ipnlocal, tailssh: start moving host key stuff into the right spot

Make tailssh ask LocalBackend for the SSH hostkeys, as we'll need to distribute them to peers. For now only the hacky use-same-as-actual-host mode is implemented. Updates #3802 Change-Id: I819dcb25c14e42e6692c441186c1dc744441592b Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2025-08-21 10:27:30 +00:00 · 2022-02-17 13:28:14 -08:00
parent 94409db7e2
commit fbff1555fc
2 changed files with 55 additions and 11 deletions
--- a/ssh/tailssh/tailssh.go
+++ b/ssh/tailssh/tailssh.go
@@ -12,7 +12,6 @@ import (
 	"encoding/json"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"net"
 	"os"
 	"os/exec"
@@ -21,7 +20,6 @@ import (

 	"github.com/creack/pty"
 	"github.com/gliderlabs/ssh"
-	gossh "golang.org/x/crypto/ssh"
 	"inet.af/netaddr"
 	"tailscale.com/envknob"
 	"tailscale.com/ipn/ipnlocal"
@@ -35,14 +33,6 @@ import (

 // Handle handles an SSH connection from c.
 func Handle(logf logger.Logf, lb *ipnlocal.LocalBackend, c net.Conn) error {
-	hostKey, err := ioutil.ReadFile("/etc/ssh/ssh_host_ed25519_key")
-	if err != nil {
-		return err
-	}
-	signer, err := gossh.ParsePrivateKey(hostKey)
-	if err != nil {
-		return err
-	}
 	sshd := &server{lb, logf}
 	srv := &ssh.Server{
 		Handler:           sshd.handleSSH,
@@ -59,7 +49,13 @@ func Handle(logf logger.Logf, lb *ipnlocal.LocalBackend, c net.Conn) error {
 	for k, v := range ssh.DefaultSubsystemHandlers {
 		srv.SubsystemHandlers[k] = v
 	}
-	srv.AddHostKey(signer)
+	keys, err := lb.GetSSHHostKeys()
+	if err != nil {
+		return err
+	}
+	for _, signer := range keys {
+		srv.AddHostKey(signer)
+	}

 	srv.HandleConn(c)
 	return nil