Skip to content

Internal Architecture

ContainerSSH is build as a collection of libraries, each of which is developed independently to ensure quality, but to the purpose of being integrated into what is ContainerSSH.

The core architecture consists of several services, such as SSH or the metrics server. These services are started from the core code as part of a service pool. If any one service fails the service pool shuts down.

One of the core services is the SSH service, which creates a standardized, object oriented layer to deal with connecting SSH clients. It also abstracts away the complexities of SSH and the Go SSH library. This library defines a set of interfaces that backends need to implement.

The SSH backends are then added in layers. One of the most fundamental layers is auditlogintegration, which captures decoded SSH traffic and forwards it to the audit log library.

The other critical layer is authintegration, which forwards authentication requests to the authentication library.

The final piece of the puzzle is the backend library which acts as a hub. As a first step it calls the configuration library to obtain dynamic, per-user configuration. It then proceeds to load the security layer and the appropriate backend, e.g. Docker or Kubernetes.

These backends form the lowermost layer of the SSH handler stack and forward the connections to the container backend.

Module dependency map

The following graph shows the internal dependencies of ContainerSSH. This is important to know the order in which modules must be updated:

We are very sorry, but we haven't found a good way to make this graph accessible. Please contact us if you have a visual impairment so we can test out how to best represent this.