From 97db59d67faee6204e078b1a37de2d2ef10b4dee Mon Sep 17 00:00:00 2001
From: Paul Buetow <pbuetow@mimecast.com>
Date: Wed, 13 May 2020 11:43:59 +0100
Subject: add more ssh key debugging

---
 internal/ssh/server/publickeycallback.go | 19 +++++++++++--------
 1 file changed, 11 insertions(+), 8 deletions(-)

(limited to 'internal/ssh')

diff --git a/internal/ssh/server/publickeycallback.go b/internal/ssh/server/publickeycallback.go
index 757def7..b9c79a1 100644
--- a/internal/ssh/server/publickeycallback.go
+++ b/internal/ssh/server/publickeycallback.go
@@ -14,7 +14,7 @@ import (
 )
 
 // PublicKeyCallback is for the server to check whether a public SSH key is authorized ot not.
-func PublicKeyCallback(c gossh.ConnMetadata, pubKey gossh.PublicKey) (*gossh.Permissions, error) {
+func PublicKeyCallback(c gossh.ConnMetadata, offeredPubKey gossh.PublicKey) (*gossh.Permissions, error) {
 	user := user.New(c.User(), c.RemoteAddr().String())
 	logger.Info(user, "Incoming authorization")
 
@@ -41,22 +41,25 @@ func PublicKeyCallback(c gossh.ConnMetadata, pubKey gossh.PublicKey) (*gossh.Per
 
 	authorizedKeysMap := map[string]bool{}
 	for len(authorizedKeysBytes) > 0 {
-		pubKey, _, _, rest, err := gossh.ParseAuthorizedKey(authorizedKeysBytes)
+		authorizedPubKey, _, _, restBytes, err := gossh.ParseAuthorizedKey(authorizedKeysBytes)
 		if err != nil {
 			return nil, fmt.Errorf("Unable to parse authorized keys bytes|%s|%s", user, err.Error())
 		}
-		authorizedKeysMap[string(pubKey.Marshal())] = true
-		authorizedKeysBytes = rest
+		authorizedKeysMap[string(authorizedPubKey.Marshal())] = true
+		authorizedKeysBytes = restBytes
+
+		logger.Debug(user, "Authorized public key fingerprint", gossh.FingerprintSHA256(authorizedPubKey))
 	}
 
-	if authorizedKeysMap[string(pubKey.Marshal())] {
-		logger.Debug("Public key fingerprint", gossh.FingerprintSHA256(pubKey), user)
+	logger.Debug(user, "Offered public key fingerprint", gossh.FingerprintSHA256(offeredPubKey))
+
+	if authorizedKeysMap[string(offeredPubKey.Marshal())] {
 		return &gossh.Permissions{
 			Extensions: map[string]string{
-				"pubkey-fp": gossh.FingerprintSHA256(pubKey),
+				"pubkey-fp": gossh.FingerprintSHA256(offeredPubKey),
 			},
 		}, nil
 	}
 
-	return nil, fmt.Errorf("Unknown public key|%s", user)
+	return nil, fmt.Errorf("%s|Public key of user not authorized", user)
 }
-- 
cgit v1.2.3