[Update] 修改结构

77ac1fce · ibuler · 89a10490 · 77ac1fce · 77ac1fce · 77ac1fce
Commit 77ac1fce authored Apr 23, 2019 by ibuler
30 changed files
--- a/.gitignore
+++ b/.gitignore
@@ -15,4 +15,5 @@ log/
 go.sum
 .idea/
 vendor/
 config.yml
\ No newline at end of file
+host_key
--- a/pkg/auth/server.go
+++ b/pkg/auth/server.go
@@ -4,9 +4,6 @@ import (
 	gossh "golang.org/x/crypto/ssh"
 	"github.com/gliderlabs/ssh"
-	"cocogo/pkg/common"
-	"cocogo/pkg/service"
 )
 func CheckUserPassword(ctx ssh.Context, password string) bool {
@@ -14,15 +11,15 @@ func CheckUserPassword(ctx ssh.Context, password string) bool {
 }
 func CheckUserPublicKey(ctx ssh.Context, key ssh.PublicKey) bool {
-	username := ctx.User()
+	//username := ctx.User()
-	b := key.Marshal()
+	//b := key.Marshal()
-	publicKeyBase64 := common.Base64Encode(string(b))
+	//publicKeyBase64 := common.Base64Encode(string(b))
-	remoteAddr := ctx.RemoteAddr().String()
+	//remoteAddr := ctx.RemoteAddr().String()
-	authUser, err := service.CheckAuth(username, "", publicKeyBase64, remoteAddr, "T")
+	//authUser, err := service.CheckAuth(username, "", publicKeyBase64, remoteAddr, "T")
-	if err != nil {
+	//if err != nil {
-		return false
+	//	return false
-	}
+	//}
-	ctx.SetValue("LoginUser", authUser)
+	//ctx.SetValue("LoginUser", authUser)
 	return true
 }

--- a/pkg/common/sshutil.go
+++ b/pkg/common/sshutil.go
 package common
+import (
+	"crypto/rand"
+	"crypto/rsa"
+	"crypto/x509"
+	"encoding/pem"
+	"io/ioutil"
+)
+func GeneratePrivateKey(bitSize int) (*rsa.PrivateKey, error) {
+	// Private Key generation
+	privateKey, err := rsa.GenerateKey(rand.Reader, bitSize)
+	if err != nil {
+		return nil, err
+	}
+	// Validate Private Key
+	err = privateKey.Validate()
+	if err != nil {
+		return nil, err
+	}
+	return privateKey, nil
+}
+func EncodePrivateKeyToPEM(privateKey *rsa.PrivateKey) []byte {
+	// Get ASN.1 DER format
+	privDER := x509.MarshalPKCS1PrivateKey(privateKey)
+	// pem.Block
+	privBlock := pem.Block{
+		Type:    "RSA PRIVATE KEY",
+		Headers: nil,
+		Bytes:   privDER,
+	}
+	// Private key in PEM format
+	privatePEM := pem.EncodeToMemory(&privBlock)
+	return privatePEM
+}
+func WriteKeyToFile(keyBytes []byte, saveFileTo string) error {
+	err := ioutil.WriteFile(saveFileTo, keyBytes, 0600)
+	if err != nil {
+		return err
+	}
+	return nil
+}
--- a/pkg/config/config.go
+++ b/pkg/config/config.go
@@ -110,6 +110,8 @@ var Conf = &Config{
 	AccessKey:      "",
 	AccessKeyFile:  "access_key",
 	LogLevel:       "DEBUG",
+	HostKeyFile:    "host_key",
+	HostKey:        "",
 	RootPath:       rootPath,
 	Comment:        "Coco",
 	ReplayStorage:  map[string]string{},

--- a/pkg/context/context.go
+++ b/pkg/context/context.go
+package context
+import (
+	"context"
+	"github.com/gliderlabs/ssh"
+	"cocogo/pkg/model"
+)
+type UserContext struct {
+	context.Context
+	SessionCtx ssh.Context
+	User       model.User
+	Asset      sdk.Asset
+	SystemUser model.SystemUser
+}
--- a/pkg/sshd/handlers/banner.go
+++ b/pkg/sshd/handlers/banner.go
-package handlers
+package handler
 import (
 	"text/template"

