func TestSaveForeverCertAllowed(t *testing.T) {
	allConfig := SetupSignerdConfig(1, 0)
	environment := "testing"
	envConfig := allConfig[environment]
	requestHandler := makeCertRequestHandler(allConfig)

	pubKey, _, _, _, err := ssh.ParseAuthorizedKey([]byte(foreverUserCertString))
	if err != nil {
		t.Fatalf("Parsing canned cert failed: %v", err)
	}
	cert := pubKey.(*ssh.Certificate)
	err = requestHandler.saveSigningRequest(envConfig, environment, "reason: testing", "DEADBEEFDEADBEEF", 1, cert)
	if err != nil {
		t.Fatalf("Should have worked, failed with: %v", err)
	}

	pubKey, _, _, _, err = ssh.ParseAuthorizedKey([]byte(twentyTwentyFiveCertString))
	if err != nil {
		t.Fatalf("Parsing canned cert failed: %v", err)
	}
	cert = pubKey.(*ssh.Certificate)
	err = requestHandler.saveSigningRequest(envConfig, environment, "reason: testing", "DEADBEEFDEADBEEF2", 1, cert)
	if err != nil {
		t.Fatalf("Should have worked, failed with: %v", err)
	}
}
func getTwoBoringCerts(t *testing.T) (*ssh.Certificate, *ssh.Certificate) {
	pubKeyOne, _, _, _, err := ssh.ParseAuthorizedKey([]byte(boringUserCertString))
	if err != nil {
		t.Fatalf("Parsing canned cert failed: %v", err)
	}
	boringCertOne := pubKeyOne.(*ssh.Certificate)

	pubKeyTwo, _, _, _, err := ssh.ParseAuthorizedKey([]byte(boringUserCertString))
	if err != nil {
		t.Fatalf("Parsing canned cert failed: %v", err)
	}
	boringCertTwo := pubKeyTwo.(*ssh.Certificate)

	return boringCertOne, boringCertTwo
}
Esempio n. 3
0
func findKeyLocally(key ssh.PublicKey) (string, error) {
	sshDir := os.Getenv("HOME") + "/.ssh"
	dirEntries, err := ioutil.ReadDir(sshDir)
	if err != nil {
		return "", fmt.Errorf("Could not read your .ssh directory %s: %s\n", sshDir, err)
	}
	for idx := range dirEntries {
		entry := dirEntries[idx]
		if strings.HasSuffix(entry.Name(), ".pub") {
			pubKeyPath := sshDir + "/" + entry.Name()
			pubBuf, err := ioutil.ReadFile(pubKeyPath)
			if err != nil {
				fmt.Printf("Trouble reading public key %s: %s\n", pubKeyPath, err)
				continue
			}
			pubKey, _, _, _, err := ssh.ParseAuthorizedKey(pubBuf)
			if err != nil {
				fmt.Printf("Trouble parsing public key %s (might be unsupported format): %s\n", pubKeyPath, err)
				continue
			}
			if bytes.Equal(pubKey.Marshal(), key.Marshal()) {
				return pubKeyPath, nil
			}
		}
	}
	return "", fmt.Errorf("Couldn't find ssh key for cert.\n")
}
Esempio n. 4
0
// RunKeyImport imports a key from a file
func RunKeyImport(ns string, out io.Writer) error {
	client := doit.DoitConfig.GetGodoClient()

	keyPath := doit.DoitConfig.GetString(ns, doit.ArgKeyPublicKeyFile)
	keyName := doit.DoitConfig.GetString(ns, doit.ArgKeyName)

	keyFile, err := ioutil.ReadFile(keyPath)
	if err != nil {
		return err
	}

	_, comment, _, _, err := ssh.ParseAuthorizedKey(keyFile)
	if err != nil {
		return err
	}

	if len(keyName) < 1 {
		keyName = comment
	}

	kcr := &godo.KeyCreateRequest{
		Name:      keyName,
		PublicKey: string(keyFile),
	}

