firstConfiguredKeyPair reads the effective configuration for a localhost connection and returns the first valid key pair which would be tried for authentication
( ctx context.Context, customConfigFile string, customHost string, )
| 470 | // firstConfiguredKeyPair reads the effective configuration for a localhost |
| 471 | // connection and returns the first valid key pair which would be tried for authentication |
| 472 | func firstConfiguredKeyPair( |
| 473 | ctx context.Context, |
| 474 | customConfigFile string, |
| 475 | customHost string, |
| 476 | ) (*ssh.KeyPair, error) { |
| 477 | sshExe, err := safeexec.LookPath("ssh") |
| 478 | if err != nil { |
| 479 | return nil, fmt.Errorf("could not find ssh executable: %w", err) |
| 480 | } |
| 481 | |
| 482 | // The -G option tells ssh to output the effective config for the given host, but not connect |
| 483 | sshGArgs := []string{"-G"} |
| 484 | |
| 485 | if customConfigFile != "" { |
| 486 | sshGArgs = append(sshGArgs, "-F", customConfigFile) |
| 487 | } |
| 488 | |
| 489 | if customHost != "" { |
| 490 | sshGArgs = append(sshGArgs, customHost) |
| 491 | } else { |
| 492 | sshGArgs = append(sshGArgs, "localhost") |
| 493 | } |
| 494 | |
| 495 | sshGCmd := exec.CommandContext(ctx, sshExe, sshGArgs...) |
| 496 | configBytes, err := sshGCmd.Output() |
| 497 | if err != nil { |
| 498 | return nil, fmt.Errorf("could not load ssh configuration: %w", err) |
| 499 | } |
| 500 | |
| 501 | configLines := strings.Split(string(configBytes), "\n") |
| 502 | for _, line := range configLines { |
| 503 | line = strings.TrimSpace(line) |
| 504 | |
| 505 | if strings.HasPrefix(line, "identityfile ") { |
| 506 | privateKeyPath := strings.SplitN(line, " ", 2)[1] |
| 507 | |
| 508 | keypair, err := keypairForPrivateKey(privateKeyPath) |
| 509 | if errors.Is(err, errKeyFileNotFound) { |
| 510 | continue |
| 511 | } |
| 512 | if err != nil { |
| 513 | return nil, fmt.Errorf("loading ssh config: %w", err) |
| 514 | } |
| 515 | |
| 516 | return keypair, nil |
| 517 | } |
| 518 | } |
| 519 | |
| 520 | return nil, errKeyFileNotFound |
| 521 | } |
| 522 | |
| 523 | // keypairForPrivateKey returns the KeyPair with the specified private key if it and the public key both exist |
| 524 | func keypairForPrivateKey(privateKeyPath string) (*ssh.KeyPair, error) { |
no test coverage detected