auth

package
v0.3.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 19, 2025 License: BSD-2-Clause, BSD-3-Clause, MIT Imports: 18 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	MaxTargetLine = 1024
	MaxPubKeyLine = 32768
)
View Source 
const MaxPasswordLine = 32768

Variables

View Source 
var (
	HostKeyAlgorithms = []string{
		ssh.KeyAlgoRSA,
		ssh.KeyAlgoDSA,
		ssh.KeyAlgoECDSA256,
		ssh.KeyAlgoSKECDSA256,
		ssh.KeyAlgoECDSA384,
		ssh.KeyAlgoECDSA521,
		ssh.KeyAlgoED25519,
		ssh.KeyAlgoSKED25519,
		ssh.CertAlgoRSAv01,
		ssh.CertAlgoDSAv01,
		ssh.CertAlgoECDSA256v01,
		ssh.CertAlgoECDSA384v01,
		ssh.CertAlgoECDSA521v01,
		ssh.CertAlgoSKECDSA256v01,
		ssh.CertAlgoED25519v01,
		ssh.CertAlgoSKED25519v01,
		ssh.KeyAlgoRSASHA256,
		ssh.KeyAlgoRSASHA512,
	}

	HostKeyAlgorithmsRSA = []string{
		ssh.KeyAlgoRSA,
		ssh.CertAlgoRSAv01,
		ssh.KeyAlgoRSASHA256,
		ssh.KeyAlgoRSASHA512,
	}

	HostKeyAlgorithmsDSA = []string{
		ssh.KeyAlgoDSA,
		ssh.CertAlgoDSAv01,
	}

	HostKeyAlgorithmsECDSA = []string{
		ssh.KeyAlgoECDSA256,
		ssh.KeyAlgoSKECDSA256,
		ssh.KeyAlgoECDSA384,
		ssh.KeyAlgoECDSA521,
		ssh.CertAlgoECDSA256v01,
		ssh.CertAlgoECDSA384v01,
		ssh.CertAlgoECDSA521v01,
		ssh.CertAlgoSKECDSA256v01,
	}

	HostKeyAlgorithmsED25519 = []string{
		ssh.KeyAlgoED25519,
		ssh.KeyAlgoSKED25519,
		ssh.CertAlgoED25519v01,
		ssh.CertAlgoSKED25519v01,
	}

	HostKeyTypeMap = map[string][]string{
		"rsa":     HostKeyAlgorithmsRSA,
		"dsa":     HostKeyAlgorithmsDSA,
		"ecdsa":   HostKeyAlgorithmsECDSA,
		"ed25519": HostKeyAlgorithmsED25519,
	}

	KeyExchanges = []string{
		"curve25519-sha256",
		"[email protected]",
		"diffie-hellman-group-exchange-sha256",
		"ecdh-sha2-nistp256",
		"ecdh-sha2-nistp384",
		"ecdh-sha2-nistp521",
		"diffie-hellman-group14-sha256",
		"diffie-hellman-group16-sha512",
		"diffie-hellman-group14-sha1",
		"diffie-hellman-group1-sha1",
		"diffie-hellman-group-exchange-sha256",
		"diffie-hellman-group-exchange-sha1",
	}

	KexMACs = []string{
		"[email protected]",
		"[email protected]",
		"hmac-sha2-256",
		"hmac-sha2-512",
		"hmac-sha1",
		"hmac-sha1-96",
	}

	KexCiphers = []string{
		"[email protected]", "[email protected]",
		"[email protected]",
		"aes128-ctr", "aes192-ctr", "aes256-ctr",
		"arcfour256", "arcfour128", "arcfour",
		"aes128-cbc",
		"3des-cbc",
	}
)
View Source 
var ErrHalfAuth = errors.New("half-auth")

Functions

func CleanSessionOutput 

func CleanSessionOutput(inp []byte) string

func CloseAfterTimeout 

func CloseAfterTimeout(ctx context.Context, d time.Duration, addr string, c ...SSHCloser)

func PubKeyToString 

func PubKeyToString(pub ssh.PublicKey) string

func ReverseString 

func ReverseString(s string) string

func SanitizeBytes 

func SanitizeBytes(s []byte) []byte

SanitizeBytes scrubs a given byte array of invalid UTF8 and nulls

func ScrapeExec added in v0.2.0 

func ScrapeExec(options *Options, prefix string, res *AuthResult, ses *ssh.Session, cmd string) error

func ScrapeSession 

func ScrapeSession(options *Options, prefix string, res *AuthResult, ses *ssh.Session) error

