Auto-merge for PR #10 via VersionBot

auth failed banner fixes

CHANGELOG.md

@@ -4,6 +4,12 @@ All notable changes to this project will be documented in this file
 automatically by Versionist. DO NOT EDIT THIS FILE MANUALLY!
 This project adheres to [Semantic Versioning](http://semver.org/).
 
+## v1.1.1 - 2017-05-17
+
+* Fix issue where sshproxy would fail to start if no banner was specified [Will Boyce]
+* Rename ambiguous "unauth" config variable to "auth-failed-banner" [Will Boyce]
+* Add configuration option for setting MaxAuthTries [Will Boyce]
+
 ## v1.1.0 - 2017-05-15
 
 * Add support for displaying a banner to user after failed authentication [Will Boyce]

resin/README.md

@@ -14,28 +14,30 @@ work dir. The following config file formats are supported:
 * [HCL](https://github.com/hashicorp/hcl) (`sshproxy.hcl`)
 * [Java .properties](https://en.wikipedia.org/wiki/.properties) (`sshproxy.properties`)
 
-There are a total of 7 configuration options. With the exception of `dir`
+There are a total of 8 configuration options. With the exception of `dir`
 they can all be set via commandline, environment or config file.
 
-| Name          | Commandline      | Environment        | Config    |
-|---------------|------------------|--------------------|-----------|
-| API Host      | `--apihost` `-H` | `RESIN_API_HOST`   | `apihost` |
-| API Port      | `--apiport` `-P` | `RESIN_API_PORT`   | `apiport` |
-| API Key       | `--apikey` `-K`  | `SSHPROXY_API_KEY` | `apikey`  |
-| Dir           | `--dir` `-d`     | `SSHPROXY_DIR`     |           |
-| Port          | `--port` `-p`    | `SSHPROXY_PORT`    | `port`    |
-| Shell         | `--shell` `-s`   | `SSHPROXY_SHELL`   | `shell`   |
-| Unauth Banner | `--unauth` `-u`  | `SSHPROXY_UNAUTH`  | `unauth`  |
+| Name               | Commandline                 | Environment                   | Config               |
+|--------------------|-----------------------------|-------------------------------|----------------------|
+| API Host           | `--apihost` `-H`            | `RESIN_API_HOST`              | `apihost`            |
+| API Port           | `--apiport` `-P`            | `RESIN_API_PORT`              | `apiport`            |
+| API Key            | `--apikey` `-K`             | `SSHPROXY_API_KEY`            | `apikey`             |
+| Dir                | `--dir` `-d`                | `SSHPROXY_DIR`                |                      |
+| Port               | `--port` `-p`               | `SSHPROXY_PORT`               | `port`               |
+| Shell              | `--shell` `-s`              | `SSHPROXY_SHELL`              | `shell`              |
+| Auth Failed Banner | `--auth-failed-banner` `-b` | `SSHPROXY_AUTH_FAILED_BANNER` | `auth-failed-banner` |
+| Max Auth Tries     | `--max-auth-tries` `-m`     | `SSHPROXY_MAX_AUTH_TRIES`     | `max-auth-tries`     |
 
 ```
 Usage of sshproxy:
-  -H, --apihost string   Resin API Host (default "api.resin.io")
-  -K, --apikey string    Resin API Key (required)
-  -P, --apiport string   Resin API Port (default "443")
-  -d, --dir string       Work dir, holds ssh keys and sshproxy config (default "/etc/sshproxy")
-  -p, --port int         Port the ssh service will listen on (default 22)
-  -s, --shell string     Path to shell to execute post-authentication (default "shell.sh")
-  -u, --unauth string    Path to template displayed after failed authentication
+  -H, --apihost string              Resin API Host (default "api.resin.io")
+  -K, --apikey string               Resin API Key (required)
+  -P, --apiport string              Resin API Port (default "443")
+  -b, --auth-failed-banner string   Path to template displayed after failed authentication
+  -d, --dir string                  Work dir, holds ssh keys and sshproxy config (default "/etc/sshproxy")
+  -m, --max-auth-tries int          Maximum number of authentication attempts per connection (default 0; unlimited)
+  -p, --port int                    Port the ssh service will listen on (default 22)
+  -s, --shell string                Path to shell to execute post-authentication (default "shell.sh")
 ```
 
 ## Unauth Template

resin/main.go

@@ -149,7 +149,8 @@ func init() {
 	pflag.CommandLine.StringP("dir", "d", "/etc/sshproxy", "Work dir, holds ssh keys and sshproxy config")
 	pflag.CommandLine.IntP("port", "p", 22, "Port the ssh service will listen on")
 	pflag.CommandLine.StringP("shell", "s", "shell.sh", "Path to shell to execute post-authentication")
-	pflag.CommandLine.StringP("unauth", "u", "", "Path to template displayed after failed authentication")
+	pflag.CommandLine.StringP("auth-failed-banner", "b", "", "Path to template displayed after failed authentication")
+	pflag.CommandLine.IntP("max-auth-tries", "m", 0, "Maximum number of authentication attempts per connection (default 0; unlimited)")
 
 	viper.BindPFlags(pflag.CommandLine)
 	viper.SetConfigName("sshproxy")
@@ -160,7 +161,8 @@ func init() {
 	viper.BindEnv("dir")
 	viper.BindEnv("port")
 	viper.BindEnv("shell")
-	viper.BindEnv("unauth")
+	viper.BindEnv("auth-failed-banner", "SSHPROXY_AUTH_FAILED_BANNER")
+	viper.BindEnv("max-auth-tries", "SSHPROXY_MAX_AUTH_TRIES")
 }
 
 func main() {
@@ -171,7 +173,7 @@ func main() {
 	viper.ReadInConfig()
 
 	// API Key is required
-	if !viper.IsSet("apikey") || viper.GetString("apikey") == "" {
+	if viper.GetString("apikey") == "" {
 		fmt.Fprintln(os.Stderr, "Error: Resin API Key is required.")
 		pflag.Usage()
 		os.Exit(2)
@@ -194,15 +196,18 @@ func main() {
 		}
 	}
 	fix_path_check_exists("shell")
-	if viper.IsSet("unauth") {
-		fix_path_check_exists("unauth")
+	if viper.GetString("auth-failed-banner") != "" {
+		fix_path_check_exists("auth-failed-banner")
 	}
 
 	apiURL := fmt.Sprintf("https://%s:%d", viper.GetString("apihost"), viper.GetInt("apiport"))
 	auth := newAuthHandler(apiURL, viper.GetString("apikey"))
-	sshConfig := &ssh.ServerConfig{PublicKeyCallback: auth.publicKeyCallback}
-	if viper.IsSet("unauth") {
-		tmpl, err := ioutil.ReadFile(viper.GetString("unauth"))
+	sshConfig := &ssh.ServerConfig{
+		PublicKeyCallback: auth.publicKeyCallback,
+		MaxAuthTries:      viper.GetInt("max-auth-tries"),
+	}
+	if viper.GetString("auth-failed-banner") != "" {
+		tmpl, err := ioutil.ReadFile(viper.GetString("auth-failed-banner"))
 		if err != nil {
 			fmt.Fprintf(os.Stderr, "%s", err)
 			os.Exit(2)