Eric Bower
·
2026-01-25
ssh.go
1package pico
2
3import (
4 "context"
5 "os"
6 "os/signal"
7 "syscall"
8 "time"
9
10 "git.sr.ht/~rockorager/vaxis"
11 pgsdb "github.com/picosh/pico/pkg/apps/pgs/db"
12 "github.com/picosh/pico/pkg/db/postgres"
13 "github.com/picosh/pico/pkg/pssh"
14 "github.com/picosh/pico/pkg/send/auth"
15 "github.com/picosh/pico/pkg/send/list"
16 "github.com/picosh/pico/pkg/send/pipe"
17 "github.com/picosh/pico/pkg/send/protocols/rsync"
18 "github.com/picosh/pico/pkg/send/protocols/scp"
19 "github.com/picosh/pico/pkg/send/protocols/sftp"
20 "github.com/picosh/pico/pkg/shared"
21 "github.com/picosh/pico/pkg/tui"
22 "golang.org/x/crypto/ssh"
23)
24
25func createTui(shrd *tui.SharedModel) pssh.SSHServerMiddleware {
26 return func(next pssh.SSHServerHandler) pssh.SSHServerHandler {
27 return func(sesh *pssh.SSHServerConnSession) error {
28 vty, err := shared.NewVConsole(sesh)
29 if err != nil {
30 return err
31 }
32 opts := vaxis.Options{
33 WithConsole: vty,
34 }
35 return tui.NewTui(opts, shrd)
36 }
37 }
38}
39
40func StartSshServer() {
41 appName := "pico-ssh"
42
43 host := shared.GetEnv("PICO_HOST", "0.0.0.0")
44 port := shared.GetEnv("PICO_SSH_PORT", "2222")
45 promPort := shared.GetEnv("PICO_PROM_PORT", "9222")
46 cfg := NewConfigSite(appName)
47 logger := cfg.Logger
48
49 ctx, cancel := context.WithCancel(context.Background())
50 defer cancel()
51
52 dbpool := postgres.NewDB(cfg.DbURL, cfg.Logger)
53 defer func() {
54 _ = dbpool.Close()
55 }()
56
57 pgsDB := pgsdb.NewDBWithConn(dbpool.Db, cfg.Logger)
58
59 handler := NewUploadHandler(
60 dbpool,
61 cfg,
62 )
63
64 cliHandler := &CliHandler{
65 Logger: logger,
66 DBPool: dbpool,
67 }
68
69 sshAuth := shared.NewSshAuthHandler(dbpool, logger, "pico")
70
71 // Create a new SSH server
72 server, err := pssh.NewSSHServerWithConfig(
73 ctx,
74 logger,
75 appName,
76 host,
77 port,
78 promPort,
79 "ssh_data/term_info_ed25519",
80 func(conn ssh.ConnMetadata, key ssh.PublicKey) (*ssh.Permissions, error) {
81 perms, err := sshAuth.PubkeyAuthHandler(conn, key)
82 logger.Warn("pubkey auth handler", "err", err)
83 if perms == nil {
84 perms = &ssh.Permissions{
85 Extensions: map[string]string{
86 "pubkey": shared.KeyForKeyText(key),
87 },
88 }
89 }
90
91 return perms, nil
92 },
93 []pssh.SSHServerMiddleware{
94 pipe.Middleware(handler, ""),
95 list.Middleware(handler),
96 scp.Middleware(handler),
97 rsync.Middleware(handler),
98 auth.Middleware(handler),
99 func(next pssh.SSHServerHandler) pssh.SSHServerHandler {
100 return func(sesh *pssh.SSHServerConnSession) error {
101 shrd := &tui.SharedModel{
102 Session: sesh,
103 Cfg: cfg,
104 Dbpool: handler.DBPool,
105 PgsDB: pgsDB,
106 Logger: pssh.GetLogger(sesh),
107 }
108 return pssh.PtyMdw(createTui(shrd), 200*time.Millisecond)(next)(sesh)
109 }
110 },
111 Middleware(cliHandler),
112 pssh.LogMiddleware(handler, dbpool),
113 },
114 []pssh.SSHServerMiddleware{
115 sftp.Middleware(handler),
116 pssh.LogMiddleware(handler, dbpool),
117 },
118 nil,
119 )
120
121 if err != nil {
122 logger.Error("failed to create ssh server", "err", err.Error())
123 os.Exit(1)
124 }
125
126 done := make(chan os.Signal, 1)
127 signal.Notify(done, os.Interrupt, syscall.SIGINT, syscall.SIGTERM)
128 logger.Info("Starting SSH server", "addr", server.Config.ListenAddr)
129 go func() {
130 if err = server.ListenAndServe(); err != nil {
131 logger.Error("serve", "err", err.Error())
132 os.Exit(1)
133 }
134 }()
135
136 exit := func() {
137 logger.Info("stopping ssh server")
138 cancel()
139 }
140
141 <-done
142 exit()
143}