From 750102901ce66f6473e25401ce0874a460e3d287 Mon Sep 17 00:00:00 2001 From: Adrien Delorme Date: Tue, 13 Oct 2020 11:25:52 +0200 Subject: [PATCH] add cmd/ssh-keygen/main.go to try this on real servers --- cmd/ssh-keygen/main.go | 60 +++++++++++++++++++ .../communicator/sshkey/algorithm_enumer.go | 2 +- helper/communicator/sshkey/generate.go | 14 +++-- 3 files changed, 71 insertions(+), 5 deletions(-) create mode 100644 cmd/ssh-keygen/main.go diff --git a/cmd/ssh-keygen/main.go b/cmd/ssh-keygen/main.go new file mode 100644 index 000000000..eca451ffe --- /dev/null +++ b/cmd/ssh-keygen/main.go @@ -0,0 +1,60 @@ +package main + +import ( + "flag" + "log" + "os" + + "github.com/hashicorp/packer/helper/communicator/sshkey" +) + +type options struct { + Type string + Bits int +} + +func (o *options) AddFlagSets(fs *flag.FlagSet) { + fs.StringVar(&o.Type, "type", "rsa", `dsa | ecdsa | ed25519 | rsa + + Specifies the type of key to create. The possible values are 'dsa', 'ecdsa', + 'ed25519', or 'rsa' ( the default ). +`) + fs.IntVar(&o.Bits, "bits", 0, `bits + + Specifies the number of bits in the key to create. For RSA keys, the min- + imum size is 1024 bits and the default is 3072 bits. Generally, 3072 bits + is considered sufficient. DSA keys must be exactly 1024 bits as specified + by FIPS 186-2. For ECDSA keys, the bits flag determines the key length by + selecting from one of three elliptic curve sizes: 256, 384 or 521 bits. + Attempting to use bit lengths other than these three values for ECDSA keys + will fail. Ed25519 keys have a fixed length and the bits flag will be + ignored. +`) +} + +func main() { + log.SetFlags(0) + log.SetPrefix("ssh-keygen: ") + fs := flag.NewFlagSet("ssh-keygen", flag.ContinueOnError) + cla := options{} + cla.AddFlagSets(fs) + if err := fs.Parse(os.Args[1:]); err != nil { + fs.Usage() + os.Exit(1) + } + + algo, err := sshkey.AlgorithmString(cla.Type) + if err != nil { + log.Fatal(err) + } + + keypair, err := sshkey.GeneratePair(algo, nil, cla.Bits) + if err != nil { + log.Fatal(err) + } + + log.Printf("keypair.Private:") + log.Printf("%s", keypair.Private) + log.Printf("keypair.Public:") + log.Printf("%s", keypair.Public) +} diff --git a/helper/communicator/sshkey/algorithm_enumer.go b/helper/communicator/sshkey/algorithm_enumer.go index 38fb6ae95..1a300735b 100644 --- a/helper/communicator/sshkey/algorithm_enumer.go +++ b/helper/communicator/sshkey/algorithm_enumer.go @@ -1,7 +1,7 @@ // Code generated by "enumer -type Algorithm -transform snake"; DO NOT EDIT. // -package communicator +package sshkey import ( "fmt" diff --git a/helper/communicator/sshkey/generate.go b/helper/communicator/sshkey/generate.go index b75d277c9..3de8ac958 100644 --- a/helper/communicator/sshkey/generate.go +++ b/helper/communicator/sshkey/generate.go @@ -1,4 +1,4 @@ -package communicator +package sshkey import ( "crypto/dsa" @@ -86,7 +86,7 @@ func PairFromDSA(key *dsa.PrivateKey) (*Pair, error) { Headers: nil, Bytes: kb, } - publicKey, err := ssh.NewPublicKey(key.PublicKey) + publicKey, err := ssh.NewPublicKey(&key.PublicKey) if err != nil { return nil, err } @@ -114,6 +114,9 @@ func GeneratePair(t Algorithm, rand io.Reader, bits int) (*Pair, error) { } switch t { case DSA: + if bits == 0 { + bits = 3072 + } var sizes dsa.ParameterSizes switch bits { case 1024: @@ -141,6 +144,9 @@ func GeneratePair(t Algorithm, rand io.Reader, bits int) (*Pair, error) { } return PairFromDSA(dsakey) case ECDSA: + if bits == 0 { + bits = 521 + } var ecdsakey *ecdsa.PrivateKey var err error switch bits { @@ -156,7 +162,7 @@ func GeneratePair(t Algorithm, rand io.Reader, bits int) (*Pair, error) { if err != nil { return nil, err } - return NewPair(ecdsakey.PublicKey, ecdsakey) + return NewPair(&ecdsakey.PublicKey, ecdsakey) case ED25519: publicKey, privateKey, err := ed25519.GenerateKey(rand) if err != nil { @@ -174,7 +180,7 @@ func GeneratePair(t Algorithm, rand io.Reader, bits int) (*Pair, error) { if err != nil { return nil, err } - return NewPair(rsakey.PublicKey, rsakey) + return NewPair(&rsakey.PublicKey, rsakey) default: return nil, ErrUnknownAlgorithm }