You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
tailscale/ssh/tailssh
Andrew Lytvynov 29e98e18f8
ssh/tailssh: use a local error instead of gossh.ErrDenied (#10743)
ErrDenied was added in [our fork of
x/crypto/ssh](acc6f8fe8d)
to short-circuit auth attempts once one fails.

In the case of our callbacks, this error is returned when SSH policy
check determines that a connection should not be allowed. Both
`NoClientAuthCallback` and `PublicKeyHandler` check the policy and will
fail anyway. The `fakePasswordHandler` returns true only if
`NoClientAuthCallback` succeeds the policy check, so it checks it
indirectly too.

The difference here is that a client might attempt all 2-3 auth methods
instead of just `none` but will fail to authenticate regardless.

Updates #8593

Signed-off-by: Andrew Lytvynov <awly@tailscale.com>
11 months ago
..
incubator.go ssh/tailssh: add envknobs to force override forwarding, sftp, pty 1 year ago
incubator_linux.go
privs_test.go
tailssh.go ssh/tailssh: use a local error instead of gossh.ErrDenied (#10743) 11 months ago
tailssh_test.go
user.go ssh/tailssh,util: extract new osuser package from ssh code (#10170) 1 year ago