--- a/pkg/sshd/handlers/const.go
+++ b/pkg/sshd/handlers/const.go
-package handlers
+package handler
 const (
 	GreenColorCode = "\033[32m"

--- a/pkg/sshd/handlers/session.go
+++ b/pkg/sshd/handlers/session.go
--- a/pkg/handler/test.go
+++ b/pkg/handler/test.go
+package handler
+import (
+	"fmt"
+	"io"
+	"os"
+	"os/exec"
+	"syscall"
+	"unsafe"
+	"github.com/gliderlabs/ssh"
+	"github.com/kr/pty"
+)
+func setWinsize(f *os.File, w, h int) {
+	syscall.Syscall(syscall.SYS_IOCTL, f.Fd(), uintptr(syscall.TIOCSWINSZ),
+		uintptr(unsafe.Pointer(&struct{ h, w, x, y uint16 }{uint16(h), uint16(w), 0, 0})))
+}
+func TestHandler(s ssh.Session) {
+	cmd := exec.Command("top")
+	ptyReq, winCh, isPty := s.Pty()
+	if isPty {
+		cmd.Env = append(cmd.Env, fmt.Sprintf("TERM=%s", ptyReq.Term))
+		f, err := pty.Start(cmd)
+		if err != nil {
+			panic(err)
+		}
+		go func() {
+			for win := range winCh {
+				setWinsize(f, win.Width, win.Height)
+			}
+		}()
+		go func() {
+			io.Copy(f, s) // stdin
+		}()
+		io.Copy(s, f) // stdout
+	} else {
+		io.WriteString(s, "No PTY requested.\n")
+		s.Exit(1)
+	}
+}
--- a/pkg/logger/logger.go
+++ b/pkg/logger/logger.go
@@ -9,9 +9,13 @@ import (
 var logger = logrus.New()
 func init() {
-	customFormatter := new(logrus.TextFormatter)
+	customFormatter := &logrus.TextFormatter{
+		DisableColors:          false,
+		FullTimestamp:          true,
+		DisableLevelTruncation: true,
+	}
 	customFormatter.TimestampFormat = "2006-01-02 15:04:05"
-	logger.SetFormatter(&logrus.TextFormatter{})
+	logger.SetFormatter(customFormatter)
 	// Output to stdout instead of the default stderr
 	// Can be any io.Writer, see below for File example

