MCPcopy
hub / github.com/gitpod-io/gitpod / New

Function New

components/ws-proxy/pkg/sshproxy/server.go:110–187  ·  view source on GitHub ↗

New creates a new SSH proxy server

(signers []ssh.Signer, workspaceInfoProvider p.WorkspaceInfoProvider, heartbeat Heartbeat)

Source from the content-addressed store, hash-verified

108// New creates a new SSH proxy server
109
110func New(signers []ssh.Signer, workspaceInfoProvider p.WorkspaceInfoProvider, heartbeat Heartbeat) *Server {
111 server := &Server{
112 workspaceInfoProvider: workspaceInfoProvider,
113 Heartbeater: &noHeartbeat{},
114 }
115 if heartbeat != nil {
116 server.Heartbeater = heartbeat
117 }
118
119 server.sshConfig = &ssh.ServerConfig{
120 ServerVersion: "SSH-2.0-GITPOD-GATEWAY",
121 NoClientAuth: true,
122 NoClientAuthCallback: func(conn ssh.ConnMetadata) (*ssh.Permissions, error) {
123 args := strings.Split(conn.User(), "#")
124 workspaceId := args[0]
125 wsInfo, err := server.GetWorkspaceInfo(workspaceId)
126 if err != nil {
127 return nil, err
128 }
129 // NoClientAuthCallback only support workspaceId#ownerToken
130 if len(args) != 2 {
131 return nil, ssh.ErrNoAuth
132 }
133 if wsInfo.Auth.OwnerToken != args[1] {
134 return nil, ErrAuthFailedWithReject
135 }
136 server.TrackSSHConnection(wsInfo, "auth", nil)
137 return &ssh.Permissions{
138 Extensions: map[string]string{
139 "workspaceId": workspaceId,
140 },
141 }, nil
142 },
143 PasswordCallback: func(conn ssh.ConnMetadata, password []byte) (perm *ssh.Permissions, err error) {
144 workspaceId, ownerToken := conn.User(), string(password)
145 wsInfo, err := server.GetWorkspaceInfo(workspaceId)
146 if err != nil {
147 return nil, err
148 }
149 defer func() {
150 server.TrackSSHConnection(wsInfo, "auth", err)
151 }()
152 if wsInfo.Auth.OwnerToken != ownerToken {
153 return nil, ErrAuthFailed
154 }
155 return &ssh.Permissions{
156 Extensions: map[string]string{
157 "workspaceId": workspaceId,
158 },
159 }, nil
160 },
161 PublicKeyCallback: func(conn ssh.ConnMetadata, pk ssh.PublicKey) (perm *ssh.Permissions, err error) {
162 workspaceId := conn.User()
163 wsInfo, err := server.GetWorkspaceInfo(workspaceId)
164 if err != nil {
165 return nil, err
166 }
167 defer func() {

Callers

nothing calls this directly

Calls 4

GetWorkspaceInfoMethod · 0.95
TrackSSHConnectionMethod · 0.95
VerifyPublicKeyMethod · 0.95
cancelFunction · 0.85

Tested by

no test coverage detected