yves-biener/wish-serve
1
0
Fork 0
Code Issues Pull Requests Actions Releases 11 Activity

feat: keyboard interactive login for unlimited access configurations
Some checks failed
Go Project Action / Spell-check and test go project (push) Failing after 54s
Details

Browse Source 
If users are limited they are only allowed to authenticate via their ssh
private-public key-pair, which the configuration holds for each accepted
user accordingly.
This commit is contained in:
Yves Biener
2025-11-08 12:36:06 +01:00
parent c6d270fc36
commit a016b15508
1 changed files with 10 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
internal/serve/serve.go
View File

@@ -15,6 +15,7 @@ import (
"github.com/charmbracelet/wish" "github.com/charmbracelet/wish"
"github.com/charmbracelet/wish/activeterm" "github.com/charmbracelet/wish/activeterm"
"github.com/charmbracelet/wish/logging" "github.com/charmbracelet/wish/logging"
gossh "golang.org/x/crypto/ssh"
) )
// Setup default logger to append or create a new log file `log` in the current // Setup default logger to append or create a new log file `log` in the current
@@ -51,6 +52,15 @@ func setupSshServer(host string, port string, host_key_path string, users map[st
} }
return false return false
}), }),
wish.WithKeyboardInteractiveAuth(func(_ ssh.Context, _ gossh.KeyboardInteractiveChallenge) bool {
if len(users) == 0 {
// no users provided, meaning there is no user authentication, everyone is allowed to connect
return true
}
// NOTE interactive logins through keyboard challenges shall not be allowed; use
// ssh public-private key-pairs instead for limited access
return false
}),
ssh.AllocatePty(), ssh.AllocatePty(),
wish.WithMiddleware( wish.WithMiddleware(
func(next ssh.Handler) ssh.Handler { func(next ssh.Handler) ssh.Handler {