Example #1
0
func TestAgentForward(t *testing.T) {
	server := newServer(t)
	defer server.Shutdown()
	conn := server.Dial(clientConfig())
	defer conn.Close()

	keyring := agent.NewKeyring()
	keyring.Add(testPrivateKeys["dsa"], nil, "")
	pub := testPublicKeys["dsa"]

	sess, err := conn.NewSession()
	if err != nil {
		t.Fatalf("NewSession: %v", err)
	}
	if err := agent.RequestAgentForwarding(sess); err != nil {
		t.Fatalf("RequestAgentForwarding: %v", err)
	}

	if err := agent.ForwardToAgent(conn, keyring); err != nil {
		t.Fatalf("SetupForwardKeyring: %v", err)
	}
	out, err := sess.CombinedOutput("ssh-add -L")
	if err != nil {
		t.Fatalf("running ssh-add: %v, out %s", err, out)
	}
	key, _, _, _, err := ssh.ParseAuthorizedKey(out)
	if err != nil {
		t.Fatalf("ParseAuthorizedKey(%q): %v", out, err)
	}

	if !bytes.Equal(key.Marshal(), pub.Marshal()) {
		t.Fatalf("got key %s, want %s", ssh.MarshalAuthorizedKey(key), ssh.MarshalAuthorizedKey(pub))
	}
}
Example #2
0
// CreateSSHKey is used to generate rsa private & public keys that are used to
// set keys for ssh login to a server.
func CreateSSHKey() (string, string, error) {

	pk, e := rsa.GenerateKey(rand.Reader, 2014)
	if e != nil {
		return "", "", e
	}

	pkDer := x509.MarshalPKCS1PrivateKey(pk)
	pkBlk := pem.Block{
		Type:    "RSA PRIVATE KEY",
		Headers: nil,
		Bytes:   pkDer,
	}
	pkPem := string(pem.EncodeToMemory(&pkBlk))

	pubK := pk.PublicKey

	pub, e := ssh.NewPublicKey(&pubK)
	if e != nil {
		return "", "", e
	}

	pubBytes := ssh.MarshalAuthorizedKey(pub)

	return string(pkPem), string(pubBytes), nil
}
Example #3
0
File: ssh_test.go Project: kr/runx
func TestSSHD(t *testing.T) {
	block, _ := pem.Decode([]byte(testClientPrivateKey))
	rsakey, _ := x509.ParsePKCS1PrivateKey(block.Bytes)
	pub, _ := ssh.NewPublicKey(&rsakey.PublicKey)
	cmd, c, err := startSSHD(ssh.MarshalAuthorizedKey(pub))
	if err != nil {
		t.Fatal(err)
	}
	defer cmd.Wait()
	defer cmd.Process.Kill()
	u, err := user.Current()
	if err != nil {
		t.Fatal(err)
	}
	_ = u
	config := &ssh.ClientConfig{
		User: u.Username,
		Auth: []ssh.ClientAuth{ssh.ClientAuthKeyring(&keyring{rsakey})},
	}
	client, err := ssh.Client(c, config)
	if err != nil {
		t.Fatal(err)
	}
	sess, err := client.NewSession()
	if err != nil {
		t.Fatal(err)
	}
	out, err := sess.Output("echo hello")
	if err != nil {
		t.Fatal(err)
	}
	if string(out) != "hello\n" {
		t.Fatalf("out = %q want %q", string(out), "hello\n")
	}
}
Example #4
0
File: rsa.go Project: 41px/dmz
func GenerateKey() (pkPem []byte, pubkPem []byte, pubSSHAK []byte, err error) {
	pk, err := rsa.GenerateKey(rand.Reader, 2048)
	if err != nil {
		return
	}
	pkDer := x509.MarshalPKCS1PrivateKey(pk)
	pkBlock := pem.Block{
		Type:    "RSA PRIVATE KEY",
		Headers: nil,
		Bytes:   pkDer,
	}
	pkPem = pem.EncodeToMemory(&pkBlock)

	pubk := pk.PublicKey
	pubkDer, err := x509.MarshalPKIXPublicKey(&pubk)
	if err != nil {
		return
	}

	pubkBlock := pem.Block{
		Type:    "PUBLIC KEY",
		Headers: nil,
		Bytes:   pubkDer,
	}
	pubkPem = pem.EncodeToMemory(&pubkBlock)

