From aff75953e3d4855daa608766f1688c8138191149 Mon Sep 17 00:00:00 2001 From: Nicola Murino Date: Thu, 21 Jan 2021 09:28:41 +0100 Subject: [PATCH] ssh requests: send a reply only if the client requested it --- sftpd/server.go | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/sftpd/server.go b/sftpd/server.go index a11b9fc6..38b7d5aa 100644 --- a/sftpd/server.go +++ b/sftpd/server.go @@ -360,6 +360,9 @@ func canAcceptConnection(ip string) bool { logger.Log(logger.LevelDebug, common.ProtocolSSH, "", "connection refused, configured limit reached") return false } + if err := common.Config.ExecutePostConnectHook(ip, common.ProtocolSSH); err != nil { + return false + } return true } @@ -378,10 +381,7 @@ func (c *Configuration) AcceptInboundConnection(conn net.Conn, config *ssh.Serve // Before beginning a handshake must be performed on the incoming net.Conn // we'll set a Deadline for handshake to complete, the default is 2 minutes as OpenSSH conn.SetDeadline(time.Now().Add(handshakeTimeout)) //nolint:errcheck - if err := common.Config.ExecutePostConnectHook(ipAddr, common.ProtocolSSH); err != nil { - conn.Close() - return - } + sconn, chans, reqs, err := ssh.NewServerConn(conn, config) if err != nil { logger.Debug(logSender, "", "failed to accept an incoming connection: %v", err) @@ -471,7 +471,9 @@ func (c *Configuration) AcceptInboundConnection(conn net.Conn, config *ssh.Serve ok = processSSHCommand(req.Payload, &connection, c.EnabledSSHCommands) } } - req.Reply(ok, nil) //nolint:errcheck + if req.WantReply { + req.Reply(ok, nil) //nolint:errcheck + } } }(requests, channelCounter) }