enable auth agent forward on server

4 years ago · 960458f0d7
parent 1cb9f751c1
commit 960458f0d7
4 changed files with 69 additions and 17 deletions
--- a/console_unix.go
+++ b/console_unix.go
@ -9,6 +9,7 @@ import (
 	"os/signal"
 	"os/user"
 	"strconv"
 	"strings"
 	"syscall"
 	"github.com/containerd/console"
@ -109,13 +110,29 @@ func setUserEnv(_cmd *exec.Cmd, u *user.User, attr *syscall.SysProcAttr) {
 	}
 	_uid, _ := strconv.ParseUint(u.Uid, 10, 32)
 	_gid, _ := strconv.ParseUint(u.Gid, 10, 32)
 	_cmd.Env = append(_cmd.Env, fmt.Sprintf("HOME=%s", u.HomeDir))
 	_cmd.Env = append(_cmd.Env, fmt.Sprintf("LOGNAME=%s", u.Name))
 	_cmd.Dir = u.HomeDir
 	if os.Getuid() != 0 {
 		return
 	}
 	if attr.Credential == nil {
 		attr.Credential = &syscall.Credential{}
 	}
 	attr.Credential.Uid = uint32(_uid)
 	attr.Credential.Gid = uint32(_gid)
 	for _, _env := range _cmd.Env {
 		ss := strings.Split(_env, "=")
 		if ss[0] == "SSH_AUTH_SOCK" {
 			os.Chown(ss[1], int(_uid), int(_gid))
 		}
 		if ss[0] == "SSH_TTY" {
 			os.Chown(ss[1], int(_uid), 0)
 		}
 	}
 	_cmd.Env = append(_cmd.Env, fmt.Sprintf("HOME=%s", u.HomeDir))
 	_cmd.Env = append(_cmd.Env, fmt.Sprintf("LOGNAME=%s", u.Name))
 	_cmd.Dir = u.HomeDir
 }
--- a/obfscp/scp.go
+++ b/obfscp/scp.go
@ -102,13 +102,7 @@ func createSFTPConn(host, user string, cfg *options) (*sftp.Client, error) {
 	if cfg.Passwd == "" && cfg.PrivateKey == "" {
 		var pkeys []ssh.Signer
 		if aconn, err := net.Dial("unix", os.Getenv("SSH_AUTH_SOCK")); err == nil {
-			//auths = append(auths, ssh.PublicKeysCallback(agent.NewClient(aconn).Signers))
+			auths = append(auths, ssh.PublicKeysCallback(agent.NewClient(aconn).Signers))
 			if signers, err := agent.NewClient(aconn).Signers(); err == nil {
 				log.Debugf("add private key from agent")
 				pkeys = append(pkeys, signers...)
 			} else {
 				log.Debugf("get key from agent failed: %s", err)
 			}
 		} else {
 			log.Debugf("dial to agent failed: %s", err)
 		}
--- a/obfssh/ssh.go
+++ b/obfssh/ssh.go
@ -117,13 +117,7 @@ func main() {
 			defer agentConn.Close()
 			log.Debugf("add auth method with agent %s", os.Getenv("SSH_AUTH_SOCK"))
 			agentClient = agent.NewClient(agentConn)
-			//auth = append(auth, ssh.PublicKeysCallback(agentClient.Signers))
+			auth = append(auth, ssh.PublicKeysCallback(agentClient.Signers))
 			signers, err := agentClient.Signers()
 			if err == nil {
 				pkeys = append(pkeys, signers...)
 			} else {
 				log.Debugf("get key from agent failed: %s", err)
 			}
 		} else {
 			log.Debugf("connect to agent failed")
 		}
--- a/server.go
+++ b/server.go
@ -4,6 +4,7 @@ import (
 	"encoding/binary"
 	"fmt"
 	"io"
 	"io/ioutil"
 	"net"
 	"os"
 	"os/exec"
@ -322,6 +323,50 @@ func (s *session) handleWindowChange(payload []byte) bool {
 	return true
 }
 func (sc *Server) handleAuthAgentForward(sess *session) bool {
 	f, err := ioutil.TempFile("", "agent-")
 	if err != nil {
 		log.Errorln(err)
 		return false
 	}
 	p := f.Name()
 	f.Close()
 	os.Remove(p)
 	l, err := net.Listen("unix", p)
 	if err != nil {
 		log.Errorln(err)
 		return false
 	}
 	sess.env = append(sess.env, fmt.Sprintf("SSH_AUTH_SOCK=%s", p))
 	sc.forwardedPorts[p] = l
 	go func() {
 		defer os.Remove(p)
 		for {
 			c, err := l.Accept()
 			if err != nil {
 				log.Errorln(err)
 				break
 			}
 			go func(c net.Conn) {
 				ch, req, err := sc.sshConn.OpenChannel("auth-agent@openssh.com", nil)
 				if err != nil {
 					c.Close()
 					log.Errorln(err)
 					return
 				}
 				go ssh.DiscardRequests(req)
 				PipeAndClose(ch, c)
 			}(c)
 		}
 	}()
 	return true
 }
 func (sc *Server) handleSession(newch ssh.NewChannel) {
 	ch, req, err := newch.Accept()
 	if err != nil {
@ -346,6 +391,8 @@ func (sc *Server) handleSession(newch ssh.NewChannel) {
 			ret = sess.handleEnv(r.Payload)
 		case "window-change":
 			ret = sess.handleWindowChange(r.Payload)
 		case "auth-agent-req@openssh.com":
 			ret = sc.handleAuthAgentForward(sess)
 		case "signal":
 			log.Debugln("got signal")
 			ret = true