lint

main.go

@@ -71,7 +71,7 @@ func main() {
 
 		// retry with password
 	} else if err == util.ErrKeyPassphraseRequired {
-		var pvtPW = []byte{}
+		var pvtPW []byte
 		pvtPWstr := os.Getenv("SSHAGENTCA_PVT_KEY")
 		if pvtPWstr != "" {
 			pvtPW = []byte(pvtPWstr)
@@ -87,12 +87,11 @@ func main() {
 		if err != nil {
 			hardexit(fmt.Sprintf("Private key could not be loaded, %s", err))
 		}
-		pvtPW = nil
 	}
 
 	// load certificate authority private key
 	var caKey ssh.Signer
-	var caPW = []byte{}
+	var caPW []byte
 	caPWstr := os.Getenv("SSHAGENTCA_CA_KEY")
 	if caPWstr != "" {
 		caPW = []byte(caPWstr)
@@ -108,7 +107,6 @@ func main() {
 	if err != nil {
 		hardexit(fmt.Sprintf("CA Private key could not be loaded, %s", err))
 	}
-	caPW = nil
 
 	// load settings yaml file
 	settings, err := util.SettingsLoad(options.Args.Settings)

server.go

@@ -60,7 +60,7 @@ func Serve(options Options, privateKey ssh.Signer, caKey ssh.Signer, settings ut
 		}
 
 		// provide handshake
-		sshConn, chans, reqs, err := ssh.NewServerConn(tcpConn, sshConfig)
+		sshConn, chans, _, err := ssh.NewServerConn(tcpConn, sshConfig)
 		if err != nil {
 			log.Printf("failed to handshake (%s)", err)
 			continue
@@ -104,7 +104,7 @@ func chanCloser(c ssh.Channel, isError bool) {
 	var status = struct {
 		Status uint32
 	}{uint32(0)}
-	if isError == true {
+	if isError {
 		status.Status = 1
 	}
 	// https://godoc.org/golang.org/x/crypto/ssh#Channel
@@ -124,22 +124,25 @@ func handleChannels(chans <-chan ssh.NewChannel, user *util.UserPrincipals,
 
 	for thisChan := range chans {
 		if thisChan.ChannelType() != "session" {
-			thisChan.Reject(ssh.Prohibited, "channel type is not a session")
+			_ = thisChan.Reject(ssh.Prohibited, "channel type is not a session")
 			return
 		}
 
 		// accept channel
 		ch, reqs, err := thisChan.Accept()
-		defer ch.Close()
 		if err != nil {
 			log.Println("did not accept channel request", err)
 			return
 		}
+		defer ch.Close()
 
 		// only respond to "exec" type requests
 		req := <-reqs
 		if req.Type != "auth-agent-req@openssh.com" {
-			ch.Write([]byte("request type not supported\n"))
+			_, err = ch.Write([]byte("request type not supported\n"))
+			if err != nil {
+				log.Printf("channel write error for invalid request type %v", err)
+			}
 			return
 		}
 
@@ -166,6 +169,5 @@ func handleChannels(chans <-chan ssh.NewChannel, user *util.UserPrincipals,
 		time.Sleep(500 * time.Millisecond)
 		log.Println("closing the connection")
 		sshConn.Close()
-		return
 	}
 }

util/keyload_test.go

@@ -2,7 +2,6 @@ package util
 
 import (
 	"fmt"
-	"io/ioutil"
 	"os"
 	"os/exec"
 	"runtime"
@@ -21,7 +20,7 @@ var password = []byte("akdjfN57$")
 // test ssh rsa private key with no password
 func TestLoadRSAKeysNoPassword(t *testing.T) {
 
-	tmpfile, err := ioutil.TempFile("", "rsa")
+	tmpfile, err := os.CreateTemp("", "rsa")
 	if err != nil {
 		t.Error(err)
 	}
@@ -64,7 +63,7 @@ func TestLoadRSAKeysNoPassword(t *testing.T) {
 // test ssh rsa private key with password and public key reading
 func TestLoadRSAKeys(t *testing.T) {
 