	pubSSH, err := ssh.NewPublicKey(&pubk)
	if err != nil {
		return
	}
	pubSSHAK = ssh.MarshalAuthorizedKey(pubSSH)

	return
}
Example #5
0
File: main.go Project: kr/runx
func main() {
	log.SetFlags(0)
	maybePrintInfo()
	maybeProxy()
	args := os.Args[1:]
	runxURL, err := getToken()
	if err != nil {
		log.Fatal(err)
	}
	if len(args) > 0 && args[0] == "-d" {
		args = args[1:]
		_, err := herokuRun(strings.Join(args, " "), nil)
		if err != nil {
			log.Fatal(err)
		}
		return
	}
	key, err := rsa.GenerateKey(rand.Reader, 1024)
	if err != nil {
		log.Fatal("keygen", err)
	}
	pub, err := ssh.NewPublicKey(&key.PublicKey)
	if err != nil {
		log.Fatal(err)
	}
	uuid, err := herokuRun(script, map[string]string{
		"RUNX_URL":        runxURL,
		"AUTHORIZED_KEYS": string(ssh.MarshalAuthorizedKey(pub)),
	})
	if err != nil {
		log.Fatal(err)
	}
	log.Fatal(execSSH(runxURL, uuid, key, args))
}
Example #6
0
// Run executes the Packer build step that generates SSH key pairs.
func (s *StepCreateSSHKey) Run(state multistep.StateBag) multistep.StepAction {
	ui := state.Get("ui").(packer.Ui)

	ui.Say("Creating temporary SSH key for instance...")
	priv, err := rsa.GenerateKey(rand.Reader, 2048)
	if err != nil {
		err := fmt.Errorf("Error creating temporary ssh key: %s", err)
		state.Put("error", err)
		ui.Error(err.Error())
		return multistep.ActionHalt
	}

	priv_blk := pem.Block{
		Type:    "RSA PRIVATE KEY",
		Headers: nil,
		Bytes:   x509.MarshalPKCS1PrivateKey(priv),
	}

	pub, err := ssh.NewPublicKey(&priv.PublicKey)
	if err != nil {
		err := fmt.Errorf("Error creating temporary ssh key: %s", err)
		state.Put("error", err)
		ui.Error(err.Error())
		return multistep.ActionHalt
	}

	state.Put("ssh_private_key", string(pem.EncodeToMemory(&priv_blk)))
	state.Put("ssh_public_key", string(ssh.MarshalAuthorizedKey(pub)))
	return multistep.ActionContinue
}
// newServer returns a new mock ssh server.
func newServer(t *testing.T) *server {
	dir, err := ioutil.TempDir("", "sshtest")
	if err != nil {
		t.Fatal(err)
	}
	f, err := os.Create(filepath.Join(dir, "sshd_config"))
	if err != nil {
		t.Fatal(err)
	}
	err = configTmpl.Execute(f, map[string]string{
		"Dir": dir,
	})
	if err != nil {
		t.Fatal(err)
	}
	f.Close()

	for k, v := range testdata.PEMBytes {
		filename := "id_" + k
		writeFile(filepath.Join(dir, filename), v)
		writeFile(filepath.Join(dir, filename+".pub"), ssh.MarshalAuthorizedKey(testPublicKeys[k]))
	}

	return &server{
		t:          t,
		configfile: f.Name(),
		cleanup: func() {
			if err := os.RemoveAll(dir); err != nil {
				t.Error(err)
			}
		},
	}
}
Example #8
0
// handleAuth checks authentication against etcd using CanConnect and sets the needed
// environment variables for later parts of the builder to use. It takes in the SSH
// connection metadata, the public key of the user, and returns the SSH
// permissions of the connection and an error if they are not authorized.
func handleAuth(conn ssh.ConnMetadata, key ssh.PublicKey) (*ssh.Permissions, error) {
	if conn.User() != "git" {
		return nil, ErrUnauthorized
	}

	keydata := string(bytes.TrimSpace(ssh.MarshalAuthorizedKey(key)))

	etcd := etcd.NewClient([]string{*etcduplink})

	fp := utils.GetFingerprint(keydata)

