ssh

package
v0.0.0-...-4c93248 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 5, 2026 License: Apache-2.0 Imports: 16 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type AddKnownHostRequest 

type AddKnownHostRequest struct {
	// PeeringID is the unique identifier for the peering connection
	PeeringID string `json:"peering_id" binding:"required"`
	// Hostname is the hostname or IP address of the remote host
	Hostname string `json:"hostname" binding:"required"`
	// HostKey is the remote host's SSH server public key
	HostKey string `json:"host_key" binding:"required"`
}

AddKnownHostRequest represents a request to add a remote host's key to known_hosts

type AuthorizedKeysEntry 

type AuthorizedKeysEntry struct {
	// PublicKey is the SSH public key in authorized_keys format
	PublicKey string `json:"public_key"`
	// Comment is an optional comment (often used to identify the key)
	Comment string `json:"comment,omitempty"`
	// Options are any SSH options associated with this key
	Options []string `json:"options,omitempty"`
}

AuthorizedKeysEntry represents an entry in the authorized_keys file

func (*AuthorizedKeysEntry) String 

func (e *AuthorizedKeysEntry) String() string

String returns the string representation of the entry for the authorized_keys file

type GenerateKeyPairRequest 

type GenerateKeyPairRequest struct {
	// PeeringID is a unique identifier for the peer
	PeeringID string `json:"peering_id"     binding:"required"`
	// Type is the key algorithm type (defaults to ed25519)
	Type KeyPairType `json:"type,omitempty"`
}

GenerateKeyPairRequest represents a request to generate a new key pair

type GenerateKeyPairResponse 

type GenerateKeyPairResponse struct {
	// PeeringID is the identifier for the peer
	PeeringID string `json:"peering_id"`
	// PublicKey is the generated public key in authorized_keys format
	PublicKey string `json:"public_key"`
	// PrivateKeyPath is the path to the private key file
	PrivateKeyPath string `json:"private_key_path"`
	// PublicKeyPath is the path to the public key file
	PublicKeyPath string `json:"public_key_path"`
	// Type is the key algorithm type
	Type KeyPairType `json:"type"`
}

GenerateKeyPairResponse represents the response to a key pair generation request

type HostKeyResponse 

type HostKeyResponse struct {
	// HostKey is the SSH server's host public key (from /etc/ssh/ssh_host_*_key.pub)
	HostKey string `json:"host_key"`
	// KeyType is the type of the host key (e.g., "ssh-ed25519", "ssh-rsa")
	KeyType string `json:"key_type"`
}

HostKeyResponse represents the response when getting this machine's SSH host key

type KeyPair 

type KeyPair struct {
	// PeeringID identifies which Rodent peer this key pair belongs to
	PeeringID string `json:"peering_id"`
	// PublicKey is the public key in authorized_keys format
	PublicKey string `json:"public_key"`
	// PrivateKeyPath is the path to the private key file
	PrivateKeyPath string `json:"private_key_path"`
	// PublicKeyPath is the path to the public key file
	PublicKeyPath string `json:"public_key_path"`
	// Type is the key algorithm type
	Type KeyPairType `json:"type"`
}

KeyPair represents an SSH key pair

type KeyPairListResponse 

type KeyPairListResponse struct {
	// KeyPairs is the list of key pairs
	KeyPairs []KeyPair `json:"key_pairs"`
}

KeyPairListResponse represents a response listing all key pairs

type KeyPairType 

type KeyPairType string

KeyPairType represents the type of SSH key algorithm 

const (
	// KeyPairTypeED25519 represents an ED25519 key pair
	KeyPairTypeED25519 KeyPairType = "ed25519"
	// KeyPairTypeRSA represents an RSA key pair
	KeyPairTypeRSA KeyPairType = "rsa"
)

type KnownHostEntry 

type KnownHostEntry struct {
	// Hostname is the hostname or IP address of the host
	Hostname string `json:"hostname"`
	// PublicKey is the public key in known_hosts format
	PublicKey string `json:"public_key"`
	// PeeringID identifies which Rodent peer this key belongs to
	PeeringID string `json:"peering_id"`
}

