forked from toolshed/abra
448 lines
18 KiB
Go
448 lines
18 KiB
Go
// Package knownhosts is a thin wrapper around golang.org/x/crypto/ssh/knownhosts,
|
|
// adding the ability to obtain the list of host key algorithms for a known host.
|
|
package knownhosts
|
|
|
|
import (
|
|
"bufio"
|
|
"bytes"
|
|
"encoding/base64"
|
|
"errors"
|
|
"fmt"
|
|
"io"
|
|
"net"
|
|
"os"
|
|
"sort"
|
|
"strings"
|
|
|
|
"golang.org/x/crypto/ssh"
|
|
xknownhosts "golang.org/x/crypto/ssh/knownhosts"
|
|
)
|
|
|
|
// HostKeyDB wraps logic in golang.org/x/crypto/ssh/knownhosts with additional
|
|
// behaviors, such as the ability to perform host key/algorithm lookups from
|
|
// known_hosts entries.
|
|
type HostKeyDB struct {
|
|
callback ssh.HostKeyCallback
|
|
isCert map[string]bool // keyed by "filename:line"
|
|
isWildcard map[string]bool // keyed by "filename:line"
|
|
}
|
|
|
|
// NewDB creates a HostKeyDB from the given OpenSSH known_hosts file(s). It
|
|
// reads and parses the provided files one additional time (beyond logic in
|
|
// golang.org/x/crypto/ssh/knownhosts) in order to:
|
|
//
|
|
// - Handle CA lines properly and return ssh.CertAlgo* values when calling the
|
|
// HostKeyAlgorithms method, for use in ssh.ClientConfig.HostKeyAlgorithms
|
|
// - Allow * wildcards in hostnames to match on non-standard ports, providing
|
|
// a workaround for https://github.com/golang/go/issues/52056 in order to
|
|
// align with OpenSSH's wildcard behavior
|
|
//
|
|
// When supplying multiple files, their order does not matter.
|
|
func NewDB(files ...string) (*HostKeyDB, error) {
|
|
cb, err := xknownhosts.New(files...)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
hkdb := &HostKeyDB{
|
|
callback: cb,
|
|
isCert: make(map[string]bool),
|
|
isWildcard: make(map[string]bool),
|
|
}
|
|
|
|
// Re-read each file a single time, looking for @cert-authority lines. The
|
|
// logic for reading the file is designed to mimic hostKeyDB.Read from
|
|
// golang.org/x/crypto/ssh/knownhosts
|
|
for _, filename := range files {
|
|
f, err := os.Open(filename)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
defer f.Close()
|
|
scanner := bufio.NewScanner(f)
|
|
lineNum := 0
|
|
for scanner.Scan() {
|
|
lineNum++
|
|
line := scanner.Bytes()
|
|
line = bytes.TrimSpace(line)
|
|
// Does the line start with "@cert-authority" followed by whitespace?
|
|
if len(line) > 15 && bytes.HasPrefix(line, []byte("@cert-authority")) && (line[15] == ' ' || line[15] == '\t') {
|
|
mapKey := fmt.Sprintf("%s:%d", filename, lineNum)
|
|
hkdb.isCert[mapKey] = true
|
|
line = bytes.TrimSpace(line[16:])
|
|
}
|
|
// truncate line to just the host pattern field
|
|
if i := bytes.IndexAny(line, "\t "); i >= 0 {
|
|
line = line[:i]
|
|
}
|
|
// Does the host pattern contain a * wildcard and no specific port?
|
|
if i := bytes.IndexRune(line, '*'); i >= 0 && !bytes.Contains(line[i:], []byte("]:")) {
|
|
mapKey := fmt.Sprintf("%s:%d", filename, lineNum)
|
|
hkdb.isWildcard[mapKey] = true
|
|
}
|
|
}
|
|
if err := scanner.Err(); err != nil {
|
|
return nil, fmt.Errorf("knownhosts: %s:%d: %w", filename, lineNum, err)
|
|
}
|
|
}
|
|
return hkdb, nil
|
|
}
|
|
|
|
// HostKeyCallback returns an ssh.HostKeyCallback. This can be used directly in
|
|
// ssh.ClientConfig.HostKeyCallback, as shown in the example for NewDB.
