Пример #1
0
func makeSigner(keyname string) (signer ssh.Signer, err error) {
	fp, err := os.Open(keyname)
	if err != nil {
		return
	}
	defer fp.Close()

	buf, err := ioutil.ReadAll(fp)
	if err != nil {
		panic(err)
		return
	}

	key, err := ssh.ParseRawPrivateKey(buf)
	if err != nil {
		panic(err)
		return
	}
	signer, err = ssh.NewSignerFromKey(key)
	if err != nil {
		panic(err)
		return
	}
	return
}
Пример #2
0
// remoteCmdOutput runs the given command on a remote server at the given hostname as the given user.
func remoteCmdOutput(username, hostname, cmd string, privateKey []byte) (b []byte, err error) {
	p, err := ssh.ParseRawPrivateKey(privateKey)
	if err != nil {
		return b, err
	}
	s, err := ssh.NewSignerFromKey(p)
	if err != nil {
		return b, err
	}
	pub := ssh.PublicKeys(s)
	clientConfig := &ssh.ClientConfig{
		User: username,
		Auth: []ssh.AuthMethod{pub},
	}
	client, err := ssh.Dial("tcp", hostname, clientConfig)
	if err != nil {
		return b, errors.New("ERROR: Failed to dial: " + err.Error())
	}
	defer client.Close()
	session, err := client.NewSession()
	if err != nil {
		return b, errors.New("ERROR: Failed to create session: " + err.Error())
	}
	defer session.Close()
	b, err = session.Output(cmd)
	if err != nil {
		return b, fmt.Errorf("ERROR: Failed to run cmd on host %s: %s", hostname, err.Error())
	}
	return b, nil
}
Пример #3
0
func TestSSHPrivateFingerprint(t *testing.T) {
	Convey("Test generating SSH private key fingerprint", t, func() {
		tmp, err := ioutil.ReadFile("testdata/testkey")
		panic_the_err(err)
		key, err := ssh.ParseRawPrivateKey(tmp)
		privkey := key.(*rsa.PrivateKey)
		panic_the_err(err)
		fingerprint, err := SSHPrivateFingerprint(*privkey)
		So(err, ShouldEqual, nil)
		So(fingerprint, ShouldEqual, "c0:61:84:fc:e8:c9:52:dc:cd:a9:8e:82:a2:70:0a:30")
	})
}
Пример #4
0
func TestDecodeAESCredential(t *testing.T) {
	Convey("Test decoding an AES-encrypted ciphertext", t, func() {
		ciphertext := "eyJFbmNvZGVkS2V5IjoicDI5R3NmSmhIVjYvRGd3cmd1d040aDhKTmErTGJkZ0VHcU5vaVB6c1Rnb3IrOEJsQnJTVW1rWGZQTlFvRnY4NHdlcGkvYmd4ZmNyYlpDWm5iMEx4bW9pVjhjMERZYlE5M3F1d0ptK2VBNVhSVlZzTFZodUk1RG9rOENMbkwxOEl5aXc4OENWMXR6ZkJOUWNnQVdBckpsNHBMdzZEbkVFS21NOHRabCtNRUVnTlFjVStybUprKytZbU1ubW44KzVEU1Q5TWtLQ0lxeHl2eVNCRGYxVGkrS2ZHNTlXajkybGQycGZ1Q3k5YWREYlQ2azc0ZG1MbFkvOTlZMWVDZkREMmJWZjNueWJrUkg2UTM3bXNQVHpnbGRaWE56cjBoeStTUERTZHozU0lBSmZGZGw1dy9ka3pYTms2TXcwaHMxbjhRR1BsdnBMOFI1MzF1Rit5a3c5STh3PT0iLCJDaXBoZXJ0ZXh0Ijoiem5Cc2ZxbmJwYTFtdEF6Q09GMVZpU3VsUlRQSGZIblE1UEREZzluYyJ9"
		tmp, err := ioutil.ReadFile("testdata/testkey")
		panic_the_err(err)
		key, err := ssh.ParseRawPrivateKey(tmp)
		privkey := key.(*rsa.PrivateKey)
		panic_the_err(err)
		plaintext, err := CredulousDecodeAES(ciphertext, privkey)
		So(err, ShouldEqual, nil)
		So(plaintext, ShouldEqual, "some plaintext")
	})
}
func GeneratePublicKey(privateKey []byte) (string, error) {
	rsaPK, err := ssh.ParseRawPrivateKey(privateKey)
	if err != nil {
		return "", err
	}

	sshPK := rsaPK.(*rsa.PrivateKey)
	sshPubKey, err := ssh.NewPublicKey(&sshPK.PublicKey)
	if err != nil {
		return "", err
	}

