mirror of
https://github.com/tailscale/tailscale.git
synced 2024-12-13 03:34:43 +00:00
bb93e29d5c
(The name SSH_HostKeys is bad but SSHHostKeys is worse.) Updates #3802 Change-Id: I2a889019c9e8b065b668dd58140db4fcab868a91 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
59 lines
1.5 KiB
Go
59 lines
1.5 KiB
Go
// Copyright (c) 2022 Tailscale Inc & AUTHORS All rights reserved.
|
|
// Use of this source code is governed by a BSD-style
|
|
// license that can be found in the LICENSE file.
|
|
|
|
//go:build linux
|
|
// +build linux
|
|
|
|
package ipnlocal
|
|
|
|
import (
|
|
"errors"
|
|
"io/ioutil"
|
|
"os"
|
|
"strings"
|
|
|
|
"golang.org/x/crypto/ssh"
|
|
"tailscale.com/envknob"
|
|
)
|
|
|
|
var useHostKeys = envknob.Bool("TS_USE_SYSTEM_SSH_HOST_KEYS")
|
|
|
|
func (b *LocalBackend) GetSSH_HostKeys() ([]ssh.Signer, error) {
|
|
// TODO(bradfitz): generate host keys, at least as needed if
|
|
// an existing SSH server didn't put them on disk. But also
|
|
// because people may want tailscale-specific ones. For now be
|
|
// lazy and reuse the host ones.
|
|
return b.getSystemSSH_HostKeys()
|
|
}
|
|
|
|
func (b *LocalBackend) getSystemSSH_HostKeys() (ret []ssh.Signer, err error) {
|
|
// TODO(bradfitz): cache this?
|
|
for _, typ := range []string{"rsa", "ecdsa", "ed25519"} {
|
|
hostKey, err := ioutil.ReadFile("/etc/ssh/ssh_host_" + typ + "_key")
|
|
if os.IsNotExist(err) {
|
|
continue
|
|
}
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
signer, err := ssh.ParsePrivateKey(hostKey)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
ret = append(ret, signer)
|
|
}
|
|
if len(ret) == 0 {
|
|
return nil, errors.New("no system SSH host keys found")
|
|
}
|
|
return ret, nil
|
|
}
|
|
|
|
func (b *LocalBackend) getSSHHostKeyPublicStrings() (ret []string) {
|
|
signers, _ := b.GetSSH_HostKeys()
|
|
for _, signer := range signers {
|
|
ret = append(ret, strings.TrimSpace(string(ssh.MarshalAuthorizedKey(signer.PublicKey()))))
|
|
}
|
|
return ret
|
|
}
|