-
Notifications
You must be signed in to change notification settings - Fork 0
/
ssh.go
136 lines (120 loc) · 2.85 KB
/
ssh.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
package rsa
import (
"crypto/rsa"
"crypto/x509"
"encoding/pem"
"errors"
"io/ioutil"
"os"
"golang.org/x/crypto/ssh"
)
const (
DEFAULT_SSH_PUBLICFILE = `id_rsa.pub` // 默认公钥名
DEFAULT_SSH_PRIVATEFILE = `id_rsa` // 默认私钥名
)
type SSHKey struct{}
func NewSSHKey() *SSHKey {
return &SSHKey{}
}
func defaultSSHFile(privateFile string, publicFile string) (string, string) {
if privateFile == "" {
privateFile = DEFAULT_SSH_PRIVATEFILE
}
if publicFile == "" {
publicFile = DEFAULT_SSH_PUBLICFILE
}
return privateFile, publicFile
}
func (s *SSHKey) Save(key *Key, privateFile string, publicFile string) error {
privateFile, publicFile = defaultSSHFile(privateFile, publicFile)
err := s.savePrivateKey(key.privateKey, privateFile)
if err != nil {
return err
}
err = s.savePublicKey(key.publicKey, publicFile)
if err != nil {
return err
}
return nil
}
func (s *SSHKey) savePrivateKey(privateKey *rsa.PrivateKey, filename string) error {
raw := x509.MarshalPKCS1PrivateKey(privateKey)
block := &pem.Block{
Type: "RSA PRIVATE KEY",
Bytes: raw,
}
file, err := os.Create(filename)
if err != nil {
return err
}
err = pem.Encode(file, block)
if err != nil {
return err
}
return nil
}
func (s *SSHKey) savePublicKey(publicKey *rsa.PublicKey, filename string) error {
raw, err := ssh.NewPublicKey(publicKey)
if err != nil {
return err
}
file, err := os.Create(filename)
if err != nil {
return err
}
pub := ssh.MarshalAuthorizedKey(raw)
_, err = file.Write(pub)
if err != nil {
return err
}
return nil
}
func (s *SSHKey) Load(key *Key, privateFile string, publicFile string) error {
privateFile, publicFile = defaultSSHFile(privateFile, publicFile)
err := s.loadPrivateKey(key, privateFile)
if err != nil {
return err
}
err = s.loadPublicKey(key, publicFile)
if err != nil {
return err
}
return nil
}
// 从文件读取私钥
func (s *SSHKey) loadPrivateKey(key *Key, filename string) error {
raw, err := ioutil.ReadFile(filename)
if err != nil {
return err
}
// openssh需要使用下面的函数才能解析,而pem的RSA PRIVAT EKEY可以使用x509.ParsePKCS1PrivateKey和ssh.ParseRawPrivateKey两种
_privateKey, err := ssh.ParseRawPrivateKey(raw)
if err != nil {
return err
}
privateKey, ok := _privateKey.(*rsa.PrivateKey)
if !ok {
return errors.New("privatekey invalid")
}
key.privateKey = privateKey
return nil
}
// 从文件读取公钥
func (s *SSHKey) loadPublicKey(key *Key, filename string) error {
raw, err := ioutil.ReadFile(filename)
if err != nil {
return err
}
parsed, _, _, _, err := ssh.ParseAuthorizedKey(raw)
if err != nil {
return err
}
parsedCryptoKey := parsed.(ssh.CryptoPublicKey)
pubCrypto := parsedCryptoKey.CryptoPublicKey()
publicKey, ok := pubCrypto.(*rsa.PublicKey)
if !ok {
return errors.New("publickey invalid")
}
key.publicKey = publicKey
return nil
}