fix: ssh added support for server key verification and priv key auth

shoriwe · Jun 11, 2023 · 2b27847 · 2b27847
1 parent 69d8b4a
commit 2b27847
Showing 1 changed file with 36 additions and 8 deletions.
diff --git a/compose/auth.go b/compose/auth.go
@@ -2,6 +2,7 @@ package compose
 
 import (
 	"fmt"
+	"io/ioutil"
 
 	"golang.org/x/crypto/ssh"
 	"golang.org/x/net/proxy"
@@ -11,6 +12,23 @@ type Auth struct {
 	Username   *string `yaml:"username,omitempty" json:"username,omitempty"`
 	Password   *string `yaml:"password,omitempty" json:"password,omitempty"`
 	PrivateKey *string `yaml:"privateKey,omitempty" json:"privateKey,omitempty"`
+	ServerKey  *string `yaml:"serverKey,omitempty" json:"serverKey,omitempty"`
+}
+
+func (a *Auth) getHostKeyCallback() (ssh.HostKeyCallback, error) {
+	if a.ServerKey == nil {
+		return ssh.InsecureIgnoreHostKey(), nil
+	}
+	// TODO: Test this code
+	serverKey, err := ioutil.ReadFile(*a.ServerKey)
+	if err != nil {
+		return nil, fmt.Errorf("failed to read server key file: %v", err)
+	}
+	hostKey, _, _, _, err := ssh.ParseAuthorizedKey(serverKey)
+	if err != nil {
+		return nil, fmt.Errorf("failed to parse server key: %v", err)
+	}
+	return ssh.FixedHostKey(hostKey), nil
 }
 
 func (a *Auth) SSHClientConfig() (config *ssh.ClientConfig, err error) {
@@ -19,14 +37,24 @@ func (a *Auth) SSHClientConfig() (config *ssh.ClientConfig, err error) {
 	}
 	if err == nil {
 		config = new(ssh.ClientConfig)
-		config.HostKeyCallback = ssh.InsecureIgnoreHostKey() // TODO: FIXME: This should be configured by user
-		config.User = *a.Username
-		if a.Password != nil {
-			config.Auth = append(config.Auth, ssh.Password(*a.Password))
-		}
-		if a.PrivateKey != nil {
-			// TODO: FIXME: This code doesn't work
-			config.Auth = append(config.Auth, ssh.PublicKeys())
+		config.HostKeyCallback, err = a.getHostKeyCallback()
+		if err == nil {
+			config.User = *a.Username
+			if a.Password != nil {
+				config.Auth = append(config.Auth, ssh.Password(*a.Password))
+			}
+			// TODO: Test this code
+			if a.PrivateKey != nil {
+				key, err := ioutil.ReadFile(*a.PrivateKey)
+				if err != nil {
+					return nil, fmt.Errorf("failed to read private key file: %v", err)
+				}
+				signer, err := ssh.ParsePrivateKey(key)
+				if err != nil {
+					return nil, fmt.Errorf("failed to parse private key: %v", err)
+				}
+				config.Auth = append(config.Auth, ssh.PublicKeys(signer))
+			}
 		}
 	}
 	return config, err