diff options
| author | Paul Buetow <pbuetow@mimecast.com> | 2020-05-13 11:43:59 +0100 |
|---|---|---|
| committer | Paul Buetow <pbuetow@mimecast.com> | 2020-05-13 11:43:59 +0100 |
| commit | a4f9c9ae0438854493b9648b4347bd59f2c6e7dc (patch) | |
| tree | 113cd2cf31ddc6a4c5dd64436f7749a92242eddf /internal/ssh | |
| parent | e0b1bbb42f88a165965a340e614db6e86f66b8a6 (diff) | |
add more ssh key debugging
Diffstat (limited to 'internal/ssh')
| -rw-r--r-- | internal/ssh/server/publickeycallback.go | 19 |
1 files changed, 11 insertions, 8 deletions
diff --git a/internal/ssh/server/publickeycallback.go b/internal/ssh/server/publickeycallback.go index 757def7..b9c79a1 100644 --- a/internal/ssh/server/publickeycallback.go +++ b/internal/ssh/server/publickeycallback.go @@ -14,7 +14,7 @@ import ( ) // PublicKeyCallback is for the server to check whether a public SSH key is authorized ot not. -func PublicKeyCallback(c gossh.ConnMetadata, pubKey gossh.PublicKey) (*gossh.Permissions, error) { +func PublicKeyCallback(c gossh.ConnMetadata, offeredPubKey gossh.PublicKey) (*gossh.Permissions, error) { user := user.New(c.User(), c.RemoteAddr().String()) logger.Info(user, "Incoming authorization") @@ -41,22 +41,25 @@ func PublicKeyCallback(c gossh.ConnMetadata, pubKey gossh.PublicKey) (*gossh.Per authorizedKeysMap := map[string]bool{} for len(authorizedKeysBytes) > 0 { - pubKey, _, _, rest, err := gossh.ParseAuthorizedKey(authorizedKeysBytes) + authorizedPubKey, _, _, restBytes, err := gossh.ParseAuthorizedKey(authorizedKeysBytes) if err != nil { return nil, fmt.Errorf("Unable to parse authorized keys bytes|%s|%s", user, err.Error()) } - authorizedKeysMap[string(pubKey.Marshal())] = true - authorizedKeysBytes = rest + authorizedKeysMap[string(authorizedPubKey.Marshal())] = true + authorizedKeysBytes = restBytes + + logger.Debug(user, "Authorized public key fingerprint", gossh.FingerprintSHA256(authorizedPubKey)) } - if authorizedKeysMap[string(pubKey.Marshal())] { - logger.Debug("Public key fingerprint", gossh.FingerprintSHA256(pubKey), user) + logger.Debug(user, "Offered public key fingerprint", gossh.FingerprintSHA256(offeredPubKey)) + + if authorizedKeysMap[string(offeredPubKey.Marshal())] { return &gossh.Permissions{ Extensions: map[string]string{ - "pubkey-fp": gossh.FingerprintSHA256(pubKey), + "pubkey-fp": gossh.FingerprintSHA256(offeredPubKey), }, }, nil } - return nil, fmt.Errorf("Unknown public key|%s", user) + return nil, fmt.Errorf("%s|Public key of user not authorized", user) } |