labring · zijiren233 · Nov 27, 2025 · Nov 27, 2025 · Nov 28, 2025 · Nov 28, 2025
@@ -19,7 +19,7 @@ on:
       - "CHANGELOG/**"
 env:
   # Common versions
-  GO_VERSION: "1.23"
+  GO_VERSION: "1.25"
   PROJECT_PATH: "./lifecycle"
 
 jobs:

@@ -19,7 +19,7 @@ on:
       - "CHANGELOG/**"
 env:
   # Common versions
-  GO_VERSION: "1.23"
+  GO_VERSION: "1.25"
   PROJECT_PATH: "./lifecycle"
 
 jobs:

@@ -2,7 +2,7 @@ name: CI Patch Images Package
 
 env:
   # Common versions
-  GO_VERSION: "1.23"
+  GO_VERSION: "1.25"
   DEFAULT_OWNER: "labring"
   PROJECT_PATH: "./lifecycle"
 

@@ -2,7 +2,7 @@ name: CI
 
 env:
   # Common versions
-  GO_VERSION: "1.23"
+  GO_VERSION: "1.25"
 
 on:
   workflow_call:

@@ -28,7 +28,7 @@ on:
 
 env:
   # Common versions
-  GO_VERSION: "1.20"
+  GO_VERSION: "1.25"
   DEFAULT_OWNER: "labring"
 
 permissions:

@@ -56,7 +56,7 @@ permissions:
 
 env:
   # Common versions
-  GO_VERSION: "1.20"
+  GO_VERSION: "1.25"
   DEFAULT_OWNER: "labring"
   ALIYUN_REGISTRY: ${{ secrets.ALIYUN_REGISTRY }}
   ALIYUN_REPO_PREFIX: ${{ secrets.ALIYUN_REPO_PREFIX && secrets.ALIYUN_REPO_PREFIX || secrets.ALIYUN_USERNAME && format('{0}/{1}', secrets.ALIYUN_REGISTRY, secrets.ALIYUN_USERNAME) || '' }}

@@ -52,7 +52,7 @@ on:
 
 env:
   # Common versions
-  GO_VERSION: "1.24"
+  GO_VERSION: "1.25"
   DEFAULT_OWNER: "labring"
   LICENSE_KEY: ${{ secrets.LICENSE_KEY }}
   ALIYUN_REGISTRY: ${{ secrets.ALIYUN_REGISTRY }}

@@ -20,7 +20,7 @@ on:
 
 env:
   # Common versions
-  GO_VERSION: "1.20"
+  GO_VERSION: "1.25"
   DEFAULT_OWNER: "labring"
   ALIYUN_REGISTRY: ${{ secrets.ALIYUN_REGISTRY }}
   ALIYUN_REPO_PREFIX: ${{ secrets.ALIYUN_REPO_PREFIX && secrets.ALIYUN_REPO_PREFIX || secrets.ALIYUN_USERNAME && format('{0}/{1}', secrets.ALIYUN_REGISTRY, secrets.ALIYUN_USERNAME) || '' }}

@@ -2,7 +2,7 @@ name: Import Patch Images Package
 
 env:
   # Common versions
-  GO_VERSION: "1.23"
+  GO_VERSION: "1.25"
   PROJECT_PATH: "./lifecycle"
 
 on:

@@ -2,7 +2,7 @@ name: Release
 
 env:
   # Common versions
-  GO_VERSION: "1.23"
+  GO_VERSION: "1.25"
   DEFAULT_OWNER: "labring"
 
 on:

