Esempio n. 1
0
func configure(logger lager.Logger) (*ssh.ServerConfig, error) {
	errorStrings := []string{}
	sshConfig := &ssh.ServerConfig{}

	key, err := acquireHostKey(logger)
	if err != nil {
		logger.Error("failed-to-acquire-host-key", err)
		errorStrings = append(errorStrings, err.Error())
	}

	sshConfig.AddHostKey(key)
	sshConfig.NoClientAuth = *allowUnauthenticatedClients

	if *authorizedKey == "" && !*allowUnauthenticatedClients {
		logger.Error("authorized-key-required", nil)
		errorStrings = append(errorStrings, "Public user key is required")
	}

	if *authorizedKey != "" {
		decodedPublicKey, err := decodeAuthorizedKey(logger)
		if err == nil {
			authenticator := authenticators.NewPublicKeyAuthenticator(decodedPublicKey)
			sshConfig.PublicKeyCallback = authenticator.Authenticate
		} else {
			errorStrings = append(errorStrings, err.Error())
		}
	}

	err = nil
	if len(errorStrings) > 0 {
		err = errors.New(strings.Join(errorStrings, ", "))
	}

	return sshConfig, err
}
Esempio n. 2
0
		metadata  *fake_ssh.FakeConnMetadata
		clientKey ssh.PublicKey

		permissions *ssh.Permissions
		authnError  error
	)

	BeforeEach(func() {
		keyPair, err := keys.RSAKeyPairFactory.NewKeyPair(1024)
		Expect(err).NotTo(HaveOccurred())

		privateKey = keyPair.PrivateKey()
		publicKey = keyPair.PublicKey()

		authenticator = authenticators.NewPublicKeyAuthenticator(publicKey)

		metadata = &fake_ssh.FakeConnMetadata{}
		clientKey = publicKey
	})

	JustBeforeEach(func() {
		permissions, authnError = authenticator.Authenticate(metadata, clientKey)
	})

	It("creates an authenticator", func() {
		Expect(authenticator).NotTo(BeNil())
		Expect(authenticator.PublicKey()).To(Equal(publicKey))
	})

	Describe("Authenticate", func() {