From a3e64a0a0725c29266262b8f5576aa47bcd4f573 Mon Sep 17 00:00:00 2001 From: dovholuknf <46322585+dovholuknf@users.noreply.github.com> Date: Sun, 8 Sep 2024 19:51:39 -0400 Subject: [PATCH] basic knownhosts implementation --- go.mod | 40 +++++++------- go.sum | 42 +++++++++++++++ zsshlib/ssh.go | 141 ++++++++++++++++++++++++++++++++++++++++++++++++- 3 files changed, 203 insertions(+), 20 deletions(-) diff --git a/go.mod b/go.mod index 790cf67..f67f1a2 100644 --- a/go.mod +++ b/go.mod @@ -8,8 +8,8 @@ require ( github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d github.com/natefinch/npipe v0.0.0-20160621034901-c1b8fa8bdcce github.com/openziti/cobra-to-md v0.0.0-20240827152831-dab4eaadf278 - github.com/openziti/edge-api v0.26.23 - github.com/openziti/sdk-golang v0.23.40 + github.com/openziti/edge-api v0.26.30 + github.com/openziti/sdk-golang v0.23.41 github.com/openziti/ziti v0.32.0-alpha-1 github.com/pkg/errors v0.9.1 github.com/pkg/sftp v1.13.5 @@ -17,8 +17,8 @@ require ( github.com/skip2/go-qrcode v0.0.0-20200617195104-da1b6568686e github.com/spf13/cobra v1.8.1 github.com/stretchr/testify v1.9.0 - github.com/zitadel/oidc/v2 v2.12.0 - golang.org/x/crypto v0.25.0 + github.com/zitadel/oidc/v2 v2.12.2 + golang.org/x/crypto v0.27.0 golang.org/x/oauth2 v0.21.0 gopkg.in/yaml.v2 v2.4.0 ) @@ -49,7 +49,7 @@ require ( github.com/golang/protobuf v1.5.4 // indirect github.com/gorilla/mux v1.8.1 // indirect github.com/gorilla/schema v1.3.0 // indirect - github.com/gorilla/websocket v1.5.1 // indirect + github.com/gorilla/websocket v1.5.3 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/josharian/intern v1.0.0 // indirect github.com/kataras/go-events v0.0.3 // indirect @@ -66,11 +66,12 @@ require ( github.com/oklog/ulid v1.3.1 // indirect github.com/opentracing/opentracing-go v1.2.0 // indirect github.com/openziti/channel/v2 v2.0.136 // indirect - github.com/openziti/foundation/v2 v2.0.47 // indirect - github.com/openziti/identity v1.0.81 // indirect - github.com/openziti/metrics v1.2.56 // indirect + github.com/openziti/channel/v3 v3.0.2 // indirect + github.com/openziti/foundation/v2 v2.0.49 // indirect + github.com/openziti/identity v1.0.85 // indirect + github.com/openziti/metrics v1.2.58 // indirect github.com/openziti/secretstream v0.1.21 // indirect - github.com/openziti/transport/v2 v2.0.138 // indirect + github.com/openziti/transport/v2 v2.0.146 // indirect github.com/orcaman/concurrent-map/v2 v2.0.1 // indirect github.com/parallaxsecond/parsec-client-go v0.0.0-20221025095442-f0a77d263cf9 // indirect github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect @@ -84,20 +85,21 @@ require ( github.com/tklauser/go-sysconf v0.3.14 // indirect github.com/tklauser/numcpus v0.8.0 // indirect github.com/yusufpapurcu/wmi