func NewServer() (err error) { // An SSH server is represented by a ServerConfig, which holds // certificate details and handles authentication of ServerConns. config := new(ssh.ServerConfig) config.PublicKeyCallback = HandlePublicKeyCallback config.AuthLogCallback = HandleAuthLogCallback key, err := osext.ReadHostKeys(HostKeysDir) if err != nil { return } for _, v := range key { signer, err := ssh.ParsePrivateKey(v) if err != nil { return err } config.AddHostKey(signer) } // Once a ServerConfig has been configured, connections can be // accepted. conn, err := net.Listen("tcp", ":22") if err != nil { log.Fatal("Failed to listen for connection: ", err) } for { sConn, err := conn.Accept() if err != nil { log.Printf("conn.Accept: %s", err) continue } sshconn, chans, reqs, err := ssh.NewServerConn(sConn, config) if err != nil { log.Printf("ssh.NewServerConn: Failed to handshake: %s", err) continue } // The incoming Request channel must be serviced. go ssh.DiscardRequests(reqs) // Handle the incomming request go HandleServerConn(sshconn, chans) } }
func TestAuth(t *testing.T) { a, b, err := netPipe() if err != nil { t.Fatalf("netPipe: %v", err) } defer a.Close() defer b.Close() agent, _, cleanup := startAgent(t) defer cleanup() if err := agent.Add(testPrivateKeys["rsa"], nil, "comment"); err != nil { t.Errorf("Add: %v", err) } serverConf := ssh.ServerConfig{} serverConf.AddHostKey(testSigners["rsa"]) serverConf.PublicKeyCallback = func(c ssh.ConnMetadata, key ssh.PublicKey) (*ssh.Permissions, error) { if bytes.Equal(key.Marshal(), testPublicKeys["rsa"].Marshal()) { return nil, nil } return nil, errors.New("pubkey rejected") } go func() { conn, _, _, err := ssh.NewServerConn(a, &serverConf) if err != nil { t.Fatalf("Server: %v", err) } conn.Close() }() conf := ssh.ClientConfig{} conf.Auth = append(conf.Auth, ssh.PublicKeysCallback(agent.Signers)) conn, _, _, err := ssh.NewClientConn(b, "", &conf) if err != nil { t.Fatalf("NewClientConn: %v", err) } conn.Close() }