Types

type AuthHandler 

type AuthHandler func(*ssh.UnauthClientConn, map[string][]byte, *AuthResult) error

func SSHAuthHandlerSingle 

func SSHAuthHandlerSingle(authMethod ssh.AuthMethod) AuthHandler

type AuthResult 

type AuthResult struct {
	Host                          string             `json:"host,omitempty"`
	Port                          int                `json:"port,omitempty"`
	User                          string             `json:"user,omitempty"`
	TS                            int64              `json:"ts,omitempty"`
	Banner                        string             `json:"banner,omitempty"`
	HostKeys                      map[string]string  `json:"hostkeys,omitempty"`
	Version                       string             `json:"version,omitempty"`
	KexInit                       *ssh.ExpKexInitMsg `json:"kex,omitempty"`
	Methods                       []string           `json:"methods,omitempty"`
	Error                         string             `json:"authNoneError,omitempty"`
	Stage                         string             `json:"authNoneStage,omitempty"`
	Result                        string             `json:"authNoneResult,omitempty"`
	Extensions                    map[string]string  `json:"extensions,omitempty"`
	Elapsed                       time.Duration      `json:"elapsed,omitempty"`
	ExitStatus                    string             `json:"sessionExitStatus,omitempty"`
	SessionOutput                 string             `json:"sessionOutput,omitempty"`
	SessionMethod                 string             `json:"sessionMethod,omitempty"`
	SessionSecret                 string             `json:"sessionSecret,omitempty"`
	PubKeyHalfAuthLimit           int                `json:"pubKeyHalfAuthLimit,omitempty"`
	PubKeyHuntResults             []string           `json:"pubKeyHuntResults,omitempty"`
	KeyboardChallengeName         string             `json:"kbdName,omitempty"`
	KeyboardChallengeInstructions string             `json:"kbdInstructions,omitempty"`
	KeyboardChallengeQuestions    string             `json:"kbdQuestions,omitempty"`
	Vulns                         []VulnResult       `json:"vulns,omitempty"`
	Unreachable                   bool               `json:"unreachable,omitempty"`

	PubKeyAnyHalfKey ssh.Signer     `json:"-"`
	PubKeyAnyFullKey ssh.Signer     `json:"-"`
	SessionAuth      ssh.AuthMethod `json:"-"`
	CachedChecks     map[string]any `json:"-"`
}

func NewAuthResult 

func NewAuthResult() *AuthResult

func SSHAuth 

func SSHAuth(addr string, options *Options, AuthHandler AuthHandler) *AuthResult

func SSHAuthNone 

func SSHAuthNone(addr string, options *Options) *AuthResult

func (*AuthResult) AddVuln 

func (r *AuthResult) AddVuln(v VulnResult)

func (*AuthResult) SupportsAuth 

func (r *AuthResult) SupportsAuth(t string) bool

func (*AuthResult) SupportsHostKey 

func (r *AuthResult) SupportsHostKey(t string) bool

func (*AuthResult) SupportsPubKeyType 

func (r *AuthResult) SupportsPubKeyType(t string) bool

type HalfSigner 

type HalfSigner struct {
	PubKey   ssh.PublicKey
	SignData []byte
	Accepted bool
}

func HalfSignerFromPubkey 

func HalfSignerFromPubkey(pub ssh.PublicKey) *HalfSigner

func (*HalfSigner) PublicKey 

func (s *HalfSigner) PublicKey() ssh.PublicKey

func (*HalfSigner) Sign 

func (s *HalfSigner) Sign(rand io.Reader, data []byte) (*ssh.Signature, error)

type HalfSignerBogus 

type HalfSignerBogus struct {
	PubKey   ssh.PublicKey
	Accepted bool
	Format   string
	Blob     []byte
	PriKey   *rsa.PrivateKey
}

func HalfSignerBogusFromPubkey 

func HalfSignerBogusFromPubkey(pub ssh.PublicKey) *HalfSignerBogus

func (*HalfSignerBogus) PublicKey 

func (s *HalfSignerBogus) PublicKey() ssh.PublicKey

func (*HalfSignerBogus) Sign 

func (s *HalfSignerBogus) Sign(rand io.Reader, data []byte) (*ssh.Signature, error)

