Andrew Lytvynov 29e98e18f8 ssh/tailssh: use a local error instead of gossh.ErrDenied (#10743) ... ErrDenied was added in [our fork of x/crypto/ssh](acc6f8fe8d) to short-circuit auth attempts once one fails. In the case of our callbacks, this error is returned when SSH policy check determines that a connection should not be allowed. Both `NoClientAuthCallback` and `PublicKeyHandler` check the policy and will fail anyway. The `fakePasswordHandler` returns true only if `NoClientAuthCallback` succeeds the policy check, so it checks it indirectly too. The difference here is that a client might attempt all 2-3 auth methods instead of just `none` but will fail to authenticate regardless. Updates #8593 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>		2024-01-05 08:02:42 -08:00
..
incubator.go	ssh/tailssh: add envknobs to force override forwarding, sftp, pty	2023-11-09 13:37:54 -08:00
incubator_linux.go	all: update copyright and license headers	2023-01-27 15:36:29 -08:00
privs_test.go	all: use Go 1.21 slices, maps instead of x/exp/{slices,maps}	2023-08-17 08:42:35 -07:00
tailssh.go	ssh/tailssh: use a local error instead of gossh.ErrDenied (#10743)	2024-01-05 08:02:42 -08:00
tailssh_test.go	all: replace deprecated ioutil references	2023-08-23 23:53:19 +01:00
user.go	ssh/tailssh,util: extract new osuser package from ssh code (#10170)	2023-11-09 09:49:06 -08:00