Merge pull request #251 from jwessel/feat_user_udpate

feat: Allow for update or removal of the invite token
Merge pull request #256 from moul/renovate/docker-all
2021-03-26 16:11:28 +01:00 · 2021-03-26 11:46:56 +01:00 · 2021-03-12 02:24:27 +00:00 · 2021-03-09 08:51:45 -06:00 · 2021-02-28 07:46:06 +01:00 · 2021-02-28 07:44:57 +01:00
36 changed files with 904 additions and 1276 deletions
--- a/.assets/bastion.jpg
+++ b/.assets/bastion.jpg
--- a/.assets/cluster-mysql.svg
+++ b/.assets/cluster-mysql.svg
--- a/.assets/demo.gif
+++ b/.assets/demo.gif
--- a/.assets/flow-diagram.png
+++ b/.assets/flow-diagram.png
--- a/.assets/flow-diagram.svg
+++ b/.assets/flow-diagram.svg
--- a/.assets/overview.png
+++ b/.assets/overview.png
--- a/.assets/overview.svg
+++ b/.assets/overview.svg
--- a/.assets/sql-schema.svg
+++ b/.assets/sql-schema.svg
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -1,7 +1,7 @@
 defaults: &defaults
  working_directory: /go/src/moul.io/sshportal
  docker:
-    - image: circleci/golang:1.14.4
+    - image: circleci/golang:1.16.2
  environment:
    GO111MODULE: "on"

@@ -27,6 +27,7 @@ jobs:
            curl -L https://github.com/docker/compose/releases/download/1.11.4/docker-compose-`uname -s`-`uname -m` > ~/docker-compose
      - setup_remote_docker:
          docker_layer_caching: true
+          version: 18.09.3 # https://github.com/golang/go/issues/40893
      - *install_retry
      - run: /tmp/retry -m 3 docker build -t moul/sshportal .
      - run: /tmp/retry -m 3 make integration
--- a/.gitattributes
+++ b/.gitattributes
@@ -0,0 +1,17 @@
+# Auto detect text files and perform LF normalization
+* text=auto
+
+# Collapse vendored and generated files on GitHub
+AUTHORS linguist-generated
+vendor/* linguist-vendored
+rules.mk linguist-vendored
+*/vendor/* linguist-vendored
+*.gen.* linguist-generated
+*.pb.go linguist-generated
+*.pb.gw.go linguist-generated
+go.sum linguist-generated
+go.mod linguist-generated
+gen.sum linguist-generated
+
+# Reduce conflicts on markdown files
+*.md merge=union
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -0,0 +1,20 @@
+version: 2
+updates:
+- package-ecosystem: docker
+  directory: "/"
+  schedule:
+    interval: daily
+    time: "04:00"
+  open-pull-requests-limit: 10
+- package-ecosystem: github-actions
+  directory: "/"
+  schedule:
+    interval: daily
+    time: "04:00"
+  open-pull-requests-limit: 10
+- package-ecosystem: gomod
+  directory: "/"
+  schedule:
+    interval: daily
+    time: "04:00"
+  open-pull-requests-limit: 10
--- a/.github/renovate.json
+++ b/.github/renovate.json
@@ -2,5 +2,6 @@
  "extends": [
    "config:base"
  ],
-  "groupName": "all"
+  "groupName": "all",
+  "gomodTidy": true
 }
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -20,9 +20,9 @@ jobs:
    steps:
      - uses: actions/checkout@v2
      - name: lint
-        uses: golangci/golangci-lint-action@v0.1.7
+        uses: golangci/golangci-lint-action@v2.5.1
        with:
-          version: v1.26
+          version: v1.28
          github-token: ${{ secrets.GITHUB_TOKEN }}
  tests-on-windows:
    needs: golangci-lint # run after golangci-lint action to not produce duplicated errors
@@ -30,8 +30,7 @@ jobs:
    strategy:
      matrix:
        golang:
-          #- 1.13
-          - 1.14
+          - 1.15.0
    steps:
      - uses: actions/checkout@v2
      - name: Install Go
@@ -47,14 +46,14 @@ jobs:
    strategy:
      matrix:
        golang:
-          - 1.14
+          - 1.15.0
    steps:
      - uses: actions/checkout@v2
      - name: Install Go
        uses: actions/setup-go@v2
        with:
          go-version: ${{ matrix.golang }}
-      - uses: actions/cache@v1
+      - uses: actions/cache@v2.1.3
        with:
          path: ~/go/pkg/mod
          key: ${{ runner.os }}-go-${{ matrix.golang }}-${{ hashFiles('**/go.sum') }}
@@ -68,17 +67,16 @@ jobs:
    strategy:
      matrix:
        golang:
-          - 1.11
-          - 1.12
          - 1.13
          - 1.14
+          - 1.15.0
    steps:
      - uses: actions/checkout@v2
      - name: Install Go
        uses: actions/setup-go@v2
        with:
          go-version: ${{ matrix.golang }}
-      - uses: actions/cache@v1
+      - uses: actions/cache@v2.1.3
        with:
          path: ~/go/pkg/mod
          key: ${{ runner.os }}-go-${{ matrix.golang }}-${{ hashFiles('**/go.sum') }}
--- a/.gitignore
+++ b/.gitignore
@@ -7,4 +7,6 @@ dist/
 /log/
 /sshportal
 *.db
-/data
+/data
+sshportal.history
+.idea
--- a/.golangci.yml
+++ b/.golangci.yml
@@ -1,8 +1,10 @@
 run:
  deadline: 1m
  tests: false
-  #skip-files:
-  #  - ".*\\.gen\\.go"
+  skip-files:
+    - "testing.go"
+    - ".*\\.pb\\.go"
+    - ".*\\.gen\\.go"

 linters-settings:
  golint:
@@ -18,17 +20,36 @@ linters-settings:
 linters:
  disable-all: true
  enable:
-    - goconst
-    - misspell
+    - bodyclose
    - deadcode
-    - misspell
-    - structcheck
+    - depguard
+    - dogsled
+    #- dupl
    - errcheck
-    - unused
-    - varcheck
-    - staticcheck
-    - unconvert
+    #- funlen
+    - gochecknoinits
+    #- gocognit
+    - goconst
+    - gocritic
+    #- gocyclo
    - gofmt
    - goimports
    - golint
+    - gosimple
+    - govet
    - ineffassign
+    - interfacer
+    #- maligned
+    - misspell
+    - nakedret
+    - prealloc
+    - scopelint
+    - staticcheck
+    - structcheck
+    #- stylecheck
+    - typecheck
+    - unconvert
+    - unparam
+    - unused
+    - varcheck
+    - whitespace
--- a/35
+++ b/35
@@ -0,0 +1,35 @@
+# This file lists all individuals having contributed content to the repository.
+# For how it is generated, see 'https://github.com/moul/rules.mk'
+
+ahh <ahamidullah@gmail.com>
+Alen Masic <alenn.masic@gmail.com>
+Alexander Turner <me@alexturner.co>
+bozzo <bozzo@users.noreply.github.com>
+dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
+fossabot <badges@fossa.io>
+ImgBotApp <ImgBotHelp@gmail.com>
+Jean-Louis Férey <jeanlouis.ferey@orange.com>
+jerard@alfa-safety.fr <jrrdev@users.noreply.github.com>
+Jess <jessachandler@gmail.com>
+Jonathan Lestrelin <jonathan.lestrelin@gmail.com>
+Julien Dessaux <julien.dessaux@adyxax.org>
+Konstantin Bakaras <k.bakaras@voskhod.ru>
+Manfred Touron <94029+moul@users.noreply.github.com>
+Manfred Touron <m@42.am>
+Manuel <manuel.sabban@nbs-system.com>
+Manuel Sabban <manu@sabban.eu>
+Manuel Sabban <msa@nbs-system.com>
+Mathieu Pasquet <mathieu.pasquet@alterway.fr>
+Mikael Rapp <micke.rapp@gmail.com>
+MitaliBo <mitali.bisht14@gmail.com>
+moul-bot <bot@moul.io>
+Nelly Asher <karmelylle@rambler.ru>
+NocFlame <aad@nocflame.se>
+Quentin Perez <qperez42@gmail.com>
+Renovate Bot <bot@renovateapp.com>
+Sergey Yashchuk <sergey.yashchuk@coins.ph>
+Shawn Wang <shawn111@gmail.com>
+Valentin Daviot <valentin.daviot@alterway.fr>
+valentin.daviot <valentin.daviot@alterway.fr>
+welderpb <welderpb@users.noreply.github.com>
+Дмитрий Шульгачик <tech@uniplug.ru>
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,121 +1,3 @@
 # Changelog

-## master (unreleased)
-
-* No entry
-
-## v1.10.0 (2019-06-24)
-
-* Bump deps, now using github.com/gliderlabs/ssh upstream
-* Fix Windows build ([#101](https://github.com/moul/sshportal/pull/101)) by [@Raerten](https://github.com/Raerten)
-* Use environment variables for settings ([#98](https://github.com/moul/sshportal/pull/98)) by [@Raerten](https://github.com/Raerten)
-* Fix 'userkey create' ([#111](https://github.com/moul/sshportal/pull/111)) by [@shawn111](https://github.com/shawn111)
-* Set log files mode to 440 instead of 640 ([#134](https://github.com/moul/sshportal/pull/134)) by [@jle64](https://github.com/jle64)
-* Allow to create a host using an IP as name ([#135](https://github.com/moul/sshportal/pull/135)) by [@jle64](https://github.com/jle64)
-* Add username and session ID to session log filename ([#133](https://github.com/moul/sshportal/pull/133)) by [@jle64](https://github.com/jle64)
-* Unable to use encrypted SSH private keys ([#124](https://github.com/moul/sshportal/pull/124)) by [@welderpb](https://github.com/welderpb)
-* Fix format of ID in new session + closing channel if host is unreachable ([#123](https://github.com/moul/sshportal/pull/123)) by [@vdaviot](https://github.com/vdaviot)
-* Refactor the main package with a focus on splitting up into packages ([#113](https://github.com/moul/sshportal/pull/113)) by [@ahamidullah](https://github.com/ahamidullah)
-
-
-## v1.9.0 (2018-11-18)
-
-* Add `hostgroup update` and `usergroup update` commands ([#58](https://github.com/moul/sshportal/pull/58)) by [@adyxax](https://github.com/adyxax)
-* Add socket timeout ([#80](https://github.com/moul/sshportal/pull/80)) by [@ahhx](https://github.com/ahhx)
-* Add a flag to list only active sessions ([#76](https://github.com/moul/sshportal/pull/76)) by [@vdaviot](https://github.com/vdaviot)
-* Unset hop on host ([#74](https://github.com/moul/sshportal/pull/74)) by [@vdaviot](https://github.com/vdaviot)
-* Fix session status and duration display ([#75](https://github.com/moul/sshportal/pull/75)) by [@vdaviot](https://github.com/vdaviot)
-* Fix log path and filename on Windows ([#78](https://github.com/moul/sshportal/pull/78)) by [@Raerten](https://github.com/Raerten)
-* Admin user is not editable ([#69](https://github.com/moul/sshportal/pull/69)) by [@alenn-m](https://github.com/alenn-m)
-* Switch to go modules (go1.11) ([#83](https://github.com/moul/sshportal/pull/83))
-* Switch to moul.io/sshportal canonical URL ([#86](https://github.com/moul/sshportal/pull/86))
-* Switch to golangci-lint ([#87](https://github.com/moul/sshportal/pull/87))
-
-## v1.8.0 (2018-04-02)
-
-* The default created user now has the same username as the user starting sshportal (was hardcoded "admin")
-* Add Telnet support
-* Add TTY audit feature ([#23](https://github.com/moul/sshportal/issues/23)) by [@sabban](https://github.com/sabban)
-* Fix `--assign-*` commands when using MySQL driver ([#45](https://github.com/moul/sshportal/issues/45))
-* Add *HOP* support, an efficient and integrated way of using a jump host transparently ([#47](https://github.com/moul/sshportal/issues/47)) by [@mathieui](https://github.com/mathieui)
-* Fix panic on some `ls` commands ([#54](https://github.com/moul/sshportal/pull/54)) by [@jle64](https://github.com/jle64)
-* Add tunnels (`direct-tcp`) support with logging ([#44](https://github.com/moul/sshportal/issues/44)) by [@sabban](https://github.com/sabban)
-* Add `key import` command ([#52](https://github.com/moul/sshportal/issues/52)) by [@adyxax](https://github.com/adyxax)
-* Add 'exec' logging ([#40](https://github.com/moul/sshportal/issues/40)) by [@sabban](https://github.com/sabban)
-
-## v1.7.1 (2018-01-03)
-
-* Return non-null exit-code on authentication error
-* **hotfix**: repair invite system (broken in v1.7.0)
-
-## v1.7.0 (2018-01-02)
-
-Breaking changes:
-* Use `sshportal server` instead of `sshportal` to start a new server (nothing to change if using the docker image)
-* Remove `--config-user` and `--healthcheck-user` global options
-
-Changes:
-* Fix connection failure when sending too many environment variables (fix [#22](https://github.com/moul/sshportal/issues/22))
-* Fix panic when entering empty command (fix [#13](https://github.com/moul/sshportal/issues/13))
-* Add `config backup --ignore-events` option
-* Add `sshportal healthcheck [--addr=] [--wait] [--quiet]` cli command
-* Add [Docker Healthcheck](https://docs.docker.com/engine/reference/builder/#healthcheck) helper
-* Support Putty (fix [#24](https://github.com/moul/sshportal/issues/24))
-
-## v1.6.0 (2017-12-12)
-
-* Add `--latest` and `--quiet` options to `ls` commands
-* Add `healthcheck` user
-* Add `key show KEY` command
-
-## v1.5.0 (2017-12-02)
-
-* Create Session objects on each connections (history)
-* Connection history
-* Audit log
-* Add dynamic strict host key checking (learning on the first time, strict on the next ones)
-* Add-back MySQL support (experimental)
-* Fix some backup/restore bugs
-
-## v1.4.0 (2017-11-24)
-
-* Add 'key setup' command (easy SSH key installation)
-* Add Updated and Created fields in 'ls' commands
-* Add `--aes-key` option to encrypt sensitive data
-
-## v1.3.0 (2017-11-23)
-
-* More details in 'ls' commands
-* Add 'host update' command (fix [#2](https://github.com/moul/sshportal/issues/2))
-* Add 'user update' command (fix [#3](https://github.com/moul/sshportal/issues/3))
-* Add 'acl update' command (fix [#4](https://github.com/moul/sshportal/issues/4))
-* Allow connecting to the shell mode with the registered username or email (fix [#5](https://github.com/moul/sshportal/issues/5))
-* Add 'listhosts' role (fix [#5](https://github.com/moul/sshportal/issues/5))
-
-## v1.2.0 (2017-11-22)
-
-* Support adding multiple `--group` links on `host create` and `user create`
-* Use govalidator to perform more consistent input validation
-* Use a database migration system
-
-## v1.1.0 (2017-11-15)
-
-* Improve versionning (static VERSION + dynamic GIT_* info)
-* Configuration management (backup + restore)
-* Implement Exit (fix [#6](https://github.com/moul/sshportal/pull/6))
-* Disable mysql support (not fully working right now)
-* Set random seed properly
-
-## v1.0.0 (2017-11-14)
-
-Initial version
-
-* Host management
-* User management
-* User Group management
-* Host Group management
-* Host Key management
-* User Key management
-* ACL management
-* Connect to host using key or password
-* Admin commands can be run directly or in an interactive shell
+Here: https://github.com/moul/sshportal/releases
--- a/2
+++ b/2
@@ -1,5 +1,5 @@
 # build
-FROM golang:1.14.4 as builder
+FROM golang:1.16.2 as builder
 ENV             GO111MODULE=on
 WORKDIR         /go/src/moul.io/sshportal
 COPY            go.mod go.sum ./
--- a/2
+++ b/2
@@ -186,7 +186,7 @@
      same "printed page" as the copyright notice for easier
      identification within third-party archives.

