summaryrefslogtreecommitdiffstats
path: root/vendor/golang.org/x/crypto/ssh
diff options
context:
space:
mode:
Diffstat (limited to 'vendor/golang.org/x/crypto/ssh')
-rw-r--r--vendor/golang.org/x/crypto/ssh/LICENSE27
-rw-r--r--vendor/golang.org/x/crypto/ssh/agent/client.go683
-rw-r--r--vendor/golang.org/x/crypto/ssh/agent/forward.go103
-rw-r--r--vendor/golang.org/x/crypto/ssh/agent/keyring.go215
-rw-r--r--vendor/golang.org/x/crypto/ssh/agent/server.go523
-rw-r--r--vendor/golang.org/x/crypto/ssh/certs.go6
-rw-r--r--vendor/golang.org/x/crypto/ssh/cipher.go240
-rw-r--r--vendor/golang.org/x/crypto/ssh/client_auth.go95
-rw-r--r--vendor/golang.org/x/crypto/ssh/common.go16
-rw-r--r--vendor/golang.org/x/crypto/ssh/keys.go3
-rw-r--r--vendor/golang.org/x/crypto/ssh/knownhosts/knownhosts.go546
-rw-r--r--vendor/golang.org/x/crypto/ssh/server.go23
-rw-r--r--vendor/golang.org/x/crypto/ssh/terminal/util_windows.go10
-rw-r--r--vendor/golang.org/x/crypto/ssh/test/doc.go7
-rw-r--r--vendor/golang.org/x/crypto/ssh/transport.go56
15 files changed, 308 insertions, 2245 deletions
diff --git a/vendor/golang.org/x/crypto/ssh/LICENSE b/vendor/golang.org/x/crypto/ssh/LICENSE
deleted file mode 100644
index 6a66aea5..00000000
--- a/vendor/golang.org/x/crypto/ssh/LICENSE
+++ /dev/null
@@ -1,27 +0,0 @@
-Copyright (c) 2009 The Go Authors. All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions are
-met:
-
- * Redistributions of source code must retain the above copyright
-notice, this list of conditions and the following disclaimer.
- * Redistributions in binary form must reproduce the above
-copyright notice, this list of conditions and the following disclaimer
-in the documentation and/or other materials provided with the
-distribution.
- * Neither the name of Google Inc. nor the names of its
-contributors may be used to endorse or promote products derived from
-this software without specific prior written permission.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/vendor/golang.org/x/crypto/ssh/agent/client.go b/vendor/golang.org/x/crypto/ssh/agent/client.go
deleted file mode 100644
index acb5ad80..00000000
--- a/vendor/golang.org/x/crypto/ssh/agent/client.go
+++ /dev/null
@@ -1,683 +0,0 @@
-// Copyright 2012 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// Package agent implements the ssh-agent protocol, and provides both
-// a client and a server. The client can talk to a standard ssh-agent
-// that uses UNIX sockets, and one could implement an alternative
-// ssh-agent process using the sample server.
-//
-// References:
-// [PROTOCOL.agent]: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/PROTOCOL.agent?rev=HEAD
-package agent // import "golang.org/x/crypto/ssh/agent"
-
-import (
- "bytes"
- "crypto/dsa"
- "crypto/ecdsa"
- "crypto/elliptic"
- "crypto/rsa"
- "encoding/base64"
- "encoding/binary"
- "errors"
- "fmt"
- "io"
- "math/big"
- "sync"
-
- "golang.org/x/crypto/ed25519"
- "golang.org/x/crypto/ssh"
-)
-
-// Agent represents the capabilities of an ssh-agent.
-type Agent interface {
- // List returns the identities known to the agent.
- List() ([]*Key, error)
-
- // Sign has the agent sign the data using a protocol 2 key as defined
- // in [PROTOCOL.agent] section 2.6.2.
- Sign(key ssh.PublicKey, data []byte) (*ssh.Signature, error)
-
- // Add adds a private key to the agent.
- Add(key AddedKey) error
-
- // Remove removes all identities with the given public key.
- Remove(key ssh.PublicKey) error
-
- // RemoveAll removes all identities.
- RemoveAll() error
-
- // Lock locks the agent. Sign and Remove will fail, and List will empty an empty list.
- Lock(passphrase []byte) error
-
- // Unlock undoes the effect of Lock
- Unlock(passphrase []byte) error
-
- // Signers returns signers for all the known keys.
- Signers() ([]ssh.Signer, error)
-}
-
-// ConstraintExtension describes an optional constraint defined by users.
-type ConstraintExtension struct {
- // ExtensionName consist of a UTF-8 string suffixed by the
- // implementation domain following the naming scheme defined
- // in Section 4.2 of [RFC4251], e.g. "foo@example.com".
- ExtensionName string
- // ExtensionDetails contains the actual content of the extended
- // constraint.
- ExtensionDetails []byte
-}
-
-// AddedKey describes an SSH key to be added to an Agent.
-type AddedKey struct {
- // PrivateKey must be a *rsa.PrivateKey, *dsa.PrivateKey or
- // *ecdsa.PrivateKey, which will be inserted into the agent.
- PrivateKey interface{}
- // Certificate, if not nil, is communicated to the agent and will be
- // stored with the key.
- Certificate *ssh.Certificate
- // Comment is an optional, free-form string.
- Comment string
- // LifetimeSecs, if not zero, is the number of seconds that the
- // agent will store the key for.
- LifetimeSecs uint32
- // ConfirmBeforeUse, if true, requests that the agent confirm with the
- // user before each use of this key.
- ConfirmBeforeUse bool
- // ConstraintExtensions are the experimental or private-use constraints
- // defined by users.
- ConstraintExtensions []ConstraintExtension
-}
-
-// See [PROTOCOL.agent], section 3.
-const (
- agentRequestV1Identities = 1
- agentRemoveAllV1Identities = 9
-
- // 3.2 Requests from client to agent for protocol 2 key operations
- agentAddIdentity = 17
- agentRemoveIdentity = 18
- agentRemoveAllIdentities = 19
- agentAddIDConstrained = 25
-
- // 3.3 Key-type independent requests from client to agent
- agentAddSmartcardKey = 20
- agentRemoveSmartcardKey = 21
- agentLock = 22
- agentUnlock = 23
- agentAddSmartcardKeyConstrained = 26
-
- // 3.7 Key constraint identifiers
- agentConstrainLifetime = 1
- agentConstrainConfirm = 2
- agentConstrainExtension = 3
-)
-
-// maxAgentResponseBytes is the maximum agent reply size that is accepted. This
-// is a sanity check, not a limit in the spec.
-const maxAgentResponseBytes = 16 << 20
-
-// Agent messages:
-// These structures mirror the wire format of the corresponding ssh agent
-// messages found in [PROTOCOL.agent].
-
-// 3.4 Generic replies from agent to client
-const agentFailure = 5
-
-type failureAgentMsg struct{}
-
-const agentSuccess = 6
-
-type successAgentMsg struct{}
-
-// See [PROTOCOL.agent], section 2.5.2.
-const agentRequestIdentities = 11
-
-type requestIdentitiesAgentMsg struct{}
-
-// See [PROTOCOL.agent], section 2.5.2.
-const agentIdentitiesAnswer = 12
-
-type identitiesAnswerAgentMsg struct {
- NumKeys uint32 `sshtype:"12"`
- Keys []byte `ssh:"rest"`
-}
-
-// See [PROTOCOL.agent], section 2.6.2.
-const agentSignRequest = 13
-
-type signRequestAgentMsg struct {
- KeyBlob []byte `sshtype:"13"`
- Data []byte
- Flags uint32
-}
-
-// See [PROTOCOL.agent], section 2.6.2.
-
-// 3.6 Replies from agent to client for protocol 2 key operations
-const agentSignResponse = 14
-
-type signResponseAgentMsg struct {
- SigBlob []byte `sshtype:"14"`
-}
-
-type publicKey struct {
- Format string
- Rest []byte `ssh:"rest"`
-}
-
-// 3.7 Key constraint identifiers
-type constrainLifetimeAgentMsg struct {
- LifetimeSecs uint32 `sshtype:"1"`
-}
-
-type constrainExtensionAgentMsg struct {
- ExtensionName string `sshtype:"3"`
- ExtensionDetails []byte
-
- // Rest is a field used for parsing, not part of message
- Rest []byte `ssh:"rest"`
-}
-
-// Key represents a protocol 2 public key as defined in
-// [PROTOCOL.agent], section 2.5.2.
-type Key struct {
- Format string
- Blob []byte
- Comment string
-}
-
-func clientErr(err error) error {
- return fmt.Errorf("agent: client error: %v", err)
-}
-
-// String returns the storage form of an agent key with the format, base64
-// encoded serialized key, and the comment if it is not empty.
-func (k *Key) String() string {
- s := string(k.Format) + " " + base64.StdEncoding.EncodeToString(k.Blob)
-
- if k.Comment != "" {
- s += " " + k.Comment
- }
-
- return s
-}
-
-// Type returns the public key type.
-func (k *Key) Type() string {
- return k.Format
-}
-
-// Marshal returns key blob to satisfy the ssh.PublicKey interface.
-func (k *Key) Marshal() []byte {
- return k.Blob
-}
-
-// Verify satisfies the ssh.PublicKey interface.
-func (k *Key) Verify(data []byte, sig *ssh.Signature) error {
- pubKey, err := ssh.ParsePublicKey(k.Blob)
- if err != nil {
- return fmt.Errorf("agent: bad public key: %v", err)
- }
- return pubKey.Verify(data, sig)
-}
-
-type wireKey struct {
- Format string
- Rest []byte `ssh:"rest"`
-}
-
-func parseKey(in []byte) (out *Key, rest []byte, err error) {
- var record struct {
- Blob []byte
- Comment string
- Rest []byte `ssh:"rest"`
- }
-
- if err := ssh.Unmarshal(in, &record); err != nil {
- return nil, nil, err
- }
-
- var wk wireKey
- if err := ssh.Unmarshal(record.Blob, &wk); err != nil {
- return nil, nil, err
- }
-
- return &Key{
- Format: wk.Format,
- Blob: record.Blob,
- Comment: record.Comment,
- }, record.Rest, nil
-}
-
-// client is a client for an ssh-agent process.
-type client struct {
- // conn is typically a *net.UnixConn
- conn io.ReadWriter
- // mu is used to prevent concurrent access to the agent
- mu sync.Mutex
-}
-
-// NewClient returns an Agent that talks to an ssh-agent process over
-// the given connection.
-func NewClient(rw io.ReadWriter) Agent {
- return &client{conn: rw}
-}
-
-// call sends an RPC to the agent. On success, the reply is
-// unmarshaled into reply and replyType is set to the first byte of
-// the reply, which contains the type of the message.
-func (c *client) call(req []byte) (reply interface{}, err error) {
- c.mu.Lock()
- defer c.mu.Unlock()
-
- msg := make([]byte, 4+len(req))
- binary.BigEndian.PutUint32(msg, uint32(len(req)))
- copy(msg[4:], req)
- if _, err = c.conn.Write(msg); err != nil {
- return nil, clientErr(err)
- }
-
- var respSizeBuf [4]byte
- if _, err = io.ReadFull(c.conn, respSizeBuf[:]); err != nil {
- return nil, clientErr(err)
- }
- respSize := binary.BigEndian.Uint32(respSizeBuf[:])
- if respSize > maxAgentResponseBytes {
- return nil, clientErr(err)
- }
-
- buf := make([]byte, respSize)
- if _, err = io.ReadFull(c.conn, buf); err != nil {
- return nil, clientErr(err)
- }
- reply, err = unmarshal(buf)
- if err != nil {
- return nil, clientErr(err)
- }
- return reply, err
-}
-
-func (c *client) simpleCall(req []byte) error {
- resp, err := c.call(req)
- if err != nil {
- return err
- }
- if _, ok := resp.(*successAgentMsg); ok {
- return nil
- }
- return errors.New("agent: failure")
-}
-
-func (c *client) RemoveAll() error {
- return c.simpleCall([]byte{agentRemoveAllIdentities})
-}
-
-func (c *client) Remove(key ssh.PublicKey) error {
- req := ssh.Marshal(&agentRemoveIdentityMsg{
- KeyBlob: key.Marshal(),
- })
- return c.simpleCall(req)
-}
-
-func (c *client) Lock(passphrase []byte) error {
- req := ssh.Marshal(&agentLockMsg{
- Passphrase: passphrase,
- })
- return c.simpleCall(req)
-}
-
-func (c *client) Unlock(passphrase []byte) error {
- req := ssh.Marshal(&agentUnlockMsg{
- Passphrase: passphrase,
- })
- return c.simpleCall(req)
-}
-
-// List returns the identities known to the agent.
