| 76 | } |
| 77 | |
| 78 | func (c SSHProxyConfig) LoadPrivateKey() (ssh.Signer, error) { |
| 79 | if c.PrivateKey == "" { |
| 80 | return nil, nil |
| 81 | } |
| 82 | privateKey := c.PrivateKey |
| 83 | if strings.TrimSpace(privateKey)[:5] != "-----" { |
| 84 | // Loading file here, so no gosec problems. |
| 85 | fh, err := os.Open(privateKey) //nolint:gosec |
| 86 | if err != nil { |
| 87 | return nil, fmt.Errorf("failed load private key %s (%w)", privateKey, err) |
| 88 | } |
| 89 | privateKeyData, err := io.ReadAll(fh) |
| 90 | if err != nil { |
| 91 | _ = fh.Close() |
| 92 | return nil, fmt.Errorf("failed to load private key %s (%w)", privateKey, err) |
| 93 | } |
| 94 | if err = fh.Close(); err != nil { |
| 95 | return nil, fmt.Errorf("failed to close host key file %s (%w)", privateKey, err) |
| 96 | } |
| 97 | privateKey = string(privateKeyData) |
| 98 | } |
| 99 | private, err := ssh.ParsePrivateKey([]byte(privateKey)) |
| 100 | if err != nil { |
| 101 | return nil, fmt.Errorf("failed to parse private key (%w)", err) |
| 102 | } |
| 103 | keyType := private.PublicKey().Type() |
| 104 | |
| 105 | if err := SSHKeyAlgo(keyType).Validate(); err != nil { |
| 106 | return nil, fmt.Errorf("unsupported host key algorithm %s", keyType) |
| 107 | } |
| 108 | return private, nil |
| 109 | } |
| 110 | |
| 111 | var clientVersionRegexp = regexp.MustCompile(`^SSH-2.0-[a-zA-Z0-9]+(| [a-zA-Z0-9- _.]+)$`) |
| 112 | |