-   Copyright 2017 Manfred Touron <m@42.am>
+   Copyright 2017-2021 Manfred Touron <m@42.am>

   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
--- a/1
+++ b/1
@@ -5,6 +5,7 @@ DOCKER_IMAGE ?= moul/sshportal
 VERSION ?= `git describe --tags --always`
 VCS_REF ?= `git rev-parse --short HEAD`
 GO_INSTALL_OPTS = -ldflags="-X main.GitSha=$(VCS_REF) -X main.GitTag=$(VERSION)"
+PORT ?= 2222

 include rules.mk

--- a/README.md
+++ b/README.md
@@ -9,6 +9,8 @@

 Jump host/Jump server without the jump, a.k.a Transparent SSH bastion

+<img src="https://raw.githubusercontent.com/moul/sshportal/master/.assets/bastion.jpg" width="50%">
+
 Features include: independence of users and hosts, convenient user invite system, connecting to servers that don't support SSH keys, various levels of access, and many more. Easy to install, run and configure.

 ![Flow Diagram](https://raw.githubusercontent.com/moul/sshportal/master/.assets/flow-diagram.png)
@@ -326,11 +328,11 @@ event inspect [-h] EVENT...

 # host management
 host help
-host create [-h] [--name=<value>] [--password=<value>] [--comment=<value>] [--key=KEY] [--group=HOSTGROUP...] [--hop=HOST] <username>[:<password>]@<host>[:<port>]
+host create [-h] [--name=<value>] [--password=<value>] [--comment=<value>] [--key=KEY] [--group=HOSTGROUP...] [--hop=HOST] [--logging=MODE] <username>[:<password>]@<host>[:<port>]
 host inspect [-h] [--decrypt] HOST...
 host ls [-h] [--latest] [--quiet]
 host rm [-h] HOST...
-host update [-h] [--name=<value>] [--comment=<value>] [--key=KEY] [--assign-group=HOSTGROUP...] [--unassign-group=HOSTGROUP...] [--set-hop=HOST] [--unset-hop] HOST...
+host update [-h] [--name=<value>] [--comment=<value>] [--key=KEY] [--assign-group=HOSTGROUP...] [--unassign-group=HOSTGROUP...] [--logging-MODE] [--set-hop=HOST] [--unset-hop] HOST...

 # hostgroup management
 hostgroup help
@@ -499,3 +501,7 @@ Support this project with your organization. Your logo will show up here with a
 <a href="https://opencollective.com/sshportal/organization/7/website"><img src="https://opencollective.com/sshportal/organization/7/avatar.svg"></a>
 <a href="https://opencollective.com/sshportal/organization/8/website"><img src="https://opencollective.com/sshportal/organization/8/avatar.svg"></a>
 <a href="https://opencollective.com/sshportal/organization/9/website"><img src="https://opencollective.com/sshportal/organization/9/avatar.svg"></a>
+
+### Stargazers over time
+
+[![Stargazers over time](https://starchart.cc/moul/sshportal.svg)](https://starchart.cc/moul/sshportal)
--- a/depaware.txt
+++ b/depaware.txt
@@ -0,0 +1,127 @@
+moul.io/sshportal dependencies: (generated by github.com/tailscale/depaware)
+
+        github.com/anmitsu/go-shlex                                  from github.com/gliderlabs/ssh+
+        github.com/asaskevich/govalidator                            from moul.io/sshportal/pkg/bastion+
+        github.com/cpuguy83/go-md2man/v2/md2man                      from github.com/urfave/cli
+  LD 💣 github.com/creack/pty                                        from github.com/kr/pty
+        github.com/docker/docker/pkg/namesgenerator                  from moul.io/sshportal/pkg/bastion
+        github.com/docker/docker/pkg/random                          from github.com/docker/docker/pkg/namesgenerator
+        github.com/dustin/go-humanize                                from moul.io/sshportal/pkg/bastion
+        github.com/gliderlabs/ssh                                    from moul.io/sshportal+
+        github.com/go-sql-driver/mysql                               from github.com/jinzhu/gorm/dialects/mysql+
+        github.com/jinzhu/gorm                                       from gopkg.in/gormigrate.v1+
+        github.com/jinzhu/gorm/dialects/mysql                        from moul.io/sshportal
+        github.com/jinzhu/gorm/dialects/postgres                     from moul.io/sshportal
+        github.com/jinzhu/gorm/dialects/sqlite                       from moul.io/sshportal
+        github.com/jinzhu/inflection                                 from github.com/jinzhu/gorm
+  LD    github.com/kr/pty                                            from moul.io/sshportal
+        github.com/lib/pq                                            from github.com/jinzhu/gorm/dialects/postgres
+        github.com/lib/pq/hstore                                     from github.com/jinzhu/gorm/dialects/postgres
+        github.com/lib/pq/oid                                        from github.com/lib/pq
+        github.com/lib/pq/scram                                      from github.com/lib/pq
+     💣 github.com/mattn/go-colorable                                from github.com/mgutz/ansi
+     💣 github.com/mattn/go-isatty                                   from github.com/mattn/go-colorable
+        github.com/mattn/go-runewidth                                from github.com/olekukonko/tablewriter
+     💣 github.com/mattn/go-sqlite3                                  from github.com/jinzhu/gorm/dialects/sqlite
+        github.com/mgutz/ansi                                        from moul.io/sshportal/pkg/bastion
+        github.com/olekukonko/tablewriter                            from moul.io/sshportal/pkg/bastion
+        github.com/pkg/errors                                        from moul.io/sshportal/pkg/bastion
+        github.com/reiver/go-oi                                      from github.com/reiver/go-telnet+
+        github.com/reiver/go-telnet                                  from moul.io/sshportal/pkg/bastion
+        github.com/russross/blackfriday/v2                           from github.com/cpuguy83/go-md2man/v2/md2man
+        github.com/sabban/bastion/pkg/logchannel                     from moul.io/sshportal/pkg/bastion
+        github.com/shurcooL/sanitized_anchor_name                    from github.com/russross/blackfriday/v2
+        github.com/urfave/cli                                        from moul.io/sshportal+
+        gopkg.in/gormigrate.v1                                       from moul.io/sshportal/pkg/bastion
+        moul.io/srand                                                from moul.io/sshportal
+        moul.io/sshportal/pkg/bastion                                from moul.io/sshportal
+        moul.io/sshportal/pkg/crypto                                 from moul.io/sshportal/pkg/bastion
+        moul.io/sshportal/pkg/dbmodels                               from moul.io/sshportal/pkg/bastion+
+        golang.org/x/crypto/blowfish                                 from golang.org/x/crypto/ssh/internal/bcrypt_pbkdf
+        golang.org/x/crypto/chacha20                                 from golang.org/x/crypto/chacha20poly1305+
+        golang.org/x/crypto/chacha20poly1305                         from crypto/tls
+        golang.org/x/crypto/cryptobyte                               from crypto/ecdsa+
+        golang.org/x/crypto/cryptobyte/asn1                          from crypto/ecdsa+
+        golang.org/x/crypto/curve25519                               from crypto/tls+
+        golang.org/x/crypto/ed25519                                  from golang.org/x/crypto/ssh
+        golang.org/x/crypto/hkdf                                     from crypto/tls
+        golang.org/x/crypto/poly1305                                 from golang.org/x/crypto/chacha20poly1305+
+        golang.org/x/crypto/ssh                                      from github.com/gliderlabs/ssh+
+        golang.org/x/crypto/ssh/terminal                             from moul.io/sshportal/pkg/bastion
+        golang.org/x/net/dns/dnsmessage                              from net
+   D    golang.org/x/net/route                                       from net
+        golang.org/x/sys/cpu                                         from golang.org/x/crypto/chacha20poly1305
+  LD    golang.org/x/sys/unix                                        from github.com/mattn/go-isatty+
+   W    golang.org/x/sys/windows                                     from golang.org/x/crypto/ssh/terminal
+        bufio                                                        from crypto/rand+
+        bytes                                                        from bufio+
+        container/list                                               from crypto/tls
+        context                                                      from crypto/tls+
+        crypto                                                       from crypto/ecdsa+
+        crypto/aes                                                   from crypto/ecdsa+
+        crypto/cipher                                                from crypto/aes+
+        crypto/des                                                   from crypto/tls+
+        crypto/dsa                                                   from crypto/x509+
+        crypto/ecdsa                                                 from crypto/tls+
+        crypto/ed25519                                               from crypto/tls+
+        crypto/elliptic                                              from crypto/ecdsa+
+        crypto/hmac                                                  from crypto/tls+
+        crypto/md5                                                   from crypto/tls+
+        crypto/rand                                                  from crypto/ed25519+
+        crypto/rc4                                                   from crypto/tls+
+        crypto/rsa                                                   from crypto/tls+
+        crypto/sha1                                                  from crypto/tls+
+        crypto/sha256                                                from crypto/tls+
+        crypto/sha512                                                from crypto/ecdsa+
+        crypto/subtle                                                from crypto/aes+
+        crypto/tls                                                   from github.com/go-sql-driver/mysql+
+        crypto/x509                                                  from crypto/tls+
+        crypto/x509/pkix                                             from crypto/x509
+        database/sql                                                 from github.com/go-sql-driver/mysql+
+        database/sql/driver                                          from database/sql+
+        encoding                                                     from encoding/json
+        encoding/asn1                                                from crypto/x509+
+        encoding/base64                                              from encoding/json+
+        encoding/binary                                              from crypto/aes+
+        encoding/csv                                                 from github.com/olekukonko/tablewriter
+        encoding/hex                                                 from crypto/x509+
+        encoding/json                                                from github.com/asaskevich/govalidator+
+        encoding/pem                                                 from crypto/tls+
+        errors                                                       from bufio+
+        flag                                                         from github.com/urfave/cli
+        fmt                                                          from crypto/tls+
+        go/ast                                                       from github.com/jinzhu/gorm
+        go/scanner                                                   from go/ast
+        go/token                                                     from go/ast+
+        hash                                                         from crypto+
+        html                                                         from github.com/asaskevich/govalidator+
+        io                                                           from bufio+
+        io/ioutil                                                    from crypto/tls+
+        log                                                          from github.com/gliderlabs/ssh+
+        math                                                         from crypto/rsa+
+        math/big                                                     from crypto/dsa+
+        math/bits                                                    from crypto/md5+
+        math/rand                                                    from github.com/docker/docker/pkg/random+
+        net                                                          from crypto/tls+
+        net/url                                                      from crypto/x509+
+        os                                                           from crypto/rand+
+  LD    os/exec                                                      from github.com/creack/pty+
+        os/user                                                      from github.com/lib/pq+
+        path                                                         from github.com/asaskevich/govalidator+
+        path/filepath                                                from crypto/x509+
+        reflect                                                      from crypto/x509+
+        regexp                                                       from github.com/asaskevich/govalidator+
+        regexp/syntax                                                from regexp
+        sort                                                         from database/sql+
+        strconv                                                      from crypto+
+        strings                                                      from bufio+
+        sync                                                         from context+
+        sync/atomic                                                  from context+
+        syscall                                                      from crypto/rand+
+        text/tabwriter                                               from github.com/urfave/cli
+        text/template                                                from github.com/urfave/cli
+        text/template/parse                                          from text/template
+        time                                                         from context+
+        unicode                                                      from bytes+
+        unicode/utf16                                                from encoding/asn1+
+        unicode/utf8                                                 from bufio+
--- a/go.mod
+++ b/go.mod
@@ -2,32 +2,34 @@ module moul.io/sshportal

 require (
 	github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be
-	github.com/asaskevich/govalidator v0.0.0-20200428143746-21a406dcc535
+	github.com/asaskevich/govalidator v0.0.0-20200907205600-7a23bdc65eef
 	github.com/cpuguy83/go-md2man/v2 v2.0.0 // indirect
-	github.com/creack/pty v1.1.10 // indirect
+	github.com/creack/pty v1.1.11 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/docker/docker v1.13.1
 	github.com/dustin/go-humanize v1.0.0
-	github.com/gliderlabs/ssh v0.3.0
-	github.com/go-sql-driver/mysql v1.5.0 // indirect
+	github.com/gliderlabs/ssh v0.3.2
+	github.com/go-sql-driver/mysql v1.5.0
 	github.com/gopherjs/gopherjs v0.0.0-20181103185306-d547d1d9531e // indirect
-	github.com/jinzhu/gorm v1.9.12
+	github.com/jinzhu/gorm v1.9.16
 	github.com/kr/pty v1.1.8
-	github.com/mattn/go-colorable v0.1.6 // indirect
-	github.com/mattn/go-runewidth v0.0.9 // indirect
+	github.com/lib/pq v1.8.0 // indirect
+	github.com/mattn/go-colorable v0.1.8 // indirect
 	github.com/mattn/go-sqlite3 v2.0.3+incompatible // indirect
-	github.com/mgutz/ansi v0.0.0-20170206155736-9520e82c474b
-	github.com/olekukonko/tablewriter v0.0.4
+	github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d
+	github.com/olekukonko/tablewriter v0.0.5
+	github.com/pkg/errors v0.9.1
 	github.com/reiver/go-oi v1.0.0
 	github.com/reiver/go-telnet v0.0.0-20180421082511-9ff0b2ab096e
 	github.com/sabban/bastion v0.0.0-20180110125408-b9d3c9b1f4d3
 	github.com/smartystreets/assertions v0.0.0-20190401211740-f487f9de1cd3 // indirect
 	github.com/smartystreets/goconvey v1.6.4
-	github.com/urfave/cli v1.22.4
-	golang.org/x/crypto v0.0.0-20200604202706-70a84ac30bf9
-	golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25 // indirect
+	github.com/stretchr/testify v1.4.0 // indirect
+	github.com/urfave/cli v1.22.5
+	golang.org/x/crypto v0.0.0-20201112155050-0c6587e931a9
+	golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f // indirect
 	gopkg.in/gormigrate.v1 v1.6.0
-	moul.io/srand v1.4.0
+	moul.io/srand v1.6.1
 )

