example_test.go 8.2 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313
  1. // Copyright 2011 The Go Authors. All rights reserved.
  2. // Use of this source code is governed by a BSD-style
  3. // license that can be found in the LICENSE file.
  4. package ssh_test
  5. import (
  6. "bufio"
  7. "bytes"
  8. "fmt"
  9. "io/ioutil"
  10. "log"
  11. "net"
  12. "net/http"
  13. "os"
  14. "path/filepath"
  15. "strings"
  16. "golang.org/x/crypto/ssh"
  17. "golang.org/x/crypto/ssh/terminal"
  18. )
  19. func ExampleNewServerConn() {
  20. // Public key authentication is done by comparing
  21. // the public key of a received connection
  22. // with the entries in the authorized_keys file.
  23. authorizedKeysBytes, err := ioutil.ReadFile("authorized_keys")
  24. if err != nil {
  25. log.Fatalf("Failed to load authorized_keys, err: %v", err)
  26. }
  27. authorizedKeysMap := map[string]bool{}
  28. for len(authorizedKeysBytes) > 0 {
  29. pubKey, _, _, rest, err := ssh.ParseAuthorizedKey(authorizedKeysBytes)
  30. if err != nil {
  31. log.Fatal(err)
  32. }
  33. authorizedKeysMap[string(pubKey.Marshal())] = true
  34. authorizedKeysBytes = rest
  35. }
  36. // An SSH server is represented by a ServerConfig, which holds
  37. // certificate details and handles authentication of ServerConns.
  38. config := &ssh.ServerConfig{
  39. // Remove to disable password auth.
  40. PasswordCallback: func(c ssh.ConnMetadata, pass []byte) (*ssh.Permissions, error) {
  41. // Should use constant-time compare (or better, salt+hash) in
  42. // a production setting.
  43. if c.User() == "testuser" && string(pass) == "tiger" {
  44. return nil, nil
  45. }
  46. return nil, fmt.Errorf("password rejected for %q", c.User())
  47. },
  48. // Remove to disable public key auth.
  49. PublicKeyCallback: func(c ssh.ConnMetadata, pubKey ssh.PublicKey) (*ssh.Permissions, error) {
  50. if authorizedKeysMap[string(pubKey.Marshal())] {
  51. return nil, nil
  52. }
  53. return nil, fmt.Errorf("unknown public key for %q", c.User())
  54. },
  55. }
  56. privateBytes, err := ioutil.ReadFile("id_rsa")
  57. if err != nil {
  58. log.Fatal("Failed to load private key: ", err)
  59. }
  60. private, err := ssh.ParsePrivateKey(privateBytes)
  61. if err != nil {
  62. log.Fatal("Failed to parse private key: ", err)
  63. }
  64. config.AddHostKey(private)
  65. // Once a ServerConfig has been configured, connections can be
  66. // accepted.
  67. listener, err := net.Listen("tcp", "0.0.0.0:2022")
  68. if err != nil {
  69. log.Fatal("failed to listen for connection: ", err)
  70. }
  71. nConn, err := listener.Accept()
  72. if err != nil {
  73. log.Fatal("failed to accept incoming connection: ", err)
  74. }
  75. // Before use, a handshake must be performed on the incoming
  76. // net.Conn.
  77. _, chans, reqs, err := ssh.NewServerConn(nConn, config)
  78. if err != nil {
  79. log.Fatal("failed to handshake: ", err)
  80. }
  81. // The incoming Request channel must be serviced.
  82. go ssh.DiscardRequests(reqs)
  83. // Service the incoming Channel channel.
  84. for newChannel := range chans {
  85. // Channels have a type, depending on the application level
  86. // protocol intended. In the case of a shell, the type is
  87. // "session" and ServerShell may be used to present a simple
  88. // terminal interface.
  89. if newChannel.ChannelType() != "session" {
  90. newChannel.Reject(ssh.UnknownChannelType, "unknown channel type")
  91. continue
  92. }
  93. channel, requests, err := newChannel.Accept()
  94. if err != nil {
  95. log.Fatalf("Could not accept channel: %v", err)
  96. }
  97. // Sessions have out-of-band requests such as "shell",
  98. // "pty-req" and "env". Here we handle only the
  99. // "shell" request.
  100. go func(in <-chan *ssh.Request) {
  101. for req := range in {
  102. req.Reply(req.Type == "shell", nil)
  103. }
  104. }(requests)
  105. term := terminal.NewTerminal(channel, "> ")
  106. go func() {
  107. defer channel.Close()
  108. for {
  109. line, err := term.ReadLine()
  110. if err != nil {
  111. break
  112. }
  113. fmt.Println(line)
  114. }
  115. }()
  116. }
  117. }
  118. func ExampleHostKeyCheck() {
  119. // Every client must provide a host key check. Here is a
  120. // simple-minded parse of OpenSSH's known_hosts file
  121. host := "hostname"
  122. file, err := os.Open(filepath.Join(os.Getenv("HOME"), ".ssh", "known_hosts"))
  123. if err != nil {
  124. log.Fatal(err)
  125. }
  126. defer file.Close()
  127. scanner := bufio.NewScanner(file)
  128. var hostKey ssh.PublicKey
  129. for scanner.Scan() {
  130. fields := strings.Split(scanner.Text(), " ")
  131. if len(fields) != 3 {
  132. continue
  133. }
  134. if strings.Contains(fields[0], host) {
  135. var err error
  136. hostKey, _, _, _, err = ssh.ParseAuthorizedKey(scanner.Bytes())
  137. if err != nil {
  138. log.Fatalf("error parsing %q: %v", fields[2], err)
  139. }
  140. break
  141. }
  142. }
  143. if hostKey == nil {
  144. log.Fatalf("no hostkey for %s", host)
  145. }
  146. config := ssh.ClientConfig{
  147. User: os.Getenv("USER"),
  148. HostKeyCallback: ssh.FixedHostKey(hostKey),
  149. }
  150. _, err = ssh.Dial("tcp", host+":22", &config)
  151. log.Println(err)
  152. }
  153. func ExampleDial() {
  154. var hostKey ssh.PublicKey
  155. // An SSH client is represented with a ClientConn.