-func (c *client) List() ([]*Key, error) {
- // see [PROTOCOL.agent] section 2.5.2.
- req := []byte{agentRequestIdentities}
-
- msg, err := c.call(req)
- if err != nil {
- return nil, err
- }
-
- switch msg := msg.(type) {
- case *identitiesAnswerAgentMsg:
- if msg.NumKeys > maxAgentResponseBytes/8 {
- return nil, errors.New("agent: too many keys in agent reply")
- }
- keys := make([]*Key, msg.NumKeys)
- data := msg.Keys
- for i := uint32(0); i < msg.NumKeys; i++ {
- var key *Key
- var err error
- if key, data, err = parseKey(data); err != nil {
- return nil, err
- }
- keys[i] = key
- }
- return keys, nil
- case *failureAgentMsg:
- return nil, errors.New("agent: failed to list keys")
- }
- panic("unreachable")
-}
-
-// Sign has the agent sign the data using a protocol 2 key as defined
-// in [PROTOCOL.agent] section 2.6.2.
-func (c *client) Sign(key ssh.PublicKey, data []byte) (*ssh.Signature, error) {
- req := ssh.Marshal(signRequestAgentMsg{
- KeyBlob: key.Marshal(),
- Data: data,
- })
-
- msg, err := c.call(req)
- if err != nil {
- return nil, err
- }
-
- switch msg := msg.(type) {
- case *signResponseAgentMsg:
- var sig ssh.Signature
- if err := ssh.Unmarshal(msg.SigBlob, &sig); err != nil {
- return nil, err
- }
-
- return &sig, nil
- case *failureAgentMsg:
- return nil, errors.New("agent: failed to sign challenge")
- }
- panic("unreachable")
-}
-
-// unmarshal parses an agent message in packet, returning the parsed
-// form and the message type of packet.
-func unmarshal(packet []byte) (interface{}, error) {
- if len(packet) < 1 {
- return nil, errors.New("agent: empty packet")
- }
- var msg interface{}
- switch packet[0] {
- case agentFailure:
- return new(failureAgentMsg), nil
- case agentSuccess:
- return new(successAgentMsg), nil
- case agentIdentitiesAnswer:
- msg = new(identitiesAnswerAgentMsg)
- case agentSignResponse:
- msg = new(signResponseAgentMsg)
- case agentV1IdentitiesAnswer:
- msg = new(agentV1IdentityMsg)
- default:
- return nil, fmt.Errorf("agent: unknown type tag %d", packet[0])
- }
- if err := ssh.Unmarshal(packet, msg); err != nil {
- return nil, err
- }
- return msg, nil
-}
-
-type rsaKeyMsg struct {
- Type string `sshtype:"17|25"`
- N *big.Int
- E *big.Int
- D *big.Int
- Iqmp *big.Int // IQMP = Inverse Q Mod P
- P *big.Int
- Q *big.Int
- Comments string
- Constraints []byte `ssh:"rest"`
-}
-
-type dsaKeyMsg struct {
- Type string `sshtype:"17|25"`
- P *big.Int
- Q *big.Int
- G *big.Int
- Y *big.Int
- X *big.Int
- Comments string
- Constraints []byte `ssh:"rest"`
-}
-
-type ecdsaKeyMsg struct {
- Type string `sshtype:"17|25"`
- Curve string
- KeyBytes []byte
- D *big.Int
- Comments string
- Constraints []byte `ssh:"rest"`
-}
-
-type ed25519KeyMsg struct {
- Type string `sshtype:"17|25"`
- Pub []byte
- Priv []byte
- Comments string
- Constraints []byte `ssh:"rest"`
-}
-
-// Insert adds a private key to the agent.
-func (c *client) insertKey(s interface{}, comment string, constraints []byte) error {
- var req []byte
- switch k := s.(type) {
- case *rsa.PrivateKey:
- if len(k.Primes) != 2 {
- return fmt.Errorf("agent: unsupported RSA key with %d primes", len(k.Primes))
- }
- k.Precompute()
- req = ssh.Marshal(rsaKeyMsg{
- Type: ssh.KeyAlgoRSA,
- N: k.N,
- E: big.NewInt(int64(k.E)),
- D: k.D,
- Iqmp: k.Precomputed.Qinv,
- P: k.Primes[0],
- Q: k.Primes[1],
- Comments: comment,
- Constraints: constraints,
- })
- case *dsa.PrivateKey:
- req = ssh.Marshal(dsaKeyMsg{
- Type: ssh.KeyAlgoDSA,
- P: k.P,
- Q: k.Q,
- G: k.G,
- Y: k.Y,
- X: k.X,
- Comments: comment,
- Constraints: constraints,
- })
- case *ecdsa.PrivateKey:
- nistID := fmt.Sprintf("nistp%d", k.Params().BitSize)
- req = ssh.Marshal(ecdsaKeyMsg{
- Type: "ecdsa-sha2-" + nistID,
- Curve: nistID,
- KeyBytes: elliptic.Marshal(k.Curve, k.X, k.Y),
- D: k.D,
- Comments: comment,
- Constraints: constraints,
- })
- case *ed25519.PrivateKey:
- req = ssh.Marshal(ed25519KeyMsg{
- Type: ssh.KeyAlgoED25519,
- Pub: []byte(*k)[32:],
- Priv: []byte(*k),
- Comments: comment,
- Constraints: constraints,
- })
- default:
- return fmt.Errorf("agent: unsupported key type %T", s)
- }
-
- // if constraints are present then the message type needs to be changed.
- if len(constraints) != 0 {
- req[0] = agentAddIDConstrained
- }
-
- resp, err := c.call(req)
- if err != nil {
- return err
- }
- if _, ok := resp.(*successAgentMsg); ok {
- return nil
- }
- return errors.New("agent: failure")
-}
-
-type rsaCertMsg struct {
- Type string `sshtype:"17|25"`
- CertBytes []byte
- D *big.Int
- Iqmp *big.Int // IQMP = Inverse Q Mod P
- P *big.Int
- Q *big.Int
- Comments string
- Constraints []byte `ssh:"rest"`
-}
-
-type dsaCertMsg struct {
- Type string `sshtype:"17|25"`
- CertBytes []byte
- X *big.Int
- Comments string
- Constraints []byte `ssh:"rest"`
-}
-
-type ecdsaCertMsg struct {
- Type string `sshtype:"17|25"`
- CertBytes []byte
- D *big.Int
- Comments string
- Constraints []byte `ssh:"rest"`
-}
-
-type ed25519CertMsg struct {
- Type string `sshtype:"17|25"`
- CertBytes []byte
- Pub []byte
- Priv []byte
- Comments string
- Constraints []byte `ssh:"rest"`
-}
-
-// Add adds a private key to the agent. If a certificate is given,
-// that certificate is added instead as public key.
-func (c *client) Add(key AddedKey) error {
- var constraints []byte
-
- if secs := key.LifetimeSecs; secs != 0 {
- constraints = append(constraints, ssh.Marshal(constrainLifetimeAgentMsg{secs})...)
- }
-
- if key.ConfirmBeforeUse {
- constraints = append(constraints, agentConstrainConfirm)
- }
-
- cert := key.Certificate
- if cert == nil {
- return c.insertKey(key.PrivateKey, key.Comment, constraints)
- }
- return c.insertCert(key.PrivateKey, cert, key.Comment, constraints)
-}
-
-func (c *client) insertCert(s interface{}, cert *ssh.Certificate, comment string, constraints []byte) error {
- var req []byte
- switch k := s.(type) {
- case *rsa.PrivateKey:
- if len(k.Primes) != 2 {
- return fmt.Errorf("agent: unsupported RSA key with %d primes", len(k.Primes))
- }
- k.Precompute()
- req = ssh.Marshal(rsaCertMsg{
- Type: cert.Type(),
- CertBytes: cert.Marshal(),
- D: k.D,
- Iqmp: k.Precomputed.Qinv,
- P: k.Primes[0],
- Q: k.Primes[1],
- Comments: comment,
- Constraints: constraints,
- })
- case *dsa.PrivateKey:
- req = ssh.Marshal(dsaCertMsg{
- Type: cert.Type(),
- CertBytes: cert.Marshal(),
- X: k.X,
- Comments: comment,
- Constraints: constraints,
- })
- case *ecdsa.PrivateKey:
- req = ssh.Marshal(ecdsaCertMsg{
- Type: cert.Type(),
- CertBytes: cert.Marshal(),
- D: k.D,
- Comments: comment,
- Constraints: constraints,
- })
- case *ed25519.PrivateKey:
- req = ssh.Marshal(ed25519CertMsg{
- Type: cert.Type(),
- CertBytes: cert.Marshal(),
- Pub: []byte(*k)[32:],
- Priv: []byte(*k),
- Comments: comment,
- Constraints: constraints,
- })
- default:
- return fmt.Errorf("agent: unsupported key type %T", s)
- }
-
- // if constraints are present then the message type needs to be changed.
- if len(constraints) != 0 {
- req[0] = agentAddIDConstrained
- }
-
- signer, err := ssh.NewSignerFromKey(s)
- if err != nil {
- return err
- }
- if bytes.Compare(cert.Key.Marshal(), signer.PublicKey().Marshal()) != 0 {
- return errors.New("agent: signer and cert have different public key")
- }
-
- resp, err := c.call(req)
- if err != nil {
- return err
- }
- if _, ok := resp.(*successAgentMsg); ok {
- return nil
- }
- return errors.New("agent: failure")
-}
-
-// Signers provides a callback for client authentication.
-func (c *client) Signers() ([]ssh.Signer, error) {
- keys, err := c.List()
- if err != nil {
- return nil, err
- }
-
- var result []ssh.Signer
- for _, k := range keys {
- result = append(result, &agentKeyringSigner{c, k})
- }
- return result, nil
-}
-
-type agentKeyringSigner struct {
- agent *client
- pub ssh.PublicKey
-}
-
-func (s *agentKeyringSigner) PublicKey() ssh.PublicKey {
- return s.pub
-}
-
-func (s *agentKeyringSigner) Sign(rand io.Reader, data []byte) (*ssh.Signature, error) {
- // The agent has its own entropy source, so the rand argument is ignored.
- return s.agent.Sign(s.pub, data)
-}
diff --git a/vendor/golang.org/x/crypto/ssh/agent/forward.go b/vendor/golang.org/x/crypto/ssh/agent/forward.go
deleted file mode 100644
index fd24ba90..00000000
--- a/vendor/golang.org/x/crypto/ssh/agent/forward.go
+++ /dev/null
@@ -1,103 +0,0 @@
-// Copyright 2014 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package agent
-
-import (
- "errors"
- "io"
- "net"
- "sync"
-
- "golang.org/x/crypto/ssh"
-)
-
-// RequestAgentForwarding sets up agent forwarding for the session.
-// ForwardToAgent or ForwardToRemote should be called to route
-// the authentication requests.
-func RequestAgentForwarding(session *ssh.Session) error {
- ok, err := session.SendRequest("auth-agent-req@openssh.com", true, nil)
- if err != nil {
- return err
- }
- if !ok {
- return errors.New("forwarding request denied")
- }
- return nil
-}
-
-// ForwardToAgent routes authentication requests to the given keyring.
-func ForwardToAgent(client *ssh.Client, keyring Agent) error {
- channels := client.HandleChannelOpen(channelType)
- if channels == nil {
- return errors.New("agent: already have handler for " + channelType)
- }
-
- go func() {
- for ch := range channels {
- channel, reqs, err := ch.Accept()
- if err != nil {
- continue
- }
- go ssh.DiscardRequests(reqs)
- go func() {
- ServeAgent(keyring, channel)
- channel.Close()
- }()
- }
- }()
- return nil
-}
-
-const channelType = "auth-agent@openssh.com"
-
-// ForwardToRemote routes authentication requests to the ssh-agent
-// process serving on the given unix socket.
