sshlog/main.go

package main

import (
	"crypto/rand"
	"crypto/rsa"
	"crypto/x509"
	"encoding/pem"
	"fmt"
	"log"
	"net"
	"os"
	"time"

	flags "github.com/spf13/pflag"

	"golang.org/x/crypto/ssh"
)

var (
	address string
	isHelp  bool
	keyPath string
	isJson  bool
)

func init() {
	flags.StringVarP(&address, "address", "a", "0.0.0.0:22", "Address to listen for incoming connections.")
	flags.StringVarP(&keyPath, "key", "k", "", "Path to the host key for the ssh server.\nIf absent it will automatically generate a new one for each run.")
	flags.BoolVarP(&isHelp, "help", "h", false, "Prints this help message and exits.")
	flags.BoolVar(&isJson, "json", false, "Log in JSON instead of plain text.")
	flags.Parse()
}

func main() {
	if isHelp {
		printHelp()
		os.Exit(0)
	}

	privateKey, err := getKey(keyPath)
	if err != nil {
		log.Fatalf("Failed to get keys: %v\n", err)
	}
	hostKey, err := ssh.ParsePrivateKey(privateKey)
	if err != nil {
		log.Fatalf("Failed to parse private key: %v\n", err)
	}

	serverConfig := ssh.ServerConfig{PasswordCallback: printConnectionData}
	serverConfig.AddHostKey(hostKey)

	log.Printf("Starting ssh logger on %s...\n", address)
	listener, err := net.Listen("tcp", address)
	if err != nil {
		log.Fatalf("Failed to open listener on '%s': %v\n", address, err)
	}
	defer listener.Close()

	for {
		con, err := listener.Accept()
		if err != nil {
			log.Printf("Failed to accept incoming connection: %v\n", err)
		}
		go func(con net.Conn, serverConfig ssh.ServerConfig) {
			err := connectionHandler(con, serverConfig)
			if err != nil {
				log.Printf("Failed to handle connection: %v\n", err)
			}
		}(con, serverConfig)
	}
}

func getKey(path string) ([]byte, error) {
	if path != "" {
		privateBytes, err := os.ReadFile(path)
		if err != nil {
			return nil, fmt.Errorf("load private key '%s': %w", path, err)
		}
		return privateBytes, nil
	}

	privateKey, err := rsa.GenerateKey(rand.Reader, 2048)
	if err != nil {
		return nil, fmt.Errorf("generate RSA key: %w", err)
	}

	privateKeyBytes := x509.MarshalPKCS1PrivateKey(privateKey)
	privateKeyPem := pem.EncodeToMemory(
		&pem.Block{
			Type:  "RSA PRIVATE KEY",
			Bytes: privateKeyBytes,
		},
	)
	return privateKeyPem, nil
}

func connectionHandler(con net.Conn, serverConfig ssh.ServerConfig) error {
	_, _, _, err := ssh.NewServerConn(con, &serverConfig)
	if err != nil {
		return fmt.Errorf("connection handler: %w", err)
	}
	return nil
}

func printConnectionData(conn ssh.ConnMetadata, password []byte) (*ssh.Permissions, error) {
	responseErr := fmt.Errorf("password rejected for %s", conn.User())
	address = conn.RemoteAddr().String()
	ip, _, err := net.SplitHostPort(address)
	if err != nil {
		log.Printf("Could not split address '%s' in ip and port: %v\n", address, err)
		return nil, responseErr
	}

	if isJson {
		fmt.Printf(
			"{\"date\": \"%s\", \"src\": \"%s\", \"username\": \"%s\", \"password\": \"%s\"}\n",
			time.Now().Format(time.RFC3339),
			ip,
			conn.User(),
			string(password),
		)
	} else {
		log.Printf("SRC=%s USERNAME=%s PASSWORD=%s\n", ip, conn.User(), string(password))
	}

	return nil, responseErr
}

func printHelp() {
	fmt.Println(`A small tool to log IPs, usernames and passwords from incoming ssh-auth requests.

