[PR #3896] [CLOSED] Switch built-in SSH server to github.com/gliderlabs/ssh #17132

New Issue

GiteaMirror · 2025-11-02T12:27:04-06:00

GiteaMirror commented

2025-11-02 12:27:04 -06:00

📋 Pull Request Information

Original PR: https://github.com/go-gitea/gitea/pull/3896
Author: @belak
Created: 5/4/2018
Status: ❌ Closed

Base: master ← Head: builtin-gliderlabs-ssh

📝 Commits (6)

296e803 Switch built-in SSH server to use github.com/gliderlabs/ssh
5d57e58 Add github.com/gliderlabs/ssh to Gopkg.toml
5a4eec8 Add missing vendored packages
ae2e406 Merge remote-tracking branch 'upstream/master' into builtin-gliderlabs-ssh
b549cc8 Merge branch 'master' into builtin-gliderlabs-ssh
179f2ad Update ssh.go

📊 Changes

22 files changed (+1722 additions, -148 deletions)

View changed files

📝 Gopkg.lock (+17 -0)
📝 Gopkg.toml (+4 -0)
📝 cmd/serv.go (+2 -2)
📝 integrations/mysql.ini.tmpl (+1 -0)
📝 integrations/pgsql.ini.tmpl (+1 -0)
📝 integrations/repo_test.go (+1 -1)
📝 integrations/sqlite.ini (+1 -0)
📝 modules/ssh/ssh.go (+140 -145)
➕ vendor/github.com/anmitsu/go-shlex/LICENSE (+20 -0)
➕ vendor/github.com/anmitsu/go-shlex/shlex.go (+193 -0)
➕ vendor/github.com/gliderlabs/ssh/LICENSE (+27 -0)
➕ vendor/github.com/gliderlabs/ssh/agent.go (+83 -0)
➕ vendor/github.com/gliderlabs/ssh/conn.go (+55 -0)
➕ vendor/github.com/gliderlabs/ssh/context.go (+148 -0)
➕ vendor/github.com/gliderlabs/ssh/doc.go (+47 -0)
➕ vendor/github.com/gliderlabs/ssh/options.go (+77 -0)
➕ vendor/github.com/gliderlabs/ssh/server.go (+329 -0)
➕ vendor/github.com/gliderlabs/ssh/session.go (+287 -0)
➕ vendor/github.com/gliderlabs/ssh/ssh.go (+109 -0)
➕ vendor/github.com/gliderlabs/ssh/tcpip.go (+58 -0)

...and 2 more files

📄 Description

This pull request is the first step towards making the built-in SSH server a good option. As discussed in discord, gliderlabs/ssh does a fairly good job at abstracting away most of the error-prone x/crypto/ssh code while still maintaining the flexibility we need.

A few things worth noting:

The change in cmd/serv.go probably isn't needed (I can revert it if requested), but may be worthwhile anyway. I was using that before I was properly shell escaping command arguments.
The copyright was changed from Gogs to Gitea because almost the entire file was rewritten, mostly from scratch.
There's a TODO in Listen because gliderlabs/ssh doesn't currently support choosing ciphers, key exchanges, and MACs. I'd be happy to open a PR there to get that support in.
It would be really nice if there was a way to use cmd/serv.go directly, rather than having to call it like this. That would allow us to avoid re-escaping command args as they come in.
This now checks the incoming user against setting.SSH.BuiltinServerUser. I don't believe that was done before.

