chore: Fixes final changes.
This commit is contained in:
greysoh
parent
19aadc20c0
commit
7fa789691c
2 changed files with 43 additions and 28 deletions
|
|
@ -4,8 +4,16 @@ import ssh2 from "ssh2";
|
|||
import { readFromKeyboard } from "./libs/readFromKeyboard.js";
|
||||
import type { ClientKeys } from "./index.js";
|
||||
|
||||
export async function runCopyID(username: string, password: string, keys: ClientKeys, stream: ssh2.ServerChannel) {
|
||||
stream.write("Hey there! I think you're using ssh-copy-id. If this is an error, you may close this terminal.\n");
|
||||
export async function runCopyID(
|
||||
username: string,
|
||||
password: string,
|
||||
keys: ClientKeys,
|
||||
stream: ssh2.ServerChannel,
|
||||
) {
|
||||
stream.write(
|
||||
"Hey there! I think you're using ssh-copy-id. If this is an error, you may close this terminal.\n",
|
||||
);
|
||||
|
||||
stream.write("Please wait...\n");
|
||||
|
||||
const keyData = await readFromKeyboard(stream, true);
|
||||
|
|
@ -23,14 +31,16 @@ export async function runCopyID(username: string, password: string, keys: Client
|
|||
keys.push({
|
||||
username,
|
||||
password,
|
||||
publicKey: keyData
|
||||
publicKey: keyData,
|
||||
});
|
||||
|
||||
try {
|
||||
await writeFile("../keys/clients.json", JSON.stringify(keys, null, 2));
|
||||
} catch (e) {
|
||||
console.log(e);
|
||||
return stream.write("ERROR: Failed to save changes! If you're the administrator, view the console for details.\n");
|
||||
return stream.write(
|
||||
"ERROR: Failed to save changes! If you're the administrator, view the console for details.\n",
|
||||
);
|
||||
}
|
||||
|
||||
stream.write("Success!\n");
|
||||
|
|
|
|||
|
|
@ -11,16 +11,16 @@ import { commands } from "./commands.js";
|
|||
import { runCopyID } from "./copyID.js";
|
||||
|
||||
export type ClientKeys = {
|
||||
publicKey: string,
|
||||
username: string,
|
||||
password: string,
|
||||
publicKey: string;
|
||||
username: string;
|
||||
password: string;
|
||||
}[];
|
||||
|
||||
function checkValue(input: Buffer, allowed: Buffer): boolean {
|
||||
const autoReject = (input.length !== allowed.length);
|
||||
const autoReject = input.length !== allowed.length;
|
||||
if (autoReject) allowed = input;
|
||||
const isMatch = timingSafeEqual(input, allowed);
|
||||
return (!autoReject && isMatch);
|
||||
return !autoReject && isMatch;
|
||||
}
|
||||
|
||||
let serverKeyFile: Buffer | string | undefined;
|
||||
|
|
@ -43,7 +43,9 @@ try {
|
|||
try {
|
||||
serverKeyFile = await readFile("../keys/host.key");
|
||||
} catch (e) {
|
||||
console.log("ERROR: Failed to read the host key file! Creating new keypair...");
|
||||
console.log(
|
||||
"ERROR: Failed to read the host key file! Creating new keypair...",
|
||||
);
|
||||
await mkdir("../keys").catch(() => null);
|
||||
|
||||
const keyPair: { private: string; public: string } = await new Promise(
|
||||
|
|
@ -60,11 +62,9 @@ try {
|
|||
if (!serverKeyFile) throw new Error("Somehow failed to fetch the key file!");
|
||||
|
||||
const server: ssh2.Server = new ssh2.Server({
|
||||
hostKeys: [
|
||||
serverKeyFile
|
||||
],
|
||||
hostKeys: [serverKeyFile],
|
||||
|
||||
banner: "NextNet-LOM (c) NextNet project et al."
|
||||
banner: "NextNet-LOM (c) NextNet project et al.",
|
||||
});
|
||||
|
||||
server.on("connection", client => {
|
||||
|
|
@ -95,7 +95,7 @@ server.on("connection", client => {
|
|||
} else if (auth.method == "publickey") {
|
||||
const userData = {
|
||||
username: "",
|
||||
password: ""
|
||||
password: "",
|
||||
};
|
||||
|
||||
for (const rawKey of clientKeys) {
|
||||
|
|
@ -109,18 +109,20 @@ server.on("connection", client => {
|
|||
console.log(auth.signature, auth.blob);
|
||||
|
||||
if (
|
||||
rawKey.username == auth.username &&
|
||||
(rawKey.username == auth.username &&
|
||||
auth.key.algo == key.type &&
|
||||
auth.key.data == key.getPublicSSH() &&
|
||||
auth.signature && key.verify(auth.blob as Buffer, auth.signature, auth.key.algo)
|
||||
checkValue(auth.key.data, key.getPublicSSH())) ||
|
||||
(auth.signature &&
|
||||
key.verify(auth.blob as Buffer, auth.signature, auth.key.algo))
|
||||
) {
|
||||
console.log(" -- VERIFIED PUBLIC KEY --");
|
||||
userData.username = rawKey.username;
|
||||
userData.password = rawKey.password;
|
||||
};
|
||||
}
|
||||
}
|
||||
|
||||
if (!userData.username || !userData.password) return auth.reject(["password", "publickey"]);
|
||||
if (!userData.username || !userData.password)
|
||||
return auth.reject(["password", "publickey"]);
|
||||
|
||||
const response = await axios.post("/api/v1/users/login", userData);
|
||||
|
||||
|
|
@ -146,7 +148,10 @@ server.on("connection", client => {
|
|||
conn.on("exec", async (accept, reject, info) => {
|
||||
const stream = accept();
|
||||
|
||||
if (info.command.includes(".ssh/authorized_keys") && info.command.startsWith("exec sh -c")) {
|
||||
if (
|
||||
info.command.includes(".ssh/authorized_keys") &&
|
||||
info.command.startsWith("exec sh -c")
|
||||
) {
|
||||
return await runCopyID(username, password, clientKeys, stream);
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue