1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
|
package client
import (
"os"
"github.com/mimecast/dtail/internal/config"
"github.com/mimecast/dtail/internal/io/dlog"
"github.com/mimecast/dtail/internal/ssh"
gossh "golang.org/x/crypto/ssh"
)
// InitSSHAuthMethods initialises all known SSH auth methods on the client side.
func InitSSHAuthMethods(sshAuthMethods []gossh.AuthMethod,
hostKeyCallback gossh.HostKeyCallback, trustAllHosts bool, throttleCh chan struct{},
privateKeyPath string) ([]gossh.AuthMethod, HostKeyCallback) {
if len(sshAuthMethods) > 0 {
simpleCallback, err := NewSimpleCallback()
if err != nil {
dlog.Client.FatalPanic(err)
}
return sshAuthMethods, simpleCallback
}
return initKnownHostsAuthMethods(trustAllHosts, throttleCh, privateKeyPath)
}
func initKnownHostsAuthMethods(trustAllHosts bool, throttleCh chan struct{},
privateKeyPath string) ([]gossh.AuthMethod, HostKeyCallback) {
var sshAuthMethods []gossh.AuthMethod
knownHostsPath := os.Getenv("HOME") + "/.ssh/known_hosts"
knownHostsCallback, err := NewKnownHostsCallback(knownHostsPath, trustAllHosts,
throttleCh)
if err != nil {
dlog.Client.FatalPanic(knownHostsPath, err)
}
dlog.Client.Debug("initKnownHostsAuthMethods", "Added known hosts file path", knownHostsPath)
if config.Client.ExperimentalFeaturesEnable {
sshAuthMethods = append(sshAuthMethods, gossh.Password("experimental feature test"))
dlog.Client.Debug("initKnownHostsAuthMethods", "Added experimental method to list of auth methods")
}
// First try to read custom private key path.
if privateKeyPath != "" {
authMethod, err := ssh.PrivateKey(privateKeyPath)
if err == nil {
sshAuthMethods = append(sshAuthMethods, authMethod)
dlog.Client.Debug("initKnownHostsAuthMethods",
"Added path to list of auth methods, not adding further methods",
privateKeyPath)
return sshAuthMethods, knownHostsCallback
}
dlog.Client.FatalPanic("Unable to use private SSH key", privateKeyPath, err)
}
// Second, try SSH Agent
authMethod, err := ssh.Agent()
if err == nil {
sshAuthMethods = append(sshAuthMethods, authMethod)
dlog.Client.Debug("initKnownHostsAuthMethods", "Added SSH Agent (SSH_AUTH_SOCK)"+
"to list of auth methods, not adding further methods")
return sshAuthMethods, knownHostsCallback
}
dlog.Client.Debug("initKnownHostsAuthMethods",
"Unable to init SSH Agent auth method", err)
// Third, try Linux/UNIX default key paths
privateKeyPath = os.Getenv("HOME") + "/.ssh/id_rsa"
authMethod, err = ssh.PrivateKey(privateKeyPath)
if err == nil {
sshAuthMethods = append(sshAuthMethods, authMethod)
dlog.Client.Debug("initKnownHostsAuthmethods",
"Added path to list of auth methods, not adding further methods", privateKeyPath)
return sshAuthMethods, knownHostsCallback
}
dlog.Client.Debug("initKnownHostsAuthMethods", "Unable to use private key",
privateKeyPath, err)
privateKeyPath = os.Getenv("HOME") + "/.ssh/id_dsa"
authMethod, err = ssh.PrivateKey(privateKeyPath)
if err == nil {
sshAuthMethods = append(sshAuthMethods, authMethod)
dlog.Client.Debug("initKnownHostsAuthmethods",
"Added path to list of auth methods, not adding further methods", privateKeyPath)
return sshAuthMethods, knownHostsCallback
}
privateKeyPath = os.Getenv("HOME") + "/.ssh/id_ecdsa"
authMethod, err = ssh.PrivateKey(privateKeyPath)
if err == nil {
sshAuthMethods = append(sshAuthMethods, authMethod)
dlog.Client.Debug("initKnownHostsAuthmethods",
"Added path to list of auth methods, not adding further methods", privateKeyPath)
return sshAuthMethods, knownHostsCallback
}
dlog.Client.Debug("initKnownHostsAuthMethods", "Unable to use private key",
privateKeyPath, err)
// This is only a panic when we expect to do something about it.
if !config.Client.SSHDontAddHostsToKnownHostsFile {
dlog.Client.FatalPanic("Unable to find private SSH key information")
}
// Never reach this point.
return sshAuthMethods, knownHostsCallback
}
|
