From fe3e68afd99d8ea246be52893730f987e138ec24 Mon Sep 17 00:00:00 2001 From: Paul Buetow Date: Sun, 19 Sep 2021 13:22:59 +0300 Subject: move args to config package logger package rewrite as dlog --- internal/ssh/client/authmethods.go | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) (limited to 'internal/ssh/client/authmethods.go') diff --git a/internal/ssh/client/authmethods.go b/internal/ssh/client/authmethods.go index 2ff80b2..4508319 100644 --- a/internal/ssh/client/authmethods.go +++ b/internal/ssh/client/authmethods.go @@ -4,7 +4,7 @@ import ( "os" "github.com/mimecast/dtail/internal/config" - "github.com/mimecast/dtail/internal/io/logger" + "github.com/mimecast/dtail/internal/io/dlog" "github.com/mimecast/dtail/internal/ssh" gossh "golang.org/x/crypto/ssh" @@ -15,7 +15,7 @@ func InitSSHAuthMethods(sshAuthMethods []gossh.AuthMethod, hostKeyCallback gossh if len(sshAuthMethods) > 0 { simpleCallback, err := NewSimpleCallback() if err != nil { - logger.FatalExit(err) + dlog.Common.FatalPanic(err) } return sshAuthMethods, simpleCallback } @@ -29,13 +29,13 @@ func initKnownHostsAuthMethods(trustAllHosts bool, throttleCh chan struct{}, pri knownHostsPath := os.Getenv("HOME") + "/.ssh/known_hosts" knownHostsCallback, err := NewKnownHostsCallback(knownHostsPath, trustAllHosts, throttleCh) if err != nil { - logger.FatalExit(knownHostsPath, err) + dlog.Common.FatalPanic(knownHostsPath, err) } - logger.Debug("initKnownHostsAuthMethods", "Added known hosts file path", knownHostsPath) + dlog.Common.Debug("initKnownHostsAuthMethods", "Added known hosts file path", knownHostsPath) if config.Common.ExperimentalFeaturesEnable { sshAuthMethods = append(sshAuthMethods, gossh.Password("experimental feature test")) - logger.Debug("initKnownHostsAuthMethods", "Added experimental method to list of auth methods") + dlog.Common.Debug("initKnownHostsAuthMethods", "Added experimental method to list of auth methods") } // First try to read custom private key path. @@ -43,41 +43,41 @@ func initKnownHostsAuthMethods(trustAllHosts bool, throttleCh chan struct{}, pri authMethod, err := ssh.PrivateKey(privateKeyPath) if err == nil { sshAuthMethods = append(sshAuthMethods, authMethod) - logger.Debug("initKnownHostsAuthMethods", "Added path to list of auth methods, not adding further methods", privateKeyPath) + dlog.Common.Debug("initKnownHostsAuthMethods", "Added path to list of auth methods, not adding further methods", privateKeyPath) return sshAuthMethods, knownHostsCallback } - logger.FatalExit("Unable to use private SSH key", privateKeyPath, err) + dlog.Common.FatalPanic("Unable to use private SSH key", privateKeyPath, err) } // Second, try SSH Agent authMethod, err := ssh.Agent() if err == nil { sshAuthMethods = append(sshAuthMethods, authMethod) - logger.Debug("initKnownHostsAuthMethods", "Added SSH Agent (SSH_AUTH_SOCK) to list of auth methods, not adding further methods") + dlog.Common.Debug("initKnownHostsAuthMethods", "Added SSH Agent (SSH_AUTH_SOCK) to list of auth methods, not adding further methods") return sshAuthMethods, knownHostsCallback } - logger.Debug("initKnownHostsAuthMethods", "Unable to init SSH Agent auth method", err) + dlog.Common.Debug("initKnownHostsAuthMethods", "Unable to init SSH Agent auth method", err) // Third, try Linux/UNIX default key paths privateKeyPath = os.Getenv("HOME") + "/.ssh/id_rsa" authMethod, err = ssh.PrivateKey(privateKeyPath) if err == nil { sshAuthMethods = append(sshAuthMethods, authMethod) - logger.Debug("initKnownHostsAuthmethods", "Added path to list of auth methods, not adding further methods", privateKeyPath) + dlog.Common.Debug("initKnownHostsAuthmethods", "Added path to list of auth methods, not adding further methods", privateKeyPath) return sshAuthMethods, knownHostsCallback } - logger.Debug("initKnownHostsAuthMethods", "Unable to use private key", privateKeyPath, err) + dlog.Common.Debug("initKnownHostsAuthMethods", "Unable to use private key", privateKeyPath, err) privateKeyPath = os.Getenv("HOME") + "/.ssh/id_dsa" authMethod, err = ssh.PrivateKey(privateKeyPath) if err == nil { sshAuthMethods = append(sshAuthMethods, authMethod) - logger.Debug("initKnownHostsAuthmethods", "Added path to list of auth methods, not adding further methods", privateKeyPath) + dlog.Common.Debug("initKnownHostsAuthmethods", "Added path to list of auth methods, not adding further methods", privateKeyPath) return sshAuthMethods, knownHostsCallback } - logger.Debug("initKnownHostsAuthMethods", "Unable to use private key", privateKeyPath, err) + dlog.Common.Debug("initKnownHostsAuthMethods", "Unable to use private key", privateKeyPath, err) - logger.FatalExit("Unable to find private SSH key information") + dlog.Common.FatalPanic("Unable to find private SSH key information") // Never reach this point. return sshAuthMethods, knownHostsCallback -- cgit v1.2.3 From 97747ea0f3178f7f5890512d483fdccaa82846b0 Mon Sep 17 00:00:00 2001 From: Paul Buetow Date: Sat, 9 Oct 2021 21:10:29 +0300 Subject: vetting and linting and some code restyling --- internal/ssh/client/authmethods.go | 41 ++++++++++++++++++++++++-------------- 1 file changed, 26 insertions(+), 15 deletions(-) (limited to 'internal/ssh/client/authmethods.go') diff --git a/internal/ssh/client/authmethods.go b/internal/ssh/client/authmethods.go index 4508319..ced1fb9 100644 --- a/internal/ssh/client/authmethods.go +++ b/internal/ssh/client/authmethods.go @@ -11,7 +11,10 @@ import ( ) // InitSSHAuthMethods initialises all known SSH auth methods on the client side. -func InitSSHAuthMethods(sshAuthMethods []gossh.AuthMethod, hostKeyCallback gossh.HostKeyCallback, trustAllHosts bool, throttleCh chan struct{}, privateKeyPath string) ([]gossh.AuthMethod, HostKeyCallback) { +func InitSSHAuthMethods(sshAuthMethods []gossh.AuthMethod, + hostKeyCallback gossh.HostKeyCallback, trustAllHosts bool, throttleCh chan struct{}, + privateKeyPath string) ([]gossh.AuthMethod, HostKeyCallback) { + if len(sshAuthMethods) > 0 { simpleCallback, err := NewSimpleCallback() if err != nil { @@ -19,20 +22,21 @@ func InitSSHAuthMethods(sshAuthMethods []gossh.AuthMethod, hostKeyCallback gossh } return sshAuthMethods, simpleCallback } - return initKnownHostsAuthMethods(trustAllHosts, throttleCh, privateKeyPath) } -func initKnownHostsAuthMethods(trustAllHosts bool, throttleCh chan struct{}, privateKeyPath string) ([]gossh.AuthMethod, HostKeyCallback) { - var sshAuthMethods []gossh.AuthMethod +func initKnownHostsAuthMethods(trustAllHosts bool, throttleCh chan struct{}, + privateKeyPath string) ([]gossh.AuthMethod, HostKeyCallback) { + var sshAuthMethods []gossh.AuthMethod knownHostsPath := os.Getenv("HOME") + "/.ssh/known_hosts" - knownHostsCallback, err := NewKnownHostsCallback(knownHostsPath, trustAllHosts, throttleCh) + knownHostsCallback, err := NewKnownHostsCallback(knownHostsPath, trustAllHosts, + throttleCh) if err != nil { dlog.Common.FatalPanic(knownHostsPath, err) } - dlog.Common.Debug("initKnownHostsAuthMethods", "Added known hosts file path", knownHostsPath) - + dlog.Common.Debug("initKnownHostsAuthMethods", "Added known hosts file path", + knownHostsPath) if config.Common.ExperimentalFeaturesEnable { sshAuthMethods = append(sshAuthMethods, gossh.Password("experimental feature test")) dlog.Common.Debug("initKnownHostsAuthMethods", "Added experimental method to list of auth methods") @@ -43,7 +47,9 @@ func initKnownHostsAuthMethods(trustAllHosts bool, throttleCh chan struct{}, pri authMethod, err := ssh.PrivateKey(privateKeyPath) if err == nil { sshAuthMethods = append(sshAuthMethods, authMethod) - dlog.Common.Debug("initKnownHostsAuthMethods", "Added path to list of auth methods, not adding further methods", privateKeyPath) + dlog.Common.Debug("initKnownHostsAuthMethods", + "Added path to list of auth methods, not adding further methods", + privateKeyPath) return sshAuthMethods, knownHostsCallback } dlog.Common.FatalPanic("Unable to use private SSH key", privateKeyPath, err) @@ -53,30 +59,35 @@ func initKnownHostsAuthMethods(trustAllHosts bool, throttleCh chan struct{}, pri authMethod, err := ssh.Agent() if err == nil { sshAuthMethods = append(sshAuthMethods, authMethod) - dlog.Common.Debug("initKnownHostsAuthMethods", "Added SSH Agent (SSH_AUTH_SOCK) to list of auth methods, not adding further methods") + dlog.Common.Debug("initKnownHostsAuthMethods", "Added SSH Agent (SSH_AUTH_SOCK)"+ + "to list of auth methods, not adding further methods") return sshAuthMethods, knownHostsCallback } - dlog.Common.Debug("initKnownHostsAuthMethods", "Unable to init SSH Agent auth method", err) + dlog.Common.Debug("initKnownHostsAuthMethods", + "Unable to init SSH Agent auth method", err) // Third, try Linux/UNIX default key paths privateKeyPath = os.Getenv("HOME") + "/.ssh/id_rsa" authMethod, err = ssh.PrivateKey(privateKeyPath) if err == nil { sshAuthMethods = append(sshAuthMethods, authMethod) - dlog.Common.Debug("initKnownHostsAuthmethods", "Added path to list of auth methods, not adding further methods", privateKeyPath) + dlog.Common.Debug("initKnownHostsAuthmethods", + "Added path to list of auth methods, not adding further methods", privateKeyPath) return sshAuthMethods, knownHostsCallback } - dlog.Common.Debug("initKnownHostsAuthMethods", "Unable to use private key", privateKeyPath, err) + dlog.Common.Debug("initKnownHostsAuthMethods", "Unable to use private key", + privateKeyPath, err) privateKeyPath = os.Getenv("HOME") + "/.ssh/id_dsa" authMethod, err = ssh.PrivateKey(privateKeyPath) if err == nil { sshAuthMethods = append(sshAuthMethods, authMethod) - dlog.Common.Debug("initKnownHostsAuthmethods", "Added path to list of auth methods, not adding further methods", privateKeyPath) + dlog.Common.Debug("initKnownHostsAuthmethods", + "Added path to list of auth methods, not adding further methods", privateKeyPath) return sshAuthMethods, knownHostsCallback } - dlog.Common.Debug("initKnownHostsAuthMethods", "Unable to use private key", privateKeyPath, err) - + dlog.Common.Debug("initKnownHostsAuthMethods", "Unable