// This file is part of the happyDomain (R) project. // Copyright (c) 2020-2026 happyDomain // Authors: Pierre-Olivier Mercier, et al. // // This program is offered under a commercial and under the AGPL license. // For commercial licensing, contact us at . // // For AGPL licensing: // This program is free software: you can redistribute it and/or modify // it under the terms of the GNU Affero General Public License as published by // the Free Software Foundation, either version 3 of the License, or // (at your option) any later version. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU Affero General Public License for more details. // // You should have received a copy of the GNU Affero General Public License // along with this program. If not, see . package checker import ( "context" sdk "git.happydns.org/checker-sdk-go/checker" ) // authMethodsRule reports on the authentication methods advertised by // the server (password exposure, missing public-key support). Only // active when the auth probe ran. type authMethodsRule struct{} func (r *authMethodsRule) Name() string { return "ssh.auth_methods" } func (r *authMethodsRule) Description() string { return "Reviews the advertised authentication methods (password exposure, public-key availability)." } func (r *authMethodsRule) Evaluate(ctx context.Context, obs sdk.ObservationGetter, _ sdk.CheckerOptions) []sdk.CheckState { data, errSt := loadSSHData(ctx, obs) if errSt != nil { return []sdk.CheckState{*errSt} } var probed bool var issues []Issue for _, ep := range data.Endpoints { if !ep.AuthProbeAttempted { continue } probed = true issues = append(issues, analyseAuthMethods(ep.Address, &ep)...) } if !probed { return []sdk.CheckState{notTestedState("ssh.auth_methods.skipped", "Authentication-method enumeration disabled or not performed.")} } if len(issues) == 0 { return []sdk.CheckState{passState("ssh.auth_methods.ok", "Authentication method posture looks sound.")} } return statesFromIssues(issues) }