|
|
// Alternatively, you can wrap it with an outer callback to potentially handle
|
|
// appending a new entry to the known_hosts file; see example in WriteKnownHost.
|
|
func (hkdb *HostKeyDB) HostKeyCallback() ssh.HostKeyCallback {
|
|
// Either NewDB found no wildcard host patterns, or hkdb was created from
|
|
// HostKeyCallback.ToDB in which case we didn't scan known_hosts for them:
|
|
// return the callback (which came from x/crypto/ssh/knownhosts) as-is
|
|
if len(hkdb.isWildcard) == 0 {
|
|
return hkdb.callback
|
|
}
|
|
|
|
// If we scanned for wildcards and found at least one, return a wrapped
|
|
// callback with extra behavior: if the host lookup found no matches, and the
|
|
// host arg had a non-standard port, re-do the lookup on standard port 22. If
|
|
// that second call returns a *xknownhosts.KeyError, filter down any resulting
|
|
// Want keys to known wildcard entries.
|
|
f := func(hostname string, remote net.Addr, key ssh.PublicKey) error {
|
|
callbackErr := hkdb.callback(hostname, remote, key)
|
|
if callbackErr == nil || IsHostKeyChanged(callbackErr) { // hostname has known_host entries as-is
|
|
return callbackErr
|
|
}
|
|
justHost, port, splitErr := net.SplitHostPort(hostname)
|
|
if splitErr != nil || port == "" || port == "22" { // hostname already using standard port
|
|
return callbackErr
|
|
}
|
|
// If we reach here, the port was non-standard and no known_host entries
|
|
// were found for the non-standard port. Try again with standard port.
|
|
if tcpAddr, ok := remote.(*net.TCPAddr); ok && tcpAddr.Port != 22 {
|
|
remote = &net.TCPAddr{
|
|
IP: tcpAddr.IP,
|
|
Port: 22,
|
|
Zone: tcpAddr.Zone,
|
|
}
|
|
}
|
|
callbackErr = hkdb.callback(justHost+":22", remote, key)
|
|
var keyErr *xknownhosts.KeyError
|
|
if errors.As(callbackErr, &keyErr) && len(keyErr.Want) > 0 {
|
|
wildcardKeys := make([]xknownhosts.KnownKey, 0, len(keyErr.Want))
|
|
for _, wantKey := range keyErr.Want {
|
|
if hkdb.isWildcard[fmt.Sprintf("%s:%d", wantKey.Filename, wantKey.Line)] {
|
|
wildcardKeys = append(wildcardKeys, wantKey)
|
|
}
|
|
}
|
|
callbackErr = &xknownhosts.KeyError{
|
|
Want: wildcardKeys,
|
|
}
|
|
}
|
|
return callbackErr
|
|
}
|
|
return ssh.HostKeyCallback(f)
|
|
}
|
|
|
|
// PublicKey wraps ssh.PublicKey with an additional field, to identify
|
|
// whether the key corresponds to a certificate authority.
|
|
type PublicKey struct {
|
|
ssh.PublicKey
|
|
Cert bool
|
|
}
|
|
|
|
// HostKeys returns a slice of known host public keys for the supplied host:port
|
|
// found in the known_hosts file(s), or an empty slice if the host is not
|
|
// already known. For hosts that have multiple known_hosts entries (for
|
|
// different key types), the result will be sorted by known_hosts filename and
|
|
// line number.
|
|
// If hkdb was originally created by calling NewDB, the Cert boolean field of
|
|
// each result entry reports whether the key corresponded to a @cert-authority
|
|
// line. If hkdb was NOT obtained from NewDB, then Cert will always be false.