 go 1.14
--- a/go.sum
+++ b/go.sum
@@ -1,17 +1,17 @@
 cloud.google.com/go v0.33.1/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
+github.com/PuerkitoBio/goquery v1.5.1/go.mod h1:GsLWisAFVj4WgDibEWF4pvYnkVQBpKBKeU+7zCJoLcc=
+github.com/andybalholm/cascadia v1.1.0/go.mod h1:GsXiBklL0woXo1j/WYWtSYYC4ouU9PqHO0sqidkEA4Y=
 github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFIImctFaOjnTIavg87rW78vTPkQqLI8=
 github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be/go.mod h1:ySMOLuWl6zY27l47sB3qLNK6tF2fkHG55UZxx8oIVo4=
-github.com/asaskevich/govalidator v0.0.0-20200428143746-21a406dcc535 h1:4daAzAu0S6Vi7/lbWECcX0j45yZReDZ56BQsrVBOEEY=
-github.com/asaskevich/govalidator v0.0.0-20200428143746-21a406dcc535/go.mod h1:oGkLhpf+kjZl6xBf758TQhh5XrAeiJv/7FRz/2spLIg=
-github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d h1:U+s90UTSYgptZMwQh2aRr3LuazLJIa+Pg3Kc1ylSYVY=
+github.com/asaskevich/govalidator v0.0.0-20200907205600-7a23bdc65eef h1:46PFijGLmAjMPwCCCo7Jf0W6f9slllCkkv7vyc1yOSg=
+github.com/asaskevich/govalidator v0.0.0-20200907205600-7a23bdc65eef/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
 github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
 github.com/cpuguy83/go-md2man/v2 v2.0.0 h1:EoUDS0afbrsXAZ9YQ9jdu/mZ2sXgT1/2yyNng4PGlyM=
 github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
-github.com/creack/pty v1.1.7 h1:6pwm8kMQKCmgUg0ZHTm5+/YvRK0s3THD/28+T6/kk4A=
 github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY=
-github.com/creack/pty v1.1.10 h1:Xv3/hZlzZeTSMk5upBEt3iFdxWaPS3xYIm+BBySIqlY=
-github.com/creack/pty v1.1.10/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
+github.com/creack/pty v1.1.11 h1:07n33Z8lZxZ2qwegKbObQohDhXDQxiMMz1NOUGYlesw=
+github.com/creack/pty v1.1.11/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
@@ -24,13 +24,11 @@ github.com/dustin/go-humanize v1.0.0 h1:VSnTsYCnlFHaM2/igO1h6X3HA71jcobQuxemgkq4
 github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
 github.com/erikstmartin/go-testdb v0.0.0-20160219214506-8d10e4a1bae5 h1:Yzb9+7DPaBjB8zlTR87/ElzFsnQfuHnVUVqpZZIcV5Y=
 github.com/erikstmartin/go-testdb v0.0.0-20160219214506-8d10e4a1bae5/go.mod h1:a2zkGnVExMxdzMo3M0Hi/3sEU+cWnZpSni0O6/Yb/P0=
-github.com/gliderlabs/ssh v0.3.0 h1:7GcKy4erEljCE/QeQ2jTVpu+3f3zkpZOxOJjFYkMqYU=
-github.com/gliderlabs/ssh v0.3.0/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0=
-github.com/go-sql-driver/mysql v1.4.1 h1:g24URVg0OFbNUTx9qqY1IRZ9D9z3iPyi5zKhQZpNwpA=
+github.com/gliderlabs/ssh v0.3.2 h1:gcfd1Aj/9RQxvygu4l3sak711f/5+VOwBw9C/7+N4EI=
+github.com/gliderlabs/ssh v0.3.2/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0=
 github.com/go-sql-driver/mysql v1.4.1/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w=
 github.com/go-sql-driver/mysql v1.5.0 h1:ozyZYNQW3x3HtqT1jira07DN2PArx2v7/mN66gGcHOs=
 github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
-github.com/gofrs/uuid v3.2.0+incompatible h1:y12jRkkFxsd7GpqdSZ+/KCs/fJbqpEXSGd4+jfEaewE=
 github.com/gofrs/uuid v3.2.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM=
 github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe h1:lXe2qZdvpiX5WZkZR4hgp4KJVfY3nMkvmwbVkpv1rVY=
 github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe/go.mod h1:8vg3r2VgvsThLBIFL93Qb5yWzgyZWhEmBwUJWevAkK0=
@@ -39,15 +37,12 @@ github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5a
 github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
 github.com/gopherjs/gopherjs v0.0.0-20181103185306-d547d1d9531e h1:JKmoR8x90Iww1ks85zJ1lfDGgIiMDuIptTOhJq+zKyg=
 github.com/gopherjs/gopherjs v0.0.0-20181103185306-d547d1d9531e/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
-github.com/jinzhu/gorm v1.9.2 h1:lCvgEaqe/HVE+tjAR2mt4HbbHAZsQOv3XAZiEZV37iw=
 github.com/jinzhu/gorm v1.9.2/go.mod h1:Vla75njaFJ8clLU1W44h34PjIkijhjHIYnZxMqCdxqo=
-github.com/jinzhu/gorm v1.9.12 h1:Drgk1clyWT9t9ERbzHza6Mj/8FY/CqMyVzOiHviMo6Q=
-github.com/jinzhu/gorm v1.9.12/go.mod h1:vhTjlKSJUTWNtcbQtrMBFCxy7eXTzeCAzfL5fBZT/Qs=
-github.com/jinzhu/inflection v0.0.0-20180308033659-04140366298a h1:eeaG9XMUvRBYXJi4pg1ZKM7nxc5AfXfojeLLW7O5J3k=
+github.com/jinzhu/gorm v1.9.16 h1:+IyIjPEABKRpsu/F8OvDPy9fyQlgsg2luMV2ZIH5i5o=
+github.com/jinzhu/gorm v1.9.16/go.mod h1:G3LB3wezTOWM2ITLzPxEXgSkOXAntiLHS7UdBefADcs=
 github.com/jinzhu/inflection v0.0.0-20180308033659-04140366298a/go.mod h1:h+uFLlag+Qp1Va5pdKtLDYj+kHp5pxUVkryuEj+Srlc=
 github.com/jinzhu/inflection v1.0.0 h1:K317FqzuhWc8YvSVlFMCCUb36O/S9MCKRDI7QkRKD/E=
 github.com/jinzhu/inflection v1.0.0/go.mod h1:h+uFLlag+Qp1Va5pdKtLDYj+kHp5pxUVkryuEj+Srlc=
-github.com/jinzhu/now v0.0.0-20181116074157-8ec929ed50c3 h1:xvj06l8iSwiWpYgm8MbPp+naBg+pwfqmdXabzqPCn/8=
 github.com/jinzhu/now v0.0.0-20181116074157-8ec929ed50c3/go.mod h1:oHTiXerJ20+SfYcrdlBO7rzZRJWGwSTQ0iUY2jI6Gfc=
 github.com/jinzhu/now v1.0.1 h1:HjfetcXq097iXP0uoPCdnM4Efp5/9MsM0/M+XOTeR3M=
 github.com/jinzhu/now v1.0.1/go.mod h1:d3SSVoowX0Lcu0IBviAWJpolVfI5UJVZZ7cO71lE/z8=
@@ -57,26 +52,27 @@ github.com/jtolds/gls v4.20.0+incompatible h1:xdiiI2gbIgH/gLH7ADydsJ1uDOEzR8yvV7
 github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
 github.com/kr/pty v1.1.8 h1:AkaSdXYQOWeaO3neb8EM634ahkXXe3jYbVh/F9lq+GI=
 github.com/kr/pty v1.1.8/go.mod h1:O1sed60cT9XZ5uDucP5qwvh+TE3NnUj51EiZO/lmSfw=
-github.com/lib/pq v1.0.0 h1:X5PMW56eZitiTeO7tKzZxFCSpbFZJtkMMooicw2us9A=
 github.com/lib/pq v1.0.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
 github.com/lib/pq v1.1.1 h1:sJZmqHoEaY7f+NPP8pgLB/WxulyR3fewgCM2qaSlBb4=
 github.com/lib/pq v1.1.1/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
-github.com/mattn/go-colorable v0.1.6 h1:6Su7aK7lXmJ/U79bYtBjLNaha4Fs1Rg9plHpcH+vvnE=
-github.com/mattn/go-colorable v0.1.6/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
+github.com/lib/pq v1.8.0 h1:9xohqzkUwzR4Ga4ivdTcawVS89YSDVxXMa3xJX3cGzg=
+github.com/lib/pq v1.8.0/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
+github.com/mattn/go-colorable v0.1.8 h1:c1ghPdyEDarC70ftn0y+A/Ee++9zz8ljHG1b13eJ0s8=
+github.com/mattn/go-colorable v0.1.8/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
 github.com/mattn/go-isatty v0.0.12 h1:wuysRhFDzyxgEmMf5xjvJ2M9dZoWAXNNr5LSBS7uHXY=
 github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU=
-github.com/mattn/go-runewidth v0.0.7/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI=
 github.com/mattn/go-runewidth v0.0.9 h1:Lm995f3rfxdpd6TSmuVCHVb/QhupuXlYr8sCI/QdE+0=
 github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI=
-github.com/mattn/go-sqlite3 v1.10.0 h1:jbhqpg7tQe4SupckyijYiy0mJJ/pRyHvXf7JdWK860o=
 github.com/mattn/go-sqlite3 v1.10.0/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc=
-github.com/mattn/go-sqlite3 v2.0.1+incompatible/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc=
+github.com/mattn/go-sqlite3 v1.14.0/go.mod h1:JIl7NbARA7phWnGvh0LKTyg7S9BA+6gx71ShQilpsus=
 github.com/mattn/go-sqlite3 v2.0.3+incompatible h1:gXHsfypPkaMZrKbD5209QV9jbUTJKjyR5WD3HYQSd+U=
 github.com/mattn/go-sqlite3 v2.0.3+incompatible/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc=
-github.com/mgutz/ansi v0.0.0-20170206155736-9520e82c474b h1:j7+1HpAFS1zy5+Q4qx1fWh90gTKwiN4QCGoY9TWyyO4=
-github.com/mgutz/ansi v0.0.0-20170206155736-9520e82c474b/go.mod h1:01TrycV0kFyexm33Z7vhZRXopbI8J3TDReVlkTgMUxE=
-github.com/olekukonko/tablewriter v0.0.4 h1:vHD/YYe1Wolo78koG299f7V/VAS08c6IpCLn+Ejf/w8=
-github.com/olekukonko/tablewriter v0.0.4/go.mod h1:zq6QwlOf5SlnkVbMSr5EoBv3636FWnp+qbPhuoO21uA=
+github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d h1:5PJl274Y63IEHC+7izoQE9x6ikvDFZS2mDVS3drnohI=
+github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d/go.mod h1:01TrycV0kFyexm33Z7vhZRXopbI8J3TDReVlkTgMUxE=
+github.com/olekukonko/tablewriter v0.0.5 h1:P2Ga83D34wi1o9J6Wh1mRuqd4mF/x/lgBS7N7AbDhec=
+github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY=
+github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
+github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/reiver/go-oi v1.0.0 h1:nvECWD7LF+vOs8leNGV/ww+F2iZKf3EYjYZ527turzM=
@@ -97,30 +93,37 @@ github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/testify v1.3.0 h1:TivCn/peBQ7UY8ooIcPgZFpTNSz0Q2U6UrFlUfqbe0Q=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
-github.com/urfave/cli v1.22.4 h1:u7tSpNPPswAFymm8IehJhy4uJMlUuU/GmqSkvJ1InXA=
-github.com/urfave/cli v1.22.4/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
+github.com/stretchr/testify v1.4.0 h1:2E4SXV/wtOkTonXsotYi4li6zVWxYlZuYNCXe9XRJyk=
+github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
+github.com/urfave/cli v1.22.5 h1:lNq9sAHXK2qfdI8W+GRItjCEkI+2oR4d+MEHy1CKXoU=
+github.com/urfave/cli v1.22.5/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
 golang.org/x/crypto v0.0.0-20181112202954-3d3f9f413869/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20190325154230-a5d413f7728c/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20191205180655-e7c4368fe9dd/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.0.0-20200604202706-70a84ac30bf9 h1:vEg9joUBmeBcK9iSJftGNf3coIG4HqZElCPehJsfAYM=
-golang.org/x/crypto v0.0.0-20200604202706-70a84ac30bf9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20201112155050-0c6587e931a9 h1:umElSU9WZirRdgu2yFHY0ayQkEnKiOC1TtM3fWXFnoU=
+golang.org/x/crypto v0.0.0-20201112155050-0c6587e931a9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/net v0.0.0-20180218175443-cbe0f9307d01/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25 h1:OKbAoGs4fGM5cPLlVQLZGYkFC8OnOfgo6tt0Smf9XhM=
-golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f h1:+Nyd8tzPX9R7BWHguqsrbFdRx3WQ/1ib8I44HXV5yTA=
+golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
 google.golang.org/appengine v1.3.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
-google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/gormigrate.v1 v1.6.0 h1:XpYM6RHQPmzwY7Uyu+t+xxMXc86JYFJn4nEc9HzQjsI=
 gopkg.in/gormigrate.v1 v1.6.0/go.mod h1:Lf00lQrHqfSYWiTtPcyQabsDdM6ejZaMgV0OU6JMSlw=
+gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-moul.io/srand v1.4.0 h1:r5ZMiWDN0ni0lTV7KzJR/jx0K7GivJYW5WaXmufgeik=
-moul.io/srand v1.4.0/go.mod h1:P2uaZB+GFstFNo8sEj6/U8FRV1n25kD0LLckFpJ+qvc=
+moul.io/srand v1.6.1 h1:SJ335F+54ivLdlH7wH52Rtyv0Ffos6DpsF5wu3ZVMXU=
+moul.io/srand v1.6.1/go.mod h1:P2uaZB+GFstFNo8sEj6/U8FRV1n25kD0LLckFpJ+qvc=
--- a/main.go
+++ b/main.go
@@ -6,7 +6,9 @@ import (
 	"os"
 	"path"

+	_ "github.com/go-sql-driver/mysql"
 	_ "github.com/jinzhu/gorm/dialects/mysql"
+	_ "github.com/jinzhu/gorm/dialects/postgres"
 	_ "github.com/jinzhu/gorm/dialects/sqlite"
 	"github.com/urfave/cli"
 	"moul.io/srand"
@@ -20,7 +22,7 @@ var (
 )

 func main() {
-	rand.Seed(srand.Secure())
+	rand.Seed(srand.MustSecure())

 	app := cli.NewApp()
 	app.Name = path.Base(os.Args[0])
--- a/pkg/bastion/acl.go
+++ b/pkg/bastion/acl.go
@@ -1,7 +1,8 @@
-package bastion // import "moul.io/sshportal/pkg/bastion"
+package bastion

 import (
 	"sort"
+	"time"

 	"moul.io/sshportal/pkg/dbmodels"
 )
@@ -12,7 +13,9 @@ func (a byWeight) Len() int           { return len(a) }
 func (a byWeight) Swap(i, j int)      { a[i], a[j] = a[j], a[i] }
 func (a byWeight) Less(i, j int) bool { return a[i].Weight < a[j].Weight }

-func checkACLs(user dbmodels.User, host dbmodels.Host) (string, error) {
+func checkACLs(user dbmodels.User, host dbmodels.Host) string {
+	currentTime := time.Now()
+
 	// shared ACLs between user and host
 	aclMap := map[uint]*dbmodels.ACL{}
 	for _, userGroup := range user.Groups {
@@ -20,7 +23,10 @@ func checkACLs(user dbmodels.User, host dbmodels.Host) (string, error) {
 			for _, hostGroup := range host.Groups {
 				for _, hostGroupACL := range hostGroup.ACLs {
 					if userGroupACL.ID == hostGroupACL.ID {
-						aclMap[userGroupACL.ID] = userGroupACL
+						if (userGroupACL.Inception == nil || currentTime.After(*userGroupACL.Inception)) &&
+							(userGroupACL.Expiration == nil || currentTime.Before(*userGroupACL.Expiration)) {
+							aclMap[userGroupACL.ID] = userGroupACL
+						}
 					}
 				}
 			}
@@ -30,7 +36,7 @@ func checkACLs(user dbmodels.User, host dbmodels.Host) (string, error) {

 	// deny by default if no shared ACL
 	if len(aclMap) == 0 {
-		return string(dbmodels.ACLActionDeny), nil // default action
+		return string(dbmodels.ACLActionDeny) // default action
 	}

 	// transform map to slice and sort it
@@ -40,5 +46,5 @@ func checkACLs(user dbmodels.User, host dbmodels.Host) (string, error) {
 	}
 	sort.Sort(byWeight(acls))

-	return acls[0].Action, nil
+	return acls[0].Action
 }
--- a/pkg/bastion/acl_test.go
+++ b/pkg/bastion/acl_test.go
@@ -43,8 +43,7 @@ func TestCheckACLs(t *testing.T) {
 		db.Preload("Groups").Preload("Groups.ACLs").Find(&users)

 		// test
-		action, err := checkACLs(users[0], hosts[0])
-		c.So(err, ShouldBeNil)
+		action := checkACLs(users[0], hosts[0])
 		c.So(action, ShouldEqual, dbmodels.ACLActionAllow)
 	})
 }
--- a/pkg/bastion/dbinit.go
+++ b/pkg/bastion/dbinit.go
@@ -40,14 +40,13 @@ func DBInit(db *gorm.DB) error {
 			ID: "2",
 			Migrate: func(tx *gorm.DB) error {
 				type SSHKey struct {
-					// FIXME: use uuid for ID
 					gorm.Model
 					Name        string
 					Type        string
 					Length      uint
 					Fingerprint string
-					PrivKey     string           `sql:"size:10000"`
-					PubKey      string           `sql:"size:10000"`
+					PrivKey     string           `sql:"size:5000"`
+					PubKey      string           `sql:"size:1000"`
 					Hosts       []*dbmodels.Host `gorm:"ForeignKey:SSHKeyID"`
 					Comment     string
 				}
@@ -60,7 +59,6 @@ func DBInit(db *gorm.DB) error {
 			ID: "3",
 			Migrate: func(tx *gorm.DB) error {
 				type Host struct {
-					// FIXME: use uuid for ID
 					gorm.Model
 					Name        string `gorm:"size:32"`
 					Addr        string
@@ -82,7 +80,7 @@ func DBInit(db *gorm.DB) error {
 			Migrate: func(tx *gorm.DB) error {
 				type UserKey struct {
 					gorm.Model
-					Key     []byte         `sql:"size:10000"`
+					Key     []byte         `sql:"size:1000"`
 					UserID  uint           ``
 					User    *dbmodels.User `gorm:"ForeignKey:UserID"`
 					Comment string
@@ -96,7 +94,6 @@ func DBInit(db *gorm.DB) error {
 			ID: "5",
 			Migrate: func(tx *gorm.DB) error {
 				type User struct {
-					// FIXME: use uuid for ID
 					gorm.Model
 					IsAdmin     bool
 					Email       string
@@ -261,14 +258,14 @@ func DBInit(db *gorm.DB) error {
 					return err
 				}

