Merge branch 'master' of https://github.com/LeeEirc/cocogo

9d0d79f5 · Eric · 19d3d1be · 6607637f · 9d0d79f5 · 9d0d79f5
Commit 9d0d79f5 authored May 14, 2019 by Eric
12 changed files
--- a/Gopkg.lock
+++ b/Gopkg.lock
@@ -104,6 +104,14 @@
  revision = "3ee7d812e62a0804a7d0a324e0249ca2db3476d3"
  version = "v0.0.4"
+[[projects]]
+  digest = "1:4a49346ca45376a2bba679ca0e83bec949d780d4e927931317904bad482943ec"
+  name = "github.com/mattn/go-sqlite3"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "c7c4067b79cc51e6dfdcef5c702e74b1e0fa7c75"
+  version = "v1.10.0"
 [[projects]]
  digest = "1:abcdbf03ca6ca13d3697e2186edc1f33863bbdac2b3a44dfa39015e8903f7409"
  name = "github.com/olekukonko/tablewriter"
@@ -207,6 +215,7 @@
    "github.com/jarcoal/httpmock",
    "github.com/kr/pty",
    "github.com/leonelquinteros/gotext",
+    "github.com/mattn/go-sqlite3",
    "github.com/olekukonko/tablewriter",
    "github.com/pkg/errors",
    "github.com/pkg/sftp",

--- a/Gopkg.toml
+++ b/Gopkg.toml
@@ -74,3 +74,7 @@
 [[constraint]]
  name = "gopkg.in/natefinch/lumberjack.v2"
  version = "2.1.0"
+[[constraint]]
+  name = "github.com/mattn/go-sqlite3"
+  version = "1.10.0"
--- a/pkg/auth/server.go
+++ b/pkg/auth/server.go
@@ -8,6 +8,7 @@ import (
 	"cocogo/pkg/cctx"
 	"cocogo/pkg/common"
+	"cocogo/pkg/config"
 	"cocogo/pkg/i18n"
 	"cocogo/pkg/logger"
 	"cocogo/pkg/service"
@@ -56,10 +57,16 @@ func checkAuth(ctx ssh.Context, password, publicKey string) (res ssh.AuthResult)
 }
 func CheckUserPassword(ctx ssh.Context, password string) ssh.AuthResult {
+	if !config.Conf.PasswordAuth {
+		return ssh.AuthFailed
+	}
 	return checkAuth(ctx, password, "")
 }
 func CheckUserPublicKey(ctx ssh.Context, key ssh.PublicKey) ssh.AuthResult {
+	if !config.Conf.PublicKeyAuth {
+		return ssh.AuthFailed
+	}
 	b := key.Marshal()
 	publicKey := common.Base64Encode(string(b))
 	return checkAuth(ctx, "", publicKey)
@@ -101,6 +108,6 @@ func CheckMFA(ctx ssh.Context, challenger gossh.KeyboardInteractiveChallenge) (r
 	return
 }
-func CheckUserNeedMFA(ctx ssh.Context) (methods []string) {
+func MFAAuthMethods(ctx ssh.Context) (methods []string) {
 	return []string{"keyboard-interactive"}
 }
--- a/pkg/common/utils.go
+++ b/pkg/common/utils.go
 package common
-import "os"
+import (
+	"compress/gzip"
+	"io"
+	"os"
+	"time"
+)
 func FileExists(name string) bool {
 	if _, err := os.Stat(name); err != nil {
@@ -10,3 +15,32 @@ func FileExists(name string) bool {
 	}
 	return true
 }
+func EnsureDirExist(name string) error {
+	if !FileExists(name) {
+		return os.MkdirAll(name, os.ModePerm)
+	}
+	return nil
+}
+func GzipCompressFile(srcPath, dstPath string) error {
+	sf, err := os.Open(srcPath)
+	if err != nil {
+		return err
+	}
+	df, err := os.Create(dstPath)
+	if err != nil {
+		return err
+	}
+	writer := gzip.NewWriter(df)
+	writer.Name = dstPath
+	writer.ModTime = time.Now().UTC()
+	_, err = io.Copy(writer, sf)
+	if err != nil {
+		return err
+	}
+	if err := writer.Close(); err != nil {
+		return err
+	}
+	return nil
+}
--- a/pkg/model/init.go
+++ b/pkg/model/init.go
+package model
--- a/pkg/model/session.go
+++ b/pkg/model/session.go
 package model
+type Command struct {
+	SessionId  string `json:"session"`
+	OrgId      string `json:"org_id"`
+	Input      string `json:"input"`
+	Output     string `json:"output"`
+	User       string `json:"user"`
+	Server     string `json:"asset"`
+	SystemUser string `json:"system_user"`
+	Timestamp  int64  `json:"timestamp"`
+}
--- a/pkg/proxy/parser.go
+++ b/pkg/proxy/parser.go
@@ -2,11 +2,12 @@ package proxy
 import (
 	"bytes"
+	"fmt"
+	"sync"
 	"cocogo/pkg/logger"
 	"cocogo/pkg/model"
 	"cocogo/pkg/utils"
-	"fmt"
-	"sync"
 )
 var (
@@ -35,7 +36,7 @@ type Parser struct {
 	srvInputChan   chan []byte
 	srvOutputChan  chan []byte
-	cmdCh chan *[2]string
+	cmdChan chan [2]string
 	inputInitial  bool
 	inputPreState bool
@@ -48,9 +49,9 @@ type Parser struct {
 	output          string
 	cmdInputParser  *CmdParser
 	cmdOutputParser *CmdParser
-	counter         int
 	cmdFilterRules []model.SystemUserFilterRule
+	closed         bool
 }
 func (p *Parser) Initial() {
@@ -68,22 +69,22 @@ func (p *Parser) Initial() {
 func (p *Parser) Parse() {
 	defer func() {
-		fmt.Println("Parse done")
+		logger.Debug("Parser parse routine done")
 	}()
 	for {
 		select {
-		case ub, ok := <-p.userInputChan:
+		case b, ok := <-p.userInputChan:
 			if !ok {
 				return
 			}
-			b := p.ParseUserInput(ub)
+			b = p.ParseUserInput(b)
 			p.userOutputChan <- b
-		case sb, ok := <-p.srvInputChan:
+		case b, ok := <-p.srvInputChan:
 			if !ok {
 				return
 			}
-			b := p.ParseServerOutput(sb)
+			b = p.ParseServerOutput(b)
 			p.srvOutputChan <- b
 		}
 	}
@@ -110,6 +111,7 @@ func (p *Parser) parseInputState(b []byte) []byte {
 		// 用户又开始输入，并上次不处于输入状态，开始结算上次命令的结果
 		if !p.inputPreState {
 			p.parseCmdOutput()
+			p.cmdChan <- [2]string{p.command, p.output}
 		}
 	}
 	return b
@@ -118,7 +120,6 @@ func (p *Parser) parseInputState(b []byte) []byte {
 func (p *Parser) parseCmdInput() {
 	data := p.cmdBuf.Bytes()
 	p.command = p.cmdInputParser.Parse(data)
-	fmt.Println("parse Command is ", p.command)
 	p.cmdBuf.Reset()
 	p.inputBuf.Reset()
 }
@@ -186,7 +187,6 @@ func (p *Parser) splitCmdStream(b []byte) {
 	if p.zmodemState != "" || p.inVimState || !p.inputInitial {
 		return
 	}
-	fmt.Println("Input state: ", p.inputState)
 	if p.inputState {
 		p.cmdBuf.Write(b)
 	} else {
@@ -210,3 +210,15 @@ func (p *Parser) IsCommandForbidden() bool {
 	}
 	return false
 }
+func (p *Parser) Close() {
+	if p.closed {
+		return
+	}
+	close(p.userInputChan)
+	close(p.userOutputChan)
+	close(p.srvInputChan)
+	close(p.srvOutputChan)
+	close(p.cmdChan)
+	p.closed = true
+}
--- a/pkg/proxy/recorder.go
+++ b/pkg/proxy/recorder.go
 package proxy
 import (
-	"compress/gzip"
+	"cocogo/pkg/common"
-	"context"
+	"cocogo/pkg/logger"
-	"encoding/json"
-	"fmt"
-	"io"
 	"os"
 	"path/filepath"
 	"strings"
 	"time"
 	"cocogo/pkg/config"
-	"cocogo/pkg/logger"
+	"cocogo/pkg/model"
 )
+var conf = config.Conf
 type CommandRecorder struct {
 	Session *SwitchSession
+	storage CommandStorage
+	queue chan *model.Command
 }
 func NewCommandRecorder(sess *SwitchSession) (recorder *CommandRecorder) {
-	return &CommandRecorder{Session: sess}
+	storage := NewCommandStorage()
+	recorder = &CommandRecorder{Session: sess, queue: make(chan *model.Command, 10), storage: storage}
+	go recorder.record()
+	return recorder
 }
-type Command struct {
+func NewReplyRecord(sess *SwitchSession) *ReplyRecorder {
-	SessionId  string    `json:"session"`
+	storage := NewReplayStorage()
-	OrgId      string    `json:"org_id"`
+	srvStorage := &ServerReplayStorage{}
-	Input      string    `json:"input"`
+	return &ReplyRecorder{SessionID: sess.Id, storage: storage, backOffStorage: srvStorage}
-	Output     string    `json:"output"`
-	User       string    `json:"user"`
-	Server     string    `json:"asset"`
-	SystemUser string    `json:"system_user"`
-	Timestamp  time.Time `json:"timestamp"`
 }
-func (c *CommandRecorder) Record(cmd *Command) {
+func (c *CommandRecorder) Record(command [2]string) {
-	data, err := json.MarshalIndent(cmd, "", "  ")
+	if command[0] == "" && command[1] == "" {
-	if err != nil {
+		return
-		logger.Error("Marshal command error: ", err)
 	}
-	fmt.Printf("Record cmd: %s\n", data)
+	cmd := &model.Command{
+		SessionId:  c.Session.Id,
+		OrgId:      c.Session.Org,
+		Input:      command[0],
+		Output:     command[1],
+		User:       c.Session.User,
+		Server:     c.Session.Server,
+		SystemUser: c.Session.SystemUser,
+		Timestamp:  time.Now().Unix(),
+	}
+	c.queue <- cmd
 }
-var conf = config.Conf
+func (c *CommandRecorder) Start() {
+}
-func NewReplyRecord(sessionID string) *ReplyRecorder {
+func (c *CommandRecorder) End() {
-	rootPath := conf.RootPath
+	close(c.queue)
-	currentData := time.Now().UTC().Format("2006-01-02")
+}
-	gzFileName := sessionID + ".replay.gz"
-	absFilePath := filepath.Join(rootPath, "data", "replays", currentData, sessionID)
+func (c *CommandRecorder) record() {
-	absGzFilePath := filepath.Join(rootPath, "data", "replays", currentData, gzFileName)
+	cmdList := make([]*model.Command, 0)
+	for {
-	target := strings.Join([]string{currentData, gzFileName}, "/")
+		select {
-	return &ReplyRecorder{
+		case p := <-c.queue:
-		SessionID:     sessionID,
+			cmdList = append(cmdList, p)
-		FileName:      sessionID,
+			if len(cmdList) < 5 {
-		absFilePath:   absFilePath,
+				continue
-		gzFileName:    gzFileName,
+			}
-		absGzFilePath: absGzFilePath,
+		case <-time.After(time.Second * 5):
-		StartTime:     time.Now().UTC(),
+			if len(cmdList) == 0 {
-		target:        target,
+				continue
+			}
+		}
+		err := c.storage.BulkSave(cmdList)
+		if err == nil {
+			cmdList = cmdList[:0]
+			continue
+		}
+		if len(cmdList) > 10 {
+			cmdList = cmdList[1:]
+		}
 	}
 }
 type ReplyRecorder struct {
-	SessionID     string
+	SessionID string
-	FileName      string
-	gzFileName    string
 	absFilePath   string
 	absGzFilePath string
 	target        string
-	WriteF        *os.File
+	file          *os.File
 	StartTime     time.Time
+	storage        ReplayStorage
+	backOffStorage ReplayStorage
 }
 func (r *ReplyRecorder) Record(b []byte) {
-	interval := time.Now().UTC().Sub(r.StartTime).Seconds()
-	data, _ := json.Marshal(string(b))
-	_, _ = r.WriteF.WriteString(fmt.Sprintf("\"%0.6f\":%s,", interval, data))
 }
 func (r *ReplyRecorder) Start() {
-	//auth.MakeSureDirExit(r.absFilePath)
+	rootPath := conf.RootPath
-	//r.WriteF, _ = os.Create(r.absFilePath)
+	today := time.Now().UTC().Format("2006-01-02")
-	//_, _ = r.WriteF.Write([]byte("{"))