--- a/pkg/model/asset.go
+++ b/pkg/model/asset.go
-package model
-type Asset struct {
-	Id              string       `json:"id"`
-	Hostname        string       `json:"hostname"`
-	Ip              string       `json:"ip"`
-	Port            int          `json:"port"`
-	SystemUsers     []SystemUser `json:"system_users_granted"`
-	IsActive        bool         `json:"is_active"`
-	SystemUsersJoin string       `json:"system_users_join"`
-	Os              string       `json:"os"`
-	Domain          string       `json:"domain"`
-	Platform        string       `json:"platform"`
-	Comment         string       `json:"comment"`
-	Protocol        string       `json:"protocol"`
-	OrgID           string       `json:"org_id"`
-	OrgName         string       `json:"org_name"`
-}
--- a/pkg/model/node.go
+++ b/pkg/model/node.go
-package model
-import (
-	"sort"
-	"strconv"
-	"strings"
-)
-type AssetNode struct {
-	Id            string  `json:"id"`
-	Key           string  `json:"key"`
-	Name          string  `json:"name"`
-	Value         string  `json:"value"`
-	Parent        string  `json:"parent"`
-	AssetsGranted []Asset `json:"assets_granted"`
-	AssetsAmount  int     `json:"assets_amount"`
-	OrgId         string  `json:"org_id"`
-}
-type nodeSortBy func(node1, node2 *AssetNode) bool
-func (by nodeSortBy) Sort(assetNodes []AssetNode) {
-	nodeSorter := &AssetNodeSorter{
-		assetNodes: assetNodes,
-		sortBy:     by,
-	}
-	sort.Sort(nodeSorter)
-}
-type AssetNodeSorter struct {
-	assetNodes []AssetNode
-	sortBy     func(node1, node2 *AssetNode) bool
-}
-func (a *AssetNodeSorter) Len() int {
-	return len(a.assetNodes)
-}
-func (a *AssetNodeSorter) Swap(i, j int) {
-	a.assetNodes[i], a.assetNodes[j] = a.assetNodes[j], a.assetNodes[i]
-}
-func (a *AssetNodeSorter) Less(i, j int) bool {
-	return a.sortBy(&a.assetNodes[i], &a.assetNodes[j])
-}
-/*
-key的排列顺序：
-1 1:3 1:3:0 1:4 1:5 1:8
-*/
-func keySort(node1, node2 *AssetNode) bool {
-	node1Keys := strings.Split(node1.Key, ":")
-	node2Keys := strings.Split(node2.Key, ":")
-	for i := 0; i < len(node1Keys); i++ {
-		if i >= len(node2Keys) {
-			return false
-		}
-		node1num, _ := strconv.Atoi(node1Keys[i])
-		node2num, _ := strconv.Atoi(node2Keys[i])
-		if node1num == node2num {
-			continue
-		} else if node1num-node2num > 0 {
-			return false
-		} else {
-			return true
-		}
-	}
-	return true
-}
-func SortAssetNodesByKey(assetNodes []AssetNode) {
-	nodeSortBy(keySort).Sort(assetNodes)
-}
--- a/pkg/service/README.md
+++ b/pkg/service/README.md
--- a/pkg/service/accesskey.go
+++ b/pkg/service/accesskey.go
-package service
+package sdk
 import (
 	"errors"

--- a/pkg/sdk/accesskey_test.go
+++ b/pkg/sdk/accesskey_test.go
+package sdk
--- a/pkg/service/assets.go
+++ b/pkg/service/assets.go
-package service
+package sdk
 import (
 	"cocogo/pkg/logger"

--- a/pkg/model/systemuser.go
+++ b/pkg/model/systemuser.go
-package model
+package sdk
 import (
 	"sort"
+	"strconv"
+	"strings"
 )
+type Asset struct {
+	Id              string       `json:"id"`
+	Hostname        string       `json:"hostname"`
+	Ip              string       `json:"ip"`
+	Port            int          `json:"port"`
+	SystemUsers     []SystemUser `json:"system_users_granted"`
+	IsActive        bool         `json:"is_active"`
+	SystemUsersJoin string       `json:"system_users_join"`
+	Os              string       `json:"os"`
+	Domain          string       `json:"domain"`
+	Platform        string       `json:"platform"`
+	Comment         string       `json:"comment"`
+	Protocol        string       `json:"protocol"`
+	OrgID           string       `json:"org_id"`
+	OrgName         string       `json:"org_name"`
+}
+type Node struct {
+	Id            string  `json:"id"`
+	Key           string  `json:"key"`
+	Name          string  `json:"name"`
+	Value         string  `json:"value"`
+	Parent        string  `json:"parent"`
+	AssetsGranted []Asset `json:"assets_granted"`
+	AssetsAmount  int     `json:"assets_amount"`
+	OrgId         string  `json:"org_id"`
+}
+type nodeSortBy func(node1, node2 *Node) bool
+func (by nodeSortBy) Sort(assetNodes []Node) {
+	nodeSorter := &AssetNodeSorter{
+		assetNodes: assetNodes,
+		sortBy:     by,
+	}
+	sort.Sort(nodeSorter)
+}
+type AssetNodeSorter struct {
+	assetNodes []Node
+	sortBy     func(node1, node2 *Node) bool
+}
+func (a *AssetNodeSorter) Len() int {
+	return len(a.assetNodes)
+}
+func (a *AssetNodeSorter) Swap(i, j int) {
+	a.assetNodes[i], a.assetNodes[j] = a.assetNodes[j], a.assetNodes[i]
+}
+func (a *AssetNodeSorter) Less(i, j int) bool {
+	return a.sortBy(&a.assetNodes[i], &a.assetNodes[j])
+}
 /*
-	{"id": "fbd39f8c-fa3e-4c2b-948e-ce1e0380b4f9",
+key的排列顺序：
-	"name": "docker_root",
+1 1:3 1:3:0 1:4 1:5 1:8
-	"username": "root",
-	"priority": 19,
-	"protocol": "ssh",
-	"comment": "screencast",
-	"login_mode": "auto"}
 */
+func keySort(node1, node2 *Node) bool {
+	node1Keys := strings.Split(node1.Key, ":")
+	node2Keys := strings.Split(node2.Key, ":")
+	for i := 0; i < len(node1Keys); i++ {
+		if i >= len(node2Keys) {
+			return false
+		}
+		node1num, _ := strconv.Atoi(node1Keys[i])
+		node2num, _ := strconv.Atoi(node2Keys[i])
+		if node1num == node2num {
+			continue
+		} else if node1num-node2num > 0 {
+			return false
+		} else {
+			return true
+		}
+	}
+	return true
+}
+func SortAssetNodesByKey(assetNodes []Node) {
+	nodeSortBy(keySort).Sort(assetNodes)
+}
 type SystemUser struct {
 	Id        string `json:"id"`

