mirror of
https://github.com/fosrl/newt.git
synced 2026-03-06 02:36:41 +00:00
Remove legacy ssh
This commit is contained in:
Owen
96
main.go
96
main.go
@@ -58,10 +58,6 @@ type ExitNodeData struct {
|
|||||||
ExitNodes []ExitNode `json:"exitNodes"`
|
ExitNodes []ExitNode `json:"exitNodes"`
|
||||||
}
|
}
|
||||||
|
|
||||||
type SSHPublicKeyData struct {
|
|
||||||
PublicKey string `json:"publicKey"`
|
|
||||||
}
|
|
||||||
|
|
||||||
// ExitNode represents an exit node with an ID, endpoint, and weight.
|
// ExitNode represents an exit node with an ID, endpoint, and weight.
|
||||||
type ExitNode struct {
|
type ExitNode struct {
|
||||||
ID int `json:"exitNodeId"`
|
ID int `json:"exitNodeId"`
|
||||||
@@ -279,10 +275,6 @@ func runNewtMain(ctx context.Context) {
|
|||||||
// load the prefer endpoint just as a flag
|
// load the prefer endpoint just as a flag
|
||||||
flag.StringVar(&preferEndpoint, "prefer-endpoint", "", "Prefer this endpoint for the connection (if set, will override the endpoint from the server)")
|
flag.StringVar(&preferEndpoint, "prefer-endpoint", "", "Prefer this endpoint for the connection (if set, will override the endpoint from the server)")
|
||||||
|
|
||||||
// if authorizedKeysFile == "" {
|
|
||||||
// flag.StringVar(&authorizedKeysFile, "authorized-keys-file", "~/.ssh/authorized_keys", "Path to authorized keys file (if unset, no keys will be authorized)")
|
|
||||||
// }
|
|
||||||
|
|
||||||
// Add new mTLS flags
|
// Add new mTLS flags
|
||||||
if tlsClientCert == "" {
|
if tlsClientCert == "" {
|
||||||
flag.StringVar(&tlsClientCert, "tls-client-cert-file", "", "Path to client certificate file (PEM/DER format)")
|
flag.StringVar(&tlsClientCert, "tls-client-cert-file", "", "Path to client certificate file (PEM/DER format)")
|
||||||
@@ -1168,94 +1160,6 @@ persistent_keepalive_interval=5`, util.FixKey(privateKey.String()), util.FixKey(
|
|||||||
}
|
}
|
||||||
})
|
})
|
||||||
|
|
||||||
// EXPERIMENTAL: WHAT SHOULD WE DO ABOUT SECURITY?
|
|
||||||
client.RegisterHandler("newt/send/ssh/publicKey", func(msg websocket.WSMessage) {
|
|
||||||
logger.Debug("Received SSH public key request")
|
|
||||||
|
|
||||||
var sshPublicKeyData SSHPublicKeyData
|
|
||||||
|
|
||||||
jsonData, err := json.Marshal(msg.Data)
|
|
||||||
if err != nil {
|
|
||||||
logger.Info(fmtErrMarshaling, err)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
if err := json.Unmarshal(jsonData, &sshPublicKeyData); err != nil {
|
|
||||||
logger.Info("Error unmarshaling SSH public key data: %v", err)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
sshPublicKey := sshPublicKeyData.PublicKey
|
|
||||||
|
|
||||||
if authorizedKeysFile == "" {
|
|
||||||
logger.Debug("No authorized keys file set, skipping public key response")
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// Expand tilde to home directory if present
|
|
||||||
expandedPath := authorizedKeysFile
|
|
||||||
if strings.HasPrefix(authorizedKeysFile, "~/") {
|
|
||||||
homeDir, err := os.UserHomeDir()
|
|
||||||
if err != nil {
|
|
||||||
logger.Error("Failed to get user home directory: %v", err)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
expandedPath = filepath.Join(homeDir, authorizedKeysFile[2:])
|
|
||||||
}
|
|
||||||
|
|
||||||
// if it is set but the file does not exist, create it
|
|
||||||
if _, err := os.Stat(expandedPath); os.IsNotExist(err) {
|
|
||||||
logger.Debug("Authorized keys file does not exist, creating it: %s", expandedPath)
|
|
||||||
if err := os.MkdirAll(filepath.Dir(expandedPath), 0755); err != nil {
|
|
||||||
logger.Error("Failed to create directory for authorized keys file: %v", err)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
if _, err := os.Create(expandedPath); err != nil {
|
|
||||||
logger.Error("Failed to create authorized keys file: %v", err)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// Check if the public key already exists in the file
|
|
||||||
fileContent, err := os.ReadFile(expandedPath)
|
|
||||||
if err != nil {
|
|
||||||
logger.Error("Failed to read authorized keys file: %v", err)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// Check if the key already exists (trim whitespace for comparison)
|
|
||||||
existingKeys := strings.Split(string(fileContent), "\n")
|
|
||||||
keyAlreadyExists := false
|
|
||||||
trimmedNewKey := strings.TrimSpace(sshPublicKey)
|
|
||||||
|
|
||||||
for _, existingKey := range existingKeys {
|
|
||||||
if strings.TrimSpace(existingKey) == trimmedNewKey && trimmedNewKey != "" {
|
|
||||||
keyAlreadyExists = true
|
|
||||||
break
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if keyAlreadyExists {
|
|
||||||
logger.Info("SSH public key already exists in authorized keys file, skipping")
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// append the public key to the authorized keys file
|
|
||||||
logger.Debug("Appending public key to authorized keys file: %s", sshPublicKey)
|
|
||||||
file, err := os.OpenFile(expandedPath, os.O_APPEND|os.O_WRONLY, 0644)
|
|
||||||
if err != nil {
|
|
||||||
logger.Error("Failed to open authorized keys file: %v", err)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
defer file.Close()
|
|
||||||
|
|
||||||
if _, err := file.WriteString(sshPublicKey + "\n"); err != nil {
|
|
||||||
logger.Error("Failed to write public key to authorized keys file: %v", err)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
logger.Info("SSH public key appended to authorized keys file")
|
|
||||||
})
|
|
||||||
|
|
||||||
// Register handler for adding health check targets
|
// Register handler for adding health check targets
|
||||||
client.RegisterHandler("newt/healthcheck/add", func(msg websocket.WSMessage) {
|
client.RegisterHandler("newt/healthcheck/add", func(msg websocket.WSMessage) {
|
||||||
logger.Debug("Received health check add request: %+v", msg)
|
logger.Debug("Received health check add request: %+v", msg)
|
||||||
|
|||||||
Reference in New Issue
Block a user