func configure(logger lager.Logger) (*ssh.ServerConfig, error) {
errorStrings := []string{}
sshConfig := &ssh.ServerConfig{}
key, err := acquireHostKey(logger)
if err != nil {
logger.Error("failed-to-acquire-host-key", err)
errorStrings = append(errorStrings, err.Error())
}
sshConfig.AddHostKey(key)
sshConfig.NoClientAuth = *allowUnauthenticatedClients
if *authorizedKey == "" && !*allowUnauthenticatedClients {
logger.Error("authorized-key-required", nil)
errorStrings = append(errorStrings, "Public user key is required")
}
if *authorizedKey != "" {
decodedPublicKey, err := decodeAuthorizedKey(logger)
if err == nil {
authenticator := authenticators.NewPublicKeyAuthenticator(decodedPublicKey)
sshConfig.PublicKeyCallback = authenticator.Authenticate
} else {
errorStrings = append(errorStrings, err.Error())
}
}
err = nil
if len(errorStrings) > 0 {
err = errors.New(strings.Join(errorStrings, ", "))
}
return sshConfig, err
}
metadata *fake_ssh.FakeConnMetadata
clientKey ssh.PublicKey
permissions *ssh.Permissions
authnError error
)
BeforeEach(func() {
keyPair, err := keys.RSAKeyPairFactory.NewKeyPair(1024)
Expect(err).NotTo(HaveOccurred())
privateKey = keyPair.PrivateKey()
publicKey = keyPair.PublicKey()
authenticator = authenticators.NewPublicKeyAuthenticator(publicKey)
metadata = &fake_ssh.FakeConnMetadata{}
clientKey = publicKey
})
JustBeforeEach(func() {
permissions, authnError = authenticator.Authenticate(metadata, clientKey)
})
It("creates an authenticator", func() {
Expect(authenticator).NotTo(BeNil())
Expect(authenticator.PublicKey()).To(Equal(publicKey))
})
Describe("Authenticate", func() {