feat(server): use keyboard-interactive auth instead of password

Ayman Bagabas created 

no need to enter a password for keyless users

Change summary

config/auth.go   | 6 ++++++
server/server.go | 2 +-
2 files changed, 7 insertions(+), 1 deletion(-)

Detailed changes

config/auth.go 🔗 

@@ -6,6 +6,7 @@ import (
 
 	gm "github.com/charmbracelet/wish/git"
 	"github.com/gliderlabs/ssh"
+	gossh "golang.org/x/crypto/ssh"
 )
 
 // Push registers Git push functionality for the given repo and key.
@@ -47,6 +48,11 @@ func (cfg *Config) PasswordHandler(ctx ssh.Context, password string) bool {
 	return (cfg.AnonAccess != "no-access") && cfg.AllowKeyless
 }
 
+// KeyboardInteractiveHandler returns whether or not keyboard interactive is allowed.
+func (cfg *Config) KeyboardInteractiveHandler(ctx ssh.Context, _ gossh.KeyboardInteractiveChallenge) bool {
+	return (cfg.AnonAccess != "no-access") && cfg.AllowKeyless
+}
+
 // PublicKeyHandler returns whether or not the given public key may access the
 // repo.
 func (cfg *Config) PublicKeyHandler(ctx ssh.Context, pk ssh.PublicKey) bool {

server/server.go 🔗 

@@ -45,7 +45,7 @@ func NewServer(cfg *config.Config) *Server {
 	}
 	s, err := wish.NewServer(
 		ssh.PublicKeyAuth(ac.PublicKeyHandler),
-		ssh.PasswordAuth(ac.PasswordHandler),
+		ssh.KeyboardInteractiveAuth(ac.KeyboardInteractiveHandler),
 		wish.WithAddress(fmt.Sprintf("%s:%d", cfg.BindAddr, cfg.Port)),
 		wish.WithHostKeyPath(cfg.KeyPath),
 		wish.WithMiddleware(mw...),