-				var users []dbmodels.User
+				var users []*dbmodels.User
 				if err := db.Preload("Roles").Where("is_admin = ?", true).Find(&users).Error; err != nil {
 					return err
 				}

 				for _, user := range users {
 					user.Roles = append(user.Roles, &adminRole)
-					if err := tx.Save(&user).Error; err != nil {
+					if err := tx.Save(user).Error; err != nil {
 						return err
 					}
 				}
@@ -344,8 +341,8 @@ func DBInit(db *gorm.DB) error {
 			Migrate: func(tx *gorm.DB) error {
 				type UserKey struct {
 					gorm.Model
-					Key           []byte         `sql:"size:10000" valid:"required,length(1|10000)"`
-					AuthorizedKey string         `sql:"size:10000" valid:"required,length(1|10000)"`
+					Key           []byte         `sql:"size:1000" valid:"required,length(1|1000)"`
+					AuthorizedKey string         `sql:"size:1000" valid:"required,length(1|1000)"`
 					UserID        uint           ``
 					User          *dbmodels.User `gorm:"ForeignKey:UserID"`
 					Comment       string         `valid:"optional"`
@@ -358,7 +355,7 @@ func DBInit(db *gorm.DB) error {
 		}, {
 			ID: "24",
 			Migrate: func(tx *gorm.DB) error {
-				var userKeys []dbmodels.UserKey
+				var userKeys []*dbmodels.UserKey
 				if err := db.Find(&userKeys).Error; err != nil {
 					return err
 				}
@@ -369,7 +366,7 @@ func DBInit(db *gorm.DB) error {
 						return err
 					}
 					userKey.AuthorizedKey = string(gossh.MarshalAuthorizedKey(key))
-					if err := db.Model(&userKey).Updates(&userKey).Error; err != nil {
+					if err := db.Model(userKey).Updates(userKey).Error; err != nil {
 						return err
 					}
 				}
@@ -382,17 +379,16 @@ func DBInit(db *gorm.DB) error {
 			ID: "25",
 			Migrate: func(tx *gorm.DB) error {
 				type Host struct {
-					// FIXME: use uuid for ID
 					gorm.Model
 					Name        string                `gorm:"size:32" valid:"required,length(1|32),unix_user"`
 					Addr        string                `valid:"required"`
 					User        string                `valid:"optional"`
 					Password    string                `valid:"optional"`
-					SSHKey      *dbmodels.SSHKey      `gorm:"ForeignKey:SSHKeyID"` // SSHKey used to connect by the client
+					SSHKey      *dbmodels.SSHKey      `gorm:"ForeignKey:SSHKeyID"`
 					SSHKeyID    uint                  `gorm:"index"`
-					HostKey     []byte                `sql:"size:10000" valid:"optional"`
+					HostKey     []byte                `sql:"size:1000" valid:"optional"`
 					Groups      []*dbmodels.HostGroup `gorm:"many2many:host_host_groups;"`
-					Fingerprint string                `valid:"optional"` // FIXME: replace with hostKey ?
+					Fingerprint string                `valid:"optional"`
 					Comment     string                `valid:"optional"`
 				}
 				return tx.AutoMigrate(&Host{}).Error
@@ -422,14 +418,14 @@ func DBInit(db *gorm.DB) error {
 		}, {
 			ID: "27",
 			Migrate: func(tx *gorm.DB) error {
-				var sessions []dbmodels.Session
+				var sessions []*dbmodels.Session
 				if err := db.Find(&sessions).Error; err != nil {
 					return err
 				}

 				for _, session := range sessions {
 					if session.StoppedAt != nil && session.StoppedAt.IsZero() {
-						if err := db.Model(&session).Updates(map[string]interface{}{"stopped_at": nil}).Error; err != nil {
+						if err := db.Model(session).Updates(map[string]interface{}{"stopped_at": nil}).Error; err != nil {
 							return err
 						}
 					}
@@ -443,7 +439,6 @@ func DBInit(db *gorm.DB) error {
 			ID: "28",
 			Migrate: func(tx *gorm.DB) error {
 				type Host struct {
-					// FIXME: use uuid for ID
 					gorm.Model
 					Name     string `gorm:"size:32"`
 					Addr     string
@@ -452,7 +447,7 @@ func DBInit(db *gorm.DB) error {
 					URL      string
 					SSHKey   *dbmodels.SSHKey      `gorm:"ForeignKey:SSHKeyID"`
 					SSHKeyID uint                  `gorm:"index"`
-					HostKey  []byte                `sql:"size:10000"`
+					HostKey  []byte                `sql:"size:1000"`
 					Groups   []*dbmodels.HostGroup `gorm:"many2many:host_host_groups;"`
 					Comment  string
 				}
@@ -465,7 +460,29 @@ func DBInit(db *gorm.DB) error {
 			ID: "29",
 			Migrate: func(tx *gorm.DB) error {
 				type Host struct {
-					// FIXME: use uuid for ID
+					gorm.Model
+					Name     string `gorm:"size:32"`
+					Addr     string
+					User     string
+					Password string
+					URL      string
+					SSHKey   *dbmodels.SSHKey      `gorm:"ForeignKey:SSHKeyID"`
+					SSHKeyID uint                  `gorm:"index"`
+					HostKey  []byte                `sql:"size:1000"`
+					Groups   []*dbmodels.HostGroup `gorm:"many2many:host_host_groups;"`
+					Comment  string
+					Hop      *dbmodels.Host
+					HopID    uint
+				}
+				return tx.AutoMigrate(&Host{}).Error
+			},
+			Rollback: func(tx *gorm.DB) error {
+				return fmt.Errorf("not implemented")
+			},
+		}, {
+			ID: "30",
+			Migrate: func(tx *gorm.DB) error {
+				type Host struct {
 					gorm.Model
 					Name     string `gorm:"size:32"`
 					Addr     string
@@ -478,13 +495,35 @@ func DBInit(db *gorm.DB) error {
 					Groups   []*dbmodels.HostGroup `gorm:"many2many:host_host_groups;"`
 					Comment  string
 					Hop      *dbmodels.Host
+					Logging  string
 					HopID    uint
 				}
 				return tx.AutoMigrate(&Host{}).Error
 			},
-			Rollback: func(tx *gorm.DB) error {
-				return fmt.Errorf("not implemented")
+			Rollback: func(tx *gorm.DB) error { return fmt.Errorf("not implemented") },
+		}, {
+			ID: "31",
+			Migrate: func(tx *gorm.DB) error {
+				return tx.Model(&dbmodels.Host{}).Updates(&dbmodels.Host{Logging: "everything"}).Error
 			},
+			Rollback: func(tx *gorm.DB) error { return fmt.Errorf("not implemented") },
+		}, {
+			ID: "32",
+			Migrate: func(tx *gorm.DB) error {
+				type ACL struct {
+					gorm.Model
+					HostGroups  []*dbmodels.HostGroup `gorm:"many2many:host_group_acls;"`
+					UserGroups  []*dbmodels.UserGroup `gorm:"many2many:user_group_acls;"`
+					HostPattern string                `valid:"optional"`
+					Action      string                `valid:"required"`
+					Weight      uint                  ``
+					Comment     string                `valid:"optional"`
+					Inception   *time.Time
+					Expiration  *time.Time
+				}
+				return tx.AutoMigrate(&ACL{}).Error
+			},
+			Rollback: func(tx *gorm.DB) error { return fmt.Errorf("not implemented") },
 		},
 	})
 	if err := m.Migrate(); err != nil {
@@ -498,7 +537,7 @@ func DBInit(db *gorm.DB) error {
 		return err
 	}
 	if count == 0 {
-		key, err := crypto.NewSSHKey("rsa", 2048)
+		key, err := crypto.NewSSHKey("ed25519", 1)
 		if err != nil {
 			return err
 		}
@@ -605,7 +644,7 @@ func DBInit(db *gorm.DB) error {
 		return err
 	}
 	if count == 0 {
-		key, err := crypto.NewSSHKey("rsa", 2048)
+		key, err := crypto.NewSSHKey("ed25519", 1)
 		if err != nil {
 			return err
 		}
--- a/pkg/bastion/session.go
+++ b/pkg/bastion/session.go
@@ -1,26 +1,28 @@
 package bastion // import "moul.io/sshportal/pkg/bastion"

 import (
-	"errors"
 	"fmt"
 	"io"
+	"io/ioutil"
 	"log"
 	"os"
-	"strings"
+	"path/filepath"
 	"time"

 	"github.com/gliderlabs/ssh"
+	"github.com/pkg/errors"
 	"github.com/sabban/bastion/pkg/logchannel"
 	gossh "golang.org/x/crypto/ssh"
 )

 type sessionConfig struct {
 	Addr         string
-	Logs         string
+	LogsLocation string
 	ClientConfig *gossh.ClientConfig
+	LoggingMode  string
 }

-func multiChannelHandler(srv *ssh.Server, conn *gossh.ServerConn, newChan gossh.NewChannel, ctx ssh.Context, configs []sessionConfig, sessionID uint) error {
+func multiChannelHandler(conn *gossh.ServerConn, newChan gossh.NewChannel, ctx ssh.Context, configs []sessionConfig, sessionID uint) error {
 	var lastClient *gossh.Client
 	switch newChan.ChannelType() {
 	case "session":
@@ -63,7 +65,7 @@ func multiChannelHandler(srv *ssh.Server, conn *gossh.ServerConn, newChan gossh.
 		actx := ctx.Value(authContextKey).(*authContext)
 		username := actx.user.Name
 		// pipe everything
-		return pipe(lreqs, rreqs, lch, rch, configs[len(configs)-1].Logs, user, username, sessionID, newChan)
+		return pipe(lreqs, rreqs, lch, rch, configs[len(configs)-1], user, username, sessionID, newChan)
 	case "direct-tcpip":
 		lch, lreqs, err := newChan.Accept()
 		// TODO: defer clean closer
@@ -108,7 +110,7 @@ func multiChannelHandler(srv *ssh.Server, conn *gossh.ServerConn, newChan gossh.
 		actx := ctx.Value(authContextKey).(*authContext)
 		username := actx.user.Name
 		// pipe everything
-		return pipe(lreqs, rreqs, lch, rch, configs[len(configs)-1].Logs, user, username, sessionID, newChan)
+		return pipe(lreqs, rreqs, lch, rch, configs[len(configs)-1], user, username, sessionID, newChan)
 	default:
 		if err := newChan.Reject(gossh.UnknownChannelType, "unsupported channel type"); err != nil {
 			log.Printf("failed to reject chan: %v", err)
@@ -117,65 +119,77 @@ func multiChannelHandler(srv *ssh.Server, conn *gossh.ServerConn, newChan gossh.
 	}
 }

-func pipe(lreqs, rreqs <-chan *gossh.Request, lch, rch gossh.Channel, logsLocation string, user string, username string, sessionID uint, newChan gossh.NewChannel) error {
+func pipe(lreqs, rreqs <-chan *gossh.Request, lch, rch gossh.Channel, sessConfig sessionConfig, user string, username string, sessionID uint, newChan gossh.NewChannel) error {
 	defer func() {
 		_ = lch.Close()
 		_ = rch.Close()
 	}()

 	errch := make(chan error, 1)
+	quit := make(chan string, 1)
 	channeltype := newChan.ChannelType()

-	filename := strings.Join([]string{logsLocation, "/", user, "-", username, "-", channeltype, "-", fmt.Sprint(sessionID), "-", time.Now().Format(time.RFC3339)}, "") // get user
-	f, err := os.OpenFile(filename, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0440)
-	defer func() {
-		_ = f.Close()
-	}()
-
-	if err != nil {
-		log.Fatalf("error: %v", err)
+	var logWriter io.WriteCloser = newDiscardWriteCloser()
+	if sessConfig.LoggingMode != "disabled" {
+		filename := filepath.Join(sessConfig.LogsLocation, fmt.Sprintf("%s-%s-%s-%d-%s", user, username, channeltype, sessionID, time.Now().Format(time.RFC3339)))
+		f, err := os.OpenFile(filename, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0440)
+		if err != nil {
+			return errors.Wrap(err, "open log file")
+		}
+		defer func() {
+			_ = f.Close()
+		}()
+		log.Printf("Session %v is recorded in %v", channeltype, filename)
+		logWriter = f
 	}

-	log.Printf("Session %v is recorded in %v", channeltype, filename)
 	if channeltype == "session" {
-		wrappedlch := logchannel.New(lch, f)
-		go func() {
-			_, _ = io.Copy(wrappedlch, rch)
-			errch <- errors.New("lch closed the connection")
-		}()
-
-		go func() {
-			_, _ = io.Copy(rch, lch)
-			errch <- errors.New("rch closed the connection")
-		}()
+		switch sessConfig.LoggingMode {
+		case "input":
+			wrappedrch := logchannel.New(rch, logWriter)
+			go func(quit chan string) {
+				_, _ = io.Copy(lch, rch)
+				quit <- "rch"
+			}(quit)
+			go func(quit chan string) {
+				_, _ = io.Copy(wrappedrch, lch)
+				quit <- "lch"
+			}(quit)
+		default: // everything, disabled
+			wrappedlch := logchannel.New(lch, logWriter)
+			go func(quit chan string) {
+				_, _ = io.Copy(wrappedlch, rch)
+				quit <- "rch"
+			}(quit)
+			go func(quit chan string) {
+				_, _ = io.Copy(rch, lch)
+				quit <- "lch"
+			}(quit)
+		}
 	}
 	if channeltype == "direct-tcpip" {
 		d := logTunnelForwardData{}
 		if err := gossh.Unmarshal(newChan.ExtraData(), &d); err != nil {
 			return err
 		}
-		wrappedlch := newLogTunnel(lch, f, d.SourceHost)
-		wrappedrch := newLogTunnel(rch, f, d.DestinationHost)
-		go func() {
+		wrappedlch := newLogTunnel(lch, logWriter, d.SourceHost)
+		wrappedrch := newLogTunnel(rch, logWriter, d.DestinationHost)
+		go func(quit chan string) {
 			_, _ = io.Copy(wrappedlch, rch)
-			errch <- errors.New("lch closed the connection")
-		}()
+			quit <- "rch"
+		}(quit)

-		go func() {
+		go func(quit chan string) {
 			_, _ = io.Copy(wrappedrch, lch)
-			errch <- errors.New("rch closed the connection")
-		}()
+			quit <- "lch"
+		}(quit)
 	}

-	for {
-		select {
-		case req := <-lreqs: // forward ssh requests from local to remote
-			if req == nil {
-				return nil
-			}
+	go func(quit chan string) {
+		for req := range lreqs {
 			b, err := rch.SendRequest(req.Type, req.WantReply, req.Payload)
 			if req.Type == "exec" {
-				wrappedlch := logchannel.New(lch, f)
+				wrappedlch := logchannel.New(lch, logWriter)
 				command := append(req.Payload, []byte("\n")...)
 				if _, err := wrappedlch.LogWrite(command); err != nil {
 					log.Printf("failed to write log: %v", err)
@@ -183,24 +197,68 @@ func pipe(lreqs, rreqs <-chan *gossh.Request, lch, rch gossh.Channel, logsLocati
 			}

 			if err != nil {
-				return err
+				errch <- err
 			}
 			if err2 := req.Reply(b, nil); err2 != nil {
-				return err2
-			}
-		case req := <-rreqs: // forward ssh requests from remote to local
-			if req == nil {
-				return nil
+				errch <- err2
 			}
+		}
+		quit <- "lreqs"
+	}(quit)
+
+	go func(quit chan string) {
+		for req := range rreqs {
 			b, err := lch.SendRequest(req.Type, req.WantReply, req.Payload)
 			if err != nil {
-				return err
+				errch <- err
 			}
 			if err2 := req.Reply(b, nil); err2 != nil {
-				return err2
+				errch <- err2
 			}
+		}
+		quit <- "rreqs"
+	}(quit)
+
+	lchEOF, rchEOF, lchClosed, rchClosed := false, false, false, false
+	for {
+		select {
 		case err := <-errch:
 			return err
+		case q := <-quit:
+			switch q {
+			case "lch":
+				lchEOF = true
+				_ = rch.CloseWrite()
+			case "rch":
+				rchEOF = true
+				_ = lch.CloseWrite()
+			case "lreqs":
+				lchClosed = true
+			case "rreqs":
+				rchClosed = true
+			}
+
+			if lchEOF && lchClosed && !rchClosed {
+				rch.Close()
+			}
+
+			if rchEOF && rchClosed && !lchClosed {
+				lch.Close()
+			}
+
+			if lchEOF && rchEOF && lchClosed && rchClosed {
+				return nil
+			}
 		}
 	}
 }
+
+func newDiscardWriteCloser() io.WriteCloser { return &discardWriteCloser{ioutil.Discard} }
+
+type discardWriteCloser struct {
+	io.Writer
+}
+
+func (discardWriteCloser) Close() error {
+	return nil
+}
--- a/pkg/bastion/shell.go
+++ b/pkg/bastion/shell.go
@@ -67,6 +67,8 @@ GLOBAL OPTIONS:
 	app.Writer = s
 	app.HideVersion = true

