proposal: x/crypto/ssh: add ssh.ParseHostKey #41709
Comments
andybons
changed the title
andybons
added
the
Proposal-Crypto
|
I'm not sure I understand, server public keys are stored in known_hosts files, for which there is ParseKnownHosts. |
|
My reasoning is as follows: I don't wish to be tied to a hostname or IP address as I may wish to use broadcast DNS if MDNS or DNS fail. I am signing the host key as retrieved from the OpenSSH server filesystem, via a provisioning http service, and so need to retrieve additional files, pk/sig. Additionally, go is unlikely to have access to storage on all devices like android/ios and so simply reading a string equating to the server side host key format, seems to be the neatest option? I also read that knownHosts parsing can fail on corrupted lines and so figured storing a single host key may be simpler but that would rather be reason for a pull request, if not already fixed. Whilst ssh.ParseHostKey, could simply mention "generally not needed". I can see that it may be a little confusing to document it's existence, particularly with knownhosts being in a separate package. Perhaps it is better to simply copy and maintain the function myself? |
|
Actually on the server side, I assume that generating and signing a known hosts format file with host */wildcard would work. Seems a bit like jumping through hoops but may have some unforeseen benefits. Sorry for the noise. |
|
It seems that ssh.ParseAuthorizedKeys and so ssh.ParseHostKeys may be needed to create a known hosts file using go, in the first place? e.g. create a known hosts file from "/etc/ssh/ssh_host_ed25519_key.pub" Should I simply write a custom function? |
|
I shall just use the following until and if a stdlib function is created. // SSHParseHostKey : Parses a host key as generated by ssh-keygen and returns a
// public key type useable by "golang.org/x/crypto/ssh"
func SSHParseHostKey(file []byte) (out ssh.PublicKey, comment, keyType string, err error) {
hostKeyFileStr := string(file)
hostKeySplit := strings.Split(hostKeyFileStr, " ")
if len(hostKeySplit) != 3 {
err = library.LogPrint(nil, err, "invalid file input: was the file(",file,") generated by ssh-keygen?")
return nil, "", "", err
}
keyType = hostKeySplit[0]
hostKeyb64 := hostKeySplit[1]
comment = hostKeySplit[2]
hostKeyWire, err := base64.StdEncoding.DecodeString(hostKeyb64)
if err != nil {
//library.LogPrint(nil, err, "failed to b64 decode hostkey, was the file (",file,") generated by ssh-keygen?");
return nil, "", "", err
}
out, err = ssh.ParsePublicKey(hostKeyWire)
if err != nil {
//library.LogPrint(nil, err, "failed to parse the decoded hostkey, was the file (",file,") generated by ssh-keygen?");
return nil, "", "", err
}
return out, comment, keyType, err
}
If a ssh.ParseHostsKeys isn't deemed a useful function for the stdlib then I have no objection to this issue simply being closed. |
|
Generally, host keys are stored as Moreover, if you're interested in just storing a simple compact representation of a single key, you could just store the base64 portion (which includes the key type) and just call |
I don't necessarily wish to retrieve a servers publicKey hostkey via go on all platforms in my app and receive it OOB.
I was going to write my own function but noticed that ssh.ParseAuthorizedKeys works just fine.
Does a copy of or wrapper for ssh.ParseAuthorizedKeys called ssh.ParseHostKeys make sense for this library?
The text was updated successfully, but these errors were encountered: