go (original) (raw)

Hello everyone,

Go version

go version go1.23.0 linux/amd64

Output of `go env` in your module/workspace:

GO111MODULE='' GOARCH='amd64' GOBIN='' GOCACHE='/home/remi/.cache/go-build' GOENV='/home/remi/.config/go/env' GOEXE='' GOEXPERIMENT='' GOFLAGS='' GOHOSTARCH='amd64' GOHOSTOS='linux' GOINSECURE='' GOMODCACHE='/home/remi/go/pkg/mod' GONOPROXY='' GONOSUMDB='' GOOS='linux' GOPATH='/home/remi/go' GOPRIVATE='' GOPROXY='https://proxy.golang.org,direct' GOROOT='/usr/local/go' GOSUMDB='sum.golang.org' GOTMPDIR='' GOTOOLCHAIN='auto' GOTOOLDIR='/usr/local/go/pkg/tool/linux_amd64' GOVCS='' GOVERSION='go1.23.0' GODEBUG='' GOTELEMETRY='local' GOTELEMETRYDIR='/home/remi/.config/go/telemetry' GCCGO='gccgo' GOAMD64='v1' AR='ar' CC='gcc' CXX='g++' CGO_ENABLED='1' GOMOD='/home/remi/Projects/ssh-server/go.mod' GOWORK='' CGO_CFLAGS='-O2 -g' CGO_CPPFLAGS='' CGO_CXXFLAGS='-O2 -g' CGO_FFLAGS='-O2 -g' CGO_LDFLAGS='-O2 -g' PKG_CONFIG='pkg-config' GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build3120568591=/tmp/go-build -gno-record-gcc-switches'

What did you do?

https://go.dev/play/p/m5It0UH5B88 (its crash cause it cant listen on a port but the code "work" as example)

Iam starting a ssh server using the configuration "MaxAuthTries" set to 1 and "PasswordCallback" set to a custom function.

What did you see happen?

If an error happen during the PasswordCallback, on server side, the PasswordCallback error is overwrited by the MaxAuthTries error:
Server Side:

remi@fimafeng:~/Projects/ssh-server2$ go run main.go 2024/09/01 00:19:43 Starting SSH server on :2222 Starting SSH server on :2222 Failed to handshake: ssh: disconnect, reason 2: too many authentication failures

Client side:

remi@fimafeng:~/Projects/ssh-server2$ ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -p 2222 virtualUser@127.0.0.1 Warning: Permanently added '[127.0.0.1]:2222' (RSA) to the list of known hosts. virtualUser@127.0.0.1's password: Received disconnect from 127.0.0.1 port 2222:2: too many authentication failures Disconnected from 127.0.0.1 port 2222

What did you expect to see?

If i comment/remove the MaxAuthTries field from the conf, the error is displayed.
Server side:

remi@fimafeng:~/Projects/ssh-server2$ go run main.go 2024/09/01 00:52:33 Starting SSH server on :2222 Starting SSH server on :2222 Failed to handshake: [ssh: no auth passed yet, authentication request failed: Post "http://localhost:8080/auth": dial tcp 127.0.0.1:8080: connect: connection refused, authentication request failed: Post "http://localhost:8080/auth": dial tcp 127.0.0.1:8080: connect: connection refused]

Client SIde:

remi@fimafeng:~/Projects/ssh-server2$ ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -p 2222 virtualUser@127.0.0.1 Warning: Permanently added '[127.0.0.1]:2222' (RSA) to the list of known hosts. virtualUser@127.0.0.1's password: Permission denied, please try again. virtualUser@127.0.0.1's password: Permission denied, please try again. virtualUser@127.0.0.1's password: virtualUser@127.0.0.1: Permission denied (password).

I would like, on server side, when the "MaxAuthTries" and "PasswordCallback" are set to show error from both.
(like for sshd) (here password incorrect and maxauthtries [preauth])
Server SIde:

Sep 1 00:09:56 fimafeng sshd[28465]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=127.0.0.1 user=testuser Sep 1 00:09:59 fimafeng sshd[28465]: Failed password for testuser from 127.0.0.1 port 58792 ssh2 Sep 1 00:10:01 fimafeng sshd[28465]: error: maximum authentication attempts exceeded for testuser from 127.0.0.1 port 58792 ssh2 [preauth] Sep 1 00:10:01 fimafeng sshd[28465]: Disconnecting authenticating user testuser 127.0.0.1 port 58792: Too many authentication failures [preauth]

Client SIde:

remi@fimafeng:~/Projects/ssh-server2$ ssh -o PubkeyAuthentication=no -o PreferredAuthentications=password testuser@127.0.0.1 testuser@127.0.0.1's password: Received disconnect from 127.0.0.1 port 22:2: Too many authentication failures Disconnected from 127.0.0.1 port 22

Is there a way to show logs for both when "MaxAuthTries" and "PasswordCallback" are set without breaking the design process of handshake ?
Is there a way to show logs in a live mode ? When MaxAuthTries is not set, the log appear on server side only when all attemps are done and not client try per try ?
When "MaxAuthTries" is not set and the error appear, i have an "no auth passed yet", what is this message ? Can i avoid it ?