Ejemplo n.º 1
0
func main() {
	conf := serverConfig()

	// start the server
	addr := fmt.Sprintf("0.0.0.0:%s", os.Args[1])
	listener, err := net.Listen("tcp", addr)
	if err != nil {
		log.Fatalf("[FATAL] failed to listen to %q, err %q", addr, err)
	}
	log.Printf("[INFO] listening to %q", addr)

	for {
		conn, err := listener.Accept()
		if err != nil {
			log.Fatalf("[FATAL] failed to accept tcp conn %q", err)
		}
		_, chs, reqs, err := ssh.NewServerConn(conn, conf)
		if err != nil {
			log.Printf("[ERROR] failed to open new ssh server conn %q", err)
			continue
		}
		// discard all requests sent outside of normal data
		go ssh.DiscardRequests(reqs)
		for ch := range chs {
			handleChannel(ch)
		}
	}
}
Ejemplo n.º 2
0
func HandleIncomingSSHConn(nConn net.Conn, config *ssh.ServerConfig) {
	DoneCh := make(chan bool)
	go TimeoutConnection(DoneCh, nConn)
	_, chans, reqs, err := ssh.NewServerConn(nConn, config)
	if err == nil {
		DoneCh <- true
	}
	// Right now that we are out of annoying people land.

	defer nConn.Close()
	go HandleSSHrequests(reqs)

	for newChannel := range chans {
		if newChannel.ChannelType() != "session" {
			newChannel.Reject(ssh.UnknownChannelType, "unknown channel type")
			log.Printf("WARNING - Rejecting %s Because they asked for a chan type %s that I don't have", nConn.RemoteAddr().String(), newChannel.ChannelType())
			continue
		}

		channel, requests, err := newChannel.Accept()
		if err != nil {
			log.Printf("WARNING - Was unable to Accept channel with %s", nConn.RemoteAddr().String())
			return
		}
		go HandleSSHrequests(requests)
		go ServeDOSTerm(channel)
	}

}
Ejemplo n.º 3
0
func (srv *Server) ServeConn(conn net.Conn) error {
	_, chans, reqs, err := ssh.NewServerConn(conn, srv.sshCfg)
	if err != nil {
		return fmt.Errorf("handshake: %v", err)
	}
	go ssh.DiscardRequests(reqs)
	for nch := range chans {
		var (
			chType = nch.ChannelType()
			chArg  = string(nch.ExtraData())
		)
		if !srv.h.AcceptSSHRaw(chType, chArg) {
			nch.Reject(ssh.UnknownChannelType, "unknown channel type")
			continue
		}
		ch, reqs, err := nch.Accept()
		if err != nil {
			return fmt.Errorf("accept: %v", err)
		}
		// FIXME: use context.Context to cleanly synchronize with handlers, block on them
		// but still be able to terminate them gracefully.
		go func(ch ssh.Channel, reqs <-chan *ssh.Request) {
			srv.h.HandleSSHRaw(chType, chArg, ch, reqs)
			ch.Close()
		}(ch, reqs)
	}
	return nil
}
Ejemplo n.º 4
0
func (l *sshListener) handle(c net.Conn) error {
	conf := ssh.ServerConfig{
		PublicKeyCallback: l.checkLogin,
	}
	conf.AddHostKey(l.id)
	_, chans, reqs, err := ssh.NewServerConn(c, &conf)
	if err != nil {
		return err
	}

	go ssh.DiscardRequests(reqs)
	for newCh := range chans {
		id := newCh.ChannelType()
		if len(id) != len(RPC_CHANNEL) {
			newCh.Reject(ssh.Prohibited, "wrong ID length")
		}

		ch, reqs, err := newCh.Accept()
		if err != nil {
			continue
		}
		go ssh.DiscardRequests(reqs)

		l.pending.add(id, ch)
	}
	return nil
}
Ejemplo n.º 5
0
func newMockLineServer(t *testing.T) string {
	l, err := net.Listen("tcp", "127.0.0.1:0")
	if err != nil {
		t.Fatalf("Unable to listen for connection: %s", err)
	}

