Closed shreddedbacon closed 3 months ago
Sorry I know I wasn't requested for a review, but I think the public key comparison could be made a bit more robust by using the library parsing functions. Something like this?
var identities []ssh.PublicKey
for _, idFile := range publicKeyIdentityFiles {
keybytes, _ := os.ReadFile(idFile)
pubkey, _ := ssh.ParsePublicKey(keybytes)
identities = append(identities, pubkey)
}
for _, signer := range agentSigners {
for _, identity := range identities {
if bytes.Equal(signer.PublicKey().Marshal(), identity.Marshal()) {
// found a match
}
}
}
Updated with file check error handling, so I'll merge this now @rocketeerbkw ?
General Checklist
This adds support for publickey identities to the config file, which allows for these to select a key if it is found in the ssh-agent
A flag can be provided too
--ssh-publickey /full/path/to/key.pub
which will override anything defined in configurationAdditionally, a global
--verbose
flag is added which can be used to print some verbose output to stderr, this could be used elsewhere in the CLI in the future too. In this PR the flag will print which key is being used or if the agent is being used, which can help users with debugging.Worth noting, once #319 is finalized, keycloak authentication will be the preferred method for authenticating the CLI to get a token, leaving these identity files to only be used for the
ssh
aspect the CLI provides. But they can still be used for authenticating to get a token via the SSH service still.Closing issues
closes #354