type Options 

type Options struct {
	Host            string
	Port            int
	Timeout         time.Duration
	Usernames       string
	Username        string
	StopStage       string
	HostKeyAlgs     []string
	IgnoreAuthError bool
	PrivateKey      ssh.Signer
	Retries         uint
	ClientVersion   string
	Logger          *logrus.Logger
	SessionPoke     string
	// contains filtered or unexported fields
}

func (*Options) SkipStage 

func (o *Options) SkipStage(stage string) bool

func (*Options) WithClientVersion 

func (o *Options) WithClientVersion(v string) *Options

func (*Options) WithHostKeyAlgs 

func (o *Options) WithHostKeyAlgs(algs []string) *Options

func (*Options) WithIgnoreAuthError 

func (o *Options) WithIgnoreAuthError() *Options

func (*Options) WithIgnoreChannelOpenReply added in v0.2.0 

func (o *Options) WithIgnoreChannelOpenReply(v bool) *Options

func (*Options) WithPostAuthHandler 

func (o *Options) WithPostAuthHandler(handler PostAuthHandler) *Options

func (*Options) WithPrivateKey 

func (o *Options) WithPrivateKey(key ssh.Signer) *Options

func (*Options) WithRetries 

func (o *Options) WithRetries(limit uint) *Options

func (*Options) WithSessionHandler 

func (o *Options) WithSessionHandler(handler SessionHandler) *Options

func (*Options) WithSessionPoke 

func (o *Options) WithSessionPoke(v string) *Options

func (*Options) WithSkipStages 

func (o *Options) WithSkipStages(stages ...string) *Options

func (*Options) WithStopStage 

func (o *Options) WithStopStage(stage string) *Options

func (*Options) WithTimeout 

func (o *Options) WithTimeout(d time.Duration) *Options

func (*Options) WithUsername 

func (o *Options) WithUsername(u string) *Options

type PasswordFile 

type PasswordFile struct {
	// contains filtered or unexported fields
}

func NewPasswordFile 

func NewPasswordFile(path string, logr *logrus.Logger) *PasswordFile

func (*PasswordFile) Close 

func (f *PasswordFile) Close()

func (*PasswordFile) Open 

func (f *PasswordFile) Open() error

func (*PasswordFile) Read 

func (f *PasswordFile) Read(cnt int) ([]string, error)

type PostAuthHandler 

type PostAuthHandler func(net.Conn, *ssh.UnauthClientConn, *AuthResult) error

type PubKeyEnt 

type PubKeyEnt struct {
	Algo     string
	Key      string
	PubKey   ssh.PublicKey
	Comments string
}

type PubKeyFile 

type PubKeyFile struct {
	// contains filtered or unexported fields
}

func NewPubKeyFile 

func NewPubKeyFile(path string, logr *logrus.Logger) *PubKeyFile

func (*PubKeyFile) Close 

func (f *PubKeyFile) Close()

func (*PubKeyFile) Open 

func (f *PubKeyFile) Open() error

func (*PubKeyFile) Read 

func (f *PubKeyFile) Read(cnt int) ([]*PubKeyEnt, error)

type SSHCloser 

type SSHCloser interface {
	Close() error
}

type SessionHandler 

type SessionHandler func(net.Conn, *ssh.Client, *ssh.Session, *AuthResult) error

type SyncByteBuffer 

type SyncByteBuffer struct {
	// contains filtered or unexported fields
}

SyncByteBuffer is a mutex-protected bytes.Buffer used to avoid data races with SSH stdout/stderr output.

func NewSyncByteBuffer 

func NewSyncByteBuffer(limit uint64) *SyncByteBuffer

func (*SyncByteBuffer) Dump 

func (b *SyncByteBuffer) Dump() []byte

func (*SyncByteBuffer) Peek 

func (b *SyncByteBuffer) Peek() []byte

func (*SyncByteBuffer) Write 

func (b *SyncByteBuffer) Write(data []byte) (int, error)

type VulnResult 

type VulnResult struct {
	ID    string `json:"id,omitempty"`
	Proof string `json:"proof,omitempty"`
	Ref   string `json:"ref,omitempty"`
	URL   string `json:"url,omitempty"`
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.