go.mod: use tailscale/golang-x-crypto that only includes acme package

Updates #8593 Signed-off-by: Percy Wegmann <percy@tailscale.com>
ssh/tailssh: remove dependency on forked golang.org/x/crypto
2024-06-06 06:28:53 -05:00 · 2024-06-06 06:28:53 -05:00 · 2024-06-06 06:28:52 -05:00 · 2024-06-06 06:28:30 -05:00
22 changed files with 253 additions and 791 deletions
--- a/cmd/ssh-auth-none-demo/ssh-auth-none-demo.go
+++ b/cmd/ssh-auth-none-demo/ssh-auth-none-demo.go
@@ -1,187 +0,0 @@
-// Copyright (c) Tailscale Inc & AUTHORS
-// SPDX-License-Identifier: BSD-3-Clause
-
-// ssh-auth-none-demo is a demo SSH server that's meant to run on the
-// public internet (at 188.166.70.128 port 2222) and
-// highlight the unique parts of the Tailscale SSH server so SSH
-// client authors can hit it easily and fix their SSH clients without
-// needing to set up Tailscale and Tailscale SSH.
-package main
-
-import (
-	"crypto/ecdsa"
-	"crypto/ed25519"
-	"crypto/elliptic"
-	"crypto/rand"
-	"crypto/rsa"
-	"crypto/x509"
-	"encoding/pem"
-	"flag"
-	"fmt"
-	"io"
-	"log"
-	"os"
-	"path/filepath"
-	"time"
-
-	gossh "github.com/tailscale/golang-x-crypto/ssh"
-	"tailscale.com/tempfork/gliderlabs/ssh"
-)
-
-// keyTypes are the SSH key types that we either try to read from the
-// system's OpenSSH keys.
-var keyTypes = []string{"rsa", "ecdsa", "ed25519"}
-
-var (
-	addr = flag.String("addr", ":2222", "address to listen on")
-)
-
-func main() {
-	flag.Parse()
-
-	cacheDir, err := os.UserCacheDir()
-	if err != nil {
-		log.Fatal(err)
-	}
-	dir := filepath.Join(cacheDir, "ssh-auth-none-demo")
-	if err := os.MkdirAll(dir, 0700); err != nil {
-		log.Fatal(err)
-	}
-
-	keys, err := getHostKeys(dir)
-	if err != nil {
-		log.Fatal(err)
-	}
-	if len(keys) == 0 {
-		log.Fatal("no host keys")
-	}
-
-	srv := &ssh.Server{
-		Addr:    *addr,
-		Version: "Tailscale",
-		Handler: handleSessionPostSSHAuth,
-		ServerConfigCallback: func(ctx ssh.Context) *gossh.ServerConfig {
-			start := time.Now()
-			return &gossh.ServerConfig{
-				NextAuthMethodCallback: func(conn gossh.ConnMetadata, prevErrors []error) []string {
-					return []string{"tailscale"}
-				},
-				NoClientAuth: true, // required for the NoClientAuthCallback to run
-				NoClientAuthCallback: func(cm gossh.ConnMetadata) (*gossh.Permissions, error) {
-					cm.SendAuthBanner(fmt.Sprintf("# Banner: doing none auth at %v\r\n", time.Since(start)))
-
-					totalBanners := 2
-					if cm.User() == "banners" {
-						totalBanners = 5
-					}
-					for banner := 2; banner <= totalBanners; banner++ {
-						time.Sleep(time.Second)
-						if banner == totalBanners {
-							cm.SendAuthBanner(fmt.Sprintf("# Banner%d: access granted at %v\r\n", banner, time.Since(start)))
-						} else {
-							cm.SendAuthBanner(fmt.Sprintf("# Banner%d at %v\r\n", banner, time.Since(start)))
-						}
-					}
-					return nil, nil
-				},
-				BannerCallback: func(cm gossh.ConnMetadata) string {
-					log.Printf("Got connection from user %q, %q from %v", cm.User(), cm.ClientVersion(), cm.RemoteAddr())
-					return fmt.Sprintf("# Banner for user %q, %q\n", cm.User(), cm.ClientVersion())
-				},
-			}
-		},
-	}
-
-	for _, signer := range keys {
-		srv.AddHostKey(signer)
-	}
-
-	log.Printf("Running on %s ...", srv.Addr)
-	if err := srv.ListenAndServe(); err != nil {
-		log.Fatal(err)
-	}
-	log.Printf("done")
-}
-
-func handleSessionPostSSHAuth(s ssh.Session) {
-	log.Printf("Started session from user %q", s.User())
-	fmt.Fprintf(s, "Hello user %q, it worked.\n", s.User())
-
-	// Abort the session on Control-C or Control-D.
-	go func() {
-		buf := make([]byte, 1024)
-		for {
-			n, err := s.Read(buf)
-			for _, b := range buf[:n] {
-				if b <= 4 { // abort on Control-C (3) or Control-D (4)
-					io.WriteString(s, "bye\n")
-					s.Exit(1)
-				}
-			}
-			if err != nil {
-				return
-			}
-		}
-	}()
-
-	for i := 10; i > 0; i-- {
-		fmt.Fprintf(s, "%v ...\n", i)
-		time.Sleep(time.Second)
-	}
-	s.Exit(0)
-}
-
-func getHostKeys(dir string) (ret []ssh.Signer, err error) {
-	for _, typ := range keyTypes {
-		hostKey, err := hostKeyFileOrCreate(dir, typ)
-		if err != nil {
-			return nil, err
-		}
-		signer, err := gossh.ParsePrivateKey(hostKey)
-		if err != nil {
-			return nil, err
-		}
-		ret = append(ret, signer)
-	}
-	return ret, nil
-}
-
-func hostKeyFileOrCreate(keyDir, typ string) ([]byte, error) {
-	path := filepath.Join(keyDir, "ssh_host_"+typ+"_key")
-	v, err := os.ReadFile(path)
-	if err == nil {
-		return v, nil
-	}
-	if !os.IsNotExist(err) {
-		return nil, err
-	}
-	var priv any
-	switch typ {
-	default:
-		return nil, fmt.Errorf("unsupported key type %q", typ)
-	case "ed25519":
-		_, priv, err = ed25519.GenerateKey(rand.Reader)
-	case "ecdsa":
-		// curve is arbitrary. We pick whatever will at
-		// least pacify clients as the actual encryption
-		// doesn't matter: it's all over WireGuard anyway.
-		curve := elliptic.P256()
-		priv, err = ecdsa.GenerateKey(curve, rand.Reader)
-	case "rsa":
-		// keySize is arbitrary. We pick whatever will at
-		// least pacify clients as the actual encryption
-		// doesn't matter: it's all over WireGuard anyway.
-		const keySize = 2048
-		priv, err = rsa.GenerateKey(rand.Reader, keySize)
-	}
-	if err != nil {
-		return nil, err
-	}
-	mk, err := x509.MarshalPKCS8PrivateKey(priv)
-	if err != nil {
-		return nil, err
-	}
-	pemGen := pem.EncodeToMemory(&pem.Block{Type: "PRIVATE KEY", Bytes: mk})
-	err = os.WriteFile(path, pemGen, 0700)
-	return pemGen, err
-}
--- a/go.mod
+++ b/go.mod
@@ -2,6 +2,10 @@ module tailscale.com