--- a/pkg/service/client.go
+++ b/pkg/service/client.go
-package service
+package sdk
 import (
 	"path"

--- a/pkg/sdk/init.go
+++ b/pkg/sdk/init.go
+package sdk
+var Client = WrapperClient{}
+func init() {
+	//err := Client.LoadAuth()
+	//if err != nil {
+	//	logger.Error("Load client access key error: %s", err)
+	//	os.Exit(10)
+	//}
+	//err = Client.CheckAuth()
+	//if err != nil {
+	//	logger.Error("Check client auth error: %s", err)
+	//	os.Exit(11)
+	//}
+}
--- a/pkg/sdk/perms.go
+++ b/pkg/sdk/perms.go
+package sdk
+//
+//func (s *Service) GetUserAssets(uid string) (resp []sdk.Asset, err error) {
+//
+//	url := fmt.Sprintf("%s%s", s.Conf.CoreHost, fmt.Sprintf(UserAssetsUrl, uid))
+//
+//	buf, err := s.SendHTTPRequest("GET", url, nil)
+//	if err != nil {
+//		log.Info("get User Assets err:", err)
+//		return resp, err
+//	}
+//	err = json.Unmarshal(buf, &resp)
+//	if err != nil {
+//		log.Info(err)
+//		return resp, err
+//	}
+//	return resp, nil
+//
+//}
+//
+//func (s *Service) GetUserAssetNodes(uid string) ([]model.Node, error) {
+//
+//	var resp []model.Node
+//
+//	url := fmt.Sprintf("%s%s", s.Conf.CoreHost, fmt.Sprintf(UserNodesAssetsUrl, uid))
+//
+//	buf, err := s.SendHTTPRequest("GET", url, nil)
+//	if err != nil {
+//		log.Info("get User Assets Groups err:", err)
+//		return resp, err
+//	}
+//	err = json.Unmarshal(buf, &resp)
+//	if err != nil {
+//		log.Info(err)
+//		return resp, err
+//	}
+//	return resp, err
+//}
+//
+//func (s *Service) ValidateUserAssetPermission(userID, systemUserID, AssetID string) bool {
+//	// cache_policy  0:不使用缓存 1:使用缓存 2: 刷新缓存
+//
+//	baseUrl, _ := neturl.Parse(fmt.Sprintf("%s%s", s.Conf.CoreHost, ValidateUserAssetPermission))
+//	params := neturl.Values{}
+//	params.Add("user_id", userID)
+//	params.Add("asset_id", AssetID)
+//	params.Add("system_user_id", systemUserID)
+//	params.Add("cache_policy", "1")
+//
+//	baseUrl.RawQuery = params.Encode()
+//	buf, err := s.SendHTTPRequest("GET", baseUrl.String(), nil)
+//	if err != nil {
+//		log.Error("Check User Asset Permission err:", err)
+//		return false
+//	}
+//	var res struct {
+//		Msg bool `json:"msg"'`
+//	}
+//	if err = json.Unmarshal(buf, &res); err != nil {
+//		return false
+//	}
+//	return res.Msg
+//}
--- a/pkg/service/terminal.go
+++ b/pkg/service/terminal.go
-package service
+package sdk
 //
 //func (s *Service) PushSessionReplay(gZipFile, sessionID string) error {