v1.2.4 // indirect - go.mongodb.org/mongo-driver v1.16.0 // indirect + go.mongodb.org/mongo-driver v1.16.1 // indirect go.mozilla.org/pkcs7 v0.0.0-20210826202110-33d05740a352 // indirect - go.opentelemetry.io/otel v1.28.0 // indirect - go.opentelemetry.io/otel/metric v1.28.0 // indirect - go.opentelemetry.io/otel/trace v1.28.0 // indirect + go.opentelemetry.io/otel v1.29.0 // indirect + go.opentelemetry.io/otel/metric v1.29.0 // indirect + go.opentelemetry.io/otel/trace v1.29.0 // indirect golang.org/x/exp v0.0.0-20240604190554-fc45aab8b7f8 // indirect - golang.org/x/net v0.27.0 // indirect - golang.org/x/sync v0.7.0 // indirect - golang.org/x/sys v0.22.0 // indirect - golang.org/x/term v0.22.0 // indirect - golang.org/x/text v0.16.0 // indirect + golang.org/x/net v0.29.0 // indirect + golang.org/x/sync v0.8.0 // indirect + golang.org/x/sys v0.25.0 // indirect + golang.org/x/term v0.24.0 // indirect + golang.org/x/text v0.18.0 // indirect google.golang.org/protobuf v1.34.2 // indirect + gopkg.in/go-jose/go-jose.v2 v2.6.3 // indirect gopkg.in/natefinch/npipe.v2 v2.0.0-20160621034901-c1b8fa8bdcce // indirect gopkg.in/square/go-jose.v2 v2.6.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect - nhooyr.io/websocket v1.8.11 // indirect + nhooyr.io/websocket v1.8.17 // indirect ) diff --git a/go.sum b/go.sum index d2d6e27..2e5f404 100644 --- a/go.sum +++ b/go.sum @@ -200,6 +200,8 @@ github.com/gorilla/securecookie v1.1.2 h1:YCIWL56dvtr73r6715mJs5ZvhtnY73hBvEF8kX github.com/gorilla/securecookie v1.1.2/go.mod h1:NfCASbcHqRSY+3a8tlWJwsQap2VX5pwzwo4h3eOamfo= github.com/gorilla/websocket v1.5.1 h1:gmztn0JnHVt9JZquRuzLw3g4wouNVzKL15iLr/zn/QY= github.com/gorilla/websocket v1.5.1/go.mod h1:x3kM2JMyaluk02fnUJpQuwD2dCS5NDG2ZHL0uE0tcaY= +github.com/gorilla/websocket v1.5.3 h1:saDtZ6Pbx/0u+bgYQ3q96pZgCzfhKXGPqt7kZ72aNNg= +github.com/gorilla/websocket v1.5.3/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw= github.com/hashicorp/consul/api v1.1.0/go.mod h1:VmuI/Lkw1nC05EYQWNKwWGbkg+FbDBtguAZLlVdkD9Q= github.com/hashicorp/consul/sdk v0.1.1/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8= @@ -312,22 +314,36 @@ github.com/opentracing/opentracing-go v1.2.0 h1:uEJPy/1a5RIPAJ0Ov+OIO8OxWu77jEv+ github.com/opentracing/opentracing-go v1.2.0/go.mod h1:GxEUsuufX4nBwe+T+Wl9TAgYrxe9dPLANfrWvHYVTgc= github.com/openziti/channel/v2 v2.0.136 h1:XWjcNrPhto2XiD5HLhsh7GhmqfHEweQIJ/eUjtVKUJs= github.com/openziti/channel/v2 v2.0.136/go.mod h1:7jhk6JtJPP1O8aWYx+w2IuwCunFJ88Ot4AQcrKiX5og= +github.com/openziti/channel/v3 v3.0.2 h1:qepOLccMcpbRF4kFMslm3EhUcU6bT04iz9Ol9QGkde4= +github.com/openziti/channel/v3 v3.0.2/go.mod h1:6DJlGa8BUGkcIE3ngi7MHdwzutdJd8YSGWw6nBRniWY= github.com/openziti/cobra-to-md v0.0.0-20240827152831-dab4eaadf278 