 go 1.22.0

+// The below is only necessary until https://go-review.googlesource.com/c/crypto/+/578735
+// is merged upstream.
+replace golang.org/x/crypto => github.com/tailscale/golang-x-crypto v0.24.1-0.20240604203957-4df547dc18d8
+
 require (
 	filippo.io/mkcert v1.4.4
 	fybrik.io/crdoc v0.6.3
@@ -73,7 +77,7 @@ require (
 	github.com/tailscale/certstore v0.1.1-0.20231202035212-d3fa0460f47e
 	github.com/tailscale/depaware v0.0.0-20210622194025-720c4b409502
 	github.com/tailscale/goexpect v0.0.0-20210902213824-6e8c725cea41
-	github.com/tailscale/golang-x-crypto v0.0.0-20240604161659-3fde5e568aa4
+	github.com/tailscale/golang-x-crypto v0.24.1-0.20240605212521-1c499592d968
 	github.com/tailscale/goupnp v1.0.1-0.20210804011211-c64d0f06ea05
 	github.com/tailscale/hujson v0.0.0-20221223112325-20486734a56a
 	github.com/tailscale/mkctr v0.0.0-20240102155253-bf50773ba734
@@ -92,16 +96,16 @@ require (
 	go.uber.org/zap v1.26.0
 	go4.org/mem v0.0.0-20220726221520-4f986261bf13
 	go4.org/netipx v0.0.0-20231129151722-fdeea329fbba
-	golang.org/x/crypto v0.21.0
+	golang.org/x/crypto v0.24.0
 	golang.org/x/exp v0.0.0-20240119083558-1b970713d09a
-	golang.org/x/mod v0.16.0
-	golang.org/x/net v0.23.0
+	golang.org/x/mod v0.17.0
+	golang.org/x/net v0.25.0
 	golang.org/x/oauth2 v0.16.0
-	golang.org/x/sync v0.6.0
-	golang.org/x/sys v0.19.0
-	golang.org/x/term v0.18.0
+	golang.org/x/sync v0.7.0
+	golang.org/x/sys v0.21.0
+	golang.org/x/term v0.21.0
 	golang.org/x/time v0.5.0
-	golang.org/x/tools v0.19.0
+	golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d
 	golang.zx2c4.com/wintun v0.0.0-20230126152724-0fa3db229ce2
 	golang.zx2c4.com/wireguard/windows v0.5.3
 	gopkg.in/square/go-jose.v2 v2.6.0
@@ -126,6 +130,7 @@ require (
 	github.com/dave/astrid v0.0.0-20170323122508-8c2895878b14 // indirect
 	github.com/dave/brenda v1.1.0 // indirect
 	github.com/dustin/go-humanize v1.0.1 // indirect
+	github.com/gliderlabs/ssh v0.3.7 // indirect
 	github.com/gobuffalo/flect v1.0.2 // indirect
 	github.com/google/gnostic-models v0.6.9-0.20230804172637-c7be7c783f49 // indirect
 	github.com/gorilla/securecookie v1.1.2 // indirect
@@ -375,7 +380,7 @@ require (
 	go.uber.org/multierr v1.11.0 // indirect
 	golang.org/x/exp/typeparams v0.0.0-20240119083558-1b970713d09a // indirect
 	golang.org/x/image v0.15.0 // indirect
-	golang.org/x/text v0.14.0 // indirect
+	golang.org/x/text v0.16.0 // indirect
 	gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
 	google.golang.org/appengine v1.6.8 // indirect
 	google.golang.org/protobuf v1.33.0 // indirect
--- a/go.sum
+++ b/go.sum
@@ -305,8 +305,8 @@ github.com/gaissmai/bart v0.4.1 h1:G1t58voWkNmT47lBDawH5QhtTDsdqRIO+ftq5x4P9Ls=
 github.com/gaissmai/bart v0.4.1/go.mod h1:KHeYECXQiBjTzQz/om2tqn3sZF1J7hw9m6z41ftj3fg=
 github.com/github/fakeca v0.1.0 h1:Km/MVOFvclqxPM9dZBC4+QE564nU4gz4iZ0D9pMw28I=
 github.com/github/fakeca v0.1.0/go.mod h1:+bormgoGMMuamOscx7N91aOuUST7wdaJ2rNjeohylyo=
-github.com/gliderlabs/ssh v0.3.5 h1:OcaySEmAQJgyYcArR+gGGTHCyE7nvhEMTlYY+Dp8CpY=
-github.com/gliderlabs/ssh v0.3.5/go.mod h1:8XB4KraRrX39qHhT6yxPsHedjA08I/uBVwj4xC+/+z4=
+github.com/gliderlabs/ssh v0.3.7 h1:iV3Bqi942d9huXnzEF2Mt+CY9gLu8DNM4Obd+8bODRE=
+github.com/gliderlabs/ssh v0.3.7/go.mod h1:zpHEXBstFnQYtGnB8k8kQLol82umzn/2/snG7alWVD8=
 github.com/go-critic/go-critic v0.8.0 h1:4zOcpvDoKvBOl+R1W81IBznr78f8YaE4zKXkfDVxGGA=
 github.com/go-critic/go-critic v0.8.0/go.mod h1:5TjdkPI9cu/yKbYS96BTsslihjKd6zg6vd8O9RZXj2s=
 github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 h1:+zs/tPmkDkHx3U66DAb0lQFJrpS6731Oaa12ikc+DiI=
@@ -894,8 +894,10 @@ github.com/tailscale/go-winio v0.0.0-20231025203758-c4f33415bf55 h1:Gzfnfk2TWrk8
 github.com/tailscale/go-winio v0.0.0-20231025203758-c4f33415bf55/go.mod h1:4k4QO+dQ3R5FofL+SanAUZe+/QfeK0+OIuwDIRu2vSg=
 github.com/tailscale/goexpect v0.0.0-20210902213824-6e8c725cea41 h1:/V2rCMMWcsjYaYO2MeovLw+ClP63OtXgCF2Y1eb8+Ns=
 github.com/tailscale/goexpect v0.0.0-20210902213824-6e8c725cea41/go.mod h1:/roCdA6gg6lQyw/Oz6gIIGu3ggJKYhF+WC/AQReE5XQ=
-github.com/tailscale/golang-x-crypto v0.0.0-20240604161659-3fde5e568aa4 h1:rXZGgEa+k2vJM8xT0PoSKfVXwFGPQ3z3CJfmnHJkZZw=
-github.com/tailscale/golang-x-crypto v0.0.0-20240604161659-3fde5e568aa4/go.mod h1:ikbF+YT089eInTp9f2vmvy4+ZVnW5hzX1q2WknxSprQ=
+github.com/tailscale/golang-x-crypto v0.24.1-0.20240604203957-4df547dc18d8 h1:Kqbsk7lCOiXJbtfHJQxUCVO0B4jXLVvUZDcMFR+BrnA=
+github.com/tailscale/golang-x-crypto v0.24.1-0.20240604203957-4df547dc18d8/go.mod h1:Z1PMYSOR5nyMcyAVAIQSKCDwalqy85Aqn1x3Ws4L5DM=
+github.com/tailscale/golang-x-crypto v0.24.1-0.20240605212521-1c499592d968 h1:zSJBqrQapCyUIZbUviCa9JB1DP9/H/ly4tsZ4ls+/kI=
+github.com/tailscale/golang-x-crypto v0.24.1-0.20240605212521-1c499592d968/go.mod h1:bVPdgkCQwVqJE0Nv/jMsEIkZgXcoeLoRZZPSbJ7zdao=
 github.com/tailscale/goupnp v1.0.1-0.20210804011211-c64d0f06ea05 h1:4chzWmimtJPxRs2O36yuGRW3f9SYV+bMTTvMBI0EKio=
 github.com/tailscale/goupnp v1.0.1-0.20210804011211-c64d0f06ea05/go.mod h1:PdCqy9JzfWMJf1H5UJW2ip33/d4YkoKN0r67yKH1mG8=
 github.com/tailscale/hujson v0.0.0-20221223112325-20486734a56a h1:SJy1Pu0eH1C29XwJucQo73FrleVK6t4kYz4NVhp34Yw=
@@ -994,22 +996,6 @@ go4.org/mem v0.0.0-20220726221520-4f986261bf13 h1:CbZeCBZ0aZj8EfVgnqQcYZgf0lpZ3H
 go4.org/mem v0.0.0-20220726221520-4f986261bf13/go.mod h1:reUoABIJ9ikfM5sgtSF3Wushcza7+WeD01VB9Lirh3g=
 go4.org/netipx v0.0.0-20231129151722-fdeea329fbba h1:0b9z3AuHCjxk0x/opv64kcgZLBseWJUpBw5I82+2U4M=
 go4.org/netipx v0.0.0-20231129151722-fdeea329fbba/go.mod h1:PLyyIXexvUFg3Owu6p/WfdlivPbZJsZdgWZlrGope/Y=
-golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
-golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
-golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw=
-golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
-golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
-golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
-golang.org/x/crypto v0.21.0 h1:X31++rzVUdKhX5sWmSOFZxx8UW/ldWx55cbf08iNAMA=
-golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@@ -1058,15 +1044,16 @@ golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91
 golang.org/x/mod v0.6.0/go.mod h1:4mET923SAdbXp2ki8ey+zGs1SLqsuM2Y0uvdZR/fUNI=
 golang.org/x/mod v0.7.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
-golang.org/x/mod v0.16.0 h1:QX4fJ0Rr5cPQCF7O9lh9Se4pmwfwskqZfq5moyldzic=
-golang.org/x/mod v0.16.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
+golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
+golang.org/x/mod v0.15.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
+golang.org/x/mod v0.17.0 h1:zY54UmvipHiNd+pm+m0x9KhZ9hl1/7QNMyxXbc6ICqA=
+golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
@@ -1092,20 +1079,19 @@ golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwY
 golang.org/x/net v0.0.0-20201031054903-ff519b6c9102/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20201209123823-ac852fbbde11/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
-golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
 golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
 golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco=
 golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
 golang.org/x/net v0.3.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE=
 golang.org/x/net v0.5.0/go.mod h1:DivGGAXEgPSlEBzxGzZI+ZLohi+xUj054jfeKui00ws=
 golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
-golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
-golang.org/x/net v0.23.0 h1:7EYJ93RZ9vYSZAIb2x3lnuvqO5zneoD6IvWjuhfxjTs=
-golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg=
+golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk=
+golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44=
+golang.org/x/net v0.25.0 h1:d/OCCoBEUq33pjydKrGQhw7IlUPI2Oylr+8qLx49kac=
+golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -1131,8 +1117,10 @@ golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.6.0 h1:5BMeUDZ7vkXGfEr1x9B4bRcTH4lpkTkpdh0T/J+qjbQ=
+golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
 golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M=
+golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -1199,8 +1187,12 @@ golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.4.1-0.20230131160137-e7d7f63158de/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o=
-golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws=
+golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2/go.mod h1:TeRTkGYfJXctD9OcfyVLyj2J3IxLnKwHJR8f4D8a3YE=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
@@ -1208,9 +1200,11 @@ golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
 golang.org/x/term v0.3.0/go.mod h1:q750SLmJuPmVoN1blW3UFBPREJfb1KmY3vwxfr+nFDA=
 golang.org/x/term v0.4.0/go.mod h1:9P2UbLfCdcvo3p/nzKvsmas4TnlujnuoV9hGgYzW1lQ=
 golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
-golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
-golang.org/x/term v0.18.0 h1:FcHjZXDMxI8mM3nwhX9HlKop4C0YQvCVCdwYl2wOtE8=
-golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58=
+golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU=
+golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk=
+golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY=
+golang.org/x/term v0.21.0 h1:WVXCp+/EBEHOj53Rvu+7KiT/iElMrO8ACK16SMZ3jaA=
+golang.org/x/term v0.21.0/go.mod h1:ooXLefLobQVslOqselCNF4SxFAaoS6KujMbsGzSDmX0=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -1224,9 +1218,11 @@ golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.5.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.6.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
-golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
-golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
+golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
+golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
+golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4=
+golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
@@ -1305,8 +1301,9 @@ golang.org/x/tools v0.3.0/go.mod h1:/rWhSS2+zyEVwoJf8YAX6L2f0ntZ7Kn/mGgAWcipA5k=
 golang.org/x/tools v0.4.0/go.mod h1:UE5sM2OK9E/d67R0ANs2xJizIymRP5gJU295PvKXxjQ=
 golang.org/x/tools v0.5.0/go.mod h1:N+Kgy78s5I24c24dU8OfWNEotWjutIs8SnJvn5IDq+k=
 golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
-golang.org/x/tools v0.19.0 h1:tfGCXNR1OsFG+sVdLAitlpjAvD/I6dHDKnYrpEZUHkw=
-golang.org/x/tools v0.19.0/go.mod h1:qoJWxmGSIBmAeriMx19ogtrEPrGtDbPK634QFIcLAhc=
+golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58=
+golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d h1:vU5i/LfpvrRCpgM/VPfJLg5KjxD3E+hfT1SH+d9zLwg=
+golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
--- a/ipn/ipnlocal/ssh.go
+++ b/ipn/ipnlocal/ssh.go
@@ -24,8 +24,8 @@ import (
 	"strings"
 	"sync"