USAGE:
	sshlog [FLAGS]
	
FLAGS:`)
	flags.PrintDefaults()
}
Init commit 2021-06-01 23:05:41 +02:00			`package main`

			`import (`
Add option to give custom key 2021-06-01 23:27:41 +02:00			`"crypto/rand"`
			`"crypto/rsa"`
			`"crypto/x509"`
			`"encoding/pem"`
Init commit 2021-06-01 23:05:41 +02:00			`"fmt"`
			`"log"`
			`"net"`
			`"os"`
Add JSON logging option The connection information can now be displayed in JSON format. To activate it use the '--json' flag. It will only format the connection information in JSON everything else will be still in plain text. 2021-09-02 12:54:21 +02:00			`"time"`
Init commit 2021-06-01 23:05:41 +02:00
			`flags "github.com/spf13/pflag"`

			`"golang.org/x/crypto/ssh"`
			`)`

Add flag for IPv4 only mode 2021-06-03 00:12:34 +02:00			`var (`
Replace IPv4/IPv6 handling with address argument To have better handling regarding the interface and port to used. This makes the application only use one address at the time, but if I want the application to bind to IPv4 and IPv6 I can spawn two instances or use Docker and its networking to bind it on the host on both addresses. 2024-09-29 23:15:18 +02:00			`address string`
			`isHelp bool`
			`keyPath string`
			`isJson bool`
Add flag for IPv4 only mode 2021-06-03 00:12:34 +02:00			`)`

			`func init() {`
Replace IPv4/IPv6 handling with address argument To have better handling regarding the interface and port to used. This makes the application only use one address at the time, but if I want the application to bind to IPv4 and IPv6 I can spawn two instances or use Docker and its networking to bind it on the host on both addresses. 2024-09-29 23:15:18 +02:00			`flags.StringVarP(&address, "address", "a", "0.0.0.0:22", "Address to listen for incoming connections.")`
Add option to give custom key 2021-06-01 23:27:41 +02:00			`flags.StringVarP(&keyPath, "key", "k", "", "Path to the host key for the ssh server.\nIf absent it will automatically generate a new one for each run.")`
Init commit 2021-06-01 23:05:41 +02:00			`flags.BoolVarP(&isHelp, "help", "h", false, "Prints this help message and exits.")`
Add JSON logging option The connection information can now be displayed in JSON format. To activate it use the '--json' flag. It will only format the connection information in JSON everything else will be still in plain text. 2021-09-02 12:54:21 +02:00			`flags.BoolVar(&isJson, "json", false, "Log in JSON instead of plain text.")`
Init commit 2021-06-01 23:05:41 +02:00			`flags.Parse()`
Add flag for IPv4 only mode 2021-06-03 00:12:34 +02:00			`}`

			`func main() {`
Init commit 2021-06-01 23:05:41 +02:00			`if isHelp {`
			`printHelp()`
			`os.Exit(0)`
			`}`

Improve error handling Don't swallow error and add context to errors. 2024-09-29 23:41:52 +02:00			`privateKey, err := getKey(keyPath)`
			`if err != nil {`
			`log.Fatalf("Failed to get keys: %v\n", err)`
			`}`
Move key parsing to top level function With this the key gets only parsed once and not on every connection. 2021-06-02 23:07:19 +02:00			`hostKey, err := ssh.ParsePrivateKey(privateKey)`
			`if err != nil {`
Improve error handling Don't swallow error and add context to errors. 2024-09-29 23:41:52 +02:00			`log.Fatalf("Failed to parse private key: %v\n", err)`
Move key parsing to top level function With this the key gets only parsed once and not on every connection. 2021-06-02 23:07:19 +02:00			`}`
Add option to give custom key 2021-06-01 23:27:41 +02:00
Move the ssh.ServerConfig creation to the main func There is no need to create a config per request. 2022-05-21 16:04:14 +02:00			`serverConfig := ssh.ServerConfig{PasswordCallback: printConnectionData}`
			`serverConfig.AddHostKey(hostKey)`