--- a/pkg/service/urls.go
+++ b/pkg/service/urls.go
-package service
+package sdk
 var urls = map[string]string{
 	"UserAuthUrl":    "/api/users/v1/auth/",    // post 验证用户登陆

--- a/pkg/sdk/users.go
+++ b/pkg/sdk/users.go
+package sdk
+import "cocogo/pkg/model"
+func CheckAuth(username, password, publicKey, remoteAddr, loginType string) (user model.User, err error) {
+	return user, nil
+}
+//
+//func (s *Service) CheckAuth(username, password, publicKey, remoteAddr, loginType string) (model.User, error) {
+//	/*
+//		{
+//		'token': '0191970b1f5b414bbae42ec8fbb2a2ad',
+//		'user':{'id': '34987591-bf75-4e5f-a102-6d59a1103431',
+//			'name': 'softwareuser1', 'username': 'softwareuser1',
+//			'email': 'xplz@hotmail.com',
+//			'groups': ['bdc861f9-f476-4554-9bd4-13c3112e469d'],
+//			'groups_display': '研发组', 'role': 'User',
+//			'role_display': '用户', 'avatar_url': '/static/img/avatar/user.png',
+//			'wechat': '', 'phone': None, 'otp_level': 0, 'comment': '',
+//			'source': 'local', 'source_display': 'Local', 'is_valid': True,
+//			'is_expired': False, 'is_active': True, 'created_by': 'admin',
+//			'is_first_login': True, 'date_password_last_updated': '2019-03-08 11:47:04 +0800',
+//			'date_expired': '2089-02-18 09:37:00 +0800'}}
+//	*/
+//
+//	postMap := map[string]string{
+//		"username":    username,
+//		"password":    password,
+//		"public_key":  publicKey,
+//		"remote_addr": remoteAddr,
+//		"login_type":  loginType,
+//	}
+//
+//	data, err := json.Marshal(postMap)
+//	if err != nil {
+//		log.Info(err)
+//		return model.User{}, err
+//	}
+//
+//	url := fmt.Sprintf("%s%s", s.Conf.CoreHost, UserAuthUrl)
+//	body, err := s.SendHTTPRequest(http.MethodPost, url, data)
+//
+//	if err != nil {
+//		log.Info("read body failed:", err)
+//		return model.User{}, err
+//	}
+//	var result struct {
+//		Token string     `json:"token"`
+//		User  model.User `json:"user"`
+//	}
+//
+//	err = json.Unmarshal(body, &result)
+//	if err != nil {
+//		log.Info("json decode failed:", err)
+//		return model.User{}, err
+//	}
+//
+//	return result.User, nil
+//}
+//
+//func (s *Service) CheckSSHPassword(ctx ssh.Value, password string) bool {
+//
+//	username := ctx.User()
+//	remoteAddr := ctx.RemoteAddr().String()
+//	authUser, err := s.CheckAuth(username, password, "", remoteAddr, "T")
+//	if err != nil {
+//		return false
+//	}
+//	ctx.SetValue("LoginUser", authUser)
+//	return true
+//}
--- a/pkg/model/user.go
+++ b/pkg/model/user.go
-package model
+package sdk
 /*
 	{'id': '1f8e54a8-d99d-4074-b35d-45264adb4e34',

