TheCloud/ssh-chat
1
0
Fork 0
mirror of https://github.com/shazow/ssh-chat.git synced 2025-08-07 03:38:17 -04:00
Code Issues Packages Projects Releases Wiki Activity

(hopefully) final changes

Browse Source
This commit is contained in:
mik2k2 2021-05-28 16:55:19 +02:00
parent 2e203b3238
commit cc1de0d960
4 changed files with 9 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
auth.go
View File

@ -113,7 +113,7 @@ func (a *Auth) CheckBans(addr net.Addr, key ssh.PublicKey, clientVersion string)
} }
// CheckPubkey determines if a pubkey fingerprint is permitted. // CheckPubkey determines if a pubkey fingerprint is permitted.
func (a *Auth) CheckPubkey(key ssh.PublicKey) error { func (a *Auth) CheckPublicKey(key ssh.PublicKey) error {
authkey := newAuthKey(key) authkey := newAuthKey(key)
whitelisted := a.whitelist.In(authkey) whitelisted := a.whitelist.In(authkey)
if a.AllowAnonymous() || whitelisted { if a.AllowAnonymous() || whitelisted {

6
auth_test.go
View File

@ -28,7 +28,7 @@ func TestAuthWhitelist(t *testing.T) {
} }
auth := NewAuth() auth := NewAuth()
err = auth.CheckPubkey(key) err = auth.CheckPublicKey(key)
if err != nil { if err != nil {
t.Error("Failed to permit in default state:", err) t.Error("Failed to permit in default state:", err)
} }
@ -44,7 +44,7 @@ func TestAuthWhitelist(t *testing.T) {
t.Error("Clone key does not match.") t.Error("Clone key does not match.")
} }
err = auth.CheckPubkey(keyClone) err = auth.CheckPublicKey(keyClone)
if err != nil { if err != nil {
t.Error("Failed to permit whitelisted:", err) t.Error("Failed to permit whitelisted:", err)
} }
@ -54,7 +54,7 @@ func TestAuthWhitelist(t *testing.T) {
t.Fatal(err) t.Fatal(err)
} }
err = auth.CheckPubkey(key2) err = auth.CheckPublicKey(key2)
if err == nil { if err == nil {
t.Error("Failed to restrict not whitelisted:", err) t.Error("Failed to restrict not whitelisted:", err)
} }

7
sshd/auth.go
View File

@ -20,7 +20,7 @@ type Auth interface {
// Given address and public key and client agent string, returns nil if the connection is not banned. // Given address and public key and client agent string, returns nil if the connection is not banned.
CheckBans(net.Addr, ssh.PublicKey, string) error CheckBans(net.Addr, ssh.PublicKey, string) error
// Given a public key, returns nil if the connection should be allowed. // Given a public key, returns nil if the connection should be allowed.
CheckPubkey(ssh.PublicKey) error CheckPublicKey(ssh.PublicKey) error
// Given a passphrase, returns nil if the connection should be allowed. // Given a passphrase, returns nil if the connection should be allowed.
CheckPassphrase(string) error CheckPassphrase(string) error
// BanAddr bans an IP address for the specified amount of time. // BanAddr bans an IP address for the specified amount of time.
@ -38,7 +38,7 @@ func MakeAuth(auth Auth) *ssh.ServerConfig {
if err != nil { if err != nil {
return nil, err return nil, err
} }
err = auth.CheckPubkey(key) err = auth.CheckPublicKey(key)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -65,8 +65,7 @@ func MakeAuth(auth Auth) *ssh.ServerConfig {
} else { } else {
err = auth.CheckPassphrase(answers[0]) err = auth.CheckPassphrase(answers[0])
if err != nil { if err != nil {
// TODO: make rate-limiting configurable auth.BanAddr(conn.RemoteAddr(), time.Second*2)
auth.BanAddr(conn.RemoteAddr(), time.Minute * 1)
} }
} }
} }

2
sshd/client_test.go
View File

@ -22,7 +22,7 @@ func (a RejectAuth) AcceptPassphrase() bool {
func (a RejectAuth) CheckBans(addr net.Addr, key ssh.PublicKey, clientVersion string) error { func (a RejectAuth) CheckBans(addr net.Addr, key ssh.PublicKey, clientVersion string) error {
return errRejectAuth return errRejectAuth
} }
func (a RejectAuth) CheckPubkey(ssh.PublicKey) error { func (a RejectAuth) CheckPublicKey(ssh.PublicKey) error {
return errRejectAuth return errRejectAuth
} }
func (a RejectAuth) CheckPassphrase(string) error { func (a RejectAuth) CheckPassphrase(string) error {