+	gzFileName := r.SessionID + ".replay.gz"
-}
+	replayDir := filepath.Join(rootPath, "data", "replays", today)
-func (r *ReplyRecorder) End(ctx context.Context) {
+	r.absFilePath = filepath.Join(replayDir, r.SessionID)
-	select {
+	r.absGzFilePath = filepath.Join(replayDir, today, gzFileName)
-	case <-ctx.Done():
+	r.target = strings.Join([]string{today, gzFileName}, "/")
-		_, _ = r.WriteF.WriteString(`"0":""}`)
-		_ = r.WriteF.Close()
-	}
-	r.uploadReplay()
-}
-func (r *ReplyRecorder) uploadReplay() {
+	err := common.EnsureDirExist(replayDir)
-	_ = GzipCompressFile(r.absFilePath, r.absGzFilePath)
+	if err != nil {
-	if store := NewStorageServer(); store != nil {
+		logger.Errorf("Create dir %s error: %s\n", replayDir, err)
-		store.Upload(r.absGzFilePath, r.target)
+		return
 	}
-	_ = os.Remove(r.absFilePath)
-	_ = os.Remove(r.absGzFilePath)
-}
-func GzipCompressFile(srcPath, dstPath string) error {
+	r.file, err = os.Create(r.absFilePath)
-	srcf, err := os.Open(srcPath)
 	if err != nil {
-		return err
+		logger.Errorf("Create file %s error: %s\n", r.absFilePath, err)
 	}
-	dstf, err := os.Create(dstPath)
+	_, _ = r.file.Write([]byte("{"))
-	if err != nil {
+}
-		return err
+func (r *ReplyRecorder) End() {
+	_ = r.file.Close()
+	if !common.FileExists(r.absFilePath) {
+		return
 	}
-	zw := gzip.NewWriter(dstf)
+	if stat, err := os.Stat(r.absGzFilePath); err == nil && stat.Size() == 0 {
-	zw.Name = dstPath
+		_ = os.Remove(r.absFilePath)
-	zw.ModTime = time.Now().UTC()
+		return
-	_, err = io.Copy(zw, srcf)
-	if err != nil {
-		return err
 	}
-	if err := zw.Close(); err != nil {
+	go r.uploadReplay()
-		return err
+	if !common.FileExists(r.absGzFilePath) {
+		_ = common.GzipCompressFile(r.absFilePath, r.absGzFilePath)
+		_ = os.Remove(r.absFilePath)
 	}
+}
-	return nil
+func (r *ReplyRecorder) uploadReplay() {
+	maxRetry := 3
+	for i := 0; i <= maxRetry; i++ {
+		logger.Debug("Upload replay file: ", r.absGzFilePath)
+		err := r.storage.Upload(r.absGzFilePath, r.target)
+		if err == nil {
+			_ = os.Remove(r.absGzFilePath)
+			break
+		}
+		// 如果还是失败，使用备用storage再传一次
+		if i == maxRetry {
+			logger.Errorf("Using back off storage retry upload")
+			r.storage = r.backOffStorage
+			r.uploadReplay()
+			break
+		}
+	}
 }
--- a/pkg/proxy/recorderstorage.go
+++ b/pkg/proxy/recorderstorage.go
 package proxy
+import (
+	"cocogo/pkg/config"
+	"cocogo/pkg/model"
+	"cocogo/pkg/service"
+)
 type ReplayStorage interface {
-	Upload(gZipFile, target string)
+	Upload(gZipFile, target string) error
+}
+type CommandStorage interface {
+	BulkSave(commands []*model.Command) error
+}
+func NewReplayStorage() ReplayStorage {
+	cf := config.Conf.ReplayStorage
+	tp, ok := cf["TYPE"]
+	if !ok {
+		tp = "server"
+	}
+	switch tp {
+	default:
+		return &ServerReplayStorage{}
+	}
+}
+func NewCommandStorage() CommandStorage {
+	cf := config.Conf.CommandStorage
+	tp, ok := cf["TYPE"]
+	if !ok {
+		tp = "server"
+	}
+	switch tp {
+	default:
+		return &ServerCommandStorage{}
+	}
 }
-func NewStorageServer() ReplayStorage {
+type ServerCommandStorage struct {
-	return nil
 }
-func NewJmsStorage() ReplayStorage {
+func (s *ServerCommandStorage) BulkSave(commands []*model.Command) (err error) {
