cloudssh

package module
v1.0.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 19, 2025 License: Apache-2.0 Imports: 20 Imported by: 0

README

Go Reference

CloudSSH

CloudSSH is a package that provides an ssh.Signer implementation for AWS KMS and Azure Keyvault.

Example Usage

awsConfig, err := config.LoadDefaultConfig(context.Background(), config.WithRegion("us-east-1"))
if err != nil { panic(err) }

kmsSigner, err := cloudssh.NewKmsSigner(awsConfig, "kms-key-id")
if err != nil { panic(err) }

azureCreds, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil { panic(err) }

kvSigner, err := cloudssh.NewKvSigner(azureCreds, "https://your-vault-name.vault.azure.net", "your-key-name", "key-version")
if err != nil { panic(err) }

sshconfig := &ssh.ClientConfig{
    User: "user",
    Auth: []ssh.AuthMethod{
        ssh.PublicKeys(kmsSigner, kvSigner),
    },
    HostKeyCallback: ssh.InsecureIgnoreHostKey(), // please don't actually use InsecureIgnoreHostKey
}

client, err := ssh.Dial("tcp", "example.com:22", sshconfig)
if err != nil { panic(err) }

session, err := client.NewSession()
if err != nil { panic(err) }

output, err := session.CombinedOutput("/usr/bin/whoami")
if err != nil { panic(err) }
fmt.Println(string(output))

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type KmsKeyLacksSupportedAlgorithms 

type KmsKeyLacksSupportedAlgorithms struct {
	KeyId                     string
	KeySigningAlgorithms      []types.SigningAlgorithmSpec
	RequiredSigningAlgorithms []types.SigningAlgorithmSpec
}

func (KmsKeyLacksSupportedAlgorithms) Error 

func (r KmsKeyLacksSupportedAlgorithms) Error() string

type KmsSigner 

type KmsSigner struct {
	KeyId     string
	PubKey    ssh.PublicKey
	AwsConfig aws.Config
}

KmsSigner implements ssh.Signer using AWS KMS to perform the cryptographic operations

func NewKmsSigner 

func NewKmsSigner(awsConfig aws.Config, keyId string) (*KmsSigner, error)

NewKmsSigner takes an aws.Config and KMS Key ID and returns a KmsSigner

func (*KmsSigner) PublicKey 

func (k *KmsSigner) PublicKey() ssh.PublicKey

PublicKey returns the associated ssh.PublicKey

func (*KmsSigner) Sign 

func (k *KmsSigner) Sign(rand io.Reader, data []byte) (*ssh.Signature, error)

Sign returns a signature for the given data. This method will hash the message prior to sending it to KMS, using the correct digest method for the signing algorithm supported by the key.

type KvSigner 

type KvSigner struct {
	VaultUrl        string
	KeyName         string
	KeyVersion      string
	PubKey          ssh.PublicKey
	SigAlgo         azkeys.SignatureAlgorithm
	AzureCredential azcore.TokenCredential
}

func NewKvSigner 

func NewKvSigner(azureCredential azcore.TokenCredential, vaultUrl, keyName, keyVersion string) (*KvSigner, error)

func (*KvSigner) PublicKey 

func (k *KvSigner) PublicKey() ssh.PublicKey

PublicKey returns the associated ssh.PublicKey

func (*KvSigner) Sign 

func (k *KvSigner) Sign(rand io.Reader, data []byte) (*ssh.Signature, error)

Sign returns a signature for the given data. This method will hash the message prior to sending it to Key Vault, using the correct digest method for the signing algorithm supported by the key.

type UnsupportedKeyType 

type UnsupportedKeyType struct {
	KeyType string
}

func (UnsupportedKeyType) Error 

func (r UnsupportedKeyType) Error() string

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.