	user, allowed := utils.CanConnect(etcd, keydata)
	if allowed {
		log.Printf("User %s (%s) accepted with fingerprint %s", user, conn.RemoteAddr().String(), fp)
		return &ssh.Permissions{
			Extensions: map[string]string{
				"environ":     fmt.Sprintf("USER=%s\nKEY='%s'\nFINGERPRINT=%s\n", user, keydata, fp),
				"user":        user,
				"fingerprint": fp,
			},
		}, nil
	} else {
		log.Printf("Connection from %s rejected (bad key)", conn.RemoteAddr().String())
	}

	return nil, ErrUnauthorized
}
Example #9
0
File: keys.go Project: pancakeio/pk
func pickSSHKey(candidateKeys map[string]string, w io.Writer) (ssh.PublicKey, error) {
	i := 0
	keyLst := make([]ssh.PublicKey, len(candidateKeys))
	for key, comment := range candidateKeys {
		pubKey, _, ok := ssh.ParsePublicKey([]byte(key))
		if !ok {
			continue
		}
		keyLst[i] = pubKey

		k := strings.TrimSpace(string(ssh.MarshalAuthorizedKey(pubKey)))
		l := fmt.Sprintf("[ %d ] %s...%s %s\n", i+1, k[0:24], k[len(k)-24:], comment)
		w.Write([]byte(l))
		i += 1
	}

	if i == 0 {
		return nil, errors.New("No ssh keys found.")
	}

	choice, err := pick("key", i)
	if err != nil {
		return nil, err
	}

	return keyLst[choice], nil
}
Example #10
0
// helper function that marshalls an RSA Public Key to an SSH
// .authorized_keys format
func marshalPublicKey(pubkey *rsa.PublicKey) string {
	pk, err := ssh.NewPublicKey(pubkey)
	if err != nil {
		return ""
	}

	return string(ssh.MarshalAuthorizedKey(pk))
}
Example #11
0
// helper function that marshalls an RSA Public Key to an SSH
// .authorized_keys format
func MarshalPublicKey(public *rsa.PublicKey) []byte {
	private, err := ssh.NewPublicKey(public)
	if err != nil {
		return []byte{}
	}

	return ssh.MarshalAuthorizedKey(private)
}
Example #12
0
// marshalKey returns two byte slices: one represent the private key in the PEM
// format, and the other representing the public key in the authorized_keys
// format.
func marshalKey(keyPair *rsa.PrivateKey) (privateKey []byte, publicKey []byte, err error) {
	sshPublicKey, err := ssh.NewPublicKey(&keyPair.PublicKey)
	if err != nil {
		return nil, nil, err
	}
	publicKey = ssh.MarshalAuthorizedKey(sshPublicKey)
	block := pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(keyPair)}
	privateKey = pem.EncodeToMemory(&block)
	return privateKey, publicKey, nil
}
Example #13
0
func TestCreateServerWithKeyPair(t *testing.T) {
	client, err := newClient()
	th.AssertNoErr(t, err)

	if testing.Short() {
		t.Skip("Skipping test that requires server creation in short mode.")
	}

	privateKey, err := rsa.GenerateKey(rand.Reader, 2048)
	publicKey := privateKey.PublicKey
	pub, err := ssh.NewPublicKey(&publicKey)
	th.AssertNoErr(t, err)
	pubBytes := ssh.MarshalAuthorizedKey(pub)
	pk := string(pubBytes)

	kp, err := keypairs.Create(client, keypairs.CreateOpts{
		Name:      keyName,
		PublicKey: pk,
	}).Extract()
	th.AssertNoErr(t, err)
	t.Logf("Created key pair: %s\n", kp)

	choices, err := ComputeChoicesFromEnv()
	th.AssertNoErr(t, err)

	name := tools.RandomString("Gophercloud-", 8)
	t.Logf("Creating server [%s] with key pair.", name)

	serverCreateOpts := servers.CreateOpts{
		Name:      name,
		FlavorRef: choices.FlavorID,
		ImageRef:  choices.ImageID,
	}

	server, err := servers.Create(client, keypairs.CreateOptsExt{
		serverCreateOpts,
		keyName,
	}).Extract()
	th.AssertNoErr(t, err)
	defer servers.Delete(client, server.ID)
	if err = waitForStatus(client, server, "ACTIVE"); err != nil {
		t.Fatalf("Unable to wait for server: %v", err)
	}