+	dbmodels.InitValidator()
+
 	var (
 		myself = &actx.user
 		db     = actx.db
@@ -88,17 +90,31 @@ GLOBAL OPTIONS:
 						cli.StringFlag{Name: "comment", Usage: "Adds a comment"},
 						cli.StringFlag{Name: "action", Usage: "Assigns the ACL action (allow,deny)", Value: string(dbmodels.ACLActionAllow)},
 						cli.UintFlag{Name: "weight, w", Usage: "Assigns the ACL weight (priority)"},
+						cli.StringFlag{Name: "inception, i", Usage: "Assigns inception date-time"},
+						cli.StringFlag{Name: "expiration, e", Usage: "Assigns expiration date-time"},
 					},
 					Action: func(c *cli.Context) error {
 						if err := myself.CheckRoles([]string{"admin"}); err != nil {
 							return err
 						}
+
+						inception, err := parseOptionalTime(c.String("inception"))
+						if err != nil {
+							return err
+						}
+						expiration, err := parseOptionalTime(c.String("expiration"))
+						if err != nil {
+							return err
+						}
+
 						acl := dbmodels.ACL{
 							Comment:     c.String("comment"),
 							HostPattern: c.String("pattern"),
 							UserGroups:  []*dbmodels.UserGroup{},
 							HostGroups:  []*dbmodels.HostGroup{},
 							Weight:      c.Uint("weight"),
+							Inception:   inception,
+							Expiration:  expiration,
 							Action:      c.String("action"),
 						}
 						if acl.Action != string(dbmodels.ACLActionAllow) && acl.Action != string(dbmodels.ACLActionDeny) {
@@ -173,10 +189,8 @@ GLOBAL OPTIONS:
 								return err
 							}
 							acls = append(acls, &acl)
-						} else {
-							if err := query.Find(&acls).Error; err != nil {
-								return err
-							}
+						} else if err := query.Find(&acls).Error; err != nil {
+							return err
 						}
 						if c.Bool("quiet") {
 							for _, acl := range acls {
@@ -186,7 +200,7 @@ GLOBAL OPTIONS:
 						}

 						table := tablewriter.NewWriter(s)
-						table.SetHeader([]string{"ID", "Weight", "User groups", "Host groups", "Host pattern", "Action", "Updated", "Created", "Comment"})
+						table.SetHeader([]string{"ID", "Weight", "User groups", "Host groups", "Host pattern", "Action", "Inception", "Expiration", "Updated", "Created", "Comment"})
 						table.SetBorder(false)
 						table.SetCaption(true, fmt.Sprintf("Total: %d ACLs.", len(acls)))
 						for _, acl := range acls {
@@ -199,6 +213,15 @@ GLOBAL OPTIONS:
 								hostGroups = append(hostGroups, entity.Name)
 							}

+							inception := ""
+							if acl.Inception != nil {
+								inception = acl.Inception.Format("2006-01-02 15:04 MST")
+							}
+							expiration := ""
+							if acl.Expiration != nil {
+								expiration = acl.Expiration.Format("2006-01-02 15:04 MST")
+							}
+
 							table.Append([]string{
 								fmt.Sprintf("%d", acl.ID),
 								fmt.Sprintf("%d", acl.Weight),
@@ -206,6 +229,8 @@ GLOBAL OPTIONS:
 								strings.Join(hostGroups, ", "),
 								acl.HostPattern,
 								acl.Action,
+								inception,
+								expiration,
 								humanize.Time(acl.UpdatedAt),
 								humanize.Time(acl.CreatedAt),
 								acl.Comment,
@@ -236,6 +261,10 @@ GLOBAL OPTIONS:
 						cli.StringFlag{Name: "action, a", Usage: "Update action"},
 						cli.StringFlag{Name: "pattern, p", Usage: "Update host-pattern"},
 						cli.UintFlag{Name: "weight, w", Usage: "Update weight"},
+						cli.StringFlag{Name: "inception, i", Usage: "Update inception date-time"},
+						cli.BoolFlag{Name: "unset-inception", Usage: "Unset inception date-time"},
+						cli.BoolFlag{Name: "unset-expiration", Usage: "Unset expiration date-time"},
+						cli.StringFlag{Name: "expiration, e", Usage: "Update expiration date-time"},
 						cli.StringFlag{Name: "comment, c", Usage: "Update comment"},
 						cli.StringSliceFlag{Name: "assign-usergroup, ug", Usage: "Assign the ACL to new `USERGROUPS`"},
 						cli.StringSliceFlag{Name: "unassign-usergroup", Usage: "Unassign the ACL from `USERGROUPS`"},
@@ -250,18 +279,29 @@ GLOBAL OPTIONS:
 							return err
 						}

-						var acls []dbmodels.ACL
+						var acls []*dbmodels.ACL
 						if err := dbmodels.ACLsByIdentifiers(db, c.Args()).Find(&acls).Error; err != nil {
 							return err
 						}

 						tx := db.Begin()
 						for _, acl := range acls {
-							model := tx.Model(&acl)
+							model := tx.Model(acl)
+							inception, err := parseOptionalTime(c.String("inception"))
+							if err != nil {
+								return err
+							}
+							expiration, err := parseOptionalTime(c.String("expiration"))
+							if err != nil {
+								return err
+							}
+
 							update := dbmodels.ACL{
 								Action:      c.String("action"),
 								HostPattern: c.String("pattern"),
 								Weight:      c.Uint("weight"),
+								Inception:   inception,
+								Expiration:  expiration,
 								Comment:     c.String("comment"),
 							}
 							if err := model.Updates(update).Error; err != nil {
@@ -269,6 +309,19 @@ GLOBAL OPTIONS:
 								return err
 							}

+							if c.Bool("unset-inception") {
+								if err := model.Update("inception", nil).Error; err != nil {
+									tx.Rollback()
+									return err
+								}
+							}
+							if c.Bool("unset-expiration") {
+								if err := model.Update("expiration", nil).Error; err != nil {
+									tx.Rollback()
+									return err
+								}
+							}
+
 							// associations
 							var appendUserGroups []dbmodels.UserGroup
 							var deleteUserGroups []dbmodels.UserGroup
@@ -477,6 +530,7 @@ GLOBAL OPTIONS:
 							}
 						}
 						for _, host := range config.Hosts {
+							host := host
 							crypto.HostDecrypt(actx.aesKey, host)
 							if !c.Bool("decrypt") {
 								if err := crypto.HostEncrypt(actx.aesKey, host); err != nil {
@@ -489,30 +543,35 @@ GLOBAL OPTIONS:
 							}
 						}
 						for _, user := range config.Users {
+							user := user
 							if err := tx.FirstOrCreate(&user).Error; err != nil {
 								tx.Rollback()
 								return err
 							}
 						}
 						for _, acl := range config.ACLs {
+							acl := acl
 							if err := tx.FirstOrCreate(&acl).Error; err != nil {
 								tx.Rollback()
 								return err
 							}
 						}
 						for _, hostGroup := range config.HostGroups {
+							hostGroup := hostGroup
 							if err := tx.FirstOrCreate(&hostGroup).Error; err != nil {
 								tx.Rollback()
 								return err
 							}
 						}
 						for _, userGroup := range config.UserGroups {
+							userGroup := userGroup
 							if err := tx.FirstOrCreate(&userGroup).Error; err != nil {
 								tx.Rollback()
 								return err
 							}
 						}
 						for _, sshKey := range config.SSHKeys {
+							sshKey := sshKey
 							crypto.SSHKeyDecrypt(actx.aesKey, sshKey)
 							if !c.Bool("decrypt") {
 								if err := crypto.SSHKeyEncrypt(actx.aesKey, sshKey); err != nil {
@@ -525,24 +584,28 @@ GLOBAL OPTIONS:
 							}
 						}
 						for _, userKey := range config.UserKeys {
+							userKey := userKey
 							if err := tx.FirstOrCreate(&userKey).Error; err != nil {
 								tx.Rollback()
 								return err
 							}
 						}
 						for _, setting := range config.Settings {
+							setting := setting
 							if err := tx.FirstOrCreate(&setting).Error; err != nil {
 								tx.Rollback()
 								return err
 							}
 						}
 						for _, session := range config.Sessions {
+							session := session
 							if err := tx.FirstOrCreate(&session).Error; err != nil {
 								tx.Rollback()
 								return err
 							}
 						}
 						for _, event := range config.Events {
+							event := event
 							if err := tx.FirstOrCreate(&event).Error; err != nil {
 								tx.Rollback()
 								return err
@@ -612,10 +675,8 @@ GLOBAL OPTIONS:
 								return err
 							}
 							events = append(events, event)
-						} else {
-							if err := query.Find(&events).Error; err != nil {
-								return err
-							}
+						} else if err := query.Find(&events).Error; err != nil {
+							return err
 						}

 						if c.Bool("quiet") {
@@ -664,6 +725,7 @@ GLOBAL OPTIONS:
 						cli.StringFlag{Name: "comment, c"},
 						cli.StringFlag{Name: "key, k", Usage: "`KEY` to use for authentication"},
 						cli.StringFlag{Name: "hop, o", Usage: "Hop to use for connecting to the server"},
+						cli.StringFlag{Name: "logging, l", Usage: "Logging mode (disabled, input, everything)"},
 						cli.StringSliceFlag{Name: "group, g", Usage: "Assigns the host to `HOSTGROUPS` (default: \"default\")"},
 					},
 					Action: func(c *cli.Context) error {
@@ -706,6 +768,11 @@ GLOBAL OPTIONS:
 						if c.String("name") != "" {
 							host.Name = c.String("name")
 						}
+
+						host.Logging = "everything" // default is everything
+						if c.String("logging") != "" {
+							host.Logging = c.String("logging")
+						}
 						// FIXME: check if name already exists

 						if _, err := govalidator.ValidateStruct(host); err != nil {
@@ -799,10 +866,8 @@ GLOBAL OPTIONS:
 								return err
 							}
 							hosts = append(hosts, &host)
-						} else {
-							if err := query.Find(&hosts).Error; err != nil {
-								return err
-							}
+						} else if err := query.Find(&hosts).Error; err != nil {
+							return err
 						}

 						if c.Bool("quiet") {
@@ -813,14 +878,14 @@ GLOBAL OPTIONS:
 						}

 						table := tablewriter.NewWriter(s)
-						table.SetHeader([]string{"ID", "Name", "URL", "Key", "Groups", "Updated", "Created", "Comment", "Hop"})
+						table.SetHeader([]string{"ID", "Name", "URL", "Key", "Groups", "Updated", "Created", "Comment", "Hop", "Logging"})
 						table.SetBorder(false)
 						table.SetCaption(true, fmt.Sprintf("Total: %d hosts.", len(hosts)))
 						for _, host := range hosts {
 							authKey := ""
 							if host.SSHKeyID > 0 {
 								var key dbmodels.SSHKey
-								db.Model(&host).Related(&key)
+								db.Model(host).Related(&key)
 								authKey = key.Name
 							}
 							groupNames := []string{}
@@ -830,7 +895,7 @@ GLOBAL OPTIONS:
 							var hop string
 							if host.HopID != 0 {
 								var hopHost dbmodels.Host
-								db.Model(&host).Related(&hopHost, "HopID")
+								db.Model(host).Related(&hopHost, "HopID")
 								hop = hopHost.Name
 							} else {
 								hop = ""
@@ -845,6 +910,7 @@ GLOBAL OPTIONS:
 								humanize.Time(host.CreatedAt),
 								host.Comment,
 								hop,
+								host.Logging,
 								//FIXME: add some stats about last access time etc
 							})
 						}
@@ -876,6 +942,7 @@ GLOBAL OPTIONS:
 						cli.StringFlag{Name: "comment, c", Usage: "Update/set a host comment"},
 						cli.StringFlag{Name: "key, k", Usage: "Link a `KEY` to use for authentication"},
 						cli.StringFlag{Name: "hop, o", Usage: "Change the hop to use for connecting to the server"},
+						cli.StringFlag{Name: "logging, l", Usage: "Logging mode (disabled, input, everything)"},
 						cli.BoolFlag{Name: "unset-hop", Usage: "Remove the hop set for this host"},
 						cli.StringSliceFlag{Name: "assign-group, g", Usage: "Assign the host to a new `HOSTGROUPS`"},
 						cli.StringSliceFlag{Name: "unassign-group", Usage: "Unassign the host from a `HOSTGROUPS`"},
@@ -900,6 +967,7 @@ GLOBAL OPTIONS:

 						tx := db.Begin()
 						for _, host := range hosts {
+							host := host
 							model := tx.Model(&host)
 							// simple fields
 							for _, fieldname := range []string{"name", "comment"} {
@@ -937,6 +1005,17 @@ GLOBAL OPTIONS:
 								}
 							}

+							// logging
+							if logging := c.String("logging"); logging != "" {
+								if !dbmodels.IsValidHostLoggingMode(logging) {
+									return fmt.Errorf("invalid host logging mode: %q", logging)
+								}
+								if err := model.Update("logging", logging).Error; err != nil {
+									tx.Rollback()
+									return err
+								}
+							}
+
 							// remove the hop
 							if c.Bool("unset-hop") {
 								var hopHost dbmodels.Host
@@ -1063,10 +1142,8 @@ GLOBAL OPTIONS:
 								return err
 							}
 							hostGroups = append(hostGroups, &hostGroup)
-						} else {
-							if err := query.Find(&hostGroups).Error; err != nil {
-								return err
-							}
+						} else if err := query.Find(&hostGroups).Error; err != nil {
+							return err
 						}

 						if c.Bool("quiet") {
@@ -1127,7 +1204,7 @@ GLOBAL OPTIONS:
 							return err
 						}

-						var hostgroups []dbmodels.HostGroup
+						var hostgroups []*dbmodels.HostGroup
 						if err := dbmodels.HostGroupsByIdentifiers(db, c.Args()).Find(&hostgroups).Error; err != nil {
 							return err
 						}
@@ -1138,7 +1215,7 @@ GLOBAL OPTIONS:

 						tx := db.Begin()
 						for _, hostgroup := range hostgroups {
-							model := tx.Model(&hostgroup)
+							model := tx.Model(hostgroup)
 							// simple fields
 							for _, fieldname := range []string{"name", "comment"} {
 								if c.String(fieldname) != "" {
@@ -1199,8 +1276,8 @@ GLOBAL OPTIONS:
 					Description: "$> key create\n   $> key create --name=mykey",
 					Flags: []cli.Flag{
 						cli.StringFlag{Name: "name", Usage: "Assigns a name to the key"},
-						cli.StringFlag{Name: "type", Value: "rsa"},
-						cli.UintFlag{Name: "length", Value: 2048},
+						cli.StringFlag{Name: "type", Value: "ed25519"},
+						cli.UintFlag{Name: "length", Value: 0},
 						cli.StringFlag{Name: "comment", Usage: "Adds a comment"},
 					},
 					Action: func(c *cli.Context) error {
@@ -1213,7 +1290,24 @@ GLOBAL OPTIONS:
 							name = c.String("name")
 						}

