summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
Diffstat (limited to 'lib')
-rw-r--r--lib/leap_cli.rb2
-rw-r--r--lib/leap_cli/commands/common.rb1
-rw-r--r--lib/leap_cli/config/node.rb3
-rw-r--r--lib/leap_cli/ssh_key.rb195
4 files changed, 2 insertions, 199 deletions
diff --git a/lib/leap_cli.rb b/lib/leap_cli.rb
index fc8ab2b..b74f7e6 100644
--- a/lib/leap_cli.rb
+++ b/lib/leap_cli.rb
@@ -33,12 +33,10 @@ require 'leap_cli/log'
require 'leap_cli/path'
require 'leap_cli/util'
require 'leap_cli/util/secret'
-require 'leap_cli/util/remote_command'
require 'leap_cli/util/x509'
require 'leap_cli/logger'
require 'leap_cli/bootstrap'
-require 'leap_cli/ssh_key'
require 'leap_cli/config/object'
require 'leap_cli/config/node'
require 'leap_cli/config/tag'
diff --git a/lib/leap_cli/commands/common.rb b/lib/leap_cli/commands/common.rb
index 695a9f6..d49490e 100644
--- a/lib/leap_cli/commands/common.rb
+++ b/lib/leap_cli/commands/common.rb
@@ -4,7 +4,6 @@ module LeapCli; module Commands
extend LeapCli::LogCommand
extend LeapCli::Util
- extend LeapCli::Util::RemoteCommand
def path(name)
Path.named_path(name)
diff --git a/lib/leap_cli/config/node.rb b/lib/leap_cli/config/node.rb
index 65735d5..f8ec052 100644
--- a/lib/leap_cli/config/node.rb
+++ b/lib/leap_cli/config/node.rb
@@ -67,7 +67,8 @@ module LeapCli; module Config
# returns a string list of supported ssh host key algorithms for this node.
# or an empty string if it could not be determined
def supported_ssh_host_key_algorithms
- @host_key_algo ||= SshKey.supported_host_key_algorithms(
+ require 'leap_cli/ssh'
+ @host_key_algo ||= LeapCli::SSH::Key.supported_host_key_algorithms(
Util.read_file([:node_ssh_pub_key, @node.name])
)
end
diff --git a/lib/leap_cli/ssh_key.rb b/lib/leap_cli/ssh_key.rb
deleted file mode 100644
index 2570557..0000000
--- a/lib/leap_cli/ssh_key.rb
+++ /dev/null
@@ -1,195 +0,0 @@
-#
-# A wrapper around OpenSSL::PKey::RSA instances to provide a better api for dealing with SSH keys.
-#
-# cipher 'ssh-ed25519' not supported yet because we are waiting for support in Net::SSH
-#
-
-require 'net/ssh'
-require 'forwardable'
-
-module LeapCli
- class SshKey
- extend Forwardable
-
- attr_accessor :filename
- attr_accessor :comment
-
- # supported ssh key types, in order of preference
- SUPPORTED_TYPES = ['ssh-rsa', 'ecdsa-sha2-nistp256']
- SUPPORTED_TYPES_RE = /(#{SUPPORTED_TYPES.join('|')})/
-
- ##
- ## CLASS METHODS
- ##
-
- def self.load(arg1, arg2=nil)
- key = nil
- if arg1.is_a? OpenSSL::PKey::RSA
- key = SshKey.new arg1
- elsif arg1.is_a? String
- if arg1 =~ /^ssh-/
- type, data = arg1.split(' ')
- key = SshKey.new load_from_data(data, type)
- elsif File.exist? arg1
- key = SshKey.new load_from_file(arg1)
- key.filename = arg1
- else
- key = SshKey.new load_from_data(arg1, arg2)
- end
- end
- return key
- rescue StandardError
- end
-
- def self.load_from_file(filename)
- public_key = nil
- private_key = nil
- begin
- public_key = Net::SSH::KeyFactory.load_public_key(filename)
- rescue NotImplementedError, Net::SSH::Exception, OpenSSL::PKey::PKeyError
- begin
- private_key = Net::SSH::KeyFactory.load_private_key(filename)
- rescue NotImplementedError, Net::SSH::Exception, OpenSSL::PKey::PKeyError
- end
- end
- public_key || private_key
- end
-
- def self.load_from_data(data, type='ssh-rsa')
- public_key = nil
- private_key = nil
- begin
- public_key = Net::SSH::KeyFactory.load_data_public_key("#{type} #{data}")
- rescue NotImplementedError, Net::SSH::Exception, OpenSSL::PKey::PKeyError
- begin
- private_key = Net::SSH::KeyFactory.load_data_private_key("#{type} #{data}")
- rescue NotImplementedError, Net::SSH::Exception, OpenSSL::PKey::PKeyError
- end
- end
- public_key || private_key
- end
-
- #
- # Picks one key out of an array of keys that we think is the "best",
- # based on the order of preference in SUPPORTED_TYPES
- #
- # Currently, this does not take bitsize into account.
