parseIdentityFilesForHost uses ssh -G to discern what SSH keys have been enabled for the host (via the users SSH config) and returns a list of existing identity files. We do this because when no keys are defined for a host, SSH uses fallback keys (see above). However, by passing `-i` to attach our
(ctx context.Context, args, env []string)
| 140 | // The extra arguments work without issue and lets us run the command |
| 141 | // as-is without stripping out the excess (git-upload-pack 'coder/coder'). |
| 142 | func parseIdentityFilesForHost(ctx context.Context, args, env []string) (identityFiles []string, err error) { |
| 143 | home, err := os.UserHomeDir() |
| 144 | if err != nil { |
| 145 | return nil, xerrors.Errorf("get user home dir failed: %w", err) |
| 146 | } |
| 147 | |
| 148 | var outBuf bytes.Buffer |
| 149 | var r io.Reader = &outBuf |
| 150 | |
| 151 | args = append([]string{"-G"}, args...) |
| 152 | cmd := exec.CommandContext(ctx, "ssh", args...) |
| 153 | cmd.Env = append(cmd.Env, env...) |
| 154 | cmd.Stdout = &outBuf |
| 155 | cmd.Stderr = io.Discard |
| 156 | err = cmd.Run() |
| 157 | if err != nil { |
| 158 | // If ssh -G failed, the SSH version is likely too old, fallback |
| 159 | // to using the default identity files. |
| 160 | r = strings.NewReader(fallbackIdentityFiles) |
| 161 | } |
| 162 | |
| 163 | s := bufio.NewScanner(r) |
| 164 | for s.Scan() { |
| 165 | line := s.Text() |
| 166 | if strings.HasPrefix(line, "identityfile ") { |
| 167 | id := strings.TrimPrefix(line, "identityfile ") |
| 168 | if strings.HasPrefix(id, "~/") { |
| 169 | id = home + id[1:] |
| 170 | } |
| 171 | // OpenSSH on Windows is weird, it supports using (and does |
| 172 | // use) mixed \ and / in paths. |
| 173 | // |
| 174 | // Example: C:\Users\ZeroCool/.ssh/known_hosts |
| 175 | // |
| 176 | // To check the file existence in Go, though, we want to use |
| 177 | // proper Windows paths. |
| 178 | // OpenSSH is amazing, this will work on Windows too: |
| 179 | // C:\Users\ZeroCool/.ssh/id_rsa |
| 180 | id = filepath.FromSlash(id) |
| 181 | |
| 182 | // Only include the identity file if it exists. |
| 183 | if _, err := os.Stat(id); err == nil { |
| 184 | identityFiles = append(identityFiles, id) |
| 185 | } |
| 186 | } |
| 187 | } |
| 188 | if err := s.Err(); err != nil { |
| 189 | // This should never happen, the check is for completeness. |
| 190 | return nil, xerrors.Errorf("scan ssh output: %w", err) |
| 191 | } |
| 192 | |
| 193 | return identityFiles, nil |
| 194 | } |