From db14517499e54d306986a5f1c9e021ff14beaef5 Mon Sep 17 00:00:00 2001 From: Andrey Petrov Date: Wed, 13 Oct 2021 10:27:04 -0400 Subject: [PATCH] cmd/ssh-chat: Accept multiple --identity keys Fixes #401 --- cmd/ssh-chat/cmd.go | 51 ++++++++++++++++++++++++--------------------- 1 file changed, 27 insertions(+), 24 deletions(-) diff --git a/cmd/ssh-chat/cmd.go b/cmd/ssh-chat/cmd.go index a13e7ff..1114f7b 100644 --- a/cmd/ssh-chat/cmd.go +++ b/cmd/ssh-chat/cmd.go @@ -28,16 +28,16 @@ var Version string = "dev" // Options contains the flag options type Options struct { - Admin string `long:"admin" description:"File of public keys who are admins."` - Bind string `long:"bind" description:"Host and port to listen on." default:"0.0.0.0:2022"` - Identity string `short:"i" long:"identity" description:"Private key to identify server with." default:"~/.ssh/id_rsa"` - Log string `long:"log" description:"Write chat log to this file."` - Motd string `long:"motd" description:"Optional Message of the Day file."` - Pprof int `long:"pprof" description:"Enable pprof http server for profiling."` - Verbose []bool `short:"v" long:"verbose" description:"Show verbose logging."` - Version bool `long:"version" description:"Print version and exit."` - Whitelist string `long:"whitelist" description:"Optional file of public keys who are allowed to connect."` - Passphrase string `long:"unsafe-passphrase" description:"Require an interactive passphrase to connect. Whitelist feature is more secure."` + Admin string `long:"admin" description:"File of public keys who are admins."` + Bind string `long:"bind" description:"Host and port to listen on." default:"0.0.0.0:2022"` + Identity []string `short:"i" long:"identity" description:"Private key to identify server with." default:"~/.ssh/id_rsa"` + Log string `long:"log" description:"Write chat log to this file."` + Motd string `long:"motd" description:"Optional Message of the Day file."` + Pprof int `long:"pprof" description:"Enable pprof http server for profiling."` + Verbose []bool `short:"v" long:"verbose" description:"Show verbose logging."` + Version bool `long:"version" description:"Print version and exit."` + Whitelist string `long:"whitelist" description:"Optional file of public keys who are allowed to connect."` + Passphrase string `long:"unsafe-passphrase" description:"Require an interactive passphrase to connect. Whitelist feature is more secure."` } const extraHelp = `There are hidden options and easter eggs in ssh-chat. The source code is a good @@ -102,25 +102,28 @@ func main() { message.SetLogger(os.Stderr) } - privateKeyPath := options.Identity - if strings.HasPrefix(privateKeyPath, "~/") { - user, err := user.Current() - if err == nil { - privateKeyPath = strings.Replace(privateKeyPath, "~", user.HomeDir, 1) - } - } - - signer, err := ReadPrivateKey(privateKeyPath) - if err != nil { - fail(3, "Failed to read identity private key: %v\n", err) - } - auth := sshchat.NewAuth() config := sshd.MakeAuth(auth) - config.AddHostKey(signer) config.ServerVersion = "SSH-2.0-Go ssh-chat" // FIXME: Should we be using config.NoClientAuth = true by default? + for _, privateKeyPath := range options.Identity { + if strings.HasPrefix(privateKeyPath, "~/") { + user, err := user.Current() + if err == nil { + privateKeyPath = strings.Replace(privateKeyPath, "~", user.HomeDir, 1) + } + } + + signer, err := ReadPrivateKey(privateKeyPath) + if err != nil { + fail(3, "Failed to read identity private key: %v\n", err) + } + + config.AddHostKey(signer) + fmt.Printf("Added server identity: %s\n", sshd.Fingerprint(signer.PublicKey())) + } + s, err := sshd.ListenSSH(options.Bind, config) if err != nil { fail(4, "Failed to listen on socket: %v\n", err)