From 724b6c82f591ec696f14dfb7d6e8e133eff1072f Mon Sep 17 00:00:00 2001
From: Paul Buetow <pbuetow@mimecast.com>
Date: Wed, 20 May 2020 14:10:56 +0100
Subject: can specify a private ssh key via command line, no password support
 yet though

---
 internal/ssh/client/authmethods.go | 62 +++++++++++++++++++++++++++-----------
 1 file changed, 44 insertions(+), 18 deletions(-)

(limited to 'internal/ssh')

diff --git a/internal/ssh/client/authmethods.go b/internal/ssh/client/authmethods.go
index a310159..2ff80b2 100644
--- a/internal/ssh/client/authmethods.go
+++ b/internal/ssh/client/authmethods.go
@@ -11,7 +11,7 @@ import (
 )
 
 // InitSSHAuthMethods initialises all known SSH auth methods on the client side.
-func InitSSHAuthMethods(sshAuthMethods []gossh.AuthMethod, hostKeyCallback gossh.HostKeyCallback, trustAllHosts bool, throttleCh chan struct{}) ([]gossh.AuthMethod, HostKeyCallback) {
+func InitSSHAuthMethods(sshAuthMethods []gossh.AuthMethod, hostKeyCallback gossh.HostKeyCallback, trustAllHosts bool, throttleCh chan struct{}, privateKeyPath string) ([]gossh.AuthMethod, HostKeyCallback) {
 	if len(sshAuthMethods) > 0 {
 		simpleCallback, err := NewSimpleCallback()
 		if err != nil {
@@ -20,39 +20,65 @@ func InitSSHAuthMethods(sshAuthMethods []gossh.AuthMethod, hostKeyCallback gossh
 		return sshAuthMethods, simpleCallback
 	}
 
-	return initKnownHostsAuthMethods(trustAllHosts, throttleCh)
+	return initKnownHostsAuthMethods(trustAllHosts, throttleCh, privateKeyPath)
 }
 
-func initKnownHostsAuthMethods(trustAllHosts bool, throttleCh chan struct{}) ([]gossh.AuthMethod, HostKeyCallback) {
+func initKnownHostsAuthMethods(trustAllHosts bool, throttleCh chan struct{}, privateKeyPath string) ([]gossh.AuthMethod, HostKeyCallback) {
 	var sshAuthMethods []gossh.AuthMethod
+
+	knownHostsPath := os.Getenv("HOME") + "/.ssh/known_hosts"
+	knownHostsCallback, err := NewKnownHostsCallback(knownHostsPath, trustAllHosts, throttleCh)
+	if err != nil {
+		logger.FatalExit(knownHostsPath, err)
+	}
+	logger.Debug("initKnownHostsAuthMethods", "Added known hosts file path", knownHostsPath)
+
 	if config.Common.ExperimentalFeaturesEnable {
 		sshAuthMethods = append(sshAuthMethods, gossh.Password("experimental feature test"))
-		logger.Debug("Added experimental method to list of auth methods")
+		logger.Debug("initKnownHostsAuthMethods", "Added experimental method to list of auth methods")
 	}
 
-	keyPath := os.Getenv("HOME") + "/.ssh/id_rsa"
-	if authMethod, err := ssh.PrivateKey(keyPath); err == nil {
-		sshAuthMethods = append(sshAuthMethods, authMethod)
-		logger.Debug("Added path to list of auth methods", keyPath)
+	// First try to read custom private key path.
+	if privateKeyPath != "" {
+		authMethod, err := ssh.PrivateKey(privateKeyPath)
+		if err == nil {
+			sshAuthMethods = append(sshAuthMethods, authMethod)
+			logger.Debug("initKnownHostsAuthMethods", "Added path to list of auth methods, not adding further methods", privateKeyPath)
+			return sshAuthMethods, knownHostsCallback
+		}
+		logger.FatalExit("Unable to use private SSH key", privateKeyPath, err)
 	}
 
-	keyPath = os.Getenv("HOME") + "/.ssh/id_dsa"
-	if authMethod, err := ssh.PrivateKey(keyPath); err == nil {
+	// Second, try SSH Agent
+	authMethod, err := ssh.Agent()
+	if err == nil {
 		sshAuthMethods = append(sshAuthMethods, authMethod)
-		logger.Debug("Added path to list of auth methods", keyPath)
+		logger.Debug("initKnownHostsAuthMethods", "Added SSH Agent (SSH_AUTH_SOCK) to list of auth methods, not adding further methods")
+		return sshAuthMethods, knownHostsCallback
 	}
+	logger.Debug("initKnownHostsAuthMethods", "Unable to init SSH Agent auth method", err)
 
-	if authMethod, err := ssh.Agent(); err == nil {
+	// Third, try Linux/UNIX default key paths
+	privateKeyPath = os.Getenv("HOME") + "/.ssh/id_rsa"
+	authMethod, err = ssh.PrivateKey(privateKeyPath)
+	if err == nil {
 		sshAuthMethods = append(sshAuthMethods, authMethod)
-		logger.Debug("Added SSH Agent to list of auth methods")
+		logger.Debug("initKnownHostsAuthmethods", "Added path to list of auth methods, not adding further methods", privateKeyPath)
+		return sshAuthMethods, knownHostsCallback
 	}
+	logger.Debug("initKnownHostsAuthMethods", "Unable to use private key", privateKeyPath, err)
 
-	knownHostsPath := os.Getenv("HOME") + "/.ssh/known_hosts"
-	knownHostsCallback, err := NewKnownHostsCallback(knownHostsPath, trustAllHosts, throttleCh)
-	if err != nil {
-		logger.FatalExit(knownHostsPath, err)
+	privateKeyPath = os.Getenv("HOME") + "/.ssh/id_dsa"
+	authMethod, err = ssh.PrivateKey(privateKeyPath)
+	if err == nil {
+		sshAuthMethods = append(sshAuthMethods, authMethod)
+		logger.Debug("initKnownHostsAuthmethods", "Added path to list of auth methods, not adding further methods", privateKeyPath)
+		return sshAuthMethods, knownHostsCallback
 	}
-	logger.Debug("Added known hosts file path", knownHostsPath)
+	logger.Debug("initKnownHostsAuthMethods", "Unable to use private key", privateKeyPath, err)
+
+	logger.FatalExit("Unable to find private SSH key information")
 
+	// Never reach this point.
 	return sshAuthMethods, knownHostsCallback
 }
-- 
cgit v1.2.3