torjus/oubliette
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
This repository has been archived on 2026-03-09. You can view files and clone it. You cannot open issues or pull requests or push a commit.
Files
51fdea0c2f2a8174d938de421a4edb60c3bc6397
oubliette/internal/config/config.go
Torjus Håkestad 51fdea0c2f feat: implement SSH honeypot server with auth and config 
Add core SSH server with password authentication, per-IP failure
tracking, credential memory with TTL, and static credential support.
Includes TOML config loading with validation, Ed25519 host key
auto-generation, and a Nix package output.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-14 16:36:12 +01:00

99 lines
2.2 KiB
Go
Raw Blame History

package config
import (
"fmt"
"os"
"time"
"github.com/BurntSushi/toml"
)
type Config struct {
SSH SSHConfig `toml:"ssh"`
Auth AuthConfig `toml:"auth"`
LogLevel string `toml:"log_level"`
}
type SSHConfig struct {
ListenAddr string `toml:"listen_addr"`
HostKeyPath string `toml:"host_key_path"`
}
type AuthConfig struct {
AcceptAfter int `toml:"accept_after"`
CredentialTTL string `toml:"credential_ttl"`
StaticCredentials []Credential `toml:"static_credentials"`
// Parsed duration, not from TOML directly.
CredentialTTLDuration time.Duration `toml:"-"`
}
type Credential struct {
Username string `toml:"username"`
Password string `toml:"password"`
}
func Load(path string) (*Config, error) {
data, err := os.ReadFile(path)
if err != nil {
return nil, fmt.Errorf("reading config: %w", err)
}
cfg := &Config{}
if err := toml.Unmarshal(data, cfg); err != nil {
return nil, fmt.Errorf("parsing config: %w", err)
}
applyDefaults(cfg)
if err := validate(cfg); err != nil {
return nil, fmt.Errorf("validating config: %w", err)
}
return cfg, nil
}
func applyDefaults(cfg *Config) {
if cfg.SSH.ListenAddr == "" {
cfg.SSH.ListenAddr = ":2222"
}
if cfg.SSH.HostKeyPath == "" {
cfg.SSH.HostKeyPath = "oubliette_host_key"
}
if cfg.Auth.AcceptAfter == 0 {
cfg.Auth.AcceptAfter = 10
}
if cfg.Auth.CredentialTTL == "" {
cfg.Auth.CredentialTTL = "24h"
}
if cfg.LogLevel == "" {
cfg.LogLevel = "info"
}
}
func validate(cfg *Config) error {
d, err := time.ParseDuration(cfg.Auth.CredentialTTL)
if err != nil {
return fmt.Errorf("invalid credential_ttl %q: %w", cfg.Auth.CredentialTTL, err)
}
if d <= 0 {
return fmt.Errorf("credential_ttl must be positive, got %s", d)
}
cfg.Auth.CredentialTTLDuration = d
if cfg.Auth.AcceptAfter < 1 {
return fmt.Errorf("accept_after must be at least 1, got %d", cfg.Auth.AcceptAfter)
}
for i, cred := range cfg.Auth.StaticCredentials {
if cred.Username == "" {
return fmt.Errorf("static_credentials[%d]: username must not be empty", i)
}
if cred.Password == "" {
return fmt.Errorf("static_credentials[%d]: password must not be empty", i)
}
}
return nil
}
Reference in New Issue View Git Blame Copy Permalink