	server, err = servers.Get(client, server.ID).Extract()
	t.Logf("Created server: %+v\n", server)
	th.AssertNoErr(t, err)
	th.AssertEquals(t, server.KeyName, keyName)

	t.Logf("Deleting key pair [%s]...", kp.Name)
	err = keypairs.Delete(client, keyName).ExtractErr()
	th.AssertNoErr(t, err)

	t.Logf("Deleting server [%s]...", name)
}
Example #14
0
func checkAuth(conn ssh.ConnMetadata, key ssh.PublicKey) (*ssh.Permissions, error) {
	status, err := exitStatus(exec.Command(authChecker[0],
		append(authChecker[1:], conn.User(), string(bytes.TrimSpace(ssh.MarshalAuthorizedKey(key))))...).Run())
	if err != nil {
		return nil, err
	}
	if status.Status == 0 {
		return nil, nil
	}
	return nil, ErrUnauthorized
}
Example #15
0
func GenerateNewPublicKey() string {
	key, err := rsa.GenerateKey(rand.Reader, 2048)
	if err != nil {
		log.Fatal("Failed to generate new RSA key: ", err)
	}
	pk, err := ssh.NewPublicKey(&key.PublicKey)
	if err != nil {
		log.Fatal("Failed to generate public key: ", err)
	}
	return string(ssh.MarshalAuthorizedKey(pk))
}
Example #16
0
func renderHostLine(addr string, key gossh.PublicKey) []byte {
	keyByte := gossh.MarshalAuthorizedKey(key)
	// allocate line space in advance
	length := len(addr) + 1 + len(keyByte)
	line := make([]byte, 0, length)

	w := bytes.NewBuffer(line)
	w.Write([]byte(addr))
	w.WriteByte(' ')
	w.Write(keyByte)
	return w.Bytes()
}
Example #17
0
func genSSHKey() (*sshData, error) {
	keyFile, err := ioutil.TempFile("", "")
	if err != nil {
		return nil, err

	}
	defer keyFile.Close()
	rsaKey, err := rsa.GenerateKey(rand.Reader, 2048)
	if err != nil {
		return nil, err
	}
	pem.Encode(keyFile, &pem.Block{
		Type:  "RSA PRIVATE KEY",
		Bytes: x509.MarshalPKCS1PrivateKey(rsaKey),
	})

	pubFile, err := ioutil.TempFile("", "")
	if err != nil {
		return nil, err
	}
	defer pubFile.Close()
	rsaPubKey, err := ssh.NewPublicKey(&rsaKey.PublicKey)
	if err != nil {
		return nil, err
	}
	if _, err := pubFile.Write(ssh.MarshalAuthorizedKey(rsaPubKey)); err != nil {
		return nil, err
	}

	wrapperFile, err := ioutil.TempFile("", "")
	if err != nil {
		return nil, err
	}
	defer wrapperFile.Close()
	if err := sshWrapper.Execute(wrapperFile, map[string]string{"SSHKey": keyFile.Name()}); err != nil {
		return nil, err
	}
	if err := wrapperFile.Chmod(0700); err != nil {
		return nil, err
	}

