* move loading whitelist+ops from file to auth and save the loaded files fro reloading
* add /whitelist command with lots of open questions
* add test for /whitelist
* gofmt
* use the same auth (the tests don't seem to care, but htis is more right)
* mutex whitelistMode and remove some deferred TODOs
* s/whitelist/allowlist/ (user-facing); move helper functions outside the handler function
* check for ops in Auth.CheckPublicKey and move /allowlist handling to helper functions
* possibly fix the test timeout in HostNameCollision
* Revert "possibly fix the test timeout in HostNameCollision" (didn't work)
This reverts commit 664dbb0976f8f10ea7a673950a879591c2e7c320.
* managed to reproduce the timeout after updating, hopefully it's the same one
* remove some unimportant TODOs; add a message when reverify kicks people; add a reverify test
* add client connection with key; add test for /allowlist import AGE
* hopefully make test less racy
* s/whitelist/allowlist/
* fix crash on specifying exactly one more -v flag than the max level
* use a key loader function to move file reading out of auth
* add loader to allowlist test
* minor message changes
* add --whitelist with a warning; update tests for messages
* apparently, we have another prefix
* check names directly on the User objects in TestHostNameCollision
* not allowlisted -> not allowed
* small message change
* update test
* Move password authentication handling into sshd/auth (fixes#394).
Password authentication is now completely handeled in Auth. The normal
keyboard-interactive handler checks if passwords are supported and asks
for them, removing the need to override the callbacks.
Brute force throttling is removed; I'd like to base it on IP address
banning, which requires changes to the checks.
I'm not sure, but I think timing attacks against the password are fixed:
- The hashing of the real password happens only at startup.
- The hashing of a provided password is something an attacker can do
themselves; It doesn't leak anything about the real password.
- The hash comparison is constant-time.
* refactor checks, IP-ban incorrect passphrases, renames
- s/assword/assphrase/, typo fixes
- bans are checked separately from public keys
- an incorrect passphrase results in a one-minute IP ban
- whitelists no longer override bans (i.e. you can get banned if you're
whitelisted)
* (hopefully) final changes
For #285
Turns out there were some bugs in Set, and I was using it incorrectly too.
The query syntax is a little awkward but couldn't find a nicer easy to parse format that worked with quoted string values.