KnownHostEntry represents an entry in the known_hosts file

type KnownHostListResponse 

type KnownHostListResponse struct {
	// KnownHosts is the list of known hosts entries
	KnownHosts []KnownHostEntry `json:"known_hosts"`
}

KnownHostListResponse represents a response listing all known hosts

type PeerInfo 

type PeerInfo struct {
	// PeeringID is a unique identifier for the peer
	PeeringID string `json:"peering_id"`
	// Hostname is the hostname or IP address of the peer (not used for known_hosts anymore)
	Hostname string `json:"hostname,omitempty"`
	// PublicKey is the peer's public key
	PublicKey string `json:"public_key"`
	// SSHOptions are any additional SSH options to apply (for authorized_keys)
	SSHOptions []string `json:"ssh_options,omitempty"`
}

PeerInfo contains the information required for peering

type RemoveKnownHostRequest 

type RemoveKnownHostRequest struct {
	// PeeringID is the unique identifier for the peering connection
	PeeringID string `json:"peering_id" binding:"required"`
	// Hostname is optional; if provided, only removes the specific hostname entry
	Hostname string `json:"hostname,omitempty"`
}

RemoveKnownHostRequest represents a request to remove a host entry from known_hosts

type SSHKeyManager 

type SSHKeyManager struct {
	// contains filtered or unexported fields
}

SSHKeyManager handles SSH key operations

func NewSSHKeyManager 

func NewSSHKeyManager(logger logger.Logger) (*SSHKeyManager, error)

NewSSHKeyManager creates a new SSH key manager

func (*SSHKeyManager) AddAuthorizedKey 

func (m *SSHKeyManager) AddAuthorizedKey(
	publicKey string,
	peeringID string,
	options []string,
) error

AddAuthorizedKey adds a public key to the authorized_keys file The key is typically the public key generated for a peering ID on another machine

func (*SSHKeyManager) AddKnownHost 

func (m *SSHKeyManager) AddKnownHost(
	ctx context.Context,
	hostname string,
	publicKey string,
	peeringID string,
) error

AddKnownHost adds a host public key to the known_hosts file

func (*SSHKeyManager) AddRemoteHostKey 

func (m *SSHKeyManager) AddRemoteHostKey(
	ctx context.Context,
	hostname string,
	hostKey string,
	peeringID string,
) error

AddRemoteHostKey adds a remote host's SSH server key to this machine's known_hosts file. This enables SSH connections FROM this machine TO the remote host without host key verification prompts. Parameters:

  • hostname: The hostname or IP address of the remote host
  • hostKey: The remote host's SSH server public key (from /etc/ssh/ssh_host_*_key.pub)
  • peeringID: The peering connection ID (used as a comment for tracking)

func (*SSHKeyManager) AuthorizePeer 

func (m *SSHKeyManager) AuthorizePeer(ctx context.Context, peer PeerInfo) error

AuthorizePeer adds a peer's public key to the authorized_keys file. This enables the peer to SSH into this node for ZFS transfers.

NOTE: This function only manages authorized_keys (allowing incoming SSH connections). The known_hosts file (for outgoing SSH connections) is managed separately via AddRemoteHostKey, which requires the remote host's SSH server key, not the peer's authentication key.

func (*SSHKeyManager) Close 

func (m *SSHKeyManager) Close()

Close cleans up any resources used by the manager

func (*SSHKeyManager) DeauthorizePeer 

func (m *SSHKeyManager) DeauthorizePeer(ctx context.Context, peeringID string) error

DeauthorizePeer removes a peer's public key from the authorized_keys file and also attempts to remove it from the known_hosts file This prevents the peer from SSHing into this node and removes trust

func (*SSHKeyManager) FindAuthorizedKeyByPeeringID 

func (m *SSHKeyManager) FindAuthorizedKeyByPeeringID(
	peeringID string,
) (*AuthorizedKeysEntry, error)

FindAuthorizedKeyByPeeringID finds an entry in the authorized_keys file by its peering ID

func (*SSHKeyManager) FindKnownHostsByHostname 

func (m *SSHKeyManager) FindKnownHostsByHostname(hostname string) ([]KnownHostEntry, error)