	return &sshData{
		Key: keyFile.Name(),
		Pub: pubFile.Name(),
		Env: []string{"GIT_SSH=" + wrapperFile.Name()},
		Cleanup: func() {
			os.RemoveAll(keyFile.Name())
			os.RemoveAll(pubFile.Name())
			os.RemoveAll(wrapperFile.Name())
		},
	}, nil
}
Example #18
0
func newKey(name, user, raw string) (*Key, error) {
	key, comment, _, _, ok := ssh.ParseAuthorizedKey([]byte(raw))
	if !ok {
		return nil, ErrInvalidKey
	}
	body := ssh.MarshalAuthorizedKey(key)
	k := Key{
		Name:     name,
		Body:     string(body),
		Comment:  comment,
		UserName: user,
	}
	return &k, nil
}
Example #19
0
func newKey(name, user, raw string) (*Key, error) {
	key, comment, _, _, err := ssh.ParseAuthorizedKey([]byte(raw))
	if err != nil {
		return nil, ErrInvalidKey
	}
	body := ssh.MarshalAuthorizedKey(key.(ssh.PublicKey))
	k := Key{
		Name:      name,
		Body:      string(body),
		Comment:   comment,
		UserName:  user,
		CreatedAt: time.Now(),
	}
	return &k, nil
}
Example #20
0
func generateRSAKey(bits int) ([]byte, []byte, error) {
	rsaKey, err := rsa.GenerateKey(rand.Reader, bits)
	if err != nil {
		return nil, nil, err
	}
	pubKey, err := ssh.NewPublicKey(&rsaKey.PublicKey)
	if err != nil {
		return nil, nil, err
	}
	rsaKeyDER := x509.MarshalPKCS1PrivateKey(rsaKey)
	return pem.EncodeToMemory(&pem.Block{
		Type:  "RSA PRIVATE KEY",
		Bytes: rsaKeyDER,
	}), ssh.MarshalAuthorizedKey(pubKey), nil
}
Example #21
0
func (s *stepCreateSSHKey) Run(state multistep.StateBag) multistep.StepAction {
	client := state.Get("client").(*DigitalOceanClient)
	ui := state.Get("ui").(packer.Ui)

	ui.Say("Creating temporary ssh key for droplet...")

	priv, err := rsa.GenerateKey(rand.Reader, 2014)

	// ASN.1 DER encoded form
	priv_der := x509.MarshalPKCS1PrivateKey(priv)
	priv_blk := pem.Block{
		Type:    "RSA PRIVATE KEY",
		Headers: nil,
		Bytes:   priv_der,
	}

	// Set the private key in the statebag for later
	state.Put("privateKey", string(pem.EncodeToMemory(&priv_blk)))

	// Marshal the public key into SSH compatible format
	// TODO properly handle the public key error
	pub, _ := ssh.NewPublicKey(&priv.PublicKey)
	pub_sshformat := string(ssh.MarshalAuthorizedKey(pub))

	// The name of the public key on DO
	name := fmt.Sprintf("packer-%s", hex.EncodeToString(identifier.NewUUID().Raw()))

	// Create the key!
	keyId, err := client.CreateKey(name, pub_sshformat)
	if err != nil {
		err := fmt.Errorf("Error creating temporary SSH key: %s", err)
		state.Put("error", err)
		ui.Error(err.Error())
		return multistep.ActionHalt
	}

	// We use this to check cleanup
	s.keyId = keyId

	log.Printf("temporary ssh key name: %s", name)

	// Remember some state for the future
	state.Put("ssh_key_id", keyId)

	return multistep.ActionContinue
}
Example #22
0
// Run executes the Packer build step that generates SSH key pairs.
func (s *StepCreateSSHKey) Run(state multistep.StateBag) multistep.StepAction {
	ui := state.Get("ui").(packer.Ui)

	ui.Say("Creating temporary SSH key for instance...")
	priv, err := rsa.GenerateKey(rand.Reader, 2048)
	if err != nil {
		err := fmt.Errorf("Error creating temporary ssh key: %s", err)
		state.Put("error", err)
		ui.Error(err.Error())
		return multistep.ActionHalt
	}

	priv_blk := pem.Block{
		Type:    "RSA PRIVATE KEY",
		Headers: nil,
		Bytes:   x509.MarshalPKCS1PrivateKey(priv),
	}

	pub, err := ssh.NewPublicKey(&priv.PublicKey)
	if err != nil {
		err := fmt.Errorf("Error creating temporary ssh key: %s", err)
		state.Put("error", err)
		ui.Error(err.Error())
		return multistep.ActionHalt
	}
	state.Put("ssh_private_key", string(pem.EncodeToMemory(&priv_blk)))
	state.Put("ssh_public_key", string(ssh.MarshalAuthorizedKey(pub)))

	if s.Debug {
		ui.Message(fmt.Sprintf("Saving key for debug purposes: %s", s.DebugKeyPath))
		f, err := os.Create(s.DebugKeyPath)
		if err != nil {
			state.Put("error", fmt.Errorf("Error saving debug key: %s", err))
			return multistep.ActionHalt
		}

