ssh.go


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157

package shell

import (
	"fmt"
	"io/ioutil"
	"time"

	"github.com/tmc/scp"
	"go.wit.com/log"
	"golang.org/x/crypto/ssh"
)

var sshHostname string
var sshPort int
var sshUsername string
var sshPassword string
var sshKeyfile string

func SSHclientSet(hostname string, port int, username string, pass string, keyfile string) {
	sshHostname = hostname
	sshPort = port
	sshUsername = username
	sshPassword = pass
	sshKeyfile = keyfile
}

func SSHclientSCP(localfile string, remotefile string) {
	log.Log(SSH, "shell.SSHclientSCP() START")
	log.Log(SSH, "shell.SSHclientSCP() \tlocalfile =", localfile)
	log.Log(SSH, "shell.SSHclientSCP() \tremotefile =", remotefile)
	sess := mySsh(sshHostname, sshPort, sshUsername, sshPassword, sshKeyfile)
	err := scp.CopyPath(localfile, remotefile, sess)
	sess.Close()
	log.Log(SSH, "shell.SSHclientSCP() \tscp.CopyPath() err =", err)
	log.Log(SSH, "shell.SSHclientSCP() END")
}

func SSHclientRun(cmd string) {
	log.Log(SSH, "shell.SSHclientRun() START cmd =", cmd)
	sess := mySsh(sshHostname, sshPort, sshUsername, sshPassword, sshKeyfile)
	err := sess.Run(cmd)
	sess.Close()
	log.Log(SSH, "shell.SSHclientRun() END err =", err)
}

func mySsh(hostname string, port int, username string, pass string, keyfile string) *ssh.Session {
	// get host public key
	// hostKey := getHostKey(host)
	// log.Log(SSH, "hostkey =", hostKey)

	publicKey, err := PublicKeyFile(keyfile)
	if err != nil {
		log.Log(SSH, "PublicKeyFile() error =", err)
	}

	// ssh client config
	config := ssh.ClientConfig{
		User: username,
		Auth: []ssh.AuthMethod{
			ssh.Password(pass),
			publicKey,
		},
		// allow any host key to be used (non-prod)
		HostKeyCallback: ssh.InsecureIgnoreHostKey(),

		// verify host public key
		// HostKeyCallback: ssh.FixedHostKey(hostKey),
		// optional host key algo list
		HostKeyAlgorithms: []string{
			ssh.KeyAlgoRSA,
			ssh.KeyAlgoDSA,
			ssh.KeyAlgoECDSA256,
			ssh.KeyAlgoECDSA384,
			ssh.KeyAlgoECDSA521,
			ssh.KeyAlgoED25519,
		},
		// optional tcp connect timeout
		Timeout: 5 * time.Second,
	}

	sport := fmt.Sprintf("%d", port)
	// connect
	client, err := ssh.Dial("tcp", hostname+":"+sport, &config)
	if err != nil {
		log.Error(err)
	}
	// defer client.Close()

	// start session
	sess, err := client.NewSession()
	if err != nil {
		log.Error(err)
	}
	// defer sess.Close()

	return sess
}

func Scp(sess *ssh.Session, localfile string, remotefile string) {
	err := scp.CopyPath(localfile, remotefile, sess)
	log.Log(SSH, "scp.CopyPath() err =", err)
}

func PublicKeyFile(file string) (ssh.AuthMethod, error) {
	buffer, err := ioutil.ReadFile(file)
	log.Log(SSH, "buffer =", string(buffer))
	if err != nil {
		return nil, err
	}

	key, err := ssh.ParsePrivateKey(buffer)
	if err != nil {
		return nil, err
	}
	return ssh.PublicKeys(key), nil
}

// THIS doesn't work
/*
func getHostKey(host string) ssh.PublicKey {
	// parse OpenSSH known_hosts file
	// ssh or use ssh-keyscan to get initial key
	file, err := os.Open(filepath.Join(os.Getenv("HOME"), ".ssh", "known_hosts"))
	if err != nil {
		log.Fatal(err)
	}
	defer file.Close()

	scanner := bufio.NewScanner(file)
	var hostKey ssh.PublicKey
	for scanner.Scan() {
		fields := strings.Split(scanner.Text(), " ")
		if len(fields) != 3 {
			continue
		}
		if strings.Contains(fields[0], host) {
			var err error
			hostKey, _, _, _, err = ssh.ParseAuthorizedKey(scanner.Bytes())
			if err != nil {
				log.Fatalf("error parsing %q: %v", fields[2], err)
			}
			break
		}
	}

	// 9enFJdMhb8eHN/6qfHSU/jww2Mo=|pcsWQCvAyve9QXBhjL+w/LhkcHU= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMQx8BJXxD+vk3wyjy7Irzw4FA6xxJvqUP7Hb+Z+ygpOuidYj9G8x6gHEXFUnABn5YirePrWh5tNsk4Rqs48VwU=
	hostKey, _, _, _, err = ssh.ParseAuthorizedKey([]byte("9enFJdMhb8eHN/6qfHSU/jww2Mo=|pcsWQCvAyve9QXBhjL+w/LhkcHU= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMQx8BJXxD+vk3wyjy7Irzw4FA6xxJvqUP7Hb+Z+ygpOuidYj9G8x6gHEXFUnABn5YirePrWh5tNsk4Rqs48VwU="))
	log.Log(SSH, "hostkey err =", err)
	log.Log(SSH, "hostkey =", hostKey)
	if hostKey == nil {
		log.Log(SSH, "no hostkey found err =", err)
		log.Fatalf("no hostkey found for %s", host)
	}

	return hostKey
}
*/