  156. //
  157. // To authenticate with the remote server you must pass at least one
  158. // implementation of AuthMethod via the Auth field in ClientConfig,
  159. // and provide a HostKeyCallback.
  160. config := &ssh.ClientConfig{
  161. User: "username",
  162. Auth: []ssh.AuthMethod{
  163. ssh.Password("yourpassword"),
  164. },
  165. HostKeyCallback: ssh.FixedHostKey(hostKey),
  166. }
  167. client, err := ssh.Dial("tcp", "yourserver.com:22", config)
  168. if err != nil {
  169. log.Fatal("Failed to dial: ", err)
  170. }
  171. // Each ClientConn can support multiple interactive sessions,
  172. // represented by a Session.
  173. session, err := client.NewSession()
  174. if err != nil {
  175. log.Fatal("Failed to create session: ", err)
  176. }
  177. defer session.Close()
  178. // Once a Session is created, you can execute a single command on
  179. // the remote side using the Run method.
  180. var b bytes.Buffer
  181. session.Stdout = &b
  182. if err := session.Run("/usr/bin/whoami"); err != nil {
  183. log.Fatal("Failed to run: " + err.Error())
  184. }
  185. fmt.Println(b.String())
  186. }
  187. func ExamplePublicKeys() {
  188. var hostKey ssh.PublicKey
  189. // A public key may be used to authenticate against the remote
  190. // server by using an unencrypted PEM-encoded private key file.
  191. //
  192. // If you have an encrypted private key, the crypto/x509 package
  193. // can be used to decrypt it.
  194. key, err := ioutil.ReadFile("/home/user/.ssh/id_rsa")
  195. if err != nil {
  196. log.Fatalf("unable to read private key: %v", err)
  197. }
  198. // Create the Signer for this private key.
  199. signer, err := ssh.ParsePrivateKey(key)
  200. if err != nil {
  201. log.Fatalf("unable to parse private key: %v", err)
  202. }
  203. config := &ssh.ClientConfig{
  204. User: "user",
  205. Auth: []ssh.AuthMethod{
  206. // Use the PublicKeys method for remote authentication.
  207. ssh.PublicKeys(signer),
  208. },
  209. HostKeyCallback: ssh.FixedHostKey(hostKey),
  210. }
  211. // Connect to the remote server and perform the SSH handshake.
  212. client, err := ssh.Dial("tcp", "host.com:22", config)
  213. if err != nil {
  214. log.Fatalf("unable to connect: %v", err)
  215. }
  216. defer client.Close()
  217. }
  218. func ExampleClient_Listen() {
  219. var hostKey ssh.PublicKey
  220. config := &ssh.ClientConfig{
  221. User: "username",
  222. Auth: []ssh.AuthMethod{
  223. ssh.Password("password"),
  224. },
  225. HostKeyCallback: ssh.FixedHostKey(hostKey),
  226. }
  227. // Dial your ssh server.
  228. conn, err := ssh.Dial("tcp", "localhost:22", config)
  229. if err != nil {
  230. log.Fatal("unable to connect: ", err)
  231. }
  232. defer conn.Close()
  233. // Request the remote side to open port 8080 on all interfaces.
  234. l, err := conn.Listen("tcp", "0.0.0.0:8080")
  235. if err != nil {
  236. log.Fatal("unable to register tcp forward: ", err)
  237. }
  238. defer l.Close()
  239. // Serve HTTP with your SSH server acting as a reverse proxy.
  240. http.Serve(l, http.HandlerFunc(func(resp http.ResponseWriter, req *http.Request) {
  241. fmt.Fprintf(resp, "Hello world!\n")
  242. }))
  243. }
  244. func ExampleSession_RequestPty() {
  245. var hostKey ssh.PublicKey
  246. // Create client config
  247. config := &ssh.ClientConfig{
  248. User: "username",
  249. Auth: []ssh.AuthMethod{
  250. ssh.Password("password"),
  251. },
  252. HostKeyCallback: ssh.FixedHostKey(hostKey),
  253. }
  254. // Connect to ssh server
  255. conn, err := ssh.Dial("tcp", "localhost:22", config)
  256. if err != nil {
  257. log.Fatal("unable to connect: ", err)
  258. }
  259. defer conn.Close()
  260. // Create a session
  261. session, err := conn.NewSession()
  262. if err != nil {
  263. log.Fatal("unable to create session: ", err)
  264. }
  265. defer session.Close()
  266. // Set up terminal modes
  267. modes := ssh.TerminalModes{
  268. ssh.ECHO: 0, // disable echoing
  269. ssh.TTY_OP_ISPEED: 14400, // input speed = 14.4kbaud
  270. ssh.TTY_OP_OSPEED: 14400, // output speed = 14.4kbaud
  271. }
  272. // Request pseudo terminal
  273. if err := session.RequestPty("xterm", 40, 80, modes); err != nil {
  274. log.Fatal("request for pseudo terminal failed: ", err)
  275. }
  276. // Start remote shell
  277. if err := session.Shell(); err != nil {
  278. log.Fatal("failed to start shell: ", err)
  279. }
  280. }