		// Write out the key
		err = pem.Encode(f, &priv_blk)
		f.Close()
		if err != nil {
			state.Put("error", fmt.Errorf("Error saving debug key: %s", err))
			return multistep.ActionHalt
		}
	}
	return multistep.ActionContinue
}
Example #23
0
func TestMarshalParsePublicKey(t *testing.T) {
	pub := getTestPublicKey(t)
	authKeys := ssh.MarshalAuthorizedKey(pub)
	actualFields := strings.Fields(string(authKeys))
	if len(actualFields) == 0 {
		t.Fatalf("failed authKeys: %v", authKeys)
	}

	// drop the comment
	expectedFields := strings.Fields(keys["authorized_keys"])[0:2]

	if !reflect.DeepEqual(actualFields, expectedFields) {
		t.Errorf("got %v, expected %v", actualFields, expectedFields)
	}

	actPub, _, _, _, ok := ssh.ParseAuthorizedKey([]byte(keys["authorized_keys"]))
	if !ok {
		t.Fatalf("cannot parse %v", keys["authorized_keys"])
	}
	if !reflect.DeepEqual(actPub, pub) {
		t.Errorf("got %v, expected %v", actPub, pub)
	}
}
Example #24
0
// GenerateKey makes a 2048 bit RSA no-passphrase SSH capable key.  The bit
// size is actually controlled by the KeyBits var. The private key returned is
// encoded to ASCII using the PKCS1 encoding.  The public key is suitable to
// be added into an authorized_keys file, and has the comment passed in as the
// comment part of the key.
func GenerateKey(comment string) (private, public string, err error) {
	key, err := rsaGenerateKey(rand.Reader, KeyBits)
	if err != nil {
		return "", "", err
	}

	identity := pem.EncodeToMemory(
		&pem.Block{
			Type:  "RSA PRIVATE KEY",
			Bytes: x509.MarshalPKCS1PrivateKey(key),
		})

	signer, err := ssh.ParsePrivateKey(identity)
	if err != nil {
		return "", "", fmt.Errorf("failed to load key: %v", err)
	}

	auth_key := string(ssh.MarshalAuthorizedKey(signer.PublicKey()))
	// Strip off the trailing new line so we can add a comment.
	auth_key = strings.TrimSpace(auth_key)
	public = fmt.Sprintf("%s %s\n", auth_key, comment)

	return string(identity), public, nil
}
Example #25
0
func generateDSAKey() ([]byte, []byte, error) {
	params := &dsa.Parameters{}
	if err := dsa.GenerateParameters(params, rand.Reader, dsa.L1024N160); err != nil {
		return nil, nil, err
	}
	dsaKey := &dsa.PrivateKey{
		PublicKey: dsa.PublicKey{
			Parameters: *params,
		},
	}
	if err := dsa.GenerateKey(dsaKey, rand.Reader); err != nil {
		return nil, nil, err
	}
	pubKey, err := ssh.NewPublicKey(&dsaKey.PublicKey)
	if err != nil {
		return nil, nil, err
	}
	dsaKeyASN1, err := asn1.Marshal(struct {
		Version       int
		P, Q, G, Y, X *big.Int
	}{
		0,
		dsaKey.P,
		dsaKey.Q,
		dsaKey.G,
		dsaKey.Y,
		dsaKey.X,
	})
	if err != nil {
		return nil, nil, err
	}
	return pem.EncodeToMemory(&pem.Block{
		Type:  "DSA PRIVATE KEY",
		Bytes: dsaKeyASN1,
	}), ssh.MarshalAuthorizedKey(pubKey), nil
}
Example #26
0
			}

			key, err = pickSSHKey(keys, os.Stdout)
		}

		if err != nil {
			return fmt.Errorf("refusing to upload: %s", err)
		}

		var keyName string
		keyName = getText("Name this key [optional]")
		if keyName == "" {
			keyName = time.Now().Format("2006-01-02")
		}

		keyStr := string(ssh.MarshalAuthorizedKey(key))
		err = client.UploadKey(keyName, strings.TrimSpace(keyStr))
		if err != nil {
			return err
		}

		fmt.Printf("Added key '%s'.\n", keyName)
		return nil
	},
	flags: flag.NewFlagSet("add-key", flag.ExitOnError),
	usage: func() string {
		return "add an ssh key to your account"
	},
}

var cmdKeysList = &cmd{