Implement SSH Phase 13.1: Enterprise-level security configuration

- Add ssh_security_config.rs module (150 lines) - Define SshSecurityConfig structure (GatewayPorts, PermitOpen, etc.) - Implement enterprise_default() and development_default() - Add validate_tcpip_forward_request() security validation - Add validate_direct_tcpip_channel() security validation - Integrate SshSecurityConfig into server.rs - Add SSH_MSG_GLOBAL_REQUEST handling in service loop - Initialize PortForwardManager for port forwarding - Create data/ssh_config.json example file - Support session counting (increment/decrement) - All compilation tests passed successfully
2026-06-15 16:56:38 +08:00
parent 4b4d9c3805
commit a771a30e66
5 changed files with 392 additions and 16 deletions
--- a/data/auth.sqlite
+++ b/data/auth.sqlite
--- a/data/ssh_config.json
+++ b/data/ssh_config.json
@@ -0,0 +1,13 @@
+{
+  "ssh_server": {
+    "port": 2024,
+    "bind_address": "127.0.0.1",
+    "security": {
+      "gateway_ports": false,
+      "permit_open": ["localhost:*"],
+      "allow_tcp_forwarding": true,
+      "max_sessions": 10,
+      "connect_timeout": 30
+    }
+  }
+}