/
connection.go
39 lines (35 loc) · 1.02 KB
/
connection.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
package ssh
import (
"encoding/base64"
"net"
"golang.org/x/crypto/ssh"
)
// Connection represents an SSH connection made by an attacker. It contains
// information about the origin of the attack and payloads attempted by the attacker.
type Connection struct {
SessionID string
SourceIP string
SourceHostName string
UserName string
Password string
ClientVersion string
Payloads []interface{}
}
func newConnection(serverConn *ssh.ServerConn) *Connection {
sourceIP := serverConn.RemoteAddr().String()
sessionID := base64.StdEncoding.EncodeToString(serverConn.SessionID())
c := &Connection{
SessionID: sessionID,
SourceIP: sourceIP,
Password: serverConn.Permissions.Extensions[sessionID], // We use extensions to store auth info from callback
ClientVersion: string(serverConn.ClientVersion()),
UserName: serverConn.User(),
}
hostName, err := net.LookupAddr(sourceIP)
if err != nil {
// TODO: system error logging
} else {
c.SourceHostName = hostName[0]
}
return c
}