Fix regression with passphrased keys

2025-08-31 06:34:03 +00:00 · 2018-01-09 21:50:10 +02:00
parent 5ed42880e4
commit 5596b0e5e0
3 changed files with 23 additions and 15 deletions
--- a/hosts/dialer.go
+++ b/hosts/dialer.go
@@ -16,7 +16,7 @@ type dialer struct {
 }

 func SSHFactory(h *Host) (func(network, address string) (net.Conn, error), error) {
-	key, err := checkEncryptedKey(h.SSHKey, h.SSHKeyPath)
+	key, err := h.checkEncryptedKey()
 	if err != nil {
 		return nil, fmt.Errorf("Failed to parse the private key: %v", err)
 	}
@@ -28,7 +28,7 @@ func SSHFactory(h *Host) (func(network, address string) (net.Conn, error), error
 }

 func LocalConnFactory(h *Host) (func(network, address string) (net.Conn, error), error) {
-	key, err := checkEncryptedKey(h.SSHKey, h.SSHKeyPath)
+	key, err := h.checkEncryptedKey()
 	if err != nil {
 		return nil, fmt.Errorf("Failed to parse the private key: %v", err)
 	}
--- a/hosts/hosts.go
+++ b/hosts/hosts.go
@@ -24,6 +24,7 @@ type Host struct {
 	EnforceDockerVersion bool
 	ToAddEtcdMember      bool
 	ExistingEtcdCluster  bool
+	SavedKeyPhrase       string
 }

 const (
--- a/hosts/tunnel.go
+++ b/hosts/tunnel.go
@@ -77,14 +77,14 @@ func makeSSHConfig(user string, signer ssh.Signer) (*ssh.ClientConfig, error) {
 	return &config, nil
 }

-func checkEncryptedKey(sshKey, sshKeyPath string) (ssh.Signer, error) {
+func (h *Host) checkEncryptedKey() (ssh.Signer, error) {
 	logrus.Debugf("[ssh] Checking private key")
 	var err error
 	var key ssh.Signer
-	if len(sshKey) > 0 {
-		key, err = parsePrivateKey(sshKey)
+	if len(h.SSHKey) > 0 {
+		key, err = parsePrivateKey(h.SSHKey)
 	} else {
-		key, err = parsePrivateKey(privateKeyPath(sshKeyPath))
+		key, err = parsePrivateKey(privateKeyPath(h.SSHKeyPath))
 	}
 	if err == nil {
 		return key, nil
@@ -92,16 +92,23 @@ func checkEncryptedKey(sshKey, sshKeyPath string) (ssh.Signer, error) {

 	// parse encrypted key
 	if strings.Contains(err.Error(), "decode encrypted private keys") {
-		fmt.Printf("Passphrase for Private SSH Key: ")
-		passphrase, err := terminal.ReadPassword(int(syscall.Stdin))
-		fmt.Printf("\n")
-		if err != nil {
-			return nil, err
-		}
-		if len(sshKey) > 0 {
-			key, err = parsePrivateKeyWithPassPhrase(sshKey, passphrase)
+		var passphrase []byte
+		if len(h.SavedKeyPhrase) == 0 {
+			fmt.Printf("Passphrase for Private SSH Key: ")
+			passphrase, err = terminal.ReadPassword(int(syscall.Stdin))
+			fmt.Printf("\n")
+			if err != nil {
+				return nil, err
+			}
+			h.SavedKeyPhrase = string(passphrase)
 		} else {
-			key, err = parsePrivateKeyWithPassPhrase(privateKeyPath(sshKeyPath), passphrase)
+			passphrase = []byte(h.SavedKeyPhrase)
+		}
+
+		if len(h.SSHKey) > 0 {
+			key, err = parsePrivateKeyWithPassPhrase(h.SSHKey, passphrase)
+		} else {
+			key, err = parsePrivateKeyWithPassPhrase(privateKeyPath(h.SSHKeyPath), passphrase)
 		}
 		if err != nil {
 			return nil, err