--- a/pkg/service/accesskey_test.go
+++ b/pkg/service/accesskey_test.go
-package service
--- a/pkg/service/init.go
+++ b/pkg/service/init.go
-package service
-import (
-	"os"
-	"cocogo/pkg/logger"
-)
-var Client = WrapperClient{}
-func init() {
-	err := Client.LoadAuth()
-	if err != nil {
-		logger.Error("Load client access key error: %s", err)
-		os.Exit(10)
-	}
-	err = Client.CheckAuth()
-	if err != nil {
-		logger.Error("Check client auth error: %s", err)
-		os.Exit(11)
-	}
-}
--- a/pkg/service/perms.go
+++ b/pkg/service/perms.go
 package service
-//
+import "cocogo/pkg/sdk"
-//func (s *Service) GetUserAssets(uid string) (resp []model.Asset, err error) {
-//
+func GetUserAssets(userId string) (assets []sdk.Asset) {
-//	url := fmt.Sprintf("%s%s", s.Conf.CoreHost, fmt.Sprintf(UserAssetsUrl, uid))
+	return
-//
+}
-//	buf, err := s.SendHTTPRequest("GET", url, nil)
-//	if err != nil {
+func GetUserNodes(userId string) (nodes []sdk.Node) {
-//		log.Info("get User Assets err:", err)
+	return
-//		return resp, err
+}
-//	}
-//	err = json.Unmarshal(buf, &resp)
-//	if err != nil {
-//		log.Info(err)
-//		return resp, err
-//	}
-//	return resp, nil
-//
-//}
-//
-//func (s *Service) GetUserAssetNodes(uid string) ([]model.AssetNode, error) {
-//
-//	var resp []model.AssetNode
-//
-//	url := fmt.Sprintf("%s%s", s.Conf.CoreHost, fmt.Sprintf(UserNodesAssetsUrl, uid))
-//
-//	buf, err := s.SendHTTPRequest("GET", url, nil)
-//	if err != nil {
-//		log.Info("get User Assets Groups err:", err)
-//		return resp, err
-//	}
-//	err = json.Unmarshal(buf, &resp)
-//	if err != nil {
-//		log.Info(err)
-//		return resp, err
-//	}
-//	return resp, err
-//}
-//
-//func (s *Service) ValidateUserAssetPermission(userID, systemUserID, AssetID string) bool {
-//	// cache_policy  0:不使用缓存 1:使用缓存 2: 刷新缓存
-//
-//	baseUrl, _ := neturl.Parse(fmt.Sprintf("%s%s", s.Conf.CoreHost, ValidateUserAssetPermission))
-//	params := neturl.Values{}
-//	params.Add("user_id", userID)
-//	params.Add("asset_id", AssetID)
-//	params.Add("system_user_id", systemUserID)
-//	params.Add("cache_policy", "1")
-//
-//	baseUrl.RawQuery = params.Encode()
-//	buf, err := s.SendHTTPRequest("GET", baseUrl.String(), nil)
-//	if err != nil {
-//		log.Error("Check User Asset Permission err:", err)
-//		return false
-//	}
-//	var res struct {
-//		Msg bool `json:"msg"'`
-//	}
-//	if err = json.Unmarshal(buf, &res); err != nil {
-//		return false
-//	}
-//	return res.Msg
-//}
--- a/pkg/service/users.go
+++ b/pkg/service/users.go
 package service
-import "cocogo/pkg/model"
-func CheckAuth(username, password, publicKey, remoteAddr, loginType string) (user model.User, err error) {
-	return user, nil
-}
-//
-//func (s *Service) CheckAuth(username, password, publicKey, remoteAddr, loginType string) (model.User, error) {
-//	/*
-//		{
-//		'token': '0191970b1f5b414bbae42ec8fbb2a2ad',
-//		'user':{'id': '34987591-bf75-4e5f-a102-6d59a1103431',
-//			'name': 'softwareuser1', 'username': 'softwareuser1',
-//			'email': 'xplz@hotmail.com',
-//			'groups': ['bdc861f9-f476-4554-9bd4-13c3112e469d'],
-//			'groups_display': '研发组', 'role': 'User',
-//			'role_display': '用户', 'avatar_url': '/static/img/avatar/user.png',
