in pkg/sshd/ssh.go [263:331]
func (sshGate *Server) HandleServerConn(nConn net.Conn) {
// Before use, a handshake must be performed on the incoming
// net.Conn. Handshake results in conn.Permissions.
conn, chans, globalSrvReqs, err := gossh.NewServerConn(nConn, sshGate.serverConfig)
if err != nil {
nConn.Close()
log.Println("SSHD: handshake error ", err, nConn.RemoteAddr())
//sshGate.metrics.Errors.Add(1)
return
}
log.Println("SSH connection from ", nConn.RemoteAddr())
// TODO: track the session, for direct use
ctx, cancel := context.WithCancel(context.Background())
defer func() {
conn.Close()
cancel()
}()
go sshGate.handleServerConnRequests(ctx, globalSrvReqs, nConn, conn)
// Service the incoming Channel channel.
// Each channel is a stream - shell, exec, local TCP forward.
for newChannel := range chans {
switch newChannel.ChannelType() {
case "direct-tcpip":
// When remote starts with a -L PORT:host:port, and connects to port
var req channelOpenDirectMsg
//scon.gate.localFwdS.Total.Add(1)
err := gossh.Unmarshal(newChannel.ExtraData(), &req)
if err != nil {
log.Println("malformed-tcpip-request", err)
newChannel.Reject(gossh.UnknownChannelType, "invalid data")
continue
}
// TODO: allow connections to mesh VIPs
//if role == ROLE_GUEST &&
// req.Rport != SSH_MESH_PORT && req.Rport != H2_MESH_PORT {
// newChannel.Reject(ssh.Prohibited,
// "only authorized users can proxy " +
// scon.VIP6.String())
// continue
//}
//log.Println("-L: forward request", req.Laddr, req.Lport, req.Raddr, req.Rport, role)
go DirectTCPIPHandler(ctx, sshGate, conn, newChannel)
//scon.handleDirectTcpip(newChannel, req.Raddr, req.Rport, req.Laddr, req.Lport)
//conId++
case "session":
// session channel - the main interface for shell, exec
ch, reqs, _ := newChannel.Accept()
// Used for messages.
s := &session{
Channel: ch,
conn: conn,
srv: sshGate,
}
go s.handleRequests(reqs)
default:
fmt.Println("SSHD: unknown channel Rejected", newChannel.ChannelType())
newChannel.Reject(gossh.UnknownChannelType, "unknown channel type")
}
}
}