Upgrade Gliderlabs SSH to 0.3.3 and add FailedConnectionCallback (#16278)

* Upgrade Gliderlabs SSH to 0.3.3 and add FailedConnectionCallback Following the merging of https://github.com/gliderlabs/ssh/pull/143 we can now report connections to the ssh server that have failed before public key exchange has completed using the standard fail2ban message. This PR updates Gliderlabs SSH and adds a callback that will provide this logging. Signed-off-by: Andrew Thornton <art27@cantab.net> * move the callback to its own function to make the logging appear little nicer Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-06-28 18:05:27 +01:00 · 2021-06-28 18:05:27 +01:00 · f825f20d49
commit f825f20d49
parent 5c80ecc2f7
31 changed files with 368 additions and 31 deletions
--- a/vendor/github.com/gliderlabs/ssh/circle.yml
+++ b/vendor/github.com/gliderlabs/ssh/circle.yml
@ -9,9 +9,9 @@ jobs:
    - run: go get
    - run: go test -v -race

-  build-go-1.9:
+  build-go-1.12:
    docker:
-    - image: golang:1.9
+    - image: golang:1.12
    working_directory: /go/src/github.com/gliderlabs/ssh
    steps:
    - checkout
@ -23,4 +23,4 @@ workflows:
  build:
    jobs:
      - build-go-latest
-      - build-go-1.9
+      - build-go-1.12
--- a/vendor/github.com/gliderlabs/ssh/context.go
+++ b/vendor/github.com/gliderlabs/ssh/context.go
@ -140,7 +140,10 @@ func (ctx *sshContext) ServerVersion() string {
 }

 func (ctx *sshContext) RemoteAddr() net.Addr {
-	return ctx.Value(ContextKeyRemoteAddr).(net.Addr)
+	if addr, ok := ctx.Value(ContextKeyRemoteAddr).(net.Addr); ok {
+		return addr
+	}
+	return nil
 }

 func (ctx *sshContext) LocalAddr() net.Addr {
--- a/vendor/github.com/gliderlabs/ssh/go.mod
+++ b/vendor/github.com/gliderlabs/ssh/go.mod
@ -0,0 +1,9 @@
+module github.com/gliderlabs/ssh
+
+go 1.12
+
+require (
+	github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be
+	golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e
+	golang.org/x/sys v0.0.0-20210616094352-59db8d763f22 // indirect
+)
--- a/vendor/github.com/gliderlabs/ssh/go.sum
+++ b/vendor/github.com/gliderlabs/ssh/go.sum
@ -0,0 +1,13 @@
+github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFIImctFaOjnTIavg87rW78vTPkQqLI8=
+github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be/go.mod h1:ySMOLuWl6zY27l47sB3qLNK6tF2fkHG55UZxx8oIVo4=
+golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e h1:gsTQYXdTw2Gq7RBsWvlQ91b+aEQ6bXFUngBGuR8sPpI=
+golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
+golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
+golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210616094352-59db8d763f22 h1:RqytpXGR1iVNX7psjB3ff8y7sNFinVFvkx1c8SjBkio=
+golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1 h1:v+OssWQX+hTHEmOBgwxdZxK4zHq3yOs8F9J7mk0PY8E=
+golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
+golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
--- a/vendor/github.com/gliderlabs/ssh/server.go
+++ b/vendor/github.com/gliderlabs/ssh/server.go
@ -48,6 +48,8 @@ type Server struct {
 	ServerConfigCallback          ServerConfigCallback          // callback for configuring detailed SSH options
 	SessionRequestCallback        SessionRequestCallback        // callback for allowing or denying SSH sessions

+	ConnectionFailedCallback ConnectionFailedCallback // callback to report connection failures
+
 	IdleTimeout time.Duration // connection timeout when no activity, none if empty
 	MaxTimeout  time.Duration // absolute connection timeout, none if empty

@ -278,7 +280,9 @@ func (srv *Server) HandleConn(newConn net.Conn) {
 	defer conn.Close()
 	sshConn, chans, reqs, err := gossh.NewServerConn(conn, srv.config(ctx))
 	if err != nil {
-		// TODO: trigger event callback
+		if srv.ConnectionFailedCallback != nil {
+			srv.ConnectionFailedCallback(conn, err)
+		}
 		return
 	}

--- a/vendor/github.com/gliderlabs/ssh/session.go
+++ b/vendor/github.com/gliderlabs/ssh/session.go
@ -14,7 +14,7 @@ import (

 // Session provides access to information about an SSH session and methods
 // to read and write to the SSH channel with an embedded Channel interface from
-// cypto/ssh.
+// crypto/ssh.
 //
 // When Command() returns an empty slice, the user requested a shell. Otherwise
 // the user is performing an exec with those command arguments.
--- a/vendor/github.com/gliderlabs/ssh/ssh.go
+++ b/vendor/github.com/gliderlabs/ssh/ssh.go
@ -64,6 +64,10 @@ type ReversePortForwardingCallback func(ctx Context, bindHost string, bindPort u
 // ServerConfigCallback is a hook for creating custom default server configs
 type ServerConfigCallback func(ctx Context) *gossh.ServerConfig

+// ConnectionFailedCallback is a hook for reporting failed connections
+// Please note: the net.Conn is likely to be closed at this point
+type ConnectionFailedCallback func(conn net.Conn, err error)
+
 // Window represents the size of a PTY window.
 type Window struct {
 	Width  int