ipn/ipnlocal: generate tailscaled-owned SSH keys as needed

Updates #3802 Change-Id: Ie1bc9ae3f3639603b88b4e19b7eb12bea528ff77 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2025-12-03 10:31:59 +00:00 · 2022-02-24 11:07:16 -08:00
parent cce6aad6c0
commit c4a6d9fa5d
2 changed files with 136 additions and 10 deletions
--- a/ipn/ipnlocal/ssh_test.go
+++ b/ipn/ipnlocal/ssh_test.go
@@ -0,0 +1,42 @@
+// Copyright (c) 2022 Tailscale Inc & AUTHORS All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build linux
+// +build linux
+
+package ipnlocal
+
+import (
+	"reflect"
+	"testing"
+)
+
+func TestSSHKeyGen(t *testing.T) {
+	dir := t.TempDir()
+	lb := &LocalBackend{varRoot: dir}
+	keys, err := lb.getTailscaleSSH_HostKeys()
+	if err != nil {
+		t.Fatal(err)
+	}
+	got := map[string]bool{}
+	for _, k := range keys {
+		got[k.PublicKey().Type()] = true
+	}
+	want := map[string]bool{
+		"ssh-rsa":             true,
+		"ecdsa-sha2-nistp256": true,
+		"ssh-ed25519":         true,
+	}
+	if !reflect.DeepEqual(got, want) {
+		t.Fatalf("keys = %v; want %v", got, want)
+	}
+
+	keys2, err := lb.getTailscaleSSH_HostKeys()
+	if err != nil {
+		t.Fatal(err)
+	}
+	if !reflect.DeepEqual(keys, keys2) {
+		t.Errorf("got different keys on second call")
+	}
+}