-func ForwardToRemote(client *ssh.Client, addr string) error {
- channels := client.HandleChannelOpen(channelType)
- if channels == nil {
- return errors.New("agent: already have handler for " + channelType)
- }
- conn, err := net.Dial("unix", addr)
- if err != nil {
- return err
- }
- conn.Close()
-
- go func() {
- for ch := range channels {
- channel, reqs, err := ch.Accept()
- if err != nil {
- continue
- }
- go ssh.DiscardRequests(reqs)
- go forwardUnixSocket(channel, addr)
- }
- }()
- return nil
-}
-
-func forwardUnixSocket(channel ssh.Channel, addr string) {
- conn, err := net.Dial("unix", addr)
- if err != nil {
- return
- }
-
- var wg sync.WaitGroup
- wg.Add(2)
- go func() {
- io.Copy(conn, channel)
- conn.(*net.UnixConn).CloseWrite()
- wg.Done()
- }()
- go func() {
- io.Copy(channel, conn)
- channel.CloseWrite()
- wg.Done()
- }()
-
- wg.Wait()
- conn.Close()
- channel.Close()
-}
diff --git a/vendor/golang.org/x/crypto/ssh/agent/keyring.go b/vendor/golang.org/x/crypto/ssh/agent/keyring.go
deleted file mode 100644
index a6ba06ab..00000000
--- a/vendor/golang.org/x/crypto/ssh/agent/keyring.go
+++ /dev/null
@@ -1,215 +0,0 @@
-// Copyright 2014 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package agent
-
-import (
- "bytes"
- "crypto/rand"
- "crypto/subtle"
- "errors"
- "fmt"
- "sync"
- "time"
-
- "golang.org/x/crypto/ssh"
-)
-
-type privKey struct {
- signer ssh.Signer
- comment string
- expire *time.Time
-}
-
-type keyring struct {
- mu sync.Mutex
- keys []privKey
-
- locked bool
- passphrase []byte
-}
-
-var errLocked = errors.New("agent: locked")
-
-// NewKeyring returns an Agent that holds keys in memory. It is safe
-// for concurrent use by multiple goroutines.
-func NewKeyring() Agent {
- return &keyring{}
-}
-
-// RemoveAll removes all identities.
-func (r *keyring) RemoveAll() error {
- r.mu.Lock()
- defer r.mu.Unlock()
- if r.locked {
- return errLocked
- }
-
- r.keys = nil
- return nil
-}
-
-// removeLocked does the actual key removal. The caller must already be holding the
-// keyring mutex.
-func (r *keyring) removeLocked(want []byte) error {
- found := false
- for i := 0; i < len(r.keys); {
- if bytes.Equal(r.keys[i].signer.PublicKey().Marshal(), want) {
- found = true
- r.keys[i] = r.keys[len(r.keys)-1]
- r.keys = r.keys[:len(r.keys)-1]
- continue
- } else {
- i++
- }
- }
-
- if !found {
- return errors.New("agent: key not found")
- }
- return nil
-}
-
-// Remove removes all identities with the given public key.
-func (r *keyring) Remove(key ssh.PublicKey) error {
- r.mu.Lock()
- defer r.mu.Unlock()
- if r.locked {
- return errLocked
- }
-
- return r.removeLocked(key.Marshal())
-}
-
-// Lock locks the agent. Sign and Remove will fail, and List will return an empty list.
-func (r *keyring) Lock(passphrase []byte) error {
- r.mu.Lock()
- defer r.mu.Unlock()
- if r.locked {
- return errLocked
- }
-
- r.locked = true
- r.passphrase = passphrase
- return nil
-}
-
-// Unlock undoes the effect of Lock
-func (r *keyring) Unlock(passphrase []byte) error {
- r.mu.Lock()
- defer r.mu.Unlock()
- if !r.locked {
- return errors.New("agent: not locked")
- }
- if len(passphrase) != len(r.passphrase) || 1 != subtle.ConstantTimeCompare(passphrase, r.passphrase) {
- return fmt.Errorf("agent: incorrect passphrase")
- }
-
- r.locked = false
- r.passphrase = nil
- return nil
-}
-
-// expireKeysLocked removes expired keys from the keyring. If a key was added
-// with a lifetimesecs contraint and seconds >= lifetimesecs seconds have
-// ellapsed, it is removed. The caller *must* be holding the keyring mutex.
-func (r *keyring) expireKeysLocked() {
- for _, k := range r.keys {
- if k.expire != nil && time.Now().After(*k.expire) {
- r.removeLocked(k.signer.PublicKey().Marshal())
- }
- }
-}
-
-// List returns the identities known to the agent.
-func (r *keyring) List() ([]*Key, error) {
- r.mu.Lock()
- defer r.mu.Unlock()
- if r.locked {
- // section 2.7: locked agents return empty.
- return nil, nil
- }
-
- r.expireKeysLocked()
- var ids []*Key
- for _, k := range r.keys {
- pub := k.signer.PublicKey()
- ids = append(ids, &Key{
- Format: pub.Type(),
- Blob: pub.Marshal(),
- Comment: k.comment})
- }
- return ids, nil
-}
-
-// Insert adds a private key to the keyring. If a certificate
-// is given, that certificate is added as public key. Note that
-// any constraints given are ignored.
-func (r *keyring) Add(key AddedKey) error {
- r.mu.Lock()
- defer r.mu.Unlock()
- if r.locked {
- return errLocked
- }
- signer, err := ssh.NewSignerFromKey(key.PrivateKey)
-
- if err != nil {
- return err
- }
-
- if cert := key.Certificate; cert != nil {
- signer, err = ssh.NewCertSigner(cert, signer)
- if err != nil {
- return err
- }
- }
-
- p := privKey{
- signer: signer,
- comment: key.Comment,
- }
-
- if key.LifetimeSecs > 0 {
- t := time.Now().Add(time.Duration(key.LifetimeSecs) * time.Second)
- p.expire = &t
- }
-
- r.keys = append(r.keys, p)
-
- return nil
-}
-
-// Sign returns a signature for the data.
-func (r *keyring) Sign(key ssh.PublicKey, data []byte) (*ssh.Signature, error) {
- r.mu.Lock()
- defer r.mu.Unlock()
- if r.locked {
- return nil, errLocked
- }
-
- r.expireKeysLocked()
- wanted := key.Marshal()
- for _, k := range r.keys {
- if bytes.Equal(k.signer.PublicKey().Marshal(), wanted) {
- return k.signer.Sign(rand.Reader, data)
- }
- }
- return nil, errors.New("not found")
-}
-
-// Signers returns signers for all the known keys.
-func (r *keyring) Signers() ([]ssh.Signer, error) {
- r.mu.Lock()
- defer r.mu.Unlock()
- if r.locked {
- return nil, errLocked
- }
-
- r.expireKeysLocked()
- s := make([]ssh.Signer, 0, len(r.keys))
- for _, k := range r.keys {
- s = append(s, k.signer)
- }
- return s, nil
-}
diff --git a/vendor/golang.org/x/crypto/ssh/agent/server.go b/vendor/golang.org/x/crypto/ssh/agent/server.go
deleted file mode 100644
index 2e4692cb..00000000
--- a/vendor/golang.org/x/crypto/ssh/agent/server.go
+++ /dev/null
@@ -1,523 +0,0 @@
-// Copyright 2012 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package agent
-
-import (
- "crypto/dsa"
- "crypto/ecdsa"
- "crypto/elliptic"
- "crypto/rsa"
- "encoding/binary"
- "errors"
- "fmt"
- "io"
- "log"
- "math/big"
-
- "golang.org/x/crypto/ed25519"
- "golang.org/x/crypto/ssh"
-)
-
-// Server wraps an Agent and uses it to implement the agent side of
-// the SSH-agent, wire protocol.
-type server struct {
- agent Agent
-}
-
-func (s *server) processRequestBytes(reqData []byte) []byte {
- rep, err := s.processRequest(reqData)
- if err != nil {
- if err != errLocked {
- // TODO(hanwen): provide better logging interface?
- log.Printf("agent %d: %v", reqData[0], err)
- }
- return []byte{agentFailure}
- }
-
- if err == nil && rep == nil {
- return []byte{agentSuccess}
- }
-
- return ssh.Marshal(rep)
-}
-
-func marshalKey(k *Key) []byte {
- var record struct {
- Blob []byte
- Comment string
- }
- record.Blob = k.Marshal()
- record.Comment = k.Comment
-
- return ssh.Marshal(&record)
-}
-
-// See [PROTOCOL.agent], section 2.5.1.
-const agentV1IdentitiesAnswer = 2
-
-type agentV1IdentityMsg struct {
- Numkeys uint32 `sshtype:"2"`
-}
-
-type agentRemoveIdentityMsg struct {
- KeyBlob []byte `sshtype:"18"`
-}
-
-type agentLockMsg struct {
- Passphrase []byte `sshtype:"22"`
-}
-
-type agentUnlockMsg struct {
- Passphrase []byte `sshtype:"23"`
-}
-
-func (s *server) processRequest(data []byte) (interface{}, error) {
- switch data[0] {
- case agentRequestV1Identities:
- return &agentV1IdentityMsg{0}, nil
-
- case agentRemoveAllV1Identities:
- return nil, nil
-
- case agentRemoveIdentity:
- var req agentRemoveIdentityMsg
- if err := ssh.Unmarshal(data, &req); err != nil {
- return nil, err
- }
-
- var wk wireKey
- if err := ssh.Unmarshal(req.KeyBlob, &wk); err != nil {
- return nil, err
- }
-
- return nil, s.agent.Remove(&Key{Format: wk.Format, Blob: req.KeyBlob})
-
- case agentRemoveAllIdentities:
- return nil, s.agent.RemoveAll()
-
- case agentLock:
- var req agentLockMsg
- if err := ssh.Unmarshal(data, &req); err != nil {
- return nil, err
- }
-
- return nil, s.agent.Lock(req.Passphrase)
-
- case agentUnlock:
- var req agentUnlockMsg
- if err := ssh.Unmarshal(data, &req); err != nil {
- return nil, err
- }
- return nil, s.agent.Unlock(req.Passphrase)
-
- case agentSignRequest:
- var req signRequestAgentMsg
- if err := ssh.Unmarshal(data, &req); err != nil {
- return nil, err
- }
-
- var wk wireKey
- if err := ssh.Unmarshal(req.KeyBlob, &wk); err != nil {
- return nil, err
- }
-
- k := &Key{
- Format: wk.Format,
- Blob: req.KeyBlob,
- }
-
- sig, err := s.agent.Sign(k, req.Data) // TODO(hanwen): flags.
- if err != nil {
- return nil, err
- }
- return &signResponseAgentMsg{SigBlob: ssh.Marshal(sig)}, nil
-
- case agentRequestIdentities:
- keys, err := s.agent.List()
- if err != nil {
- return nil, err
- }
-
- rep := identitiesAnswerAgentMsg{
- NumKeys: uint32(len(keys)),
- }
- for _, k := range keys {
- rep.Keys = append(rep.Keys, marshalKey(k)...)
