Skip to content
This repository was archived by the owner on Sep 11, 2020. It is now read-only.

SSH PublicKeys authentication requires importing two ssh packages #342

Closed
jorng opened this issue Apr 12, 2017 · 4 comments
Closed

SSH PublicKeys authentication requires importing two ssh packages #342

jorng opened this issue Apr 12, 2017 · 4 comments
Labels
enhancement

Comments

@jorng
Copy link

jorng commented Apr 12, 2017

In order to authenticate to a repo via ssh using public/private keys, one must import both the golang.org/x/crypto/ssh and the gopkg.in/src-d/go-git.v4/plumbing/transport/ssh, which are both named ssh by default.

package main

import (
	"os"

	"golang.org/x/crypto/ssh"
	git "gopkg.in/src-d/go-git.v4"
	gitssh "gopkg.in/src-d/go-git.v4/plumbing/transport/ssh"
)

func main() {
	sshPrivateKey := os.Getenv("SSH_KEY")
	signer, _ := ssh.ParsePrivateKey([]byte(sshPrivateKey))
	git.PlainClone("example", false, &git.CloneOptions{
		URL:      "ssh://github.com/example/example.git",
		Auth:     &gitssh.PublicKeys{User: "git", Signer: signer},
		Progress: os.Stdout,
	})
}

This necessitates renaming one of the imports, and is a bit confusing. A more ideal situation would be to provide a function within the git package to create a new auth from a name/private key, such as:

func NewSSHPublicKeyAuth(user string, pemPrivateKey []byte) (*PublicKeys, error)

An even better solution would be to include "New" auth functions (HTTP, SSH) in the main git package, so that sub-packages (plumbing) do not need to be imported for basic authentication functionality.
@icco
Copy link

icco commented Apr 14, 2017
edited
Loading

This really confused me. I was really surprised

	git.PlainClone("example", false, &git.CloneOptions{
		URL:      "[email protected]:example/example.git",
	})

didn't just work.

@mcuadros mcuadros mentioned this issue Apr 18, 2017
Merged
@jdoklovic
Copy link

Why not:
Auth: ssh.NewSSHAgentAuth("git")

@jorng
Copy link
Author

jorng commented Apr 19, 2017

@jdoklovic I can't rely on a good key being installed on my server.

That may work while running on somebody's personal machine, or on a persistent server, but when deployed to an ephemeral container, or following 12factor best practices, I can't rely on the ssh key being installed on the server.

@amendgit
Copy link

what I found in https://github.com/golang/crypto/blob/master/ssh/example_test.go
I'm not quite sure, does this need to consider the decryption.

        // A public key may be used to authenticate against the remote
	// server by using an unencrypted PEM-encoded private key file.
	//
	// If you have an encrypted private key, the crypto/x509 package
	// can be used to decrypt it.
	key, err := ioutil.ReadFile("/home/user/.ssh/id_rsa")
	if err != nil {
		log.Fatalf("unable to read private key: %v", err)
	}

	// Create the Signer for this private key.
	signer, err := ssh.ParsePrivateKey(key)
	if err != nil {
		log.Fatalf("unable to parse private key: %v", err)
        }

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@icco @smola @jdoklovic @amendgit @jorng