- #
- def self.pick_best_key(keys)
- keys.select {|k|
- SUPPORTED_TYPES.include?(k.type)
- }.sort {|a,b|
- SUPPORTED_TYPES.index(a.type) <=> SUPPORTED_TYPES.index(b.type)
- }.first
- end
-
- #
- # takes a string with one or more ssh keys, one key per line,
- # and returns an array of SshKey objects.
- #
- # the lines should be in one of these formats:
- #
- # 1. <hostname> <key-type> <key>
- # 2. <key-type> <key>
- #
- def self.parse_keys(string)
- keys = []
- lines = string.split("\n").grep(/^[^#]/)
- lines.each do |line|
- if line =~ / #{SshKey::SUPPORTED_TYPES_RE} /
- # <hostname> <key-type> <key>
- keys << line.split(' ')[1..2]
- elsif line =~ /^#{SshKey::SUPPORTED_TYPES_RE} /
- # <key-type> <key>
- keys << line.split(' ')
- end
- end
- return keys.map{|k| SshKey.load(k[1], k[0])}
- end
-
- #
- # takes a string with one or more ssh keys, one key per line,
- # and returns a string that specified the ssh key algorithms
- # that are supported by the keys, in order of preference.
- #
- # eg: ecdsa-sha2-nistp256,ssh-rsa,ssh-ed25519
- #
- def self.supported_host_key_algorithms(string)
- if string
- self.parse_keys(string).map {|key|
- key.type
- }.join(',')
- else
- ""
- end
- end
-
- ##
- ## INSTANCE METHODS
- ##
-
- public
-
- def initialize(rsa_key)
- @key = rsa_key
- end
-
- def_delegator :@key, :fingerprint, :fingerprint
- def_delegator :@key, :public?, :public?
- def_delegator :@key, :private?, :private?
- def_delegator :@key, :ssh_type, :type
- def_delegator :@key, :public_encrypt, :public_encrypt
- def_delegator :@key, :public_decrypt, :public_decrypt
- def_delegator :@key, :private_encrypt, :private_encrypt
- def_delegator :@key, :private_decrypt, :private_decrypt
- def_delegator :@key, :params, :params
- def_delegator :@key, :to_text, :to_text
-
- def public_key
- SshKey.new(@key.public_key)
- end
-
- def private_key
- SshKey.new(@key.private_key)
- end
-
- #
- # not sure if this will always work, but is seems to for now.
- #
- def bits
- Net::SSH::Buffer.from(:key, @key).to_s.split("\001\000").last.size * 8
- end
-
- def summary
- if self.filename
- "%s %s %s (%s)" % [self.type, self.bits, self.fingerprint, File.basename(self.filename)]
- else
- "%s %s %s" % [self.type, self.bits, self.fingerprint]
- end
- end
-
- def to_s
- self.type + " " + self.key
- end
-
- def key
- [Net::SSH::Buffer.from(:key, @key).to_s].pack("m*").gsub(/\s/, "")
- end
-
- def ==(other_key)
- return false if other_key.nil?
- return false if self.class != other_key.class
- return self.to_text == other_key.to_text
- end
-
- def in_known_hosts?(*identifiers)
- identifiers.each do |identifier|
- Net::SSH::KnownHosts.search_for(identifier).each do |key|
- return true if self == key
- end
- end
- return false
- end
-
- end
-end