Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature Request: allow ssh lib (golang.org/x/crypto/ssh) to support 2FA #17934

Closed
sonnens opened this issue Nov 16, 2016 · 1 comment
Closed

Feature Request: allow ssh lib (golang.org/x/crypto/ssh) to support 2FA #17934

sonnens opened this issue Nov 16, 2016 · 1 comment
Labels
FrozenDueToAge

Comments

@sonnens
Copy link

sonnens commented Nov 16, 2016

Please answer these questions before submitting your issue. Thanks!

What version of Go are you using (go version)?

go version go1.7.3 darwin/amd64

I was looking to integrate Duo support in to an ssh server and there doesn't seem to be a way to track succeeded & failed auth methods.

I worked around it with this patch

diff --git a/ssh/connection.go b/ssh/connection.go
index e786f2f..e1deccf 100644
--- a/ssh/connection.go
+++ b/ssh/connection.go
@@ -41,6 +41,9 @@ type ConnMetadata interface {

        // LocalAddr returns the local address for this connection.
        LocalAddr() net.Addr
+
+       SetAuthMethod(string, int)
+       GetAuthMethod(string) int
 }

 // Conn represents an SSH connection for both server and client roles.
@@ -106,6 +109,11 @@ type sshConn struct {
        sessionID     []byte
        clientVersion []byte
        serverVersion []byte
+
+       // AuthMethod is a toggle of methods that have
+       // authenticated with the server. 1 for success
+       // 0 for unseen, -1 for failure (seen but failed)
+       AuthMethod map[string]int
 }

 func dup(src []byte) []byte {
@@ -141,3 +149,17 @@ func (c *sshConn) ClientVersion() []byte {
 func (c *sshConn) ServerVersion() []byte {
        return dup(c.serverVersion)
 }
+
+func (c *sshConn) SetAuthMethod(key string, val int) {
+       if c.AuthMethod == nil {
+               c.AuthMethod = make(map[string]int)
+       }
+       c.AuthMethod[key] = val
+}
+
+func (c *sshConn) GetAuthMethod(key string) int {
+       if c.AuthMethod != nil {
+               return c.AuthMethod[key]
+       }
+       return 0
+}
@quentinmit
Copy link
Contributor

Dupe of #17889

@golang golang locked and limited conversation to collaborators Nov 16, 2017
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@quentinmit @sonnens @gopherbot