h1:v77wxCS4Y5uPy9XNXxJ4ercyRUEknt/3O4VmdbfPQ7c= github.com/openziti/cobra-to-md v0.0.0-20240827152831-dab4eaadf278/go.mod h1:FjCpk/yzHF7/r28oSTNr5P57yN5VolpdAtS/g7KNi2c= github.com/openziti/edge-api v0.26.23 h1:tXXGc/ACg7bQys+8K8ElS49A8VWfBi8Y6nGV53NqE9U= github.com/openziti/edge-api v0.26.23/go.mod h1:t0qfgV5u2+HItpvgDIShA69v6m7RZ+PrbQuLQaDDdx8= +github.com/openziti/edge-api v0.26.30 h1:Zeit+UJbMhL8aJkcHKsq7XyRX2b7p/hBWL3nzo60gS8= +github.com/openziti/edge-api v0.26.30/go.mod h1:Ya4b6u+SmkqSU2HsWxahwhZ3g+aBqW8mzfm/OOSdCNM= github.com/openziti/foundation/v2 v2.0.47 h1:f2LM6FQOhHXJ9QMTpr4GAKq8qXspNG3EGczMjjyz7uc= github.com/openziti/foundation/v2 v2.0.47/go.mod h1:pj5nPmVtAdF1QX+aRtALw69hxcsAzrWDpBUe+Zrc73Q= +github.com/openziti/foundation/v2 v2.0.49 h1:aQ5I/lMhkHQ6urhRpLwrWP+7YtoeUitCfY/wub+nOqo= +github.com/openziti/foundation/v2 v2.0.49/go.mod h1:tFk7wg5WE/nDDur5jSVQTROugKDXQkFvmqRSV4pvWp0= github.com/openziti/identity v1.0.81 h1:zeS+sCxsfIbNAvlLHqM+74BcCPitW4Vpmarlrcun6hw= github.com/openziti/identity v1.0.81/go.mod h1:/UKDen2MOw2Kjs0WuKiBloIT2bPrV0jxLAo8eyVy0ic= +github.com/openziti/identity v1.0.85 h1:jphDHrUCXCJGdbVTMBqsdtS0Ei/vhDH337DMNMYzLro= +github.com/openziti/identity v1.0.85/go.mod h1:beIXWNDImEjZn93XPOorJzyuQCQUYOvKFQ0fWhLN2qM= github.com/openziti/metrics v1.2.56 h1:sOX5SCdK2Kx2vci+2PWIXDedbyRDUWylM3xJmmISiUs= github.com/openziti/metrics v1.2.56/go.mod h1:nATuueUtFF5PDhwBwbq93g8sjpQZmf0yo2rySOnOUEY= +github.com/openziti/metrics v1.2.58 h1:AbHSTMKHP/o6r6fh7a08c486Y/5f5xjkZQbcyn3w1tM= +github.com/openziti/metrics v1.2.58/go.mod h1:zGLMrLvVFOxo9tXUf8svcUsASxsPjhW9foW92FUzmDs= github.com/openziti/sdk-golang v0.23.40 h1:GvONB0uFDerPqRYy2f+W+SjYemGPrh6zZLBQTkIsi9g= github.com/openziti/sdk-golang v0.23.40/go.mod h1:2PRGfYgwpSBrYKtYsjmq5o5fvF1PmkVtvmxwqMqVhx4= +github.com/openziti/sdk-golang v0.23.41 h1:88FC5Tm7iJ0jYPiPEdwqXkHMVkqlmrsFN7rQcgHVjqw= +github.com/openziti/sdk-golang v0.23.41/go.mod h1:Nb9QU3zXtx4NoxZO/W7YhL+n46RY3p8sr5BR87kfcgo= github.com/openziti/secretstream v0.1.21 h1:r4xN8/CzSEvxZFFYGSztrlhMtIvk3B+SQcq2zgZ4Tb4= github.com/openziti/secretstream v0.1.21/go.mod h1:1lfAnS8gBHsKZiPbRRK1sularbAsqizN6tWUEuZSfo0= github.com/openziti/transport/v2 v2.0.138 h1:F7TUv34BZ6x2BetYLtYbxSU/G15B+vkGRU4uPKwvRvU= github.com/openziti/transport/v2 v2.0.138/go.mod h1:v0PN1dhFP48HeUUeBq9n/Ql2u5ln8EOtPBA3KkzD2GI= +github.com/openziti/transport/v2 v2.0.146 h1:Wdr4udri/fFpdj9GR9DR7/FKqt/2cMTgBdt3gfrqFaQ= +github.com/openziti/transport/v2 v2.0.146/go.mod h1:ULrJdwxs0sKmjAhen9Vk9E+Do4qpdDdx1YJeVVu3bZ4= github.com/openziti/ziti v0.32.0-alpha-1 h1:xR6oXG5T7ycQB5HSk2FCU9OxJVh5z4xjjT/M58sXvDU= github.com/openziti/ziti v0.32.0-alpha-1/go.mod h1:Q6Ieg6CidV3wbV2FNXIxhli9vJylcj3KG7z145wkvyk= github.com/orcaman/concurrent-map/v2 v2.0.1 h1:jOJ5Pg2w1oeB6PeDurIYf6k9PQ+aTITr/6lP/L/zp6c= @@ -411,11 +427,15 @@ github.com/yusufpapurcu/wmi v1.2.4 h1:zFUKzehAFReQwLys1b/iSMl+JQGSCSjtVqQn9bBrPo github.com/yusufpapurcu/wmi v1.2.4/go.mod h1:SBZ9tNy3G9/m5Oi98Zks0QjeHVDvuK0qfxQmPyzfmi0= github.com/zitadel/oidc/v2 v2.12.0 h1:4aMTAy99/4pqNwrawEyJqhRb3yY3PtcDxnoDSryhpn4= github.com/zitadel/oidc/v2 v2.12.0/go.mod h1:LrRav74IiThHGapQgCHZOUNtnqJG0tcZKHro/91rtLw= +github.com/zitadel/oidc/v2 v2.12.2 h1:3kpckg4rurgw7w7aLJrq7yvRxb2pkNOtD08RH42vPEs= +github.com/zitadel/oidc/v2 v2.12.2/go.mod h1:vhP26g1g4YVntcTi0amMYW3tJuid70nxqxf+kb6XKgg= go.etcd.io/etcd/api/v3 v3.5.0/go.mod h1:cbVKeC6lCfl7j/8jBhAK6aIYO9XOjdptoxU/nLQcPvs= go.etcd.io/etcd/client/pkg/v3 v3.5.0/go.mod h1:IJHfcCEKxYu1Os13ZdwCwIUTUVGYTSAM3YSwc9/Ac1g= go.etcd.io/etcd/client/v2 v2.305.0/go.mod h1:h9puh54ZTgAKtEbut2oe9P4L/oqKCVB6xsXlzd7alYQ= go.mongodb.org/mongo-driver v1.16.0 h1:tpRsfBJMROVHKpdGyc1BBEzzjDUWjItxbVSZ8Ls4BQ4= go.mongodb.org/mongo-driver v1.16.0/go.mod h1:oB6AhJQvFQL4LEHyXi6aJzQJtBiTQHiAd83l0GdFaiw= +go.mongodb.org/mongo-driver v1.16.1 h1:rIVLL3q0IHM39dvE+z2ulZLp9ENZKThVfuvN/IiN4l8= +go.mongodb.org/mongo-driver v1.16.1/go.mod h1:oB6AhJQvFQL4LEHyXi6aJzQJtBiTQHiAd83l0GdFaiw= go.mozilla.org/pkcs7 v0.0.0-20210826202110-33d05740a352 h1:CCriYyAfq1Br1aIYettdHZTy8mBTIPo7We18TuO/bak= go.mozilla.org/pkcs7 v0.0.0-20210826202110-33d05740a352/go.mod h1:SNgMg+EgDFwmvSmLRTNKC5fegJjB7v23qTQ0XLGUNHk= go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= @@ -427,12 +447,18 @@ go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk= go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E= go.opentelemetry.io/otel v1.28.0 h1:/SqNcYk+idO0CxKEUOtKQClMK/MimZihKYMruSMViUo= go.opentelemetry.io/otel v1.28.0/go.mod h1:q68ijF8Fc8CnMHKyzqL6akLO46ePnjkgfIMIjUIX9z4= +go.opentelemetry.io/otel v1.29.0 h1:PdomN/Al4q/lN6iBJEN3AwPvUiHPMlt93c8bqTG5Llw= +go.opentelemetry.io/otel v1.29.0/go.mod h1:N/WtXPs1CNCUEx+Agz5uouwCba+i+bJGFicT8SR4NP8= go.opentelemetry.io/otel/metric v1.28.0 h1:f0HGvSl1KRAU1DLgLGFjrwVyismPlnuU6JD6bOeuA5Q= go.opentelemetry.io/otel/metric v1.28.0/go.mod h1:Fb1eVBFZmLVTMb6PPohq3TO9IIhUisDsbJoL/+uQW4s= +go.opentelemetry.io/otel/metric v1.29.0 h1:vPf/HFWTNkPu1aYeIsc98l4ktOQaL6LeSoeV2g+8YLc= +go.opentelemetry.io/otel/metric v1.29.0/go.mod h1:auu/QWieFVWx+DmQOUMgj0F8LHWdgalxXqvp7BII/W8= go.opentelemetry.io/otel/sdk v1.24.0 h1:YMPPDNymmQN3ZgczicBY3B6sf9n62Dlj9pWD3ucgoDw= go.opentelemetry.io/otel/sdk v1.24.0/go.mod h1:KVrIYw6tEubO9E96HQpcmpTKDVn9gdv35HoYiQWGDFg= go.opentelemetry.io/otel/trace v1.28.0 h1:GhQ9cUuQGmNDd5BTCP2dAvv75RdMxEfTmYejp+lkx9g= go.opentelemetry.io/otel/trace v1.28.0/go.mod h1:jPyXzNPg6da9+38HEwElrQiHlVMTnVfM3/yv2OlIHaI= +go.opentelemetry.io/otel/trace v1.29.0 h1:J/8ZNK4XgR7a21DZUAsbF8pZ5Jcw1VhACmnYt39JTi4= +go.opentelemetry.io/otel/trace