	r, _, err := client.Keys.Create(kcr)
	if err != nil {
		return err
	}

	return doit.DisplayOutput(r, out)
}
Esempio n. 5
0
File: server.go Progetto: logan/heim
func (ctrl *Controller) authorizeKey(conn ssh.ConnMetadata, key ssh.PublicKey) (
	*ssh.Permissions, error) {

	marshaledKey := key.Marshal()
	for _, authorizedKey := range ctrl.authorizedKeys {
		if bytes.Compare(authorizedKey.Marshal(), marshaledKey) == 0 {
			return &ssh.Permissions{}, nil
		}
	}

	nodes, err := ctrl.cluster.GetDir("console/authorized_keys")
	if err != nil {
		if err == cluster.ErrNotFound {
			return nil, fmt.Errorf("unauthorized")
		}
		return nil, err
	}

	for path, value := range nodes {
		key, _, _, _, err := ssh.ParseAuthorizedKey([]byte(value))
		if err != nil {
			fmt.Printf("bad authorized key from etcd: %s: %s\n", path, err)
		}
		if bytes.Compare(key.Marshal(), marshaledKey) == 0 {
			return &ssh.Permissions{}, nil
		}
	}

	return nil, fmt.Errorf("unauthorized")
}
Esempio n. 6
0
func (d *SDeployKeys) ParsePublicKey(b []byte) (ssh.PublicKey, error) {
	s, _, _, _, err := ssh.ParseAuthorizedKey(b)
	if err != nil {
		return nil, errors.New("Invalid RSA public key format")
	}
	return s, nil
}
Esempio n. 7
0
func TestAgentForward(t *testing.T) {
	server := newServer(t)
	defer server.Shutdown()
	conn := server.Dial(clientConfig())
	defer conn.Close()

	keyring := agent.NewKeyring()
	keyring.Add(testPrivateKeys["dsa"], nil, "")
	pub := testPublicKeys["dsa"]

	sess, err := conn.NewSession()
	if err != nil {
		t.Fatalf("NewSession: %v", err)
	}
	if err := agent.RequestAgentForwarding(sess); err != nil {
		t.Fatalf("RequestAgentForwarding: %v", err)
	}

	if err := agent.ForwardToAgent(conn, keyring); err != nil {
		t.Fatalf("SetupForwardKeyring: %v", err)
	}
	out, err := sess.CombinedOutput("ssh-add -L")
	if err != nil {
		t.Fatalf("running ssh-add: %v, out %s", err, out)
	}
	key, _, _, _, err := ssh.ParseAuthorizedKey(out)
	if err != nil {
		t.Fatalf("ParseAuthorizedKey(%q): %v", out, err)
	}

	if !bytes.Equal(key.Marshal(), pub.Marshal()) {
		t.Fatalf("got key %s, want %s", ssh.MarshalAuthorizedKey(key), ssh.MarshalAuthorizedKey(pub))
	}
}
Esempio n. 8
0
// Converts a public key to authorized keys format.
func PublicKeyToAuthorizedKeysFormat(in string) (string, error) {
	s := strings.Replace(strings.Replace(strings.TrimSpace(in), "\r\n", "\n", -1), "\r", "\n", -1)
	lines := strings.Split(s, "\n")
	if len(lines) == 1 {
		publicKey, comment, _, _, err := ssh.ParseAuthorizedKey([]byte(lines[0]))
		if err != nil {
			return "", fmt.Errorf("failed to parse public key from authorized keys format: %v", err)
		}
		encodedKey := base64.StdEncoding.EncodeToString(publicKey.Marshal())
		return fmt.Sprintf("%s %s %s", publicKey.Type(), encodedKey, comment), nil
	} else {
		var encodedKey string
		continuationLine := false
		for _, line := range lines {
			if continuationLine || strings.ContainsAny(line, ":-") {
				continuationLine = strings.HasSuffix(line, "\\")
			} else {
				encodedKey += line
			}
		}
		rawKey, err := base64.StdEncoding.DecodeString(encodedKey)
		fmt.Println(encodedKey)
		if err != nil {
			return "", fmt.Errorf("detected SSH2 format, but contains invalid base64 content: %v", err)
		}
		fmt.Println(string(base64.StdEncoding.EncodeToString(rawKey)))
		publicKey, err := ssh.ParsePublicKey(rawKey)
		if err != nil {
			return "", fmt.Errorf("failed to parse public key from SSH2 format: %v", err)
		}
		newEncodedKey := base64.StdEncoding.EncodeToString(publicKey.Marshal())
		return fmt.Sprintf("%s %s cloug@cloug", publicKey.Type(), newEncodedKey), nil
	}
}
Esempio n. 9
0
func getPubKeyForUser(username string) (ssh.PublicKey, error) {