-	//appService := auth.GetGlobalService()
+	return service.PushSessionCommand(commands)
-	//return &Server{
-	//	StorageType: "jms",
-	//	service:     appService,
-	//}
-	return &Server{}
 }
-type Server struct {
+type ServerReplayStorage struct {
 	StorageType string
 }
-func (s *Server) Upload(gZipFilePath, target string) {
+func (s *ServerReplayStorage) Upload(gZipFilePath, target string) (err error) {
 	//sessionID := strings.Split(filepath.Base(gZipFilePath), ".")[0]
 	//_ = client.PushSessionReplay(gZipFilePath, sessionID)
+	return
 }
--- a/pkg/proxy/switch.go
+++ b/pkg/proxy/switch.go
 package proxy
 import (
-	"cocogo/pkg/model"
 	"context"
 	"time"
@@ -12,14 +11,8 @@ import (
 )
 func NewSwitchSession(userConn UserConnection, serverConn ServerConnection) (sw *SwitchSession) {
-	parser := &Parser{
+	sw = &SwitchSession{userConn: userConn, srvConn: serverConn}
-		userInputChan:  make(chan []byte, 1024),
+	sw.Initial()
-		userOutputChan: make(chan []byte, 1024),
-		srvInputChan:   make(chan []byte, 1024),
-		srvOutputChan:  make(chan []byte, 1024),
-	}
-	parser.Initial()
-	sw = &SwitchSession{userConn: userConn, serverConn: serverConn, parser: parser}
 	return sw
 }
@@ -37,37 +30,40 @@ type SwitchSession struct {
 	Finished   bool      `json:"is_finished"`
 	Closed     bool
-	srvChan  chan []byte
-	userChan chan []byte
-	cmdFilterRules []model.SystemUserFilterRule
 	cmdRecorder    *CommandRecorder
-	replayRecorder *ReplayStorage
+	replayRecorder *ReplyRecorder
 	parser         *Parser
-	userConn   UserConnection
+	cmdRecordChan chan [2]string
-	serverConn ServerConnection
+	userConn      UserConnection
-	userTran   Transport
+	srvConn       ServerConnection
-	serverTran Transport
+	userChan      Transport
-	cancelFunc context.CancelFunc
+	srvChan       Transport
+	cancelFunc    context.CancelFunc
 }
 func (s *SwitchSession) Initial() {
 	s.Id = uuid.NewV4().String()
 	s.User = s.userConn.User()
-	s.Server = s.serverConn.Name()
+	s.Server = s.srvConn.Name()
-	s.SystemUser = s.serverConn.User()
+	s.SystemUser = s.srvConn.User()
 	s.LoginFrom = s.userConn.LoginFrom()
 	s.RemoteAddr = s.userConn.RemoteAddr()
 	s.DateStart = time.Now()
-}
-func (s *SwitchSession) preBridge() {
-}
+	s.cmdRecordChan = make(chan [2]string, 1024)
+	s.cmdRecorder = NewCommandRecorder(s)
-func (s *SwitchSession) postBridge() {
+	s.replayRecorder = NewReplyRecord(s)
+	parser := &Parser{
+		userInputChan:  make(chan []byte, 1024),
+		userOutputChan: make(chan []byte, 1024),
+		srvInputChan:   make(chan []byte, 1024),
+		srvOutputChan:  make(chan []byte, 1024),
+		cmdChan:        s.cmdRecordChan,
+	}
+	parser.Initial()
+	s.parser = parser
 }
 func (s *SwitchSession) watchWindowChange(ctx context.Context, winCh <-chan ssh.Window) {
@@ -82,7 +78,7 @@ func (s *SwitchSession) watchWindowChange(ctx context.Context, winCh <-chan ssh.
 			if !ok {
 				return
 			}
-			err := s.serverConn.SetWinSize(win.Height, win.Width)
+			err := s.srvConn.SetWinSize(win.Height, win.Width)
 			if err != nil {
 				logger.Error("Change server win size err: ", err)
 				return
@@ -92,63 +88,104 @@ func (s *SwitchSession) watchWindowChange(ctx context.Context, winCh <-chan ssh.
