AUTH-2022: Adds ssh timeout configuration

sshserver/authentication.go

@@ -15,7 +15,7 @@ import (
 
 var (
 	systemConfigPath  = "/etc/cloudflared/"
-	authorizeKeysPath = ".cloudflared/authorized_keys"
+	authorizedKeysDir = ".cloudflared/authorized_keys"
 )
 
 func (s *SSHServer) authorizedKeyHandler(ctx ssh.Context, key ssh.PublicKey) bool {
@@ -25,9 +25,9 @@ func (s *SSHServer) authorizedKeyHandler(ctx ssh.Context, key ssh.PublicKey) boo
 		return false
 	}
 
-	authorizedKeysPath := path.Join(sshUser.HomeDir, authorizeKeysPath)
+	authorizedKeysPath := path.Join(sshUser.HomeDir, authorizedKeysDir)
 	if _, err := os.Stat(authorizedKeysPath); os.IsNotExist(err) {
-		s.logger.Debugf("authorized_keys file %s not found", authorizeKeysPath)
+		s.logger.Debugf("authorized_keys file %s not found", authorizedKeysPath)
 		return false
 	}
 
@@ -38,11 +38,12 @@ func (s *SSHServer) authorizedKeyHandler(ctx ssh.Context, key ssh.PublicKey) boo
 	}
 
 	for len(authorizedKeysBytes) > 0 {
+
 		// Skips invalid keys. Returns error if no valid keys remain.
 		pubKey, _, _, rest, err := ssh.ParseAuthorizedKey(authorizedKeysBytes)
 		authorizedKeysBytes = rest
 		if err != nil {
-			s.logger.WithError(err).Errorf("No valid keys found in %s", authorizeKeysPath)
+			s.logger.Errorf("Invalid key(s) found in %s", authorizedKeysPath)
 			return false
 		}
 
@@ -51,7 +52,7 @@ func (s *SSHServer) authorizedKeyHandler(ctx ssh.Context, key ssh.PublicKey) boo
 			return true
 		}
 	}
-	s.logger.Debugf("Matching public key not found in %s", authorizeKeysPath)
+	s.logger.Debugf("Matching public key not found in %s", authorizedKeysPath)
 	return false
 }
 

sshserver/authentication_test.go

@@ -32,7 +32,7 @@ const (
 var logger, hook = test.NewNullLogger()
 
 func TestMain(m *testing.M) {
-	authorizeKeysPath = testUserKeyFilename
+	authorizedKeysDir = testUserKeyFilename
 	logger.SetLevel(logrus.DebugLevel)
 	code := m.Run()
 	os.Exit(code)

sshserver/sshserver_unix.go

@@ -12,6 +12,7 @@ import (
 	"os/user"
 	"strconv"
 	"syscall"
+	"time"
 	"unsafe"
 
 	"github.com/creack/pty"
@@ -27,7 +28,7 @@ type SSHServer struct {
 	getUserFunc func(string) (*User, error)
 }
 
-func New(logger *logrus.Logger, address string, shutdownC chan struct{}, shortLivedCertAuth bool) (*SSHServer, error) {
+func New(logger *logrus.Logger, address string, shutdownC chan struct{}, shortLivedCertAuth bool, idleTimeout, maxTimeout time.Duration) (*SSHServer, error) {
 	currentUser, err := user.Current()
 	if err != nil {
 		return nil, err
@@ -37,7 +38,7 @@ func New(logger *logrus.Logger, address string, shutdownC chan struct{}, shortLi
 	}
 
 	sshServer := SSHServer{
-		Server:      ssh.Server{Addr: address},
+		Server:      ssh.Server{Addr: address, MaxTimeout: maxTimeout, IdleTimeout: idleTimeout},
 		logger:      logger,
 		shutdownC:   shutdownC,
 		getUserFunc: lookupUser,
@@ -76,7 +77,6 @@ func (s *SSHServer) Start() error {
 }
 
 func (s *SSHServer) connectionHandler(session ssh.Session) {
-
 	// Get uid and gid of user attempting to login
 	sshUser, ok := session.Context().Value("sshUser").(*User)
 	if !ok || sshUser == nil {

sshserver/sshserver_windows.go

@@ -6,11 +6,12 @@ import (
 	"errors"
 
 	"github.com/sirupsen/logrus"
+	"time"
 )
 
 type SSHServer struct{}
 
-func New(_ *logrus.Logger, _ string, _ chan struct{}, _ bool) (*SSHServer, error) {
+func New(_ *logrus.Logger, _ string, _ chan struct{}, _ bool, _, _ time.Duration) (*SSHServer, error) {
 	return nil, errors.New("cloudflared ssh server is not supported on windows")
 }