Compare commits
5 Commits
5f6a81eb54
...
keysize
| Author | SHA1 | Date | |
|---|---|---|---|
|
8f5bdaed8a | ||
|
3d571d9ebb | ||
|
|
e8f40f784b | ||
|
|
e4167a5b08 | ||
|
596b54e033 |
@@ -6,8 +6,8 @@ import (
|
||||
"bufio"
|
||||
"bytes"
|
||||
"context"
|
||||
"crypto/ed25519"
|
||||
"crypto/rand"
|
||||
"crypto/rsa"
|
||||
"crypto/x509"
|
||||
"encoding/pem"
|
||||
"flag"
|
||||
@@ -91,7 +91,7 @@ func loadHostKey(path string) (ssh.Signer, error) {
|
||||
}
|
||||
|
||||
func createHostKey(path string) (ssh.Signer, error) {
|
||||
key, err := rsa.GenerateKey(rand.Reader, 1024)
|
||||
_, key, err := ed25519.GenerateKey(rand.Reader)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
@@ -26,7 +26,6 @@ import (
|
||||
"github.com/gokrazy/internal/config"
|
||||
"github.com/gokrazy/internal/httpclient"
|
||||
"github.com/gokrazy/internal/instanceflag"
|
||||
"github.com/gokrazy/internal/tlsflag"
|
||||
"github.com/gokrazy/internal/updateflag"
|
||||
)
|
||||
|
||||
@@ -35,9 +34,11 @@ type bg struct {
|
||||
cfg *config.Struct
|
||||
forceRestart bool
|
||||
sshConfig string
|
||||
insecure bool
|
||||
|
||||
// state
|
||||
GOARCH string
|
||||
update updateflag.Value
|
||||
}
|
||||
|
||||
func (bg *bg) startBreakglass() error {
|
||||
@@ -46,35 +47,26 @@ func (bg *bg) startBreakglass() error {
|
||||
return err
|
||||
}
|
||||
|
||||
updateHttpClient, foundMatchingCertificate, updateBaseURL, err := httpclient.For(bg.cfg)
|
||||
updateHttpClient, _, updateBaseURL, err := httpclient.For(bg.update, bg.cfg)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
updateHttpClient.Jar = jar
|
||||
|
||||
remoteScheme, err := httpclient.GetRemoteScheme(updateBaseURL)
|
||||
if remoteScheme == "https" && !tlsflag.Insecure() {
|
||||
updateBaseURL.Scheme = "https"
|
||||
updateflag.SetUpdate(updateBaseURL.String())
|
||||
}
|
||||
|
||||
if updateBaseURL.Scheme != "https" && foundMatchingCertificate {
|
||||
fmt.Printf("\n")
|
||||
fmt.Printf("!!!WARNING!!! Possible SSL-Stripping detected!\n")
|
||||
fmt.Printf("Found certificate for hostname in your client configuration but the host does not offer https!\n")
|
||||
fmt.Printf("\n")
|
||||
if !tlsflag.Insecure() {
|
||||
log.Fatalf("update canceled: TLS certificate found, but negotiating a TLS connection with the target failed")
|
||||
}
|
||||
fmt.Printf("Proceeding anyway as requested (-insecure).\n")
|
||||
}
|
||||
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
form, err := updateHttpClient.Get(updateBaseURL.String() + "status?path=/user/breakglass")
|
||||
if err != nil {
|
||||
if updateBaseURL.Scheme == "https" && bg.insecure {
|
||||
// Try falling back to HTTP
|
||||
bg.cfg.Update.UseTLS = "off"
|
||||
updateHttpClient, _, updateBaseURL, err = httpclient.For(bg.update, bg.cfg)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
form, err = updateHttpClient.Get(updateBaseURL.String() + "status?path=/user/breakglass")
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
return err
|
||||
}
|
||||
if form.StatusCode == http.StatusNotFound {
|
||||
@@ -198,6 +190,11 @@ func breakglass() error {
|
||||
false,
|
||||
"prepare the SSH connection only, but do not execute SSH (useful for using breakglass within an SSH ProxyCommand)")
|
||||
|
||||
insecure = flag.Bool(
|
||||
"insecure",
|
||||
false,
|
||||
"Fall back to HTTP if HTTPS is configured, but does not work.")