-						key, err := crypto.NewSSHKey(c.String("type"), c.Uint("length"))
+						length := c.Uint("length")
+						if length == 0 {
+							switch c.String("type") {
+							case "rsa":
+								// same default as ssh-keygen
+								length = 3072
+							case "ecdsa":
+								// same default as ssh-keygen
+								length = 256
+							case "ed25519":
+								// irrelevant for ed25519
+								// set it to 1 to enforce consistency
+								// and because 0 is invalid
+								length = 1
+							}
+						}
+
+						key, err := crypto.NewSSHKey(c.String("type"), length)
 						if actx.aesKey != "" {
 							if err2 := crypto.SSHKeyEncrypt(actx.aesKey, key); err2 != nil {
 								return err2
@@ -1342,10 +1436,8 @@ GLOBAL OPTIONS:
 								return err
 							}
 							sshKeys = append(sshKeys, &sshKey)
-						} else {
-							if err := query.Find(&sshKeys).Error; err != nil {
-								return err
-							}
+						} else if err := query.Find(&sshKeys).Error; err != nil {
+							return err
 						}
 						if c.Bool("quiet") {
 							for _, sshKey := range sshKeys {
@@ -1584,10 +1676,8 @@ GLOBAL OPTIONS:
 								return err
 							}
 							users = append(users, &user)
-						} else {
-							if err := query.Find(&users).Error; err != nil {
-								return err
-							}
+						} else if err := query.Find(&users).Error; err != nil {
+							return err
 						}
 						if c.Bool("quiet") {
 							for _, user := range users {
@@ -1646,6 +1736,8 @@ GLOBAL OPTIONS:
 					Flags: []cli.Flag{
 						cli.StringFlag{Name: "name, n", Usage: "Renames the user"},
 						cli.StringFlag{Name: "email, e", Usage: "Updates the email"},
+						cli.StringFlag{Name: "invite_token, i", Usage: "Updates the invite token"},
+						cli.BoolFlag{Name: "remove_invite, R", Usage: "Remove invite token"},
 						cli.StringSliceFlag{Name: "assign-role, r", Usage: "Assign the user to new `USERROLES`"},
 						cli.StringSliceFlag{Name: "unassign-role", Usage: "Unassign the user from `USERROLES`"},
 						cli.StringSliceFlag{Name: "assign-group, g", Usage: "Assign the user to new `USERGROUPS`"},
@@ -1661,7 +1753,7 @@ GLOBAL OPTIONS:
 						}

 						// FIXME: check if unset-admin + user == myself
-						var users []dbmodels.User
+						var users []*dbmodels.User
 						if err := dbmodels.UsersByIdentifiers(db, c.Args()).Find(&users).Error; err != nil {
 							return err
 						}
@@ -1676,9 +1768,9 @@ GLOBAL OPTIONS:

 						tx := db.Begin()
 						for _, user := range users {
-							model := tx.Model(&user)
+							model := tx.Model(user)
 							// simple fields
-							for _, fieldname := range []string{"name", "email", "comment"} {
+							for _, fieldname := range []string{"name", "email", "comment", "invite_token"} {
 								if c.String(fieldname) != "" {
 									if err := model.Update(fieldname, c.String(fieldname)).Error; err != nil {
 										tx.Rollback()
@@ -1686,6 +1778,13 @@ GLOBAL OPTIONS:
 									}
 								}
 							}
+							// invite remove
+							if c.Bool("remove_invite") {
+								if err := model.Update("invite_token", "").Error; err != nil {
+									tx.Rollback()
+									return err
+								}
+							}

 							// associations
 							var appendGroups []dbmodels.UserGroup
@@ -1814,10 +1913,8 @@ GLOBAL OPTIONS:
 								return err
 							}
 							userGroups = append(userGroups, &userGroup)
-						} else {
-							if err := query.Find(&userGroups).Error; err != nil {
-								return err
-							}
+						} else if err := query.Find(&userGroups).Error; err != nil {
+							return err
 						}
 						if c.Bool("quiet") {
 							for _, userGroup := range userGroups {
@@ -1877,7 +1974,7 @@ GLOBAL OPTIONS:
 							return err
 						}

-						var usergroups []dbmodels.UserGroup
+						var usergroups []*dbmodels.UserGroup
 						if err := dbmodels.UserGroupsByIdentifiers(db, c.Args()).Find(&usergroups).Error; err != nil {
 							return err
 						}
@@ -1888,7 +1985,7 @@ GLOBAL OPTIONS:

 						tx := db.Begin()
 						for _, usergroup := range usergroups {
-							model := tx.Model(&usergroup)
+							model := tx.Model(usergroup)
 							// simple fields
 							for _, fieldname := range []string{"name", "comment"} {
 								if c.String(fieldname) != "" {
@@ -2001,10 +2098,8 @@ GLOBAL OPTIONS:
 								return err
 							}
 							userKeys = append(userKeys, &userKey)
-						} else {
-							if err := query.Find(&userKeys).Error; err != nil {
-								return err
-							}
+						} else if err := query.Find(&userKeys).Error; err != nil {
+							return err
 						}
 						if c.Bool("quiet") {
 							for _, userKey := range userKeys {
@@ -2112,7 +2207,6 @@ GLOBAL OPTIONS:

 							factor := 1
 							for len(sessions) >= limit*factor {
-
 								var additionnalSessions []*dbmodels.Session

 								offset = limit * factor
@@ -2247,3 +2341,14 @@ func parseInputURL(input string) (*url.URL, error) {
 	}
 	return u, nil
 }
+
+func parseOptionalTime(input string) (*time.Time, error) {
+	if input != "" {
+		parsed, err := time.ParseInLocation("2006-01-02 15:04", input, time.Local)
+		if err != nil {
+			return nil, err
+		}
+		return &parsed, nil
+	}
+	return nil, nil
+}
--- a/pkg/bastion/ssh.go
+++ b/pkg/bastion/ssh.go
@@ -122,7 +122,8 @@ func ChannelHandler(srv *ssh.Server, conn *gossh.ServerConn, newChan gossh.NewCh
 				sessionConfigs = append([]sessionConfig{{
 					Addr:         currentHost.DialAddr(),
 					ClientConfig: clientConfig,
-					Logs:         actx.logsLocation,
+					LogsLocation: actx.logsLocation,
+					LoggingMode:  currentHost.Logging,
 				}}, sessionConfigs...)
 				if currentHost.HopID != 0 {
 					var newHost dbmodels.Host
@@ -149,7 +150,7 @@ func ChannelHandler(srv *ssh.Server, conn *gossh.ServerConn, newChan gossh.NewCh
 				return
 			}
 			go func() {
-				err = multiChannelHandler(srv, conn, newChan, ctx, sessionConfigs, sess.ID)
+				err = multiChannelHandler(conn, newChan, ctx, sessionConfigs, sess.ID)
 				if err != nil {
 					log.Printf("Error: %v", err)
 				}
@@ -160,8 +161,7 @@ func ChannelHandler(srv *ssh.Server, conn *gossh.ServerConn, newChan gossh.NewCh
 					ErrMsg:    fmt.Sprintf("%v", err),
 					StoppedAt: &now,
 				}
-				switch sessUpdate.ErrMsg {
-				case "lch closed the connection", "rch closed the connection":
+				if err == nil {
 					sessUpdate.ErrMsg = ""
 				}
 				actx.db.Model(&sess).Updates(&sessUpdate)
@@ -205,11 +205,8 @@ func bastionClientConfig(ctx ssh.Context, host *dbmodels.Host) (*gossh.ClientCon
 	if err = actx.db.Preload("Groups").Preload("Groups.ACLs").Where("id = ?", host.ID).First(&tmpHost).Error; err != nil {
 		return nil, err
 	}
-	action, err2 := checkACLs(tmpUser, tmpHost)
-	if err2 != nil {
-		return nil, err2
-	}

+	action := checkACLs(tmpUser, tmpHost)
 	switch action {
 	case string(dbmodels.ACLActionAllow):
 		// do nothing
--- a/pkg/crypto/crypto.go
+++ b/pkg/crypto/crypto.go
@@ -4,6 +4,9 @@ import (
 	"bytes"
 	"crypto/aes"
 	"crypto/cipher"
+	"crypto/ecdsa"
+	"crypto/ed25519"
+	"crypto/elliptic"
 	"crypto/rand"
 	"crypto/rsa"
 	"crypto/x509"
@@ -25,35 +28,108 @@ func NewSSHKey(keyType string, length uint) (*dbmodels.SSHKey, error) {
 	}

 	// generate the private key
-	if keyType != "rsa" {
-		return nil, fmt.Errorf("key type not supported: %q", key.Type)
+	var err error
+	var pemKey *pem.Block
+	var publicKey gossh.PublicKey
+	switch keyType {
+	case "rsa":
+		pemKey, publicKey, err = NewRSAKey(length)
+	case "ecdsa":
+		pemKey, publicKey, err = NewECDSAKey(length)
+	case "ed25519":
+		pemKey, publicKey, err = NewEd25519Key()
+	default:
+		return nil, fmt.Errorf("key type not supported: %q, supported types are: rsa, ecdsa, ed25519", key.Type)
 	}
-	privateKey, err := rsa.GenerateKey(rand.Reader, 2048)
 	if err != nil {
 		return nil, err
 	}

-	// convert priv key to x509 format
-	var pemKey = &pem.Block{
-		Type:  "RSA PRIVATE KEY",
-		Bytes: x509.MarshalPKCS1PrivateKey(privateKey),
-	}
 	buf := bytes.NewBufferString("")
 	if err = pem.Encode(buf, pemKey); err != nil {
 		return nil, err
 	}
 	key.PrivKey = buf.String()

-	// generte authorized-key formatted pubkey output
-	pub, err := gossh.NewPublicKey(&privateKey.PublicKey)
-	if err != nil {
-		return nil, err
-	}
-	key.PubKey = strings.TrimSpace(string(gossh.MarshalAuthorizedKey(pub)))
+	// generate authorized-key formatted pubkey output
+	key.PubKey = strings.TrimSpace(string(gossh.MarshalAuthorizedKey(publicKey)))

 	return &key, nil
 }

+func NewRSAKey(length uint) (*pem.Block, gossh.PublicKey, error) {
+	if length < 1024 || length > 16384 {
+		return nil, nil, fmt.Errorf("key length not supported: %d, supported values are between 1024 and 16384", length)
+	}
+	privateKey, err := rsa.GenerateKey(rand.Reader, int(length))
+	if err != nil {
+		return nil, nil, err
+	}
+	// convert priv key to x509 format
+	pemKey := &pem.Block{
+		Type:  "RSA PRIVATE KEY",
+		Bytes: x509.MarshalPKCS1PrivateKey(privateKey),
+	}
+	publicKey, err := gossh.NewPublicKey(&privateKey.PublicKey)
+	if err != nil {
+		return nil, nil, err
+	}
+	return pemKey, publicKey, err
+}
+
+func NewECDSAKey(length uint) (*pem.Block, gossh.PublicKey, error) {
+	var curve elliptic.Curve
+	switch length {
+	case 256:
+		curve = elliptic.P256()
+	case 384:
+		curve = elliptic.P384()
+	case 521:
+		curve = elliptic.P521()
+	default:
+		return nil, nil, fmt.Errorf("key length not supported: %d, supported values are 256, 384, 521", length)
+	}
+	privateKey, err := ecdsa.GenerateKey(curve, rand.Reader)
+	if err != nil {
+		return nil, nil, err
+	}
+	// convert priv key to x509 format
+	marshaledKey, err := x509.MarshalPKCS8PrivateKey(privateKey)
+	pemKey := &pem.Block{
+		Type:  "PRIVATE KEY",
+		Bytes: marshaledKey,
+	}
+	if err != nil {
+		return nil, nil, err
+	}
+	publicKey, err := gossh.NewPublicKey(&privateKey.PublicKey)
+	if err != nil {
+		return nil, nil, err
+	}
+	return pemKey, publicKey, err
+}
+
+func NewEd25519Key() (*pem.Block, gossh.PublicKey, error) {
+	publicKeyEd25519, privateKey, err := ed25519.GenerateKey(rand.Reader)
+	if err != nil {
+		return nil, nil, err
+	}
+	// convert priv key to x509 format
+	marshaledKey, err := x509.MarshalPKCS8PrivateKey(privateKey)
+	pemKey := &pem.Block{
+		Type:  "PRIVATE KEY",
+		Bytes: marshaledKey,
+	}
+	if err != nil {
+		return nil, nil, err
+	}
+	publicKey, err := gossh.NewPublicKey(publicKeyEd25519)
+	if err != nil {
+		return nil, nil, err
+	}
+	return pemKey, publicKey, err
+}
+
 func ImportSSHKey(keyValue string) (*dbmodels.SSHKey, error) {
 	key := dbmodels.SSHKey{
 		Type: "rsa",
--- a/pkg/dbmodels/dbmodels.go
+++ b/pkg/dbmodels/dbmodels.go
@@ -5,12 +5,10 @@ import (
 	"fmt"
 	"log"
 	"net/url"
-	"regexp"
 	"strconv"
 	"strings"
 	"time"

-	"github.com/asaskevich/govalidator"
 	"github.com/jinzhu/gorm"
 	gossh "golang.org/x/crypto/ssh"
 )
@@ -40,12 +38,12 @@ type Setting struct {
 type SSHKey struct {
 	// FIXME: use uuid for ID
 	gorm.Model
-	Name        string  `valid:"required,length(1|32),unix_user"`
+	Name        string  `valid:"required,length(1|255),unix_user"`
 	Type        string  `valid:"required"`
 	Length      uint    `valid:"required"`
 	Fingerprint string  `valid:"optional"`
-	PrivKey     string  `sql:"size:10000" valid:"required"`
-	PubKey      string  `sql:"size:10000" valid:"optional"`
+	PrivKey     string  `sql:"size:5000" valid:"required"`
+	PubKey      string  `sql:"size:1000" valid:"optional"`
 	Hosts       []*Host `gorm:"ForeignKey:SSHKeyID"`
 	Comment     string  `valid:"optional"`
 }
@@ -53,16 +51,17 @@ type SSHKey struct {
 type Host struct {
 	// FIXME: use uuid for ID
 	gorm.Model
-	Name     string       `gorm:"size:32" valid:"required,length(1|32)"`
+	Name     string       `gorm:"size:255" valid:"required,length(1|255)"`
 	Addr     string       `valid:"optional"` // FIXME: to be removed in a future version in favor of URL
 	User     string       `valid:"optional"` // FIXME: to be removed in a future version in favor of URL
 	Password string       `valid:"optional"` // FIXME: to be removed in a future version in favor of URL
 	URL      string       `valid:"optional"`
 	SSHKey   *SSHKey      `gorm:"ForeignKey:SSHKeyID"` // SSHKey used to connect by the client
 	SSHKeyID uint         `gorm:"index"`
-	HostKey  []byte       `sql:"size:10000" valid:"optional"`
+	HostKey  []byte       `sql:"size:1000" valid:"optional"`
 	Groups   []*HostGroup `gorm:"many2many:host_host_groups;"`
 	Comment  string       `valid:"optional"`
+	Logging  string       `valid:"optional,host_logging_mode"`
 	Hop      *Host
 	HopID    uint
 }
@@ -70,8 +69,8 @@ type Host struct {
 // UserKey defines a user public key used by sshportal to identify the user
 type UserKey struct {
 	gorm.Model
-	Key           []byte `sql:"size:10000" valid:"length(1|10000)"`
-	AuthorizedKey string `sql:"size:10000" valid:"required,length(1|10000)"`
+	Key           []byte `sql:"size:1000" valid:"length(1|1000)"`
+	AuthorizedKey string `sql:"size:1000" valid:"required,length(1|1000)"`
 	UserID        uint   ``
 	User          *User  `gorm:"ForeignKey:UserID"`
 	Comment       string `valid:"optional"`
@@ -79,7 +78,7 @@ type UserKey struct {

 type UserRole struct {
 	gorm.Model
-	Name  string  `valid:"required,length(1|32),unix_user"`
+	Name  string  `valid:"required,length(1|255),unix_user"`
 	Users []*User `gorm:"many2many:user_user_roles"`
 }