	cwd, err := os.Getwd()
	if err != nil {
		log.Printf("(getPubKeyForUser) >>  Error: Could not figure out current working directory: %s", err.Error())
		return nil, err
	}

	pubKeyPath := fmt.Sprintf("%s/data/%s/id_rsa.pub", cwd, username)

	pubKeyFile, err := os.Open(pubKeyPath)
	if err != nil {
		log.Printf("(getPubKeyForUser) >>  Error opening pub key file '%s' for user '%s': %s", pubKeyPath, username, err.Error())
		return nil, fmt.Errorf("(getPubKeyForUser) >>  Error opening pub key file '%s'", pubKeyPath)
	}
	defer pubKeyFile.Close()

	var authorizedPubKeyBuf []byte
	authorizedPubKeyBuf, err = ioutil.ReadAll(pubKeyFile)
	if err != nil {
		log.Printf("(getPubKeyForUser) >>  Error: Could not read PubKey at path: %s", pubKeyPath)
		return nil, err
	}

	authorizedPubKey, _, _, _, err = ssh.ParseAuthorizedKey(authorizedPubKeyBuf)
	if err != nil {
		log.Printf("(getPubKeyForUser) >>  Error: Unable to parse AuthorizedPubKey: '%s'. Error: %s", pubKeyPath, err.Error())
		return nil, err
	}
	log.Printf("(getPubKeyForUser) >>  Successfully parsed authorized PubKey: %s\n", pubKeyPath)
	return authorizedPubKey, nil
}
Esempio n. 10
0
func parseAuthFile(filename string) ([]*sshmux.User, error) {
	var users []*sshmux.User

	authFile, err := ioutil.ReadFile(filename)
	if err != nil {
		return nil, err
	}

	// Parse authfile as authorized_key

	for len(authFile) > 0 {
		var (
			pk      ssh.PublicKey
			comment string
		)

		pk, comment, _, authFile, err = ssh.ParseAuthorizedKey(authFile)
		if err != nil {
			return nil, err
		}

		u := &sshmux.User{
			PublicKey: pk,
			Name:      comment,
		}

		users = append(users, u)
	}

	return users, nil
}
func TestRejectRequestAfterSigning(t *testing.T) {
	allConfig := SetupSignerdConfig(2, 0)
	environment := "testing"
	envConfig := allConfig[environment]
	requestHandler := makeCertRequestHandler(allConfig)

	pubKey, _, _, _, err := ssh.ParseAuthorizedKey([]byte(boringUserCertString))
	if err != nil {
		t.Fatalf("Parsing canned cert failed: %v", err)
	}
	cert := pubKey.(*ssh.Certificate)
	err = requestHandler.saveSigningRequest(envConfig, environment, "reason: testing", "DEADBEEFDEADBEEF", 1, cert)
	if err != nil {
		t.Fatalf("Should have succeeded. Failed with: %v", err)
	}

	err = requestHandler.addConfirmation("DEADBEEFDEADBEEF", "23:10:8d:d0:54:90:d5:d1:2e:4d:05:fe:4b:54:29:e4", envConfig, false)
	if err != nil {
		t.Fatalf("Sign should have worked. It failed: %v", err)
	}

	err = requestHandler.rejectRequest("DEADBEEFDEADBEEF", "23:10:8d:d0:54:90:d5:d1:2e:4d:05:fe:4b:54:29:e4", envConfig)
	if err != nil {
		t.Fatalf("Should have succeeded. Failed with: %v", err)
	}

