Documentation
¶
Overview ¶
Package rekey contains KeyEnsurer, a type that ensures that certain SSH keys are availible in your ssh-agent.
Specific support is provided for loading Goldkey and Yubikey token keys on macOS.
Index ¶
- Constants
- func ConnectAgent() (agents.Agent, error)
- func FindKey(agent agents.Agent, predicate func(*agents.Key) bool) (*agents.Key, error)
- func IsGoldkey(key *agents.Key) bool
- func IsYubikey(key *agents.Key) bool
- func KillSSHAgent() error
- func LoadDefaultIdentity() error
- func LoadGoldkey() error
- func LoadPKCS11(path string) error
- func LoadYubikey() error
- type KeyEnsurer
Constants ¶
const ( // SSHAuthSock contains the name of the environment variable used to locate // the unix socket to connect to an SSH agent. SSHAuthSock = "SSH_AUTH_SOCK" // AgentLifetime contains a string representing the duration that keys added // to the agent should be available for. This is used in the PKCS11KeyLoader. AgentLifetime = "14400" )
Variables ¶
This section is empty.
Functions ¶
func ConnectAgent ¶
ConnectAgent returns a new ssh/agent connected to the system default SSH agent over SSH_AUTH_SOCK, or an error if a connection cannot be established.
func KillSSHAgent ¶
func KillSSHAgent() error
func LoadDefaultIdentity ¶
func LoadDefaultIdentity() error
LoadDefaultIdentity runs `ssh-add` to load the user's default identity into ssh-agent.
func LoadGoldkey ¶
func LoadGoldkey() error
LoadGoldkey loads the Golkey opensc-pkcs11 module into ssh-agent
func LoadPKCS11 ¶
LoadPKCS11 loads the given PKCS11 path into ssh-agent using `ssh-add`.
Types ¶
type KeyEnsurer ¶
type KeyEnsurer struct {
// If a key matching this predicate is not found, or if signing with it
// returns an error, we will attempt to re-add the key to the agent using the
// KeyLoader.
KeyPredicate func(key *agents.Key) bool
// A function that attempts to load the key into ssh-agent
KeyLoader func() error
// contains filtered or unexported fields
}
KeyEnsurer is a service object that ensures that the active SSH agent has matching keys loaded
func DefaultIdentity ¶
func DefaultIdentity() *KeyEnsurer
DefaultIdentity returns a KeyEnsurer that ensures that "some" identity is loaded. If none is present, the default identity is loaded via `ssh-add`
func EnsureRestartingAgent ¶
func EnsureRestartingAgent(svc *KeyEnsurer) *KeyEnsurer
EnsureRestartingAgent creates a new KeyEnsurer that will restart SSH agent before trying to load a key. This works on macOS because ssh-agent runs as a user daemon, and SSH_AUTH_SOCK is always updated to the current socket path. Your milage may vary on other operating systems.
func Goldkey ¶
func Goldkey() *KeyEnsurer
Yubikey returns a KeyEnsurer that ensures that a Yubikey SSH token is availible in ssh-agent.
func New ¶
func New(predicate func(key *agents.Key) bool, loader func() error) *KeyEnsurer
KeyEnsurer creates a new KeyEnsurer.
func Yubikey ¶
func Yubikey() *KeyEnsurer
Yubikey returns a KeyEnsurer that ensures that a Yubikey SSH token is availible in ssh-agent.
func (*KeyEnsurer) EnsureLoaded ¶
func (svc *KeyEnsurer) EnsureLoaded() error
EnsureLoaded ensures the key is loaded. On success returns nil, otherwise returns an error.
func (*KeyEnsurer) KeyIsLoaded ¶
func (svc *KeyEnsurer) KeyIsLoaded() (bool, error)
KeyIsLoaded establishes a connection to ssh-agent and queries it for this key, returning if the key is present, or if an error occured while querying ssh-agent
Source Files