Skip to content

Commit

Permalink
helper/ssh: error if private key on SSH [GH-73]
Browse files Browse the repository at this point in the history
  • Loading branch information
@mitchellh
mitchellh committed Aug 5, 2014
1 parent 642fed0 commit a74775d
Show file tree
Hide file tree
Showing 2 changed files with 22 additions and 4 deletions.
10 changes: 6 additions & 4 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,17 +14,19 @@ BUG FIXES:

* core: Default variable file "terraform.tfvars" is auto-loaded. [GH-59]
* providers/cloudflare: Include the proper bins so the cloudflare
provider is compiled
provider is compiled
* providers/aws: Engine version for RDS now properly set [GH-118]
* providers/aws: Security groups now depend on each other and
* providers/aws: DB instances now wait for destroys, have proper
dependencies and allow passing skip_final_snapshot
dependencies and allow passing skip_final_snapshot
* providers/aws: Add associate_public_ip_address as an attribute on
the aws_instance resource [GH-85]
the aws_instance resource [GH-85]
* providers/aws: Fix cidr blocks being updated [GH-65, GH-85]
* providers/aws: Description is now required for security groups
* providers/digitalocean: Private IP addresses are now a separate
attribute
attribute
* provisioner/all: If an SSH key is given with a password, a better
error message is shown. [GH-73]

## 0.1.0 (July 28, 2014)

Expand Down
16 changes: 16 additions & 0 deletions helper/ssh/provisioner.go
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
package ssh

import (
"encoding/pem"
"fmt"
"io/ioutil"
"log"
Expand Down Expand Up @@ -105,10 +106,25 @@ func PrepareConfig(conf *SSHConfig) (*Config, error) {
if err != nil {
return nil, fmt.Errorf("Failed to read key file '%s': %v", conf.KeyFile, err)
}

// We parse the private key on our own first so that we can
// show a nicer error if the private key has a password.
block, _ := pem.Decode(key)
if block == nil {
return nil, fmt.Errorf(
"Failed to read key '%s': no key found", conf.KeyFile)
}
if block.Headers["Proc-Type"] == "4,ENCRYPTED" {
return nil, fmt.Errorf(
"Failed to read key '%s': password protected keys are\n"+
"not supported. Please decrypt the key prior to use.", conf.KeyFile)
}

signer, err := ssh.ParsePrivateKey(key)
if err != nil {
return nil, fmt.Errorf("Failed to parse key file '%s': %v", conf.KeyFile, err)
}

sshConf.Auth = append(sshConf.Auth, ssh.PublicKeys(signer))
}
if conf.Password != "" {
Expand Down

0 comments on commit a74775d

Please sign in to comment.