diff options
| author | Brad Fitzpatrick <bradfitz@tailscale.com> | 2022-10-11 15:24:36 -0700 |
|---|---|---|
| committer | Brad Fitzpatrick <bradfitz@tailscale.com> | 2022-10-11 20:03:13 -0700 |
| commit | 493b5b9b57acb5485505d58692b82a8b04b48f08 (patch) | |
| tree | cae19cfbfdbd4c706c2e111bf5702004ad022303 | |
| parent | e24de8a617d202f7eef9e7158c16196b21cf5dca (diff) | |
| download | tailscale-bradfitz/keyboard-interactive.tar.xz tailscale-bradfitz/keyboard-interactive.zip | |
cmd/ssh-auth-none-demo: WIP demo of KeyboardInteractivebradfitz/keyboard-interactive
Change-Id: I59525f2070ecdaaa5ebf140f39c665e906116c24
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
| -rw-r--r-- | cmd/ssh-auth-none-demo/ssh-auth-none-demo.go | 44 |
1 files changed, 21 insertions, 23 deletions
diff --git a/cmd/ssh-auth-none-demo/ssh-auth-none-demo.go b/cmd/ssh-auth-none-demo/ssh-auth-none-demo.go index f92c80ae4..724307e3f 100644 --- a/cmd/ssh-auth-none-demo/ssh-auth-none-demo.go +++ b/cmd/ssh-auth-none-demo/ssh-auth-none-demo.go @@ -62,30 +62,28 @@ func main() { Addr: *addr, Version: "Tailscale", Handler: handleSessionPostSSHAuth, + KeyboardInteractiveHandler: func(ctx ssh.Context, challenge gossh.KeyboardInteractiveChallenge) bool { + log.Printf("XXXX here") + challenge("Tailscale SSH", "\nTailscale SSH needs blah blah\nGo to:\n\n https://example.com\n\n", nil, nil) + + // ans, err := challenge("tailscale-check", + // "instruction", + // []string{"question1\n", "question2-noecho\n"}, + // []bool{true, false}) + // if err != nil { + // log.Printf("Error: %v", err) + // return false + // } + // ok := ctx.User() == "testuser" && ans[0] == "a1" && ans[1] == "a2" + // if ok { + // return true + // } + // log.Printf("failed") + time.Sleep(5 * time.Second) + return true + }, ServerConfigCallback: func(ctx ssh.Context) *gossh.ServerConfig { - start := time.Now() return &gossh.ServerConfig{ - NextAuthMethodCallback: func(conn gossh.ConnMetadata, prevErrors []error) []string { - return []string{"tailscale"} - }, - NoClientAuth: true, // required for the NoClientAuthCallback to run - NoClientAuthCallback: func(cm gossh.ConnMetadata) (*gossh.Permissions, error) { - cm.SendAuthBanner(fmt.Sprintf("# Banner: doing none auth at %v\r\n", time.Since(start))) - - totalBanners := 2 - if cm.User() == "banners" { - totalBanners = 5 - } - for banner := 2; banner <= totalBanners; banner++ { - time.Sleep(time.Second) - if banner == totalBanners { - cm.SendAuthBanner(fmt.Sprintf("# Banner%d: access granted at %v\r\n", banner, time.Since(start))) - } else { - cm.SendAuthBanner(fmt.Sprintf("# Banner%d at %v\r\n", banner, time.Since(start))) - } - } - return nil, nil - }, BannerCallback: func(cm gossh.ConnMetadata) string { log.Printf("Got connection from user %q, %q from %v", cm.User(), cm.ClientVersion(), cm.RemoteAddr()) return fmt.Sprintf("# Banner for user %q, %q\n", cm.User(), cm.ClientVersion()) @@ -106,7 +104,7 @@ func main() { } func handleSessionPostSSHAuth(s ssh.Session) { - log.Printf("Started session from user %q", s.User()) + log.Printf("Started session from userxXXX %q", s.User()) fmt.Fprintf(s, "Hello user %q, it worked.\n", s.User()) // Abort the session on Control-C or Control-D. |