support proxy banner from upstream (#548)

tg123 · web-flow · commit 3757d8034845 · 2025-03-20T00:55:03.000-07:00
* remove unused logs

* add banner to server password

* add updated crypto lib

* add test

* refactor: clean up whitespace in banner test

* fix: update test case name to use underscores for consistency
diff --git a/crypto b/crypto
@@ -1 +1 @@
-Subproject commit 44c1e2eaee8770161331993e3bc151667a503363
+Subproject commit 8682cc0c5ad6edd98b8992b8b1a932738b3d1bb3
diff --git a/e2e/banner_test.go b/e2e/banner_test.go
@@ -114,5 +114,50 @@ func TestBanner(t *testing.T) {
 
 		waitForStdoutContains(stdout, randtext, func(_ string) {
 		})
+
+		t.Run("from_upstream", func(t *testing.T) {
+			piperaddr, piperport := nextAvailablePiperAddress()
+
+			piper, _, _, err := runCmd("/sshpiperd/sshpiperd",
+				"-p",
+				piperport,
+				"/sshpiperd/plugins/fixed",
+				"--target",
+				"host-password:2222",
+			)
+
+			if err != nil {
+				t.Errorf("failed to run sshpiperd: %v", err)
+			}
+
+			defer killCmd(piper)
+
+			waitForEndpointReady(piperaddr)
+
+			c, stdin, stdout, err := runCmd(
+				"ssh",
+				"-v",
+				"-o",
+				"StrictHostKeyChecking=no",
+				"-o",
+				"UserKnownHostsFile=/dev/null",
+				"-p",
+				piperport,
+				"-l",
+				"user",
+				"127.0.0.1",
+			)
+
+			if err != nil {
+				t.Errorf("failed to ssh to piper, %v", err)
+			}
+
+			defer killCmd(c)
+
+			enterPassword(stdin, stdout, "wrongpass")
+
+			waitForStdoutContains(stdout, "sshpiper banner from upstream test", func(_ string) {
+			})
+		})
 	})
 }
diff --git a/e2e/docker-compose.yml b/e2e/docker-compose.yml
@@ -16,6 +16,8 @@ services:
     volumes:
       - shared:/shared
       - ./sshdconfig/no_penalties.conf:/config/sshd/sshd_config.d/no_penalties.conf:ro
+      - ./sshdconfig/banner.conf:/config/sshd/sshd_config.d/banner.conf:ro
+      - ./sshdconfig/banner:/tmp/banner:ro
     networks:
       - default
       - netdistract
diff --git a/e2e/sshdconfig/banner b/e2e/sshdconfig/banner
@@ -0,0 +1 @@
+sshpiper banner from upstream test
diff --git a/e2e/sshdconfig/banner.conf b/e2e/sshdconfig/banner.conf
@@ -0,0 +1 @@
+Banner /tmp/banner
diff --git a/libplugin/skel.go b/libplugin/skel.go
@@ -212,8 +212,6 @@ func (p *SkelPlugin) PublicKeyCallback(conn ConnMetadata, publicKey []byte) (*Up
 				return false, err
 			}
 
-			log.Debugf("trusted user ca keys: %v", rest)
-
 			var trustedca ssh.PublicKey
 			for len(rest) > 0 {
 				trustedca, _, _, rest, err = ssh.ParseAuthorizedKey(rest)

Original file line number	Diff line number	Diff line change
`@@ -212,8 +212,6 @@ func (p SkelPlugin) PublicKeyCallback(conn ConnMetadata, publicKey []byte) (Up`
`212`	`212`	`return false, err`
`213`	`213`	`}`
`214`	`214`
`215`		`- log.Debugf("trusted user ca keys: %v", rest)`
`216`		`-`
`217`	`215`	`var trustedca ssh.PublicKey`
`218`	`216`	`for len(rest) > 0 {`
`219`	`217`	`trustedca, _, _, rest, err = ssh.ParseAuthorizedKey(rest)`