Skip to content

feat: support for identityfiles to select keys from ssh-agent #355

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
shreddedbacon merged 1 commit into from
Jun 27, 2024
Merged

feat: support for identityfiles to select keys from ssh-agent #355

shreddedbacon merged 1 commit into from
Jun 27, 2024

Conversation

@shreddedbacon
Copy link
Member

@shreddedbacon shreddedbacon commented Jun 13, 2024
edited
Loading

General Checklist

  • Affected Issues have been mentioned in the Closing issues section
  • Documentation has been written/updated
  • PR title is ready for inclusion in changelog

This adds support for publickey identities to the config file, which allows for these to select a key if it is found in the ssh-agent

lagoons:
    local-k3d:
        publickeyidentities:
          - /full/path/to/key.pub

A flag can be provided too --ssh-publickey /full/path/to/key.pub which will override anything defined in configuration

Additionally, a global --verbose flag is added which can be used to print some verbose output to stderr, this could be used elsewhere in the CLI in the future too. In this PR the flag will print which key is being used or if the agent is being used, which can help users with debugging.

Worth noting, once #319 is finalized, keycloak authentication will be the preferred method for authenticating the CLI to get a token, leaving these identity files to only be used for the ssh aspect the CLI provides. But they can still be used for authenticating to get a token via the SSH service still.

Closing issues

closes #354

@shreddedbacon shreddedbacon force-pushed the ssh-agent-identity branch 2 times, most recently from 298aebc to 6866c37 Compare June 14, 2024 01:16
@smlx
Copy link
Member

smlx commented Jun 14, 2024

Sorry I know I wasn't requested for a review, but I think the public key comparison could be made a bit more robust by using the library parsing functions. Something like this?

var identities []ssh.PublicKey
for _, idFile := range publicKeyIdentityFiles {
	keybytes, _ := os.ReadFile(idFile)
	pubkey, _ := ssh.ParsePublicKey(keybytes)
	identities = append(identities, pubkey)
}
for _, signer := range agentSigners {
	for _, identity := range identities {
		if bytes.Equal(signer.PublicKey().Marshal(), identity.Marshal()) {
			// found a match
		}
	}
}

rocketeerbkw
rocketeerbkw requested changes Jun 17, 2024
View reviewed changes
Copy link
Member

@rocketeerbkw rocketeerbkw left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I pasted the wrong path for my public key and got this error:

panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x18 pc=0x8e5c63]

goroutine 1 [running]:
github.com/uselagoon/lagoon-cli/cmd.publicKey({0xc000267de0, 0x19}, {0x0, 0x0}, {0xc00023d090, 0x1, 0x9fd275?}, 0x5?)
	/home/brandon/dev/amazee-io/lagoon-cli/cmd/login.go:56 +0x8c3

I immediately knew it was a spelling error, but not everyone will, can you add a "file exists" check similar to how -i has?

Otherwise, this works to use a single key from the ssh-agent as described 🎉

@shreddedbacon shreddedbacon marked this pull request as ready for review June 17, 2024 21:44
@shreddedbacon shreddedbacon force-pushed the ssh-agent-identity branch 5 times, most recently from 304e268 to 9077aa1 Compare June 24, 2024 01:08
@shreddedbacon
Copy link
Member Author

shreddedbacon commented Jun 25, 2024

Updated with file check error handling, so I'll merge this now @rocketeerbkw ?

rocketeerbkw
rocketeerbkw approved these changes Jun 27, 2024
View reviewed changes
Copy link
Member

@rocketeerbkw rocketeerbkw left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Got an error message for bad file path, and using the specified key still works 👍

@shreddedbacon shreddedbacon merged commit 2d045bf into main Jun 27, 2024
@shreddedbacon shreddedbacon deleted the ssh-agent-identity branch June 27, 2024 22:25
@smlx smlx mentioned this pull request Jul 2, 2024
Merged
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rocketeerbkw rocketeerbkw rocketeerbkw approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Not able to specify a specific ssh key from ssh-agent

4 participants

@shreddedbacon @smlx @rocketeerbkw