From 43f1b741151515c072b2dc03c88c7bf5ba7732a9 Mon Sep 17 00:00:00 2001 From: Samuel Melrose Date: Tue, 7 Feb 2017 10:07:54 +0000 Subject: [PATCH] Properly Close Connections & Single User Overide --- .gitignore | 1 + config.go | 1 + forward.go | 14 ++++++++++++-- 3 files changed, 14 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 506a719..27c8ad8 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ +ssh-bastion-* ssh-log-server data/* diff --git a/config.go b/config.go index dfcf90a..207454f 100755 --- a/config.go +++ b/config.go @@ -27,6 +27,7 @@ type SSHConfigGlobal struct { type SSHConfigServer struct { HostPubKeyFiles []string `yaml:"host_pubkeys"` ConnectPath string `yaml:"connect_path"` + LoginUser string `yaml:"login_user"` } type SSHConfigACL struct { diff --git a/forward.go b/forward.go index 2cef492..efaf811 100755 --- a/forward.go +++ b/forward.go @@ -26,6 +26,7 @@ func (s *SSHServer) SessionForward(startTime time.Time, sshConn *ssh.ServerConn, sshConn.Close() return } + defer sshConn.Close() sesschan := NewLogChannel(startTime, rawsesschan, sshConn.User()) @@ -53,6 +54,9 @@ func (s *SSHServer) SessionForward(startTime time.Time, sshConn *ssh.ServerConn, sesschan.LogRequest(req) if req.Type == "auth-agent-req@openssh.com" { agentForwarding = true + if req.WantReply { + req.Reply(true, []byte{}) + } continue } else if (req.Type == "pty-req") && (req.WantReply) { req.Reply(true, []byte{}) @@ -112,7 +116,8 @@ func (s *SSHServer) SessionForward(startTime time.Time, sshConn *ssh.ServerConn, WriteAuthLog("Connecting to remote for relay (%s) by %s from %s.", remote.ConnectPath, sshConn.User(), sshConn.RemoteAddr()) fmt.Fprintf(sesschan, "Connecting to %s\r\n", remote_name) - clientConfig := &ssh.ClientConfig{ + var clientConfig *ssh.ClientConfig + clientConfig = &ssh.ClientConfig{ User: sshConn.User(), Auth: []ssh.AuthMethod{ ssh.PasswordCallback(func() (secret string, err error) { @@ -121,7 +126,7 @@ func (s *SSHServer) SessionForward(startTime time.Time, sshConn *ssh.ServerConn, } else { //log.Printf("Prompting for password for remote...") t := terminal.NewTerminal(sesschan, "") - s, err := t.ReadPassword(fmt.Sprintf("%s@%s password: ", sshConn.User(), remote_name)) + s, err := t.ReadPassword(fmt.Sprintf("%s@%s password: ", clientConfig.User, remote_name)) //log.Printf("Got password for remote auth, err: %s", err) return s, err } @@ -151,6 +156,10 @@ func (s *SSHServer) SessionForward(startTime time.Time, sshConn *ssh.ServerConn, }, } + if len(remote.LoginUser) > 0 { + clientConfig.User = remote.LoginUser + } + // Set up the agent if agentForwarding { agentChan, agentReqs, err := sshConn.OpenChannel("auth-agent@openssh.com", nil) @@ -173,6 +182,7 @@ func (s *SSHServer) SessionForward(startTime time.Time, sshConn *ssh.ServerConn, sesschan.Close() return } + defer client.Close() log.Printf("Dialled Remote SSH Successfully...") // Forward the session channel