| Tim Windelschmidt | 6d33a43 | 2025-02-04 14:34:25 +0100 | [diff] [blame] | 1 | // Copyright The Monogon Project Authors. |
| 2 | // SPDX-License-Identifier: Apache-2.0 |
| 3 | |
| Tim Windelschmidt | b6308cd | 2023-10-10 21:19:03 +0200 | [diff] [blame] | 4 | package main |
| 5 | |
| 6 | import ( |
| 7 | "flag" |
| 8 | "fmt" |
| 9 | |
| Jan Schär | 0175d7a | 2025-03-26 12:57:23 +0000 | [diff] [blame^] | 10 | "golang.org/x/crypto/ssh" |
| Tim Windelschmidt | b6308cd | 2023-10-10 21:19:03 +0200 | [diff] [blame] | 11 | "k8s.io/klog/v2" |
| 12 | |
| 13 | "source.monogon.dev/cloud/shepherd/manager" |
| 14 | ) |
| 15 | |
| 16 | type sshConfig struct { |
| 17 | User string |
| 18 | Pass string |
| 19 | SSHKey manager.SSHKey |
| 20 | } |
| 21 | |
| 22 | func (sc *sshConfig) check() error { |
| 23 | if sc.User == "" { |
| 24 | return fmt.Errorf("-ssh_user must be set") |
| 25 | } |
| 26 | |
| 27 | if sc.Pass == "" && sc.SSHKey.KeyPersistPath == "" { |
| 28 | //TODO: The flag name -ssh_key_path could change, which would make this |
| 29 | // error very confusing. |
| 30 | return fmt.Errorf("-ssh_pass or -ssh_key_path must be set") |
| 31 | } |
| 32 | |
| 33 | return nil |
| 34 | } |
| 35 | |
| 36 | func (sc *sshConfig) RegisterFlags() { |
| 37 | flag.StringVar(&sc.User, "ssh_user", "", "SSH username to log into the machines") |
| 38 | flag.StringVar(&sc.Pass, "ssh_pass", "", "SSH password to log into the machines") |
| 39 | sc.SSHKey.RegisterFlags() |
| 40 | } |
| 41 | |
| Jan Schär | 0175d7a | 2025-03-26 12:57:23 +0000 | [diff] [blame^] | 42 | func (sc *sshConfig) Configure(config *ssh.ClientConfig) error { |
| Tim Windelschmidt | b6308cd | 2023-10-10 21:19:03 +0200 | [diff] [blame] | 43 | if err := sc.check(); err != nil { |
| Jan Schär | 0175d7a | 2025-03-26 12:57:23 +0000 | [diff] [blame^] | 44 | return err |
| Tim Windelschmidt | b6308cd | 2023-10-10 21:19:03 +0200 | [diff] [blame] | 45 | } |
| 46 | |
| Jan Schär | 0175d7a | 2025-03-26 12:57:23 +0000 | [diff] [blame^] | 47 | config.User = sc.User |
| Tim Windelschmidt | b6308cd | 2023-10-10 21:19:03 +0200 | [diff] [blame] | 48 | |
| 49 | switch { |
| 50 | case sc.Pass != "": |
| Jan Schär | 0175d7a | 2025-03-26 12:57:23 +0000 | [diff] [blame^] | 51 | config.Auth = []ssh.AuthMethod{ssh.Password(sc.Pass)} |
| Tim Windelschmidt | b6308cd | 2023-10-10 21:19:03 +0200 | [diff] [blame] | 52 | case sc.SSHKey.KeyPersistPath != "": |
| 53 | signer, err := sc.SSHKey.Signer() |
| 54 | if err != nil { |
| Jan Schär | 0175d7a | 2025-03-26 12:57:23 +0000 | [diff] [blame^] | 55 | return err |
| Tim Windelschmidt | b6308cd | 2023-10-10 21:19:03 +0200 | [diff] [blame] | 56 | } |
| 57 | |
| 58 | pubKey, err := sc.SSHKey.PublicKey() |
| 59 | if err != nil { |
| Jan Schär | 0175d7a | 2025-03-26 12:57:23 +0000 | [diff] [blame^] | 60 | return err |
| Tim Windelschmidt | b6308cd | 2023-10-10 21:19:03 +0200 | [diff] [blame] | 61 | } |
| 62 | |
| 63 | klog.Infof("Using ssh key auth with public key: %s", pubKey) |
| 64 | |
| Jan Schär | 0175d7a | 2025-03-26 12:57:23 +0000 | [diff] [blame^] | 65 | config.Auth = []ssh.AuthMethod{ssh.PublicKeys(signer)} |
| Tim Windelschmidt | b6308cd | 2023-10-10 21:19:03 +0200 | [diff] [blame] | 66 | } |
| Jan Schär | 0175d7a | 2025-03-26 12:57:23 +0000 | [diff] [blame^] | 67 | |
| 68 | // Ignore the host key, since it's likely the first time anything logs into |
| 69 | // this device, and also because there's no way of knowing its fingerprint. |
| 70 | config.HostKeyCallback = ssh.InsecureIgnoreHostKey() |
| 71 | |
| 72 | return nil |
| Tim Windelschmidt | b6308cd | 2023-10-10 21:19:03 +0200 | [diff] [blame] | 73 | } |