-	"github.com/tailscale/golang-x-crypto/ssh"
 	"go4.org/mem"
+	"golang.org/x/crypto/ssh"
 	"tailscale.com/tailcfg"
 	"tailscale.com/util/lineread"
 	"tailscale.com/util/mak"
--- a/ssh/tailssh/tailssh.go
+++ b/ssh/tailssh/tailssh.go
@@ -10,7 +10,6 @@ import (
 	"bytes"
 	"context"
 	"crypto/rand"
-	"encoding/base64"
 	"encoding/json"
 	"errors"
 	"fmt"
@@ -31,7 +30,7 @@ import (
 	"syscall"
 	"time"

-	gossh "github.com/tailscale/golang-x-crypto/ssh"
+	gossh "golang.org/x/crypto/ssh"
 	"tailscale.com/envknob"
 	"tailscale.com/ipn/ipnlocal"
 	"tailscale.com/logtail/backoff"
@@ -80,16 +79,14 @@ type server struct {
 	logf           logger.Logf
 	tailscaledPath string

-	pubKeyHTTPClient *http.Client     // or nil for http.DefaultClient
-	timeNow          func() time.Time // or nil for time.Now
+	timeNow func() time.Time // or nil for time.Now

 	sessionWaitGroup sync.WaitGroup

 	// mu protects the following
-	mu                   sync.Mutex
-	activeConns          map[*conn]bool              // set; value is always true
-	fetchPublicKeysCache map[string]pubKeyCacheEntry // by https URL
-	shutdownCalled       bool
+	mu             sync.Mutex
+	activeConns    map[*conn]bool // set; value is always true
+	shutdownCalled bool
 }

 func (srv *server) now() time.Time {
@@ -203,8 +200,9 @@ func (srv *server) OnPolicyChange() {
 //   - ServerConfigCallback
 //
 // Do the user auth
-//   - NoClientAuthHandler
-//   - PublicKeyHandler (only if NoClientAuthHandler returns errPubKeyRequired)
+//   - welcomeBanner
+//   - noClientAuthCallback
+//   - passwordCallback (if username ends in +password)
 //
 // Once auth is done, the conn can be multiplexed with multiple sessions and
 // channels concurrently. At which point any of the following can be called
@@ -226,18 +224,16 @@ type conn struct {

 	// anyPasswordIsOkay is whether the client is authorized but has requested
 	// password-based auth to work around their buggy SSH client. When set, we
-	// accept any password in the PasswordHandler.
+	// accept any password in the passwordCallback.
 	anyPasswordIsOkay bool // set by NoClientAuthCallback

-	action0        *tailcfg.SSHAction // set by doPolicyAuth; first matching action
-	currentAction  *tailcfg.SSHAction // set by doPolicyAuth, updated by resolveNextAction
-	finalAction    *tailcfg.SSHAction // set by doPolicyAuth or resolveNextAction
-	finalActionErr error              // set by doPolicyAuth or resolveNextAction
+	action0      *tailcfg.SSHAction // the first action from authentication
+	action0Error error              // the first error from authentication
+	finalAction  *tailcfg.SSHAction // the final action from authentication

-	info         *sshConnInfo    // set by setInfo
-	localUser    *userMeta       // set by doPolicyAuth
-	userGroupIDs []string        // set by doPolicyAuth
-	pubKey       gossh.PublicKey // set by doPolicyAuth
+	info         *sshConnInfo // set by setInfo
+	localUser    *userMeta    // set by authenticate
+	userGroupIDs []string     // set by authenticate

 	// mu protects the following fields.
 	//
@@ -259,171 +255,185 @@ func (c *conn) vlogf(format string, args ...any) {
 	}
 }

-// isAuthorized walks through the action chain and returns nil if the connection
-// is authorized. If the connection is not authorized, it returns
-// errDenied. If the action chain resolution fails, it returns the
-// resolution error.
-func (c *conn) isAuthorized(ctx ssh.Context) error {
-	action := c.currentAction
-	for {
-		if action.Accept {
-			if c.pubKey != nil {
-				metricPublicKeyAccepts.Add(1)
-			}
-			return nil
+// clientAuthCallback is a callback that handles the authentication of
+// clients, irrespective of whether they're authenticating with none, password
+// or public key. It picks up where welcomeBanner() left off.
+func (c *conn) clientAuthCallback() (*gossh.Permissions, error) {
+	if c.action0Error != nil {
+		metricTerminalReject.Add(1)
+		return nil, c.action0Error
+	}
+
+	if c.finalAction != nil {
+		switch {
+		case c.finalAction.Reject:
+			// This should never happen, as c.action0Error should have already been set
+			panic("finalAction unexpectedly Reject")
+		case c.finalAction.Accept:
+			// Already authenticated.
+			metricTerminalAccept.Add(1)
+			return &gossh.Permissions{}, nil
 		}
-		if action.Reject || action.HoldAndDelegate == "" {
-			return errDenied
-		}
-		var err error
-		action, err = c.resolveNextAction(ctx)
+	}
+
+	// Further steps are required
+	url := c.action0.HoldAndDelegate
+	if url == "" {
+		metricTerminalMalformed.Add(1)
+		return nil, errors.New("reached Action that lacked Accept, Reject, and HoldAndDelegate")
+	}
+
+	ctx, cancel := context.WithTimeout(context.Background(), 30*time.Minute)
+	defer cancel()
+
+	metricHolds.Add(1)
+	url = c.expandDelegateURLLocked(url)
+
+	var err error
+	c.finalAction, err = c.fetchSSHAction(ctx, url)
+	if err != nil {
+		metricTerminalFetchError.Add(1)
+		return nil, fmt.Errorf("fetching SSHAction from %s: %w", url, err)
+	}
+
+	switch {
+	case c.finalAction.Accept:
+		metricTerminalReject.Add(1)
+		return &gossh.Permissions{}, nil
+	case c.finalAction.Reject:
+		metricTerminalAccept.Add(1)
+		return nil, errDenied(c.finalAction.Message)
+	default:
+		metricTerminalMalformed.Add(1)
+		return nil, errors.New("final action was neither accept nor reject")
+	}
+}
+
+// authenticate authenticates the connection, returning the next (possibly
+// final) tailcfg.SSHAction and, if it encounters a final error, the error.
+func (c *conn) authenticate() (*tailcfg.SSHAction, error) {
+	a, localUser, err := c.evaluatePolicy()
+	if err != nil {
+		return nil, fmt.Errorf("%w: %v", errDenied(""), err)
+	}
+
+	switch {
+	case a.Reject:
+		return nil, errDenied(a.Message)
+	case a.Accept || a.HoldAndDelegate != "":
+		lu, err := userLookup(localUser)
 		if err != nil {
-			return err
+			c.logf("failed to look up %v: %v", localUser, err)
+			return nil, bannerError(fmt.Sprintf("failed to look up %v\r\n", localUser), err)
 		}
-		if action.Message != "" {
-			if err := ctx.SendAuthBanner(action.Message); err != nil {
-				return err
-			}
+		gids, err := lu.GroupIds()
+		if err != nil {
+			c.logf("failed to look up local user's group IDs: %v", err)
+			return nil, bannerError("failed to look up local user's group IDs\r\n", err)
 		}
+		c.userGroupIDs = gids
+		c.localUser = lu
+		return a, nil
+	default:
+		// Shouldn't get here, but:
+		return nil, errDenied("")
 	}
 }