Replace IPv4/IPv6 handling with address argument To have better handling regarding the interface and port to used. This makes the application only use one address at the time, but if I want the application to bind to IPv4 and IPv6 I can spawn two instances or use Docker and its networking to bind it on the host on both addresses. 2024-09-29 23:15:18 +02:00			`log.Printf("Starting ssh logger on %s...\n", address)`
			`listener, err := net.Listen("tcp", address)`
Init commit 2021-06-01 23:05:41 +02:00			`if err != nil {`
Replace IPv4/IPv6 handling with address argument To have better handling regarding the interface and port to used. This makes the application only use one address at the time, but if I want the application to bind to IPv4 and IPv6 I can spawn two instances or use Docker and its networking to bind it on the host on both addresses. 2024-09-29 23:15:18 +02:00			`log.Fatalf("Failed to open listener on '%s': %v\n", address, err)`
Init commit 2021-06-01 23:05:41 +02:00			`}`
Replace IPv4/IPv6 handling with address argument To have better handling regarding the interface and port to used. This makes the application only use one address at the time, but if I want the application to bind to IPv4 and IPv6 I can spawn two instances or use Docker and its networking to bind it on the host on both addresses. 2024-09-29 23:15:18 +02:00			`defer listener.Close()`
Add IPv6 support 2021-06-02 23:37:22 +02:00
Init commit 2021-06-01 23:05:41 +02:00			`for {`
			`con, err := listener.Accept()`
			`if err != nil {`
Improve error handling Don't swallow error and add context to errors. 2024-09-29 23:41:52 +02:00			`log.Printf("Failed to accept incoming connection: %v\n", err)`
Init commit 2021-06-01 23:05:41 +02:00			`}`
Improve error handling Don't swallow error and add context to errors. 2024-09-29 23:41:52 +02:00			`go func(con net.Conn, serverConfig ssh.ServerConfig) {`
			`err := connectionHandler(con, serverConfig)`
			`if err != nil {`
			`log.Printf("Failed to handle connection: %v\n", err)`
			`}`
			`}(con, serverConfig)`
Add option to give custom key 2021-06-01 23:27:41 +02:00			`}`
			`}`

Improve error handling Don't swallow error and add context to errors. 2024-09-29 23:41:52 +02:00			`func getKey(path string) ([]byte, error) {`
Add option to give custom key 2021-06-01 23:27:41 +02:00			`if path != "" {`
Replace deprecated ioutil.ReadFile with new func from os 2023-09-21 23:16:03 +02:00			`privateBytes, err := os.ReadFile(path)`
Add option to give custom key 2021-06-01 23:27:41 +02:00			`if err != nil {`
Improve error handling Don't swallow error and add context to errors. 2024-09-29 23:41:52 +02:00			`return nil, fmt.Errorf("load private key '%s': %w", path, err)`
Add option to give custom key 2021-06-01 23:27:41 +02:00			`}`
Improve error handling Don't swallow error and add context to errors. 2024-09-29 23:41:52 +02:00			`return privateBytes, nil`
Add option to give custom key 2021-06-01 23:27:41 +02:00			`}`
Fix not loading key from path if given as param 2021-09-02 12:13:52 +02:00
Fix variable naming inside the getKey function This should fix golint. 2022-03-16 11:43:52 +01:00			`privateKey, err := rsa.GenerateKey(rand.Reader, 2048)`
Add option to give custom key 2021-06-01 23:27:41 +02:00			`if err != nil {`
Improve error handling Don't swallow error and add context to errors. 2024-09-29 23:41:52 +02:00			`return nil, fmt.Errorf("generate RSA key: %w", err)`
Init commit 2021-06-01 23:05:41 +02:00			`}`
Add option to give custom key 2021-06-01 23:27:41 +02:00
Fix variable naming inside the getKey function This should fix golint. 2022-03-16 11:43:52 +01:00			`privateKeyBytes := x509.MarshalPKCS1PrivateKey(privateKey)`
			`privateKeyPem := pem.EncodeToMemory(`
Add option to give custom key 2021-06-01 23:27:41 +02:00			`&pem.Block{`
			`Type: "RSA PRIVATE KEY",`
Fix variable naming inside the getKey function This should fix golint. 2022-03-16 11:43:52 +01:00			`Bytes: privateKeyBytes,`
Add option to give custom key 2021-06-01 23:27:41 +02:00			`},`
			`)`
Improve error handling Don't swallow error and add context to errors. 2024-09-29 23:41:52 +02:00			`return privateKeyPem, nil`
Init commit 2021-06-01 23:05:41 +02:00			`}`