v1.29.0/go.mod h1:eHl3w0sp3paPkYstJOmAimxhiFXPg+MMTlEh3nsQgWQ= go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU= go.uber.org/zap v1.17.0/go.mod h1:MXVU+bhUf/A7Xi2HNOnopQOrmycQ5Ih87HtOu4q5SSo= @@ -450,6 +476,8 @@ golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDf golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8= golang.org/x/crypto v0.25.0 h1:ypSNr+bnYL2YhwoMt2zPxHFmbAN1KZs/njMG3hxUp30= golang.org/x/crypto v0.25.0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M= +golang.org/x/crypto v0.27.0 h1:GXm2NjJrPaiv/h1tb2UH8QfgC/hOf/+z0p6PT8o1w7A= +golang.org/x/crypto v0.27.0/go.mod h1:1Xngt8kV6Dvbssa53Ziq6Eqn0HqbZi5Z6R0ZpwQzt70= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -537,6 +565,8 @@ golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM= golang.org/x/net v0.27.0 h1:5K3Njcw06/l2y9vpGCSdcxWOYHOUk3dVNGDXN+FvAys= golang.org/x/net v0.27.0/go.mod h1:dDi0PyhWNoiUOrAS8uXv/vnScO4wnHQO4mj9fn/RytE= +golang.org/x/net v0.29.0 h1:5ORfpBpCs4HzDYoodCDBbwHzdR5UrLBZ3sOnUJmFoHo= +golang.org/x/net v0.29.0/go.mod h1:gLkgy8jTGERgjzMic6DS9+SP0ajcu6Xu3Orq/SpETg0= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -566,6 +596,8 @@ golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M= golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ= +golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -630,6 +662,8 @@ golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.22.0 h1:RI27ohtqKCnwULzJLqkv897zojh5/DwS/ENaMzUOaWI= golang.org/x/sys v0.22.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.25.0 h1:r+8e+loiHxRqhXVl6ML1nO3l1+oFoWbnlu2Ehimmi34= +golang.org/x/sys v0.25.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= @@ -639,6 +673,8 @@ golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY= golang.org/x/term v0.22.0 h1:BbsgPEJULsl2fV/AT3v15Mjva5yXKQDyKf+TbDz7QJk= golang.org/x/term v0.22.0/go.mod h1:F3qCibpT5AMpCRfhfT53vVJwhLtIVHhB9XDjfFvnMI4= +golang.org/x/term v0.24.0 h1:Mh5cbb+Zk2hqqXNO7S1iTjEphVL+jb8ZWaqh/g+JWkM= +golang.org/x/term v0.24.0/go.mod h1:lOBK/LVxemqiMij05LGJ0tzNr8xlmwBRJ81PX6wVLH8= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -655,6 +691,8 @@ golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4= golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI= +golang.org/x/text v0.18.0 h1:XvMDiNzPAl0jr17s6W9lcaIhGUfUORdGCNsuLmPG224= +golang.org/x/text v0.18.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -829,6 +867,8 @@ gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntN gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= +gopkg.in/go-jose/go-jose.v2 v2.6.3 h1:nt80fvSDlhKWQgSWyHyy5CfmlQr+asih51R8PTWNKKs= +gopkg.in/go-jose/go-jose.v2 v2.6.3/go.mod h1:zzZDPkNNw/c9IE7Z9jr11mBZQhKQTMzoEEIoEdZlFBI= gopkg.in/ini.v1 v1.62.