 // errDenied is returned by auth callbacks when a connection is denied by the
-// policy.
-var errDenied = errors.New("ssh: access denied")
+// policy. If message is non-empty, it returns a gossh.BannerError to make sure
+// the message gets displayed as an auth banner.
+func errDenied(message string) error {
+	err := errors.New("ssh: access denied")
+	if message == "" {
+		return err
+	}
+	return bannerError(message, err)
+}

-// errPubKeyRequired is returned by NoClientAuthCallback to make the client
-// resort to public-key auth; not user visible.
-var errPubKeyRequired = errors.New("ssh publickey required")
+func bannerError(message string, err error) error {
+	return &gossh.BannerError{
+		Err:     err,
+		Message: message,
+	}
+}

-// NoClientAuthCallback implements gossh.NoClientAuthCallback and is called by
+// noClientAuthCallback implements gossh.noClientAuthCallback and is called by
 // the ssh.Server when the client first connects with the "none"
 // authentication method.
 //
 // It is responsible for continuing policy evaluation from BannerCallback (or
 // starting it afresh). It returns an error if the policy evaluation fails, or
-// if the decision is "reject"
+// if the decision is "reject".
 //
-// It either returns nil (accept) or errPubKeyRequired or errDenied
-// (reject). The errors may be wrapped.
-func (c *conn) NoClientAuthCallback(ctx ssh.Context) error {
+// It either returns nil (accept) or errDenied (reject). The errors may be
+// wrapped.
+func (c *conn) noClientAuthCallback(cm gossh.ConnMetadata) (*gossh.Permissions, error) {
 	if c.insecureSkipTailscaleAuth {
-		return nil
+		return &gossh.Permissions{}, nil
 	}
-	if err := c.doPolicyAuth(ctx, nil /* no pub key */); err != nil {
-		return err
+	perms, err := c.clientAuthCallback()
+	if err != nil {
+		return nil, err
 	}
-	if err := c.isAuthorized(ctx); err != nil {
-		return err
-	}
-
 	// Let users specify a username ending in +password to force password auth.
 	// This exists for buggy SSH clients that get confused by success from
 	// "none" auth.
-	if strings.HasSuffix(ctx.User(), forcePasswordSuffix) {
+	if strings.HasSuffix(cm.User(), forcePasswordSuffix) {
 		c.anyPasswordIsOkay = true
-		return errors.New("any password please") // not shown to users
+		return nil, &gossh.PartialSuccessError{
+			Next: gossh.ServerAuthCallbacks{
+				PasswordCallback: c.passwordCallback,
+			},
+		}
 	}
-	return nil
+	return perms, nil
 }

-func (c *conn) nextAuthMethodCallback(cm gossh.ConnMetadata, prevErrors []error) (nextMethod []string) {
-	switch {
-	case c.anyPasswordIsOkay:
-		nextMethod = append(nextMethod, "password")
-	case len(prevErrors) > 0 && prevErrors[len(prevErrors)-1] == errPubKeyRequired:
-		nextMethod = append(nextMethod, "publickey")
-	}
-
-	// The fake "tailscale" method is always appended to next so OpenSSH renders
-	// that in parens as the final failure. (It also shows up in "ssh -v", etc)
-	nextMethod = append(nextMethod, "tailscale")
-	return
-}
-
-// fakePasswordHandler is our implementation of the PasswordHandler hook that
+// passwordCallback is our implementation of the PasswordCallback hook that
 // checks whether the user's password is correct. But we don't actually use
 // passwords. This exists only for when the user's username ends in "+password"
 // to signal that their SSH client is buggy and gets confused by auth type
 // "none" succeeding and they want our SSH server to require a dummy password
 // prompt instead. We then accept any password since we've already authenticated
 // & authorized them.
-func (c *conn) fakePasswordHandler(ctx ssh.Context, password string) bool {
-	return c.anyPasswordIsOkay
+func (c *conn) passwordCallback(_ gossh.ConnMetadata, password []byte) (*gossh.Permissions, error) {
+	return &gossh.Permissions{}, nil
 }

-// PublicKeyHandler implements ssh.PublicKeyHandler is called by the
-// ssh.Server when the client presents a public key.
-func (c *conn) PublicKeyHandler(ctx ssh.Context, pubKey ssh.PublicKey) error {
-	if err := c.doPolicyAuth(ctx, pubKey); err != nil {
-		// TODO(maisem/bradfitz): surface the error here.
-		c.logf("rejecting SSH public key %s: %v", bytes.TrimSpace(gossh.MarshalAuthorizedKey(pubKey)), err)
-		return err
+// welcomeBanner looks for a welcome banner to display prior to authentication.
+// For example, if SSH session recording is enabled, control will give us an
+// action message informing the user of this.
+// This function actually begins authentication in order to make sure it knows
+// if there's a banner to send.
+func (c *conn) welcomeBanner(cm gossh.ConnMetadata) (banner string) {
+	if c.insecureSkipTailscaleAuth {
+		return ""
 	}
-	if err := c.isAuthorized(ctx); err != nil {
-		return err
-	}
-	c.logf("accepting SSH public key %s", bytes.TrimSpace(gossh.MarshalAuthorizedKey(pubKey)))
-	return nil
-}

-// doPolicyAuth verifies that conn can proceed with the specified (optional)
-// pubKey. It returns nil if the matching policy action is Accept or
-// HoldAndDelegate. If pubKey is nil, there was no policy match but there is a
-// policy that might match a public key it returns errPubKeyRequired. Otherwise,
-// it returns errDenied.
-func (c *conn) doPolicyAuth(ctx ssh.Context, pubKey ssh.PublicKey) error {
-	if err := c.setInfo(ctx); err != nil {
+	if err := c.setInfo(cm); err != nil {
 		c.logf("failed to get conninfo: %v", err)
-		return errDenied
+		c.action0Error = errDenied("")
+		return ""
 	}
-	a, localUser, err := c.evaluatePolicy(pubKey)
-	if err != nil {
-		if pubKey == nil && c.havePubKeyPolicy() {
-			return errPubKeyRequired
+
+	c.action0, c.action0Error = c.authenticate()
+	if c.action0Error == nil {
+		if c.action0.Accept || c.action0.Reject {
+			c.finalAction = c.action0
 		}
-		return fmt.Errorf("%w: %v", errDenied, err)
+		return c.action0.Message
 	}
-	c.action0 = a
-	c.currentAction = a
-	c.pubKey = pubKey
-	if a.Message != "" {
-		if err := ctx.SendAuthBanner(a.Message); err != nil {
-			return fmt.Errorf("SendBanner: %w", err)
-		}
-	}
-	if a.Accept || a.HoldAndDelegate != "" {
-		if a.Accept {
-			c.finalAction = a
-		}
-		lu, err := userLookup(localUser)
-		if err != nil {
-			c.logf("failed to look up %v: %v", localUser, err)
-			ctx.SendAuthBanner(fmt.Sprintf("failed to look up %v\r\n", localUser))
-			return err
-		}
-		gids, err := lu.GroupIds()
-		if err != nil {
-			c.logf("failed to look up local user's group IDs: %v", err)
-			return err
-		}
-		c.userGroupIDs = gids
-		c.localUser = lu
-		return nil
-	}
-	if a.Reject {
-		c.finalAction = a
-		return errDenied
-	}
-	// Shouldn't get here, but:
-	return errDenied
+
+	return ""
 }

 // ServerConfig implements ssh.ServerConfigCallback.
 func (c *conn) ServerConfig(ctx ssh.Context) *gossh.ServerConfig {
 	return &gossh.ServerConfig{
-		NoClientAuth:           true, // required for the NoClientAuthCallback to run
-		NextAuthMethodCallback: c.nextAuthMethodCallback,
+		BannerCallback:       c.welcomeBanner,
+		NoClientAuth:         true, // required for the NoClientAuthCallback to run
+		NoClientAuthCallback: c.noClientAuthCallback,
 	}
 }

@@ -434,7 +444,7 @@ func (srv *server) newConn() (*conn, error) {
 		// Stop accepting new connections.
 		// Connections in the auth phase are handled in handleConnPostSSHAuth.
 		// Existing sessions are terminated by Shutdown.
-		return nil, errDenied
+		return nil, errDenied("")
 	}
 	srv.mu.Unlock()
 	c := &conn{srv: srv}
@@ -445,10 +455,6 @@ func (srv *server) newConn() (*conn, error) {
 		Version:              "Tailscale",
 		ServerConfigCallback: c.ServerConfig,

