this repo has no description smallweb.run
smallweb
4
fork

Configure Feed

Select the types of activity you want to include in your feed.

only accept the root authorized_keys

pomdtr 957bb857 d6fe1511

+12 -39
+12 -39
cmd/up.go
··· 139 139 if flags.sshAddr != "" { 140 140 server := ssh.Server{ 141 141 PublicKeyHandler: func(ctx ssh.Context, key ssh.PublicKey) bool { 142 - authorizedKeysPaths := []string{ 143 - filepath.Join(k.String("dir"), ".smallweb", "authorized_keys"), 142 + authorizedKeysPath := filepath.Join(k.String("dir"), ".smallweb", "authorized_keys") 143 + if _, err := os.Stat(authorizedKeysPath); err != nil { 144 + return false 144 145 } 145 146 146 - if user := ctx.User(); user != "_" { 147 - authorizedKeysPaths = append(authorizedKeysPaths, filepath.Join(k.String("dir"), user, "authorized_keys")) 147 + authorizedKeysBytes, err := os.ReadFile(authorizedKeysPath) 148 + if err != nil { 149 + return false 148 150 } 149 151 150 - for _, authorizedKeysPath := range authorizedKeysPaths { 151 - if _, err := os.Stat(authorizedKeysPath); err != nil { 152 - continue 153 - } 154 - 155 - ok, err := validatePublicKey(authorizedKeysPath, key) 152 + for len(authorizedKeysBytes) > 0 { 153 + k, _, _, rest, err := gossh.ParseAuthorizedKey(authorizedKeysBytes) 156 154 if err != nil { 157 - if errors.Is(err, os.ErrNotExist) { 158 - continue 159 - } 160 - 161 - fmt.Fprintf(os.Stderr, "%s\n", err) 162 - continue 155 + return false 163 156 } 164 157 165 - if ok { 158 + if ssh.KeysEqual(k, key) { 166 159 return true 167 160 } 168 161 162 + authorizedKeysBytes = rest 169 163 } 170 164 171 165 return false 166 + 172 167 }, 173 168 SubsystemHandlers: map[string]ssh.SubsystemHandler{ 174 169 "sftp": func(sess ssh.Session) { ··· 475 470 } 476 471 return nil 477 472 } 478 - 479 - func validatePublicKey(authorizedKeysPath string, pubKey ssh.PublicKey) (bool, error) { 480 - authorizedKeysBytes, err := os.ReadFile(authorizedKeysPath) 481 - if err != nil { 482 - return false, err 483 - } 484 - 485 - for len(authorizedKeysBytes) > 0 { 486 - k, _, _, rest, err := gossh.ParseAuthorizedKey(authorizedKeysBytes) 487 - if err != nil { 488 - return false, err 489 - } 490 - 491 - if ssh.KeysEqual(k, pubKey) { 492 - return true, nil 493 - } 494 - 495 - authorizedKeysBytes = rest 496 - } 497 - 498 - return false, nil 499 - }