summaryrefslogtreecommitdiffhomepage
path: root/util/execqueue
diff options
context:
space:
mode:
authorAndrew Lytvynov <awly@tailscale.com>2024-01-05 08:02:42 -0800
committerGitHub <noreply@github.com>2024-01-05 08:02:42 -0800
commit29e98e18f84c96e66314a695cf0a0bff778bdabb (patch)
tree1fe29acec6e0aeafd7c2b4efb17d8d69bc405d98 /util/execqueue
parent124dc10261eaa62cbb52ed3c7c17f48a32a0e69d (diff)
downloadtailscale-29e98e18f84c96e66314a695cf0a0bff778bdabb.tar.xz
tailscale-29e98e18f84c96e66314a695cf0a0bff778bdabb.zip
ssh/tailssh: use a local error instead of gossh.ErrDenied (#10743)
ErrDenied was added in [our fork of x/crypto/ssh](https://github.com/golang/crypto/commit/acc6f8fe8d618cba34d44e89fdde304f98c576df) to short-circuit auth attempts once one fails. In the case of our callbacks, this error is returned when SSH policy check determines that a connection should not be allowed. Both `NoClientAuthCallback` and `PublicKeyHandler` check the policy and will fail anyway. The `fakePasswordHandler` returns true only if `NoClientAuthCallback` succeeds the policy check, so it checks it indirectly too. The difference here is that a client might attempt all 2-3 auth methods instead of just `none` but will fail to authenticate regardless. Updates #8593 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>
Diffstat (limited to 'util/execqueue')
0 files changed, 0 insertions, 0 deletions