-		NoClientAuthHandler: c.NoClientAuthCallback,
-		PublicKeyHandler:    c.PublicKeyHandler,
-		PasswordHandler:     c.fakePasswordHandler,
-
 		Handler:                       c.handleSessionPostSSHAuth,
 		LocalPortForwardingCallback:   c.mayForwardLocalPortTo,
 		ReversePortForwardingCallback: c.mayReversePortForwardTo,
@@ -514,34 +520,6 @@ func (c *conn) mayForwardLocalPortTo(ctx ssh.Context, destinationHost string, de
 	return false
 }

-// havePubKeyPolicy reports whether any policy rule may provide access by means
-// of a ssh.PublicKey.
-func (c *conn) havePubKeyPolicy() bool {
-	if c.info == nil {
-		panic("havePubKeyPolicy called before setInfo")
-	}
-	// Is there any rule that looks like it'd require a public key for this
-	// sshUser?
-	pol, ok := c.sshPolicy()
-	if !ok {
-		return false
-	}
-	for _, r := range pol.Rules {
-		if c.ruleExpired(r) {
-			continue
-		}
-		if mapLocalUser(r.SSHUsers, c.info.sshUser) == "" {
-			continue
-		}
-		for _, p := range r.Principals {
-			if len(p.PubKeys) > 0 && c.principalMatchesTailscaleIdentity(p) {
-				return true
-			}
-		}
-	}
-	return false
-}
-
 // sshPolicy returns the SSHPolicy for current node.
 // If there is no SSHPolicy in the netmap, it returns a debugPolicy
 // if one is defined.
@@ -589,14 +567,14 @@ func toIPPort(a net.Addr) (ipp netip.AddrPort) {

 // connInfo returns a populated sshConnInfo from the provided arguments,
 // validating only that they represent a known Tailscale identity.
-func (c *conn) setInfo(ctx ssh.Context) error {
+func (c *conn) setInfo(cm gossh.ConnMetadata) error {
 	if c.info != nil {
 		return nil
 	}
 	ci := &sshConnInfo{
-		sshUser: strings.TrimSuffix(ctx.User(), forcePasswordSuffix),
-		src:     toIPPort(ctx.RemoteAddr()),
-		dst:     toIPPort(ctx.LocalAddr()),
+		sshUser: strings.TrimSuffix(cm.User(), forcePasswordSuffix),
+		src:     toIPPort(cm.RemoteAddr()),
+		dst:     toIPPort(cm.LocalAddr()),
 	}
 	if !tsaddr.IsTailscaleIP(ci.dst.Addr()) {
 		return fmt.Errorf("tailssh: rejecting non-Tailscale local address %v", ci.dst)
@@ -611,124 +589,26 @@ func (c *conn) setInfo(ctx ssh.Context) error {
 	ci.node = node
 	ci.uprof = uprof

-	c.idH = ctx.SessionID()
+	c.idH = string(cm.SessionID())
 	c.info = ci
 	c.logf("handling conn: %v", ci.String())
 	return nil
 }

 // evaluatePolicy returns the SSHAction and localUser after evaluating
-// the SSHPolicy for this conn. The pubKey may be nil for "none" auth.
-func (c *conn) evaluatePolicy(pubKey gossh.PublicKey) (_ *tailcfg.SSHAction, localUser string, _ error) {
+// the SSHPolicy for this conn.
+func (c *conn) evaluatePolicy() (_ *tailcfg.SSHAction, localUser string, _ error) {
 	pol, ok := c.sshPolicy()
 	if !ok {
 		return nil, "", fmt.Errorf("tailssh: rejecting connection; no SSH policy")
 	}
-	a, localUser, ok := c.evalSSHPolicy(pol, pubKey)
+	a, localUser, ok := c.evalSSHPolicy(pol)
 	if !ok {
 		return nil, "", fmt.Errorf("tailssh: rejecting connection; no matching policy")
 	}
 	return a, localUser, nil
 }

-// pubKeyCacheEntry is the cache value for an HTTPS URL of public keys (like
-// "https://github.com/foo.keys")
-type pubKeyCacheEntry struct {
-	lines []string
-	etag  string // if sent by server
-	at    time.Time
-}
-
-const (
-	pubKeyCacheDuration      = time.Minute      // how long to cache non-empty public keys
-	pubKeyCacheEmptyDuration = 15 * time.Second // how long to cache empty responses
-)
-
-func (srv *server) fetchPublicKeysURLCached(url string) (ce pubKeyCacheEntry, ok bool) {
-	srv.mu.Lock()
-	defer srv.mu.Unlock()
-	// Mostly don't care about the size of this cache. Clean rarely.
-	if m := srv.fetchPublicKeysCache; len(m) > 50 {
-		tooOld := srv.now().Add(pubKeyCacheDuration * 10)
-		for k, ce := range m {
-			if ce.at.Before(tooOld) {
-				delete(m, k)
-			}
-		}
-	}
-	ce, ok = srv.fetchPublicKeysCache[url]
-	if !ok {
-		return ce, false
-	}
-	maxAge := pubKeyCacheDuration
-	if len(ce.lines) == 0 {
-		maxAge = pubKeyCacheEmptyDuration
-	}
-	return ce, srv.now().Sub(ce.at) < maxAge
-}
-
-func (srv *server) pubKeyClient() *http.Client {
-	if srv.pubKeyHTTPClient != nil {
-		return srv.pubKeyHTTPClient
-	}
-	return http.DefaultClient
-}
-
-// fetchPublicKeysURL fetches the public keys from a URL. The strings are in the
-// the typical public key "type base64-string [comment]" format seen at e.g.
-// https://github.com/USER.keys
-func (srv *server) fetchPublicKeysURL(url string) ([]string, error) {
-	if !strings.HasPrefix(url, "https://") {
-		return nil, errors.New("invalid URL scheme")
-	}
-
-	ce, ok := srv.fetchPublicKeysURLCached(url)
-	if ok {
-		return ce.lines, nil
-	}
-
-	ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
-	defer cancel()
-	req, err := http.NewRequestWithContext(ctx, "GET", url, nil)
-	if err != nil {
-		return nil, err
-	}
-	if ce.etag != "" {
-		req.Header.Add("If-None-Match", ce.etag)
-	}
-	res, err := srv.pubKeyClient().Do(req)
-	if err != nil {
-		return nil, err
-	}
-	defer res.Body.Close()
-	var lines []string
-	var etag string
-	switch res.StatusCode {
-	default:
-		err = fmt.Errorf("unexpected status %v", res.Status)
-		srv.logf("fetching public keys from %s: %v", url, err)
-	case http.StatusNotModified:
-		lines = ce.lines
-		etag = ce.etag
-	case http.StatusOK:
-		var all []byte
-		all, err = io.ReadAll(io.LimitReader(res.Body, 4<<10))
-		if s := strings.TrimSpace(string(all)); s != "" {
-			lines = strings.Split(s, "\n")
-		}
-		etag = res.Header.Get("Etag")
-	}
-
-	srv.mu.Lock()
-	defer srv.mu.Unlock()
-	mak.Set(&srv.fetchPublicKeysCache, url, pubKeyCacheEntry{
-		at:    srv.now(),
-		lines: lines,
-		etag:  etag,
-	})
-	return lines, err
-}
-
 // handleSessionPostSSHAuth runs an SSH session after the SSH-level authentication,
 // but not necessarily before all the Tailscale-level extra verification has
 // completed. It also handles SFTP requests.
@@ -756,62 +636,6 @@ func (c *conn) handleSessionPostSSHAuth(s ssh.Session) {
 	ss.run()
 }

-// resolveNextAction starts at c.currentAction and makes it way through the
-// action chain one step at a time. An action without a HoldAndDelegate is
-// considered the final action. Once a final action is reached, this function
-// will keep returning that action. It updates c.currentAction to the next
-// action in the chain. When the final action is reached, it also sets
-// c.finalAction to the final action.
-func (c *conn) resolveNextAction(sctx ssh.Context) (action *tailcfg.SSHAction, err error) {
-	if c.finalAction != nil || c.finalActionErr != nil {
-		return c.finalAction, c.finalActionErr
-	}
-
-	defer func() {
-		if action != nil {
-			c.currentAction = action
-			if action.Accept || action.Reject {
-				c.finalAction = action
-			}
-		}
-		if err != nil {
-			c.finalActionErr = err
-		}
-	}()
-
-	ctx, cancel := context.WithCancel(sctx)
-	defer cancel()
-
-	// Loop processing/fetching Actions until one reaches a
-	// terminal state (Accept, Reject, or invalid Action), or
-	// until fetchSSHAction times out due to the context being
-	// done (client disconnect) or its 30 minute timeout passes.
-	// (Which is a long time for somebody to see login
-	// instructions and go to a URL to do something.)
-	action = c.currentAction
-	if action.Accept || action.Reject {
-		if action.Reject {
-			metricTerminalReject.Add(1)
-		} else {
-			metricTerminalAccept.Add(1)
-		}
-		return action, nil
-	}
-	url := action.HoldAndDelegate
-	if url == "" {
-		metricTerminalMalformed.Add(1)
-		return nil, errors.New("reached Action that lacked Accept, Reject, and HoldAndDelegate")
-	}
-	metricHolds.Add(1)
-	url = c.expandDelegateURLLocked(url)
-	nextAction, err := c.fetchSSHAction(ctx, url)
-	if err != nil {
-		metricTerminalFetchError.Add(1)
-		return nil, fmt.Errorf("fetching SSHAction from %s: %w", url, err)
-	}
-	return nextAction, nil
-}
-
 func (c *conn) expandDelegateURLLocked(actionURL string) string {
 	nm := c.srv.lb.NetMap()
 	ci := c.info
@@ -830,18 +654,6 @@ func (c *conn) expandDelegateURLLocked(actionURL string) string {
 	).Replace(actionURL)
 }

