GoLang:为给定的公共RSA密钥配置SSH客户端

huangapple go评论93阅读模式
英文:

GoLang: ssh client config for given public RSA key

问题

我需要使用给定的公共RSA密钥来初始化与远程主机的ssh连接。我目前的代码如下:

func sftpClient(host, port, user, pass string) (*sftp.Client, error) {

	var authMethod ssh.AuthMethod

	if strings.Index(pass, "-----BEGIN RSA PRIVATE KEY-----") == 0 {
		signer, err := ssh.ParsePrivateKey([]byte(pass))
		if err != nil {
			return nil, err
		}
		authMethod = ssh.PublicKeys(signer)
	} else if strings.Index(pass, "---- BEGIN SSH2 PUBLIC KEY ----") == 0 {
		publicKey, err := ssh.ParsePublicKey([]byte(pass))
		if err != nil {
			return nil, err
		}
		authMethod = ???

	} else {
		authMethod = ssh.Password(pass)
	}

	config := &ssh.ClientConfig{
		User:            user,
		Auth:            []ssh.AuthMethod{authMethod},
		HostKeyCallback: ssh.InsecureIgnoreHostKey(),
		Config: ssh.Config{
			Ciphers: []string{
				// some ciphers here
			},
		},
	}

	conn, err := ssh.Dial("tcp", host+":"+port, config)
	if err != nil {
		return nil, err
	}

	client, err := sftp.NewClient(conn)
	if err != nil {
		return nil, err
	}

	return client, nil
}

基于密码的身份验证和基于私钥的身份验证都可以正常工作,因为ssh库提供了这些包装器(ssh.Passwordssh.PublicKeys,它们创建了某种AuthMethod)。我尝试了一些选项,但尝试不多,因为我找不到很多选项:

  1. authMethod = ssh.NewPublicKey(publicKey)
  2. authMethod = publicKey

但是它们都不起作用。

我还尝试使用不同的方法解析公钥,但也失败了。我使用的方法是ssh.ParseAuthorizedKey,但与ssh.ParsePublicKey类似,它返回一个似乎无法用作身份验证方法的PublicKey

所以我的问题是:如何在Go中使用给定的公共RSA密钥初始化ssh客户端?

英文:

I need to initiate an ssh connection to a remote host given its public RSA key. The code I have so far is the following

func sftpClient(host, port, user, pass string) (*sftp.Client, error) {

	var authMethod ssh.AuthMethod

	if strings.Index(pass, "-----BEGIN RSA PRIVATE KEY-----") == 0 {
		signer, err := ssh.ParsePrivateKey([]byte(pass))
		if err != nil {
			return nil, err
		}
		authMethod = ssh.PublicKeys(signer)
	} else if strings.Index(pass, "---- BEGIN SSH2 PUBLIC KEY ----") == 0 {
		publicKey, err := ssh.ParsePublicKey([]byte(pass))
		if err != nil {
			return nil, err
		}
		authMethod = ???

	} else {
		authMethod = ssh.Password(pass)
	}

	config := &ssh.ClientConfig{
		User:            user,
		Auth:            []ssh.AuthMethod{authMethod},
		HostKeyCallback: ssh.InsecureIgnoreHostKey(),
		Config: ssh.Config{
			Ciphers: []string{
				// some ciphers here
			},
		},
	}

	conn, err := ssh.Dial("tcp", host+":"+port, config)
	if err != nil {
		return nil, err
	}

	client, err := sftp.NewClient(conn)
	if err != nil {
		return nil, err
	}

	return client, nil
}

The password based authentication and the private key based authentication work just fine since the ssh library provides these wrappers (ssh.Password and ssh.PublicKeys which create some sort of AuthMethod). I have not tried a lot since I could not find a lot of options:

  1. authMethod = ssh.NewPublicKey(publicKey)
  2. authMethod = publicKey

None of them work.

I also tried to parse the public key using a different method but this also fails. The method I used was ssh.ParseAuthorizedKey but this - similar to the ss.ParsePublicKey return a PublicKey which cannot be used as an authentication method apparently.

So my question is: How can I initiate an ssh client on Go using a given public RSA key?

答案1

得分: 2

如何在Go中使用给定的公共RSA密钥启动ssh客户端?

你不能使用公钥来验证ssh客户端。你需要将公钥提供给服务器,然后客户端使用私钥进行验证。

ssh密钥认证的价值在于私钥永远不会离开系统;不需要在网络上传输任何敏感信息。

英文:

> How can I initiate an ssh client on Go using a given public RSA key?

You can't use a public key to authenticate an ssh client. You give the public key to the server, then the client uses the private key to authenticate.

The value of ssh key authentication is that the private key never leaves the system; nothing sensitive has to be transferred across the wire.

huangapple
  • 本文由 发表于 2022年11月1日 04:54:06
  • 转载请务必保留本文链接:https://go.coder-hub.com/74269027.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定