From 5596b0e5e01f72f7f7e80cddfccbebb2e4069d55 Mon Sep 17 00:00:00 2001
From: galal-hussein <hussein.galal.ahmed.11@gmail.com>
Date: Tue, 9 Jan 2018 21:50:10 +0200
Subject: [PATCH] Fix regression with passphrased keys

---
 hosts/dialer.go |  4 ++--
 hosts/hosts.go  |  1 +
 hosts/tunnel.go | 33 ++++++++++++++++++++-------------
 3 files changed, 23 insertions(+), 15 deletions(-)

diff --git a/hosts/dialer.go b/hosts/dialer.go
index 9ad6aa58..47801b66 100644
--- a/hosts/dialer.go
+++ b/hosts/dialer.go
@@ -16,7 +16,7 @@ type dialer struct {
 }
 
 func SSHFactory(h *Host) (func(network, address string) (net.Conn, error), error) {
-	key, err := checkEncryptedKey(h.SSHKey, h.SSHKeyPath)
+	key, err := h.checkEncryptedKey()
 	if err != nil {
 		return nil, fmt.Errorf("Failed to parse the private key: %v", err)
 	}
@@ -28,7 +28,7 @@ func SSHFactory(h *Host) (func(network, address string) (net.Conn, error), error
 }
 
 func LocalConnFactory(h *Host) (func(network, address string) (net.Conn, error), error) {
-	key, err := checkEncryptedKey(h.SSHKey, h.SSHKeyPath)
+	key, err := h.checkEncryptedKey()
 	if err != nil {
 		return nil, fmt.Errorf("Failed to parse the private key: %v", err)
 	}
diff --git a/hosts/hosts.go b/hosts/hosts.go
index 0f02359f..18c96257 100644
--- a/hosts/hosts.go
+++ b/hosts/hosts.go
@@ -24,6 +24,7 @@ type Host struct {
 	EnforceDockerVersion bool
 	ToAddEtcdMember      bool
 	ExistingEtcdCluster  bool
+	SavedKeyPhrase       string
 }
 
 const (
diff --git a/hosts/tunnel.go b/hosts/tunnel.go
index 03bc1e57..5a392bc0 100644
--- a/hosts/tunnel.go
+++ b/hosts/tunnel.go
@@ -77,14 +77,14 @@ func makeSSHConfig(user string, signer ssh.Signer) (*ssh.ClientConfig, error) {
 	return &config, nil
 }
 
-func checkEncryptedKey(sshKey, sshKeyPath string) (ssh.Signer, error) {
+func (h *Host) checkEncryptedKey() (ssh.Signer, error) {
 	logrus.Debugf("[ssh] Checking private key")
 	var err error
 	var key ssh.Signer
-	if len(sshKey) > 0 {
-		key, err = parsePrivateKey(sshKey)
+	if len(h.SSHKey) > 0 {
+		key, err = parsePrivateKey(h.SSHKey)
 	} else {
-		key, err = parsePrivateKey(privateKeyPath(sshKeyPath))
+		key, err = parsePrivateKey(privateKeyPath(h.SSHKeyPath))
 	}
 	if err == nil {
 		return key, nil
@@ -92,16 +92,23 @@ func checkEncryptedKey(sshKey, sshKeyPath string) (ssh.Signer, error) {
 
 	// parse encrypted key
 	if strings.Contains(err.Error(), "decode encrypted private keys") {
-		fmt.Printf("Passphrase for Private SSH Key: ")
-		passphrase, err := terminal.ReadPassword(int(syscall.Stdin))
-		fmt.Printf("\n")
-		if err != nil {
-			return nil, err
-		}
-		if len(sshKey) > 0 {
-			key, err = parsePrivateKeyWithPassPhrase(sshKey, passphrase)
+		var passphrase []byte
+		if len(h.SavedKeyPhrase) == 0 {
+			fmt.Printf("Passphrase for Private SSH Key: ")
+			passphrase, err = terminal.ReadPassword(int(syscall.Stdin))
+			fmt.Printf("\n")
+			if err != nil {
+				return nil, err
+			}
+			h.SavedKeyPhrase = string(passphrase)
 		} else {
-			key, err = parsePrivateKeyWithPassPhrase(privateKeyPath(sshKeyPath), passphrase)
+			passphrase = []byte(h.SavedKeyPhrase)
+		}
+
+		if len(h.SSHKey) > 0 {
+			key, err = parsePrivateKeyWithPassPhrase(h.SSHKey, passphrase)
+		} else {
+			key, err = parsePrivateKeyWithPassPhrase(privateKeyPath(h.SSHKeyPath), passphrase)
 		}
 		if err != nil {
 			return nil, err