-func (c *conn) expandPublicKeyURL(pubKeyURL string) string {
-	if !strings.Contains(pubKeyURL, "$") {
-		return pubKeyURL
-	}
-	loginName := c.info.uprof.LoginName
-	localPart, _, _ := strings.Cut(loginName, "@")
-	return strings.NewReplacer(
-		"$LOGINNAME_EMAIL", loginName,
-		"$LOGINNAME_LOCALPART", localPart,
-	).Replace(pubKeyURL)
-}
-
 // sshSession is an accepted Tailscale SSH session.
 type sshSession struct {
 	ssh.Session
@@ -892,7 +704,7 @@ func (c *conn) newSSHSession(s ssh.Session) *sshSession {

 // isStillValid reports whether the conn is still valid.
 func (c *conn) isStillValid() bool {
-	a, localUser, err := c.evaluatePolicy(c.pubKey)
+	a, localUser, err := c.evaluatePolicy()
 	c.vlogf("stillValid: %+v %v %v", a, localUser, err)
 	if err != nil {
 		return false
@@ -1275,9 +1087,9 @@ func (c *conn) ruleExpired(r *tailcfg.SSHRule) bool {
 	return r.RuleExpires.Before(c.srv.now())
 }

-func (c *conn) evalSSHPolicy(pol *tailcfg.SSHPolicy, pubKey gossh.PublicKey) (a *tailcfg.SSHAction, localUser string, ok bool) {
+func (c *conn) evalSSHPolicy(pol *tailcfg.SSHPolicy) (a *tailcfg.SSHAction, localUser string, ok bool) {
 	for _, r := range pol.Rules {
-		if a, localUser, err := c.matchRule(r, pubKey); err == nil {
+		if a, localUser, err := c.matchRule(r); err == nil {
 			return a, localUser, true
 		}
 	}
@@ -1294,7 +1106,7 @@ var (
 	errInvalidConn    = errors.New("invalid connection state")
 )

-func (c *conn) matchRule(r *tailcfg.SSHRule, pubKey gossh.PublicKey) (a *tailcfg.SSHAction, localUser string, err error) {
+func (c *conn) matchRule(r *tailcfg.SSHRule) (a *tailcfg.SSHAction, localUser string, err error) {
 	defer func() {
 		c.vlogf("matchRule(%+v): %v", r, err)
 	}()
@@ -1324,7 +1136,7 @@ func (c *conn) matchRule(r *tailcfg.SSHRule, pubKey gossh.PublicKey) (a *tailcfg
 			return nil, "", errUserMatch
 		}
 	}
-	if ok, err := c.anyPrincipalMatches(r.Principals, pubKey); err != nil {
+	if ok, err := c.anyPrincipalMatches(r.Principals); err != nil {
 		return nil, "", err
 	} else if !ok {
 		return nil, "", errPrincipalMatch
@@ -1343,30 +1155,20 @@ func mapLocalUser(ruleSSHUsers map[string]string, reqSSHUser string) (localUser
 	return v
 }

-func (c *conn) anyPrincipalMatches(ps []*tailcfg.SSHPrincipal, pubKey gossh.PublicKey) (bool, error) {
+func (c *conn) anyPrincipalMatches(ps []*tailcfg.SSHPrincipal) (bool, error) {
 	for _, p := range ps {
 		if p == nil {
 			continue
 		}
-		if ok, err := c.principalMatches(p, pubKey); err != nil {
-			return false, err
-		} else if ok {
+		if c.principalMatchesTailscaleIdentity(p) {
 			return true, nil
 		}
 	}
 	return false, nil
 }

-func (c *conn) principalMatches(p *tailcfg.SSHPrincipal, pubKey gossh.PublicKey) (bool, error) {
-	if !c.principalMatchesTailscaleIdentity(p) {
-		return false, nil
-	}
-	return c.principalMatchesPubKey(p, pubKey)
-}
-
 // principalMatchesTailscaleIdentity reports whether one of p's four fields
 // that match the Tailscale identity match (Node, NodeIP, UserLogin, Any).
-// This function does not consider PubKeys.
 func (c *conn) principalMatchesTailscaleIdentity(p *tailcfg.SSHPrincipal) bool {
 	ci := c.info
 	if p.Any {
@@ -1386,42 +1188,6 @@ func (c *conn) principalMatchesTailscaleIdentity(p *tailcfg.SSHPrincipal) bool {
 	return false
 }

-func (c *conn) principalMatchesPubKey(p *tailcfg.SSHPrincipal, clientPubKey gossh.PublicKey) (bool, error) {
-	if len(p.PubKeys) == 0 {
-		return true, nil
-	}
-	if clientPubKey == nil {
-		return false, nil
-	}
-	knownKeys := p.PubKeys
-	if len(knownKeys) == 1 && strings.HasPrefix(knownKeys[0], "https://") {
-		var err error
-		knownKeys, err = c.srv.fetchPublicKeysURL(c.expandPublicKeyURL(knownKeys[0]))
-		if err != nil {
-			return false, err
-		}
-	}
-	for _, knownKey := range knownKeys {
-		if pubKeyMatchesAuthorizedKey(clientPubKey, knownKey) {
-			return true, nil
-		}
-	}
-	return false, nil
-}
-
-func pubKeyMatchesAuthorizedKey(pubKey ssh.PublicKey, wantKey string) bool {
-	wantKeyType, rest, ok := strings.Cut(wantKey, " ")
-	if !ok {
-		return false
-	}
-	if pubKey.Type() != wantKeyType {
-		return false
-	}
-	wantKeyB64, _, _ := strings.Cut(rest, " ")
-	wantKeyData, _ := base64.StdEncoding.DecodeString(wantKeyB64)
-	return len(wantKeyData) > 0 && bytes.Equal(pubKey.Marshal(), wantKeyData)
-}
-
 func randBytes(n int) []byte {
 	b := make([]byte, n)
 	if _, err := rand.Read(b); err != nil {
@@ -1918,7 +1684,6 @@ func envEq(a, b string) bool {
 var (
 	metricActiveSessions      = clientmetric.NewGauge("ssh_active_sessions")
 	metricIncomingConnections = clientmetric.NewCounter("ssh_incoming_connections")
-	metricPublicKeyAccepts    = clientmetric.NewCounter("ssh_publickey_accepts") // accepted subset of ssh_publickey_connections
 	metricTerminalAccept      = clientmetric.NewCounter("ssh_terminalaction_accept")
 	metricTerminalReject      = clientmetric.NewCounter("ssh_terminalaction_reject")
 	metricTerminalMalformed   = clientmetric.NewCounter("ssh_terminalaction_malformed")
--- a/ssh/tailssh/tailssh_integration_test.go
+++ b/ssh/tailssh/tailssh_integration_test.go
@@ -32,8 +32,7 @@ import (
 	"github.com/bramvdbogaerde/go-scp"
 	"github.com/google/go-cmp/cmp"
 	"github.com/pkg/sftp"
-	gossh "github.com/tailscale/golang-x-crypto/ssh"
-	"golang.org/x/crypto/ssh"
+	gossh "golang.org/x/crypto/ssh"
 	"tailscale.com/net/tsdial"
 	"tailscale.com/tailcfg"
 	"tailscale.com/types/key"
@@ -152,10 +151,10 @@ func TestIntegrationSSH(t *testing.T) {
 				s := testSession(t, test.forceV1Behavior)

 				if shell {
-					err := s.RequestPty("xterm", 40, 80, ssh.TerminalModes{
-						ssh.ECHO:          1,
-						ssh.TTY_OP_ISPEED: 14400,
-						ssh.TTY_OP_OSPEED: 14400,
+					err := s.RequestPty("xterm", 40, 80, gossh.TerminalModes{
+						gossh.ECHO:          1,
+						gossh.TTY_OP_ISPEED: 14400,
+						gossh.TTY_OP_OSPEED: 14400,
 					})
 					if err != nil {
 						t.Fatalf("unable to request PTY: %s", err)
@@ -317,7 +316,7 @@ func fallbackToSUAvailable() bool {
 }

 type session struct {
-	*ssh.Session
+	*gossh.Session

 	stdin  io.WriteCloser
 	stdout io.ReadCloser
@@ -374,7 +373,7 @@ readLoop:
 	return string(_got)
 }