|
|
func (hkdb *HostKeyDB) HostKeys(hostWithPort string) (keys []PublicKey) {
|
|
var keyErr *xknownhosts.KeyError
|
|
placeholderAddr := &net.TCPAddr{IP: []byte{0, 0, 0, 0}}
|
|
placeholderPubKey := &fakePublicKey{}
|
|
var kkeys []xknownhosts.KnownKey
|
|
callback := hkdb.HostKeyCallback()
|
|
if hkcbErr := callback(hostWithPort, placeholderAddr, placeholderPubKey); errors.As(hkcbErr, &keyErr) {
|
|
kkeys = append(kkeys, keyErr.Want...)
|
|
knownKeyLess := func(i, j int) bool {
|
|
if kkeys[i].Filename < kkeys[j].Filename {
|
|
return true
|
|
}
|
|
return (kkeys[i].Filename == kkeys[j].Filename && kkeys[i].Line < kkeys[j].Line)
|
|
}
|
|
sort.Slice(kkeys, knownKeyLess)
|
|
keys = make([]PublicKey, len(kkeys))
|
|
for n := range kkeys {
|
|
keys[n] = PublicKey{
|
|
PublicKey: kkeys[n].Key,
|
|
}
|
|
if len(hkdb.isCert) > 0 {
|
|
keys[n].Cert = hkdb.isCert[fmt.Sprintf("%s:%d", kkeys[n].Filename, kkeys[n].Line)]
|
|
}
|
|
}
|
|
}
|
|
return keys
|
|
}
|
|
|
|
// HostKeyAlgorithms returns a slice of host key algorithms for the supplied
|
|
// host:port found in the known_hosts file(s), or an empty slice if the host
|
|
// is not already known. The result may be used in ssh.ClientConfig's
|
|
// HostKeyAlgorithms field, either as-is or after filtering (if you wish to
|
|
// ignore or prefer particular algorithms). For hosts that have multiple
|
|
// known_hosts entries (of different key types), the result will be sorted by
|
|
// known_hosts filename and line number.
|
|
// If hkdb was originally created by calling NewDB, any @cert-authority lines
|
|
// in the known_hosts file will properly be converted to the corresponding
|
|
// ssh.CertAlgo* values.
|
|
func (hkdb *HostKeyDB) HostKeyAlgorithms(hostWithPort string) (algos []string) {
|
|
// We ensure that algos never contains duplicates. This is done for robustness
|
|
// even though currently golang.org/x/crypto/ssh/knownhosts never exposes
|
|
// multiple keys of the same type. This way our behavior here is unaffected
|
|
// even if https://github.com/golang/go/issues/28870 is implemented, for
|
|
// example by https://github.com/golang/crypto/pull/254.
|
|
hostKeys := hkdb.HostKeys(hostWithPort)
|
|
seen := make(map[string]struct{}, len(hostKeys))
|
|
addAlgo := func(typ string, cert bool) {
|
|
if cert {
|
|
typ = keyTypeToCertAlgo(typ)
|
|
}
|
|
if _, already := seen[typ]; !already {
|
|
algos = append(algos, typ)
|
|
seen[typ] = struct{}{}
|
|
}
|
|
}
|
|
for _, key := range hostKeys {
|
|
typ := key.Type()
|
|
if typ == ssh.KeyAlgoRSA {
|
|
// KeyAlgoRSASHA256 and KeyAlgoRSASHA512 are only public key algorithms,
|
|
// not public key formats, so they can't appear as a PublicKey.Type.
|
|
// The corresponding PublicKey.Type is KeyAlgoRSA. See RFC 8332, Section 2.
