func makeSigner(keyname string) (signer ssh.Signer, err error) {
fp, err := os.Open(keyname)
if err != nil {
return
}
defer fp.Close()
buf, err := ioutil.ReadAll(fp)
if err != nil {
panic(err)
return
}
key, err := ssh.ParseRawPrivateKey(buf)
if err != nil {
panic(err)
return
}
signer, err = ssh.NewSignerFromKey(key)
if err != nil {
panic(err)
return
}
return
}
// remoteCmdOutput runs the given command on a remote server at the given hostname as the given user.
func remoteCmdOutput(username, hostname, cmd string, privateKey []byte) (b []byte, err error) {
p, err := ssh.ParseRawPrivateKey(privateKey)
if err != nil {
return b, err
}
s, err := ssh.NewSignerFromKey(p)
if err != nil {
return b, err
}
pub := ssh.PublicKeys(s)
clientConfig := &ssh.ClientConfig{
User: username,
Auth: []ssh.AuthMethod{pub},
}
client, err := ssh.Dial("tcp", hostname, clientConfig)
if err != nil {
return b, errors.New("ERROR: Failed to dial: " + err.Error())
}
defer client.Close()
session, err := client.NewSession()
if err != nil {
return b, errors.New("ERROR: Failed to create session: " + err.Error())
}
defer session.Close()
b, err = session.Output(cmd)
if err != nil {
return b, fmt.Errorf("ERROR: Failed to run cmd on host %s: %s", hostname, err.Error())
}
return b, nil
}
func TestSSHPrivateFingerprint(t *testing.T) {
Convey("Test generating SSH private key fingerprint", t, func() {
tmp, err := ioutil.ReadFile("testdata/testkey")
panic_the_err(err)
key, err := ssh.ParseRawPrivateKey(tmp)
privkey := key.(*rsa.PrivateKey)
panic_the_err(err)
fingerprint, err := SSHPrivateFingerprint(*privkey)
So(err, ShouldEqual, nil)
So(fingerprint, ShouldEqual, "c0:61:84:fc:e8:c9:52:dc:cd:a9:8e:82:a2:70:0a:30")
})
}
func TestDecodeAESCredential(t *testing.T) {
Convey("Test decoding an AES-encrypted ciphertext", t, func() {
ciphertext := "eyJFbmNvZGVkS2V5IjoicDI5R3NmSmhIVjYvRGd3cmd1d040aDhKTmErTGJkZ0VHcU5vaVB6c1Rnb3IrOEJsQnJTVW1rWGZQTlFvRnY4NHdlcGkvYmd4ZmNyYlpDWm5iMEx4bW9pVjhjMERZYlE5M3F1d0ptK2VBNVhSVlZzTFZodUk1RG9rOENMbkwxOEl5aXc4OENWMXR6ZkJOUWNnQVdBckpsNHBMdzZEbkVFS21NOHRabCtNRUVnTlFjVStybUprKytZbU1ubW44KzVEU1Q5TWtLQ0lxeHl2eVNCRGYxVGkrS2ZHNTlXajkybGQycGZ1Q3k5YWREYlQ2azc0ZG1MbFkvOTlZMWVDZkREMmJWZjNueWJrUkg2UTM3bXNQVHpnbGRaWE56cjBoeStTUERTZHozU0lBSmZGZGw1dy9ka3pYTms2TXcwaHMxbjhRR1BsdnBMOFI1MzF1Rit5a3c5STh3PT0iLCJDaXBoZXJ0ZXh0Ijoiem5Cc2ZxbmJwYTFtdEF6Q09GMVZpU3VsUlRQSGZIblE1UEREZzluYyJ9"
tmp, err := ioutil.ReadFile("testdata/testkey")
panic_the_err(err)
key, err := ssh.ParseRawPrivateKey(tmp)
privkey := key.(*rsa.PrivateKey)
panic_the_err(err)
plaintext, err := CredulousDecodeAES(ciphertext, privkey)
So(err, ShouldEqual, nil)
So(plaintext, ShouldEqual, "some plaintext")
})
}
func GeneratePublicKey(privateKey []byte) (string, error) {
rsaPK, err := ssh.ParseRawPrivateKey(privateKey)
if err != nil {
return "", err
}
sshPK := rsaPK.(*rsa.PrivateKey)
sshPubKey, err := ssh.NewPublicKey(&sshPK.PublicKey)
if err != nil {
return "", err
}
return MarshalPublickKey(sshPubKey), nil
}
func TestDecodeWithSalt(t *testing.T) {
Convey("Test Decode a string", t, func() {
ciphertext := "sGhPCj9OCe0hv9PvWQvsu289sMsVNfqpyQDRCgXo+PwDMlXmRVXa5ErkkHNwyuYWFr9u1gkytiue7Dol4duvPycUYqpdeOOrfAMWkLWKGrO6tgTYtxMjVYBtp3negl2OeJqHFs6h/UwmNaO6IP2z2R8vPctmMmpwrkdzokiiPx6WKLDP17eoC+Q+zvDUqSTgqnSiwbjb+gFGFt7NTH65gHHHtwbm2wr45Oce4+LfddGo8V7A52ZjVlTHHdK+OiJzHmN8KMTAUi1d0ULI7oW+BfAX7iyA1SyvFx0oJHJ/dDidxPUm7i2vEeKtXU5BS8THv5dk01BwByJU+kl3qenCTA=="
tmp, err := ioutil.ReadFile("testdata/testkey")
panic_the_err(err)
key, err := ssh.ParseRawPrivateKey(tmp)
privkey := key.(*rsa.PrivateKey)
panic_the_err(err)
salt := "pepper"
plaintext, err := CredulousDecodeWithSalt(ciphertext, salt, privkey)
panic_the_err(err)
So(plaintext, ShouldEqual, "some plaintext")
})
}
func (c *container) dialSSH() (*ssh.Client, error) {
key, err := ssh.ParseRawPrivateKey([]byte(c.PrivateKey))
if err != nil {
return nil, err
}
signer, err := ssh.NewSignerFromKey(key)
if err != nil {
return nil, err
}
host := c.HostAddr + ":" + c.SSHHostPort
config := ssh.ClientConfig{
Config: ssh.Config{Rand: rand.Reader},
Auth: []ssh.AuthMethod{ssh.PublicKeys(signer)},
User: c.User,
}
return ssh.Dial("tcp", host, &config)
}
// A method for the construction of the configuration
// object necessary for the connection to the host.
