1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
|
package client
import (
"fmt"
"os"
"github.com/mimecast/dtail/internal/config"
"github.com/mimecast/dtail/internal/io/dlog"
"github.com/mimecast/dtail/internal/ssh"
gossh "golang.org/x/crypto/ssh"
)
var (
privateKeyAuthMethod = ssh.PrivateKey
agentAuthMethod = ssh.AgentWithKeyIndex
)
// InitSSHAuthMethods initialises all known SSH auth methods on the client side.
func InitSSHAuthMethods(sshAuthMethods []gossh.AuthMethod,
hostKeyCallback gossh.HostKeyCallback, trustAllHosts bool, throttleCh chan struct{},
privateKeyPath string, agentKeyIndex int) ([]gossh.AuthMethod, HostKeyCallback) {
if len(sshAuthMethods) > 0 {
simpleCallback, err := NewSimpleCallback()
if err != nil {
dlog.Client.FatalPanic(err)
}
return sshAuthMethods, simpleCallback
}
return initKnownHostsAuthMethods(trustAllHosts, throttleCh, privateKeyPath, agentKeyIndex)
}
func initIntegrationTestKnownHostsAuthMethods() []gossh.AuthMethod {
var sshAuthMethods []gossh.AuthMethod
privateKeyPath := "./id_rsa"
GeneratePrivatePublicKeyPairIfNotExists(privateKeyPath, 4096)
authMethod, err := ssh.PrivateKey(privateKeyPath)
if err != nil {
dlog.Client.FatalPanic("Unable to use private SSH key", privateKeyPath, err)
}
sshAuthMethods = append(sshAuthMethods, authMethod)
dlog.Client.Debug("initKnownHostsAuthMethods", "Added private key auth method", privateKeyPath)
return sshAuthMethods
}
func initKnownHostsAuthMethods(trustAllHosts bool, throttleCh chan struct{},
privateKeyPath string, agentKeyIndex int) ([]gossh.AuthMethod, HostKeyCallback) {
knownHostsFile := fmt.Sprintf("%s/.ssh/known_hosts", os.Getenv("HOME"))
if config.Env("DTAIL_INTEGRATION_TEST_RUN_MODE") {
// In case of integration test, override known hosts file path.
knownHostsFile = "./known_hosts"
}
knownHostsCallback, err := NewKnownHostsCallback(knownHostsFile, trustAllHosts, throttleCh)
if err != nil {
dlog.Client.FatalPanic(knownHostsFile, err)
}
dlog.Client.Debug("initKnownHostsAuthMethods", "Added known hosts file path", knownHostsFile)
if config.Env("DTAIL_INTEGRATION_TEST_RUN_MODE") {
return initIntegrationTestKnownHostsAuthMethods(), knownHostsCallback
}
sshAuthMethods := collectKnownHostsAuthMethods(privateKeyPath, agentKeyIndex)
if len(sshAuthMethods) == 0 {
dlog.Client.FatalPanic("Unable to find private SSH key information")
}
return sshAuthMethods, knownHostsCallback
}
func collectKnownHostsAuthMethods(privateKeyPath string, agentKeyIndex int) []gossh.AuthMethod {
var sshAuthMethods []gossh.AuthMethod
home := os.Getenv("HOME")
defaultPrivateKeyPaths := []string{
home + "/.ssh/id_rsa",
home + "/.ssh/id_dsa",
home + "/.ssh/id_ecdsa",
home + "/.ssh/id_ed25519",
}
if privateKeyPath == "" {
privateKeyPath = defaultPrivateKeyPaths[0]
}
addedPrivateKeyPaths := make(map[string]bool, len(defaultPrivateKeyPaths)+1)
addPrivateKeyAuthMethod := func(path string) {
if path == "" {
return
}
if addedPrivateKeyPaths[path] {
return
}
authMethod, err := privateKeyAuthMethod(path)
if err != nil {
dlog.Client.Debug("initKnownHostsAuthMethods", "Unable to use private key", path, err)
return
}
sshAuthMethods = append(sshAuthMethods, authMethod)
addedPrivateKeyPaths[path] = true
dlog.Client.Debug("initKnownHostsAuthMethods", "Added private key auth method", path)
}
// First, the explicit auth key path (or default ~/.ssh/id_rsa).
addPrivateKeyAuthMethod(privateKeyPath)
// Second, SSH agent (YubiKey-backed keys are typically exposed here).
authMethod, err := agentAuthMethod(agentKeyIndex)
if err == nil {
sshAuthMethods = append(sshAuthMethods, authMethod)
dlog.Client.Debug("initKnownHostsAuthMethods", "Added SSH agent auth method")
} else {
dlog.Client.Debug("initKnownHostsAuthMethods", "Unable to init SSH Agent auth method", err)
}
// Third, additional default private key paths.
for _, path := range defaultPrivateKeyPaths {
addPrivateKeyAuthMethod(path)
}
return sshAuthMethods
}
|