	go func() {
		defer l.Close()
		c, err := l.Accept()
		if err != nil {
			t.Errorf("Unable to accept incoming connection: %s", err)
		}
		defer c.Close()
		conn, chans, _, err := ssh.NewServerConn(c, serverConfig)
		if err != nil {
			t.Logf("Handshaking error: %v", err)
		}
		t.Log("Accepted SSH connection")
		for newChannel := range chans {
			channel, _, err := newChannel.Accept()
			if err != nil {
				t.Errorf("Unable to accept channel.")
			}
			t.Log("Accepted channel")

			go func(channelType string) {
				defer channel.Close()
				conn.OpenChannel(channelType, nil)
			}(newChannel.ChannelType())
		}
		conn.Close()
	}()

	return l.Addr().String()
}
Ejemplo n.º 6
0
func TestSetupForwardAgent(t *testing.T) {
	a, b, err := netPipe()
	if err != nil {
		t.Fatalf("netPipe: %v", err)
	}

	defer a.Close()
	defer b.Close()

	_, socket, cleanup := startAgent(t)
	defer cleanup()

	serverConf := ssh.ServerConfig{
		NoClientAuth: true,
	}
	serverConf.AddHostKey(testSigners["rsa"])
	incoming := make(chan *ssh.ServerConn, 1)
	go func() {
		conn, _, _, err := ssh.NewServerConn(a, &serverConf)
		if err != nil {
			t.Fatalf("Server: %v", err)
		}
		incoming <- conn
	}()

	conf := ssh.ClientConfig{}
	conn, chans, reqs, err := ssh.NewClientConn(b, "", &conf)
	if err != nil {
		t.Fatalf("NewClientConn: %v", err)
	}
	client := ssh.NewClient(conn, chans, reqs)

	if err := ForwardToRemote(client, socket); err != nil {
		t.Fatalf("SetupForwardAgent: %v", err)
	}

	server := <-incoming
	ch, reqs, err := server.OpenChannel(channelType, nil)
	if err != nil {
		t.Fatalf("OpenChannel(%q): %v", channelType, err)
	}
	go ssh.DiscardRequests(reqs)

	agentClient := NewClient(ch)
	testAgentInterface(t, agentClient, testPrivateKeys["rsa"], nil)
	conn.Close()
}
Ejemplo n.º 7
0
func HandleConnection(listener net.Listener) {
	for {
		nConn, err := listener.Accept()
		go func() {
			if err != nil {
				panic("failed to accept incoming connection")
			}
			// Before use, a handshake must be performed on the incoming
			// net.Conn.
			_, chans, _, err := ssh.NewServerConn(nConn, config)
			if err == io.EOF {
				return
			}

			if err != nil {
				logfile.Printf("Handshake error: %s", err)
			}
			for newChannel := range chans {
				channel, requests, err := newChannel.Accept()
				if err != nil {
					logfile.Println("[fatal] could not accept channel.")
					continue
				}

				var term *terminal.Terminal
				term = terminal.NewTerminal(channel, "")
				go HandleSshRequests(channel, requests, term)

				logfile.Println("[channelType]: " + newChannel.ChannelType())

				//newChannel.Reject(ssh.ConnectionFailed, "")
				// Sessions have out-of-band requests such as "shell",
				// "pty-req" and "env".

				if newChannel.ChannelType() == "direct-tcpip" {
					http_request := make(map[string]string)
					HandleTcpReading(channel, term, http_request)
					go SaveHttpRequest(http_request)
				} else {
					go HandleTerminalReading(channel, term)
				}

			}
		}()
	}
}
Ejemplo n.º 8
0
func NewServer() (err error) {

	// An SSH server is represented by a ServerConfig, which holds
	// certificate details and handles authentication of ServerConns.
	config := new(ssh.ServerConfig)
	config.PublicKeyCallback = HandlePublicKeyCallback
	config.AuthLogCallback = HandleAuthLogCallback

	key, err := osext.ReadHostKeys(HostKeysDir)
	if err != nil {
		return
	}
	for _, v := range key {
		signer, err := ssh.ParsePrivateKey(v)
		if err != nil {
			return err
		}
		config.AddHostKey(signer)
	}

