Return enough information in auth request to avoid brute force spam

pterodactyl · Jul 3, 2020 · 2ba2a92 · 2ba2a92
1 parent 368abf5
commit 2ba2a92
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 17 deletions.
diff --git a/credentials.go b/credentials.go
@@ -1,8 +1,11 @@
 package sftp_server
 
 type AuthenticationRequest struct {
-	User string `json:"username"`
-	Pass string `json:"password"`
+	User          string `json:"username"`
+	Pass          string `json:"password"`
+	IP            string `json:"ip"`
+	SessionID     []byte `json:"session_id"`
+	ClientVersion []byte `json:"client_version"`
 }
 
 type AuthenticationResponse struct {
@@ -22,4 +25,4 @@ func IsInvalidCredentialsError(err error) bool {
 	_, ok := err.(*InvalidCredentialsError)
 
 	return ok
-}
+}
diff --git a/server.go b/server.go
@@ -20,10 +20,10 @@ import (
 )
 
 type Settings struct {
-	BasePath         string
-	ReadOnly         bool
-	BindPort         int
-	BindAddress      string
+	BasePath    string
+	ReadOnly    bool
+	BindPort    int
+	BindAddress string
 }
 
 type SftpUser struct {
@@ -73,8 +73,11 @@ func (c *Server) Initalize() error {
 		MaxAuthTries: 6,
 		PasswordCallback: func(conn ssh.ConnMetadata, pass []byte) (*ssh.Permissions, error) {
 			resp, err := c.CredentialValidator(AuthenticationRequest{
-				User: conn.User(),
-				Pass: string(pass),
+				User:          conn.User(),
+				Pass:          string(pass),
+				IP:            conn.RemoteAddr().String(),
+				SessionID:     conn.SessionID(),
+				ClientVersion: conn.ClientVersion(),
 			})
 
 			if err != nil {
@@ -195,14 +198,14 @@ func (c Server) AcceptInboundConnection(conn net.Conn, config *ssh.ServerConfig)
 // relative to that directory, and the user will not be able to escape out of it.
 func (c Server) createHandler(perm *ssh.Permissions) sftp.Handlers {
 	p := FileSystem{
-		UUID:             perm.Extensions["uuid"],
-		Permissions:      strings.Split(perm.Extensions["permissions"], ","),
-		ReadOnly:         c.Settings.ReadOnly,
-		Cache:            c.cache,
-		User:             c.User,
-		HasDiskSpace:     c.DiskSpaceValidator,
-		PathValidator:    c.PathValidator,
-		logger:           c.logger,
+		UUID:          perm.Extensions["uuid"],
+		Permissions:   strings.Split(perm.Extensions["permissions"], ","),
+		ReadOnly:      c.Settings.ReadOnly,
+		Cache:         c.cache,
+		User:          c.User,
+		HasDiskSpace:  c.DiskSpaceValidator,
+		PathValidator: c.PathValidator,
+		logger:        c.logger,
 	}
 
 	return sftp.Handlers{