Documentation ¶
Index ¶
- func DefaultComment() string
- func SSHCLI(signer crypto.Signer, sshCert ssh.PublicKey, sshArgs ...string) ([]string, error)
- type Client
- func (c Client) GenerateAndRequestCertificate(ctx context.Context, keyType KeyType, comment string) (crypto.Signer, ssh.PublicKey, error)
- func (c Client) GetOrGenerateFromAgent(ctx context.Context, agentClient agent.Agent, keyType KeyType, keyID string) (ssh.PublicKey, error)
- func (c Client) ListCertificatesFromAgent(agentClient agent.Agent) ([]*ssh.Certificate, error)
- func (c Client) RequestCertificate(ctx context.Context, pubKey ssh.PublicKey, comment string) (ssh.PublicKey, error)
- type KeyType
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func DefaultComment ¶
func DefaultComment() string
DefaultComment will create the default ssh key comment given the local environment. The default option will be to construct username@hostname.
If the username can not be determined, it will default to 'hallow'. If the hostname can not be determined, it will default to the username.
Types ¶
type Client ¶
type Client struct {
// contains filtered or unexported fields
}
Client is an encapsulation of the configuration and state required to request a new ssh certificate from the Hallow server.
func New ¶
New creates a new Client object with the configured AWS session, and the Hallow API endpoint.
func NewWithHTTPClient ¶
NewWithHTTPClient creates a new Client object with the configured AWS session, HTTP Client, and the Hallow API endpoint.
func (Client) GenerateAndRequestCertificate ¶
func (c Client) GenerateAndRequestCertificate( ctx context.Context, keyType KeyType, comment string, ) (crypto.Signer, ssh.PublicKey, error)
GenerateAndRequestCertificate will create a very opinionated private key, and return the private key handle, the public key (signed by Hallow), and any error conditions that were hit during execution.
func (Client) GetOrGenerateFromAgent ¶
func (c Client) GetOrGenerateFromAgent( ctx context.Context, agentClient agent.Agent, keyType KeyType, keyID string, ) (ssh.PublicKey, error)
GetOrGenerateFromAgent will either fetch the first (by ssh-agent ordering) valid ssh Certificate issued by our configured upstream, or generate a new private key, request a Certificate, and add that Certificate to the running agent.
This will allow the caller to repeatedly call this function (for instance, on every ssh invocation), and not flood the agent with new private key material.
This function will never reuse existing private key material when getting a new Certificate, a new key will always be created.
Keys added to the agent will have their LifetimeSecs set as appropriate to clean the keyring when the key expires.
func (Client) ListCertificatesFromAgent ¶
ListCertificatesFromAgent will find all active ssh.Certificate entries in the connected ssh agent which were issued by the endpoint the Client is configured to talk to.
func (Client) RequestCertificate ¶
func (c Client) RequestCertificate( ctx context.Context, pubKey ssh.PublicKey, comment string, ) (ssh.PublicKey, error)
RequestCertificate will request that the CA sign our Public Key. This function will return the parsed ssh.PublicKey (which is of type ssh.Certificate), as well as the stringified version of that Certificate in a format ssh will understand as a public key.
type KeyType ¶
type KeyType uint8
KeyType is an enum type to allow for the description of a specific Key algorithm.
const ( // KeyTypeECDSAP256 is ECDSA P-256 KeyTypeECDSAP256 KeyType = iota // KeyTypeECDSAP384 is ECDSA P-384 KeyTypeECDSAP384 // KeyTypeECDSAP521 is ECDSA P-521 KeyTypeECDSAP521 // KeyTypeED25519 is Ed25519 KeyTypeED25519 // KeyTypeRSA2048 is RSA with 2048 bits. KeyTypeRSA2048 // KeyTypeRSA4096 is RSA with 4096 bits. KeyTypeRSA4096 )