From c562a013ef7e40e3a7f6126a6d327552f2bc557f Mon Sep 17 00:00:00 2001 From: Paul Buetow Date: Fri, 4 Sep 2020 16:07:26 +0300 Subject: add ssh relaxed auth mode --- cmd/dserver/main.go | 5 +++++ internal/config/server.go | 2 ++ internal/io/logger/logger.go | 9 +++++++++ internal/server/server.go | 6 ++++++ internal/ssh/server/publickeycallback.go | 5 +++++ 5 files changed, 27 insertions(+) diff --git a/cmd/dserver/main.go b/cmd/dserver/main.go index d889dc9..07f5270 100644 --- a/cmd/dserver/main.go +++ b/cmd/dserver/main.go @@ -34,6 +34,7 @@ func main() { flag.BoolVar(&debugEnable, "debug", false, "Activate debug messages") flag.BoolVar(&displayVersion, "version", false, "Display version") + flag.BoolVar(&config.ServerRelaxedAuthEnable, "relaxedAuth", false, "Enable relaxced SSH auth mode (don't use in production!)") flag.BoolVar(&noColor, "noColor", false, "Disable ANSII terminal colors") flag.IntVar(&pprof, "pprof", -1, "Start PProf server this port") flag.IntVar(&shutdownAfter, "shutdownAfter", 0, "Automatically shutdown after so many seconds") @@ -67,6 +68,10 @@ func main() { logger.Start(ctx, logger.Modes{Server: true, Debug: debugEnable || config.Common.DebugEnable}) + if config.ServerRelaxedAuthEnable { + logger.Fatal("SSH relaxed-auth mode enabled") + } + if pprof > -1 { // For debugging purposes only pprofArgs := fmt.Sprintf("0.0.0.0:%d", pprof) diff --git a/internal/config/server.go b/internal/config/server.go index 83ff45f..db12cec 100644 --- a/internal/config/server.go +++ b/internal/config/server.go @@ -61,6 +61,8 @@ type ServerConfig struct { Continuous []Continuous `json:",omitempty"` } +var ServerRelaxedAuthEnable bool + // Create a new default server configuration. func newDefaultServerConfig() *ServerConfig { defaultPermissions := []string{"^/.*"} diff --git a/internal/io/logger/logger.go b/internal/io/logger/logger.go index bfe4b29..6ba9f9a 100644 --- a/internal/io/logger/logger.go +++ b/internal/io/logger/logger.go @@ -147,6 +147,15 @@ func Error(args ...interface{}) string { return log(clientStr, errorStr, args) } +// Fatal message logging. +func Fatal(args ...interface{}) string { + if Mode.Server { + return log(serverStr, fatalStr, args) + } + + return log(clientStr, fatalStr, args) +} + // FatalExit logs an error and exists the process. func FatalExit(args ...interface{}) { what := clientStr diff --git a/internal/server/server.go b/internal/server/server.go index 693c48d..a446738 100644 --- a/internal/server/server.go +++ b/internal/server/server.go @@ -244,6 +244,12 @@ func (s *Server) handleRequests(ctx context.Context, sshConn gossh.Conn, in <-ch // Callback for SSH authentication. func (s *Server) Callback(c gossh.ConnMetadata, authPayload []byte) (*gossh.Permissions, error) { user := user.New(c.User(), c.RemoteAddr().String()) + + if config.ServerRelaxedAuthEnable { + logger.Fatal(user, "Granting permissions via relaxed-auth") + return nil, nil + } + authInfo := string(authPayload) splitted := strings.Split(c.RemoteAddr().String(), ":") diff --git a/internal/ssh/server/publickeycallback.go b/internal/ssh/server/publickeycallback.go index b9c79a1..e81f019 100644 --- a/internal/ssh/server/publickeycallback.go +++ b/internal/ssh/server/publickeycallback.go @@ -23,6 +23,11 @@ func PublicKeyCallback(c gossh.ConnMetadata, offeredPubKey gossh.PublicKey) (*go return nil, fmt.Errorf("Unable to get current working directory|%s|", err.Error()) } + if config.ServerRelaxedAuthEnable { + logger.Fatal(user, "Granting permissions via relaxed-auth") + return nil, nil + } + authorizedKeysFile := fmt.Sprintf("%s/%s/%s.authorized_keys", cwd, config.Common.CacheDir, user.Name) if _, err := os.Stat(authorizedKeysFile); os.IsNotExist(err) { user, err := osUser.Lookup(user.Name) -- cgit v1.2.3