-
-
Notifications
You must be signed in to change notification settings - Fork 10
/
connect.go
120 lines (96 loc) · 3.15 KB
/
connect.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
package actions
import (
"crypto/x509"
"drawbridge/pkg/config"
"drawbridge/pkg/errors"
"drawbridge/pkg/utils"
"encoding/pem"
"fmt"
"golang.org/x/crypto/ssh"
"golang.org/x/crypto/ssh/agent"
"io/ioutil"
"net"
"os"
"os/exec"
"path/filepath"
"syscall"
)
type ConnectAction struct {
Config config.Interface
}
func (e *ConnectAction) Start(answerData map[string]interface{}) error {
//"-c", "command1; command2; command3; ..."
tmplData, err := e.Config.GetActiveConfigTemplate()
if err != nil {
return nil
}
tmplConfigFilepath, err := utils.PopulateTemplate(tmplData.FilePath, answerData)
if err != nil {
return nil
}
tmplConfigFilepath, err = utils.ExpandPath(filepath.Join(e.Config.GetString("options.config_dir"), tmplConfigFilepath))
if err != nil {
return nil
}
tmplPemFilepath, err := utils.PopulateTemplate(tmplData.PemFilePath, answerData)
if err != nil {
return nil
}
tmplPemFilepath, err = utils.ExpandPath(filepath.Join(e.Config.GetString("options.pem_dir"), tmplPemFilepath))
if err != nil {
return nil
}
//TODO: Print the lines we're running.
//TODO: Check that the bastion host is accessible.
e.SshAgentAddPemKey(tmplPemFilepath)
//https://gobyexample.com/execing-processes
//https://groob.io/posts/golang-execve/
sshBin, lookErr := exec.LookPath("ssh")
if lookErr != nil {
return errors.DependencyMissingError("ssh is missing")
}
args := []string{"ssh", "bastion", "-F", tmplConfigFilepath}
return syscall.Exec(sshBin, args, os.Environ())
}
func (e *ConnectAction) SshAgentAddPemKey(pemFilepath string) error {
//first lets ensure that the pemFilepath exists
if !utils.FileExists(pemFilepath) {
return errors.PemKeyMissingError(fmt.Sprintf("No pem file exists at %v", pemFilepath))
}
//ensure that the ssh-agent is available on this machine.
_, err := exec.LookPath("ssh-agent")
if err != nil {
return errors.DependencyMissingError("ssh-agent is missing")
}
//read the pem file data
keyData, err := ioutil.ReadFile(pemFilepath)
if err != nil {
return err
}
//TODO: check if this pemfile is already added to the ssh-agent
//decode the ssh pem key (and handle encypted/passphrase protected keys)
//https://stackoverflow.com/questions/42105432/how-to-use-an-encrypted-private-key-with-golang-ssh
block, _ := pem.Decode(keyData)
//https://github.com/golang/crypto/blob/master/ssh/keys.go
var privateKeyData interface{}
if x509.IsEncryptedPEMBlock(block) {
//inform the user that the key is encrypted.
passphrase := utils.StdinQuery(fmt.Sprintf("The key at %v is encrypted and requires a passphrase. Please enter it below:", pemFilepath))
privateKeyData, err = ssh.ParseRawPrivateKeyWithPassphrase(block.Bytes, []byte(passphrase))
} else {
privateKeyData, err = ssh.ParseRawPrivateKey(block.Bytes)
}
// register the privatekey with ssh-agent
socket := os.Getenv("SSH_AUTH_SOCK")
conn, err := net.Dial("unix", socket)
if err != nil {
return err
}
agentClient := agent.NewClient(conn)
err = agentClient.Add(agent.AddedKey{
PrivateKey: privateKeyData,
Comment: fmt.Sprintf("drawbridge - %v", pemFilepath),
//LifetimeSecs: TODO: for safety we should limit this key's use for 1h
})
return err
}