-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathkey.go
114 lines (101 loc) · 2.68 KB
/
key.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
package winssh
import (
"bytes"
"crypto/rand"
"crypto/rsa"
"crypto/x509"
"encoding/pem"
"os"
"path/filepath"
gl "github.com/gliderlabs/ssh"
"golang.org/x/crypto/ssh"
)
const (
sshHostKey = "ssh_host_rsa_key" // OpenSSH for Windows
administratorsAuthorizedKeys = "administrators_authorized_keys" // OpenSSH for Windows
authorizedKeys = "authorized_keys" // write from embed or from first client
)
var aKeyPath string
// like gl.GenerateSigner plus write key to files
func GenerateSigner(pri string) (gl.Signer, error) {
key, err := rsa.GenerateKey(rand.Reader, 2048)
if err != nil {
return nil, err
}
Bytes := x509.MarshalPKCS1PrivateKey(key)
data := pem.EncodeToMemory(&pem.Block{
Type: "RSA PRIVATE KEY",
Bytes: Bytes,
})
os.WriteFile(pri, data, 0644)
Bytes, err = x509.MarshalPKIXPublicKey(&key.PublicKey)
if err == nil {
data := pem.EncodeToMemory(&pem.Block{
Type: "RSA PUBLIC KEY",
Bytes: Bytes,
})
os.WriteFile(pri+".pub", data, 0644)
}
return ssh.NewSignerFromKey(key)
}
// ParseAuthorizedKeys
func FileToAuthorized(bs []byte, err error) (authorized []gl.PublicKey) {
if err != nil {
return
}
for _, b := range bytes.Split(bs, []byte("\n")) {
k, _, _, _, err := gl.ParseAuthorizedKey(b)
if err == nil {
ltf.Println("FileToAuthorized", ssh.FingerprintSHA256(k))
authorized = append(authorized, k)
}
}
return
}
// case no files then write from embed
func BytesToAuthorized(authorized_keys []byte, old []gl.PublicKey) (authorized []gl.PublicKey) {
authorized = old
if len(old) > 0 || len(authorized_keys) == 0 {
return
}
ltf.Println("BytesToAuthorized")
authorized = FileToAuthorized(authorized_keys, nil)
if len(authorized) > 0 {
file := filepath.Join(aKeyPath, authorizedKeys)
ltf.Println("WriteFile", file)
os.WriteFile(file, authorized_keys, 0644)
return
}
return old
}
// case no files and not embed then write from first client
func KeyToAuthorized(key gl.PublicKey, old []gl.PublicKey) []gl.PublicKey {
if len(old) > 0 {
return old
}
// only first login
b := ssh.MarshalAuthorizedKey(key)
ltf.Println("KeyToAuthorized", ssh.FingerprintSHA256(key))
return BytesToAuthorized(b, old)
}
// is autorized
func Authorized(key gl.PublicKey, authorized []gl.PublicKey) bool {
for _, k := range authorized {
if gl.KeysEqual(key, k) {
return true
}
}
return false
}
// get allowed keys
func GetUserKeys(cwd string, fns ...string) (authorized []gl.PublicKey) {
aKeyPath = cwd //.ssh
for _, akf := range GetUserKeysPaths(cwd, fns...) {
kk := FileToAuthorized(os.ReadFile(akf))
if len(kk) > 0 {
ltf.Println(akf)
authorized = append(authorized, kk...)
}
}
return
}