|
|
addAlgo(ssh.KeyAlgoRSASHA512, key.Cert)
|
|
addAlgo(ssh.KeyAlgoRSASHA256, key.Cert)
|
|
}
|
|
addAlgo(typ, key.Cert)
|
|
}
|
|
return algos
|
|
}
|
|
|
|
func keyTypeToCertAlgo(keyType string) string {
|
|
switch keyType {
|
|
case ssh.KeyAlgoRSA:
|
|
return ssh.CertAlgoRSAv01
|
|
case ssh.KeyAlgoRSASHA256:
|
|
return ssh.CertAlgoRSASHA256v01
|
|
case ssh.KeyAlgoRSASHA512:
|
|
return ssh.CertAlgoRSASHA512v01
|
|
case ssh.KeyAlgoDSA:
|
|
return ssh.CertAlgoDSAv01
|
|
case ssh.KeyAlgoECDSA256:
|
|
return ssh.CertAlgoECDSA256v01
|
|
case ssh.KeyAlgoSKECDSA256:
|
|
return ssh.CertAlgoSKECDSA256v01
|
|
case ssh.KeyAlgoECDSA384:
|
|
return ssh.CertAlgoECDSA384v01
|
|
case ssh.KeyAlgoECDSA521:
|
|
return ssh.CertAlgoECDSA521v01
|
|
case ssh.KeyAlgoED25519:
|
|
return ssh.CertAlgoED25519v01
|
|
case ssh.KeyAlgoSKED25519:
|
|
return ssh.CertAlgoSKED25519v01
|
|
}
|
|
return ""
|
|
}
|
|
|
|
// HostKeyCallback wraps ssh.HostKeyCallback with additional methods to
|
|
// perform host key and algorithm lookups from the known_hosts entries. It is
|
|
// otherwise identical to ssh.HostKeyCallback, and does not introduce any file-
|
|
// parsing behavior beyond what is in golang.org/x/crypto/ssh/knownhosts.
|
|
//
|
|
// In most situations, use HostKeyDB and its constructor NewDB instead of using
|
|
// the HostKeyCallback type. The HostKeyCallback type is only provided for
|
|
// backwards compatibility with older versions of this package, as well as for
|
|
// very strict situations where any extra known_hosts file-parsing is
|
|
// undesirable.
|
|
//
|
|
// Methods of HostKeyCallback do not provide any special treatment for
|
|
// @cert-authority lines, which will (incorrectly) look like normal non-CA host
|
|
// keys. Additionally, HostKeyCallback lacks the fix for applying * wildcard
|
|
// known_host entries to all ports, like OpenSSH's behavior.
|
|
type HostKeyCallback ssh.HostKeyCallback
|
|
|
|
// New creates a HostKeyCallback from the given OpenSSH known_hosts file(s). The
|
|
// returned value may be used in ssh.ClientConfig.HostKeyCallback by casting it
|
|
// to ssh.HostKeyCallback, or using its HostKeyCallback method. Otherwise, it
|
|
// operates the same as the New function in golang.org/x/crypto/ssh/knownhosts.
|
|
// When supplying multiple files, their order does not matter.
|
|
//
|
|
// In most situations, you should avoid this function, as the returned value
|
|
// lacks several enhanced behaviors. See doc comment for HostKeyCallback for
|
|
// more information. Instead, most callers should use NewDB to create a
|
|
// HostKeyDB, which includes these enhancements.
|
|
func New(files ...string) (HostKeyCallback, error) {
|
|
cb, err := xknownhosts.New(files...)
|
|
return HostKeyCallback(cb), err
|
|
}
|
|
|
|
// HostKeyCallback simply casts the receiver back to ssh.HostKeyCallback, for
|
|
// use in ssh.ClientConfig.HostKeyCallback.
|
|
func (hkcb HostKeyCallback) HostKeyCallback() ssh.HostKeyCallback {
|
|
return ssh.HostKeyCallback(hkcb)
|
|
}
|
|
|
|
// ToDB converts the receiver into a HostKeyDB. However, the returned HostKeyDB
|
|
// lacks the enhanced behaviors described in the doc comment for NewDB: proper
|
|
// CA support, and wildcard matching on nonstandard ports.
|
|
//
|
|
// It is generally preferable to create a HostKeyDB by using NewDB. The ToDB
|
|
// method is only provided for situations in which the calling code needs to
|
|
// make the extra NewDB behaviors optional / user-configurable, perhaps for
|
|
// reasons of performance or code trust (since NewDB reads the known_host file
|
|
// an extra time, which may be undesirable in some strict situations). This way,
|
|
// callers can conditionally create a non-enhanced HostKeyDB by using New and
|
|
// ToDB. See code example.
