func main() {
if len(os.Args) != 2 {
usage()
return
}
conf := os.Args[1]
c, err := parseConf(conf)
if err != nil {
panic(err)
}
hostPrivateKey, err := ioutil.ReadFile(c.HostKey)
if err != nil {
panic(err)
}
hostSigner, err := ssh.ParsePrivateKey(hostPrivateKey)
if err != nil {
panic(err)
}
users, err := parseAuthFile(c.AuthKeys)
if err != nil {
panic(err)
}
hasDefaults := false
for _, h := range c.Hosts {
if h.NoAuth {
hasDefaults = true
break
}
}
auth := func(_ ssh.ConnMetadata, key ssh.PublicKey) (*sshmux.User, error) {
t := key.Type()
k := key.Marshal()
for i := range users {
candidate := users[i].PublicKey
if t == candidate.Type() && bytes.Compare(k, candidate.Marshal()) == 0 {
return users[i], nil
}
}
if hasDefaults {
return nil, nil
}
return nil, errors.New("access denied")
}
setup := func(session *sshmux.Session) error {
outer:
for _, h := range c.Hosts {
if h.NoAuth {
session.Remotes = append(session.Remotes, h.Address)
continue outer
}
for _, u := range h.Users {
if u == session.User.Name {
session.Remotes = append(session.Remotes, h.Address)
continue outer
}
}
}
return nil
}
server := sshmux.New(hostSigner, auth, setup)
// Set up listener
l, err := net.Listen("tcp", c.Address)
if err != nil {
panic(err)
}
server.Serve(l)
}
func main() {
// Config
if len(os.Args) != 2 {
usage()
return
}
conf := os.Args[1]
c, err := parseConf(conf)
if err != nil {
panic(err)
}
hostPrivateKey, err := ioutil.ReadFile(c.HostKey)
if err != nil {
panic(err)
}
hostSigner, err := ssh.ParsePrivateKey(hostPrivateKey)
if err != nil {
panic(err)
}
users, err := parseAuthFile(c.AuthKeys)
if err != nil {
panic(err)
}
hasDefaults := false
for _, h := range c.Hosts {
if h.NoAuth {
hasDefaults = true
break
}
}
// sshmux setup
auth := func(c ssh.ConnMetadata, key ssh.PublicKey) (*sshmux.User, error) {
t := key.Type()
k := key.Marshal()
for i := range users {
candidate := users[i].PublicKey
if t == candidate.Type() && bytes.Compare(k, candidate.Marshal()) == 0 {
return users[i], nil
}
}
if hasDefaults {
return nil, nil
}
log.Printf("%s: access denied (username: %s)", c.RemoteAddr(), c.User())
return nil, errors.New("access denied")
}
setup := func(session *sshmux.Session) error {
if session.User != nil {
log.Printf("%s: %s authorized (username: %s)", session.Conn.RemoteAddr(), session.User.Name, session.Conn.User())
} else {
log.Printf("%s: unknown user authorized (username: %s)", session.Conn.RemoteAddr(), session.Conn.User())
}
outer:
for _, h := range c.Hosts {
if h.NoAuth {
session.Remotes = append(session.Remotes, h.Address)
continue outer
}
for _, u := range h.Users {
if u == session.User.Name {
session.Remotes = append(session.Remotes, h.Address)
continue outer
}
}
}
return nil
}
server := sshmux.New(hostSigner, auth, setup)
server.Selected = func(session *sshmux.Session, remote string) error {
log.Printf("%s: %s connecting to %s", session.Conn.RemoteAddr(), session.User.Name, remote)
return nil
}
// Set up listener
l, err := net.Listen("tcp", c.Address)
if err != nil {
panic(err)
}
server.Serve(l)
}