-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathssh_config.go
161 lines (133 loc) · 3.72 KB
/
ssh_config.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
package main
import (
"bufio"
"fmt"
"golang.org/x/crypto/ssh"
"io/ioutil"
"log"
"os"
"path/filepath"
"strings"
)
func getHostKeyCallback(host string) (ssh.HostKeyCallback, error) {
var hostKeyCallback ssh.HostKeyCallback
homeDir, err := os.UserHomeDir()
if err != nil {
return hostKeyCallback, fmt.Errorf("owl: Not able to get current user (%v)", err)
}
knownHostPath := filepath.Join(homeDir, ".ssh", "known_hosts")
file, err := os.Open(knownHostPath)
if err != nil {
log.Fatal(err)
}
scanner := bufio.NewScanner(file)
var hostKey ssh.PublicKey
for scanner.Scan() {
fields := strings.Split(scanner.Text(), " ")
if len(fields) != 3 {
continue
}
if strings.Contains(fields[0], host) {
var err error
hostKey, _, _, _, err = ssh.ParseAuthorizedKey(scanner.Bytes())
if err != nil {
return hostKeyCallback, fmt.Errorf("error parsing %q: %v", fields[2], err)
}
break
}
}
if hostKey == nil {
return hostKeyCallback, fmt.Errorf(`owl: No hostkey present for host %s.
To generate host key please please use ssh-keyscan [hostname|ip address] or
run ssh user@hostname`, host)
}
if err := file.Close(); err != nil {
return hostKeyCallback, fmt.Errorf("owl: Not able to close file (%v)", err)
}
return ssh.FixedHostKey(hostKey), nil
}
func getSignerFromPrivateKey(identityFile, host, user string) (ssh.Signer, error) {
privateKey, err := ioutil.ReadFile(identityFile)
if err != nil {
return nil, fmt.Errorf("owl: Not able to read private key (%v)", err)
}
signer, err := ssh.ParsePrivateKey(privateKey)
switch err.(type) {
case *ssh.PassphraseMissingError:
password, err := GetPassword(fmt.Sprintf("%s@%s's password: ", user, host))
if err != nil {
return nil, err
}
if password == "" {
return nil, fmt.Errorf("owl: password can not be empty")
}
signer, err = ssh.ParsePrivateKeyWithPassphrase(privateKey, []byte(password))
if err != nil {
return nil, fmt.Errorf("owl: Not able to parse private key with password (%v)", err)
}
default:
return nil, fmt.Errorf("owl: Not able to parse private key (%v)", err)
}
return signer, nil
}
func GetPublicKeyConfig(host, user, identityFile string) (*ssh.ClientConfig, error) {
hostKeyCallback, err := getHostKeyCallback(host)
if err != nil {
return nil, err
}
signer, err := getSignerFromPrivateKey(identityFile, host, user)
if err != nil {
return nil, err
}
config := &ssh.ClientConfig{
User: user,
Auth: []ssh.AuthMethod{
ssh.PublicKeys(signer),
},
HostKeyCallback: hostKeyCallback,
}
return config, nil
}
func GetPasswordConfig(host, user, password string) (*ssh.ClientConfig, error) {
hostKeyCallback, err := getHostKeyCallback(host)
if err != nil {
return nil, err
}
config := &ssh.ClientConfig{
User: user,
Auth: []ssh.AuthMethod{
ssh.Password(password),
},
HostKeyCallback: hostKeyCallback,
}
return config, nil
}
func GetIdentityPath(identityFile *string) (error, string) {
homeDir, err := os.UserHomeDir()
if err != nil {
return fmt.Errorf("owl: Not able to get current user (%v)", err), ""
}
identityFilePath := filepath.Join(homeDir, ".ssh", "id_rsa")
if *identityFile != "" {
passwordAuth = false
identityFilePath = *identityFile
}
return err, identityFilePath
}
func GetSSHConfig(user, host, identityFilePath string) (error, *ssh.ClientConfig) {
var config *ssh.ClientConfig
var err error
if passwordAuth {
password, err := GetPassword(fmt.Sprintf("%s@%s's password: ", user, host))
if err != nil {
return err, config
}
if password == "" {
return fmt.Errorf("owl: password can not be empty"), config
}
config, err = GetPasswordConfig(host, user, password)
} else {
config, err = GetPublicKeyConfig(host, user, identityFilePath)
}
return err, config
}