v1/client_application_service.pb.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading
Loading