完善私钥验证

2020-12-25 03:43:15 +08:00
parent 72f7dd5dc6
commit 6c7cb6b0e7
13 changed files with 203 additions and 70 deletions
--- a/pkg/api/ssh.go
+++ b/pkg/api/ssh.go
@ -2,15 +2,14 @@ package api

 import (
 	"bytes"
-	"next-terminal/pkg/model"
 	"fmt"
 	"github.com/gorilla/websocket"
 	"github.com/labstack/echo/v4"
 	"github.com/pkg/sftp"
 	"golang.org/x/crypto/ssh"
 	"log"
-	"net"
 	"net/http"
+	"next-terminal/pkg/model"
 	"strconv"
 	"sync"
 	"time"
@ -57,32 +56,7 @@ func SSHEndpoint(c echo.Context) error {
 	width, _ := strconv.Atoi(c.QueryParam("width"))
 	height, _ := strconv.Atoi(c.QueryParam("height"))

-	asset, err := model.FindAssetById(assetId)
-	if err != nil {
-		return err
-	}
-
-	if asset.AccountType == "credential" {
-		credential, err := model.FindCredentialById(asset.CredentialId)
-		if err != nil {
-			return err
-		}
-		asset.Username = credential.Username
-		asset.Password = credential.Password
-	}
-
-	config := &ssh.ClientConfig{
-		Timeout: 1 * time.Second,
-		User:    asset.Username,
-		Auth:    []ssh.AuthMethod{ssh.Password(asset.Password)},
-		HostKeyCallback: func(hostname string, remote net.Addr, key ssh.PublicKey) error {
-			return nil
-		},
-	}
-
-	addr := fmt.Sprintf("%s:%d", asset.IP, asset.Port)
-
-	sshClient, err := ssh.Dial("tcp", addr, config)
+	sshClient, err := CreateSshClient(assetId)
 	if err != nil {
 		return err
 	}
@ -143,6 +117,55 @@ func SSHEndpoint(c echo.Context) error {
 	return err
 }

+func CreateSshClient(assetId string) (*ssh.Client, error) {
+	asset, err := model.FindAssetById(assetId)
+	if err != nil {
+		return nil, err
+	}
+
+	var authMethod ssh.AuthMethod
+	if asset.AccountType == "credential" {
+		credential, err := model.FindCredentialById(asset.CredentialId)
+		if err != nil {
+			return nil, err
+		}
+		asset.Username = credential.Username
+		asset.Password = credential.Password
+		authMethod = ssh.Password(asset.Password)
+	} else if asset.AccountType == "private-key" {
+		var key ssh.Signer
+		if len(asset.Passphrase) > 0 {
+			key, err = ssh.ParsePrivateKeyWithPassphrase([]byte(asset.PrivateKey), []byte(asset.Passphrase))
+			if err != nil {
+				return nil, err
+			}
+		} else {
+			key, err = ssh.ParsePrivateKey([]byte(asset.PrivateKey))
+			if err != nil {
+				return nil, err
+			}
+		}
+		authMethod = ssh.PublicKeys(key)
+	} else {
+		authMethod = ssh.Password(asset.Password)
+	}
+
+	config := &ssh.ClientConfig{
+		Timeout:         1 * time.Second,
+		User:            asset.Username,
+		Auth:            []ssh.AuthMethod{authMethod},
+		HostKeyCallback: ssh.InsecureIgnoreHostKey(),
+	}
+
+	addr := fmt.Sprintf("%s:%d", asset.IP, asset.Port)
+
+	sshClient, err := ssh.Dial("tcp", addr, config)
+	if err != nil {
+		return nil, err
+	}
+	return sshClient, nil
+}
+
 func WriteMessage(ws *websocket.Conn, message string) {
 	WriteByteMessage(ws, []byte(message))
 }
@ -154,19 +177,8 @@ func WriteByteMessage(ws *websocket.Conn, p []byte) {
 	}
 }

-func CreateSftpClient(username, password, ip string, port int) (sftpClient *sftp.Client, err error) {
-	clientConfig := &ssh.ClientConfig{
-		Timeout: 1 * time.Second,
-		User:    username,
-		Auth:    []ssh.AuthMethod{ssh.Password(password)},
-		HostKeyCallback: func(hostname string, remote net.Addr, key ssh.PublicKey) error {
-			return nil
-		},
-	}
-
-	addr := fmt.Sprintf("%s:%d", ip, port)
-
-	sshClient, err := ssh.Dial("tcp", addr, clientConfig)
+func CreateSftpClient(assetId string) (sftpClient *sftp.Client, err error) {
+	sshClient, err := CreateSshClient(assetId)
 	if err != nil {
 		return nil, err
 	}