-func testClient(t *testing.T, forceV1Behavior bool) *ssh.Client {
+func testClient(t *testing.T, forceV1Behavior bool) *gossh.Client {
 	t.Helper()

 	username := "testuser"
@@ -398,8 +397,8 @@ func testClient(t *testing.T, forceV1Behavior bool) *ssh.Client {
 		}
 	}()

-	cl, err := ssh.Dial("tcp", l.Addr().String(), &ssh.ClientConfig{
-		HostKeyCallback: ssh.InsecureIgnoreHostKey(),
+	cl, err := gossh.Dial("tcp", l.Addr().String(), &gossh.ClientConfig{
+		HostKeyCallback: gossh.InsecureIgnoreHostKey(),
 	})
 	if err != nil {
 		log.Fatal(err)
@@ -414,7 +413,7 @@ func testSession(t *testing.T, forceV1Behavior bool) *session {
 	return testSessionFor(t, cl)
 }

-func testSessionFor(t *testing.T, cl *ssh.Client) *session {
+func testSessionFor(t *testing.T, cl *gossh.Client) *session {
 	s, err := cl.NewSession()
 	if err != nil {
 		log.Fatal(err)
--- a/ssh/tailssh/tailssh_test.go
+++ b/ssh/tailssh/tailssh_test.go
@@ -10,7 +10,6 @@ import (
 	"context"
 	"crypto/ed25519"
 	"crypto/rand"
-	"crypto/sha256"
 	"encoding/json"
 	"errors"
 	"fmt"
@@ -31,7 +30,7 @@ import (
 	"testing"
 	"time"

-	gossh "github.com/tailscale/golang-x-crypto/ssh"
+	gossh "golang.org/x/crypto/ssh"
 	"tailscale.com/ipn/ipnlocal"
 	"tailscale.com/ipn/store/mem"
 	"tailscale.com/net/memnet"
@@ -209,7 +208,7 @@ func TestMatchRule(t *testing.T) {
 				info: tt.ci,
 				srv:  &server{logf: t.Logf},
 			}
-			got, gotUser, err := c.matchRule(tt.rule, nil)
+			got, gotUser, err := c.matchRule(tt.rule)
 			if err != tt.wantErr {
 				t.Errorf("err = %v; want %v", err, tt.wantErr)
 			}
@@ -694,25 +693,6 @@ func TestSSHAuthFlow(t *testing.T) {
 					"accept": acceptRule.Action,
 				},
 			},
-			wantBanners: []string{"Welcome to Tailscale SSH!"},
-		},
-		{
-			name: "multi-check",
-			state: &localState{
-				sshEnabled: true,
-				matchingRule: newSSHRule(&tailcfg.SSHAction{
-					Message:         "First",
-					HoldAndDelegate: "https://unused/ssh-action/check1",
-				}),
-				serverActions: map[string]*tailcfg.SSHAction{
-					"check1": {
-						Message:         "url-here",
-						HoldAndDelegate: "https://unused/ssh-action/check2",
-					},
-					"check2": acceptRule.Action,
-				},
-			},
-			wantBanners: []string{"First", "url-here", "Welcome to Tailscale SSH!"},
 		},
 		{
 			name: "check-reject",
@@ -739,6 +719,16 @@ func TestSSHAuthFlow(t *testing.T) {
 			usesPassword: true,
 			wantBanners:  []string{"Welcome to Tailscale SSH!"},
 		},
+		{
+			name:    "force-password-auth-reject",
+			sshUser: "alice+password",
+			state: &localState{
+				sshEnabled:   true,
+				matchingRule: rejectRule,
+			},
+			wantBanners: []string{"Go Away!"},
+			authErr:     true,
+		},
 	}
 	s := &server{
 		logf: logger.Discard,
@@ -990,89 +980,6 @@ func parseEnv(out []byte) map[string]string {
 	return e
 }

-func TestPublicKeyFetching(t *testing.T) {
-	var reqsTotal, reqsIfNoneMatchHit, reqsIfNoneMatchMiss int32
-	ts := httptest.NewUnstartedServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		atomic.AddInt32((&reqsTotal), 1)
-		etag := fmt.Sprintf("W/%q", sha256.Sum256([]byte(r.URL.Path)))
-		w.Header().Set("Etag", etag)
-		if v := r.Header.Get("If-None-Match"); v != "" {
-			if v == etag {
-				atomic.AddInt32(&reqsIfNoneMatchHit, 1)
-				w.WriteHeader(304)
-				return
-			}
-			atomic.AddInt32(&reqsIfNoneMatchMiss, 1)
-		}
-		io.WriteString(w, "foo\nbar\n"+string(r.URL.Path)+"\n")
-	}))
-	ts.StartTLS()
-	defer ts.Close()
-	keys := ts.URL
-
-	clock := &tstest.Clock{}
-	srv := &server{
-		pubKeyHTTPClient: ts.Client(),
-		timeNow:          clock.Now,
-	}
-	for range 2 {
-		got, err := srv.fetchPublicKeysURL(keys + "/alice.keys")
-		if err != nil {
-			t.Fatal(err)
-		}
-		if want := []string{"foo", "bar", "/alice.keys"}; !reflect.DeepEqual(got, want) {
-			t.Errorf("got %q; want %q", got, want)
-		}
-	}
-	if got, want := atomic.LoadInt32(&reqsTotal), int32(1); got != want {
-		t.Errorf("got %d requests; want %d", got, want)
-	}
-	if got, want := atomic.LoadInt32(&reqsIfNoneMatchHit), int32(0); got != want {
-		t.Errorf("got %d etag hits; want %d", got, want)
-	}
-	clock.Advance(5 * time.Minute)
-	got, err := srv.fetchPublicKeysURL(keys + "/alice.keys")
-	if err != nil {
-		t.Fatal(err)
-	}
-	if want := []string{"foo", "bar", "/alice.keys"}; !reflect.DeepEqual(got, want) {
-		t.Errorf("got %q; want %q", got, want)
-	}
-	if got, want := atomic.LoadInt32(&reqsTotal), int32(2); got != want {
-		t.Errorf("got %d requests; want %d", got, want)
-	}
-	if got, want := atomic.LoadInt32(&reqsIfNoneMatchHit), int32(1); got != want {
-		t.Errorf("got %d etag hits; want %d", got, want)
-	}
-	if got, want := atomic.LoadInt32(&reqsIfNoneMatchMiss), int32(0); got != want {
-		t.Errorf("got %d etag misses; want %d", got, want)
-	}
-
-}
-
-func TestExpandPublicKeyURL(t *testing.T) {
-	c := &conn{
-		info: &sshConnInfo{
-			uprof: tailcfg.UserProfile{
-				LoginName: "bar@baz.tld",
-			},
-		},
-	}
-	if got, want := c.expandPublicKeyURL("foo"), "foo"; got != want {
-		t.Errorf("basic: got %q; want %q", got, want)
-	}
-	if got, want := c.expandPublicKeyURL("https://example.com/$LOGINNAME_LOCALPART.keys"), "https://example.com/bar.keys"; got != want {
-		t.Errorf("localpart: got %q; want %q", got, want)
-	}
-	if got, want := c.expandPublicKeyURL("https://example.com/keys?email=$LOGINNAME_EMAIL"), "https://example.com/keys?email=bar@baz.tld"; got != want {
-		t.Errorf("email: got %q; want %q", got, want)
-	}
-	c.info = new(sshConnInfo)
-	if got, want := c.expandPublicKeyURL("https://example.com/keys?email=$LOGINNAME_EMAIL"), "https://example.com/keys?email="; got != want {
-		t.Errorf("on empty: got %q; want %q", got, want)
-	}
-}
-
 func TestAcceptEnvPair(t *testing.T) {
 	tests := []struct {
 		in   string
--- a/tailcfg/tailcfg.go
+++ b/tailcfg/tailcfg.go
@@ -2403,17 +2403,6 @@ type SSHPrincipal struct {
 	UserLogin string       `json:"userLogin,omitempty"` // email-ish: foo@example.com, bar@github
 	Any       bool         `json:"any,omitempty"`       // if true, match any connection
 	// TODO(bradfitz): add StableUserID, once that exists
-
-	// PubKeys, if non-empty, means that this SSHPrincipal only
-	// matches if one of these public keys is presented by the user.
-	//
-	// As a special case, if len(PubKeys) == 1 and PubKeys[0] starts
-	// with "https://", then it's fetched (like https://github.com/username.keys).
-	// In that case, the following variable expansions are also supported
-	// in the URL:
-	//   * $LOGINNAME_EMAIL ("foo@bar.com" or "foo@github")
-	//   * $LOGINNAME_LOCALPART (the "foo" from either of the above)
-	PubKeys []string `json:"pubKeys,omitempty"`
 }

 // SSHAction is how to handle an incoming connection.
--- a/tailcfg/tailcfg_clone.go
+++ b/tailcfg/tailcfg_clone.go
@@ -529,7 +529,6 @@ func (src *SSHPrincipal) Clone() *SSHPrincipal {
 	}
 	dst := new(SSHPrincipal)
 	*dst = *src
-	dst.PubKeys = append(src.PubKeys[:0:0], src.PubKeys...)
 	return dst
 }

