bumped russh (#1210)

Cargo.toml

@@ -24,8 +24,7 @@ bytes = "1.4"
 data-encoding = "2.3"
 serde = "1.0"
 serde_json = "1.0"
-russh = { version = "0.49.0" }
-russh-keys = { version = "0.49.0" }
+russh = { version = "0.50.0-beta.9" }
 tracing = "0.1"
 futures = "0.3"
 tokio-stream = { version = "0.1.17", features = ["net"] }

warpgate-common/Cargo.toml

@@ -26,7 +26,7 @@ poem-openapi = { version = "5.1", features = [
 rand = "0.8"
 rand_chacha = "0.3"
 rand_core = { version = "0.6", features = ["std"] }
-russh-keys.workspace = true
+russh.workspace = true
 rustls-native-certs = "0.6"
 sea-orm = { version = "0.12.2", features = [
     "runtime-tokio-rustls",

warpgate-common/src/auth/cred.rs

@@ -1,6 +1,6 @@
 use bytes::Bytes;
 use poem_openapi::Enum;
-use russh_keys::Algorithm;
+use russh::keys::Algorithm;
 use serde::{Deserialize, Serialize};
 
 use crate::Secret;

warpgate-common/src/error.rs

@@ -36,7 +36,7 @@ pub enum WarpgateError {
     #[error(transparent)]
     Sso(#[from] SsoError),
     #[error(transparent)]
-    RusshKeys(#[from] russh_keys::Error),
+    RusshKeys(#[from] russh::keys::Error),
     #[error("I/O: {0}")]
     Io(#[from] std::io::Error),
 

warpgate-db-migrations/Cargo.toml

@@ -21,7 +21,7 @@ sea-orm = { version = "0.12", features = [
 sea-orm-migration = { version = "0.12", default-features = false, features = [
     "cli",
 ] }
-russh-keys.workspace = true
+russh.workspace = true
 tracing.workspace = true
 uuid = { version = "1.3", features = ["v4", "serde"] }
 serde_json.workspace = true

warpgate-db-migrations/src/m00011_rsa_key_algos.rs

@@ -20,7 +20,7 @@ impl MigrationTrait for Migration {
         let connection = manager.get_connection();
         let creds = PKC::Entity::find().all(connection).await?;
         for cred in creds.into_iter() {
-            let parsed = match russh_keys::PublicKey::from_openssh(&cred.openssh_public_key) {
+            let parsed = match russh::keys::PublicKey::from_openssh(&cred.openssh_public_key) {
                 Ok(parsed) => parsed,
                 Err(e) => {
                     error!("Failed to parse public key '{cred:?}': {e}");

warpgate-protocol-ssh/src/client/mod.rs

@@ -496,7 +496,7 @@ impl RemoteClient {
                         SSHTargetAuth::Password(auth) => {
                             auth_result = session
                                 .authenticate_password(ssh_options.username.clone(), auth.password.expose_secret())
-                                .await?;
+                                .await?.success();
                             if auth_result {
                                 debug!(username=&ssh_options.username[..], "Authenticated with password");
                             }
@@ -511,7 +511,7 @@ impl RemoteClient {
                                         ssh_options.username.clone(),
                                         key
                                     )
-                                    .await?;
+                                    .await?.success();
                                 if auth_result {
                                     debug!(username=&ssh_options.username[..], key=%key_str, "Authenticated with key");
                                     break;

warpgate-protocol-ssh/src/server/mod.rs

@@ -11,7 +11,7 @@ use std::time::Duration;
 use anyhow::Result;
 use futures::TryStreamExt;
 use russh::keys::{Algorithm, HashAlg};
-use russh::{MethodSet, Preferred};
+use russh::{MethodKind, MethodSet, Preferred};
 pub use russh_handler::ServerHandler;
 pub use session::ServerSession;
 use tokio::io::{AsyncRead, AsyncWrite};
@@ -31,7 +31,13 @@ pub async fn run_server(services: Services, address: ListenEndpoint) -> Result<(
             auth_rejection_time_initial: Some(Duration::from_secs(0)),
             inactivity_timeout: Some(config.store.ssh.inactivity_timeout),
             keepalive_interval: config.store.ssh.keepalive_interval,
-            methods: MethodSet::PUBLICKEY | MethodSet::PASSWORD | MethodSet::KEYBOARD_INTERACTIVE,
+            methods: MethodSet::from(
+                &[
+                    MethodKind::PublicKey,
+                    MethodKind::Password,
+                    MethodKind::KeyboardInteractive,
+                ][..],
+            ),
             keys: vec![load_host_keys(&config)?],
             event_buffer_size: 100,
             preferred: Preferred {

warpgate-protocol-ssh/src/server/session.rs

@@ -13,7 +13,7 @@ use bimap::BiMap;
 use bytes::Bytes;
 use futures::{Future, FutureExt};
 use russh::keys::{PublicKey, PublicKeyBase64};
-use russh::{CryptoVec, MethodSet, Sig};
+use russh::{CryptoVec, MethodKind, MethodSet, Sig};
 use tokio::sync::mpsc::{UnboundedReceiver, UnboundedSender};
 use tokio::sync::{broadcast, oneshot, Mutex};
 use tracing::*;
@@ -1400,11 +1400,11 @@ impl ServerSession {
         let mut m = MethodSet::empty();
         for kind in kinds {
             match kind {
-                CredentialKind::Password => m.insert(MethodSet::PASSWORD),
-                CredentialKind::Totp => m.insert(MethodSet::KEYBOARD_INTERACTIVE),
-                CredentialKind::WebUserApproval => m.insert(MethodSet::KEYBOARD_INTERACTIVE),
-                CredentialKind::PublicKey => m.insert(MethodSet::PUBLICKEY),
-                CredentialKind::Sso => m.insert(MethodSet::KEYBOARD_INTERACTIVE),
+                CredentialKind::Password => m.push(MethodKind::Password),
+                CredentialKind::Totp => m.push(MethodKind::KeyboardInteractive),
+                CredentialKind::WebUserApproval => m.push(MethodKind::KeyboardInteractive),
+                CredentialKind::PublicKey => m.push(MethodKind::PublicKey),
+                CredentialKind::Sso => m.push(MethodKind::KeyboardInteractive),
             }
         }
         m