// Return SSH key md5 fingerprint
func fingerprint(k ssh.PublicKey) string {
w := md5.New()
w.Write(ssh.MarshalPublicKey(k))
fp := strings.TrimSpace(fmt.Sprintf("% x", w.Sum(nil)))
fp = strings.Replace(fp, " ", ":", -1)
return fp
}
// ParseAuthorisedKey parses a non-comment line from an
// authorized_keys file and returns the constituent parts.
// Based on description in "man sshd".
func ParseAuthorisedKey(line string) (*AuthorisedKey, error) {
key, comment, _, _, ok := ssh.ParseAuthorizedKey([]byte(line))
if !ok {
return nil, fmt.Errorf("invalid authorized_key %q", line)
}
keyBytes := ssh.MarshalPublicKey(key)
return &AuthorisedKey{
Key: keyBytes,
Comment: comment,
}, nil
}
// Find SSH keys on the local file system
func getSSHKeys(existingKeyFingerprints map[string]bool) map[string]string {
candidateKeys := make(map[string]string)
// get key from id_rsa.pub
rsaKey, rsaComment, rsaErr := sshReadPubKey(idRsaPubPath)
if rsaErr == nil {
candidateKeys[string(ssh.MarshalPublicKey(rsaKey))] = rsaComment
}
// get key from id_dsa.pub
dsaKey, dsaComment, dsaErr := sshReadPubKey(idDsaPubPath)
if dsaErr == nil {
candidateKeys[string(ssh.MarshalPublicKey(dsaKey))] = dsaComment
}
// get keys from ssh-add
out, err := exec.Command("ssh-add", "-L").Output()
sshAddKeys := strings.TrimSpace(string(out))
if err == nil && sshAddKeys != "" {
for _, k := range strings.Split(sshAddKeys, "\n") {
key, comment, _, _, ok := ssh.ParseAuthorizedKey([]byte(k))
if ok {
candidateKeys[string(ssh.MarshalPublicKey(key))] = comment
}
}
}
for k, _ := range candidateKeys {
pubKey, _, _ := ssh.ParsePublicKey([]byte(k))
fp := fingerprint(pubKey)
if _, ok := existingKeyFingerprints[fp]; ok {
delete(candidateKeys, k)
}
}
return candidateKeys
}
func init() {
template.Must(configTmpl.Parse(sshd_config))
block, _ := pem.Decode([]byte(testClientPrivateKey))
rsakey, _ = x509.ParsePKCS1PrivateKey(block.Bytes)
block, _ = pem.Decode([]byte(keys["ssh_host_rsa_key"]))
if block == nil {
panic("pem.Decode ssh_host_rsa_key")
}
priv, err := x509.ParsePKCS1PrivateKey(block.Bytes)
if err != nil {
panic("ParsePKCS1PrivateKey: " + err.Error())
}
serializedHostKey = ssh.MarshalPublicKey(&priv.PublicKey)
}
func (s *SSHGoCryptoCommandSuite) TestCommand(c *gc.C) {
private, _, err := ssh.GenerateKey("test-server")
c.Assert(err, gc.IsNil)
key, err := cryptossh.ParsePrivateKey([]byte(private))
client, err := ssh.NewGoCryptoClient(key)
c.Assert(err, gc.IsNil)
server := newServer(c)
var opts ssh.Options
opts.SetPort(server.Addr().(*net.TCPAddr).Port)
cmd := client.Command("127.0.0.1", testCommand, &opts)
checkedKey := false
server.cfg.PublicKeyCallback = func(conn *cryptossh.ServerConn, user, algo string, pubkey []byte) bool {
c.Check(pubkey, gc.DeepEquals, cryptossh.MarshalPublicKey(key.PublicKey()))
checkedKey = true
return true
}
go server.run(c)
out, err := cmd.Output()
c.Assert(err, gc.ErrorMatches, "ssh: could not execute command.*")
// TODO(axw) when gosshnew is ready, expect reply from server.
c.Assert(out, gc.IsNil)
c.Assert(checkedKey, jc.IsTrue)
}
func (k *storedHostKey) Add(key ssh.PublicKey) {
if k.keys == nil {
k.keys = map[string][]byte{}
}
k.keys[key.PublicKeyAlgo()] = ssh.MarshalPublicKey(key)
}
