aboutsummaryrefslogtreecommitdiff
path: root/ssh/server_test.go
AgeCommit message (Collapse)Author
2025-10-08all: fix some typos in commentcuishuang
Change-Id: Ia209f0a6d9b19d14e655c65d1287a1416b48c487 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/707535 Reviewed-by: Carlos Amedee <carlos@golang.org> Reviewed-by: Michael Pratt <mpratt@google.com> Auto-Submit: Sean Liao <sean@liao.dev> Reviewed-by: Nicola Murino <nicola.murino@gmail.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Sean Liao <sean@liao.dev>
2025-09-27ssh: add VerifiedPublicKeyCallbackNicola Murino
Fixes golang/go#70795 Change-Id: I9b7c91f35f89495d1e9b5f6ec0c036c02a61d774 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/636335 Reviewed-by: Michael Knyszek <mknyszek@google.com> Reviewed-by: Junyang Shao <shaojunyang@google.com> Reviewed-by: Ilia Mirkin <imirkin@alum.mit.edu> Reviewed-by: Filippo Valsorda <filippo@golang.org> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Jorge Hernández <jorgehcrda39@gmail.com>
2025-05-15ssh: export supported algorithmsNicola Murino
Fixes golang/go#61537 Change-Id: If3478121e3ae445391e3faeceeb889d75e9e3214 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/531935 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Auto-Submit: Nicola Murino <nicola.murino@gmail.com> Reviewed-by: Cherry Mui <cherryyz@google.com> Reviewed-by: Michael Knyszek <mknyszek@google.com> Reviewed-by: Filippo Valsorda <filippo@golang.org>
2025-01-18ssh: add ServerConfig.PreAuthConnCallback, ServerPreAuthConn (banner) interfaceBrad Fitzpatrick
Fixes golang/go#68688 Change-Id: Id5f72b32c61c9383a26ec182339486a432c7cdf5 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/613856 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Auto-Submit: Nicola Murino <nicola.murino@gmail.com> Reviewed-by: Jonathan Amsterdam <jba@google.com> Reviewed-by: Nicola Murino <nicola.murino@gmail.com> Reviewed-by: Roland Shoemaker <roland@golang.org>
2024-12-11ssh: make the public key cache a 1-entry FIFO cachev0.31.0Roland Shoemaker
Users of the the ssh package seem to extremely commonly misuse the PublicKeyCallback API, assuming that the key passed in the last call before a connection is established is the key used for authentication. Some users then make authorization decisions based on this key. This property is not documented, and may not be correct, due to the caching behavior of the package, resulting in users making incorrect authorization decisions about the connection. This change makes the cache a one entry FIFO cache, making the assumed property, that the last call to PublicKeyCallback represents the key actually used for authentication, actually hold. Thanks to Damien Tournoud, Patrick Dawkins, Vince Parker, and Jules Duvivier from the Platform.sh / Upsun engineering team for reporting this issue. Fixes golang/go#70779 Fixes CVE-2024-45337 Change-Id: Ife7c7b4045d8b6bcd7e3a417bdfae370c709797f Reviewed-on: https://go-review.googlesource.com/c/crypto/+/635315 Reviewed-by: Roland Shoemaker <roland@golang.org> Auto-Submit: Gopher Robot <gobot@golang.org> Reviewed-by: Damien Neil <dneil@google.com> Reviewed-by: Nicola Murino <nicola.murino@gmail.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
2024-07-17ssh: remove go 1.21+ dependency on slicesIlia Mirkin
Fixes golang/go#68469 Change-Id: Ieea3c444b0458d169a6ff224e59b3b815264de89 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/598775 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Nicola Murino <nicola.murino@gmail.com> Auto-Submit: Nicola Murino <nicola.murino@gmail.com> Reviewed-by: Cherry Mui <cherryyz@google.com> Reviewed-by: Carlos Amedee <carlos@golang.org>
2024-05-22ssh: allow server auth callbacks to send additional bannersAndrew Lytvynov
Add a new BannerError error type that auth callbacks can return to send banner to the client. While the BannerCallback can send the initial banner message, auth callbacks might want to communicate more information to the client to help them diagnose failures. Updates golang/go#64962 Change-Id: I97a26480ff4064b95a0a26042b0a5e19737cfb62 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/558695 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Roland Shoemaker <roland@golang.org> Reviewed-by: Nicola Murino <nicola.murino@gmail.com> Auto-Submit: Nicola Murino <nicola.murino@gmail.com> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
2024-04-04ssh: respect MaxAuthTries also for "none" auth attemptsNicola Murino
Only the first "none" auth attempt is allowed without penality Change-Id: Ibe776e968ba406445eeb94e8f1959383b88c98f7 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/575995 Reviewed-by: Filippo Valsorda <filippo@golang.org> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Auto-Submit: Nicola Murino <nicola.murino@gmail.com> Commit-Queue: Nicola Murino <nicola.murino@gmail.com> Reviewed-by: Than McIntosh <thanm@google.com>
2023-12-14ssh: close net.Conn on all NewServerConn errorsEdoardo Spadolini
This PR ensures that the net.Conn passed to ssh.NewServerConn is closed on all error return paths, not just after a failed handshake. This matches the behavior of ssh.NewClientConn. Change-Id: Id8a51d10ae8d575cbbe26f2ef6b37de7cca840ec GitHub-Last-Rev: 81bb2e58a881a9a85935740bda06b034b32a8ce3 GitHub-Pull-Request: golang/crypto#279 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/549095 Run-TryBot: Nicola Murino <nicola.murino@gmail.com> Auto-Submit: Nicola Murino <nicola.murino@gmail.com> Reviewed-by: Roland Shoemaker <roland@golang.org> Reviewed-by: Nicola Murino <nicola.murino@gmail.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Michael Pratt <mpratt@google.com> TryBot-Result: Gopher Robot <gobot@golang.org>
2023-11-08ssh: allow to configure public key auth algorithms on the server sidev0.15.0Nicola Murino
Fixes golang/go#61244 Change-Id: I29b43e379cf0cdb07b0d6935666491b997157e73 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/510775 TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Bryan Mills <bcmills@google.com> Commit-Queue: Nicola Murino <nicola.murino@gmail.com> Run-TryBot: Nicola Murino <nicola.murino@gmail.com> Auto-Submit: Nicola Murino <nicola.murino@gmail.com> Reviewed-by: Han-Wen Nienhuys <hanwen@google.com>
2012-08-28go.crypto/ssh: improve test reliabilityDave Cheney
Fixes golang/go#3989. Tested for several hours on an 8 core ec2 instance with random GOMAXPROC values. Also, rolls server_test.go into session_test using the existing dial() framework. R=fullung, agl, kardianos CC=golang-dev https://golang.org/cl/6475063
2012-07-21go.crypto/ssh: improve TestServerWindow robustnessDave Cheney
Fix a few resource leaks and prevent the test from hanging if an error occurs reading from the remote server. R=agl, gustav.paul, kardianos CC=golang-dev https://golang.org/cl/6423065
2012-04-21go.crypto/ssh: server_test should bind to localhost onlyDave Cheney
Hopefully fix build error under windows. Binding to the wildcard is poor form for our darwin users as it triggers the firewall popup. Dialing the wildcard looks like it's implementation specific as well. R=agl, kardianos CC=golang-dev https://golang.org/cl/6104046
2012-04-19go.crypt/ssh: Add additional test for server.Daniel Theophanes
R=golang-dev, agl CC=golang-dev https://golang.org/cl/6075046
generated by cgit v1.3 (git 2.53.0) at 2026-04-15 06:09:46 +0000