()
| 19 | ) |
| 20 | |
| 21 | func gitssh() *serpent.Command { |
| 22 | agentAuth := &AgentAuth{} |
| 23 | cmd := &serpent.Command{ |
| 24 | Use: "gitssh", |
| 25 | Hidden: true, |
| 26 | Short: `Wraps the "ssh" command and uses the coder gitssh key for authentication`, |
| 27 | Handler: func(inv *serpent.Invocation) error { |
| 28 | ctx := inv.Context() |
| 29 | env := os.Environ() |
| 30 | |
| 31 | // Catch interrupt signals to ensure the temporary private |
| 32 | // key file is cleaned up on most cases. |
| 33 | ctx, stop := inv.SignalNotifyContext(ctx, StopSignals...) |
| 34 | defer stop() |
| 35 | |
| 36 | // Early check so errors are reported immediately. |
| 37 | identityFiles, err := parseIdentityFilesForHost(ctx, inv.Args, env) |
| 38 | if err != nil { |
| 39 | return err |
| 40 | } |
| 41 | |
| 42 | client, err := agentAuth.CreateClient() |
| 43 | if err != nil { |
| 44 | return xerrors.Errorf("create agent client: %w", err) |
| 45 | } |
| 46 | key, err := client.GitSSHKey(ctx) |
| 47 | if err != nil { |
| 48 | return xerrors.Errorf("get agent git ssh token: %w", err) |
| 49 | } |
| 50 | |
| 51 | privateKeyFile, err := os.CreateTemp("", "coder-gitsshkey-*") |
| 52 | if err != nil { |
| 53 | return xerrors.Errorf("create temp gitsshkey file: %w", err) |
| 54 | } |
| 55 | defer func() { |
| 56 | _ = privateKeyFile.Close() |
| 57 | _ = os.Remove(privateKeyFile.Name()) |
| 58 | }() |
| 59 | _, err = privateKeyFile.WriteString(key.PrivateKey) |
| 60 | if err != nil { |
| 61 | return xerrors.Errorf("write to temp gitsshkey file: %w", err) |
| 62 | } |
| 63 | err = privateKeyFile.Close() |
| 64 | if err != nil { |
| 65 | return xerrors.Errorf("close temp gitsshkey file: %w", err) |
| 66 | } |
| 67 | |
| 68 | // Append our key, giving precedence to user keys. Note that |
| 69 | // OpenSSH server are typically configured with MaxAuthTries |
| 70 | // set to the default value of 6. This means that only the 6 |
| 71 | // first keys can be tried. However, we will assume that if |
| 72 | // a user has configured 6+ keys for a host, they know what |
| 73 | // they're doing. This behavior is critical if a server has |
| 74 | // been configured with MaxAuthTries set to 1. |
| 75 | identityFiles = append(identityFiles, privateKeyFile.Name()) |
| 76 | |
| 77 | var identityArgs []string |
| 78 | for _, id := range identityFiles { |
no test coverage detected