Restorting SSH auth with a key

pmeunier

Mar 1, 2023, 8:15 AM

M37JTFEIT6NHRDJOE7K6JWKFJF7327JMZDMX7GC2DQNECZKODBXQC

Dependencies

• [2] DWSAYGVE Update codebase to use new identity management
• [3] MU6P2JXG SSH: return with an error if the host key is wrong, rather than denying authentication
• [4] SXEYMYF7 Fixing the bad changes in history (unfortunately, by rebooting).

Change contents

• replacement in pijul/src/remote/ssh.rs at line 130
  [3.138]→[2.1888:2291](∅→∅)
  − let mut stderr = std::io::stderr();

  − writeln!(stderr, "Warning: Unable to automatically authenticate with server. Please make sure your SSH keys have been uploaded to the Nest.")?;

  − writeln!(stderr, "For more information, please visit https://pijul.org/manual/the_nest/public_keys.html#ssh-public-keys")?;

  −

  − self.auth_password(&mut h).await?
  [3.138]

  [3.233]
  + if self.auth_pk(&mut h, &mut key_path).await {

  + true

  + } else {

  + let mut stderr = std::io::stderr();

  + writeln!(stderr, "Warning: Unable to automatically authenticate with server. Please make sure your SSH keys have been uploaded to the Nest.")?;

  + writeln!(stderr, "For more information, please visit https://pijul.org/manual/the_nest/public_keys.html#ssh-public-keys")?;

  + self.auth_password(&mut h).await?

  + }
• edit in pijul/src/remote/ssh.rs at line 221
  [3.30396]

  [3.31112]
  + }

  +

  + async fn auth_pk(

  + &self,

  + h: &mut thrussh::client::Handle<SshClient>,

  + key_path: &mut PathBuf,

  + ) -> bool {

  + if h.is_closed() {

  + return false;

  + }

  + let mut authenticated = false;

  + let mut keys = Vec::new();

  + if let Some(ref file) = self.config.identity_file {

  + keys.push(file.as_str())

  + } else {

  + keys.push("id_ed25519");

  + keys.push("id_rsa");

  + }

  + for k in keys.iter() {

  + key_path.push(k);

  + let k = match thrussh_keys::load_secret_key(&key_path, None) {

  + Ok(k) => k,

  + Err(thrussh_keys::Error::KeyIsEncrypted) => {

  + let password = dialoguer::Password::with_theme(

  + crate::config::load_theme()

  + .expect("Could not load config")

  + .as_ref(),

  + )

  + .with_prompt(format!("Password for encrypted private key"))

  + .allow_empty_password(false)

  + .interact()

  + .unwrap();

  + if let Ok(k) = thrussh_keys::load_secret_key(&key_path, Some(&password)) {

  + k

  + } else {

  + continue

  + }

  + }

  + Err(_) => {

  + key_path.pop();

  + continue;

  + }

  + };

  + if let Ok(auth) = h

  + .authenticate_publickey(&self.config.user, Arc::new(k))

  + .await

  + {

  + authenticated = auth

  + }

  + key_path.pop();

  + if authenticated {

  + return true;

  + }

  + }

  + false