- }
- return rep, nil
-
- case agentAddIDConstrained, agentAddIdentity:
- return nil, s.insertIdentity(data)
- }
-
- return nil, fmt.Errorf("unknown opcode %d", data[0])
-}
-
-func parseConstraints(constraints []byte) (lifetimeSecs uint32, confirmBeforeUse bool, extensions []ConstraintExtension, err error) {
- for len(constraints) != 0 {
- switch constraints[0] {
- case agentConstrainLifetime:
- lifetimeSecs = binary.BigEndian.Uint32(constraints[1:5])
- constraints = constraints[5:]
- case agentConstrainConfirm:
- confirmBeforeUse = true
- constraints = constraints[1:]
- case agentConstrainExtension:
- var msg constrainExtensionAgentMsg
- if err = ssh.Unmarshal(constraints, &msg); err != nil {
- return 0, false, nil, err
- }
- extensions = append(extensions, ConstraintExtension{
- ExtensionName: msg.ExtensionName,
- ExtensionDetails: msg.ExtensionDetails,
- })
- constraints = msg.Rest
- default:
- return 0, false, nil, fmt.Errorf("unknown constraint type: %d", constraints[0])
- }
- }
- return
-}
-
-func setConstraints(key *AddedKey, constraintBytes []byte) error {
- lifetimeSecs, confirmBeforeUse, constraintExtensions, err := parseConstraints(constraintBytes)
- if err != nil {
- return err
- }
-
- key.LifetimeSecs = lifetimeSecs
- key.ConfirmBeforeUse = confirmBeforeUse
- key.ConstraintExtensions = constraintExtensions
- return nil
-}
-
-func parseRSAKey(req []byte) (*AddedKey, error) {
- var k rsaKeyMsg
- if err := ssh.Unmarshal(req, &k); err != nil {
- return nil, err
- }
- if k.E.BitLen() > 30 {
- return nil, errors.New("agent: RSA public exponent too large")
- }
- priv := &rsa.PrivateKey{
- PublicKey: rsa.PublicKey{
- E: int(k.E.Int64()),
- N: k.N,
- },
- D: k.D,
- Primes: []*big.Int{k.P, k.Q},
- }
- priv.Precompute()
-
- addedKey := &AddedKey{PrivateKey: priv, Comment: k.Comments}
- if err := setConstraints(addedKey, k.Constraints); err != nil {
- return nil, err
- }
- return addedKey, nil
-}
-
-func parseEd25519Key(req []byte) (*AddedKey, error) {
- var k ed25519KeyMsg
- if err := ssh.Unmarshal(req, &k); err != nil {
- return nil, err
- }
- priv := ed25519.PrivateKey(k.Priv)
-
- addedKey := &AddedKey{PrivateKey: &priv, Comment: k.Comments}
- if err := setConstraints(addedKey, k.Constraints); err != nil {
- return nil, err
- }
- return addedKey, nil
-}
-
-func parseDSAKey(req []byte) (*AddedKey, error) {
- var k dsaKeyMsg
- if err := ssh.Unmarshal(req, &k); err != nil {
- return nil, err
- }
- priv := &dsa.PrivateKey{
- PublicKey: dsa.PublicKey{
- Parameters: dsa.Parameters{
- P: k.P,
- Q: k.Q,
- G: k.G,
- },
- Y: k.Y,
- },
- X: k.X,
- }
-
- addedKey := &AddedKey{PrivateKey: priv, Comment: k.Comments}
- if err := setConstraints(addedKey, k.Constraints); err != nil {
- return nil, err
- }
- return addedKey, nil
-}
-
-func unmarshalECDSA(curveName string, keyBytes []byte, privScalar *big.Int) (priv *ecdsa.PrivateKey, err error) {
- priv = &ecdsa.PrivateKey{
- D: privScalar,
- }
-
- switch curveName {
- case "nistp256":
- priv.Curve = elliptic.P256()
- case "nistp384":
- priv.Curve = elliptic.P384()
- case "nistp521":
- priv.Curve = elliptic.P521()
- default:
- return nil, fmt.Errorf("agent: unknown curve %q", curveName)
- }
-
- priv.X, priv.Y = elliptic.Unmarshal(priv.Curve, keyBytes)
- if priv.X == nil || priv.Y == nil {
- return nil, errors.New("agent: point not on curve")
- }
-
- return priv, nil
-}
-
-func parseEd25519Cert(req []byte) (*AddedKey, error) {
- var k ed25519CertMsg
- if err := ssh.Unmarshal(req, &k); err != nil {
- return nil, err
- }
- pubKey, err := ssh.ParsePublicKey(k.CertBytes)
- if err != nil {
- return nil, err
- }
- priv := ed25519.PrivateKey(k.Priv)
- cert, ok := pubKey.(*ssh.Certificate)
- if !ok {
- return nil, errors.New("agent: bad ED25519 certificate")
- }
-
- addedKey := &AddedKey{PrivateKey: &priv, Certificate: cert, Comment: k.Comments}
- if err := setConstraints(addedKey, k.Constraints); err != nil {
- return nil, err
- }
- return addedKey, nil
-}
-
-func parseECDSAKey(req []byte) (*AddedKey, error) {
- var k ecdsaKeyMsg
- if err := ssh.Unmarshal(req, &k); err != nil {
- return nil, err
- }
-
- priv, err := unmarshalECDSA(k.Curve, k.KeyBytes, k.D)
- if err != nil {
- return nil, err
- }
-
- addedKey := &AddedKey{PrivateKey: priv, Comment: k.Comments}
- if err := setConstraints(addedKey, k.Constraints); err != nil {
- return nil, err
- }
- return addedKey, nil
-}
-
-func parseRSACert(req []byte) (*AddedKey, error) {
- var k rsaCertMsg
- if err := ssh.Unmarshal(req, &k); err != nil {
- return nil, err
- }
-
- pubKey, err := ssh.ParsePublicKey(k.CertBytes)
- if err != nil {
- return nil, err
- }
-
- cert, ok := pubKey.(*ssh.Certificate)
- if !ok {
- return nil, errors.New("agent: bad RSA certificate")
- }
-
- // An RSA publickey as marshaled by rsaPublicKey.Marshal() in keys.go
- var rsaPub struct {
- Name string
- E *big.Int
- N *big.Int
- }
- if err := ssh.Unmarshal(cert.Key.Marshal(), &rsaPub); err != nil {
- return nil, fmt.Errorf("agent: Unmarshal failed to parse public key: %v", err)
- }
-
- if rsaPub.E.BitLen() > 30 {
- return nil, errors.New("agent: RSA public exponent too large")
- }
-
- priv := rsa.PrivateKey{
- PublicKey: rsa.PublicKey{
- E: int(rsaPub.E.Int64()),
- N: rsaPub.N,
- },
- D: k.D,
- Primes: []*big.Int{k.Q, k.P},
- }
- priv.Precompute()
-
- addedKey := &AddedKey{PrivateKey: &priv, Certificate: cert, Comment: k.Comments}
- if err := setConstraints(addedKey, k.Constraints); err != nil {
- return nil, err
- }
- return addedKey, nil
-}
-
-func parseDSACert(req []byte) (*AddedKey, error) {
- var k dsaCertMsg
- if err := ssh.Unmarshal(req, &k); err != nil {
- return nil, err
- }
- pubKey, err := ssh.ParsePublicKey(k.CertBytes)
- if err != nil {
- return nil, err
- }
- cert, ok := pubKey.(*ssh.Certificate)
- if !ok {
- return nil, errors.New("agent: bad DSA certificate")
- }
-
- // A DSA publickey as marshaled by dsaPublicKey.Marshal() in keys.go
- var w struct {
- Name string
- P, Q, G, Y *big.Int
- }
- if err := ssh.Unmarshal(cert.Key.Marshal(), &w); err != nil {
- return nil, fmt.Errorf("agent: Unmarshal failed to parse public key: %v", err)
- }
-
- priv := &dsa.PrivateKey{
- PublicKey: dsa.PublicKey{
- Parameters: dsa.Parameters{
- P: w.P,
- Q: w.Q,
- G: w.G,
- },
- Y: w.Y,
- },
- X: k.X,
- }
-
- addedKey := &AddedKey{PrivateKey: priv, Certificate: cert, Comment: k.Comments}
- if err := setConstraints(addedKey, k.Constraints); err != nil {
- return nil, err
- }
- return addedKey, nil
-}
-
-func parseECDSACert(req []byte) (*AddedKey, error) {
- var k ecdsaCertMsg
- if err := ssh.Unmarshal(req, &k); err != nil {
- return nil, err
- }
-
- pubKey, err := ssh.ParsePublicKey(k.CertBytes)
- if err != nil {
- return nil, err
- }
- cert, ok := pubKey.(*ssh.Certificate)
- if !ok {
- return nil, errors.New("agent: bad ECDSA certificate")
- }
-
- // An ECDSA publickey as marshaled by ecdsaPublicKey.Marshal() in keys.go
- var ecdsaPub struct {
- Name string
- ID string
- Key []byte
- }
- if err := ssh.Unmarshal(cert.Key.Marshal(), &ecdsaPub); err != nil {
- return nil, err
- }
-
- priv, err := unmarshalECDSA(ecdsaPub.ID, ecdsaPub.Key, k.D)
- if err != nil {
- return nil, err
- }
-
- addedKey := &AddedKey{PrivateKey: priv, Certificate: cert, Comment: k.Comments}
- if err := setConstraints(addedKey, k.Constraints); err != nil {
- return nil, err
- }
- return addedKey, nil
-}
-
-func (s *server) insertIdentity(req []byte) error {
- var record struct {
- Type string `sshtype:"17|25"`
- Rest []byte `ssh:"rest"`
- }
-
- if err := ssh.Unmarshal(req, &record); err != nil {
- return err
- }
-
- var addedKey *AddedKey
- var err error
-
- switch record.Type {
- case ssh.KeyAlgoRSA:
- addedKey, err = parseRSAKey(req)
- case ssh.KeyAlgoDSA:
- addedKey, err = parseDSAKey(req)
- case ssh.KeyAlgoECDSA256, ssh.KeyAlgoECDSA384, ssh.KeyAlgoECDSA521:
- addedKey, err = parseECDSAKey(req)
- case ssh.KeyAlgoED25519:
- addedKey, err = parseEd25519Key(req)
- case ssh.CertAlgoRSAv01:
- addedKey, err = parseRSACert(req)
- case ssh.CertAlgoDSAv01:
- addedKey, err = parseDSACert(req)
- case ssh.CertAlgoECDSA256v01, ssh.CertAlgoECDSA384v01, ssh.CertAlgoECDSA521v01:
- addedKey, err = parseECDSACert(req)
- case ssh.CertAlgoED25519v01:
- addedKey, err = parseEd25519Cert(req)
- default:
- return fmt.Errorf("agent: not implemented: %q", record.Type)
- }
-
- if err != nil {
- return err
- }
- return s.agent.Add(*addedKey)
-}
-
-// ServeAgent serves the agent protocol on the given connection. It
-// returns when an I/O error occurs.
-func ServeAgent(agent Agent, c io.ReadWriter) error {
- s := &server{agent}
-
- var length [4]byte
- for {
- if _, err := io.ReadFull(c, length[:]); err != nil {
- return err
- }
- l := binary.BigEndian.Uint32(length[:])
- if l > maxAgentResponseBytes {
- // We also cap requests.
- return fmt.Errorf("agent: request too large: %d", l)
- }
-
- req := make([]byte, l)
- if _, err := io.ReadFull(c, req); err != nil {
- return err
- }
-
- repData := s.processRequestBytes(req)
- if len(repData) > maxAgentResponseBytes {
- return fmt.Errorf("agent: reply too large: %d bytes", len(repData))
- }
-
- binary.BigEndian.PutUint32(length[:], uint32(len(repData)))
- if _, err := c.Write(length[:]); err != nil {
- return err
- }
- if _, err := c.Write(repData); err != nil {
- return err
- }
- }
-}
diff --git a/vendor/golang.org/x/crypto/ssh/certs.go b/vendor/golang.org/x/crypto/ssh/certs.go
index 5c9fadce..42106f3f 100644
--- a/vendor/golang.org/x/crypto/ssh/certs.go
+++ b/vendor/golang.org/x/crypto/ssh/certs.go
@@ -44,7 +44,9 @@ type Signature struct {
const CertTimeInfinity = 1<<64 - 1
// An Certificate represents an OpenSSH certificate as defined in
-// [PROTOCOL.certkeys]?rev=1.8.
