attempt to be helpful. test if the key provided to ssh is a pubkey an…

…d if oidc only add jwt as primary AND secondary creds
openziti-test-kitchen · Sep 10, 2024 · 0dd56f8 · 0dd56f8
1 parent 85f1cea
commit 0dd56f8
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 0 deletions.
diff --git a/zsshlib/authenticate.go b/zsshlib/authenticate.go
@@ -51,6 +51,7 @@ func NewContext(flags *SshFlags, enableMfaListener bool) ziti.Context {
 			ZtAPI:       ozController + "/edge/client/v1",
 			Credentials: credentials,
 		}
+		credentials.AddJWT(oidcToken) // satisfy the ext-jwt-auth primary + secondary
 		cfg.ConfigTypes = append(cfg.ConfigTypes, "all")
 
 		c, ctxErr := ziti.NewContext(cfg)

diff --git a/zsshlib/ssh.go b/zsshlib/ssh.go
@@ -305,6 +305,10 @@ func sshAuthMethodFromFile(keyPath string) (ssh.AuthMethod, error) {
 	if err != nil {
 		return nil, fmt.Errorf("could not read zssh file [%s]: %w", keyPath, err)
 	}
+	_, _, _, _, pubkeyErr := ssh.ParseAuthorizedKey(content)
+	if pubkeyErr == nil {
+		log.Fatal("the provided key for ssh authentication is a public key, but a private key is required")
+	}
 
 	if signer, err := ssh.ParsePrivateKey(content); err == nil {
 		return ssh.PublicKeys(signer), nil