func (ih *InputHandler) createSession(config *InputEntry) (session *ssh.Session, err error) {
var authMethod []ssh.AuthMethod
var key *ssh.Signer
if !config.Cred.IsPasswordAuth() {
key, err = ih.parsePrivateKey(config.Cred.Identity)
if err != nil {
return
}
authMethod = []ssh.AuthMethod{ssh.PublicKeys(*key)}
} else {
authMethod = []ssh.AuthMethod{ssh.Password(config.Cred.Pass)}
}
sshConfig := new(ssh.ClientConfig)
sshConfig.User = config.Cred.User
sshConfig.Auth = authMethod
port := uint16(22)
if config.Port != 0 {
port = config.Port
}
hostNameString := fmt.Sprintf("%s:%d", config.Host, port)
client, err := ssh.Dial("tcp", hostNameString, sshConfig)
if err != nil {
return
}
session, err = client.NewSession()
return
}
func (ssc *SSHConfig) Connect() (err tree_lib.TreeError) {
var (
client_conf ssh.ClientConfig
)
err.From = tree_lib.FROM_SSH_CONNECT
client_conf.User = ssc.Username
if len(ssc.Password) > 0 {
client_conf.Auth = []ssh.AuthMethod{ssh.Password(ssc.Password)}
} else {
client_conf.Auth = []ssh.AuthMethod{ssh_agent()}
}
ssc.conn, err.Err = ssh.Dial("tcp", fmt.Sprintf("%s:%d", ssc.Host, ssc.Port), &client_conf)
return
}
func clientDo() error {
var cc ssh.ClientConfig
cc.User = string(testUser)
cc.Auth = append(cc.Auth, ssh.Password(string(testPass)))
conn, e := ssh.Dial("tcp4", "127.0.0.1:2022", &cc)
if e != nil {
return e
}
defer conn.Close()
cl, e := client.NewClient(conn)
if e != nil {
return e
}
cl.Mkdir("/D")
cl.Chmod("/D", 0700)
cl.Remove("/D")
rs, e := cl.ReadDir("/")
if e != nil {
return e
}
tdebug(rs)
return nil
}
clientConfig = &ssh.ClientConfig{
User: "******" + processGuid + "/99",
Auth: []ssh.AuthMethod{ssh.Password(diegoCredentials)},
}
})
It("allows a client to complete a handshake", func() {
client, err := ssh.Dial("tcp", address, clientConfig)
Expect(err).NotTo(HaveOccurred())
client.Close()
})
})
Context("when a non-existent process guid is used", func() {
BeforeEach(func() {
clientConfig.User = "******"
expectedGetActualLRPRequest = &models.ActualLRPGroupByProcessGuidAndIndexRequest{
ProcessGuid: "bad-process-guid",
Index: 999,
}
actualLRPGroupResponse = &models.ActualLRPGroupResponse{
Error: models.ErrResourceNotFound,
}
})
It("attempts to acquire the lrp info from the BBS", func() {
ssh.Dial("tcp", address, clientConfig)
Expect(fakeBBS.ReceivedRequests()).To(HaveLen(1))
})
It("fails the authentication", func() {
ghttp.VerifyRequest("GET", "/internal/apps/app-guid/ssh_access"),
ghttp.RespondWithJSONEncoded(http.StatusUnauthorized, ""),
),
)
})
It("logs the authentication failure", func() {
_, err := ssh.Dial("tcp", address, clientConfig)
Expect(err).To(MatchError(ContainSubstring("ssh: handshake failed")))
Expect(runner).To(gbytes.Say("authentication-failed.*cf:app-guid/0"))
})
})
Context("when the app-guid does not exist in cc", func() {
BeforeEach(func() {
clientConfig.User = "******"
fakeCC.AppendHandlers(
ghttp.CombineHandlers(
ghttp.VerifyRequest("GET", "/internal/apps/bad-app-guid/ssh_access"),
ghttp.VerifyHeader(http.Header{"Authorization": []string{"bearer token"}}),
ghttp.RespondWithJSONEncoded(http.StatusNotFound, nil),
),
)
})
It("attempts to acquire the app info from cc", func() {
ssh.Dial("tcp", address, clientConfig)
Expect(fakeCC.ReceivedRequests()).To(HaveLen(1))
})