	// Once a ServerConfig has been configured, connections can be
	// accepted.
	conn, err := net.Listen("tcp", ":22")
	if err != nil {
		log.Fatal("Failed to listen for connection: ", err)
	}
	for {
		sConn, err := conn.Accept()
		if err != nil {
			log.Printf("conn.Accept: %s", err)
			continue
		}

		sshconn, chans, reqs, err := ssh.NewServerConn(sConn, config)
		if err != nil {
			log.Printf("ssh.NewServerConn: Failed to handshake: %s", err)
			continue
		}

		// The incoming Request channel must be serviced.
		go ssh.DiscardRequests(reqs)

		// Handle the incomming request
		go HandleServerConn(sshconn, chans)
	}
}
Ejemplo n.º 9
0
func handleConn(conn net.Conn, conf *ssh.ServerConfig) {
	defer conn.Close()
	sshConn, chans, reqs, err := ssh.NewServerConn(conn, conf)
	if err != nil {
		log.Println("Failed to handshake:", err)
		return
	}

	go ssh.DiscardRequests(reqs)

	for ch := range chans {
		if ch.ChannelType() != "session" {
			ch.Reject(ssh.UnknownChannelType, "unknown channel type")
			continue
		}
		go handleChannel(sshConn, ch)
	}
}
Ejemplo n.º 10
0
func TestAuth(t *testing.T) {
	a, b, err := netPipe()
	if err != nil {
		t.Fatalf("netPipe: %v", err)
	}

	defer a.Close()
	defer b.Close()

	agent, _, cleanup := startAgent(t)
	defer cleanup()

	if err := agent.Add(testPrivateKeys["rsa"], nil, "comment"); err != nil {
		t.Errorf("Add: %v", err)
	}

	serverConf := ssh.ServerConfig{}
	serverConf.AddHostKey(testSigners["rsa"])
	serverConf.PublicKeyCallback = func(c ssh.ConnMetadata, key ssh.PublicKey) (*ssh.Permissions, error) {
		if bytes.Equal(key.Marshal(), testPublicKeys["rsa"].Marshal()) {
			return nil, nil
		}

		return nil, errors.New("pubkey rejected")
	}

	go func() {
		conn, _, _, err := ssh.NewServerConn(a, &serverConf)
		if err != nil {
			t.Fatalf("Server: %v", err)
		}
		conn.Close()
	}()

	conf := ssh.ClientConfig{}
	conf.Auth = append(conf.Auth, ssh.PublicKeysCallback(agent.Signers))
	conn, _, _, err := ssh.NewClientConn(b, "", &conf)
	if err != nil {
		t.Fatalf("NewClientConn: %v", err)
	}
	conn.Close()
}
Ejemplo n.º 11
0
func (s *sshServer) run(c *gc.C) {
	netconn, err := s.listener.Accept()
	c.Assert(err, gc.IsNil)
	defer func() {
		err = netconn.Close()
		c.Assert(err, gc.IsNil)
	}()
	conn, chans, reqs, err := cryptossh.NewServerConn(netconn, s.cfg)
	c.Assert(err, gc.IsNil)
	s.client = cryptossh.NewClient(conn, chans, reqs)
	var wg sync.WaitGroup
	defer wg.Wait()
	sessionChannels := s.client.HandleChannelOpen("session")
	c.Assert(sessionChannels, gc.NotNil)
	for newChannel := range sessionChannels {
		c.Assert(newChannel.ChannelType(), gc.Equals, "session")
		channel, reqs, err := newChannel.Accept()
		c.Assert(err, gc.IsNil)
		wg.Add(1)
		go func() {
			defer wg.Done()
			defer channel.Close()
			for req := range reqs {
				switch req.Type {
				case "exec":
					c.Assert(req.WantReply, jc.IsTrue)
					n := binary.BigEndian.Uint32(req.Payload[:4])
					command := string(req.Payload[4 : n+4])
					c.Assert(command, gc.Equals, testCommandFlat)
					req.Reply(true, nil)
					channel.Write([]byte("abc value\n"))
					_, err := channel.SendRequest("exit-status", false, cryptossh.Marshal(&struct{ n uint32 }{0}))
					c.Assert(err, gc.IsNil)
					return
				default:
					c.Fatalf("Unexpected request type: %v", req.Type)
				}
			}
		}()
	}
}
Ejemplo n.º 12
0
func (srv *Server) serveConn(nConn net.Conn) {
	conn, chans, reqs, err := ssh.NewServerConn(nConn, srv.srvcfg)
	if err != nil {
		log.Error("failed to handshake: %s", err.Error())
		srv.Failed(nConn.RemoteAddr())
		return
	}
	defer conn.Close()