FindKnownHostsByHostname finds known hosts entries by hostname

func (*SSHKeyManager) FindKnownHostsByPeeringID 

func (m *SSHKeyManager) FindKnownHostsByPeeringID(peeringID string) ([]KnownHostEntry, error)

FindKnownHostsByPeeringID finds known hosts entries by peering ID

func (*SSHKeyManager) GenerateKeyPair 

func (m *SSHKeyManager) GenerateKeyPair(
	ctx context.Context,
	peeringID string,
	keyType KeyPairType,
) (*KeyPair, error)

GenerateKeyPair generates a new SSH key pair for a peering ID

func (*SSHKeyManager) GetAuthorizedKeysPath 

func (m *SSHKeyManager) GetAuthorizedKeysPath() string

GetAuthorizedKeysPath returns the path to the authorized_keys file

func (*SSHKeyManager) GetAuthorizedPeers 

func (m *SSHKeyManager) GetAuthorizedPeers(ctx context.Context) ([]PeerInfo, error)

GetAuthorizedPeers returns a list of all peers authorized to connect to this node

func (*SSHKeyManager) GetHostPublicKey 

func (m *SSHKeyManager) GetHostPublicKey() (*HostKeyResponse, error)

GetHostPublicKey retrieves this machine's SSH server host public key. It looks for host keys in /etc/ssh/ in order of preference: ed25519, ecdsa, rsa. This is the key that should be added to a remote machine's known_hosts file to establish trust for SSH connections TO this machine.

func (*SSHKeyManager) GetKeyPair 

func (m *SSHKeyManager) GetKeyPair(peeringID string) (*KeyPair, error)

GetKeyPair gets a key pair for a peering ID

func (*SSHKeyManager) GetKnownHostsPath 

func (m *SSHKeyManager) GetKnownHostsPath() string

GetKnownHostsPath returns the path to the known_hosts file

func (*SSHKeyManager) GetPrivateKeyPath 

func (m *SSHKeyManager) GetPrivateKeyPath(peeringID string) (string, error)

GetPrivateKeyPath returns the path to the private key for a peering ID

func (*SSHKeyManager) GetPublicKeyPath 

func (m *SSHKeyManager) GetPublicKeyPath(peeringID string) (string, error)

GetPublicKeyPath returns the path to the public key for a peering ID

func (*SSHKeyManager) HasKeyPair 

func (m *SSHKeyManager) HasKeyPair(peeringID string) (bool, error)

HasKeyPair checks if a peering ID has a key pair

func (*SSHKeyManager) ListAuthorizedKeys 

func (m *SSHKeyManager) ListAuthorizedKeys() ([]AuthorizedKeysEntry, error)

ListAuthorizedKeys returns all entries in the authorized_keys file

func (*SSHKeyManager) ListKeyPairs 

func (m *SSHKeyManager) ListKeyPairs(ctx context.Context) ([]KeyPair, error)

ListKeyPairs lists all key pairs

func (*SSHKeyManager) ListKnownHosts 

func (m *SSHKeyManager) ListKnownHosts(ctx context.Context) ([]KnownHostEntry, error)

ListKnownHosts lists all known hosts entries

func (*SSHKeyManager) RemoveAuthorizedKey 

func (m *SSHKeyManager) RemoveAuthorizedKey(peeringID string) error

RemoveAuthorizedKey removes a key from the authorized_keys file by its peering ID

func (*SSHKeyManager) RemoveKeyPair 

func (m *SSHKeyManager) RemoveKeyPair(ctx context.Context, peeringID string) error

RemoveKeyPair removes a key pair for a peering ID Also attempts to remove related entries from known_hosts and authorized_keys

func (*SSHKeyManager) RemoveKnownHost 

func (m *SSHKeyManager) RemoveKnownHost(
	ctx context.Context,
	peeringID string,
	hostname string,
) error

RemoveKnownHost removes a host entry from the known_hosts file by peering ID and optionally hostname

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.