ssh: replace tempfork with tailscale/gliderssh

Brings in a newer version of Gliderlabs SSH with added socket forwarding support.

Fixes #12409
Fixes #5295

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

cmd/ssh-auth-none-demo/ssh-auth-none-demo.go

@@ -28,8 +28,8 @@ import (
 	"path/filepath"
 	"time"
 
-	gossh "golang.org/x/crypto/ssh"
-	"tailscale.com/tempfork/gliderlabs/ssh"
+	gliderssh "github.com/tailscale/gliderssh"
+	"golang.org/x/crypto/ssh"
 )
 
 // keyTypes are the SSH key types that we either try to read from the
@@ -60,23 +60,23 @@ func main() {
 		log.Fatal("no host keys")
 	}
 
-	srv := &ssh.Server{
+	srv := &gliderssh.Server{
 		Addr:    *addr,
 		Version: "Tailscale",
 		Handler: handleSessionPostSSHAuth,
-		ServerConfigCallback: func(ctx ssh.Context) *gossh.ServerConfig {
+		ServerConfigCallback: func(ctx gliderssh.Context) *ssh.ServerConfig {
 			start := time.Now()
-			var spac gossh.ServerPreAuthConn
-			return &gossh.ServerConfig{
-				PreAuthConnCallback: func(conn gossh.ServerPreAuthConn) {
+			var spac ssh.ServerPreAuthConn
+			return &ssh.ServerConfig{
+				PreAuthConnCallback: func(conn ssh.ServerPreAuthConn) {
 					spac = conn
 				},
 				NoClientAuth: true, // required for the NoClientAuthCallback to run
-				NoClientAuthCallback: func(cm gossh.ConnMetadata) (*gossh.Permissions, error) {
+				NoClientAuthCallback: func(cm ssh.ConnMetadata) (*ssh.Permissions, error) {
 					spac.SendAuthBanner(fmt.Sprintf("# Banner: doing none auth at %v\r\n", time.Since(start)))
 
 					if cm.User() == "denyme" {
-						return nil, &gossh.BannerError{
+						return nil, &ssh.BannerError{
 							Err:     errors.New("denying access"),
 							Message: "denyme is not allowed to access this machine\n",
 						}
@@ -96,7 +96,7 @@ func main() {
 					}
 					return nil, nil
 				},
-				BannerCallback: func(cm gossh.ConnMetadata) string {
+				BannerCallback: func(cm ssh.ConnMetadata) string {
 					log.Printf("Got connection from user %q, %q from %v", cm.User(), cm.ClientVersion(), cm.RemoteAddr())
 					return fmt.Sprintf("# Banner for user %q, %q\n", cm.User(), cm.ClientVersion())
 				},
@@ -115,7 +115,7 @@ func main() {
 	log.Printf("done")
 }
 
-func handleSessionPostSSHAuth(s ssh.Session) {
+func handleSessionPostSSHAuth(s gliderssh.Session) {
 	log.Printf("Started session from user %q", s.User())
 	fmt.Fprintf(s, "Hello user %q, it worked.\n", s.User())
 
@@ -143,13 +143,13 @@ func handleSessionPostSSHAuth(s ssh.Session) {
 	s.Exit(0)
 }
 
-func getHostKeys(dir string) (ret []ssh.Signer, err error) {
+func getHostKeys(dir string) (ret []gliderssh.Signer, err error) {
 	for _, typ := range keyTypes {
 		hostKey, err := hostKeyFileOrCreate(dir, typ)
 		if err != nil {
 			return nil, err
 		}
-		signer, err := gossh.ParsePrivateKey(hostKey)
+		signer, err := ssh.ParsePrivateKey(hostKey)
 		if err != nil {
 			return nil, err
 		}

cmd/tailscaled/depaware.txt

@@ -6,7 +6,7 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de
    W 💣 github.com/alexbrainman/sspi                                 from github.com/alexbrainman/sspi/internal/common+
    W    github.com/alexbrainman/sspi/internal/common                 from github.com/alexbrainman/sspi/negotiate
    W 💣 github.com/alexbrainman/sspi/negotiate                       from tailscale.com/net/tshttpproxy
-  LD    github.com/anmitsu/go-shlex                                  from tailscale.com/tempfork/gliderlabs/ssh
+  LD    github.com/anmitsu/go-shlex                                  from github.com/tailscale/gliderssh
    L    github.com/aws/aws-sdk-go-v2/aws                             from github.com/aws/aws-sdk-go-v2/aws/defaults+
    L    github.com/aws/aws-sdk-go-v2/aws/arn                         from tailscale.com/ipn/store/awsstore
    L    github.com/aws/aws-sdk-go-v2/aws/defaults                    from github.com/aws/aws-sdk-go-v2/service/ssm+
@@ -176,6 +176,7 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de
    D    github.com/prometheus-community/pro-bing                     from tailscale.com/wgengine/netstack
    L 💣 github.com/safchain/ethtool                                  from tailscale.com/net/netkernelconf+
    W 💣 github.com/tailscale/certstore                               from tailscale.com/control/controlclient
+  LD    github.com/tailscale/gliderssh                               from tailscale.com/ssh/tailssh
    W 💣 github.com/tailscale/go-winio                                from tailscale.com/safesocket
    W 💣 github.com/tailscale/go-winio/internal/fs                    from github.com/tailscale/go-winio
    W 💣 github.com/tailscale/go-winio/internal/socket                from github.com/tailscale/go-winio
@@ -393,7 +394,6 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de
         tailscale.com/syncs                                          from tailscale.com/cmd/tailscaled+
         tailscale.com/tailcfg                                        from tailscale.com/client/local+
         tailscale.com/tempfork/acme                                  from tailscale.com/ipn/ipnlocal
-  LD    tailscale.com/tempfork/gliderlabs/ssh                        from tailscale.com/ssh/tailssh
         tailscale.com/tempfork/heap                                  from tailscale.com/wgengine/magicsock
         tailscale.com/tempfork/httprec                               from tailscale.com/feature/c2n
         tailscale.com/tka                                            from tailscale.com/client/local+