Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(configtest,scan): fix validateSSHConfig #1395

Merged
merged 3 commits into from
Feb 16, 2022
Merged

fix(configtest,scan): fix validateSSHConfig #1395

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
0260e8e
fix(configtest,scan): support StrictHostKeyChecking no
MaineK00n Feb 15, 2022
3000b2d
fix(configtest,scan): support ServerTypePseudo
MaineK00n Feb 15, 2022
7b83839
fix(configtest,scan): skip if using proxy
MaineK00n Feb 15, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
42 changes: 26 additions & 16 deletions scanner/serverapi.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,6 @@ package scanner
import (
"fmt"
"math/rand"
"net"
"net/http"
"os"
ex "os/exec"
Expand Down Expand Up @@ -335,7 +334,7 @@ func (s Scanner) detectServerOSes() (servers, errServers []osTypeInterface) {
}

func validateSSHConfig(c *config.ServerInfo) error {
if isLocalExec(c.Port, c.Host) {
if isLocalExec(c.Port, c.Host) || c.Type == constant.ServerTypePseudo {
return nil
}

Expand All @@ -360,6 +359,9 @@ func validateSSHConfig(c *config.ServerInfo) error {
if c.User != "" {
sshConfigCmd = append(sshConfigCmd, "-l", c.User)
}
if len(c.JumpServer) > 0 {
sshConfigCmd = append(sshConfigCmd, "-J", strings.Join(c.JumpServer, ","))
}
sshConfigCmd = append(sshConfigCmd, c.Host)
cmd := strings.Join(sshConfigCmd, " ")
logging.Log.Debugf("Executing... %s", strings.Replace(cmd, "\n", "", -1))
Expand All @@ -369,41 +371,49 @@ func validateSSHConfig(c *config.ServerInfo) error {
}

var (
hostname string
globalKnownHosts string
userKnownHosts string
hostname string
strictHostKeyChecking string
globalKnownHosts string
userKnownHosts string
proxyCommand string
proxyJump string
)
for _, line := range strings.Split(r.Stdout, "\n") {
if strings.HasPrefix(line, "user ") {
switch {
case strings.HasPrefix(line, "user "):
user := strings.TrimPrefix(line, "user ")
logging.Log.Debugf("Setting SSH User:%s for Server:%s ...", user, c.GetServerName())
c.User = user
} else if strings.HasPrefix(line, "hostname ") {
case strings.HasPrefix(line, "hostname "):
hostname = strings.TrimPrefix(line, "hostname ")
logging.Log.Debugf("Validating SSH HostName:%s for Server:%s ...", hostname, c.GetServerName())
if _, err := net.LookupHost(hostname); err != nil {
return xerrors.New("Failed to name resolution. Please check the HostName settings for SSH")
}
} else if strings.HasPrefix(line, "port ") {
case strings.HasPrefix(line, "port "):
port := strings.TrimPrefix(line, "port ")
logging.Log.Debugf("Setting SSH Port:%s for Server:%s ...", port, c.GetServerName())
c.Port = port
} else if strings.HasPrefix(line, "globalknownhostsfile ") {
case strings.HasPrefix(line, "stricthostkeychecking "):
strictHostKeyChecking = strings.TrimPrefix(line, "stricthostkeychecking ")
case strings.HasPrefix(line, "globalknownhostsfile "):
globalKnownHosts = strings.TrimPrefix(line, "globalknownhostsfile ")
} else if strings.HasPrefix(line, "userknownhostsfile ") {
case strings.HasPrefix(line, "userknownhostsfile "):
userKnownHosts = strings.TrimPrefix(line, "userknownhostsfile ")
case strings.HasPrefix(line, "proxycommand "):
proxyCommand = strings.TrimPrefix(line, "proxycommand ")
case strings.HasPrefix(line, "proxyjump "):
proxyJump = strings.TrimPrefix(line, "proxyjump ")
}
}
if c.User == "" || c.Port == "" {
return xerrors.New("Failed to find User or Port setting. Please check the User or Port settings for SSH")
}
if strictHostKeyChecking == "false" || proxyCommand != "" || proxyJump != "" {
return nil
}

logging.Log.Debugf("Checking if the host's public key is in known_hosts...")

knownHostsPaths := []string{}
for _, knownHosts := range []string{userKnownHosts, globalKnownHosts} {
for _, knownHost := range strings.Split(knownHosts, " ") {
if knownHost != "" {
if knownHost != "" && knownHost != "/dev/null" {
knownHostsPaths = append(knownHostsPaths, knownHost)
}
}
Expand Down