-	tmpfile, err := ioutil.TempFile("", "rsa")
+	tmpfile, err := os.CreateTemp("", "rsa")
 	if err != nil {
 		t.Error(err)
 	}
@@ -100,7 +99,7 @@ func TestLoadRSAKeys(t *testing.T) {
 	}
 
 	// read the privatekey to check via bytes method
-	fkey, err := ioutil.ReadFile(tname)
+	fkey, err := os.ReadFile(tname)
 	if err != nil {
 		t.Errorf("could not read rsa private key for parsing: %s", err)
 	}
@@ -124,7 +123,7 @@ func TestLoadRSAKeys(t *testing.T) {
 // test ssh ecdsa private key with password and public key reading
 func TestLoadECDSAKeys(t *testing.T) {
 
-	tmpfile, err := ioutil.TempFile("", "ecdsa")
+	tmpfile, err := os.CreateTemp("", "ecdsa")
 	if err != nil {
 		t.Error(err)
 	}
@@ -168,7 +167,7 @@ func TestLoadECDSAKeys(t *testing.T) {
 // test ssh ed25519 private key with no password
 func TestLoadED25519KeysNoPassword(t *testing.T) {
 
-	tmpfile, err := ioutil.TempFile("", "ed25519")
+	tmpfile, err := os.CreateTemp("", "ed25519")
 	if err != nil {
 		t.Error(err)
 	}
@@ -210,7 +209,7 @@ func TestLoadED25519KeysNoPassword(t *testing.T) {
 // test ssh ed25519 private key with password and public key reading
 func TestLoadED25519Keys(t *testing.T) {
 
-	tmpfile, err := ioutil.TempFile("", "ed25519")
+	tmpfile, err := os.CreateTemp("", "ed25519")
 	if err != nil {
 		t.Error(err)
 	}
@@ -245,7 +244,7 @@ func TestLoadED25519Keys(t *testing.T) {
 	}
 
 	// read the privatekey to check via bytes method
-	fkey, err := ioutil.ReadFile(tname)
+	fkey, err := os.ReadFile(tname)
 	if err != nil {
 		t.Errorf("could not read ed25519 private key for parsing: %s", err)
 	}
@@ -268,12 +267,12 @@ func TestLoadED25519Keys(t *testing.T) {
 
 func writeToFile(content string) (*os.File, error) {
 
-	tmpfile, err := ioutil.TempFile("", "authorized_keys")
+	tmpfile, err := os.CreateTemp("", "authorized_keys")
 	if err != nil {
 		return nil, err
 	}
-	tmpfile.WriteString(content)
-	return tmpfile, nil
+	_, err = tmpfile.WriteString(content)
+	return tmpfile, err
 }
 
 // test empty authorized key file
@@ -299,6 +298,9 @@ func TestAuthorizedKeysOne(t *testing.T) {
 		t.Error(err)
 	}
 	authorizedKeys, err := LoadAuthorizedKeys(af.Name())
+	if err != nil {
+		t.Error(err)
+	}
 	if len(authorizedKeys) != 1 {
 		t.Error("number of authorized keys should be one")
 	}
@@ -314,6 +316,9 @@ ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBIfis9M2
 		t.Error(err)
 	}
 	authorizedKeys, err := LoadAuthorizedKeys(af.Name())
+	if err != nil {
+		t.Error(err)
+	}
 	if len(authorizedKeys) != 2 {
 		t.Error("number of authorized keys should be two")
 	}

util/settings.go

@@ -110,7 +110,7 @@ func SettingsLoad(yamlFilePath string) (Settings, error) {
 
 // UserByFingerprint extracts a user's UserPrincipals struct by public key fingerprint
 func (s *Settings) UserByFingerprint(fp string) (*UserPrincipals, error) {
-	var up = &UserPrincipals{}
+	// up is a &UserPrincipals
 	up, ok := s.usersByFingerprint[fp]
 	if !ok {
 		return up, fmt.Errorf("user for public key %s not found", fp)