	remote := nConn.RemoteAddr()
	scs, err := srv.getConnInfo(remote)
	if err != nil {
		log.Error("%s", err.Error())
		return
	}
	defer srv.closeConn(remote)

	err = scs.Serve(conn, chans, reqs)
	if err != nil {
		log.Error("%s", err.Error())
	}
	return
}
Ejemplo n.º 13
0
func listen(config *ssh.ServerConfig, port string) {
	listener, err := net.Listen("tcp", "0.0.0.0:"+port)
	if err != nil {
		panic(err)
	}
	for {
		// Once a ServerConfig has been configured, connections can be accepted.
		conn, err := listener.Accept()
		if err != nil {
			log.Error(3, "Fail to accept incoming connection: %v", err)
			continue
		}
		// Before use, a handshake must be performed on the incoming net.Conn.
		sConn, chans, reqs, err := ssh.NewServerConn(conn, config)
		if err != nil {
			log.Error(3, "Fail to handshake: %v", err)
			continue
		}
		// The incoming Request channel must be serviced.
		go ssh.DiscardRequests(reqs)
		go handleServerConn(sConn.Permissions.Extensions["key-id"], chans)
	}
}
Ejemplo n.º 14
0
func main() {
	println("starting ssh server...")
	err := envconfig.Process("wormhole", &appConfig)
	if err != nil {
		log.Fatal(err.Error())
	}

	if appConfig.LocalSSHAddr == "" || appConfig.PrivateKeyPath == "" ||
		appConfig.RemoteSSHAddr == "" || appConfig.RemoteForwardAddress == "" ||
		appConfig.RemoteSSHUser == "" || appConfig.RemotePrivateKeyPath == "" {
		fmt.Println("Missing config")
		os.Exit(-1)
	}

	// An SSH server is represented by a ServerConfig, which holds
	// certificate details and handles authentication of ServerConns.
	config := &ssh.ServerConfig{
		PasswordCallback: func(c ssh.ConnMetadata, pass []byte) (*ssh.Permissions, error) {
			// Should use constant-time compare (or better, salt+hash) in
			// a production setting.
			if c.User() == "testuser" && string(pass) == "" {
				return nil, nil
			}
			return nil, fmt.Errorf("password rejected for %q", c.User())
		},
	}

	privateBytes, err := ioutil.ReadFile(appConfig.PrivateKeyPath)
	if err != nil {
		panic("Failed to load private key")
	}

	private, err := ssh.ParsePrivateKey(privateBytes)
	if err != nil {
		panic("Failed to parse private key")
	}

	config.AddHostKey(private)

	// Once a ServerConfig has been configured, connections can be
	// accepted.
	listener, err := net.Listen("tcp", appConfig.LocalSSHAddr)
	if err != nil {
		panic("failed to listen for connection")
	}

	for {
		nConn, err := listener.Accept()
		if err != nil {
			panic("failed to accept incoming connection")
		}

		conn, chans, reqs, err := ssh.NewServerConn(nConn, config)
		if err != nil {
			panic("failed to handshake")
		}

		go processRequests(conn, reqs)
		for newChannel := range chans {
			if newChannel.ChannelType() != "session" {
				newChannel.Reject(ssh.UnknownChannelType, "unknown channel type")
				continue
			}
			channel, requests, err := newChannel.Accept()
			if err != nil {
				panic("could not accept channel.")
			}

			go func(in <-chan *ssh.Request) {
				for req := range in {
					ok := false
					switch req.Type {
					case "shell":
						ok = true
						if len(req.Payload) > 0 {
							ok = false
						}
					}
					req.Reply(ok, nil)
				}
			}(requests)

			term := terminal.NewTerminal(channel, "> ")

			go func() {
				defer channel.Close()
				for {
					_, err := term.ReadLine()
					if err != nil {
						break
					}
				}
			}()
		}
	}
}