mirror of
https://github.com/shazow/ssh-chat.git
synced 2025-04-12 07:10:05 +03:00
621ae1b0d3
* move loading whitelist+ops from file to auth and save the loaded files fro reloading * add /whitelist command with lots of open questions * add test for /whitelist * gofmt * use the same auth (the tests don't seem to care, but htis is more right) * mutex whitelistMode and remove some deferred TODOs * s/whitelist/allowlist/ (user-facing); move helper functions outside the handler function * check for ops in Auth.CheckPublicKey and move /allowlist handling to helper functions * possibly fix the test timeout in HostNameCollision * Revert "possibly fix the test timeout in HostNameCollision" (didn't work) This reverts commit 664dbb0976f8f10ea7a673950a879591c2e7c320. * managed to reproduce the timeout after updating, hopefully it's the same one * remove some unimportant TODOs; add a message when reverify kicks people; add a reverify test * add client connection with key; add test for /allowlist import AGE * hopefully make test less racy * s/whitelist/allowlist/ * fix crash on specifying exactly one more -v flag than the max level * use a key loader function to move file reading out of auth * add loader to allowlist test * minor message changes * add --whitelist with a warning; update tests for messages * apparently, we have another prefix * check names directly on the User objects in TestHostNameCollision * not allowlisted -> not allowed * small message change * update test
92 lines
2.1 KiB
Go
92 lines
2.1 KiB
Go
package sshd
|
|
|
|
import (
|
|
"crypto/rand"
|
|
"crypto/rsa"
|
|
"io"
|
|
|
|
"golang.org/x/crypto/ssh"
|
|
)
|
|
|
|
// NewRandomSigner generates a random key of a desired bit length.
|
|
func NewRandomSigner(bits int) (ssh.Signer, error) {
|
|
key, err := rsa.GenerateKey(rand.Reader, bits)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return ssh.NewSignerFromKey(key)
|
|
}
|
|
|
|
// NewClientConfig creates a barebones ssh.ClientConfig to be used with ssh.Dial.
|
|
func NewClientConfig(name string) *ssh.ClientConfig {
|
|
return &ssh.ClientConfig{
|
|
User: name,
|
|
Auth: []ssh.AuthMethod{
|
|
ssh.KeyboardInteractive(func(user, instruction string, questions []string, echos []bool) (answers []string, err error) {
|
|
return
|
|
}),
|
|
},
|
|
HostKeyCallback: ssh.InsecureIgnoreHostKey(),
|
|
}
|
|
}
|
|
|
|
func NewClientConfigWithKey(name string, key ssh.Signer) *ssh.ClientConfig {
|
|
return &ssh.ClientConfig{
|
|
User: name,
|
|
Auth: []ssh.AuthMethod{ssh.PublicKeys(key)},
|
|
HostKeyCallback: ssh.InsecureIgnoreHostKey(),
|
|
}
|
|
}
|
|
|
|
// ConnectShell makes a barebones SSH client session, used for testing.
|
|
func ConnectShell(host string, name string, handler func(r io.Reader, w io.WriteCloser) error) error {
|
|
return connectShell(host, NewClientConfig(name), handler)
|
|
}
|
|
|
|
func ConnectShellWithKey(host string, name string, key ssh.Signer, handler func(r io.Reader, w io.WriteCloser) error) error {
|
|
return connectShell(host, NewClientConfigWithKey(name, key), handler)
|
|
}
|
|
|
|
func connectShell(host string, config *ssh.ClientConfig, handler func(r io.Reader, w io.WriteCloser) error) error {
|
|
conn, err := ssh.Dial("tcp", host, config)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
defer conn.Close()
|
|
|
|
session, err := conn.NewSession()
|
|
if err != nil {
|
|
return err
|
|
}
|
|
defer session.Close()
|
|
|
|
in, err := session.StdinPipe()
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
out, err := session.StdoutPipe()
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
/*
|
|
err = session.RequestPty("xterm", 80, 40, ssh.TerminalModes{})
|
|
if err != nil {
|
|
return err
|
|
}
|
|
*/
|
|
|
|
err = session.Shell()
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
_, err = session.SendRequest("ping", true, nil)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
return handler(out, in)
|
|
}
|