	err = requestHandler.addConfirmation("DEADBEEFDEADBEEF", "23:10:8d:d0:54:90:d5:d1:2e:4d:05:fe:4b:54:29:e4", envConfig, false)
	if err == nil {
		t.Fatalf("Sign after reject should fail.")
	}
}
func TestCompareCertsPublicKey(t *testing.T) {
	boringCertOne, boringCertTwo := getTwoBoringCerts(t)
	boringCertTwo.Key, _, _, _, _ = ssh.ParseAuthorizedKey([]byte(signerPublicKeyString))
	if compareCerts(boringCertOne, boringCertTwo) {
		t.Fatalf("Certs should not have been equal.")
	}
}
Esempio n. 13
0
func (s *GandalfServer) addKeys(w http.ResponseWriter, r *http.Request) {
	userName := r.URL.Query().Get(":name")
	var keys map[string]string
	defer r.Body.Close()
	err := json.NewDecoder(r.Body).Decode(&keys)
	if err != nil {
		http.Error(w, err.Error(), http.StatusBadRequest)
		return
	}
	s.usersLock.Lock()
	defer s.usersLock.Unlock()
	userKeys, ok := s.keys[userName]
	if !ok {
		http.Error(w, user.ErrUserNotFound.Error(), http.StatusNotFound)
		return
	}
	for name, body := range keys {
		if _, _, _, _, err := ssh.ParseAuthorizedKey([]byte(body)); err != nil {
			http.Error(w, user.ErrInvalidKey.Error(), http.StatusBadRequest)
			return
		}
		for _, userKey := range userKeys {
			if name == userKey.Name {
				http.Error(w, user.ErrDuplicateKey.Error(), http.StatusConflict)
				return
			}
		}
	}
	for name, body := range keys {
		userKeys = append(userKeys, key{Name: name, Body: body})
	}
	s.keys[userName] = userKeys
}
func TestCanCreateHostFingerPrint(t *testing.T) {
	var key = []byte("ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDEbKq5U57fhzQ3SBbs3NVmgY2ouYZfPhc6cXBNEFpRT3T100fnbkYw+EHi76nwsp+uGxk08kh4GG881DrgotptrJj2dJxXpWp/SFdVu5S9fFU6l6dCTC9IBYYCCV8PvXbBZ3oDZyyyJT7/vXSaUdbk3x9MeNlYrgItm2KY6MdHYEg8R994Sspn1sE4Ydey5DfG/WNWVrzFCI0sWI3yj4zuCcUXFz9sEG8fIYikD9rNuohiMenWjkj6oLTwZGVW2q4wRL0051XBkmfnPD/H6gqOML9MbZQ8D6/+az0yF9oD61SkifhBNBRRNaIab/Np7XD61siR8zNMG/vCKjFGICnp andrew@localhost")
	publicKey, _, _, _, _ := ssh.ParseAuthorizedKey(key)
	in, out := sshTunnel.formatHostFingerprint(publicKey), "65:30:38:96:35:56:4f:64:64:e8:e3:a4:7d:59:3e:19"
	if in != out {
		t.Errorf("sshTunnel.formatHostFingerprint(key) = %v, want %v", in, out)
	}
}
Esempio n. 15
0
// toPublicKey parses a public key and returns an *rsa.PublicKey.
// credit to stackoverflow http://stackoverflow.com/q/31593329
func toPublicKey(key string) (*rsa.PublicKey, error) {
	raw := []byte(key)
	pub, _, _, _, err := ssh.ParseAuthorizedKey(raw)
	if err != nil {
		return nil, err
	}
	return reflect.ValueOf(pub).
		Convert(reflect.TypeOf(new(rsa.PublicKey))).Interface().(*rsa.PublicKey), nil
}
Esempio n. 16
0
// ParseAuthorisedKey parses a non-comment line from an
// authorized_keys file and returns the constituent parts.
// Based on description in "man sshd".
func ParseAuthorisedKey(line string) (*AuthorisedKey, error) {
	key, comment, _, _, err := ssh.ParseAuthorizedKey([]byte(line))
	if err != nil {
		return nil, fmt.Errorf("invalid authorized_key %q", line)
	}
	return &AuthorisedKey{
		Type:    key.Type(),
		Key:     key.Marshal(),
		Comment: comment,
	}, nil
}
Esempio n. 17
0
//export c_ParseAuthorizedKey
func c_ParseAuthorizedKey(in []byte) (uint64, *C.char, *C.char, *C.char, int, int, *C.char) {
	pkey, comment, options, rest, err := ssh.ParseAuthorizedKey(in)
	if err != nil {
		return IH, nil, nil, nil, 0, ErrorCodeInternal,
			C.CString(err.Error())
	}
	pkey_handle := RegisterObject(&pkey)
	mopt := strings.Join(options, "\xff")
	return uint64(pkey_handle), C.CString(comment), C.CString(mopt),
		C.CString(string(rest)), len(rest), ErrorCodeSuccess, nil
}
Esempio n. 18
0
func (opts *getConfigOpts) RunE(_ *cobra.Command, args []string) error {
	if len(args) > 0 {
		return errorWantedNoArgs
	}

