happyDomain/checker-ssh
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Initial commit

Browse source
This commit is contained in:
nemunaire 2026-04-23 12:17:44 +07:00
commit 06036c89d9
29 changed files with 4891 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

61
checker/rules_auth.go Normal file
View file

@ -0,0 +1,61 @@
// This file is part of the happyDomain (R) project.
// Copyright (c) 2020-2026 happyDomain
// Authors: Pierre-Olivier Mercier, et al.
//
// This program is offered under a commercial and under the AGPL license.
// For commercial licensing, contact us at <contact@happydomain.org>.
//
// For AGPL licensing:
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <https://www.gnu.org/licenses/>.
package checker
import (
"context"
sdk "git.happydns.org/checker-sdk-go/checker"
)
// authMethodsRule reports on the authentication methods advertised by
// the server (password exposure, missing public-key support). Only
// active when the auth probe ran.
type authMethodsRule struct{}
func (r *authMethodsRule) Name() string { return "ssh.auth_methods" }
func (r *authMethodsRule) Description() string {
return "Reviews the advertised authentication methods (password exposure, public-key availability)."
}
func (r *authMethodsRule) Evaluate(ctx context.Context, obs sdk.ObservationGetter, _ sdk.CheckerOptions) []sdk.CheckState {
data, errSt := loadSSHData(ctx, obs)
if errSt != nil {
return []sdk.CheckState{*errSt}
}
var probed bool
var issues []Issue
for _, ep := range data.Endpoints {
if !ep.AuthProbeAttempted {
continue
}
probed = true
issues = append(issues, analyseAuthMethods(ep.Address, &ep)...)
}
if !probed {
return []sdk.CheckState{notTestedState("ssh.auth_methods.skipped", "Authentication-method enumeration disabled or not performed.")}
}
if len(issues) == 0 {
return []sdk.CheckState{passState("ssh.auth_methods.ok", "Authentication method posture looks sound.")}
}
return statesFromIssues(issues)
}