add cmd/ssh-keygen/main.go to try this on real servers

2020-10-13 11:25:52 +02:00 · 2020-10-13 11:25:52 +02:00 · 750102901c
parent 0cf7af4247
commit 750102901c
3 changed files with 71 additions and 5 deletions
--- a/cmd/ssh-keygen/main.go
+++ b/cmd/ssh-keygen/main.go
@ -0,0 +1,60 @@
+package main
+
+import (
+	"flag"
+	"log"
+	"os"
+
+	"github.com/hashicorp/packer/helper/communicator/sshkey"
+)
+
+type options struct {
+	Type string
+	Bits int
+}
+
+func (o *options) AddFlagSets(fs *flag.FlagSet) {
+	fs.StringVar(&o.Type, "type", "rsa", `dsa | ecdsa | ed25519 | rsa
+
+	Specifies the type of key to create.  The possible values are 'dsa', 'ecdsa',
+	'ed25519', or 'rsa' ( the default ).
+`)
+	fs.IntVar(&o.Bits, "bits", 0, `bits
+
+	Specifies the number of bits in the key to create.  For RSA keys, the min-
+	imum size is 1024 bits and the default is 3072 bits.  Generally, 3072 bits
+	is considered sufficient.  DSA keys must be exactly 1024 bits as specified
+	by FIPS 186-2.  For ECDSA keys, the bits flag determines the key length by
+	selecting from one of three elliptic curve sizes: 256, 384 or 521 bits.
+	Attempting to use bit lengths other than these three values for ECDSA keys
+	will fail.  Ed25519 keys have a fixed length and the bits flag will be
+	ignored.	
+`)
+}
+
+func main() {
+	log.SetFlags(0)
+	log.SetPrefix("ssh-keygen: ")
+	fs := flag.NewFlagSet("ssh-keygen", flag.ContinueOnError)
+	cla := options{}
+	cla.AddFlagSets(fs)
+	if err := fs.Parse(os.Args[1:]); err != nil {
+		fs.Usage()
+		os.Exit(1)
+	}
+
+	algo, err := sshkey.AlgorithmString(cla.Type)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	keypair, err := sshkey.GeneratePair(algo, nil, cla.Bits)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	log.Printf("keypair.Private:")
+	log.Printf("%s", keypair.Private)
+	log.Printf("keypair.Public:")
+	log.Printf("%s", keypair.Public)
+}
--- a/helper/communicator/sshkey/algorithm_enumer.go
+++ b/helper/communicator/sshkey/algorithm_enumer.go
@ -1,7 +1,7 @@
 // Code generated by "enumer -type Algorithm -transform snake"; DO NOT EDIT.

 //
-package communicator
+package sshkey

 import (
 	"fmt"
--- a/helper/communicator/sshkey/generate.go
+++ b/helper/communicator/sshkey/generate.go
@ -1,4 +1,4 @@
-package communicator
+package sshkey

 import (
 	"crypto/dsa"
@ -86,7 +86,7 @@ func PairFromDSA(key *dsa.PrivateKey) (*Pair, error) {
 		Headers: nil,
 		Bytes:   kb,
 	}
-	publicKey, err := ssh.NewPublicKey(key.PublicKey)
+	publicKey, err := ssh.NewPublicKey(&key.PublicKey)
 	if err != nil {
 		return nil, err
 	}
@ -114,6 +114,9 @@ func GeneratePair(t Algorithm, rand io.Reader, bits int) (*Pair, error) {
 	}
 	switch t {
 	case DSA:
+		if bits == 0 {
+			bits = 3072
+		}
 		var sizes dsa.ParameterSizes
 		switch bits {
 		case 1024:
@ -141,6 +144,9 @@ func GeneratePair(t Algorithm, rand io.Reader, bits int) (*Pair, error) {
 		}
 		return PairFromDSA(dsakey)
 	case ECDSA:
+		if bits == 0 {
+			bits = 521
+		}
 		var ecdsakey *ecdsa.PrivateKey
 		var err error
 		switch bits {
@ -156,7 +162,7 @@ func GeneratePair(t Algorithm, rand io.Reader, bits int) (*Pair, error) {
 		if err != nil {
 			return nil, err
 		}
-		return NewPair(ecdsakey.PublicKey, ecdsakey)
+		return NewPair(&ecdsakey.PublicKey, ecdsakey)
 	case ED25519:
 		publicKey, privateKey, err := ed25519.GenerateKey(rand)
 		if err != nil {
@ -174,7 +180,7 @@ func GeneratePair(t Algorithm, rand io.Reader, bits int) (*Pair, error) {
 		if err != nil {
 			return nil, err
 		}
-		return NewPair(rsakey.PublicKey, rsakey)
+		return NewPair(&rsakey.PublicKey, rsakey)
 	default:
 		return nil, ErrUnknownAlgorithm
 	}