diff options
| author | Paul Buetow <paul@buetow.org> | 2026-03-08 09:32:13 +0200 |
|---|---|---|
| committer | Paul Buetow <paul@buetow.org> | 2026-03-08 09:32:13 +0200 |
| commit | 91b83a9ffcabf7264888cf84b95f08b8cc88c832 (patch) | |
| tree | 009b7bded9db99dcb02e3a55314c4b624304bdba /internal/server/server.go | |
| parent | 2007054d77b5bc40c943a9fd64874e850c750f2d (diff) | |
task: scope auth key dependencies to server instances (task 375)
Diffstat (limited to 'internal/server/server.go')
| -rw-r--r-- | internal/server/server.go | 21 |
1 files changed, 18 insertions, 3 deletions
diff --git a/internal/server/server.go b/internal/server/server.go index 943defa..72094ef 100644 --- a/internal/server/server.go +++ b/internal/server/server.go @@ -37,6 +37,8 @@ type Server struct { cont *continuous // Authentication strategies keyed by SSH username. authStrategies map[string]authStrategy + // In-memory auth key cache for fast reconnect. + authKeyStore *server.AuthKeyStore } type authStrategy func(*user.User, string, string) bool @@ -48,7 +50,6 @@ func New(cfg config.RuntimeConfig) *Server { } dlog.Server.Info("Starting server", version.String()) - server.ConfigureAuthKeyStore(cfg.Server.AuthKeyTTLSeconds, cfg.Server.AuthKeyMaxPerUser) s := Server{ cfg: cfg, @@ -64,11 +65,19 @@ func New(cfg config.RuntimeConfig) *Server { tailLimiter: make(chan struct{}, cfg.Server.MaxConcurrentTails), sched: newScheduler(cfg), cont: newContinuous(cfg), + authKeyStore: server.NewAuthKeyStore( + time.Duration(cfg.Server.AuthKeyTTLSeconds)*time.Second, + cfg.Server.AuthKeyMaxPerUser, + ), } s.authStrategies = s.newAuthStrategies() s.sshServerConfig.PasswordCallback = s.Callback - s.sshServerConfig.PublicKeyCallback = server.PublicKeyCallback + s.sshServerConfig.PublicKeyCallback = server.NewPublicKeyCallback( + cfg.Server.AuthKeyEnabled, + cfg.Common.CacheDir, + s.authKeyStore, + ) private, err := gossh.ParsePrivateKey(server.PrivateHostKey()) if err != nil { @@ -222,7 +231,13 @@ func (s *Server) handleShellRequest(ctx context.Context, sshConn gossh.Conn, case config.HealthUser: handler = handlers.NewHealthHandler(user) default: - handler = handlers.NewServerHandler(user, s.catLimiter, s.tailLimiter, s.cfg.Server) + handler = handlers.NewServerHandler( + user, + s.catLimiter, + s.tailLimiter, + s.cfg.Server, + s.authKeyStore, + ) } terminate := func() { |