SSH Server Util

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37

var allowedUser = map[string][]string{
	"simbafs": {
		"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHcLVJDmYggMFXJ3CqMOSMnBkkDX1982cdd3rmRqfpMC simba@simba-nb",
	},
}

func CompareKey(key ssh.PublicKey, pubKeyStr string) bool {
	// compare two keys
	pubKey, _, _, _, err := ssh.ParseAuthorizedKey([]byte(pubKeyStr))
	if err != nil {
		return false
	}

	return ssh.FingerprintSHA256(key) == ssh.FingerprintSHA256(pubKey)
}

sshConf := &ssh.ServerConfig{
	NoClientAuth: false,
	PublicKeyCallback: func(conn ssh.ConnMetadata, key ssh.PublicKey) (*ssh.Permissions, error) {
		// find if the public key is in the allowed list
		for user, keys := range allowedUser {
			for _, pubKey := range keys {
				if CompareKey(key, pubKey) {
					log.Printf("User %q authenticated with key %s\n", user, ssh.FingerprintSHA256(key))

					return &ssh.Permissions{
						Extensions: map[string]string{
							"user":  user,
							"pk-fp": ssh.FingerprintSHA256(key),
						},
					}, nil
				}
			}
		}
		return nil, fmt.Errorf("unknown public key for %q", conn.User())
	},
}

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23

func ParsePayload(payload []byte) []string {
	result := []string{}
	var index uint32 = 0

	min := func(a uint32, b uint32) uint32 {
		if a < b {
			return a
		}
		return b
	}

	for index < uint32(len(payload)) {
		var length uint32
		length = min(
			uint32(payload[index])<<24|uint32(payload[index+1])<<16|uint32(payload[index+2])<<8|uint32(payload[index+3]),
			uint32(len(payload))-index-4,
		)
		result = append(result, string(payload[index+4:index+4+length]))
		index += 4 + length
	}

	return result
}