@@ -88,7 +87,7 @@ type User struct {
 	gorm.Model
 	Roles       []*UserRole  `gorm:"many2many:user_user_roles"`
 	Email       string       `valid:"required,email"`
-	Name        string       `valid:"required,length(1|32),unix_user"`
+	Name        string       `valid:"required,length(1|255),unix_user"`
 	Keys        []*UserKey   `gorm:"ForeignKey:UserID"`
 	Groups      []*UserGroup `gorm:"many2many:user_user_groups;"`
 	Comment     string       `valid:"optional"`
@@ -97,7 +96,7 @@ type User struct {

 type UserGroup struct {
 	gorm.Model
-	Name    string  `valid:"required,length(1|32),unix_user"`
+	Name    string  `valid:"required,length(1|255),unix_user"`
 	Users   []*User `gorm:"many2many:user_user_groups;"`
 	ACLs    []*ACL  `gorm:"many2many:user_group_acls;"`
 	Comment string  `valid:"optional"`
@@ -105,7 +104,7 @@ type UserGroup struct {

 type HostGroup struct {
 	gorm.Model
-	Name    string  `valid:"required,length(1|32),unix_user"`
+	Name    string  `valid:"required,length(1|255),unix_user"`
 	Hosts   []*Host `gorm:"many2many:host_host_groups;"`
 	ACLs    []*ACL  `gorm:"many2many:host_group_acls;"`
 	Comment string  `valid:"optional"`
@@ -119,6 +118,8 @@ type ACL struct {
 	Action      string       `valid:"required"`
 	Weight      uint         ``
 	Comment     string       `valid:"optional"`
+	Inception   *time.Time
+	Expiration  *time.Time
 }

 type Session struct {
@@ -166,18 +167,6 @@ const (
 	BastionSchemeTelnet BastionScheme = "telnet"
 )

-func init() {
-	unixUserRegexp := regexp.MustCompile("[a-z_][a-z0-9_-]*")
-
-	govalidator.CustomTypeTagMap.Set("unix_user", govalidator.CustomTypeValidator(func(i interface{}, context interface{}) bool {
-		name, ok := i.(string)
-		if !ok {
-			return false
-		}
-		return unixUserRegexp.MatchString(name)
-	}))
-}
-
 // Host helpers

 func (host *Host) DialAddr() string {
--- a/pkg/dbmodels/validator.go
+++ b/pkg/dbmodels/validator.go
@@ -0,0 +1,33 @@
+package dbmodels
+
+import (
+	"regexp"
+
+	"github.com/asaskevich/govalidator"
+)
+
+func InitValidator() {
+	unixUserRegexp := regexp.MustCompile("[a-z_][a-z0-9_-]*")
+
+	govalidator.CustomTypeTagMap.Set("unix_user", govalidator.CustomTypeValidator(func(i interface{}, context interface{}) bool {
+		name, ok := i.(string)
+		if !ok {
+			return false
+		}
+		return unixUserRegexp.MatchString(name)
+	}))
+	govalidator.CustomTypeTagMap.Set("host_logging_mode", govalidator.CustomTypeValidator(func(i interface{}, context interface{}) bool {
+		name, ok := i.(string)
+		if !ok {
+			return false
+		}
+		if name == "" {
+			return true
+		}
+		return IsValidHostLoggingMode(name)
+	}))
+}
+
+func IsValidHostLoggingMode(name string) bool {
+	return name == "disabled" || name == "input" || name == "everything"
+}
--- a/rules.mk
+++ b/rules.mk
@@ -23,13 +23,17 @@
 # ||  |       |  |    | |                   /_/_/_/\___/\_,_/_/  |
 # +--------------------------------------------------------------+

-all: help
+.PHONY: _default_entrypoint
+_default_entrypoint: help

 ##
 ## Common helpers
 ##

 rwildcard = $(foreach d,$(wildcard $1*),$(call rwildcard,$d/,$2) $(filter $(subst *,%,$2),$d))
+check-program = $(foreach exec,$(1),$(if $(shell PATH="$(PATH)" which $(exec)),,$(error "No $(exec) in PATH")))
+my-filter-out = $(foreach v,$(2),$(if $(findstring $(1),$(v)),,$(v)))
+novendor = $(call my-filter-out,vendor/,$(1))

 ##
 ## rules.mk
@@ -70,20 +74,33 @@ GO ?= go
 GOPATH ?= $(HOME)/go
 GO_INSTALL_OPTS ?=
 GO_TEST_OPTS ?= -test.timeout=30s
-GOMOD_DIR ?= .
+GOMOD_DIRS ?= $(sort $(call novendor,$(dir $(call rwildcard,*,*/go.mod go.mod))))
 GOCOVERAGE_FILE ?= ./coverage.txt
+GOTESTJSON_FILE ?= ./go-test.json
+GOBUILDLOG_FILE ?= ./go-build.log
+GOINSTALLLOG_FILE ?= ./go-install.log

 ifdef GOBINS
 .PHONY: go.install
 go.install:
+ifeq ($(CI),true)
+	@rm -f /tmp/goinstall.log
+	@set -e; for dir in $(GOBINS); do ( set -xe; \
+	  cd $$dir; \
+	  $(GO) install -v $(GO_INSTALL_OPTS) .; \
+	); done 2>&1 | tee $(GOINSTALLLOG_FILE)
+
+else
 	@set -e; for dir in $(GOBINS); do ( set -xe; \
 	  cd $$dir; \
 	  $(GO) install $(GO_INSTALL_OPTS) .; \
 	); done
+endif
 INSTALL_STEPS += go.install

 .PHONY: go.release
 go.release:
+	$(call check-program, goreleaser)
 	goreleaser --snapshot --skip-publish --rm-dist
 	@echo -n "Do you want to release? [y/N] " && read ans && \
 	  if [ $${ans:-N} = y ]; then set -xe; goreleaser --rm-dist; fi
@@ -92,19 +109,34 @@ endif

 .PHONY: go.unittest
 go.unittest:
+ifeq ($(CI),true)
 	@echo "mode: atomic" > /tmp/gocoverage
-	@set -e; for dir in `find $(GOMOD_DIR) -type f -name "go.mod" | grep -v /vendor/ | sed 's@/[^/]*$$@@' | sort | uniq`; do (set -e; (set -xe; \
+	@rm -f $(GOTESTJSON_FILE)
+	@set -e; for dir in $(GOMOD_DIRS); do (set -e; (set -euf pipefail; \
+	    cd $$dir; \
+	    (($(GO) test ./... $(GO_TEST_OPTS) -cover -coverprofile=/tmp/profile.out -covermode=atomic -race -json && touch $@.ok) | tee -a $(GOTESTJSON_FILE) 3>&1 1>&2 2>&3 | tee -a $(GOBUILDLOG_FILE); \
+	  ); \
+	  rm $@.ok 2>/dev/null || exit 1; \
+	  if [ -f /tmp/profile.out ]; then \
+	    cat /tmp/profile.out | sed "/mode: atomic/d" >> /tmp/gocoverage; \
+	    rm -f /tmp/profile.out; \
+	  fi)); done
+	@mv /tmp/gocoverage $(GOCOVERAGE_FILE)
+else
+	@echo "mode: atomic" > /tmp/gocoverage
+	@set -e; for dir in $(GOMOD_DIRS); do (set -e; (set -xe; \
 	  cd $$dir; \
-	  $(GO) test $(GO_TEST_OPTS) -cover -coverprofile=/tmp/profile.out -covermode=atomic -race ./...); \
+	  $(GO) test ./... $(GO_TEST_OPTS) -cover -coverprofile=/tmp/profile.out -covermode=atomic -race); \
 	  if [ -f /tmp/profile.out ]; then \
 	    cat /tmp/profile.out | sed "/mode: atomic/d" >> /tmp/gocoverage; \
 	    rm -f /tmp/profile.out; \
 	  fi); done
 	@mv /tmp/gocoverage $(GOCOVERAGE_FILE)
+endif

 .PHONY: go.checkdoc
 go.checkdoc:
-	go doc $(GOMOD_DIR)
+	go doc $(first $(GOMOD_DIRS))

 .PHONY: go.coverfunc
 go.coverfunc: go.unittest
@@ -112,46 +144,88 @@ go.coverfunc: go.unittest

 .PHONY: go.lint
 go.lint:
-	@set -e; for dir in `find $(GOMOD_DIR) -type f -name "go.mod" | grep -v /vendor/ | sed 's@/[^/]*$$@@' | sort | uniq`; do ( set -xe; \
+	@set -e; for dir in $(GOMOD_DIRS); do ( set -xe; \
 	  cd $$dir; \
 	  golangci-lint run --verbose ./...; \
 	); done

 .PHONY: go.tidy
 go.tidy:
-	@set -e; for dir in `find $(GOMOD_DIR) -type f -name "go.mod" | grep -v /vendor/ | sed 's@/[^/]*$$@@' | sort | uniq`; do ( set -xe; \
+	@# tidy dirs with go.mod files
+	@set -e; for dir in $(GOMOD_DIRS); do ( set -xe; \
 	  cd $$dir; \
 	  $(GO)	mod tidy; \
 	); done

+.PHONY: go.depaware-update
+go.depaware-update: go.tidy
+	@# gen depaware for bins
+	@set -e; for dir in $(GOBINS); do ( set -xe; \
+	  cd $$dir; \
+	  $(GO) run github.com/tailscale/depaware --update .; \
+	); done
+	@# tidy unused depaware deps if not in a tools_test.go file
+	@set -e; for dir in $(GOMOD_DIRS); do ( set -xe; \
+	  cd $$dir; \
+	  $(GO)	mod tidy; \
+	); done
+
+.PHONY: go.depaware-check
+go.depaware-check: go.tidy
+	@# gen depaware for bins
+	@set -e; for dir in $(GOBINS); do ( set -xe; \
+	  cd $$dir; \
+	  $(GO) run github.com/tailscale/depaware --check .; \
+	); done
+
+
 .PHONY: go.build
 go.build:
-	@set -e; for dir in `find $(GOMOD_DIR) -type f -name "go.mod" | grep -v /vendor/ | sed 's@/[^/]*$$@@' | sort | uniq`; do ( set -xe; \
+	@set -e; for dir in $(GOMOD_DIRS); do ( set -xe; \
 	  cd $$dir; \
 	  $(GO)	build ./...; \
 	); done

 .PHONY: go.bump-deps
 go.bumpdeps:
-	@set -e; for dir in `find $(GOMOD_DIR) -type f -name "go.mod" | grep -v /vendor/ | sed 's@/[^/]*$$@@' | sort | uniq`; do ( set -xe; \
+	@set -e; for dir in $(GOMOD_DIRS); do ( set -xe; \
 	  cd $$dir; \
 	  $(GO)	get -u ./...; \
 	); done

 .PHONY: go.bump-deps
 go.fmt:
-	if ! command -v goimports &>/dev/null; then GO111MODULE=off go get golang.org/x/tools/cmd/goimports; fi
-	@set -e; for dir in `find $(GOMOD_DIR) -type f -name "go.mod" | grep -v /vendor/ | sed 's@/[^/]*$$@@' | sort | uniq`; do ( set -xe; \
+	@set -e; for dir in $(GOMOD_DIRS); do ( set -xe; \
 	  cd $$dir; \
-	  goimports -w `go list -f '{{.Dir}}' ./...)` \
+	  $(GO) run golang.org/x/tools/cmd/goimports -w `go list -f '{{.Dir}}' ./...` \
 	); done

+VERIFY_STEPS += go.depaware-check
 BUILD_STEPS += go.build
-BUMPDEPS_STEPS += go.bumpdeps
+BUMPDEPS_STEPS += go.bumpdeps go.depaware-update
 TIDY_STEPS += go.tidy
 LINT_STEPS += go.lint
 UNITTEST_STEPS += go.unittest
 FMT_STEPS += go.fmt
+
+# FIXME: disabled, because currently slow
+# new rule that is manually run sometimes, i.e. `make pre-release` or `make maintenance`.
+# alternative: run it each time the go.mod is changed
+#GENERATE_STEPS += go.depaware-update
+endif
+
+##
+## Gitattributes
+##
+
+ifneq ($(wildcard .gitattributes),)
+.PHONY: _linguist-ignored
+_linguist-kept:
+	@git check-attr linguist-vendored $(shell git check-attr linguist-generated $(shell find . -type f | grep -v .git/) | grep unspecified | cut -d: -f1) | grep unspecified | cut -d: -f1 | sort
+
+.PHONY: _linguist-kept
+_linguist-ignored:
+	@git check-attr linguist-vendored linguist-ignored `find . -not -path './.git/*' -type f` | grep '\ set$$' | cut -d: -f1 | sort -u
 endif

 ##
@@ -198,6 +272,7 @@ ifdef DOCKER_IMAGE
 ifneq ($(DOCKER_IMAGE),none)
 .PHONY: docker.build
 docker.build:
+	$(call check-program, docker)
 	$(call docker_build,$(DOCKERFILE_PATH),$(DOCKER_IMAGE))

 BUILD_STEPS += docker.build
@@ -242,6 +317,11 @@ ifdef BUILD_STEPS
 build: $(PRE_BUILD_STEPS) $(BUILD_STEPS)
 endif

