feat: keyboard interactive login for unlimited access configurations
Some checks failed
Go Project Action / Spell-check and test go project (push) Failing after 54s
Some checks failed
Go Project Action / Spell-check and test go project (push) Failing after 54s
If users are limited they are only allowed to authenticate via their ssh private-public key-pair, which the configuration holds for each accepted user accordingly.
This commit is contained in:
@@ -15,6 +15,7 @@ import (
|
||||
"github.com/charmbracelet/wish"
|
||||
"github.com/charmbracelet/wish/activeterm"
|
||||
"github.com/charmbracelet/wish/logging"
|
||||
gossh "golang.org/x/crypto/ssh"
|
||||
)
|
||||
|
||||
// Setup default logger to append or create a new log file `log` in the current
|
||||
@@ -51,6 +52,15 @@ func setupSshServer(host string, port string, host_key_path string, users map[st
|
||||
}
|
||||
return false
|
||||
}),
|
||||
wish.WithKeyboardInteractiveAuth(func(_ ssh.Context, _ gossh.KeyboardInteractiveChallenge) bool {
|
||||
if len(users) == 0 {
|
||||
// no users provided, meaning there is no user authentication, everyone is allowed to connect
|
||||
return true
|
||||
}
|
||||
// NOTE interactive logins through keyboard challenges shall not be allowed; use
|
||||
// ssh public-private key-pairs instead for limited access
|
||||
return false
|
||||
}),
|
||||
ssh.AllocatePty(),
|
||||
wish.WithMiddleware(
|
||||
func(next ssh.Handler) ssh.Handler {
|
||||
|
||||
Reference in New Issue
Block a user