ssh/tailssh: send banner messages during auth, move more to conn

(VSCode Live Share between Brad & Maisem!) Updates #3802 Change-Id: Id8edca4481b0811debfdf56d4ccb1a46f71dd6d3 Co-Authored-By: Brad Fitzpatrick <bradfitz@tailscale.com> Signed-off-by: Maisem Ali <maisem@tailscale.com>
2025-08-11 21:27:31 +00:00 · 2022-04-20 17:36:19 -07:00
parent 13f75b9667
commit 2b8b887d55
8 changed files with 212 additions and 193 deletions
--- a/tempfork/gliderlabs/ssh/example_test.go
+++ b/tempfork/gliderlabs/ssh/example_test.go
@@ -1,6 +1,7 @@
 package ssh_test

 import (
+	"errors"
 	"io"
 	"io/ioutil"

@@ -27,10 +28,19 @@ func ExampleNoPty() {

 func ExamplePublicKeyAuth() {
 	ssh.ListenAndServe(":2222", nil,
-		ssh.PublicKeyAuth(func(ctx ssh.Context, key ssh.PublicKey) bool {
-			data, _ := ioutil.ReadFile("/path/to/allowed/key.pub")
-			allowed, _, _, _, _ := ssh.ParseAuthorizedKey(data)
-			return ssh.KeysEqual(key, allowed)
+		ssh.PublicKeyAuth(func(ctx ssh.Context, key ssh.PublicKey) error {
+			data, err := ioutil.ReadFile("/path/to/allowed/key.pub")
+			if err != nil {
+				return err
+			}
+			allowed, _, _, _, err := ssh.ParseAuthorizedKey(data)
+			if err != nil {
+				return err
+			}
+			if !ssh.KeysEqual(key, allowed) {
+				return errors.New("some error")
+			}
+			return nil
 		}),
 	)
 }
--- a/tempfork/gliderlabs/ssh/server.go
+++ b/tempfork/gliderlabs/ssh/server.go
@@ -144,8 +144,8 @@ func (srv *Server) config(ctx Context) *gossh.ServerConfig {
 	if srv.PublicKeyHandler != nil {
 		config.PublicKeyCallback = func(conn gossh.ConnMetadata, key gossh.PublicKey) (*gossh.Permissions, error) {
 			applyConnMetadata(ctx, conn)
-			if ok := srv.PublicKeyHandler(ctx, key); !ok {
-				return ctx.Permissions().Permissions, fmt.Errorf("permission denied")
+			if err := srv.PublicKeyHandler(ctx, key); err != nil {
+				return ctx.Permissions().Permissions, err
 			}
 			ctx.SetValue(ContextKeyPublicKey, key)
 			return ctx.Permissions().Permissions, nil
--- a/tempfork/gliderlabs/ssh/ssh.go
+++ b/tempfork/gliderlabs/ssh/ssh.go
@@ -36,7 +36,7 @@ type Option func(*Server) error
 type Handler func(Session)

 // PublicKeyHandler is a callback for performing public key authentication.
-type PublicKeyHandler func(ctx Context, key PublicKey) bool
+type PublicKeyHandler func(ctx Context, key PublicKey) error

 // PasswordHandler is a callback for performing password authentication.
 type PasswordHandler func(ctx Context, password string) bool