+ifdef VERIFY_STEPS
+.PHONY: verify
+verify: $(PRE_VERIFY_STEPS) $(VERIFY_STEPS)
+endif
+
 ifdef RELEASE_STEPS
 .PHONY: release
 release: $(PRE_RELEASE_STEPS) $(RELEASE_STEPS)
@@ -275,4 +355,7 @@ help::
 	@[ "$(TEST_STEPS)" != "" ]      && echo "  test"      || true
 	@[ "$(TIDY_STEPS)" != "" ]      && echo "  tidy"      || true
 	@[ "$(UNITTEST_STEPS)" != "" ]  && echo "  unittest"  || true
+	@[ "$(VERIFY_STEPS)" != "" ]    && echo "  verify"    || true
 	@# FIXME: list other commands
+
+print-% : ; $(info $* is a $(flavor $*) variable set to [$($*)]) @true
--- a/testserver_unsupported.go
+++ b/testserver_unsupported.go
@@ -0,0 +1,14 @@
+// +build windows
+
+package main
+
+import (
+	"fmt"
+
+	"github.com/urfave/cli"
+)
+
+// testServer is an hidden handler used for integration tests
+func testServer(c *cli.Context) error {
+	return fmt.Errorf("not available on windows")
+}
Author	SHA1	Message	Date
Manfred Touron	e455d50db9	Merge pull request #251 from jwessel/feat_user_udpate feat: Allow for update or removal of the invite token	2021-03-26 16:11:28 +01:00
Manfred Touron	be3f215e24	Merge pull request #256 from moul/renovate/docker-all chore(deps): update all docker tags to v1.16.2	2021-03-26 11:46:56 +01:00
Renovate Bot	c290253546	chore(deps): update all docker tags to v1.16.2	2021-03-12 02:24:27 +00:00
Jason Wessel	5b4332072c	feat: Allow for update or removal of the invite token If the invite leaks for the admin user it is possible for the admin user to be compromised by another invite request. It needs to be possible to entirely remove the invite capability for any given user. New arguments added to user update: --invite_token value, -i value Updates the invite token --remove_invite, -R Remove invite token Signed-off-by: Jason Wessel <jason.wessel@windriver.com>	2021-03-09 08:51:45 -06:00
Manfred Touron	762736d622	Merge pull request #216 from jle64/ecdsa	2021-02-28 07:46:06 +01:00
Manfred Touron	bbbc484fe8	Merge pull request #247 from moul/dependabot/github_actions/golangci/golangci-lint-action-v2.5.1 chore(deps): bump golangci/golangci-lint-action from v2.3.0 to v2.5.1	2021-02-28 07:44:57 +01:00
Manfred Touron	e1602364c8	Merge pull request #235 from moul/dependabot/go_modules/github.com/gliderlabs/ssh-0.3.2 chore(deps): bump github.com/gliderlabs/ssh from 0.3.1 to 0.3.2	2021-02-28 07:44:52 +01:00
Manfred Touron	2540d1e861	Merge pull request #241 from moul/dependabot/go_modules/github.com/olekukonko/tablewriter-0.0.5 chore(deps): bump github.com/olekukonko/tablewriter from 0.0.4 to 0.0.5	2021-02-28 07:44:48 +01:00
Manfred Touron	177a198420	Merge pull request #244 from moul/renovate/docker-all chore(deps): update all docker tags to v1.16.0	2021-02-28 07:44:44 +01:00
Manfred Touron	51612aab13	Merge pull request #245 from moul/dependabot/docker/golang-1.16.0 chore(deps): bump golang from 1.15.8 to 1.16.0	2021-02-28 07:44:38 +01:00
dependabot[bot]	e20af1dde5	chore(deps): bump golangci/golangci-lint-action from v2.3.0 to v2.5.1 Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from v2.3.0 to v2.5.1. - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](https://github.com/golangci/golangci-lint-action/compare/v2.3.0...d9f0e73c0497685d68af8c58280f49fcaf0545ff) Signed-off-by: dependabot[bot] <support@github.com>	2021-02-25 04:18:52 +00:00
Renovate Bot	6caa1f1657	chore(deps): update all docker tags to v1.16.0	2021-02-18 03:57:04 +00:00
dependabot[bot]	e0f76d15ec	chore(deps): bump golang from 1.15.8 to 1.16.0 Bumps golang from 1.15.8 to 1.16.0. Signed-off-by: dependabot[bot] <support@github.com>	2021-02-17 04:17:32 +00:00
dependabot[bot]	bcc150727f	chore(deps): bump github.com/olekukonko/tablewriter from 0.0.4 to 0.0.5 Bumps [github.com/olekukonko/tablewriter](https://github.com/olekukonko/tablewriter) from 0.0.4 to 0.0.5. - [Release notes](https://github.com/olekukonko/tablewriter/releases) - [Commits](https://github.com/olekukonko/tablewriter/compare/v0.0.4...v0.0.5) Signed-off-by: dependabot[bot] <support@github.com>	2021-02-11 04:21:57 +00:00
Manfred Touron	9062417d13	Merge pull request #237 from moul/renovate/docker-all chore(deps): update all docker tags to v1.15.8	2021-02-07 12:12:52 +01:00
Manfred Touron	baeade4043	Merge pull request #238 from moul/dependabot/docker/golang-1.15.8 chore(deps): bump golang from 1.15.7 to 1.15.8	2021-02-07 12:12:41 +01:00
Renovate Bot	b9552e98b5	chore(deps): update all docker tags to v1.15.8	2021-02-06 02:14:21 +00:00
dependabot[bot]	715ccde829	chore(deps): bump golang from 1.15.7 to 1.15.8 Bumps golang from 1.15.7 to 1.15.8. Signed-off-by: dependabot[bot] <support@github.com>	2021-02-05 04:16:20 +00:00
dependabot[bot]	f5dc1bd1b9	chore(deps): bump github.com/gliderlabs/ssh from 0.3.1 to 0.3.2 Bumps [github.com/gliderlabs/ssh](https://github.com/gliderlabs/ssh) from 0.3.1 to 0.3.2. - [Release notes](https://github.com/gliderlabs/ssh/releases) - [Commits](https://github.com/gliderlabs/ssh/compare/v0.3.1...v0.3.2) Signed-off-by: dependabot[bot] <support@github.com>	2021-02-02 04:22:33 +00:00
Jonathan Lestrelin	c79c50aeb6	Remove go versions with missing requirements for ecdsa/ed2519 from CI.	2021-01-25 18:21:44 +01:00
Manfred Touron	df3542c6ee	Merge pull request #233 from moul/dependabot/docker/golang-1.15.7 chore(deps): bump golang from 1.15.6 to 1.15.7	2021-01-25 14:22:48 +01:00
Manfred Touron	e40f5307a3	Merge pull request #232 from moul/renovate/docker-all chore(deps): update all docker tags to v1.15.7	2021-01-25 14:22:04 +01:00
Renovate Bot	6e6045306b	chore(deps): update all docker tags to v1.15.7	2021-01-21 00:14:55 +00:00
dependabot[bot]	874467b1e6	chore(deps): bump golang from 1.15.6 to 1.15.7 Bumps golang from 1.15.6 to 1.15.7. Signed-off-by: dependabot[bot] <support@github.com>	2021-01-20 04:03:40 +00:00
Jonathan Lestrelin	5c1c559a9a	Merge remote-tracking branch 'upstream/master' into ecdsa	2021-01-12 08:18:28 +01:00
Manfred Touron	6872c727ef	Merge pull request #231 from moul/dev/moul/maintenance chore: repo maintenance 🤖	2021-01-02 10:51:40 +01:00
moul-bot	cae996d041	chore: repo maintenance 🤖 more details: https://github.com/moul/repoman Signed-off-by: moul-bot <bot@moul.io>	2021-01-01 15:24:08 +01:00
Manfred Touron	a23b77282c	Merge pull request #229 from moul/renovate/docker-all chore(deps): update circleci/golang docker tag to v1.15.6	2020-12-27 12:12:16 +01:00
Manfred Touron	24814c4152	Merge pull request #230 from moul/dependabot/docker/golang-1.15.6 chore(deps): bump golang from 1.15.5 to 1.15.6	2020-12-26 19:01:22 +01:00
Renovate Bot	07359988d0	chore(deps): update all docker tags to v1.15.6	2020-12-05 00:51:28 +00:00
dependabot[bot]	db6eb63297	chore(deps): bump golang from 1.15.5 to 1.15.6 Bumps golang from 1.15.5 to 1.15.6. Signed-off-by: dependabot[bot] <support@github.com>	2020-12-04 04:22:41 +00:00
Manfred Touron	5fdb31b97d	Merge pull request #221 from moul/dependabot/github_actions/golangci/golangci-lint-action-v2.3.0 chore(deps): bump golangci/golangci-lint-action from v0.1.7 to v2.3.0	2020-11-15 21:48:47 +01:00
Manfred Touron	bce6b1998b	Merge pull request #220 from moul/dependabot/github_actions/actions/cache-v2.1.3 chore(deps): bump actions/cache from v1 to v2.1.3	2020-11-15 21:48:34 +01:00
dependabot[bot]	f7fa60da97	chore(deps): bump golangci/golangci-lint-action from v0.1.7 to v2.3.0 Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from v0.1.7 to v2.3.0. - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](https://github.com/golangci/golangci-lint-action/compare/v0.1.7...e868220d9fd3b523f1a8fcfb69749e8c7521ba14) Signed-off-by: dependabot[bot] <support@github.com>	2020-11-15 20:40:22 +00:00
Manfred Touron	d2cd6b64a3	Merge pull request #215 from moul/renovate/all chore(deps): update all	2020-11-15 21:39:39 +01:00
Manfred Touron	1ef0cc8725	Merge pull request #225 from moul/renovate/docker-all chore(deps): update all docker tags to v1.15.5	2020-11-15 21:38:37 +01:00
Renovate Bot	d894005c3f	chore(deps): update all docker tags to v1.15.5	2020-11-13 01:41:26 +00:00
Renovate Bot	af7206d114	chore(deps): update all	2020-11-12 16:47:33 +00:00
dependabot[bot]	1f9d962cd6	chore(deps): bump actions/cache from v1 to v2.1.3 Bumps [actions/cache](https://github.com/actions/cache) from v1 to v2.1.3. - [Release notes](https://github.com/actions/cache/releases) - [Commits](https://github.com/actions/cache/compare/v1...0781355a23dac32fd3bac414512f4b903437991a) Signed-off-by: dependabot[bot] <support@github.com>	2020-11-11 01:04:31 +00:00
Manfred Touron	460041c6e3	Merge pull request #219 from moul/dev/moul/maintenance chore: repo maintenance 🤖	2020-11-11 02:04:08 +01:00
moul-bot	7068565ab1	chore: repo maintenance 🤖 more details: https://github.com/moul/repoman Signed-off-by: moul-bot <bot@moul.io>	2020-11-09 22:53:21 +01:00
Manfred Touron	74bd885c1d	Merge pull request #218 from moul/renovate/docker-all chore(deps): update all docker tags to v1.15.4	2020-11-07 16:54:04 +01:00
Renovate Bot	9317f206d1	chore(deps): update all docker tags to v1.15.4	2020-11-07 00:30:51 +00:00
Jonathan Lestrelin	6c3f803dc6	Add generation of ecdsa and ed25519 keys. Make RSA keys use value from --length parameter. Set default length when --length is unspecified based on key type. Change default key format to ed25519 both in shell and for keys created at initialization.	2020-10-10 04:21:11 +02:00
Renovate Bot	9c3d29eb83	chore(deps): update module gliderlabs/ssh to v0.3.1	2020-10-07 19:19:15 +00:00
Manfred Touron	e339a73931	Merge pull request #214 from moul/dev/moul/bump-deps4 chore: bump deps	2020-10-04 10:51:32 +02:00
Manfred Touron	0dcab1b380	chore: bump deps	2020-10-04 10:18:07 +02:00
Manfred Touron	032f802348	Merge pull request #208 from moul/renovate/docker-all chore(deps): update all docker tags to v1.15.2	2020-09-14 20:57:45 +02:00
Renovate Bot	7fd9be9058	chore(deps): update all docker tags to v1.15.2	2020-09-10 00:31:00 +00:00
Manfred Touron	83b54aeeff	Merge pull request #205 from moul/dev/moul/go115 chore: go1.15	2020-08-19 20:28:55 +02:00
Manfred Touron	2323d6fd1e	chore: go1.15	2020-08-19 19:33:18 +02:00
Manfred Touron	4c947ce391	Merge pull request #204 from GreyOBox/increase-size-of-name-fields fix: increase size of name fields	2020-08-19 18:27:33 +02:00
Sergey Yashchuk	44559f0547	fix: increase size of name fields	2020-08-19 18:23:36 +02:00
Manfred Touron	8234119cd4	Merge pull request #197 from moul/renovate/all chore(deps): update golang.org/x/crypto commit hash to 123391f	2020-08-10 18:22:45 +02:00
Manfred Touron	7a75c13ac4	Merge pull request #200 from moul/renovate/docker-all chore(deps): update all docker tags to v1.14.7	2020-08-10 18:22:15 +02:00
Manfred Touron	4b10131790	Merge pull request #201 from moul/imgbot [ImgBot] Optimize images	2020-08-09 17:14:22 +02:00
Manfred Touron	a29c6e8338	chore: add intro image	2020-08-09 00:30:36 +02:00
ImgBotApp	198e0717b5	[ImgBot] Optimize images *Total -- 887.71kb -> 587.48kb (33.82%) /.assets/bastion.jpg -- 503.44kb -> 249.40kb (50.46%) /.assets/flow-diagram.png -- 104.11kb -> 79.45kb (23.69%) /.assets/overview.png -- 32.65kb -> 26.50kb (18.82%) /.assets/cluster-mysql.svg -- 8.50kb -> 7.08kb (16.74%) /.assets/overview.svg -- 9.23kb -> 8.03kb (13.03%) /.assets/flow-diagram.svg -- 13.85kb -> 12.39kb (10.51%) /.assets/sql-schema.svg -- 36.89kb -> 33.99kb (7.85%) /.assets/demo.gif -- 179.03kb -> 170.63kb (4.69%) Signed-off-by: ImgBotApp <ImgBotHelp@gmail.com>	2020-08-08 22:28:50 +00:00
Manfred Touron	d8fa2f6925	Add files via upload	2020-08-09 00:28:34 +02:00
Renovate Bot	16c8c0092e	chore(deps): update all docker tags to v1.14.7	2020-08-08 00:28:27 +00:00
Renovate Bot	b0dfff2d90	chore(deps): update golang.org/x/crypto commit hash to 123391f	2020-07-28 20:38:36 +00:00
Manfred Touron	9d2badf253	Merge pull request #196 from moul/dev/moul/pr-194	2020-07-23 18:55:42 +02:00
Konstantin Bakaras	428344da17	feat: MySQL, Postgres support Signed-off-by: Manfred Touron <94029+moul@users.noreply.github.com>	2020-07-23 18:50:42 +02:00
Konstantin Bakaras	0c07ac790a	feat: ACL Check with inception and expiration Signed-off-by: Manfred Touron <94029+moul@users.noreply.github.com>	2020-07-23 18:50:35 +02:00
Konstantin Bakaras	365a37959a	chore: Model and edit Signed-off-by: Manfred Touron <94029+moul@users.noreply.github.com>	2020-07-23 18:50:35 +02:00
Manfred Touron	90fd6057cf	Merge pull request #193 from moul/renovate/docker-all chore(deps): update all docker tags to v1.14.6	2020-07-23 18:24:07 +02:00
Manfred Touron	4220f3fb89	Merge pull request #190 from moul/renovate/all chore(deps): update all	2020-07-23 17:22:27 +02:00
Renovate Bot	3e2acfc992	chore(deps): update all	2020-07-20 06:19:00 +00:00
Renovate Bot	9c464b2610	chore(deps): update all docker tags to v1.14.6	2020-07-18 00:55:40 +00:00
Manfred Touron	5760aece65	Merge pull request #192 from moul/dev/moul/maintenance chore: repo maintenance 🤖	2020-07-12 14:08:51 +02:00
moul-bot	a24e20252a	chore: repo maintenance 🤖 more details: https://github.com/moul/repoman Signed-off-by: moul-bot <bot@moul.io>	2020-07-12 14:04:09 +02:00
Manfred Touron	37a7fa1917	Merge pull request #189 from moul/renovate/all chore(deps): update all	2020-07-09 17:47:46 +02:00
Renovate Bot	f1b28b0363	chore(deps): update all	2020-07-08 08:14:45 +00:00
Manfred Touron	e43bb55e70	Merge pull request #188 from moul/dev/moul/fix-166	2020-07-08 10:12:52 +02:00
Manfred Touron	763ced7524	feat: host logging modes (disabled, commands, everything) Signed-off-by: Manfred Touron <94029+moul@users.noreply.github.com>	2020-07-04 22:16:46 +02:00
Manfred Touron	54128beb12	chore: point CHANGELOG.md to releases page Signed-off-by: Manfred Touron <94029+moul@users.noreply.github.com>	2020-07-04 21:53:26 +02:00
Manfred Touron	64ba179cc7	chore: add .gitattributes Signed-off-by: Manfred Touron <94029+moul@users.noreply.github.com>	2020-07-04 21:53:26 +02:00
Manfred Touron	bbdb4851a5	Merge pull request #187 from moul/dev/moul/maintenance chore: repo maintenance 🤖	2020-07-04 01:59:48 +02:00
moul-bot	63719ec00e	chore: repo maintenance 🤖 more details: https://github.com/moul/repoman Signed-off-by: moul-bot <bot@moul.io>	2020-07-02 00:41:50 +02:00
Manfred Touron	0722497336	Update README.md	2020-07-01 14:51:57 +02:00
Manfred Touron	e74f7221b5	Merge pull request #168 from moul/dev/moul/linters fix: add more linters	2020-07-01 14:51:03 +02:00
Manfred Touron	f4fc3a90bc	fix: add more linters Signed-off-by: Manfred Touron <94029+moul@users.noreply.github.com>	2020-07-01 14:46:23 +02:00
Manfred Touron	df3aa6e165	Merge pull request #181 from moul/renovate/all chore(deps): update all	2020-07-01 14:46:01 +02:00
Manfred Touron	986bcd7971	Merge pull request #185 from moul/dev/moul/windows	2020-07-01 14:17:50 +02:00
Manfred Touron	7f3ea431a1	Merge pull request #183 from jrrdev/exit_fix	2020-07-01 14:16:14 +02:00
Manfred Touron	dae0252857	chore: small fix for build on windows	2020-07-01 14:10:50 +02:00
Manfred Touron	33b8e5272c	Merge pull request #184 from moul/dev/moul/renovate-tidy chore: tell renovate to run go mod tidy	2020-07-01 14:10:15 +02:00
Manfred Touron	21e73757ac	chore: tell renovate to run go mod tidy	2020-07-01 14:01:14 +02:00
jerard@alfa-safety.fr	bcb5d3b7ef	fixup! Fix early closure of data stream.	2020-06-30 18:28:47 +02:00
jerard@alfa-safety.fr	d2f3f460b2	Fix early closure of data stream. Closes moul/sshportal#55 and closes moul/sshportal#127	2020-06-30 10:28:39 +02:00
Renovate Bot	e06fe6f5a3	chore(deps): update all	2020-06-22 22:25:28 +00:00
Manfred Touron	fb9dabfe6b	chore: bump deps	2020-06-09 12:11:41 +02:00