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= gopkg.in/natefinch/npipe.v2 v2.0.0-20160621034901-c1b8fa8bdcce h1:+JknDZhAj8YMt7GC73Ei8pv4MzjDUNPHgQWJdtMAaDU= gopkg.in/natefinch/npipe.v2 v2.0.0-20160621034901-c1b8fa8bdcce/go.mod h1:5AcXVHNjg+BDxry382+8OKon8SEWiKktQR07RKPsv1c= @@ -856,6 +896,8 @@ honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9 honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= nhooyr.io/websocket v1.8.11 h1:f/qXNc2/3DpoSZkHt1DQu6rj4zGC8JmkkLkWss0MgN0= nhooyr.io/websocket v1.8.11/go.mod h1:rN9OFWIUwuxg4fR5tELlYC04bXYowCP9GX47ivo2l+c= +nhooyr.io/websocket v1.8.17 h1:KEVeLJkUywCKVsnLIDlD/5gtayKp8VoCkksHCGGfT9Y= +nhooyr.io/websocket v1.8.17/go.mod h1:rN9OFWIUwuxg4fR5tELlYC04bXYowCP9GX47ivo2l+c= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= diff --git a/zsshlib/ssh.go b/zsshlib/ssh.go index 8a93a01..9167b0a 100644 --- a/zsshlib/ssh.go +++ b/zsshlib/ssh.go @@ -17,15 +17,19 @@ package zsshlib import ( + "bufio" "context" + "encoding/base64" "fmt" "github.com/google/uuid" "github.com/gorilla/securecookie" "github.com/zitadel/oidc/v2/pkg/client/rp/cli" "github.com/zitadel/oidc/v2/pkg/oidc" + "golang.org/x/crypto/ssh/knownhosts" "io" "net" "os" + "path" "path/filepath" "strconv" "strings" @@ -292,7 +296,7 @@ func (factory *SshConfigFactoryImpl) Config() *ssh.ClientConfig { return &ssh.ClientConfig{ User: factory.user, Auth: factory.authMethods, - HostKeyCallback: ssh.InsecureIgnoreHostKey(), + HostKeyCallback: hostKeyCallback, } } @@ -442,3 +446,138 @@ func processOutput(stdout io.Reader, stderr io.Reader) { // Wait for both goroutines to finish wg.Wait() } + +type zitiEdgeConnAdapter struct { + orig net.Addr +} + +func (a zitiEdgeConnAdapter) Network() string { + return "" +} +func (a zitiEdgeConnAdapter) String() string { + // ziti connections will have the format: "ziti-edge-router connId=%v, logical=%v", e.MsgCh.Id(), e.MsgCh.LogicalName() + // see ziti/edge/addr.go in github.com/openziti/sdk-golang if it changes + // example: ziti-edge-router connId=1, logical=ziti-sdk[router=tls:ec2-3-18-113-172.us-east-2.compute.amazonaws.com:8442] + parts := strings.Split(a.orig.String(), ":") + answer := strings.Join(parts[len(parts)-2:], ":") + answer = strings.ReplaceAll(answer, "]", "") + return answer +} + +func keyToString(k ssh.PublicKey) string { + return k.Type() + " " + base64.StdEncoding.EncodeToString(k.Marshal()) +} + +func hostKeyCallback(hostname string, remote net.Addr, key ssh.PublicKey) error { + var keyErr *knownhosts.KeyError + remoteCopy := zitiEdgeConnAdapter{ + orig: remote, + } + + if err := ensureKnownHosts(); err != nil { + return err + } + + knownHosts := knownHostsFile() + fmt.Println(remote.String()) + cb, err := knownhosts.New(knownHosts) + if err != nil { + return err + } + + err = cb(hostname, remoteCopy, key) + if