diff options
| author | Paul Buetow <paul@buetow.org> | 2026-02-03 17:09:18 +0200 |
|---|---|---|
| committer | Paul Buetow <pbuetow@mimecast.com> | 2026-02-03 17:09:34 +0200 |
| commit | d89b9e6760e2aadf9779faa6f23678f67c731e1e (patch) | |
| tree | 5e5136a70a0fd2f315c4751c31629fd97de4ece9 /internal/ssh/ssh.go | |
| parent | 4cbd559c5d66a82358029dc4b00f5174c94c8ebc (diff) | |
Add SSH agent key selection and fix MapReduce outfile handling
This commit adds two major features and fixes:
1. SSH Agent Key Selection:
- Add --agentKeyIndex flag to select specific SSH agent key (0-based)
- Solves "too many authentication failures" with multiple SSH keys
- Default -1 uses all keys (backwards compatible)
- Available in dtail, dcat, dgrep, dmap commands
2. MapReduce Outfile Fixes:
- CSV files now written at every interval, not just on exit
- Proper signal handling (SIGTERM/SIGINT) with graceful shutdown
- 5-second grace period for cleanup before force exit
- Fixes issue where outfile remained as .tmp during execution
Usage:
dtail --servers host --agentKeyIndex 0 --query '...' outfile results.csv
This is particularly useful with YubiKey/hardware tokens where many
keys are loaded in the SSH agent, and for monitoring MapReduce results
in real-time as they're computed.
Co-authored-by: Cursor <cursoragent@cursor.com>
Diffstat (limited to 'internal/ssh/ssh.go')
| -rw-r--r-- | internal/ssh/ssh.go | 30 |
1 files changed, 29 insertions, 1 deletions
diff --git a/internal/ssh/ssh.go b/internal/ssh/ssh.go index 32e01b3..41cce05 100644 --- a/internal/ssh/ssh.go +++ b/internal/ssh/ssh.go @@ -43,6 +43,12 @@ func EncodePrivateKeyToPEM(privateKey *rsa.PrivateKey) []byte { // Agent used for SSH auth. func Agent() (gossh.AuthMethod, error) { + return AgentWithKeyIndex(-1) +} + +// AgentWithKeyIndex used for SSH auth with a specific key index from the agent. +// If keyIndex is -1, all keys are used. Otherwise, only the specified key is used. +func AgentWithKeyIndex(keyIndex int) (gossh.AuthMethod, error) { sshAgent, err := net.Dial("unix", os.Getenv("SSH_AUTH_SOCK")) if err != nil { return nil, fmt.Errorf("failed to connect to SSH agent: %w", err) @@ -55,7 +61,29 @@ func Agent() (gossh.AuthMethod, error) { for i, key := range keys { dlog.Common.Debug("Public key", i, key) } - return gossh.PublicKeysCallback(agentClient.Signers), nil + + // If no specific key index requested, use all keys (backwards compatible default) + if keyIndex < 0 { + return gossh.PublicKeysCallback(agentClient.Signers), nil + } + + // Use only the specified key index (0-based) + if keyIndex >= len(keys) { + return nil, fmt.Errorf("key index %d out of range (agent has %d keys)", keyIndex, len(keys)) + } + + dlog.Common.Debug("Using SSH agent key at index", keyIndex) + return gossh.PublicKeysCallback(func() ([]gossh.Signer, error) { + signers, err := agentClient.Signers() + if err != nil { + return nil, err + } + if keyIndex >= len(signers) { + return nil, fmt.Errorf("key index %d out of range (agent has %d signers)", keyIndex, len(signers)) + } + // Return only the specified signer + return []gossh.Signer{signers[keyIndex]}, nil + }), nil } // EnterKeyPhrase is required to read phrase protected private keys. |