+// [PROTOCOL.certkeys]?rev=1.8. The Certificate type implements the
+// PublicKey interface, so it can be unmarshaled using
+// ParsePublicKey.
type Certificate struct {
Nonce []byte
Key PublicKey
@@ -340,7 +342,7 @@ func (c *CertChecker) Authenticate(conn ConnMetadata, pubKey PublicKey) (*Permis
// the signature of the certificate.
func (c *CertChecker) CheckCert(principal string, cert *Certificate) error {
if c.IsRevoked != nil && c.IsRevoked(cert) {
- return fmt.Errorf("ssh: certicate serial %d revoked", cert.Serial)
+ return fmt.Errorf("ssh: certificate serial %d revoked", cert.Serial)
}
for opt := range cert.CriticalOptions {
diff --git a/vendor/golang.org/x/crypto/ssh/cipher.go b/vendor/golang.org/x/crypto/ssh/cipher.go
index e67c5e0a..30a49fdf 100644
--- a/vendor/golang.org/x/crypto/ssh/cipher.go
+++ b/vendor/golang.org/x/crypto/ssh/cipher.go
@@ -16,6 +16,9 @@ import (
"hash"
"io"
"io/ioutil"
+
+ "golang.org/x/crypto/internal/chacha20"
+ "golang.org/x/crypto/poly1305"
)
const (
@@ -53,78 +56,78 @@ func newRC4(key, iv []byte) (cipher.Stream, error) {
return rc4.NewCipher(key)
}
-type streamCipherMode struct {
- keySize int
- ivSize int
- skip int
- createFunc func(key, iv []byte) (cipher.Stream, error)
+type cipherMode struct {
+ keySize int
+ ivSize int
+ create func(key, iv []byte, macKey []byte, algs directionAlgorithms) (packetCipher, error)
}
-func (c *streamCipherMode) createStream(key, iv []byte) (cipher.Stream, error) {
- if len(key) < c.keySize {
- panic("ssh: key length too small for cipher")
- }
- if len(iv) < c.ivSize {
- panic("ssh: iv too small for cipher")
- }
-
- stream, err := c.createFunc(key[:c.keySize], iv[:c.ivSize])
- if err != nil {
- return nil, err
- }
+func streamCipherMode(skip int, createFunc func(key, iv []byte) (cipher.Stream, error)) func(key, iv []byte, macKey []byte, algs directionAlgorithms) (packetCipher, error) {
+ return func(key, iv, macKey []byte, algs directionAlgorithms) (packetCipher, error) {
+ stream, err := createFunc(key, iv)
+ if err != nil {
+ return nil, err
+ }
- var streamDump []byte
- if c.skip > 0 {
- streamDump = make([]byte, 512)
- }
+ var streamDump []byte
+ if skip > 0 {
+ streamDump = make([]byte, 512)
+ }
- for remainingToDump := c.skip; remainingToDump > 0; {
- dumpThisTime := remainingToDump
- if dumpThisTime > len(streamDump) {
- dumpThisTime = len(streamDump)
+ for remainingToDump := skip; remainingToDump > 0; {
+ dumpThisTime := remainingToDump
+ if dumpThisTime > len(streamDump) {
+ dumpThisTime = len(streamDump)
+ }
+ stream.XORKeyStream(streamDump[:dumpThisTime], streamDump[:dumpThisTime])
+ remainingToDump -= dumpThisTime
}
- stream.XORKeyStream(streamDump[:dumpThisTime], streamDump[:dumpThisTime])
- remainingToDump -= dumpThisTime
- }
- return stream, nil
+ mac := macModes[algs.MAC].new(macKey)
+ return &streamPacketCipher{
+ mac: mac,
+ etm: macModes[algs.MAC].etm,
+ macResult: make([]byte, mac.Size()),
+ cipher: stream,
+ }, nil
+ }
}
// cipherModes documents properties of supported ciphers. Ciphers not included
// are not supported and will not be negotiated, even if explicitly requested in
// ClientConfig.Crypto.Ciphers.
-var cipherModes = map[string]*streamCipherMode{
+var cipherModes = map[string]*cipherMode{
// Ciphers from RFC4344, which introduced many CTR-based ciphers. Algorithms
// are defined in the order specified in the RFC.
- "aes128-ctr": {16, aes.BlockSize, 0, newAESCTR},
- "aes192-ctr": {24, aes.BlockSize, 0, newAESCTR},
- "aes256-ctr": {32, aes.BlockSize, 0, newAESCTR},
+ "aes128-ctr": {16, aes.BlockSize, streamCipherMode(0, newAESCTR)},
+ "aes192-ctr": {24, aes.BlockSize, streamCipherMode(0, newAESCTR)},
+ "aes256-ctr": {32, aes.BlockSize, streamCipherMode(0, newAESCTR)},
// Ciphers from RFC4345, which introduces security-improved arcfour ciphers.
// They are defined in the order specified in the RFC.
- "arcfour128": {16, 0, 1536, newRC4},
- "arcfour256": {32, 0, 1536, newRC4},
+ "arcfour128": {16, 0, streamCipherMode(1536, newRC4)},
+ "arcfour256": {32, 0, streamCipherMode(1536, newRC4)},
// Cipher defined in RFC 4253, which describes SSH Transport Layer Protocol.
// Note that this cipher is not safe, as stated in RFC 4253: "Arcfour (and
// RC4) has problems with weak keys, and should be used with caution."
// RFC4345 introduces improved versions of Arcfour.
- "arcfour": {16, 0, 0, newRC4},
+ "arcfour": {16, 0, streamCipherMode(0, newRC4)},
- // AES-GCM is not a stream cipher, so it is constructed with a
- // special case. If we add any more non-stream ciphers, we
- // should invest a cleaner way to do this.
- gcmCipherID: {16, 12, 0, nil},
+ // AEAD ciphers
+ gcmCipherID: {16, 12, newGCMCipher},
+ chacha20Poly1305ID: {64, 0, newChaCha20Cipher},
// CBC mode is insecure and so is not included in the default config.
// (See http://www.isg.rhul.ac.uk/~kp/SandPfinal.pdf). If absolutely
// needed, it's possible to specify a custom Config to enable it.
// You should expect that an active attacker can recover plaintext if
// you do.
- aes128cbcID: {16, aes.BlockSize, 0, nil},
+ aes128cbcID: {16, aes.BlockSize, newAESCBCCipher},
- // 3des-cbc is insecure and is disabled by default.
- tripledescbcID: {24, des.BlockSize, 0, nil},
+ // 3des-cbc is insecure and is not included in the default
+ // config.
+ tripledescbcID: {24, des.BlockSize, newTripleDESCBCCipher},
}
// prefixLen is the length of the packet prefix that contains the packet length
@@ -304,7 +307,7 @@ type gcmCipher struct {
buf []byte
}
-func newGCMCipher(iv, key []byte) (packetCipher, error) {
+func newGCMCipher(key, iv, unusedMacKey []byte, unusedAlgs directionAlgorithms) (packetCipher, error) {
c, err := aes.NewCipher(key)
if err != nil {
return nil, err
@@ -422,7 +425,7 @@ type cbcCipher struct {
oracleCamouflage uint32
}
-func newCBCCipher(c cipher.Block, iv, key, macKey []byte, algs directionAlgorithms) (packetCipher, error) {
+func newCBCCipher(c cipher.Block, key, iv, macKey []byte, algs directionAlgorithms) (packetCipher, error) {
cbc := &cbcCipher{
mac: macModes[algs.MAC].new(macKey),
decrypter: cipher.NewCBCDecrypter(c, iv),
@@ -436,13 +439,13 @@ func newCBCCipher(c cipher.Block, iv, key, macKey []byte, algs directionAlgorith
return cbc, nil
}
-func newAESCBCCipher(iv, key, macKey []byte, algs directionAlgorithms) (packetCipher, error) {
+func newAESCBCCipher(key, iv, macKey []byte, algs directionAlgorithms) (packetCipher, error) {
c, err := aes.NewCipher(key)
if err != nil {
return nil, err
}
- cbc, err := newCBCCipher(c, iv, key, macKey, algs)
+ cbc, err := newCBCCipher(c, key, iv, macKey, algs)
if err != nil {
return nil, err
}
@@ -450,13 +453,13 @@ func newAESCBCCipher(iv, key, macKey []byte, algs directionAlgorithms) (packetCi
return cbc, nil
}
-func newTripleDESCBCCipher(iv, key, macKey []byte, algs directionAlgorithms) (packetCipher, error) {
+func newTripleDESCBCCipher(key, iv, macKey []byte, algs directionAlgorithms) (packetCipher, error) {
c, err := des.NewTripleDESCipher(key)
if err != nil {
return nil, err
}
- cbc, err := newCBCCipher(c, iv, key, macKey, algs)
+ cbc, err := newCBCCipher(c, key, iv, macKey, algs)
if err != nil {
return nil, err
}
@@ -627,3 +630,142 @@ func (c *cbcCipher) writePacket(seqNum uint32, w io.Writer, rand io.Reader, pack
return nil
}
+
+const chacha20Poly1305ID = "chacha20-poly1305@openssh.com"
+
+// chacha20Poly1305Cipher implements the chacha20-poly1305@openssh.com
+// AEAD, which is described here:
+//
+// https://tools.ietf.org/html/draft-josefsson-ssh-chacha20-poly1305-openssh-00
+//
+// the methods here also implement padding, which RFC4253 Section 6
+// also requires of stream ciphers.
+type chacha20Poly1305Cipher struct {
+ lengthKey [32]byte
+ contentKey [32]byte
+ buf []byte
+}
+
+func newChaCha20Cipher(key, unusedIV, unusedMACKey []byte, unusedAlgs directionAlgorithms) (packetCipher, error) {
+ if len(key) != 64 {
+ panic(len(key))
+ }
+
+ c := &chacha20Poly1305Cipher{
+ buf: make([]byte, 256),
+ }
+
+ copy(c.contentKey[:], key[:32])
+ copy(c.lengthKey[:], key[32:])
+ return c, nil
+}
+
+// The Poly1305 key is obtained by encrypting 32 0-bytes.
+var chacha20PolyKeyInput [32]byte
+
+func (c *chacha20Poly1305Cipher) readPacket(seqNum uint32, r io.Reader) ([]byte, error) {
+ var counter [16]byte
+ binary.BigEndian.PutUint64(counter[8:], uint64(seqNum))
+
+ var polyKey [32]byte
+ chacha20.XORKeyStream(polyKey[:], chacha20PolyKeyInput[:], &counter, &c.contentKey)
+
+ encryptedLength := c.buf[:4]
+ if _, err := io.ReadFull(r, encryptedLength); err != nil {
+ return nil, err
+ }
+
+ var lenBytes [4]byte
+ chacha20.XORKeyStream(lenBytes[:], encryptedLength, &counter, &c.lengthKey)
+
+ length := binary.BigEndian.Uint32(lenBytes[:])
+ if length > maxPacket {
+ return nil, errors.New("ssh: invalid packet length, packet too large")
+ }
+
+ contentEnd := 4 + length
+ packetEnd := contentEnd + poly1305.TagSize
+ if uint32(cap(c.buf)) < packetEnd {
+ c.buf = make([]byte, packetEnd)
+ copy(c.buf[:], encryptedLength)
+ } else {
+ c.buf = c.buf[:packetEnd]
+ }
+
+ if _, err := io.ReadFull(r, c.buf[4:packetEnd]); err != nil {
+ return nil, err
+ }
+
+ var mac [poly1305.TagSize]byte
+ copy(mac[:], c.buf[contentEnd:packetEnd])
+ if !poly1305.Verify(&mac, c.buf[:contentEnd], &polyKey) {
+ return nil, errors.New("ssh: MAC failure")
+ }
+
+ counter[0] = 1
+
+ plain := c.buf[4:contentEnd]
+ chacha20.XORKeyStream(plain, plain, &counter, &c.contentKey)
+
+ padding := plain[0]
+ if padding < 4 {
+ // padding is a byte, so it automatically satisfies
+ // the maximum size, which is 255.
+ return nil, fmt.Errorf("ssh: illegal padding %d", padding)
+ }
+
+ if int(padding)+1 >= len(plain) {
+ return nil, fmt.Errorf("ssh: padding %d too large", padding)
+ }
+
+ plain = plain[1 : len(plain)-int(padding)]
+
+ return plain, nil
+}
+
+func (c *chacha20Poly1305Cipher) writePacket(seqNum uint32, w io.Writer, rand io.Reader, payload []byte) error {
+ var counter [16]byte
+ binary.BigEndian.PutUint64(counter[8:], uint64(seqNum))
+
+ var polyKey [32]byte
+ chacha20.XORKeyStream(polyKey[:], chacha20PolyKeyInput[:], &counter, &c.contentKey)
+
+ // There is no blocksize, so fall back to multiple of 8 byte
+ // padding, as described in RFC 4253, Sec 6.
+ const packetSizeMultiple = 8
+
+ padding := packetSizeMultiple - (1+len(payload))%packetSizeMultiple
+ if padding < 4 {
+ padding += packetSizeMultiple
+ }
+
+ // size (4 bytes), padding (1), payload, padding, tag.