err != nil { + if err.Error() == "knownhosts: key is unknown" { + log.Warnf("key is not known: %s", keyToString(key)) + time.Sleep(50 * time.Millisecond) + fmt.Print("do you want to add this key to your known_hosts file? (N/y): ") + + reader := bufio.NewReader(os.Stdin) + answer, readerr := reader.ReadString('\n') + if readerr != nil { + log.Fatalf("error reading line: %v", readerr) + } + + if strings.ToLower(answer)[:1] == "y" { + adderr := addKnownHostUnhashed(remoteCopy.String(), key) + if adderr != nil { + log.Fatalf("error adding key to known_hosts: %v", adderr) + } + log.Infof("added key to known_hosts: %s", keyToString(key)) + + cb, err = knownhosts.New(knownHosts) + if err != nil { + return err + } + err = cb(hostname, remoteCopy, key) + } else { + os.Exit(1) + } + } + } + + // Make sure that the error returned from the callback is host not in file error. + // If keyErr.Want is greater than 0 length, that means host is in file with different key. + if errors.As(err, &keyErr) && len(keyErr.Want) > 0 { + return keyErr + } + + // Some other error occurred and safest way to handle is to pass it back to user. + if err != nil { + return err + } + + // Key is not trusted because it is not in the file. + return nil +} + +func ensureKnownHosts() error { + filePath := knownHostsFile() + _, err := os.Stat(filePath) + if os.IsNotExist(err) { + // Create the directories if they don't exist + dir := filepath.Dir(filePath) + if err := os.MkdirAll(dir, 0700); err != nil { + return fmt.Errorf("failed to create directories: %w", err) + } + + // Create the file with 0600 permissions + file, err := os.OpenFile(filePath, os.O_CREATE|os.O_WRONLY, 0600) + if err != nil { + return fmt.Errorf("failed to create file: %w", err) + } + defer file.Close() + } else if err != nil { + return fmt.Errorf("error checking file: %w", err) + } + + return nil +} + +func knownHostsFile() string { + home, err := os.UserHomeDir() + if err != nil { + log.Fatalf("unable to determine home directory - cannot find known_hosts file: %v", err) + } + return path.Join(home, ".ssh", "known_hosts") +} + +// couldn't get the openssh hashing to work yet. unhashed works and it's good enoguh for now. +func addKnownHostUnhashed(hostname string, key ssh.PublicKey) error { + knownHosts := knownHostsFile() + f, err := os.OpenFile(knownHosts, os.O_CREATE|os.O_WRONLY|os.O_APPEND, 0600) + if err != nil { + return err + } + defer func() { _ = f.Close() }() + + keyBytes := key.Marshal() + keyString := base64.StdEncoding.EncodeToString(keyBytes) + entry := fmt.Sprintf("%s %s %s\n", knownhosts.Normalize(hostname), key.Type(), keyString) + + if _, err := f.WriteString(entry); err != nil { + return fmt.Errorf("failed to write to known_hosts file: %v", err) + } + + return err +}