feat(server): use keyboard-interactive auth instead of password

no need to enter a password for keyless users
charmbracelet · Oct 24, 2022 · b2c6401 · b2c6401
1 parent dc1f295
commit b2c6401
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 1 deletion.
diff --git a/config/auth.go b/config/auth.go
@@ -6,6 +6,7 @@ import (
 
 	gm "github.com/charmbracelet/wish/git"
 	"github.com/gliderlabs/ssh"
+	gossh "golang.org/x/crypto/ssh"
 )
 
 // Push registers Git push functionality for the given repo and key.
@@ -47,6 +48,11 @@ func (cfg *Config) PasswordHandler(ctx ssh.Context, password string) bool {
 	return (cfg.AnonAccess != "no-access") && cfg.AllowKeyless
 }
 
+// KeyboardInteractiveHandler returns whether or not keyboard interactive is allowed.
+func (cfg *Config) KeyboardInteractiveHandler(ctx ssh.Context, _ gossh.KeyboardInteractiveChallenge) bool {
+	return (cfg.AnonAccess != "no-access") && cfg.AllowKeyless
+}
+
 // PublicKeyHandler returns whether or not the given public key may access the
 // repo.
 func (cfg *Config) PublicKeyHandler(ctx ssh.Context, pk ssh.PublicKey) bool {

diff --git a/server/server.go b/server/server.go
@@ -45,7 +45,7 @@ func NewServer(cfg *config.Config) *Server {
 	}
 	s, err := wish.NewServer(
 		ssh.PublicKeyAuth(ac.PublicKeyHandler),
-		ssh.PasswordAuth(ac.PasswordHandler),
+		ssh.KeyboardInteractiveAuth(ac.KeyboardInteractiveHandler),
 		wish.WithAddress(fmt.Sprintf("%s:%d", cfg.BindAddr, cfg.Port)),
 		wish.WithHostKeyPath(cfg.KeyPath),
 		wish.WithMiddleware(mw...),