diff --git a/tmate-main.c b/tmate-main.c index 366e1f1f..c19e98e7 100644 --- a/tmate-main.c +++ b/tmate-main.c @@ -26,7 +26,6 @@ static char *cmdline_end; struct tmate_settings _tmate_settings = { .keys_dir = TMATE_SSH_DEFAULT_KEYS_DIR, - .authorized_keys_path = NULL, .ssh_port = TMATE_SSH_DEFAULT_PORT, .ssh_port_advertized = -1, .websocket_hostname = NULL, @@ -52,7 +51,7 @@ void request_server_termination(void) static void usage(void) { - fprintf(stderr, "usage: tmate-ssh-server [-b ip] [-h hostname] [-k keys_dir] [-a authorized_keys_path] [-p listen_port] [-q ssh_port_advertized] [-w websocket_hostname] [-z websocket_port] [-x] [-s] [-v]\n"); + fprintf(stderr, "usage: tmate-ssh-server [-b ip] [-h hostname] [-k keys_dir] [-p listen_port] [-q ssh_port_advertized] [-w websocket_hostname] [-z websocket_port] [-x] [-s] [-v]\n"); } static char* get_full_hostname(void) @@ -105,7 +104,7 @@ int main(int argc, char **argv, char **envp) { int opt; - while ((opt = getopt(argc, argv, "b:h:k:a:p:q:w:z:xsv")) != -1) { + while ((opt = getopt(argc, argv, "b:h:k:p:q:w:z:xsv")) != -1) { switch (opt) { case 'b': tmate_settings->bind_addr = xstrdup(optarg); @@ -116,9 +115,6 @@ int main(int argc, char **argv, char **envp) case 'k': tmate_settings->keys_dir = xstrdup(optarg); break; - case 'a': - tmate_settings->authorized_keys_path = xstrdup(optarg); - break; case 'p': tmate_settings->ssh_port = atoi(optarg); break; diff --git a/tmate-ssh-server.c b/tmate-ssh-server.c index 6d00f527..294f16c4 100644 --- a/tmate-ssh-server.c +++ b/tmate-ssh-server.c @@ -125,61 +125,6 @@ static ssh_channel channel_open_request_cb(ssh_session session, void *userdata) return client->channel; } -static int check_authorized_keys(struct ssh_key_struct *client_pubkey) { - #define MAX_PUBKEY_SIZE 0x4000 - - const char *authorized_keys_path = tmate_settings->authorized_keys_path; - const char *token_delim = " "; - - FILE *file; - char key_buf[MAX_PUBKEY_SIZE], *key_type, *key_content; - enum ssh_keytypes_e type; - ssh_key pkey; - - if (authorized_keys_path == NULL) - return SSH_AUTH_SUCCESS; - - file = fopen(authorized_keys_path, "rb"); - if (file == NULL) { - tmate_fatal("Could not open authorized_keys file: \"%s\"", authorized_keys_path); - return SSH_AUTH_DENIED; - } - - while (fgets(key_buf, MAX_PUBKEY_SIZE, file)) { - if (key_buf[0] == '#' || key_buf[0] == '\0') - continue; - - key_type = strtok(key_buf, token_delim); - if (key_type == NULL) - continue; - - type = ssh_key_type_from_name(key_type); - if (type == SSH_KEYTYPE_UNKNOWN) - continue; - - key_content = strtok(NULL, token_delim); - if (key_content == NULL) - continue; - - pkey = ssh_key_new(); - if (ssh_pki_import_pubkey_base64(key_content, type, &pkey) != SSH_OK) { - ssh_key_free(pkey); - continue; - } - - if (!ssh_key_cmp(pkey, client_pubkey, SSH_KEY_CMP_PUBLIC)) { - ssh_key_free(pkey); - fclose(file); - return SSH_AUTH_SUCCESS; - } - - ssh_key_free(pkey); - } - - fclose(file); - return SSH_AUTH_DENIED; -} - static int auth_pubkey_cb(__unused ssh_session session, const char *user, struct ssh_key_struct *pubkey, @@ -193,7 +138,7 @@ static int auth_pubkey_cb(__unused ssh_session session, if (ssh_pki_export_pubkey_base64(pubkey, &client->pubkey) != SSH_OK) tmate_fatal("error getting public key"); - return check_authorized_keys(pubkey); + return SSH_AUTH_SUCCESS; case SSH_PUBLICKEY_STATE_NONE: return SSH_AUTH_SUCCESS; default: @@ -281,10 +226,8 @@ static void client_bootstrap(struct tmate_session *_session) ssh_options_set(session, SSH_OPTIONS_TIMEOUT, &grace_period); ssh_options_set(session, SSH_OPTIONS_COMPRESSION, "yes"); - unsigned int auth_flags = SSH_AUTH_METHOD_PUBLICKEY; - if (!tmate_settings->authorized_keys_path) - auth_flags |= SSH_AUTH_METHOD_NONE; - ssh_set_auth_methods(client->session, auth_flags); + ssh_set_auth_methods(client->session, SSH_AUTH_METHOD_NONE | + SSH_AUTH_METHOD_PUBLICKEY); tmate_debug("Exchanging DH keys"); if (ssh_handle_key_exchange(session) < 0)