|
||||
|
||||
proxy = flag.Bool(
|
||||
"proxy",
|
||||
false,
|
||||
@@ -209,13 +206,6 @@ func breakglass() error {
|
||||
"an alternative per-user configuration file for ssh and scp")
|
||||
)
|
||||
|
||||
// TODO: remove the -tls and -gokrazy_url flags after 2023-June (half a year
|
||||
// after the introduction of instance centric config), so that we can then
|
||||
// merge these flags into tools/internal/oldpacker and remove their global
|
||||
// state.
|
||||
tlsflag.RegisterFlags(flag.CommandLine)
|
||||
updateflag.RegisterFlags(flag.CommandLine, "gokrazy_url")
|
||||
|
||||
flag.Usage = func() {
|
||||
fmt.Fprintf(os.Stderr, "Usage of %s:\n\n", os.Args[0])
|
||||
|
||||
@@ -231,13 +221,6 @@ func breakglass() error {
|
||||
log.Fatalf("syntax: breakglass <hostname> [command]")
|
||||
}
|
||||
|
||||
// If the user did not explicitly specify -update=yes, we default to it.
|
||||
// This differs from the gokr-packer, but breakglass is only useful for
|
||||
// gokrazy instances that already exist.
|
||||
if updateflag.NewInstallation() {
|
||||
updateflag.SetUpdate("yes")
|
||||
}
|
||||
|
||||
instance := flag.Arg(0)
|
||||
instanceflag.SetInstance(instance)
|
||||
|
||||
@@ -255,6 +238,8 @@ func breakglass() error {
|
||||
cfg: cfg,
|
||||
forceRestart: *forceRestart,
|
||||
sshConfig: *sshConfig,
|
||||
insecure: *insecure,
|
||||
update: updateflag.Value{Update: "yes"},
|
||||
}
|
||||
if cfg.Update.Hostname == "" {
|
||||
cfg.Update.Hostname = cfg.Hostname
|
||||
|
||||
8
go.mod
8
go.mod
@@ -1,16 +1,16 @@
|
||||
module github.com/gokrazy/breakglass
|
||||
|
||||
go 1.24
|
||||
go 1.24.0
|
||||
|
||||
require (
|
||||
github.com/gokrazy/gokapi v0.0.0-20250222071133-506fdb322775
|
||||
github.com/gokrazy/gokrazy v0.0.0-20250222061409-bd0bb5f1d0b5
|
||||
github.com/gokrazy/internal v0.0.0-20250214203001-b1610a6e7271
|
||||
github.com/gokrazy/internal v0.0.0-20251208203110-3c1aa9087c82
|
||||
github.com/google/renameio/v2 v2.0.0
|
||||
github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510
|
||||
github.com/kr/pty v1.1.8
|
||||
github.com/pkg/sftp v1.13.5
|
||||
golang.org/x/crypto v0.35.0
|
||||
golang.org/x/crypto v0.45.0
|
||||
)
|
||||
|
||||
require (
|
||||
@@ -20,5 +20,5 @@ require (
|
||||
github.com/mdlayher/watchdog v0.0.0-20221003142519-49be0df7b3b5 // indirect
|
||||
github.com/spf13/pflag v1.0.5 // indirect
|
||||
golang.org/x/oauth2 v0.27.0 // indirect
|
||||
golang.org/x/sys v0.30.0 // indirect
|
||||
golang.org/x/sys v0.38.0 // indirect
|
||||
)
|
||||
|
||||
16
go.sum
16
go.sum
@@ -7,8 +7,8 @@ github.com/gokrazy/gokapi v0.0.0-20250222071133-506fdb322775 h1:f5+2UMRRbr3+e/gd
|
||||
github.com/gokrazy/gokapi v0.0.0-20250222071133-506fdb322775/go.mod h1:q9mIV8al0wqmqFXJhKiO3SOHkL9/7Q4kIMynqUQWhgU=
|
||||
github.com/gokrazy/gokrazy v0.0.0-20250222061409-bd0bb5f1d0b5 h1:VQhDGxRliP4ZTQ8+33v4VKtOpX4VzN8pA4zBMZQSSxs=