+ totalLength := 4 + 1 + len(payload) + padding + poly1305.TagSize
+ if cap(c.buf) < totalLength {
+ c.buf = make([]byte, totalLength)
+ } else {
+ c.buf = c.buf[:totalLength]
+ }
+
+ binary.BigEndian.PutUint32(c.buf, uint32(1+len(payload)+padding))
+ chacha20.XORKeyStream(c.buf, c.buf[:4], &counter, &c.lengthKey)
+ c.buf[4] = byte(padding)
+ copy(c.buf[5:], payload)
+ packetEnd := 5 + len(payload) + padding
+ if _, err := io.ReadFull(rand, c.buf[5+len(payload):packetEnd]); err != nil {
+ return err
+ }
+
+ counter[0] = 1
+ chacha20.XORKeyStream(c.buf[4:], c.buf[4:packetEnd], &counter, &c.contentKey)
+
+ var mac [poly1305.TagSize]byte
+ poly1305.Sum(&mac, c.buf[:packetEnd], &polyKey)
+
+ copy(c.buf[packetEnd:], mac[:])
+
+ if _, err := w.Write(c.buf); err != nil {
+ return err
+ }
+ return nil
+}
diff --git a/vendor/golang.org/x/crypto/ssh/client_auth.go b/vendor/golang.org/x/crypto/ssh/client_auth.go
index a1252cb9..5f44b774 100644
--- a/vendor/golang.org/x/crypto/ssh/client_auth.go
+++ b/vendor/golang.org/x/crypto/ssh/client_auth.go
@@ -11,6 +11,14 @@ import (
"io"
)
+type authResult int
+
+const (
+ authFailure authResult = iota
+ authPartialSuccess
+ authSuccess
+)
+
// clientAuthenticate authenticates with the remote server. See RFC 4252.
func (c *connection) clientAuthenticate(config *ClientConfig) error {
// initiate user auth session
@@ -37,11 +45,12 @@ func (c *connection) clientAuthenticate(config *ClientConfig) error {
if err != nil {
return err
}
- if ok {
+ if ok == authSuccess {
// success
return nil
+ } else if ok == authFailure {
+ tried[auth.method()] = true
}
- tried[auth.method()] = true
if methods == nil {
methods = lastMethods
}
@@ -82,7 +91,7 @@ type AuthMethod interface {
// If authentication is not successful, a []string of alternative
// method names is returned. If the slice is nil, it will be ignored
// and the previous set of possible methods will be reused.
- auth(session []byte, user string, p packetConn, rand io.Reader) (bool, []string, error)
+ auth(session []byte, user string, p packetConn, rand io.Reader) (authResult, []string, error)
// method returns the RFC 4252 method name.
method() string
@@ -91,13 +100,13 @@ type AuthMethod interface {
// "none" authentication, RFC 4252 section 5.2.
type noneAuth int
-func (n *noneAuth) auth(session []byte, user string, c packetConn, rand io.Reader) (bool, []string, error) {
+func (n *noneAuth) auth(session []byte, user string, c packetConn, rand io.Reader) (authResult, []string, error) {
if err := c.writePacket(Marshal(&userAuthRequestMsg{
User: user,
Service: serviceSSH,
Method: "none",
})); err != nil {
- return false, nil, err
+ return authFailure, nil, err
}
return handleAuthResponse(c)
@@ -111,7 +120,7 @@ func (n *noneAuth) method() string {
// a function call, e.g. by prompting the user.
type passwordCallback func() (password string, err error)
-func (cb passwordCallback) auth(session []byte, user string, c packetConn, rand io.Reader) (bool, []string, error) {
+func (cb passwordCallback) auth(session []byte, user string, c packetConn, rand io.Reader) (authResult, []string, error) {
type passwordAuthMsg struct {
User string `sshtype:"50"`
Service string
@@ -125,7 +134,7 @@ func (cb passwordCallback) auth(session []byte, user string, c packetConn, rand
// The program may only find out that the user doesn't have a password
// when prompting.
if err != nil {
- return false, nil, err
+ return authFailure, nil, err
}
if err := c.writePacket(Marshal(&passwordAuthMsg{
@@ -135,7 +144,7 @@ func (cb passwordCallback) auth(session []byte, user string, c packetConn, rand
Reply: false,
Password: pw,
})); err != nil {
- return false, nil, err
+ return authFailure, nil, err
}
return handleAuthResponse(c)
@@ -178,7 +187,7 @@ func (cb publicKeyCallback) method() string {
return "publickey"
}
-func (cb publicKeyCallback) auth(session []byte, user string, c packetConn, rand io.Reader) (bool, []string, error) {
+func (cb publicKeyCallback) auth(session []byte, user string, c packetConn, rand io.Reader) (authResult, []string, error) {
// Authentication is performed by sending an enquiry to test if a key is
// acceptable to the remote. If the key is acceptable, the client will
// attempt to authenticate with the valid key. If not the client will repeat
@@ -186,13 +195,13 @@ func (cb publicKeyCallback) auth(session []byte, user string, c packetConn, rand
signers, err := cb()
if err != nil {
- return false, nil, err
+ return authFailure, nil, err
}
var methods []string
for _, signer := range signers {
ok, err := validateKey(signer.PublicKey(), user, c)
if err != nil {
- return false, nil, err
+ return authFailure, nil, err
}
if !ok {
continue
@@ -206,7 +215,7 @@ func (cb publicKeyCallback) auth(session []byte, user string, c packetConn, rand
Method: cb.method(),
}, []byte(pub.Type()), pubKey))
if err != nil {
- return false, nil, err
+ return authFailure, nil, err
}
// manually wrap the serialized signature in a string
@@ -224,24 +233,24 @@ func (cb publicKeyCallback) auth(session []byte, user string, c packetConn, rand
}
p := Marshal(&msg)
if err := c.writePacket(p); err != nil {
- return false, nil, err
+ return authFailure, nil, err
}
- var success bool
+ var success authResult
success, methods, err = handleAuthResponse(c)
if err != nil {
- return false, nil, err
+ return authFailure, nil, err
}
// If authentication succeeds or the list of available methods does not
// contain the "publickey" method, do not attempt to authenticate with any
// other keys. According to RFC 4252 Section 7, the latter can occur when
// additional authentication methods are required.
- if success || !containsMethod(methods, cb.method()) {
+ if success == authSuccess || !containsMethod(methods, cb.method()) {
return success, methods, err
}
}
- return false, methods, nil
+ return authFailure, methods, nil
}
func containsMethod(methods []string, method string) bool {
@@ -318,28 +327,31 @@ func PublicKeysCallback(getSigners func() (signers []Signer, err error)) AuthMet
// handleAuthResponse returns whether the preceding authentication request succeeded
// along with a list of remaining authentication methods to try next and
// an error if an unexpected response was received.
-func handleAuthResponse(c packetConn) (bool, []string, error) {
+func handleAuthResponse(c packetConn) (authResult, []string, error) {
for {
packet, err := c.readPacket()
if err != nil {
- return false, nil, err
+ return authFailure, nil, err
}
switch packet[0] {
case msgUserAuthBanner:
if err := handleBannerResponse(c, packet); err != nil {
- return false, nil, err
+ return authFailure, nil, err
}
case msgUserAuthFailure:
var msg userAuthFailureMsg
if err := Unmarshal(packet, &msg); err != nil {
- return false, nil, err
+ return authFailure, nil, err
}
- return false, msg.Methods, nil
+ if msg.PartialSuccess {
+ return authPartialSuccess, msg.Methods, nil
+ }
+ return authFailure, msg.Methods, nil
case msgUserAuthSuccess:
- return true, nil, nil
+ return authSuccess, nil, nil
default:
- return false, nil, unexpectedMessageError(msgUserAuthSuccess, packet[0])
+ return authFailure, nil, unexpectedMessageError(msgUserAuthSuccess, packet[0])
}
}
}
@@ -381,7 +393,7 @@ func (cb KeyboardInteractiveChallenge) method() string {
return "keyboard-interactive"
}
-func (cb KeyboardInteractiveChallenge) auth(session []byte, user string, c packetConn, rand io.Reader) (bool, []string, error) {
+func (cb KeyboardInteractiveChallenge) auth(session []byte, user string, c packetConn, rand io.Reader) (authResult, []string, error) {
type initiateMsg struct {
User string `sshtype:"50"`
Service string
@@ -395,20 +407,20 @@ func (cb KeyboardInteractiveChallenge) auth(session []byte, user string, c packe
Service: serviceSSH,
Method: "keyboard-interactive",
})); err != nil {
- return false, nil, err
+ return authFailure, nil, err
}
for {
packet, err := c.readPacket()
if err != nil {
- return false, nil, err
+ return authFailure, nil, err
}
// like handleAuthResponse, but with less options.
switch packet[0] {
case msgUserAuthBanner:
if err := handleBannerResponse(c, packet); err != nil {
- return false, nil, err
+ return authFailure, nil, err
}
continue
case msgUserAuthInfoRequest:
@@ -416,18 +428,21 @@ func (cb KeyboardInteractiveChallenge) auth(session []byte, user string, c packe
case msgUserAuthFailure:
var msg userAuthFailureMsg
if err := Unmarshal(packet, &msg); err != nil {
- return false, nil, err
+ return authFailure, nil, err
+ }
+ if msg.PartialSuccess {
+ return authPartialSuccess, msg.Methods, nil
}
- return false, msg.Methods, nil
+ return authFailure, msg.Methods, nil
case msgUserAuthSuccess:
- return true, nil, nil
+ return authSuccess, nil, nil
default:
- return false, nil, unexpectedMessageError(msgUserAuthInfoRequest, packet[0])
+ return authFailure, nil, unexpectedMessageError(msgUserAuthInfoRequest, packet[0])
}
var msg userAuthInfoRequestMsg
if err := Unmarshal(packet, &msg); err != nil {
- return false, nil, err
+ return authFailure, nil, err
}
// Manually unpack the prompt/echo pairs.
@@ -437,7 +452,7 @@ func (cb KeyboardInteractiveChallenge) auth(session []byte, user string, c packe
for i := 0; i < int(msg.NumPrompts); i++ {
prompt, r, ok := parseString(rest)
if !ok || len(r) == 0 {
- return false, nil, errors.New("ssh: prompt format error")
+ return authFailure, nil, errors.New("ssh: prompt format error")
}
prompts = append(prompts, string(prompt))
echos = append(echos, r[0] != 0)
@@ -445,16 +460,16 @@ func (cb KeyboardInteractiveChallenge) auth(session []byte, user string, c packe
}
if len(rest) != 0 {
- return false, nil, errors.New("ssh: extra data following keyboard-interactive pairs")
+ return authFailure, nil, errors.New("ssh: extra data following keyboard-interactive pairs")
}
answers, err := cb(msg.User, msg.Instruction, prompts, echos)
if err != nil {
- return false, nil, err
+ return authFailure, nil, err
}
if len(answers) != len(prompts) {
- return false, nil, errors.New("ssh: not enough answers from keyboard-interactive callback")
+ return authFailure, nil, errors.New("ssh: not enough answers from keyboard-interactive callback")
}
responseLength := 1 + 4
for _, a := range answers {
@@ -470,7 +485,7 @@ func (cb KeyboardInteractiveChallenge) auth(session []byte, user string, c packe
}
if err := c.writePacket(serialized); err != nil {
- return false, nil, err
+ return authFailure, nil, err
}
}
}
@@ -480,10 +495,10 @@ type retryableAuthMethod struct {
maxTries int
}
-func (r *retryableAuthMethod) auth(session []byte, user string, c packetConn, rand io.Reader) (ok bool, methods []string, err error) {
+func (r *retryableAuthMethod) auth(session []byte, user string, c packetConn, rand io.Reader) (ok authResult, methods []string, err error) {
for i := 0; r.maxTries <= 0 || i < r.maxTries; i++ {
ok, methods, err = r.authMethod.auth(session, user, c, rand)
- if ok || err != nil { // either success or error terminate
+ if ok != authFailure || err != nil { // either success, partial success or error terminate
return ok, methods, err
}
}
diff --git a/vendor/golang.org/x/crypto/ssh/common.go b/vendor/golang.org/x/crypto/ssh/common.go
index 135b4edd..04f3620b 100644
--- a/vendor/golang.org/x/crypto/ssh/common.go
+++ b/vendor/golang.org/x/crypto/ssh/common.go
@@ -24,11 +24,21 @@ const (
serviceSSH = "ssh-connection"
)
-// supportedCiphers specifies the supported ciphers in preference order.
+// supportedCiphers lists ciphers we support but might not recommend.
var supportedCiphers = []string{
"aes128-ctr", "aes192-ctr", "aes256-ctr",
"aes128-gcm@openssh.com",
- "arcfour256", "arcfour128",
+ chacha20Poly1305ID,
+ "arcfour256", "arcfour128", "arcfour",
+ aes128cbcID,
+ tripledescbcID,
+}
+
+// preferredCiphers specifies the default preference for ciphers.