	return MarshalPublickKey(sshPubKey), nil
}
Пример #6
0
func TestDecodeWithSalt(t *testing.T) {
	Convey("Test Decode a string", t, func() {
		ciphertext := "sGhPCj9OCe0hv9PvWQvsu289sMsVNfqpyQDRCgXo+PwDMlXmRVXa5ErkkHNwyuYWFr9u1gkytiue7Dol4duvPycUYqpdeOOrfAMWkLWKGrO6tgTYtxMjVYBtp3negl2OeJqHFs6h/UwmNaO6IP2z2R8vPctmMmpwrkdzokiiPx6WKLDP17eoC+Q+zvDUqSTgqnSiwbjb+gFGFt7NTH65gHHHtwbm2wr45Oce4+LfddGo8V7A52ZjVlTHHdK+OiJzHmN8KMTAUi1d0ULI7oW+BfAX7iyA1SyvFx0oJHJ/dDidxPUm7i2vEeKtXU5BS8THv5dk01BwByJU+kl3qenCTA=="
		tmp, err := ioutil.ReadFile("testdata/testkey")
		panic_the_err(err)
		key, err := ssh.ParseRawPrivateKey(tmp)
		privkey := key.(*rsa.PrivateKey)
		panic_the_err(err)
		salt := "pepper"
		plaintext, err := CredulousDecodeWithSalt(ciphertext, salt, privkey)
		panic_the_err(err)
		So(plaintext, ShouldEqual, "some plaintext")
	})
}
Пример #7
0
func (c *container) dialSSH() (*ssh.Client, error) {
	key, err := ssh.ParseRawPrivateKey([]byte(c.PrivateKey))
	if err != nil {
		return nil, err
	}
	signer, err := ssh.NewSignerFromKey(key)
	if err != nil {
		return nil, err
	}
	host := c.HostAddr + ":" + c.SSHHostPort
	config := ssh.ClientConfig{
		Config: ssh.Config{Rand: rand.Reader},
		Auth:   []ssh.AuthMethod{ssh.PublicKeys(signer)},
		User:   c.User,
	}
	return ssh.Dial("tcp", host, &config)
}
Пример #8
0
// A method for the construction of the configuration
// object necessary for the connection to the host.
func (s *Session) NewConfig(user user) error {

	// get the content of the private key file
	key, err := loadPEM(os.ExpandEnv(tools.Expanduser(user.GetPrivateKey())))
	if err != nil {
		return err
	}

	// parse the key
	parsed, err := ssh.ParseRawPrivateKey(key)
	if err != nil {
		formatter.ColoredPrintln(
			formatter.Red,
			false,
			"Can't parse the private key!\n",
			"Reason is: ", err.Error(),
		)

	}

	// convert into signer
	signer, err := ssh.NewSignerFromKey(parsed)
	if err != nil {
		formatter.ColoredPrintln(
			formatter.Red,
			false,
			"Can't create signer from private key!\n",
			"Reason is: ", err.Error(),
		)

	}

	// Construct the configuration with password authentication
	s.Config = &ssh.ClientConfig{
		User: user.GetUsername(),
		Auth: []ssh.AuthMethod{
			ssh.PublicKeys(signer),
		},
	}

	return nil
}
Пример #9
0
func init() {
	var err error

	n := len(testdata.PEMBytes)
	testPrivateKeys = make(map[string]interface{}, n)
	testSigners = make(map[string]ssh.Signer, n)
	testPublicKeys = make(map[string]ssh.PublicKey, n)
	for t, k := range testdata.PEMBytes {
		testPrivateKeys[t], err = ssh.ParseRawPrivateKey(k)
		if err != nil {
			panic(fmt.Sprintf("Unable to parse test key %s: %v", t, err))
		}
		testSigners[t], err = ssh.NewSignerFromKey(testPrivateKeys[t])
		if err != nil {
			panic(fmt.Sprintf("Unable to create signer for test key %s: %v", t, err))
		}
		testPublicKeys[t] = testSigners[t].PublicKey()
	}

	// Create a cert and sign it for use in tests.
	testCert := &ssh.Certificate{
		Nonce:           []byte{},                       // To pass reflect.DeepEqual after marshal & parse, this must be non-nil
		ValidPrincipals: []string{"gopher1", "gopher2"}, // increases test coverage
		ValidAfter:      0,                              // unix epoch
		ValidBefore:     ssh.CertTimeInfinity,           // The end of currently representable time.
		Reserved:        []byte{},                       // To pass reflect.DeepEqual after marshal & parse, this must be non-nil
		Key:             testPublicKeys["ecdsa"],
		SignatureKey:    testPublicKeys["rsa"],
		Permissions: ssh.Permissions{
			CriticalOptions: map[string]string{},
			Extensions:      map[string]string{},
		},
	}
	testCert.SignCert(rand.Reader, testSigners["rsa"])
	testPrivateKeys["cert"] = testPrivateKeys["ecdsa"]
	testSigners["cert"], err = ssh.NewCertSigner(testCert, testSigners["ecdsa"])
	if err != nil {
		panic(fmt.Sprintf("Unable to create certificate signer: %v", err))
	}
}
Пример #10
0
func (c *Config) populateAuthMethods() error {
	privKeyText, err := ioutil.ReadFile(c.privateKeyFile)
	if err != nil {
		return err
	}

	privKey, err := ssh.ParseRawPrivateKey(privKeyText)
	if err != nil {
		return err
	}

	signer, err := ssh.NewSignerFromKey(privKey)
	if err != nil {
		return err
	}

	c.authMethods = []ssh.AuthMethod{
		ssh.PublicKeys(signer),
	}

	return nil
}
Пример #11
0
func loadPrivateKey(filename string) (privateKey *rsa.PrivateKey, err error) {
	var tmp []byte

	if tmp, err = ioutil.ReadFile(filename); err != nil {
		return &rsa.PrivateKey{}, err
	}

	pemblock, _ := pem.Decode([]byte(tmp))
	if x509.IsEncryptedPEMBlock(pemblock) {
		if tmp, err = decryptPEM(pemblock, filename); err != nil {
			return &rsa.PrivateKey{}, err
		}
	} else {
		log.Print("WARNING: Your private SSH key has no passphrase!")
	}

	key, err := ssh.ParseRawPrivateKey(tmp)
	if err != nil {
		return &rsa.PrivateKey{}, err
	}
	privateKey = key.(*rsa.PrivateKey)
	return privateKey, nil
}