|
|
func (hkcb HostKeyCallback) ToDB() *HostKeyDB {
|
|
// This intentionally leaves the isCert and isWildcard map fields as nil, as
|
|
// there is no way to retroactively populate them from just a HostKeyCallback.
|
|
// Methods of HostKeyDB will skip any related enhanced behaviors accordingly.
|
|
return &HostKeyDB{callback: ssh.HostKeyCallback(hkcb)}
|
|
}
|
|
|
|
// HostKeys returns a slice of known host public keys for the supplied host:port
|
|
// found in the known_hosts file(s), or an empty slice if the host is not
|
|
// already known. For hosts that have multiple known_hosts entries (for
|
|
// different key types), the result will be sorted by known_hosts filename and
|
|
// line number.
|
|
// In the returned values, there is no way to distinguish between CA keys
|
|
// (known_hosts lines beginning with @cert-authority) and regular keys. To do
|
|
// so, see NewDB and HostKeyDB.HostKeys instead.
|
|
func (hkcb HostKeyCallback) HostKeys(hostWithPort string) []ssh.PublicKey {
|
|
annotatedKeys := hkcb.ToDB().HostKeys(hostWithPort)
|
|
rawKeys := make([]ssh.PublicKey, len(annotatedKeys))
|
|
for n, ak := range annotatedKeys {
|
|
rawKeys[n] = ak.PublicKey
|
|
}
|
|
return rawKeys
|
|
}
|
|
|
|
// HostKeyAlgorithms returns a slice of host key algorithms for the supplied
|
|
// host:port found in the known_hosts file(s), or an empty slice if the host
|
|
// is not already known. The result may be used in ssh.ClientConfig's
|
|
// HostKeyAlgorithms field, either as-is or after filtering (if you wish to
|
|
// ignore or prefer particular algorithms). For hosts that have multiple
|
|
// known_hosts entries (for different key types), the result will be sorted by
|
|
// known_hosts filename and line number.
|
|
// The returned values will not include ssh.CertAlgo* values. If any
|
|
// known_hosts lines had @cert-authority prefixes, their original key algo will
|
|
// be returned instead. For proper CA support, see NewDB and
|
|
// HostKeyDB.HostKeyAlgorithms instead.
|
|
func (hkcb HostKeyCallback) HostKeyAlgorithms(hostWithPort string) (algos []string) {
|
|
return hkcb.ToDB().HostKeyAlgorithms(hostWithPort)
|
|
}
|
|
|
|
// HostKeyAlgorithms is a convenience function for performing host key algorithm
|
|
// lookups on an ssh.HostKeyCallback directly. It is intended for use in code
|
|
// paths that stay with the New method of golang.org/x/crypto/ssh/knownhosts
|
|
// rather than this package's New or NewDB methods.
|
|
// The returned values will not include ssh.CertAlgo* values. If any
|
|
// known_hosts lines had @cert-authority prefixes, their original key algo will
|
|
// be returned instead. For proper CA support, see NewDB and
|
|
// HostKeyDB.HostKeyAlgorithms instead.
|
|
func HostKeyAlgorithms(cb ssh.HostKeyCallback, hostWithPort string) []string {
|
|
return HostKeyCallback(cb).HostKeyAlgorithms(hostWithPort)
|
|
}
|
|
|
|
// IsHostKeyChanged returns a boolean indicating whether the error indicates
|
|
// the host key has changed. It is intended to be called on the error returned
|
|
// from invoking a host key callback, to check whether an SSH host is known.
|
|
func IsHostKeyChanged(err error) bool {
|
|
var keyErr *xknownhosts.KeyError
|
|
return errors.As(err, &keyErr) && len(keyErr.Want) > 0
|
|
}
|
|
|
|
// IsHostUnknown returns a boolean indicating whether the error represents an
|
|
// unknown host. It is intended to be called on the error returned from invoking
|
|
// a host key callback to check whether an SSH host is known.