Improve error handling Don't swallow error and add context to errors. 2024-09-29 23:41:52 +02:00			`func connectionHandler(con net.Conn, serverConfig ssh.ServerConfig) error {`
Move key parsing to top level function With this the key gets only parsed once and not on every connection. 2021-06-02 23:07:19 +02:00			`_, _, _, err := ssh.NewServerConn(con, &serverConfig)`
Init commit 2021-06-01 23:05:41 +02:00			`if err != nil {`
Improve error handling Don't swallow error and add context to errors. 2024-09-29 23:41:52 +02:00			`return fmt.Errorf("connection handler: %w", err)`
Init commit 2021-06-01 23:05:41 +02:00			`}`
Improve error handling Don't swallow error and add context to errors. 2024-09-29 23:41:52 +02:00			`return nil`
Init commit 2021-06-01 23:05:41 +02:00			`}`

Extract previously inline PasswordCallback function into own function I decided instead of defining the func inline in to a top level function to reduce the nesting 2022-05-21 15:53:39 +02:00			`func printConnectionData(conn ssh.ConnMetadata, password []byte) (*ssh.Permissions, error) {`
Replace own ip extraction function with func from net package 2023-09-21 23:13:31 +02:00			`responseErr := fmt.Errorf("password rejected for %s", conn.User())`
Improve error handling Don't swallow error and add context to errors. 2024-09-29 23:41:52 +02:00			`address = conn.RemoteAddr().String()`
			`ip, _, err := net.SplitHostPort(address)`
Replace own ip extraction function with func from net package 2023-09-21 23:13:31 +02:00			`if err != nil {`
Improve error handling Don't swallow error and add context to errors. 2024-09-29 23:41:52 +02:00			`log.Printf("Could not split address '%s' in ip and port: %v\n", address, err)`
Replace own ip extraction function with func from net package 2023-09-21 23:13:31 +02:00			`return nil, responseErr`
			`}`
Extract previously inline PasswordCallback function into own function I decided instead of defining the func inline in to a top level function to reduce the nesting 2022-05-21 15:53:39 +02:00
			`if isJson {`
			`fmt.Printf(`
			`"{\"date\": \"%s\", \"src\": \"%s\", \"username\": \"%s\", \"password\": \"%s\"}\n",`
			`time.Now().Format(time.RFC3339),`
			`ip,`
			`conn.User(),`
			`string(password),`
			`)`
			`} else {`
			`log.Printf("SRC=%s USERNAME=%s PASSWORD=%s\n", ip, conn.User(), string(password))`
			`}`

Replace own ip extraction function with func from net package 2023-09-21 23:13:31 +02:00			`return nil, responseErr`
Extract previously inline PasswordCallback function into own function I decided instead of defining the func inline in to a top level function to reduce the nesting 2022-05-21 15:53:39 +02:00			`}`

Init commit 2021-06-01 23:05:41 +02:00			`func printHelp() {`
Fix tool description 2021-06-03 00:19:56 +02:00			fmt.Println(`A small tool to log IPs, usernames and passwords from incoming ssh-auth requests.
Add option to give custom key 2021-06-01 23:27:41 +02:00
Init commit 2021-06-01 23:05:41 +02:00			`USAGE:`
			`sshlog [FLAGS]`

			FLAGS:`)
			`flags.PrintDefaults()`
			`}`