moul/sshportal
1
1
Fork 0
mirror of https://github.com/moul/sshportal.git synced 2025-09-13 08:04:41 +08:00
Code Issues Projects Releases Packages Wiki Activity

add audit feature.

Browse source
This commit is contained in:
Manuel 2018-01-02 16:31:34 +01:00
parent 7aace9109a
commit 12b0db07da
3 changed files with 26 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
main.go
View file

@ -68,6 +68,11 @@ func main() {
Name: "aes-key", Name: "aes-key",
Usage: "Encrypt sensitive data in database (length: 16, 24 or 32)", Usage: "Encrypt sensitive data in database (length: 16, 24 or 32)",
}, },
cli.StringFlag{
Name: "logs-location",
Value: "/var/log/sshportal",
Usage: "Store user session files",
},
}, },
}, { }, {
Name: "healthcheck", Name: "healthcheck",
@ -125,7 +130,7 @@ func server(c *cli.Context) error {
opts = append(opts, ssh.PublicKeyAuth(publicKeyAuthHandler(db, c))) opts = append(opts, ssh.PublicKeyAuth(publicKeyAuthHandler(db, c)))
opts = append(opts, ssh.PasswordAuth(passwordAuthHandler(db, c))) opts = append(opts, ssh.PasswordAuth(passwordAuthHandler(db, c)))
// retrieve sshportal SSH private key from databse // retrieve sshportal SSH private key from database
opts = append(opts, func(srv *ssh.Server) error { opts = append(opts, func(srv *ssh.Server) error {
var key SSHKey var key SSHKey
if err = SSHKeysByIdentifiers(db, []string{"host"}).First(&key).Error; err != nil { if err = SSHKeysByIdentifiers(db, []string{"host"}).First(&key).Error; err != nil {

24
pkg/bastionsession/bastionsession.go
View file

@ -3,13 +3,18 @@ package bastionsession
import ( import (
"errors" "errors"
"io" "io"
"strings"
"time"
"os"
"github.com/gliderlabs/ssh" "github.com/gliderlabs/ssh"
"github.com/sabban/sshportal/pkg/logchannel"
gossh "golang.org/x/crypto/ssh" gossh "golang.org/x/crypto/ssh"
) )
type Config struct { type Config struct {
Addr string Addr string
Logs string
ClientConfig *gossh.ClientConfig ClientConfig *gossh.ClientConfig
} }
@ -35,21 +40,28 @@ func ChannelHandler(srv *ssh.Server, conn *gossh.ServerConn, newChan gossh.NewCh
if err != nil { if err != nil {
return err return err
} }
user := conn.User()
// pipe everything // pipe everything
return pipe(lreqs, rreqs, lch, rch) return pipe(lreqs, rreqs, lch, rch, config.Logs, user)
} }
func pipe(lreqs, rreqs <-chan *gossh.Request, lch, rch gossh.Channel) error { func pipe(lreqs, rreqs <-chan *gossh.Request, lch, rch gossh.Channel, logs_location string, user string) error {
defer func() { defer func() {
_ = lch.Close() _ = lch.Close()
_ = rch.Close() _ = rch.Close()
}() }()
errch := make(chan error, 1) errch := make(chan error, 1)
file_name := strings.Join([]string{logs_location, "/", user, "-", time.Now().Format("RFC3339")}, "") // get user
f, err := os.OpenFile(file_name, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0640)
if err != nil {
errch <- errors.New("Opening session file" + file_name + "failed.")
}
defer f.Close()
wrappedlch := logchannel.New(lch, f)
go func() { go func() {
_, _ = io.Copy(lch, rch) _, _ = io.Copy(wrappedlch, rch)
errch <- errors.New("lch closed the connection") errch <- errors.New("lch closed the connection")
}() }()

2
ssh.go
View file

@ -96,6 +96,7 @@ func channelHandler(srv *ssh.Server, conn *gossh.ServerConn, newChan gossh.NewCh
} }
actx := ctx.Value(authContextKey).(*authContext) actx := ctx.Value(authContextKey).(*authContext)
logs_locations := ctx.Value("logs-location").(*authContext)
switch actx.userType() { switch actx.userType() {
case UserTypeBastion: case UserTypeBastion:
@ -129,6 +130,7 @@ func channelHandler(srv *ssh.Server, conn *gossh.ServerConn, newChan gossh.NewCh
err = bastionsession.ChannelHandler(srv, conn, newChan, ctx, bastionsession.Config{ err = bastionsession.ChannelHandler(srv, conn, newChan, ctx, bastionsession.Config{
Addr: host.Addr, Addr: host.Addr,
Logs: logs_location,
ClientConfig: clientConfig, ClientConfig: clientConfig,
}) })