fix(auth): allow token SSH login when password auth is disabled#1984
Open
lettimepassby wants to merge 1 commit into
Open
Conversation
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
背景
关闭
允许用户通过密码验证登录 koko 组件(TERMINAL_PASSWORD_AUTH )后,koko 会在 SSH 密码认证入口直接拒绝所有密码认证请求导致当用户使用 SSH 客户端方式连接资产时也会被 koko 的密码认证开关提前拦截
查看发现实际使用客户端连接时是以 JMS- 形式的临时连接令牌进行连接认证,koko 中已有判定逻辑
修改内容
ssh.go 中新增加了 IsTokenLoginUsername 复用已有的判断 token 前缀判断逻辑
修改了 parseJMSTokenLoginReq 函数中的判定逻辑,改为复用 IsTokenLoginUsername 避免重复判断逻辑
server_ssh.go 中调整了判断逻辑,如果是 token 格式则放行,如果不是则保持原有逻辑