@@ -51,7 +51,7 @@ on:
       - "!**/*.yaml"
 env:
   # Common versions
-  GO_VERSION: "1.22"
+  GO_VERSION: "1.25"
   DEFAULT_OWNER: "labring"
   ALIYUN_REGISTRY: ${{ secrets.ALIYUN_REGISTRY }}
   ALIYUN_REPO_PREFIX: ${{ secrets.ALIYUN_REPO_PREFIX && secrets.ALIYUN_REPO_PREFIX || secrets.ALIYUN_USERNAME && format('{0}/{1}', secrets.ALIYUN_REGISTRY, secrets.ALIYUN_USERNAME) || '' }}
@@ -112,6 +112,7 @@ jobs:
             devbox,
             vlogs,
             hubble,
+            sshgate,
           ]
     steps:
       - name: Checkout
@@ -257,6 +258,7 @@ jobs:
             devbox,
             vlogs,
             hubble,
+            sshgate,
           ]
     steps:
       - name: Checkout

@@ -52,7 +52,7 @@ on:
       - "!**/*.yaml"
 env:
   # Common versions
-  GO_VERSION: "1.22"
+  GO_VERSION: "1.25"
   DEFAULT_OWNER: "labring"
   ALIYUN_REGISTRY: ${{ secrets.ALIYUN_REGISTRY }}
   ALIYUN_REPO_PREFIX: ${{ secrets.ALIYUN_REPO_PREFIX && secrets.ALIYUN_REPO_PREFIX || secrets.ALIYUN_USERNAME && format('{0}/{1}', secrets.ALIYUN_REGISTRY, secrets.ALIYUN_USERNAME) || '' }}

@@ -1,7 +1,7 @@
 version: "2"
 
 run:
-  go: "1.23"
+  go: "1.24"
   relative-path-mode: gomod
   modules-download-mode: readonly
 

@@ -12,6 +12,7 @@ use (
 	./pay
 	./vlogs
 	./zombiedetector
+	./sshgate
 )
 
 replace (

@@ -0,0 +1,78 @@
+# SSH Gateway Configuration Example
+# Copy this file to .env and customize as needed
+
+# ============================================
+# Server Configuration
+# ============================================
+# SSH listen address (default: :2222)
+SSH_LISTEN_ADDR=:2222
+
+# Backend devbox SSH port (default: 22)
+SSH_BACKEND_PORT=22
+
+# ============================================
+# Proxy Mode Configuration
+# ============================================
+# Enable agent forwarding mode (session channel) (default: true)
+ENABLE_AGENT_FORWARD=true
+
+# Enable proxy jump mode (direct-tcpip) (default: false)
+ENABLE_PROXY_JUMP=false
+
+# ============================================
+# Logging Configuration
+# ============================================
+# Enable debug mode (default: false)
+DEBUG=false
+
+# Log level: debug, info, warn, error (default: info)
+LOG_LEVEL=info
+
+# Log format: text, json (default: text)
+LOG_FORMAT=text
+
+# ============================================
+# Timeout Configuration (Optional)
+# ============================================
+# SSH handshake timeout (default: 15s)
+# SSH_HANDSHAKE_TIMEOUT=15s
+
+# Backend connection timeout for PublicKey mode (default: 10s)
+# BACKEND_CONNECT_TIMEOUT_PUBLICKEY=10s
+
+# Backend connection timeout for Agent Forward mode (default: 5s)
+# BACKEND_CONNECT_TIMEOUT_AGENT=5s
+
+# ProxyJump connection timeout (default: 5s)
+# PROXY_JUMP_TIMEOUT=5s
+
+# Session request processing timeout (default: 3s)
+# SESSION_REQUEST_TIMEOUT=3s
+
+# ============================================
+# Security Configuration
+# ============================================
+# SSH host key seed for deterministic key generation (default: sealos-devbox)
+SSH_HOST_KEY_SEED=sealos-devbox
+
+# ============================================
+# Informer Configuration (Optional)
+# ============================================
+# Informer resync period (default: 30s)
+# INFORMER_RESYNC_PERIOD=30s
+
+# ============================================
+# Limits Configuration (Optional)
+# ============================================
+# Maximum cached requests (default: 6)
+# MAX_CACHED_REQUESTS=6
+
+# ============================================
+# Performance Profiling (Optional)
+# ============================================
+# Enable pprof server (default: true)
+PPROF_ENABLED=true
+
+# Pprof port (0 for random port, default: 0)
+# Note: Pprof always listens on 127.0.0.1 for security
+PPROF_PORT=6060
@@ -0,0 +1,61 @@
+# Binaries for programs and plugins
+*.exe
+*.exe~
+*.dll
+*.so
+*.dylib
+
+# Test binary, built with `go test -c`
+*.test
+
+# Output of the go coverage tool
+*.out
+coverage.out
+coverage.html
+
+# Go workspace file
+go.work
+
+# Dependency directories
+vendor/
+
+# Build artifacts
+/sshgate
+/sshgate.*
+*.key
+*.pub
+bin/
+
+# IDE and editor files
+.vscode/
+.idea/
+*.swp
+*.swo
+*~
+.DS_Store
+
+# Environment files
+.env
+.env.local
+.env.*.local
+!.env.example
+
+# Test files
+*_test_*
+test_*.sh
+
+# Kubernetes config (if any)
+kubeconfig
+*.kubeconfig
+
+# Temporary files
+tmp/
+temp/
+*.tmp
+
+# Project specific
+ssh_host_*
+PROJECT_SUMMARY.md
+.claude
+*.tgz
+
@@ -0,0 +1,7 @@
+FROM gcr.io/distroless/static:nonroot
+ARG TARGETARCH
+COPY bin/service-sshgate-$TARGETARCH /sshgate
+EXPOSE 2222
+USER 65532:65532
+
+ENTRYPOINT [ "/sshgate" ]
@@ -0,0 +1,56 @@
+IMG ?= ghcr.io/labring/sealos-sshgate-service:latest
+
+# Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set)
+ifeq (,$(shell go env GOBIN))
+GOBIN=$(shell go env GOPATH)/bin
+else
+GOBIN=$(shell go env GOBIN)
+endif
+
+# only support linux, non cgo
+PLATFORMS ?= linux_arm64 linux_amd64
+GOOS=linux
+CGO_ENABLED=0
+GOARCH=$(shell go env GOARCH)
+TARGETARCH ?= $(GOARCH)
+
+GO_BUILD_FLAGS=-trimpath -ldflags "-s -w"
+
+.PHONY: all
+all: build
+
+##@ General
+
+# The help target prints out all targets with their descriptions organized
+# beneath their categories. The categories are represented by '##@' and the
+# target descriptions by '##'. The awk commands is responsible for reading the
+# entire set of makefiles included in this invocation, looking for lines of the
+# file as xyz: ## something, and then pretty-format the target and help. Then,
+# if there's a line with ##@ something, that gets pretty-printed as a category.
+# More info on the usage of ANSI control characters for terminal formatting:
+# https://en.wikipedia.org/wiki/ANSI_escape_code#SGR_parameters
+# More info on the awk command:
+# http://linuxcommand.org/lc3_adv_awk.php
+
+.PHONY: help
+help: ## Display this help.
+	@awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n  make \033[36m<target>\033[0m\n"} /^[a-zA-Z_0-9-]+:.*?##/ { printf "  \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST)
+
+##@ Build
+
+.PHONY: clean
+clean:
+	rm -f $(SERVICE_NAME)
+
+.PHONY: build
+build: clean ## Build service-hub binary.
+	CGO_ENABLED=$(CGO_ENABLED) GOOS=$(GOOS) go build $(GO_BUILD_FLAGS) -o bin/manager main.go
+
+.PHONY: docker-build
+docker-build: build
+	mv bin/manager bin/service-sshgate-${TARGETARCH}
+	docker build -t $(IMG) .
+
+.PHONY: docker-push
+docker-push:
+	docker push $(IMG)
-Original file line number
+Diff line change
@@ Expand Up / @@ -12,6 +12,7 @@ use ( @@
     	./pay
     	./vlogs
     	./zombiedetector
+    	./sshgate
     )
     replace (
@@ Expand Down @@