to use private key", + privateKeyPath, err) dlog.Common.FatalPanic("Unable to find private SSH key information") // Never reach this point. -- cgit v1.2.3 From 10314cef906fd9b73e003be69c2f6b7b3d66570c Mon Sep 17 00:00:00 2001 From: Paul Buetow Date: Fri, 15 Oct 2021 13:20:48 +0300 Subject: Can configure DTail client not to mess with ~/.ssh/known_hosts via env var - this is useful for running unit and integration tests in jenkins --- internal/ssh/client/authmethods.go | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) (limited to 'internal/ssh/client/authmethods.go') diff --git a/internal/ssh/client/authmethods.go b/internal/ssh/client/authmethods.go index ced1fb9..089a66a 100644 --- a/internal/ssh/client/authmethods.go +++ b/internal/ssh/client/authmethods.go @@ -35,8 +35,7 @@ func initKnownHostsAuthMethods(trustAllHosts bool, throttleCh chan struct{}, if err != nil { dlog.Common.FatalPanic(knownHostsPath, err) } - dlog.Common.Debug("initKnownHostsAuthMethods", "Added known hosts file path", - knownHostsPath) + dlog.Common.Debug("initKnownHostsAuthMethods", "Added known hosts file path", knownHostsPath) if config.Common.ExperimentalFeaturesEnable { sshAuthMethods = append(sshAuthMethods, gossh.Password("experimental feature test")) dlog.Common.Debug("initKnownHostsAuthMethods", "Added experimental method to list of auth methods") @@ -88,7 +87,11 @@ func initKnownHostsAuthMethods(trustAllHosts bool, throttleCh chan struct{}, } dlog.Common.Debug("initKnownHostsAuthMethods", "Unable to use private key", privateKeyPath, err) - dlog.Common.FatalPanic("Unable to find private SSH key information") + + // This is only a panic when we expect to do something about it. + if !config.Client.SSHDontAddHostsToKnownHostsFile { + dlog.Common.FatalPanic("Unable to find private SSH key information") + } // Never reach this point. return sshAuthMethods, knownHostsCallback -- cgit v1.2.3 From 0908282e8b3c09f603fd4083fd7f075c4535e939 Mon Sep 17 00:00:00 2001 From: Paul Buetow Date: Thu, 21 Oct 2021 21:00:47 +0300 Subject: backport ECDSA key support form master --- internal/ssh/client/authmethods.go | 38 ++++++++++++++++++++++++-------------- 1 file changed, 24 insertions(+), 14 deletions(-) (limited to 'internal/ssh/client/authmethods.go') diff --git a/internal/ssh/client/authmethods.go b/internal/ssh/client/authmethods.go index 089a66a..b1e514d 100644 --- a/internal/ssh/client/authmethods.go +++ b/internal/ssh/client/authmethods.go @@ -18,7 +18,7 @@ func InitSSHAuthMethods(sshAuthMethods []gossh.AuthMethod, if len(sshAuthMethods) > 0 { simpleCallback, err := NewSimpleCallback() if err != nil { - dlog.Common.FatalPanic(err) + dlog.Client.FatalPanic(err) } return sshAuthMethods, simpleCallback } @@ -33,12 +33,12 @@ func initKnownHostsAuthMethods(trustAllHosts bool, throttleCh chan struct{}, knownHostsCallback, err := NewKnownHostsCallback(knownHostsPath, trustAllHosts, throttleCh) if err != nil { - dlog.Common.FatalPanic(knownHostsPath, err) + dlog.Client.FatalPanic(knownHostsPath, err) } - dlog.Common.Debug("initKnownHostsAuthMethods", "Added known hosts file path", knownHostsPath) - if config.Common.ExperimentalFeaturesEnable { + dlog.Client.Debug("initKnownHostsAuthMethods", "Added known hosts file path", knownHostsPath) + if config.Client.ExperimentalFeaturesEnable { sshAuthMethods = append(sshAuthMethods, gossh.Password("experimental feature test")) - dlog.Common.Debug("initKnownHostsAuthMethods", "Added experimental method to list of auth methods") + dlog.Client.Debug("initKnownHostsAuthMethods", "Added experimental method to list of auth methods") } // First try to read custom private key path. @@ -46,23 +46,23 @@ func initKnownHostsAuthMethods(trustAllHosts bool, throttleCh chan struct{}, authMethod, err := ssh.PrivateKey(privateKeyPath) if err == nil { sshAuthMethods = append(sshAuthMethods, authMethod) - dlog.Common.Debug("initKnownHostsAuthMethods", + dlog.Client.Debug("initKnownHostsAuthMethods", "Added path to list of auth methods, not adding further methods", privateKeyPath) return sshAuthMethods, knownHostsCallback } - dlog.Common.FatalPanic("Unable to use private SSH key", privateKeyPath, err) + dlog.Client.FatalPanic("Unable to use private SSH key", privateKeyPath, err) } // Second, try SSH Agent authMethod, err := ssh.Agent() if err == nil { sshAuthMethods = append(sshAuthMethods, authMethod) - dlog.Common.Debug("initKnownHostsAuthMethods", "Added SSH Agent (SSH_AUTH_SOCK)"+ + dlog.Client.Debug("initKnownHostsAuthMethods", "Added SSH Agent (SSH_AUTH_SOCK)"+ "to list of auth methods, not adding further methods") return sshAuthMethods, knownHostsCallback } - dlog.Common.Debug("initKnownHostsAuthMethods", + dlog.Client.Debug("initKnownHostsAuthMethods", "Unable to init SSH Agent auth method", err) // Third, try Linux/UNIX default key paths @@ -70,27 +70,37 @@ func initKnownHostsAuthMethods(trustAllHosts bool, throttleCh chan struct{}, authMethod, err = ssh.PrivateKey(privateKeyPath) if err == nil { sshAuthMethods = append(sshAuthMethods, authMethod) - dlog.Common.Debug("initKnownHostsAuthmethods", + dlog.Client.Debug("initKnownHostsAuthmethods", "Added path to list of auth methods, not adding further methods", privateKeyPath) return sshAuthMethods, knownHostsCallback } - dlog.Common.Debug("initKnownHostsAuthMethods", "Unable to use private key", + dlog.Client.Debug("initKnownHostsAuthMethods", "Unable to use private key", privateKeyPath, err) privateKeyPath = os.Getenv("HOME") + "/.ssh/id_dsa" authMethod, err = ssh.PrivateKey(privateKeyPath) if err == nil { sshAuthMethods = append(sshAuthMethods, authMethod) - dlog.Common.Debug("initKnownHostsAuthmethods", + dlog.Client.Debug("initKnownHostsAuthmethods", "Added path to list of auth methods, not adding further methods", privateKeyPath) return sshAuthMethods, knownHostsCallback } - dlog.Common.Debug("initKnownHostsAuthMethods", "Unable to use private key", + + privateKeyPath = os.Getenv("HOME") + "/.ssh/id_ecdsa" + authMethod, err = ssh.PrivateKey(privateKeyPath) + if err == nil { + sshAuthMethods = append(sshAuthMethods, authMethod) + dlog.Client.Debug("initKnownHostsAuthmethods", + "Added path to list of auth methods, not adding further methods", privateKeyPath) + return sshAuthMethods, knownHostsCallback + } + + dlog.Client.Debug("initKnownHostsAuthMethods", "Unable to use private key", privateKeyPath, err) // This is only a panic when we expect to do something about it. if !config.Client.SSHDontAddHostsToKnownHostsFile { - dlog.Common.FatalPanic("Unable to find private SSH key information") + dlog.Client.FatalPanic("Unable to find private SSH key information") } // Never reach this point. -- cgit v1.2.3