func (s *Session) NewConfig(user user) error {
// get the content of the private key file
key, err := loadPEM(os.ExpandEnv(tools.Expanduser(user.GetPrivateKey())))
if err != nil {
return err
}
// parse the key
parsed, err := ssh.ParseRawPrivateKey(key)
if err != nil {
formatter.ColoredPrintln(
formatter.Red,
false,
"Can't parse the private key!\n",
"Reason is: ", err.Error(),
)
}
// convert into signer
signer, err := ssh.NewSignerFromKey(parsed)
if err != nil {
formatter.ColoredPrintln(
formatter.Red,
false,
"Can't create signer from private key!\n",
"Reason is: ", err.Error(),
)
}
// Construct the configuration with password authentication
s.Config = &ssh.ClientConfig{
User: user.GetUsername(),
Auth: []ssh.AuthMethod{
ssh.PublicKeys(signer),
},
}
return nil
}
func init() {
var err error
n := len(testdata.PEMBytes)
testPrivateKeys = make(map[string]interface{}, n)
testSigners = make(map[string]ssh.Signer, n)
testPublicKeys = make(map[string]ssh.PublicKey, n)
for t, k := range testdata.PEMBytes {
testPrivateKeys[t], err = ssh.ParseRawPrivateKey(k)
if err != nil {
panic(fmt.Sprintf("Unable to parse test key %s: %v", t, err))
}
testSigners[t], err = ssh.NewSignerFromKey(testPrivateKeys[t])
if err != nil {
panic(fmt.Sprintf("Unable to create signer for test key %s: %v", t, err))
}
testPublicKeys[t] = testSigners[t].PublicKey()
}
// Create a cert and sign it for use in tests.
testCert := &ssh.Certificate{
Nonce: []byte{}, // To pass reflect.DeepEqual after marshal & parse, this must be non-nil
ValidPrincipals: []string{"gopher1", "gopher2"}, // increases test coverage
ValidAfter: 0, // unix epoch
ValidBefore: ssh.CertTimeInfinity, // The end of currently representable time.
Reserved: []byte{}, // To pass reflect.DeepEqual after marshal & parse, this must be non-nil
Key: testPublicKeys["ecdsa"],
SignatureKey: testPublicKeys["rsa"],
Permissions: ssh.Permissions{
CriticalOptions: map[string]string{},
Extensions: map[string]string{},
},
}
testCert.SignCert(rand.Reader, testSigners["rsa"])
testPrivateKeys["cert"] = testPrivateKeys["ecdsa"]
testSigners["cert"], err = ssh.NewCertSigner(testCert, testSigners["ecdsa"])
if err != nil {
panic(fmt.Sprintf("Unable to create certificate signer: %v", err))
}
}
func (c *Config) populateAuthMethods() error {
privKeyText, err := ioutil.ReadFile(c.privateKeyFile)
if err != nil {
return err
}
privKey, err := ssh.ParseRawPrivateKey(privKeyText)
if err != nil {
return err
}
signer, err := ssh.NewSignerFromKey(privKey)
if err != nil {
return err
}
c.authMethods = []ssh.AuthMethod{
ssh.PublicKeys(signer),
}
return nil
}
func loadPrivateKey(filename string) (privateKey *rsa.PrivateKey, err error) {
var tmp []byte
if tmp, err = ioutil.ReadFile(filename); err != nil {
return &rsa.PrivateKey{}, err
}
pemblock, _ := pem.Decode([]byte(tmp))
if x509.IsEncryptedPEMBlock(pemblock) {
if tmp, err = decryptPEM(pemblock, filename); err != nil {
return &rsa.PrivateKey{}, err
}
} else {
log.Print("WARNING: Your private SSH key has no passphrase!")
}
key, err := ssh.ParseRawPrivateKey(tmp)
if err != nil {
return &rsa.PrivateKey{}, err
}
privateKey = key.(*rsa.PrivateKey)
return privateKey, nil
}