	var marshal func(interface{}) ([]byte, error)
	switch opts.output {
	case "yaml":
		marshal = yaml.Marshal
	case "json":
		marshal = func(v interface{}) ([]byte, error) {
			return json.MarshalIndent(v, "", "  ")
		}
	default:
		return errors.New("unknown output format " + opts.output)
	}

	config, err := opts.API.GetConfig(noInstanceID)

	if err != nil {
		return err
	}

	if opts.fingerprint != "" && config.Git.Key != "" {
		pk, _, _, _, err := ssh.ParseAuthorizedKey([]byte(config.Git.Key))
		if err != nil {
			config.Git.Key = "unable to parse public key"
		} else {
			switch opts.fingerprint {
			case "md5":
				hash := md5.Sum(pk.Marshal())
				fingerprint := ""
				for i, b := range hash {
					fingerprint = fmt.Sprintf("%s%0.2x", fingerprint, b)
					if i < len(hash)-1 {
						fingerprint = fingerprint + ":"
					}
				}
				config.Git.Key = fingerprint
			case "sha256":
				hash := sha256.Sum256(pk.Marshal())
				config.Git.Key = strings.TrimRight(base64.StdEncoding.EncodeToString(hash[:]), "=")
			}
		}
	}

	// Since we always want to output whatever we got, use UnsafeInstanceConfig
	bytes, err := marshal(flux.UnsafeInstanceConfig(config))
	if err != nil {
		return errors.Wrap(err, "marshalling to output format "+opts.output)
	}
	os.Stdout.Write(bytes)
	return nil
}
Esempio n. 19
0
// loadPrivateKey loads an parses a PEM encoded private key file.
func loadPublicKey(path string) ssh.PublicKey {

	bs, err := ioutil.ReadFile(path)
	if err != nil {
		log.Fatal("error open public key file: ", err)
	}
	rsa, _, _, _, err2 := ssh.ParseAuthorizedKey(bs)
	if err2 != nil {
		log.Fatal("error cannot parse public key file: ", err2)
	}
	return rsa
}
Esempio n. 20
0
func (s *SSHKey) parse() error {
	var err error
	s.Pubkey, s.Comment, s.Options, s.Rest, err = ssh.ParseAuthorizedKey(s.Key)
	if err != nil {
		return err
	}
	s.Type = s.Pubkey.Type()

