func NewServer() (err error) {
// An SSH server is represented by a ServerConfig, which holds
// certificate details and handles authentication of ServerConns.
config := new(ssh.ServerConfig)
config.PublicKeyCallback = HandlePublicKeyCallback
config.AuthLogCallback = HandleAuthLogCallback
key, err := osext.ReadHostKeys(HostKeysDir)
if err != nil {
return
}
for _, v := range key {
signer, err := ssh.ParsePrivateKey(v)
if err != nil {
return err
}
config.AddHostKey(signer)
}
// Once a ServerConfig has been configured, connections can be
// accepted.
conn, err := net.Listen("tcp", ":22")
if err != nil {
log.Fatal("Failed to listen for connection: ", err)
}
for {
sConn, err := conn.Accept()
if err != nil {
log.Printf("conn.Accept: %s", err)
continue
}
sshconn, chans, reqs, err := ssh.NewServerConn(sConn, config)
if err != nil {
log.Printf("ssh.NewServerConn: Failed to handshake: %s", err)
continue
}
// The incoming Request channel must be serviced.
go ssh.DiscardRequests(reqs)
// Handle the incomming request
go HandleServerConn(sshconn, chans)
}
}
func TestAuth(t *testing.T) {
a, b, err := netPipe()
if err != nil {
t.Fatalf("netPipe: %v", err)
}
defer a.Close()
defer b.Close()
agent, _, cleanup := startAgent(t)
defer cleanup()
if err := agent.Add(testPrivateKeys["rsa"], nil, "comment"); err != nil {
t.Errorf("Add: %v", err)
}
serverConf := ssh.ServerConfig{}
serverConf.AddHostKey(testSigners["rsa"])
serverConf.PublicKeyCallback = func(c ssh.ConnMetadata, key ssh.PublicKey) (*ssh.Permissions, error) {
if bytes.Equal(key.Marshal(), testPublicKeys["rsa"].Marshal()) {
return nil, nil
}
return nil, errors.New("pubkey rejected")
}
go func() {
conn, _, _, err := ssh.NewServerConn(a, &serverConf)
if err != nil {
t.Fatalf("Server: %v", err)
}
conn.Close()
}()
conf := ssh.ClientConfig{}
conf.Auth = append(conf.Auth, ssh.PublicKeysCallback(agent.Signers))
conn, _, _, err := ssh.NewClientConn(b, "", &conf)
if err != nil {
t.Fatalf("NewClientConn: %v", err)
}
conn.Close()
}
