Handle auth by key

2025-02-28 17:36:18 +08:00 · 2017-11-01 23:42:17 +01:00 · 2017-11-01 23:42:17 +01:00 · 35e62e562b
commit 35e62e562b
parent 729060f397
3 changed files with 9 additions and 5 deletions
--- a/crypto.go
+++ b/crypto.go
@ -29,7 +29,7 @@ func NewSSHKey(keyType string, length uint) (*SSHKey, error) {

 	// convert priv key to x509 format
 	var pemKey = &pem.Block{
-		Type:  "PRIVATE KEY",
+		Type:  "RSA PRIVATE KEY",
 		Bytes: x509.MarshalPKCS1PrivateKey(privateKey),
 	}
 	buf := bytes.NewBufferString("")
--- a/db.go
+++ b/db.go
@ -95,7 +95,7 @@ func dbDemo(db *gorm.DB) error {

 func RemoteHostFromSession(s ssh.Session, db *gorm.DB) (*Host, error) {
 	var host Host
-	db.Where("name = ?", s.User()).Find(&host)
+	db.Preload("SSHKey").Where("name = ?", s.User()).Find(&host)
 	if host.Name == "" {
 		// FIXME: add available hosts
 		return nil, fmt.Errorf("No such target: %q", s.User())
--- a/proxy.go
+++ b/proxy.go
@ -82,12 +82,16 @@ func (host *Host) ClientConfig(_ ssh.Session) (*gossh.ClientConfig, error) {
 		HostKeyCallback: gossh.InsecureIgnoreHostKey(),
 		Auth:            []gossh.AuthMethod{},
 	}
+	if host.SSHKey != nil {
+		signer, err := gossh.ParsePrivateKey([]byte(host.SSHKey.PrivKey))
+		if err != nil {
+			return nil, err
+		}
+		config.Auth = append(config.Auth, gossh.PublicKeys(signer))
+	}
 	if host.Password != "" {
 		config.Auth = append(config.Auth, gossh.Password(host.Password))
 	}
-	if host.SSHKey != nil {
-		return nil, fmt.Errorf("auth by priv key is not yet implemented")
-	}
 	if len(config.Auth) == 0 {
 		return nil, fmt.Errorf("no valid authentication method for host %q", host.Name)
 	}