func (s *ClientKeysSuite) TestPrivateKeyFiles(c *gc.C) {
// Create/load client keys. They will be cached in memory:
// any files added to the directory will not be considered
// unless LoadClientKeys is called again.
err := ssh.LoadClientKeys("~/.juju/ssh")
c.Assert(err, jc.ErrorIsNil)
checkPrivateKeyFiles(c, "~/.juju/ssh/juju_id_rsa")
priv, pub, err := ssh.GenerateKey("whatever")
c.Assert(err, jc.ErrorIsNil)
err = ioutil.WriteFile(gitjujutesting.HomePath(".juju", "ssh", "whatever"), []byte(priv), 0600)
c.Assert(err, jc.ErrorIsNil)
err = ssh.LoadClientKeys("~/.juju/ssh")
c.Assert(err, jc.ErrorIsNil)
// The new private key won't be observed until the
// corresponding public key exists.
checkPrivateKeyFiles(c, "~/.juju/ssh/juju_id_rsa")
err = ioutil.WriteFile(gitjujutesting.HomePath(".juju", "ssh", "whatever.pub"), []byte(pub), 0600)
c.Assert(err, jc.ErrorIsNil)
// new keys won't be reported until we call LoadClientKeys again
checkPublicKeyFiles(c, "~/.juju/ssh/juju_id_rsa.pub")
checkPrivateKeyFiles(c, "~/.juju/ssh/juju_id_rsa")
err = ssh.LoadClientKeys("~/.juju/ssh")
c.Assert(err, jc.ErrorIsNil)
checkPublicKeyFiles(c, "~/.juju/ssh/juju_id_rsa.pub", "~/.juju/ssh/whatever.pub")
checkPrivateKeyFiles(c, "~/.juju/ssh/juju_id_rsa", "~/.juju/ssh/whatever")
}
func (s *ClientKeysSuite) TestLoadClientKeysDirExists(c *gc.C) {
err := os.MkdirAll(gitjujutesting.HomePath(".juju", "ssh"), 0755)
c.Assert(err, jc.ErrorIsNil)
err = ssh.LoadClientKeys("~/.juju/ssh")
c.Assert(err, jc.ErrorIsNil)
checkPrivateKeyFiles(c, "~/.juju/ssh/juju_id_rsa")
}
// InitJujuHome initializes the charm cache, environs/config and utils/ssh packages
// to use default paths based on the $JUJU_HOME or $HOME environment variables.
// This function should be called before running a Juju CLI command.
func InitJujuHome() error {
jujuHome := osenv.JujuHomeDir()
if jujuHome == "" {
return stderrors.New(
"cannot determine juju home, required environment variables are not set")
}
osenv.SetJujuHome(jujuHome)
charmrepo.CacheDir = osenv.JujuHomePath("charmcache")
if err := ssh.LoadClientKeys(osenv.JujuHomePath("ssh")); err != nil {
return fmt.Errorf("cannot load ssh client keys: %v", err)
}
return nil
}
func (s *ClientKeysSuite) TestPublicKeyFiles(c *gc.C) {
// LoadClientKeys will create the specified directory
// and populate it with a key pair.
err := ssh.LoadClientKeys("~/.juju/ssh")
c.Assert(err, jc.ErrorIsNil)
checkPublicKeyFiles(c, "~/.juju/ssh/juju_id_rsa.pub")
// All files ending with .pub in the client key dir get picked up.
priv, pub, err := ssh.GenerateKey("whatever")
c.Assert(err, jc.ErrorIsNil)
err = ioutil.WriteFile(gitjujutesting.HomePath(".juju", "ssh", "whatever.pub"), []byte(pub), 0600)
c.Assert(err, jc.ErrorIsNil)
err = ssh.LoadClientKeys("~/.juju/ssh")
c.Assert(err, jc.ErrorIsNil)
// The new public key won't be observed until the
// corresponding private key exists.
checkPublicKeyFiles(c, "~/.juju/ssh/juju_id_rsa.pub")
err = ioutil.WriteFile(gitjujutesting.HomePath(".juju", "ssh", "whatever"), []byte(priv), 0600)
c.Assert(err, jc.ErrorIsNil)
err = ssh.LoadClientKeys("~/.juju/ssh")
c.Assert(err, jc.ErrorIsNil)
checkPublicKeyFiles(c, "~/.juju/ssh/juju_id_rsa.pub", "~/.juju/ssh/whatever.pub")
}
func (s *SSHCommandSuite) TestCommandClientKeys(c *gc.C) {
defer overrideGenerateKey(c).Restore()
clientKeysDir := c.MkDir()
defer ssh.ClearClientKeys()
err := ssh.LoadClientKeys(clientKeysDir)
c.Assert(err, gc.IsNil)
ck := filepath.Join(clientKeysDir, "juju_id_rsa")
var opts ssh.Options
opts.SetIdentities("x", "y")
s.assertCommandArgs(c, s.commandOptions([]string{echoCommand, "123"}, &opts),
fmt.Sprintf("%s -o StrictHostKeyChecking no -o PasswordAuthentication no -o ServerAliveInterval 30 -i x -i y -i %s localhost %s 123",
s.fakessh, ck, echoCommand),
)
}
func (s *SSHGoCryptoCommandSuite) TestClientNoKeys(c *gc.C) {
client, err := ssh.NewGoCryptoClient()
c.Assert(err, gc.IsNil)
cmd := client.Command("0.1.2.3", []string{"echo", "123"}, nil)
_, err = cmd.Output()
c.Assert(err, gc.ErrorMatches, "no private keys available")
defer ssh.ClearClientKeys()
err = ssh.LoadClientKeys(c.MkDir())
c.Assert(err, gc.IsNil)
s.PatchValue(ssh.SSHDial, func(network, address string, cfg *cryptossh.ClientConfig) (*cryptossh.Client, error) {
return nil, errors.New("ssh.Dial failed")
})
cmd = client.Command("0.1.2.3", []string{"echo", "123"}, nil)
_, err = cmd.Output()
// error message differs based on whether using cgo or not
c.Assert(err, gc.ErrorMatches, "ssh.Dial failed")
}
func (s *AuthKeysSuite) TestReadAuthorizedKeysClientKeys(c *gc.C) {
keydir := filepath.Join(s.dotssh, "juju")
err := ssh.LoadClientKeys(keydir) // auto-generates a key pair
c.Assert(err, gc.IsNil)
pubkeyFiles := ssh.PublicKeyFiles()
c.Assert(pubkeyFiles, gc.HasLen, 1)
data, err := ioutil.ReadFile(pubkeyFiles[0])
c.Assert(err, gc.IsNil)
prefix := strings.Trim(string(data), "\n") + "\n"
writeFile(c, filepath.Join(s.dotssh, "id_rsa.pub"), "id_rsa")
writeFile(c, filepath.Join(s.dotssh, "test.pub"), "test")
keys, err := config.ReadAuthorizedKeys("")
c.Assert(err, gc.IsNil)
c.Assert(keys, gc.Equals, prefix+"id_rsa\n")
keys, err = config.ReadAuthorizedKeys("test.pub")
c.Assert(err, gc.IsNil)
c.Assert(keys, gc.Equals, prefix+"test\n")
keys, err = config.ReadAuthorizedKeys("notthere.pub")
c.Assert(err, gc.IsNil)
c.Assert(keys, gc.Equals, prefix)
}