|
|
|
|
@ -30,6 +30,7 @@ import ( |
|
|
|
|
|
|
|
|
|
"github.com/ethereum/go-ethereum/log" |
|
|
|
|
"golang.org/x/crypto/ssh" |
|
|
|
|
"golang.org/x/crypto/ssh/agent" |
|
|
|
|
"golang.org/x/crypto/ssh/terminal" |
|
|
|
|
) |
|
|
|
|
|
|
|
|
|
@ -43,6 +44,8 @@ type sshClient struct { |
|
|
|
|
logger log.Logger |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
const EnvSSHAuthSock = "SSH_AUTH_SOCK" |
|
|
|
|
|
|
|
|
|
// dial establishes an SSH connection to a remote node using the current user and
|
|
|
|
|
// the user's configured private RSA key. If that fails, password authentication
|
|
|
|
|
// is fallen back to. server can be a string like user:identity@server:port.
|
|
|
|
|
@ -79,38 +82,49 @@ func dial(server string, pubkey []byte) (*sshClient, error) { |
|
|
|
|
if username == "" { |
|
|
|
|
username = user.Username |
|
|
|
|
} |
|
|
|
|
// Configure the supported authentication methods (private key and password)
|
|
|
|
|
var auths []ssh.AuthMethod |
|
|
|
|
|
|
|
|
|
path := filepath.Join(user.HomeDir, ".ssh", identity) |
|
|
|
|
if buf, err := ioutil.ReadFile(path); err != nil { |
|
|
|
|
log.Warn("No SSH key, falling back to passwords", "path", path, "err", err) |
|
|
|
|
// Configure the supported authentication methods (ssh agent, private key and password)
|
|
|
|
|
var ( |
|
|
|
|
auths []ssh.AuthMethod |
|
|
|
|
conn net.Conn |
|
|
|
|
) |
|
|
|
|
if conn, err = net.Dial("unix", os.Getenv(EnvSSHAuthSock)); err != nil { |
|
|
|
|
log.Warn("Unable to dial SSH agent, falling back to private keys", "err", err) |
|
|
|
|
} else { |
|
|
|
|
key, err := ssh.ParsePrivateKey(buf) |
|
|
|
|
if err != nil { |
|
|
|
|
fmt.Printf("What's the decryption password for %s? (won't be echoed)\n>", path) |
|
|
|
|
blob, err := terminal.ReadPassword(int(os.Stdin.Fd())) |
|
|
|
|
fmt.Println() |
|
|
|
|
if err != nil { |
|
|
|
|
log.Warn("Couldn't read password", "err", err) |
|
|
|
|
} |
|
|
|
|
key, err := ssh.ParsePrivateKeyWithPassphrase(buf, blob) |
|
|
|
|
client := agent.NewClient(conn) |
|
|
|
|
auths = append(auths, ssh.PublicKeysCallback(client.Signers)) |
|
|
|
|
} |
|
|
|
|
if err != nil { |
|
|
|
|
path := filepath.Join(user.HomeDir, ".ssh", identity) |
|
|
|
|
if buf, err := ioutil.ReadFile(path); err != nil { |
|
|
|
|
log.Warn("No SSH key, falling back to passwords", "path", path, "err", err) |
|
|
|
|
} else { |
|
|
|
|
key, err := ssh.ParsePrivateKey(buf) |
|
|
|
|
if err != nil { |
|
|
|
|
log.Warn("Failed to decrypt SSH key, falling back to passwords", "path", path, "err", err) |
|
|
|
|
fmt.Printf("What's the decryption password for %s? (won't be echoed)\n>", path) |
|
|
|
|
blob, err := terminal.ReadPassword(int(os.Stdin.Fd())) |
|
|
|
|
fmt.Println() |
|
|
|
|
if err != nil { |
|
|
|
|
log.Warn("Couldn't read password", "err", err) |
|
|
|
|
} |
|
|
|
|
key, err := ssh.ParsePrivateKeyWithPassphrase(buf, blob) |
|
|
|
|
if err != nil { |
|
|
|
|
log.Warn("Failed to decrypt SSH key, falling back to passwords", "path", path, "err", err) |
|
|
|
|
} else { |
|
|
|
|
auths = append(auths, ssh.PublicKeys(key)) |
|
|
|
|
} |
|
|
|
|
} else { |
|
|
|
|
auths = append(auths, ssh.PublicKeys(key)) |
|
|
|
|
} |
|
|
|
|
} else { |
|
|
|
|
auths = append(auths, ssh.PublicKeys(key)) |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
auths = append(auths, ssh.PasswordCallback(func() (string, error) { |
|
|
|
|
fmt.Printf("What's the login password for %s at %s? (won't be echoed)\n> ", username, server) |
|
|
|
|
blob, err := terminal.ReadPassword(int(os.Stdin.Fd())) |
|
|
|
|
auths = append(auths, ssh.PasswordCallback(func() (string, error) { |
|
|
|
|
fmt.Printf("What's the login password for %s at %s? (won't be echoed)\n> ", username, server) |
|
|
|
|
blob, err := terminal.ReadPassword(int(os.Stdin.Fd())) |
|
|
|
|
|
|
|
|
|
fmt.Println() |
|
|
|
|
return string(blob), err |
|
|
|
|
})) |
|
|
|
|
fmt.Println() |
|
|
|
|
return string(blob), err |
|
|
|
|
})) |
|
|
|
|
} |
|
|
|
|
// Resolve the IP address of the remote server
|
|
|
|
|
addr, err := net.LookupHost(hostname) |
|
|
|
|
if err != nil { |
|
|
|
|
|
lightclient
4 years ago
committed by
GitHub