|
||||
github.com/gokrazy/gokrazy v0.0.0-20250222061409-bd0bb5f1d0b5/go.mod h1:6fAh0J7aH6o5HWSiwN6uxNlm6Rjx1BxeNMWyNBQZ6sI=
|
||||
github.com/gokrazy/internal v0.0.0-20250214203001-b1610a6e7271 h1:CG2P/McW77phMh+iUSsGweJd4VwGhGS4UQJ92gV7Ihg=
|
||||
github.com/gokrazy/internal v0.0.0-20250214203001-b1610a6e7271/go.mod h1:vvnvmAv/38qDCHJ9b6Bq7yvUap6DcGtjZWjGuv/RA1k=
|
||||
github.com/gokrazy/internal v0.0.0-20251208203110-3c1aa9087c82 h1:4ghNfD9NaZLpFrqQiBF6mPVFeMYXJSky38ubVA4ic2E=
|
||||
github.com/gokrazy/internal v0.0.0-20251208203110-3c1aa9087c82/go.mod h1:dQY4EMkD4L5ZjYJ0SPtpgYbV7MIUMCxNIXiOfnZ6jP4=
|
||||
github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
|
||||
github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
|
||||
github.com/google/renameio/v2 v2.0.0 h1:UifI23ZTGY8Tt29JbYFiuyIU3eX+RNFtUwefq9qAhxg=
|
||||
@@ -33,8 +33,8 @@ github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+
|
||||
github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY=
|
||||
github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
|
||||
golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
|
||||
golang.org/x/crypto v0.35.0 h1:b15kiHdrGCHrP6LvwaQ3c03kgNhhiMgvlhxHQhmg2Xs=
|
||||
golang.org/x/crypto v0.35.0/go.mod h1:dy7dXNW32cAb/6/PRuTNsix8T+vJAqvuIy5Bli/x0YQ=
|
||||
golang.org/x/crypto v0.45.0 h1:jMBrvKuj23MTlT0bQEOBcAE0mjg8mK9RXFhRH6nyF3Q=
|
||||
golang.org/x/crypto v0.45.0/go.mod h1:XTGrrkGJve7CYK7J8PEww4aY7gM3qMCElcJQ8n8JdX4=
|
||||
golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
|
||||
golang.org/x/oauth2 v0.27.0 h1:da9Vo7/tDv5RH/7nZDz1eMGS/q1Vv1N/7FCrBhI9I3M=
|
||||
golang.org/x/oauth2 v0.27.0/go.mod h1:onh5ek6nERTohokkhCD/y2cV4Do3fxFHFuAejCkRWT8=
|
||||
@@ -42,11 +42,11 @@ golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7w
|
||||
golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.30.0 h1:QjkSwP/36a20jFYWkSue1YwXzLmsV5Gfq7Eiy72C1uc=
|
||||
golang.org/x/sys v0.30.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
|
||||
golang.org/x/sys v0.38.0 h1:3yZWxaJjBmCWXqhN1qh02AkOnCQ1poK6oF+a7xWL6Gc=
|
||||
golang.org/x/sys v0.38.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
|
||||
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
|
||||
golang.org/x/term v0.29.0 h1:L6pJp37ocefwRRtYPKSWOWzOtWSxVajvz2ldH/xi3iU=
|
||||
golang.org/x/term v0.29.0/go.mod h1:6bl4lRlvVuDgSf3179VpIxBF0o10JUpXWOnI7nErv7s=
|
||||
golang.org/x/term v0.37.0 h1:8EGAD0qCmHYZg6J17DvsMy9/wJ7/D/4pV/wfnld5lTU=
|
||||
golang.org/x/term v0.37.0/go.mod h1:5pB4lxRNYYVZuTLmy8oR2BH8dflOR+IbTYFD8fi3254=
|
||||
golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
|
||||
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
|
||||
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
|
||||
|
||||
Reference in New Issue
Block a user