+var preferredCiphers = []string{
+ "aes128-gcm@openssh.com",
+ chacha20Poly1305ID,
+ "aes128-ctr", "aes192-ctr", "aes256-ctr",
}
// supportedKexAlgos specifies the supported key-exchange algorithms in
@@ -211,7 +221,7 @@ func (c *Config) SetDefaults() {
c.Rand = rand.Reader
}
if c.Ciphers == nil {
- c.Ciphers = supportedCiphers
+ c.Ciphers = preferredCiphers
}
var ciphers []string
for _, c := range c.Ciphers {
diff --git a/vendor/golang.org/x/crypto/ssh/keys.go b/vendor/golang.org/x/crypto/ssh/keys.go
index dadf41ab..73697ded 100644
--- a/vendor/golang.org/x/crypto/ssh/keys.go
+++ b/vendor/golang.org/x/crypto/ssh/keys.go
@@ -276,7 +276,8 @@ type PublicKey interface {
Type() string
// Marshal returns the serialized key data in SSH wire format,
- // with the name prefix.
+ // with the name prefix. To unmarshal the returned data, use
+ // the ParsePublicKey function.
Marshal() []byte
// Verify that sig is a signature on the given data using this
diff --git a/vendor/golang.org/x/crypto/ssh/knownhosts/knownhosts.go b/vendor/golang.org/x/crypto/ssh/knownhosts/knownhosts.go
deleted file mode 100644
index 448fc07f..00000000
--- a/vendor/golang.org/x/crypto/ssh/knownhosts/knownhosts.go
+++ /dev/null
@@ -1,546 +0,0 @@
-// Copyright 2017 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// Package knownhosts implements a parser for the OpenSSH
-// known_hosts host key database.
-package knownhosts
-
-import (
- "bufio"
- "bytes"
- "crypto/hmac"
- "crypto/rand"
- "crypto/sha1"
- "encoding/base64"
- "errors"
- "fmt"
- "io"
- "net"
- "os"
- "strings"
-
- "golang.org/x/crypto/ssh"
-)
-
-// See the sshd manpage
-// (http://man.openbsd.org/sshd#SSH_KNOWN_HOSTS_FILE_FORMAT) for
-// background.
-
-type addr struct{ host, port string }
-
-func (a *addr) String() string {
- h := a.host
- if strings.Contains(h, ":") {
- h = "[" + h + "]"
- }
- return h + ":" + a.port
-}
-
-type matcher interface {
- match([]addr) bool
-}
-
-type hostPattern struct {
- negate bool
- addr addr
-}
-
-func (p *hostPattern) String() string {
- n := ""
- if p.negate {
- n = "!"
- }
-
- return n + p.addr.String()
-}
-
-type hostPatterns []hostPattern
-
-func (ps hostPatterns) match(addrs []addr) bool {
- matched := false
- for _, p := range ps {
- for _, a := range addrs {
- m := p.match(a)
- if !m {
- continue
- }
- if p.negate {
- return false
- }
- matched = true
- }
- }
- return matched
-}
-
-// See
-// https://android.googlesource.com/platform/external/openssh/+/ab28f5495c85297e7a597c1ba62e996416da7c7e/addrmatch.c
-// The matching of * has no regard for separators, unlike filesystem globs
-func wildcardMatch(pat []byte, str []byte) bool {
- for {
- if len(pat) == 0 {
- return len(str) == 0
- }
- if len(str) == 0 {
- return false
- }
-
- if pat[0] == '*' {
- if len(pat) == 1 {
- return true
- }
-
- for j := range str {
- if wildcardMatch(pat[1:], str[j:]) {
- return true
- }
- }
- return false
- }
-
- if pat[0] == '?' || pat[0] == str[0] {
- pat = pat[1:]
- str = str[1:]
- } else {
- return false
- }
- }
-}
-
-func (p *hostPattern) match(a addr) bool {
- return wildcardMatch([]byte(p.addr.host), []byte(a.host)) && p.addr.port == a.port
-}
-
-type keyDBLine struct {
- cert bool
- matcher matcher
- knownKey KnownKey
-}
-
-func serialize(k ssh.PublicKey) string {
- return k.Type() + " " + base64.StdEncoding.EncodeToString(k.Marshal())
-}
-
-func (l *keyDBLine) match(addrs []addr) bool {
- return l.matcher.match(addrs)
-}
-
-type hostKeyDB struct {
- // Serialized version of revoked keys
- revoked map[string]*KnownKey
- lines []keyDBLine
-}
-
-func newHostKeyDB() *hostKeyDB {
- db := &hostKeyDB{
- revoked: make(map[string]*KnownKey),
- }
-
- return db
-}
-
-func keyEq(a, b ssh.PublicKey) bool {
- return bytes.Equal(a.Marshal(), b.Marshal())
-}
-
-// IsAuthorityForHost can be used as a callback in ssh.CertChecker
-func (db *hostKeyDB) IsHostAuthority(remote ssh.PublicKey, address string) bool {
- h, p, err := net.SplitHostPort(address)
- if err != nil {
- return false
- }
- a := addr{host: h, port: p}
-
- for _, l := range db.lines {
- if l.cert && keyEq(l.knownKey.Key, remote) && l.match([]addr{a}) {
- return true
- }
- }
- return false
-}
-
-// IsRevoked can be used as a callback in ssh.CertChecker
-func (db *hostKeyDB) IsRevoked(key *ssh.Certificate) bool {
- _, ok := db.revoked[string(key.Marshal())]
- return ok
-}
-
-const markerCert = "@cert-authority"
-const markerRevoked = "@revoked"
-
-func nextWord(line []byte) (string, []byte) {
- i := bytes.IndexAny(line, "\t ")
- if i == -1 {
- return string(line), nil
- }
-
- return string(line[:i]), bytes.TrimSpace(line[i:])
-}
-
-func parseLine(line []byte) (marker, host string, key ssh.PublicKey, err error) {
- if w, next := nextWord(line); w == markerCert || w == markerRevoked {
- marker = w
- line = next
- }
-
- host, line = nextWord(line)
- if len(line) == 0 {
- return "", "", nil, errors.New("knownhosts: missing host pattern")
- }
-
- // ignore the keytype as it's in the key blob anyway.
- _, line = nextWord(line)
- if len(line) == 0 {
- return "", "", nil, errors.New("knownhosts: missing key type pattern")
- }
-
- keyBlob, _ := nextWord(line)
-
- keyBytes, err := base64.StdEncoding.DecodeString(keyBlob)
- if err != nil {
- return "", "", nil, err
- }
- key, err = ssh.ParsePublicKey(keyBytes)
- if err != nil {
- return "", "", nil, err
- }
-
- return marker, host, key, nil
-}
-
-func (db *hostKeyDB) parseLine(line []byte, filename string, linenum int) error {
- marker, pattern, key, err := parseLine(line)
- if err != nil {
- return err
- }
-
- if marker == markerRevoked {
- db.revoked[string(key.Marshal())] = &KnownKey{
- Key: key,
- Filename: filename,
- Line: linenum,
- }
-
- return nil
- }
-
- entry := keyDBLine{
- cert: marker == markerCert,
- knownKey: KnownKey{
- Filename: filename,
- Line: linenum,
- Key: key,
- },
- }
-
- if pattern[0] == '|' {
- entry.matcher, err = newHashedHost(pattern)
- } else {
- entry.matcher, err = newHostnameMatcher(pattern)
- }
-
- if err != nil {
- return err
- }
-
- db.lines = append(db.lines, entry)
- return nil
-}
-
-func newHostnameMatcher(pattern string) (matcher, error) {
- var hps hostPatterns
- for _, p := range strings.Split(pattern, ",") {
- if len(p) == 0 {
- continue
- }
-
- var a addr
- var negate bool
- if p[0] == '!' {
- negate = true
- p = p[1:]
- }
-
- if len(p) == 0 {
- return nil, errors.New("knownhosts: negation without following hostname")
- }
-
- var err error
- if p[0] == '[' {
- a.host, a.port, err = net.SplitHostPort(p)
- if err != nil {
- return nil, err
- }
- } else {
- a.host, a.port, err = net.SplitHostPort(p)
- if err != nil {
- a.host = p
- a.port = "22"
- }
- }
- hps = append(hps, hostPattern{
- negate: negate,
- addr: a,
- })
- }
- return hps, nil
-}
-
-// KnownKey represents a key declared in a known_hosts file.
-type KnownKey struct {
- Key ssh.PublicKey
- Filename string
- Line int
-}
-
-func (k *KnownKey) String() string {
- return fmt.Sprintf("%s:%d: %s", k.Filename, k.Line, serialize(k.Key))
-}
-
-// KeyError is returned if we did not find the key in the host key
-// database, or there was a mismatch. Typically, in batch
-// applications, this should be interpreted as failure. Interactive
-// applications can offer an interactive prompt to the user.
-type KeyError struct {
- // Want holds the accepted host keys. For each key algorithm,
- // there can be one hostkey. If Want is empty, the host is
- // unknown. If Want is non-empty, there was a mismatch, which
- // can signify a MITM attack.
- Want []KnownKey
-}
-
-func (u *KeyError) Error() string {
- if len(u.Want) == 0 {
- return "knownhosts: key is unknown"
- }
- return "knownhosts: key mismatch"
-}
-
-// RevokedError is returned if we found a key that was revoked.
-type RevokedError struct {
- Revoked KnownKey
-}
-
-func (r *RevokedError) Error() string {
- return "knownhosts: key is revoked"
-}
-
-// check checks a key against the host database. This should not be
-// used for verifying certificates.
-func (db *hostKeyDB) check(address string, remote net.Addr, remoteKey ssh.PublicKey) error {
- if revoked := db.revoked[string(remoteKey.Marshal())]; revoked != nil {
- return &RevokedError{Revoked: *revoked}
- }
-
- host, port, err := net.SplitHostPort(remote.String())
- if err != nil {
- return fmt.Errorf("knownhosts: SplitHostPort(%s): %v", remote, err)
- }
-
- addrs := []addr{
- {host, port},
- }
-
- if address != "" {
- host, port, err := net.SplitHostPort(address)
- if err != nil {
- return fmt.Errorf("knownhosts: SplitHostPort(%s): %v", address, err)
- }
-
- addrs = append(addrs, addr{host, port})
- }
-
- return db.checkAddrs(addrs, remoteKey)
-}
-
-// checkAddrs checks if we can find the given public key for any of
-// the given addresses. If we only find an entry for the IP address,
-// or only the hostname, then this still succeeds.
-func (db *hostKeyDB) checkAddrs(addrs []addr, remoteKey ssh.PublicKey) error {
- // TODO(hanwen): are these the right semantics? What if there
- // is just a key for the IP address, but not for the
- // hostname?
-
- // Algorithm => key.
- knownKeys := map[string]KnownKey{}
- for _, l := range db.lines {
- if l.match(addrs) {
- typ := l.knownKey.Key.Type()
- if _, ok := knownKeys[typ]; !ok {
- knownKeys[typ] = l.knownKey
- }
- }
- }
-
- keyErr := &KeyError{}
- for _, v := range knownKeys {
- keyErr.Want = append(keyErr.Want, v)
- }
-
- // Unknown remote host.
- if len(knownKeys) == 0 {
- return keyErr
- }
-
- // If the remote host starts using a different, unknown key type, we
- // also interpret that as a mismatch.
- if known, ok := knownKeys[remoteKey.Type()]; !ok || !keyEq(known.Key, remoteKey) {
- return keyErr
- }
-
- return nil
-}
-
-// The Read function parses file contents.
-func (db *hostKeyDB) Read(r io.Reader, filename string) error {
- scanner := bufio.NewScanner(r)
-
- lineNum := 0
- for scanner.Scan() {
- lineNum++
- line := scanner.Bytes()
- line = bytes.TrimSpace(line)
- if len(line) == 0 || line[0] == '#' {
- continue
- }
-
- if err := db.parseLine(line, filename, lineNum); err != nil {
- return fmt.Errorf("knownhosts: %s:%d: %v", filename, lineNum, err)
- }
- }
- return scanner.Err()
-}
-
-// New creates a host key callback from the given OpenSSH host key
-// files. The returned callback is for use in
-// ssh.ClientConfig.HostKeyCallback. Hashed hostnames are not supported.