|
|
func IsHostUnknown(err error) bool {
|
|
var keyErr *xknownhosts.KeyError
|
|
return errors.As(err, &keyErr) && len(keyErr.Want) == 0
|
|
}
|
|
|
|
// Normalize normalizes an address into the form used in known_hosts. This
|
|
// implementation includes a fix for https://github.com/golang/go/issues/53463
|
|
// and will omit brackets around ipv6 addresses on standard port 22.
|
|
func Normalize(address string) string {
|
|
host, port, err := net.SplitHostPort(address)
|
|
if err != nil {
|
|
host = address
|
|
port = "22"
|
|
}
|
|
entry := host
|
|
if port != "22" {
|
|
entry = "[" + entry + "]:" + port
|
|
} else if strings.HasPrefix(host, "[") && strings.HasSuffix(host, "]") {
|
|
entry = entry[1 : len(entry)-1]
|
|
}
|
|
return entry
|
|
}
|
|
|
|
// Line returns a line to append to the known_hosts files. This implementation
|
|
// uses the local patched implementation of Normalize in order to solve
|
|
// https://github.com/golang/go/issues/53463.
|
|
func Line(addresses []string, key ssh.PublicKey) string {
|
|
var trimmed []string
|
|
for _, a := range addresses {
|
|
trimmed = append(trimmed, Normalize(a))
|
|
}
|
|
|
|
return strings.Join([]string{
|
|
strings.Join(trimmed, ","),
|
|
key.Type(),
|
|
base64.StdEncoding.EncodeToString(key.Marshal()),
|
|
}, " ")
|
|
}
|
|
|
|
// WriteKnownHost writes a known_hosts line to w for the supplied hostname,
|
|
// remote, and key. This is useful when writing a custom hostkey callback which
|
|
// wraps a callback obtained from this package to provide additional known_hosts
|
|
// management functionality. The hostname, remote, and key typically correspond
|
|
// to the callback's args. This function does not support writing
|
|
// @cert-authority lines.
|
|
func WriteKnownHost(w io.Writer, hostname string, remote net.Addr, key ssh.PublicKey) error {
|
|
// Always include hostname; only also include remote if it isn't a zero value
|
|
// and doesn't normalize to the same string as hostname.
|
|
hostnameNormalized := Normalize(hostname)
|
|
if strings.ContainsAny(hostnameNormalized, "\t ") {
|
|
return fmt.Errorf("knownhosts: hostname '%s' contains spaces", hostnameNormalized)
|
|
}
|
|
addresses := []string{hostnameNormalized}
|
|
remoteStrNormalized := Normalize(remote.String())
|
|
if remoteStrNormalized != "[0.0.0.0]:0" && remoteStrNormalized != hostnameNormalized &&
|
|
!strings.ContainsAny(remoteStrNormalized, "\t ") {
|
|
addresses = append(addresses, remoteStrNormalized)
|
|
}
|
|
line := Line(addresses, key) + "\n"
|
|
_, err := w.Write([]byte(line))
|
|
return err
|
|
}
|
|
|
|
// WriteKnownHostCA writes a @cert-authority line to w for the supplied host
|
|
// name/pattern and key.
|
|
func WriteKnownHostCA(w io.Writer, hostPattern string, key ssh.PublicKey) error {
|
|
encodedKey := base64.StdEncoding.EncodeToString(key.Marshal())
|
|
_, err := fmt.Fprintf(w, "@cert-authority %s %s %s\n", hostPattern, key.Type(), encodedKey)
|
|
return err
|
|
}
|
|
|
|
// fakePublicKey is used as part of the work-around for
|
|
// https://github.com/golang/go/issues/29286
|
|
type fakePublicKey struct{}
|
|
|
|
func (fakePublicKey) Type() string {
|
|
return "fake-public-key"
|
|
}
|
|
func (fakePublicKey) Marshal() []byte {
|
|
return []byte("fake public key")
|
|
}
|
|
func (fakePublicKey) Verify(_ []byte, _ *ssh.Signature) error {
|
|
return errors.New("Verify called on placeholder key")
|
|
}
|