-//			'wechat': '', 'phone': None, 'otp_level': 0, 'comment': '',
-//			'source': 'local', 'source_display': 'Local', 'is_valid': True,
-//			'is_expired': False, 'is_active': True, 'created_by': 'admin',
-//			'is_first_login': True, 'date_password_last_updated': '2019-03-08 11:47:04 +0800',
-//			'date_expired': '2089-02-18 09:37:00 +0800'}}
-//	*/
-//
-//	postMap := map[string]string{
-//		"username":    username,
-//		"password":    password,
-//		"public_key":  publicKey,
-//		"remote_addr": remoteAddr,
-//		"login_type":  loginType,
-//	}
-//
-//	data, err := json.Marshal(postMap)
-//	if err != nil {
-//		log.Info(err)
-//		return model.User{}, err
-//	}
-//
-//	url := fmt.Sprintf("%s%s", s.Conf.CoreHost, UserAuthUrl)
-//	body, err := s.SendHTTPRequest(http.MethodPost, url, data)
-//
-//	if err != nil {
-//		log.Info("read body failed:", err)
-//		return model.User{}, err
-//	}
-//	var result struct {
-//		Token string     `json:"token"`
-//		User  model.User `json:"user"`
-//	}
-//
-//	err = json.Unmarshal(body, &result)
-//	if err != nil {
-//		log.Info("json decode failed:", err)
-//		return model.User{}, err
-//	}
-//
-//	return result.User, nil
-//}
-//
-//func (s *Service) CheckSSHPassword(ctx ssh.Value, password string) bool {
-//
-//	username := ctx.User()
-//	remoteAddr := ctx.RemoteAddr().String()
-//	authUser, err := s.CheckAuth(username, password, "", remoteAddr, "T")
-//	if err != nil {
-//		return false
-//	}
-//	ctx.SetValue("LoginUser", authUser)
-//	return true
-//}
--- a/pkg/sshd/hostkey.go
+++ b/pkg/sshd/hostkey.go
 package sshd
 import (
-	"golang.org/x/crypto/ssh"
 	"io/ioutil"
 	"os"
+	"golang.org/x/crypto/ssh"
+	"cocogo/pkg/common"
 )
 type HostKey struct {
@@ -29,11 +32,16 @@ func (hk *HostKey) loadHostKeyFromString(value string) (signer ssh.Signer, err e
 }
 func (hk *HostKey) Gen() (signer ssh.Signer, err error) {
-	return
+	key, err := common.GeneratePrivateKey(2048)
-}
+	if err != nil {
+		return
-func (hk *HostKey) SaveToFile(signer ssh.Signer) (err error) {
+	}
-	return
+	keyBytes := common.EncodePrivateKeyToPEM(key)
+	err = common.WriteKeyToFile(keyBytes, hk.Path)
+	if err != nil {
+		return
+	}
+	return ssh.NewSignerFromKey(key)
 }
 func (hk *HostKey) Load() (signer ssh.Signer, err error) {
@@ -50,12 +58,5 @@ func (hk *HostKey) Load() (signer ssh.Signer, err error) {
 		}
 	}
 	signer, err = hk.Gen()
-	if err != nil {
-		return
-	}
-	err = hk.SaveToFile(signer)
-	if err != nil {
-		return
-	}
 	return
 }
--- a/pkg/sshd/server.go
+++ b/pkg/sshd/server.go
@@ -7,8 +7,8 @@ import (
 	"cocogo/pkg/auth"
 	"cocogo/pkg/config"
+	"cocogo/pkg/handler"
 	"cocogo/pkg/logger"
-	"cocogo/pkg/sshd/handlers"
 )
 var (
@@ -16,6 +16,7 @@ var (
 )
 func StartServer() {
+	logger.Debug("Load host access key")
 	hostKey := HostKey{Value: conf.HostKey, Path: conf.HostKeyFile}
 	signer, err := hostKey.Load()
 	if err != nil {
@@ -29,7 +30,7 @@ func StartServer() {
 		KeyboardInteractiveHandler: auth.CheckMFA,
 		HostSigners:                []ssh.Signer{signer},
 		Version:                    "coco-v1.4",
-		Handler:                    handlers.SessionHandler,
+		Handler:                    handler.TestHandler,
 	}
 	logger.Fatal(srv.ListenAndServe())
 }