-func New(files ...string) (ssh.HostKeyCallback, error) {
- db := newHostKeyDB()
- for _, fn := range files {
- f, err := os.Open(fn)
- if err != nil {
- return nil, err
- }
- defer f.Close()
- if err := db.Read(f, fn); err != nil {
- return nil, err
- }
- }
-
- var certChecker ssh.CertChecker
- certChecker.IsHostAuthority = db.IsHostAuthority
- certChecker.IsRevoked = db.IsRevoked
- certChecker.HostKeyFallback = db.check
-
- return certChecker.CheckHostKey, nil
-}
-
-// Normalize normalizes an address into the form used in known_hosts
-func Normalize(address string) string {
- host, port, err := net.SplitHostPort(address)
- if err != nil {
- host = address
- port = "22"
- }
- entry := host
- if port != "22" {
- entry = "[" + entry + "]:" + port
- } else if strings.Contains(host, ":") && !strings.HasPrefix(host, "[") {
- entry = "[" + entry + "]"
- }
- return entry
-}
-
-// Line returns a line to add append to the known_hosts files.
-func Line(addresses []string, key ssh.PublicKey) string {
- var trimmed []string
- for _, a := range addresses {
- trimmed = append(trimmed, Normalize(a))
- }
-
- return strings.Join(trimmed, ",") + " " + serialize(key)
-}
-
-// HashHostname hashes the given hostname. The hostname is not
-// normalized before hashing.
-func HashHostname(hostname string) string {
- // TODO(hanwen): check if we can safely normalize this always.
- salt := make([]byte, sha1.Size)
-
- _, err := rand.Read(salt)
- if err != nil {
- panic(fmt.Sprintf("crypto/rand failure %v", err))
- }
-
- hash := hashHost(hostname, salt)
- return encodeHash(sha1HashType, salt, hash)
-}
-
-func decodeHash(encoded string) (hashType string, salt, hash []byte, err error) {
- if len(encoded) == 0 || encoded[0] != '|' {
- err = errors.New("knownhosts: hashed host must start with '|'")
- return
- }
- components := strings.Split(encoded, "|")
- if len(components) != 4 {
- err = fmt.Errorf("knownhosts: got %d components, want 3", len(components))
- return
- }
-
- hashType = components[1]
- if salt, err = base64.StdEncoding.DecodeString(components[2]); err != nil {
- return
- }
- if hash, err = base64.StdEncoding.DecodeString(components[3]); err != nil {
- return
- }
- return
-}
-
-func encodeHash(typ string, salt []byte, hash []byte) string {
- return strings.Join([]string{"",
- typ,
- base64.StdEncoding.EncodeToString(salt),
- base64.StdEncoding.EncodeToString(hash),
- }, "|")
-}
-
-// See https://android.googlesource.com/platform/external/openssh/+/ab28f5495c85297e7a597c1ba62e996416da7c7e/hostfile.c#120
-func hashHost(hostname string, salt []byte) []byte {
- mac := hmac.New(sha1.New, salt)
- mac.Write([]byte(hostname))
- return mac.Sum(nil)
-}
-
-type hashedHost struct {
- salt []byte
- hash []byte
-}
-
-const sha1HashType = "1"
-
-func newHashedHost(encoded string) (*hashedHost, error) {
- typ, salt, hash, err := decodeHash(encoded)
- if err != nil {
- return nil, err
- }
-
- // The type field seems for future algorithm agility, but it's
- // actually hardcoded in openssh currently, see
- // https://android.googlesource.com/platform/external/openssh/+/ab28f5495c85297e7a597c1ba62e996416da7c7e/hostfile.c#120
- if typ != sha1HashType {
- return nil, fmt.Errorf("knownhosts: got hash type %s, must be '1'", typ)
- }
-
- return &hashedHost{salt: salt, hash: hash}, nil
-}
-
-func (h *hashedHost) match(addrs []addr) bool {
- for _, a := range addrs {
- if bytes.Equal(hashHost(Normalize(a.String()), h.salt), h.hash) {
- return true
- }
- }
- return false
-}
diff --git a/vendor/golang.org/x/crypto/ssh/server.go b/vendor/golang.org/x/crypto/ssh/server.go
index d4df9160..d0f48253 100644
--- a/vendor/golang.org/x/crypto/ssh/server.go
+++ b/vendor/golang.org/x/crypto/ssh/server.go
@@ -166,6 +166,9 @@ type ServerConn struct {
// unsuccessful, it closes the connection and returns an error. The
// Request and NewChannel channels must be serviced, or the connection
// will hang.
+//
+// The returned error may be of type *ServerAuthError for
+// authentication errors.
func NewServerConn(c net.Conn, config *ServerConfig) (*ServerConn, <-chan NewChannel, <-chan *Request, error) {
fullConf := *config
fullConf.SetDefaults()
@@ -256,7 +259,7 @@ func (s *connection) serverHandshake(config *ServerConfig) (*Permissions, error)
func isAcceptableAlgo(algo string) bool {
switch algo {
case KeyAlgoRSA, KeyAlgoDSA, KeyAlgoECDSA256, KeyAlgoECDSA384, KeyAlgoECDSA521, KeyAlgoED25519,
- CertAlgoRSAv01, CertAlgoDSAv01, CertAlgoECDSA256v01, CertAlgoECDSA384v01, CertAlgoECDSA521v01:
+ CertAlgoRSAv01, CertAlgoDSAv01, CertAlgoECDSA256v01, CertAlgoECDSA384v01, CertAlgoECDSA521v01, CertAlgoED25519v01:
return true
}
return false
@@ -292,12 +295,13 @@ func checkSourceAddress(addr net.Addr, sourceAddrs string) error {
return fmt.Errorf("ssh: remote address %v is not allowed because of source-address restriction", addr)
}
-// ServerAuthError implements the error interface. It appends any authentication
-// errors that may occur, and is returned if all of the authentication methods
-// provided by the user failed to authenticate.
+// ServerAuthError represents server authentication errors and is
+// sometimes returned by NewServerConn. It appends any authentication
+// errors that may occur, and is returned if all of the authentication
+// methods provided by the user failed to authenticate.
type ServerAuthError struct {
// Errors contains authentication errors returned by the authentication
- // callback methods.
+ // callback methods. The first entry is typically ErrNoAuth.
Errors []error
}
@@ -309,6 +313,13 @@ func (l ServerAuthError) Error() string {
return "[" + strings.Join(errs, ", ") + "]"
}
+// ErrNoAuth is the error value returned if no
+// authentication method has been passed yet. This happens as a normal
+// part of the authentication loop, since the client first tries
+// 'none' authentication to discover available methods.
+// It is returned in ServerAuthError.Errors from NewServerConn.
+var ErrNoAuth = errors.New("ssh: no auth passed yet")
+
func (s *connection) serverAuthenticate(config *ServerConfig) (*Permissions, error) {
sessionID := s.transport.getSessionID()
var cache pubKeyCache
@@ -363,7 +374,7 @@ userAuthLoop:
}
perms = nil
- authErr := errors.New("no auth passed yet")
+ authErr := ErrNoAuth
switch userAuthReq.Method {
case "none":
diff --git a/vendor/golang.org/x/crypto/ssh/terminal/util_windows.go b/vendor/golang.org/x/crypto/ssh/terminal/util_windows.go
index 92944f3b..4933ac36 100644
--- a/vendor/golang.org/x/crypto/ssh/terminal/util_windows.go
+++ b/vendor/golang.org/x/crypto/ssh/terminal/util_windows.go
@@ -93,5 +93,13 @@ func ReadPassword(fd int) ([]byte, error) {
windows.SetConsoleMode(windows.Handle(fd), old)
}()
- return readPasswordLine(os.NewFile(uintptr(fd), "stdin"))
+ var h windows.Handle
+ p, _ := windows.GetCurrentProcess()
+ if err := windows.DuplicateHandle(p, windows.Handle(fd), p, &h, 0, false, windows.DUPLICATE_SAME_ACCESS); err != nil {
+ return nil, err
+ }
+
+ f := os.NewFile(uintptr(h), "stdin")
+ defer f.Close()
+ return readPasswordLine(f)
}
diff --git a/vendor/golang.org/x/crypto/ssh/test/doc.go b/vendor/golang.org/x/crypto/ssh/test/doc.go
deleted file mode 100644
index 198f0ca1..00000000
--- a/vendor/golang.org/x/crypto/ssh/test/doc.go
+++ /dev/null
@@ -1,7 +0,0 @@
-// Copyright 2012 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// Package test contains integration tests for the
-// golang.org/x/crypto/ssh package.
-package test // import "golang.org/x/crypto/ssh/test"
diff --git a/vendor/golang.org/x/crypto/ssh/transport.go b/vendor/golang.org/x/crypto/ssh/transport.go
index 01150eb8..f6fae1db 100644
--- a/vendor/golang.org/x/crypto/ssh/transport.go
+++ b/vendor/golang.org/x/crypto/ssh/transport.go
@@ -6,6 +6,7 @@ package ssh
import (
"bufio"
+ "bytes"
"errors"
"io"
"log"
@@ -232,52 +233,22 @@ var (
clientKeys = direction{[]byte{'A'}, []byte{'C'}, []byte{'E'}}
)
-// generateKeys generates key material for IV, MAC and encryption.
-func generateKeys(d direction, algs directionAlgorithms, kex *kexResult) (iv, key, macKey []byte) {
+// setupKeys sets the cipher and MAC keys from kex.K, kex.H and sessionId, as
+// described in RFC 4253, section 6.4. direction should either be serverKeys
+// (to setup server->client keys) or clientKeys (for client->server keys).
+func newPacketCipher(d direction, algs directionAlgorithms, kex *kexResult) (packetCipher, error) {
cipherMode := cipherModes[algs.Cipher]
macMode := macModes[algs.MAC]
- iv = make([]byte, cipherMode.ivSize)
- key = make([]byte, cipherMode.keySize)
- macKey = make([]byte, macMode.keySize)
+ iv := make([]byte, cipherMode.ivSize)
+ key := make([]byte, cipherMode.keySize)
+ macKey := make([]byte, macMode.keySize)
generateKeyMaterial(iv, d.ivTag, kex)
generateKeyMaterial(key, d.keyTag, kex)
generateKeyMaterial(macKey, d.macKeyTag, kex)
- return
-}
-
-// setupKeys sets the cipher and MAC keys from kex.K, kex.H and sessionId, as
-// described in RFC 4253, section 6.4. direction should either be serverKeys
-// (to setup server->client keys) or clientKeys (for client->server keys).
-func newPacketCipher(d direction, algs directionAlgorithms, kex *kexResult) (packetCipher, error) {
- iv, key, macKey := generateKeys(d, algs, kex)
-
- if algs.Cipher == gcmCipherID {
- return newGCMCipher(iv, key)
- }
-
- if algs.Cipher == aes128cbcID {
- return newAESCBCCipher(iv, key, macKey, algs)
- }
- if algs.Cipher == tripledescbcID {
- return newTripleDESCBCCipher(iv, key, macKey, algs)
- }
-
- c := &streamPacketCipher{
- mac: macModes[algs.MAC].new(macKey),
- etm: macModes[algs.MAC].etm,
- }
- c.macResult = make([]byte, c.mac.Size())
-
- var err error
- c.cipher, err = cipherModes[algs.Cipher].createStream(key, iv)
- if err != nil {
- return nil, err
- }
-
- return c, nil
+ return cipherModes[algs.Cipher].create(key, iv, macKey, algs)
}
// generateKeyMaterial fills out with key material generated from tag, K, H
@@ -342,7 +313,7 @@ func readVersion(r io.Reader) ([]byte, error) {
var ok bool
var buf [1]byte
- for len(versionString) < maxVersionStringBytes {
+ for length := 0; length < maxVersionStringBytes; length++ {
_, err := io.ReadFull(r, buf[:])
if err != nil {
return nil, err
@@ -350,6 +321,13 @@ func readVersion(r io.Reader) ([]byte, error) {
// The RFC says that the version should be terminated with \r\n
// but several SSH servers actually only send a \n.
if buf[0] == '\n' {
+ if !bytes.HasPrefix(versionString, []byte("SSH-")) {
+ // RFC 4253 says we need to ignore all version string lines
+ // except the one containing the SSH version (provided that
+ // all the lines do not exceed 255 bytes in total).
+ versionString = versionString[:0]
+ continue
+ }
ok = true
break
}