Skip to content

Commit

Permalink
feat: use authorized_keys to limit user accounts
Browse files Browse the repository at this point in the history
having an authorized_keys file will limit the users who can access the
charm server to only those specified in the file

Related: #55
  • Loading branch information
aymanbagabas committed Mar 24, 2022
1 parent e29b93c commit 0998ccc
Show file tree
Hide file tree
Showing 2 changed files with 12 additions and 3 deletions.
3 changes: 2 additions & 1 deletion proto/errors.go
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ package proto

import (
"errors"
"fmt"
)

// ErrMalformedKey parsing error for bad ssh key.
Expand Down Expand Up @@ -40,7 +41,7 @@ type ErrAuthFailed struct {
}

// Error returns the boxed error string.
func (e ErrAuthFailed) Error() string { return e.Err.Error() }
func (e ErrAuthFailed) Error() string { return fmt.Sprintf("authentication failed: %s", e.Err) }

// Unwrap returns the boxed error.
func (e ErrAuthFailed) Unwrap() error { return e.Err }
12 changes: 10 additions & 2 deletions server/ssh.go
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,8 @@ import (
"encoding/json"
"fmt"
"log"
"os"
"path/filepath"
"time"

charm "github.com/charmbracelet/charm/proto"
Expand Down Expand Up @@ -53,7 +55,7 @@ func NewSSHServer(cfg *Config) (*SSHServer, error) {
linkRequests: make(map[charm.Token]chan *charm.Link),
}
}
srv, err := wish.NewServer(
opts := []ssh.Option{
wish.WithAddress(addr),
wish.WithHostKeyPEM(cfg.PrivateKey),
wish.WithPublicKeyAuth(s.authHandler),
Expand All @@ -63,7 +65,13 @@ func NewSSHServer(cfg *Config) (*SSHServer, error) {
s.sshMiddleware(),
),
),
)
}
fp := filepath.Join(cfg.DataDir, ".ssh", "authorized_keys")
if _, err := os.Stat(fp); err == nil {
log.Print("Loading authorized_keys from ", fp)
opts = append(opts, wish.WithAuthorizedKeys(fp))
}
srv, err := wish.NewServer(opts...)
if err != nil {
return nil, err
}
Expand Down

0 comments on commit 0998ccc

Please sign in to comment.