Documentation
¶
Overview ¶
Package sshkeys provides support for using ssh keys with the security/keys package, including private keys hosted within an ssh agent. In theory any ssh agent can be used, including those that use FIDO keys or other security enclaves (eg. Apple's T2) to store and sign keys.
Index ¶
- Variables
- func AgentSocketName(ctx context.Context) string
- func ImportAgentHostedKeyBytes(keyBytes []byte) (publicKeyBytes, privateKeyBytes []byte, err error)
- func MustRegister(r *keys.Registrar)
- func Register(r *keys.Registrar) error
- func WithAgentSocketName(ctx context.Context, socketName string) context.Context
- type Client
- type HostedKey
Constants ¶
This section is empty.
Variables ¶
var DefaultSockNameFunc = func() string { return os.Getenv("SSH_AUTH_SOCK") }
DefaultSockNameFunc can be overridden to return the address of a custom ssh agent to use instead of the one specified by SSH_AUTH_SOCK. This is primarily intended for tests.
Functions ¶
func AgentSocketName ¶
AgentSocketName returns the socket name associated with the context or the return value of DefaultSockNameFunc() if there is no such socket name.
func ImportAgentHostedKeyBytes ¶
ImportAgentHostedPrivateKeyBytes returns the byte representation for an imported ssh public key and associated private key that is hosted in an ssh agent. The resulting private key representations is essentially a reference to the agent managed key.
func MustRegister ¶
MustRegister is like Register but panics on error.
Types ¶
type Client ¶
type Client struct {
// contains filtered or unexported fields
}
Client represents an ssh agent client.
func (*Client) Lock ¶
Lock will lock the agent using the specified passphrase. Note that the passphrase is not zeroed on return.
type HostedKey ¶
type HostedKey struct {
// contains filtered or unexported fields
}
HostededKey represents a private key hosted by an ssh agent.
func NewHostedKey ¶
NewHostedKey creates a connection to the users ssh agent in order to use the private key corresponding to the supplied public for signing operations. The passphrase, if supplied, is used to unlock/lock the agent. Note that the passphrase for unlocking/locking the agent may also be obtained indirectly when the PEM encoding of the private key is parsed via keys.ParsePrivateKey for example. The passphrase is not zeroed.
func NewHostedKeyFile ¶
NewHostedKeyFile calls NewHostedKey with the contents of the specified file.
func (*HostedKey) Comment ¶
Comment returns the comment associated with the original ssh public key.
Source Files