From e9a8c9850f85da91ab89d32e5aeee3354139e250 Mon Sep 17 00:00:00 2001 From: Michael Borkenstein Date: Wed, 23 Oct 2019 10:27:37 -0500 Subject: [PATCH] AUTH-2177: Reads and writes error streams --- sshserver/sshserver_unix.go | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/sshserver/sshserver_unix.go b/sshserver/sshserver_unix.go index 101fa987..d4552832 100644 --- a/sshserver/sshserver_unix.go +++ b/sshserver/sshserver_unix.go @@ -221,6 +221,21 @@ func (s *SSHProxy) proxyChannel(localChan, remoteChan gossh.Channel, localChanRe } done <- struct{}{} }() + + // stderr streams are used non-pty sessions since they have distinct IO streams. + remoteStderr := remoteChan.Stderr() + localStderr := localChan.Stderr() + go func() { + if _, err := io.Copy(remoteStderr, localStderr); err != nil { + s.logger.WithError(err).Error("stderr local to remote copy error") + } + }() + go func() { + if _, err := io.Copy(localStderr, remoteStderr); err != nil { + s.logger.WithError(err).Error("stderr remote to local copy error") + } + }() + s.logAuditEvent(conn, "", auditEventStart, ctx) defer s.logAuditEvent(conn, "", auditEventStop, ctx) @@ -231,7 +246,6 @@ func (s *SSHProxy) proxyChannel(localChan, remoteChan gossh.Channel, localChanRe if req == nil { return } - if err := s.forwardChannelRequest(remoteChan, req); err != nil { s.logger.WithError(err).Error("Failed to forward request") return @@ -329,6 +343,7 @@ func (s *SSHProxy) dialDestination(ctx ssh.Context) (*gossh.Client, error) { s.logger.WithError(err).Error("Failed to generate signed short lived cert") return nil, err } + s.logger.Debugf("Short lived certificate for %s connecting to %s:\n\n%s", ctx.User(), preamble.Destination, gossh.MarshalAuthorizedKey(signer.PublicKey())) clientConfig := &gossh.ClientConfig{ User: ctx.User(),