If anyone has a recommended test suite or things they'd like to see tested, please let me know and I will do my best.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/go-gitea/gitea/pull/3896 **Author:** [@belak](https://github.com/belak) **Created:** 5/4/2018 **Status:** ❌ Closed **Base:** `master` ← **Head:** `builtin-gliderlabs-ssh` --- ### 📝 Commits (6) - [`296e803`](https://github.com/go-gitea/gitea/commit/296e8036f3aba02ca6998f0de1d78cae73a43910) Switch built-in SSH server to use github.com/gliderlabs/ssh - [`5d57e58`](https://github.com/go-gitea/gitea/commit/5d57e580bcc9920127c3706d30d6798d1f299df1) Add github.com/gliderlabs/ssh to Gopkg.toml - [`5a4eec8`](https://github.com/go-gitea/gitea/commit/5a4eec82db241ea6a57d9e610628eef36becd134) Add missing vendored packages - [`ae2e406`](https://github.com/go-gitea/gitea/commit/ae2e406ef3980a1513c3d26bcbc2e19bdb9de28a) Merge remote-tracking branch 'upstream/master' into builtin-gliderlabs-ssh - [`b549cc8`](https://github.com/go-gitea/gitea/commit/b549cc8f60d5830b74ff2a4003361ec5ab542202) Merge branch 'master' into builtin-gliderlabs-ssh - [`179f2ad`](https://github.com/go-gitea/gitea/commit/179f2ad723581bbdbd471fd287652a86368bda9f) Update ssh.go ### 📊 Changes **22 files changed** (+1722 additions, -148 deletions) <details> <summary>View changed files</summary> 📝 `Gopkg.lock` (+17 -0) 📝 `Gopkg.toml` (+4 -0) 📝 `cmd/serv.go` (+2 -2) 📝 `integrations/mysql.ini.tmpl` (+1 -0) 📝 `integrations/pgsql.ini.tmpl` (+1 -0) 📝 `integrations/repo_test.go` (+1 -1) 📝 `integrations/sqlite.ini` (+1 -0) 📝 `modules/ssh/ssh.go` (+140 -145) ➕ `vendor/github.com/anmitsu/go-shlex/LICENSE` (+20 -0) ➕ `vendor/github.com/anmitsu/go-shlex/shlex.go` (+193 -0) ➕ `vendor/github.com/gliderlabs/ssh/LICENSE` (+27 -0) ➕ `vendor/github.com/gliderlabs/ssh/agent.go` (+83 -0) ➕ `vendor/github.com/gliderlabs/ssh/conn.go` (+55 -0) ➕ `vendor/github.com/gliderlabs/ssh/context.go` (+148 -0) ➕ `vendor/github.com/gliderlabs/ssh/doc.go` (+47 -0) ➕ `vendor/github.com/gliderlabs/ssh/options.go` (+77 -0) ➕ `vendor/github.com/gliderlabs/ssh/server.go` (+329 -0) ➕ `vendor/github.com/gliderlabs/ssh/session.go` (+287 -0) ➕ `vendor/github.com/gliderlabs/ssh/ssh.go` (+109 -0) ➕ `vendor/github.com/gliderlabs/ssh/tcpip.go` (+58 -0) _...and 2 more files_ </details> ### 📄 Description This pull request is the first step towards making the built-in SSH server a good option. As discussed in discord, gliderlabs/ssh does a fairly good job at abstracting away most of the error-prone `x/crypto/ssh` code while still maintaining the flexibility we need. A few things worth noting: - The change in `cmd/serv.go` probably isn't needed (I can revert it if requested), but may be worthwhile anyway. I was using that before I was properly shell escaping command arguments. - The copyright was changed from Gogs to Gitea because almost the entire file was rewritten, mostly from scratch. - There's a TODO in Listen because gliderlabs/ssh doesn't currently support choosing ciphers, key exchanges, and MACs. I'd be happy to open a PR there to get that support in. - It would be really nice if there was a way to use `cmd/serv.go` directly, rather than having to call it like this. That would allow us to avoid re-escaping command args as they come in. - This now checks the incoming user against setting.SSH.BuiltinServerUser. I don't believe that was done before. If anyone has a recommended test suite or things they'd like to see tested, please let me know and I will do my best. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

GiteaMirror added the pull-request label 2025-11-02 12:27:04 -06:00

GiteaMirror closed this issue

2025-11-02 12:27:04 -06:00

Sign in to join this conversation.

Branches Tags

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/gitea#17132