/
options.go
118 lines (108 loc) · 3.45 KB
/
options.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
package ssh
import (
"fmt"
"os"
"github.com/tychoish/fun/erc"
"github.com/tychoish/jasper/options"
"golang.org/x/crypto/ssh"
)
func resolveClientConfig(opts *options.RemoteConfig) (*ssh.ClientConfig, error) {
var auth []ssh.AuthMethod
if opts.Key != "" || opts.KeyFile != "" {
pubkey, err := resolveAuth(opts)
if err != nil {
return nil, fmt.Errorf("could not get public key: %w", err)
}
auth = append(auth, pubkey)
}
if opts.Password != "" {
auth = append(auth, ssh.Password(opts.Password))
}
return &ssh.ClientConfig{
Timeout: opts.Timeout,
User: opts.User,
Auth: auth,
HostKeyCallback: ssh.InsecureIgnoreHostKey(),
}, nil
}
func resolveAuth(opts *options.RemoteConfig) (ssh.AuthMethod, error) {
var key []byte
if opts.KeyFile != "" {
var err error
key, err = os.ReadFile(opts.KeyFile)
if err != nil {
return nil, fmt.Errorf("could not read key file: %w", err)
}
} else {
key = []byte(opts.Key)
}
var signer ssh.Signer
var err error
if opts.KeyPassphrase != "" {
signer, err = ssh.ParsePrivateKeyWithPassphrase(key, []byte(opts.KeyPassphrase))
} else {
signer, err = ssh.ParsePrivateKey(key)
}
if err != nil {
return nil, fmt.Errorf("could not get signer: %w", err)
}
return ssh.PublicKeys(signer), nil
}
// Resolve returns the SSH client and session from the options.
func resolveClient(opts *options.Remote) (*ssh.Client, *ssh.Session, error) {
if err := opts.Validate(); err != nil {
return nil, nil, fmt.Errorf("invalid remote options: %w", err)
}
var client *ssh.Client
if opts.Proxy != nil {
proxyConfig, err := resolveClientConfig(&opts.Proxy.RemoteConfig)
if err != nil {
return nil, nil, fmt.Errorf("could not create proxy config: %w", err)
}
proxyClient, err := ssh.Dial("tcp", fmt.Sprintf("%s:%d", opts.Proxy.Host, opts.Proxy.Port), proxyConfig)
if err != nil {
return nil, nil, fmt.Errorf("could not dial proxy: %w", err)
}
targetConn, err := proxyClient.Dial("tcp", fmt.Sprintf("%s:%d", opts.Host, opts.Port))
if err != nil {
catcher := &erc.Collector{}
catcher.Add(proxyClient.Close())
catcher.Add(fmt.Errorf("could not dial target host: %w", err))
return nil, nil, catcher.Resolve()
}
targetConfig, err := resolveClientConfig(&opts.RemoteConfig)
if err != nil {
catcher := &erc.Collector{}
catcher.Add(proxyClient.Close())
catcher.Add(fmt.Errorf("could not create target config: %w", err))
return nil, nil, catcher.Resolve()
}
gatewayConn, chans, reqs, err := ssh.NewClientConn(targetConn, fmt.Sprintf("%s:%d", opts.Host, opts.Port), targetConfig)
if err != nil {
catcher := &erc.Collector{}
catcher.Add(targetConn.Close())
catcher.Add(proxyClient.Close())
catcher.Add(fmt.Errorf("could not establish connection to target via proxy: %w", err))
return nil, nil, catcher.Resolve()
}
client = ssh.NewClient(gatewayConn, chans, reqs)
} else {
var err error
config, err := resolveClientConfig(&opts.RemoteConfig)
if err != nil {
return nil, nil, fmt.Errorf("could not create config: %w", err)
}
client, err = ssh.Dial("tcp", fmt.Sprintf("%s:%d", opts.Host, opts.Port), config)
if err != nil {
return nil, nil, fmt.Errorf("could not dial host: %w", err)
}
}
session, err := client.NewSession()
if err != nil {
catcher := &erc.Collector{}
catcher.Add(client.Close())
catcher.Add(err)
return nil, nil, fmt.Errorf("could not establish session: %w", catcher.Resolve())
}
return client, session, nil
}