mirror of
https://git.sr.ht/~hamburghammer/sshlog
synced 2024-05-13 14:44:37 +02:00
Compare commits
8 commits
e11b8d9646
...
7f421ecadb
Author | SHA1 | Date | |
---|---|---|---|
Augusto Dwenger J. | 7f421ecadb | ||
Augusto Dwenger J. | ee5fd989b6 | ||
Augusto Dwenger J. | 1dc9ba16b5 | ||
Augusto Dwenger J. | 8ebf7531e9 | ||
Augusto Dwenger J. | f5a9473a9a | ||
Augusto Dwenger J. | 52d38f1d36 | ||
Augusto Dwenger J. | 1a1119b9af | ||
Augusto Dwenger J. | 9678d7ada2 |
|
@ -1,4 +1,4 @@
|
|||
FROM docker.io/golang:1.16.5 AS build
|
||||
FROM docker.io/golang:1.18 AS build
|
||||
|
||||
WORKDIR /src
|
||||
COPY go.* /src/
|
||||
|
|
2
LICENSE
2
LICENSE
|
@ -1,4 +1,4 @@
|
|||
MIT License Copyright (c) 2021 Augusto Dwenger J.
|
||||
MIT License Copyright (c) 2021-2022 Augusto Dwenger J.
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
of this software and associated documentation files (the "Software"), to deal
|
||||
|
|
|
@ -54,3 +54,5 @@ FLAGS:
|
|||
## Utils
|
||||
Inside the `util` directory you might find some additional information like how to create Systemd service for sshlog.
|
||||
|
||||
## License
|
||||
This project is being licensed under the [MIT license](LICENSE).
|
||||
|
|
6
go.mod
6
go.mod
|
@ -1,8 +1,10 @@
|
|||
module git.sr.ht/~hamburghammer/sshlog
|
||||
|
||||
go 1.16
|
||||
go 1.18
|
||||
|
||||
require (
|
||||
github.com/spf13/pflag v1.0.5
|
||||
golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd
|
||||
golang.org/x/crypto v0.0.0-20220518034528-6f7dac969898
|
||||
)
|
||||
|
||||
require golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1 // indirect
|
||||
|
|
10
go.sum
10
go.sum
|
@ -1,13 +1,7 @@
|
|||
github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
|
||||
github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
|
||||
golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd h1:XcWmESyNjXJMLahc3mqVQJcgSTDxFxhETVlfk9uGc38=
|
||||
golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
|
||||
golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
|
||||
golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/crypto v0.0.0-20220518034528-6f7dac969898 h1:SLP7Q4Di66FONjDJbCYrCRrh97focO6sLogHO7/g8F0=
|
||||
golang.org/x/crypto v0.0.0-20220518034528-6f7dac969898/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
|
||||
golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1 h1:SrN+KX8Art/Sf4HNj6Zcz06G7VEz+7w9tdXTPOZ7+l4=
|
||||
golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1 h1:v+OssWQX+hTHEmOBgwxdZxK4zHq3yOs8F9J7mk0PY8E=
|
||||
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
|
||||
golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
|
||||
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
|
||||
|
|
54
main.go
54
main.go
|
@ -49,6 +49,9 @@ func main() {
|
|||
log.Fatal("Failed to parse private key")
|
||||
}
|
||||
|
||||
serverConfig := ssh.ServerConfig{PasswordCallback: printConnectionData}
|
||||
serverConfig.AddHostKey(hostKey)
|
||||
|
||||
log.Printf("Starting ssh logger on port %s...\n", port)
|
||||
ipv4Listener, err := net.Listen("tcp", "0.0.0.0:"+port)
|
||||
if err != nil {
|
||||
|
@ -57,8 +60,8 @@ func main() {
|
|||
defer ipv4Listener.Close()
|
||||
|
||||
wg := new(sync.WaitGroup)
|
||||
wg.Add(2)
|
||||
go startAccepting(ipv4Listener, hostKey)
|
||||
wg.Add(1)
|
||||
go startAccepting(ipv4Listener, serverConfig)
|
||||
|
||||
if !onlyIPv4 {
|
||||
ipv6Listener, err := net.Listen("tcp", "[::1]:"+port)
|
||||
|
@ -67,19 +70,20 @@ func main() {
|
|||
}
|
||||
defer ipv6Listener.Close()
|
||||
|
||||
go startAccepting(ipv6Listener, hostKey)
|
||||
wg.Add(1)
|
||||
go startAccepting(ipv6Listener, serverConfig)
|
||||
}
|
||||
|
||||
wg.Wait() // Waits until it gets terminated
|
||||
}
|
||||
|
||||
func startAccepting(listener net.Listener, hostKey ssh.Signer) {
|
||||
func startAccepting(listener net.Listener, serverConfig ssh.ServerConfig) {
|
||||
for {
|
||||
con, err := listener.Accept()
|
||||
if err != nil {
|
||||
log.Println(err)
|
||||
}
|
||||
go printData(con, hostKey)
|
||||
go connectionHandler(con, serverConfig)
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -107,33 +111,31 @@ func getKey(path string) []byte {
|
|||
return privateKeyPem
|
||||
}
|
||||
|
||||
func printData(con net.Conn, hostKey ssh.Signer) {
|
||||
serverConfig := ssh.ServerConfig{PasswordCallback: func(conn ssh.ConnMetadata, password []byte) (*ssh.Permissions, error) {
|
||||
ip := getIPWithoutPort(conn.RemoteAddr().String())
|
||||
|
||||
if isJson {
|
||||
fmt.Printf(
|
||||
"{\"date\": \"%s\", \"src\": \"%s\", \"username\": \"%s\", \"password\": \"%s\"}\n",
|
||||
time.Now().Format(time.RFC3339),
|
||||
ip,
|
||||
conn.User(),
|
||||
string(password),
|
||||
)
|
||||
} else {
|
||||
log.Printf("SRC=%s USERNAME=%s PASSWORD=%s\n", ip, conn.User(), string(password))
|
||||
}
|
||||
|
||||
return nil, fmt.Errorf("password rejected for %s", conn.User())
|
||||
}}
|
||||
|
||||
serverConfig.AddHostKey(hostKey)
|
||||
|
||||
func connectionHandler(con net.Conn, serverConfig ssh.ServerConfig) {
|
||||
_, _, _, err := ssh.NewServerConn(con, &serverConfig)
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
func printConnectionData(conn ssh.ConnMetadata, password []byte) (*ssh.Permissions, error) {
|
||||
ip := getIPWithoutPort(conn.RemoteAddr().String())
|
||||
|
||||
if isJson {
|
||||
fmt.Printf(
|
||||
"{\"date\": \"%s\", \"src\": \"%s\", \"username\": \"%s\", \"password\": \"%s\"}\n",
|
||||
time.Now().Format(time.RFC3339),
|
||||
ip,
|
||||
conn.User(),
|
||||
string(password),
|
||||
)
|
||||
} else {
|
||||
log.Printf("SRC=%s USERNAME=%s PASSWORD=%s\n", ip, conn.User(), string(password))
|
||||
}
|
||||
|
||||
return nil, fmt.Errorf("password rejected for %s", conn.User())
|
||||
}
|
||||
|
||||
func printHelp() {
|
||||
fmt.Println(`A small tool to log IPs, usernames and passwords from incoming ssh-auth requests.
|
||||
|
||||
|
|
Loading…
Reference in a new issue