 	}
 }
-func (s *SwitchSession) readUserToServer(ctx context.Context) {
+func (s *SwitchSession) readParserToServer(ctx context.Context) {
 	defer func() {
-		logger.Debug("Read user to server end")
+		logger.Debug("Read parser to server end")
 	}()
 	for {
 		select {
 		case <-ctx.Done():
-			_ = s.userTran.Close()
 			return
-		case p, ok := <-s.userTran.Chan():
+		case p, ok := <-s.parser.userOutputChan:
 			if !ok {
 				s.cancelFunc()
 			}
-			s.parser.userInputChan <- p
+			_, _ = s.srvChan.Write(p)
-		case p, ok := <-s.parser.userOutputChan:
+		}
+	}
+}
+func (s *SwitchSession) readUserToParser(ctx context.Context) {
+	defer func() {
+		logger.Debug("Read user to server end")
+	}()
+	for {
+		select {
+		case <-ctx.Done():
+			_ = s.userChan.Close()
+			return
+		case p, ok := <-s.userChan.Chan():
 			if !ok {
 				s.cancelFunc()
 			}
-			_, _ = s.serverTran.Write(p)
+			s.parser.userInputChan <- p
 		}
 	}
 }
-func (s *SwitchSession) readServerToUser(ctx context.Context) {
+func (s *SwitchSession) readServerToParser(ctx context.Context) {
 	defer func() {
-		logger.Debug("Read server to user end")
+		logger.Debug("Read server to parser end")
 	}()
 	for {
 		select {
 		case <-ctx.Done():
-			_ = s.serverTran.Close()
+			_ = s.srvChan.Close()
 			return
-		case p, ok := <-s.serverTran.Chan():
+		case p, ok := <-s.srvChan.Chan():
 			if !ok {
 				s.cancelFunc()
 			}
 			s.parser.srvInputChan <- p
+		}
+	}
+}
+func (s *SwitchSession) readParserToUser(ctx context.Context) {
+	defer func() {
+		logger.Debug("Read parser to user end")
+	}()
+	for {
+		select {
+		case <-ctx.Done():
+			return
 		case p, ok := <-s.parser.srvOutputChan:
 			if !ok {
 				s.cancelFunc()
 			}
-			_, _ = s.userConn.Write(p)
+			s.replayRecorder.Record(p)
+			_, _ = s.userChan.Write(p)
 		}
 	}
 }
+func (s *SwitchSession) recordCmd() {
+	for cmd := range s.cmdRecordChan {
+		s.cmdRecorder.Record(cmd)
+	}
+}
+func (s *SwitchSession) postBridge() {
+	s.cmdRecorder.End()
+	s.replayRecorder.End()
+	s.parser.Close()
+}
 func (s *SwitchSession) Bridge() (err error) {
 	winCh := s.userConn.WinCh()
 	ctx, cancel := context.WithCancel(context.Background())
 	s.cancelFunc = cancel
-	s.userTran = NewDirectTransport("", s.userConn)
+	s.userChan = NewDirectTransport("", s.userConn)
-	s.serverTran = NewDirectTransport("", s.serverConn)
+	s.srvChan = NewDirectTransport("", s.srvConn)
 	go s.parser.Parse()
 	go s.watchWindowChange(ctx, winCh)
-	go s.readServerToUser(ctx)
+	go s.readServerToParser(ctx)
-	s.readUserToServer(ctx)
+	go s.readParserToUser(ctx)
+	go s.readParserToServer(ctx)
+	go s.recordCmd()
+	defer s.postBridge()
+	s.readUserToParser(ctx)
 	logger.Debug("Session bridge end")
 	return
 }
--- a/pkg/service/terminal.go
+++ b/pkg/service/terminal.go
@@ -82,3 +82,8 @@ func FinishTask(tid string) bool {
 func PushSessionReplay(sessionID, gZipFile string) {
 }
+func PushSessionCommand(commands []*model.Command) (err error) {
+	fmt.Println("Commands: ", commands)
+	return
+}
--- a/pkg/sshd/server.go
+++ b/pkg/sshd/server.go
@@ -25,21 +25,14 @@ func StartServer() {
 	srv := ssh.Server{
 		Addr:                       conf.BindHost + ":" + strconv.Itoa(conf.SSHPort),
 		KeyboardInteractiveHandler: auth.CheckMFA,
-		NextAuthMethodsHandler:     auth.CheckUserNeedMFA,
+		PasswordHandler:            auth.CheckUserPassword,
+		PublicKeyHandler:           auth.CheckUserPublicKey,
+		NextAuthMethodsHandler:     auth.MFAAuthMethods,
 		HostSigners:                []ssh.Signer{signer},
 		Handler:                    handler.SessionHandler,
 		SubsystemHandlers:          map[string]ssh.SubsystemHandler{},
 	}
 	// Set Auth Handler
-	if conf.PasswordAuth {
-		srv.PasswordHandler = auth.CheckUserPassword
-	}
-	if conf.PublicKeyAuth {
-		srv.PublicKeyHandler = auth.CheckUserPublicKey
-	}
-	if !conf.PasswordAuth && !conf.PublicKeyAuth {
-		srv.PasswordHandler = auth.CheckUserPassword
-	}
 	srv.SetSubsystemHandler("sftp", handler.SftpHandler)
 	logger.Fatal(srv.ListenAndServe())
 }