	// FIXME: compute bits
	// FIXME: check min/max key length
	return nil
}
Esempio n. 21
0
func loadPubKey(file string, path string) (string, error) {
	filePath := filepath.Join(path, file)

	sshKeyBytes, err := ioutil.ReadFile(filePath)
	if err != nil {
		return "", err
	}
	k, _, _, _, err := ssh.ParseAuthorizedKey(sshKeyBytes)
	if err != nil {
		return "", err
	}
	return base64.StdEncoding.EncodeToString(k.Marshal()), nil
}
Esempio n. 22
0
// Helper function to get the fingerprint of a SSH public key
func PublicKeyFingerprint(pubkey string) (string, string) {
	byteString := []byte(pubkey)

	pk, comment, _, _, err := ssh.ParseAuthorizedKey(byteString)
	if err != nil {
		return "", ""
	}

	hash := md5.Sum(pk.Marshal())
	fingerprint := Rfc4716Hex(hash[:])

	return fingerprint, comment
}
Esempio n. 23
0
func acceptPublicKey(keystr string) func(ssh.ConnMetadata, ssh.PublicKey) (*ssh.Permissions, error) {
	goodkey, _, _, _, err := ssh.ParseAuthorizedKey([]byte(keystr))
	if err != nil {
		panic(fmt.Errorf("error parsing key: %s", err))
	}
	return func(_ ssh.ConnMetadata, inkey ssh.PublicKey) (*ssh.Permissions, error) {
		if bytes.Compare(inkey.Marshal(), goodkey.Marshal()) == 0 {
			return nil, nil
		}

		return nil, fmt.Errorf("public key rejected")
	}
}
Esempio n. 24
0
// SSHGetFingerprint returns the fingerprint of an SSH key
func SSHGetFingerprint(key []byte) (string, error) {
	publicKey, comment, _, _, err := ssh.ParseAuthorizedKey(key)
	if err != nil {
		return "", err
	}
	switch reflect.TypeOf(publicKey).String() {
	case "*ssh.rsaPublicKey", "*ssh.dsaPublicKey", "*ssh.ecdsaPublicKey":
		md5sum := md5.Sum(publicKey.Marshal())
		return publicKey.Type() + " " + rfc4716hex(md5sum[:]) + " " + comment, nil
	default:
		return "", errors.New("Can't handle this key")
	}
}
func TestAuthorizedKeyShouldParse(t *testing.T) {
	testSubject, err := NewOpenSshKeyPairWithSize(512)
	if err != nil {
		t.Fatalf("Failed to create a new OpenSSH key pair, err=%s.", err)
	}

	authorizedKey := testSubject.AuthorizedKey()

	_, _, _, _, err = ssh.ParseAuthorizedKey([]byte(authorizedKey))
	if err != nil {
		t.Fatalf("Failed to parse the authorized key, err=%s", err)
	}
}
Esempio n. 26
0
func (c *SSHCluster) findSSHKeySigners() (signers []privateKeySigner) {
	keyDir := filepath.Join(c.sshDir())
	if stat, err := os.Stat(keyDir); err != nil || !stat.IsDir() {
		return
	}
	walkFunc := func(path string, info os.FileInfo, err error) error {
		if info.IsDir() {
			return nil
		}
		if strings.HasSuffix(path, ".pub") {
			return nil
		}
		data, err := ioutil.ReadFile(path)
		if err != nil {
			return nil
		}
		b, _ := pem.Decode(data)
		if b == nil {
			return nil
		}
		s := privateKeySigner{
			base:      c.base,
			path:      path,
			pem:       b,
			Encrypted: x509.IsEncryptedPEMBlock(b),
		}
		if s.Encrypted {
			publicKeyPath := fmt.Sprintf("%s.pub", path)
			if stat, err := os.Stat(publicKeyPath); err == nil && !stat.IsDir() {
				if data, err := ioutil.ReadFile(publicKeyPath); err == nil {
					pk, _, _, _, err := ssh.ParseAuthorizedKey(data)
					if err == nil {
						s.publicKey = pk
					}
				}
			}
			signers = append(signers, s)
			return nil
		}
		privateKey, err := x509.ParsePKCS1PrivateKey(b.Bytes)
		if err != nil {
			return nil
		}
		s.key = privateKey
		signers = append(signers, s)
		return nil
	}
	filepath.Walk(keyDir, walkFunc)
	sort.Sort(decryptedFirst(signers))
	return
}
Esempio n. 27
0
func handleSSHKeyAppend(args map[string]interface{}) error {
	var (
		token      = args["<token>"].(string)
		truncate   = args["-r"].(bool)
		sshKeysDir = args["-k"].(string)
	)