@@ -539,7 +538,6 @@ var _SSHPrincipalCloneNeedsRegeneration = SSHPrincipal(struct {
 	NodeIP    string
 	UserLogin string
 	Any       bool
-	PubKeys   []string
 }{})

 // Clone makes a deep copy of ControlDialPlan.
--- a/tailcfg/tailcfg_view.go
+++ b/tailcfg/tailcfg_view.go
@@ -1258,11 +1258,10 @@ func (v *SSHPrincipalView) UnmarshalJSON(b []byte) error {
 	return nil
 }

-func (v SSHPrincipalView) Node() StableNodeID           { return v.ж.Node }
-func (v SSHPrincipalView) NodeIP() string               { return v.ж.NodeIP }
-func (v SSHPrincipalView) UserLogin() string            { return v.ж.UserLogin }
-func (v SSHPrincipalView) Any() bool                    { return v.ж.Any }
-func (v SSHPrincipalView) PubKeys() views.Slice[string] { return views.SliceOf(v.ж.PubKeys) }
+func (v SSHPrincipalView) Node() StableNodeID { return v.ж.Node }
+func (v SSHPrincipalView) NodeIP() string     { return v.ж.NodeIP }
+func (v SSHPrincipalView) UserLogin() string  { return v.ж.UserLogin }
+func (v SSHPrincipalView) Any() bool          { return v.ж.Any }

 // A compilation failure here means this code must be regenerated, with the command at the top of this file.
 var _SSHPrincipalViewNeedsRegeneration = SSHPrincipal(struct {
@@ -1270,7 +1269,6 @@ var _SSHPrincipalViewNeedsRegeneration = SSHPrincipal(struct {
 	NodeIP    string
 	UserLogin string
 	Any       bool
-	PubKeys   []string
 }{})

 // View returns a readonly view of ControlDialPlan.
--- a/tempfork/gliderlabs/ssh/agent.go
+++ b/tempfork/gliderlabs/ssh/agent.go
@@ -7,7 +7,7 @@ import (
 	"path"
 	"sync"

-	gossh "github.com/tailscale/golang-x-crypto/ssh"
+	gossh "golang.org/x/crypto/ssh"
 )

 const (
--- a/tempfork/gliderlabs/ssh/context.go
+++ b/tempfork/gliderlabs/ssh/context.go
@@ -6,7 +6,7 @@ import (
 	"net"
 	"sync"

-	gossh "github.com/tailscale/golang-x-crypto/ssh"
+	gossh "golang.org/x/crypto/ssh"
 )

 // contextKey is a value for use with context.WithValue. It's used as
@@ -55,8 +55,6 @@ var (
 	// ContextKeyPublicKey is a context key for use with Contexts in this package.
 	// The associated value will be of type PublicKey.
 	ContextKeyPublicKey = &contextKey{"public-key"}
-
-	ContextKeySendAuthBanner = &contextKey{"send-auth-banner"}
 )

 // Context is a package specific context interface. It exposes connection
@@ -91,8 +89,6 @@ type Context interface {

 	// SetValue allows you to easily write new values into the underlying context.
 	SetValue(key, value interface{})
-
-	SendAuthBanner(banner string) error
 }

 type sshContext struct {
@@ -121,7 +117,6 @@ func applyConnMetadata(ctx Context, conn gossh.ConnMetadata) {
 	ctx.SetValue(ContextKeyUser, conn.User())
 	ctx.SetValue(ContextKeyLocalAddr, conn.LocalAddr())
 	ctx.SetValue(ContextKeyRemoteAddr, conn.RemoteAddr())
-	ctx.SetValue(ContextKeySendAuthBanner, conn.SendAuthBanner)
 }

 func (ctx *sshContext) SetValue(key, value interface{}) {
@@ -158,7 +153,3 @@ func (ctx *sshContext) LocalAddr() net.Addr {
 func (ctx *sshContext) Permissions() *Permissions {
 	return ctx.Value(ContextKeyPermissions).(*Permissions)
 }
-
-func (ctx *sshContext) SendAuthBanner(msg string) error {
-	return ctx.Value(ContextKeySendAuthBanner).(func(string) error)(msg)
-}
--- a/tempfork/gliderlabs/ssh/options.go
+++ b/tempfork/gliderlabs/ssh/options.go
@@ -3,7 +3,7 @@ package ssh
 import (
 	"os"

-	gossh "github.com/tailscale/golang-x-crypto/ssh"
+	gossh "golang.org/x/crypto/ssh"
 )

 // PasswordAuth returns a functional option that sets PasswordHandler on the server.
--- a/tempfork/gliderlabs/ssh/options_test.go
+++ b/tempfork/gliderlabs/ssh/options_test.go
@@ -8,7 +8,7 @@ import (
 	"sync/atomic"
 	"testing"

-	gossh "github.com/tailscale/golang-x-crypto/ssh"
+	gossh "golang.org/x/crypto/ssh"
 )

 func newTestSessionWithOptions(t *testing.T, srv *Server, cfg *gossh.ClientConfig, options ...Option) (*gossh.Session, *gossh.Client, func()) {
--- a/tempfork/gliderlabs/ssh/server.go
+++ b/tempfork/gliderlabs/ssh/server.go
@@ -8,7 +8,7 @@ import (
 	"sync"
 	"time"

-	gossh "github.com/tailscale/golang-x-crypto/ssh"
+	gossh "golang.org/x/crypto/ssh"
 )

 // ErrServerClosed is returned by the Server's Serve, ListenAndServe,
--- a/tempfork/gliderlabs/ssh/session.go
+++ b/tempfork/gliderlabs/ssh/session.go
@@ -9,7 +9,7 @@ import (
 	"sync"

 	"github.com/anmitsu/go-shlex"
-	gossh "github.com/tailscale/golang-x-crypto/ssh"
+	gossh "golang.org/x/crypto/ssh"
 )

 // Session provides access to information about an SSH session and methods
--- a/tempfork/gliderlabs/ssh/session_test.go
+++ b/tempfork/gliderlabs/ssh/session_test.go
@@ -9,7 +9,7 @@ import (
 	"net"
 	"testing"

-	gossh "github.com/tailscale/golang-x-crypto/ssh"
+	gossh "golang.org/x/crypto/ssh"
 )

 func (srv *Server) serveOnce(l net.Listener) error {
--- a/tempfork/gliderlabs/ssh/ssh.go
+++ b/tempfork/gliderlabs/ssh/ssh.go
@@ -4,7 +4,7 @@ import (
 	"crypto/subtle"
 	"net"

-	gossh "github.com/tailscale/golang-x-crypto/ssh"
+	gossh "golang.org/x/crypto/ssh"
 )

 type Signal string
--- a/tempfork/gliderlabs/ssh/tcpip.go
+++ b/tempfork/gliderlabs/ssh/tcpip.go
@@ -7,7 +7,7 @@ import (
 	"strconv"
 	"sync"

-	gossh "github.com/tailscale/golang-x-crypto/ssh"
+	gossh "golang.org/x/crypto/ssh"
 )

 const (
--- a/tempfork/gliderlabs/ssh/tcpip_test.go
+++ b/tempfork/gliderlabs/ssh/tcpip_test.go
@@ -10,7 +10,7 @@ import (
 	"strings"
 	"testing"

-	gossh "github.com/tailscale/golang-x-crypto/ssh"
+	gossh "golang.org/x/crypto/ssh"
 )

 var sampleServerResponse = []byte("Hello world")
--- a/tempfork/gliderlabs/ssh/util.go
+++ b/tempfork/gliderlabs/ssh/util.go
@@ -5,7 +5,7 @@ import (
 	"crypto/rsa"
 	"encoding/binary"

-	"github.com/tailscale/golang-x-crypto/ssh"
+	"golang.org/x/crypto/ssh"
 )

 func generateSigner() (ssh.Signer, error) {
--- a/tempfork/gliderlabs/ssh/wrap.go
+++ b/tempfork/gliderlabs/ssh/wrap.go
@@ -1,6 +1,6 @@
 package ssh

-import gossh "github.com/tailscale/golang-x-crypto/ssh"
+import gossh "golang.org/x/crypto/ssh"

 // PublicKey is an abstraction of different types of public keys.
 type PublicKey interface {
Author	SHA1	Message	Date
Percy Wegmann	a83b40f881	go.mod: use tailscale/golang-x-crypto that only includes acme package Updates #8593 Signed-off-by: Percy Wegmann <percy@tailscale.com>	2024-06-06 06:28:53 -05:00
Percy Wegmann	f48c3e16e0	ssh/tailssh: remove dependency on forked golang.org/x/crypto Updates #8593 Signed-off-by: Percy Wegmann <percy@tailscale.com>	2024-06-06 06:28:53 -05:00
Percy Wegmann	f78e8f6ca6	ssh/tailssh: remove unused public key authentication logic Updates #8593 Signed-off-by: Percy Wegmann <percy@tailscale.com>	2024-06-06 06:28:52 -05:00
Percy Wegmann	51f7cb0903	ssh/tailssh: remove unused public key authentication logic In preparation for unforking golang.org/x/crypto/ssh. Updates #8593 Signed-off-by: Percy Wegmann <percy@tailscale.com>	2024-06-06 06:28:30 -05:00