Home Explore Help
Sign In
Tailscale
/
tailscale
mirror of https://github.com/tailscale/tailscale.git
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

ipnlocal, tailssh: start moving host key stuff into the right spot

Make tailssh ask LocalBackend for the SSH hostkeys, as we'll need to
distribute them to peers.

For now only the hacky use-same-as-actual-host mode is implemented.

Updates #3802

Change-Id: I819dcb25c14e42e6692c441186c1dc744441592b
Signed-off-by: Brad Fitzpatrick <[email protected]>
Brad Fitzpatrick 4 years ago
parent
94409db7e2
commit
fbff1555fc
2 changed files with 55 additions and 11 deletions
Split View Show Diff Stats
  1. 48 0
      ipn/ipnlocal/ssh.go
  2. 7 11
      ssh/tailssh/tailssh.go

+ 48 - 0
ipn/ipnlocal/ssh.go
View File 

@@ -0,0 +1,48 @@
 
+// Copyright (c) 2022 Tailscale Inc & AUTHORS All rights reserved.
 
+// Use of this source code is governed by a BSD-style
 
+// license that can be found in the LICENSE file.
 
+
 
+//go:build linux
 
+// +build linux
 
+
 
+package ipnlocal
 
+
 
+import (
 
+	"errors"
 
+	"io/ioutil"
 
+	"os"
 
+
 
+	"golang.org/x/crypto/ssh"
 
+	"tailscale.com/envknob"
 
+)
 
+
 
+var useHostKeys = envknob.Bool("TS_USE_SYSTEM_SSH_HOST_KEYS")
 
+
 
+func (b *LocalBackend) GetSSHHostKeys() ([]ssh.Signer, error) {
 
+	// TODO(bradfitz): generate host keys, at least as needed if
 
+	// an existing SSH server didn't put them on disk. But also
 
+	// because people may want tailscale-specific ones. For now be
 
+	// lazy and reuse the host ones.
 
+	return b.getSystemSSHHostKeys()
 
+}
 
+
 
+func (b *LocalBackend) getSystemSSHHostKeys() (ret []ssh.Signer, err error) {
 
+	for _, typ := range []string{"rsa", "ecdsa", "ed25519"} {
 
+		hostKey, err := ioutil.ReadFile("/etc/ssh/ssh_host_" + typ + "_key")
 
+		if os.IsNotExist(err) {
 
+			continue
 
+		}
 
+		if err != nil {
 
+			return nil, err
 
+		}
 
+		signer, err := ssh.ParsePrivateKey(hostKey)
 
+		if err != nil {
 
+			return nil, err
 
+		}
 
+		ret = append(ret, signer)
 
+	}
 
+	if len(ret) == 0 {
 
+		return nil, errors.New("no system SSH host keys found")
 
+	}
 
+	return ret, nil
 
+}

+ 7 - 11
ssh/tailssh/tailssh.go
View File 

@@ -12,7 +12,6 @@ import (
 
 	"encoding/json"
 
 	"fmt"
 
 	"io"
 
-	"io/ioutil"
 
 	"net"
 
 	"os"
 
 	"os/exec"
 
@@ -21,7 +20,6 @@ import (
 
 
 	"github.com/creack/pty"
 
 	"github.com/gliderlabs/ssh"
 
-	gossh "golang.org/x/crypto/ssh"
 
 	"inet.af/netaddr"
 
 	"tailscale.com/envknob"
 
 	"tailscale.com/ipn/ipnlocal"
 
@@ -35,14 +33,6 @@ import (
 
 
 // Handle handles an SSH connection from c.
 
 func Handle(logf logger.Logf, lb *ipnlocal.LocalBackend, c net.Conn) error {
 
-	hostKey, err := ioutil.ReadFile("/etc/ssh/ssh_host_ed25519_key")
 
-	if err != nil {
 
-		return err
 
-	}
 
-	signer, err := gossh.ParsePrivateKey(hostKey)
 
-	if err != nil {
 
-		return err
 
-	}
 
 	sshd := &server{lb, logf}
 
 	srv := &ssh.Server{
 
 		Handler:           sshd.handleSSH,
 
@@ -59,7 +49,13 @@ func Handle(logf logger.Logf, lb *ipnlocal.LocalBackend, c net.Conn) error {
 
 	for k, v := range ssh.DefaultSubsystemHandlers {
 
 		srv.SubsystemHandlers[k] = v
 
 	}
 
-	srv.AddHostKey(signer)
 
+	keys, err := lb.GetSSHHostKeys()
 
+	if err != nil {
 
+		return err
 
+	}
 
+	for _, signer := range keys {
 
+		srv.AddHostKey(signer)
 
+	}
 
 
 	srv.HandleConn(c)
 
 	return nil