	sshKeyPath := filepath.Join(sshKeysDir, token)
	sshKeyDir := filepath.Dir(sshKeyPath)
	if _, err := os.Stat(sshKeyDir); os.IsNotExist(err) {
		err = os.MkdirAll(sshKeyDir, 0700)
		if err != nil {
			return err
		}
	}

	openFlags := os.O_CREATE | os.O_WRONLY

	if truncate {
		openFlags |= os.O_TRUNC
	} else {
		openFlags |= os.O_APPEND
	}

	sshKeyBytes, err := ioutil.ReadAll(os.Stdin)
	if err != nil {
		return err
	}

	_, comment, _, _, err := ssh.ParseAuthorizedKey(sshKeyBytes)
	if err != nil {
		return fmt.Errorf("can't parse key: %s", err)
	}

	keyFile, err := os.OpenFile(sshKeyPath, openFlags, 0644)

	if err != nil {
		return err
	}

	defer keyFile.Close()

	_, err = keyFile.Write(sshKeyBytes)
	if err != nil {
		return err
	}

	fmt.Println("Added new key with comment:", comment)

	return nil
}
Esempio n. 28
0
File: auth.go Progetto: nrolans/netb
func (a *authDB) Add(c *configClient) {
	// Parse SSH key
	k, _, _, _, err := ssh.ParseAuthorizedKey([]byte(c.Protocols.SCP.PublicKey))
	if err != nil {
		log.Fatalf("Failed to parse ssh public key for %s: %s", c.Hostname, err)
	}
	c.Protocols.SCP.parsedPublicKey = &k

	// Add to map
	a.clients[c.Hostname] = c
	for _, addr := range c.AdditionalAddresses {
		a.clients[addr] = c
	}
}
Esempio n. 29
0
func newUserKey(pubKeyFile string) (*userKey, error) {
	userKey := new(userKey)
	if len(pubKeyFile) > 0 {
		pubKeyBytes, err := ioutil.ReadFile(pubKeyFile)
		if err != nil {
			return nil, errors.New("Failed to read public key")
		}
		userKey.PublicKey, _, _, _, err = ssh.ParseAuthorizedKey(pubKeyBytes)
		if err != nil {
			return nil, errors.New("Failed to parse authorized key")
		}

		return userKey, nil
	}

	key, err := rsa.GenerateKey(rand.Reader, 2048)
	if err != nil {
		return nil, errors.New("Failed to generate key pair")
	}
	userKey.PublicKey, err = ssh.NewPublicKey(key.Public())
	if err != nil {
		return nil, errors.New("Failed to extract public key from generated key pair")
	}

	// To support Ansible calling back to us we need to write
	// this file down
	privateKeyDer := x509.MarshalPKCS1PrivateKey(key)
	privateKeyBlock := pem.Block{
		Type:    "RSA PRIVATE KEY",
		Headers: nil,
		Bytes:   privateKeyDer,
	}
	tf, err := ioutil.TempFile("", "ansible-key")
	if err != nil {
		return nil, errors.New("failed to create temp file for generated key")
	}
	_, err = tf.Write(pem.EncodeToMemory(&privateKeyBlock))
	if err != nil {
		return nil, errors.New("failed to write private key to temp file")
	}

	err = tf.Close()
	if err != nil {
		return nil, errors.New("failed to close private key temp file")
	}
	userKey.privKeyFile = tf.Name()

	return userKey, nil
}
Esempio n. 30
0
func newKey(name, user, raw string) (*Key, error) {
	key, comment, _, _, err := ssh.ParseAuthorizedKey([]byte(raw))
	if err != nil {
		return nil, ErrInvalidKey
	}
	body := ssh.MarshalAuthorizedKey(key.(ssh.PublicKey))
	k := Key{
		Name:      name,
		Body:      string(body),
		Comment:   comment,
		UserName:  user,
		CreatedAt: time.Now(),
	}
	return &k, nil
}