func (c *DigitalOceanCluster) fingerprintSSHKey(privateKey *rsa.PrivateKey) (string, error) {
rsaPubKey, err := ssh.NewPublicKey(&privateKey.PublicKey)
if err != nil {
return "", err
}
md5Data := md5.Sum(rsaPubKey.Marshal())
strbytes := make([]string, len(md5Data))
for i, b := range md5Data {
strbytes[i] = fmt.Sprintf("%02x", b)
}
return strings.Join(strbytes, ":"), nil
}
func genPublicKey(c *C) ssh.PublicKey {
rsaKey, err := rsa.GenerateKey(rand.Reader, 2048)
c.Assert(err, IsNil)
var pemBuf bytes.Buffer
pem.Encode(&pemBuf, &pem.Block{
Type: "RSA PRIVATE KEY",
Bytes: x509.MarshalPKCS1PrivateKey(rsaKey),
})
rsaPubKey, err := ssh.NewPublicKey(&rsaKey.PublicKey)
c.Assert(err, IsNil)
return rsaPubKey
}
func genSSHKey() (*sshData, error) {
keyFile, err := ioutil.TempFile("", "")
if err != nil {
return nil, err
}
defer keyFile.Close()
rsaKey, err := rsa.GenerateKey(rand.Reader, 2048)
if err != nil {
return nil, err
}
pem.Encode(keyFile, &pem.Block{
Type: "RSA PRIVATE KEY",
Bytes: x509.MarshalPKCS1PrivateKey(rsaKey),
})
pubFile, err := ioutil.TempFile("", "")
if err != nil {
return nil, err
}
defer pubFile.Close()
rsaPubKey, err := ssh.NewPublicKey(&rsaKey.PublicKey)
if err != nil {
return nil, err
}
if _, err := pubFile.Write(ssh.MarshalAuthorizedKey(rsaPubKey)); err != nil {
return nil, err
}
wrapperFile, err := ioutil.TempFile("", "")
if err != nil {
return nil, err
}
defer wrapperFile.Close()
if err := sshWrapper.Execute(wrapperFile, map[string]string{"SSHKey": keyFile.Name()}); err != nil {
return nil, err
}
if err := wrapperFile.Chmod(0700); err != nil {
return nil, err
}
return &sshData{
Key: keyFile.Name(),
Pub: pubFile.Name(),
Env: []string{"GIT_SSH=" + wrapperFile.Name()},
Cleanup: func() {
os.RemoveAll(keyFile.Name())
os.RemoveAll(pubFile.Name())
os.RemoveAll(wrapperFile.Name())
},
}, nil
}
func (a *GenSSHKeyAction) Run(s *State) error {
data := &SSHKey{}
s.StepData[a.ID] = data
var pemBuf bytes.Buffer
rsaKey, err := rsa.GenerateKey(rand.Reader, 2048)
if err != nil {
return err
}
pem.Encode(&pemBuf, &pem.Block{
Type: "RSA PRIVATE KEY",
Bytes: x509.MarshalPKCS1PrivateKey(rsaKey),
})
rsaPubKey, err := ssh.NewPublicKey(&rsaKey.PublicKey)
if err != nil {
return err
}
data.RSAPublic = string(bytes.TrimSpace(ssh.MarshalAuthorizedKey(rsaPubKey)))
ecKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
if err != nil {
return err
}
ecBytes, err := x509.MarshalECPrivateKey(ecKey)
if err != nil {
return err
}
pem.Encode(&pemBuf, &pem.Block{Type: "EC PRIVATE KEY", Bytes: ecBytes})
ecPubKey, err := ssh.NewPublicKey(&ecKey.PublicKey)
if err != nil {
return err
}
data.ECDSAPublic = string(bytes.TrimSpace(ssh.MarshalAuthorizedKey(ecPubKey)))
data.PrivateKeys = pemBuf.String()
return nil
}
// This generates a single RSA 2048-bit SSH key
func Generate() (*SSHKey, error) {
data := &SSHKey{}
rsaKey, err := rsa.GenerateKey(rand.Reader, 2048)
if err != nil {
return nil, err
}
var pemBuf bytes.Buffer
pem.Encode(&pemBuf, &pem.Block{
Type: "RSA PRIVATE KEY",
Bytes: x509.MarshalPKCS1PrivateKey(rsaKey),
})
rsaPubKey, err := ssh.NewPublicKey(&rsaKey.PublicKey)
if err != nil {
return nil, err
}
data.PublicKey = bytes.TrimSpace(ssh.MarshalAuthorizedKey(rsaPubKey))
data.PrivateKey = rsaKey
return data, nil
}
