moul/sshportal
1
1
Fork 0
mirror of https://github.com/moul/sshportal.git synced 2024-11-10 09:12:49 +08:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #309 from Gurkengewuerz/dev/failed-auth-log

Browse source
This commit is contained in:
Manfred Touron 2022-01-20 16:27:24 +01:00 committed by GitHub
commit d05a6cd3bf
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 16 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
pkg/bastion/ssh.go
View file

@ -89,6 +89,22 @@ func ChannelHandler(srv *ssh.Server, conn *gossh.ServerConn, newChan gossh.NewCh
actx := ctx.Value(authContextKey).(*authContext)
if actx.user.ID == 0 && actx.userType() != userTypeHealthcheck {
ip, err := net.ResolveTCPAddr(conn.RemoteAddr().Network(), conn.RemoteAddr().String())
if err == nil {
log.Printf("Auth failed: sshUser=%q remote=%q", conn.User(), ip.IP.String())
actx.err = errors.New("access denied")
ch, _, err2 := newChan.Accept()
if err2 != nil {
return
}
fmt.Fprintf(ch, "error: %v\n", actx.err)
_ = ch.Close()
return
}
}
switch actx.userType() {
case userTypeBastion:
log.Printf("New connection(bastion): sshUser=%q remote=%q local=%q dbUser=id:%d,email:%s", conn.User(), conn.RemoteAddr(), conn.LocalAddr(), actx.user.ID, actx.user.Email)