Exemple #1
0
func main() {
	if len(os.Args) != 2 {
		usage()
		return
	}

	conf := os.Args[1]

	c, err := parseConf(conf)
	if err != nil {
		panic(err)
	}

	hostPrivateKey, err := ioutil.ReadFile(c.HostKey)
	if err != nil {
		panic(err)
	}

	hostSigner, err := ssh.ParsePrivateKey(hostPrivateKey)
	if err != nil {
		panic(err)
	}

	users, err := parseAuthFile(c.AuthKeys)
	if err != nil {
		panic(err)
	}

	hasDefaults := false
	for _, h := range c.Hosts {
		if h.NoAuth {
			hasDefaults = true
			break
		}
	}

	auth := func(_ ssh.ConnMetadata, key ssh.PublicKey) (*sshmux.User, error) {
		t := key.Type()
		k := key.Marshal()
		for i := range users {
			candidate := users[i].PublicKey
			if t == candidate.Type() && bytes.Compare(k, candidate.Marshal()) == 0 {
				return users[i], nil
			}
		}

		if hasDefaults {
			return nil, nil
		}

		return nil, errors.New("access denied")
	}

	setup := func(session *sshmux.Session) error {
	outer:
		for _, h := range c.Hosts {
			if h.NoAuth {
				session.Remotes = append(session.Remotes, h.Address)
				continue outer
			}

			for _, u := range h.Users {
				if u == session.User.Name {
					session.Remotes = append(session.Remotes, h.Address)
					continue outer
				}
			}
		}
		return nil
	}

	server := sshmux.New(hostSigner, auth, setup)
	// Set up listener

	l, err := net.Listen("tcp", c.Address)
	if err != nil {
		panic(err)
	}

	server.Serve(l)
}
Exemple #2
0
func main() {
	// Config
	if len(os.Args) != 2 {
		usage()
		return
	}

	conf := os.Args[1]

	c, err := parseConf(conf)
	if err != nil {
		panic(err)
	}

	hostPrivateKey, err := ioutil.ReadFile(c.HostKey)
	if err != nil {
		panic(err)
	}

	hostSigner, err := ssh.ParsePrivateKey(hostPrivateKey)
	if err != nil {
		panic(err)
	}

	users, err := parseAuthFile(c.AuthKeys)
	if err != nil {
		panic(err)
	}

	hasDefaults := false
	for _, h := range c.Hosts {
		if h.NoAuth {
			hasDefaults = true
			break
		}
	}

	// sshmux setup
	auth := func(c ssh.ConnMetadata, key ssh.PublicKey) (*sshmux.User, error) {
		t := key.Type()
		k := key.Marshal()
		for i := range users {
			candidate := users[i].PublicKey
			if t == candidate.Type() && bytes.Compare(k, candidate.Marshal()) == 0 {
				return users[i], nil
			}
		}

		if hasDefaults {
			return nil, nil
		}

		log.Printf("%s: access denied (username: %s)", c.RemoteAddr(), c.User())
		return nil, errors.New("access denied")
	}

	setup := func(session *sshmux.Session) error {
		if session.User != nil {
			log.Printf("%s: %s authorized (username: %s)", session.Conn.RemoteAddr(), session.User.Name, session.Conn.User())
		} else {
			log.Printf("%s: unknown user authorized (username: %s)", session.Conn.RemoteAddr(), session.Conn.User())
		}

	outer:
		for _, h := range c.Hosts {
			if h.NoAuth {
				session.Remotes = append(session.Remotes, h.Address)
				continue outer
			}

			for _, u := range h.Users {
				if u == session.User.Name {
					session.Remotes = append(session.Remotes, h.Address)
					continue outer
				}
			}
		}
		return nil
	}

	server := sshmux.New(hostSigner, auth, setup)
	server.Selected = func(session *sshmux.Session, remote string) error {
		log.Printf("%s: %s connecting to %s", session.Conn.RemoteAddr(), session.User.Name, remote)
		return nil
	}

	// Set up listener
	l, err := net.Listen("tcp", c.Address)
	if err != nil {
		panic(err)
	}

	server.Serve(l)
}