Version: v0.0.0-...-d3fb95e Latest Latest

This package is not in the latest version of its module.

Go to latest
Published: Oct 4, 2018 License: Apache-2.0 Imports: 7 Imported by: 0



Package rekey contains KeyEnsurer, a type that ensures that certain SSH keys are availible in your ssh-agent.

Specific support is provided for loading Goldkey and Yubikey token keys on macOS.



View Source
const (
	// SSHAuthSock contains the name of the environment variable used to locate
	// the unix socket to connect to an SSH agent.
	// AgentLifetime contains a string representing the duration that keys added
	// to the agent should be available for. This is used in the PKCS11KeyLoader.
	AgentLifetime = "14400"


This section is empty.


func ConnectAgent

func ConnectAgent() (agents.Agent, error)

ConnectAgent returns a new ssh/agent connected to the system default SSH agent over SSH_AUTH_SOCK, or an error if a connection cannot be established.

func FindKey

func FindKey(agent agents.Agent, predicate func(*agents.Key) bool) (*agents.Key, error)

FindKey searches ssh-agent for the first key that matches the given predicate.

func IsGoldkey

func IsGoldkey(key *agents.Key) bool

IsGoldkey returns true if the given key is from a Goldkey physical token

func IsYubikey

func IsYubikey(key *agents.Key) bool

IsYubikey returns true if the given key is from a Yubikey physical token

func KillSSHAgent

func KillSSHAgent() error

func LoadDefaultIdentity

func LoadDefaultIdentity() error

LoadDefaultIdentity runs `ssh-add` to load the user's default identity into ssh-agent.

func LoadGoldkey

func LoadGoldkey() error

LoadGoldkey loads the Golkey opensc-pkcs11 module into ssh-agent

func LoadPKCS11

func LoadPKCS11(path string) error

LoadPKCS11 loads the given PKCS11 path into ssh-agent using `ssh-add`.

func LoadYubikey

func LoadYubikey() error

LoadYubikey loads the Yubikey PKCS11 lib


type KeyEnsurer

type KeyEnsurer struct {
	// If a key matching this predicate is not found, or if signing with it
	// returns an error, we will attempt to re-add the key to the agent using the
	// KeyLoader.
	KeyPredicate func(key *agents.Key) bool
	// A function that attempts to load the key into ssh-agent
	KeyLoader func() error
	// contains filtered or unexported fields

KeyEnsurer is a service object that ensures that the active SSH agent has matching keys loaded

func DefaultIdentity

func DefaultIdentity() *KeyEnsurer

DefaultIdentity returns a KeyEnsurer that ensures that "some" identity is loaded. If none is present, the default identity is loaded via `ssh-add`

func EnsureRestartingAgent

func EnsureRestartingAgent(svc *KeyEnsurer) *KeyEnsurer

EnsureRestartingAgent creates a new KeyEnsurer that will restart SSH agent before trying to load a key. This works on macOS because ssh-agent runs as a user daemon, and SSH_AUTH_SOCK is always updated to the current socket path. Your milage may vary on other operating systems.

func Goldkey

func Goldkey() *KeyEnsurer

Yubikey returns a KeyEnsurer that ensures that a Yubikey SSH token is availible in ssh-agent.

func New

func New(predicate func(key *agents.Key) bool, loader func() error) *KeyEnsurer

KeyEnsurer creates a new KeyEnsurer.

func Yubikey

func Yubikey() *KeyEnsurer

Yubikey returns a KeyEnsurer that ensures that a Yubikey SSH token is availible in ssh-agent.

func (*KeyEnsurer) EnsureLoaded

func (svc *KeyEnsurer) EnsureLoaded() error

EnsureLoaded ensures the key is loaded. On success returns nil, otherwise returns an error.

func (*KeyEnsurer) KeyIsLoaded

func (svc *KeyEnsurer) KeyIsLoaded() (bool, error)

KeyIsLoaded establishes a connection to ssh-agent and queries it for this key, returning if the key is present, or if an error occured while querying ssh-agent

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL