私钥登录增加私钥密码支持

Author: mylxsw

README.md

@@ -53,8 +53,9 @@ AB两台服务器中的项目均将日志写到文件系统的`/home/data/logs/l
     #tail_flags="--retry --follow=name"
 
     # 服务器配置,可以配置多个
-    # 如果不提供 password, 则默认使用系统配置的 ssh-agent 设置，
+    # 如果不提供password, 则默认使用系统配置的 ssh-agent 设置，
     # 你也可以通过指定 private_key_path 配置项来指定使用特定的私钥来登录 (private_key_path=/home/mylxsw/.ssh/id_rsa)
+    # 私钥如果有密码的话，需要指定 private_key_passphrase 配置项来指定私钥密码
     # server_name, hostname, user 配置为必选,其它可选
     [servers]
 

command/command.go

@@ -46,10 +46,11 @@ func NewCommand(server Server) (cmd *Command) {
 func (cmd *Command) Execute(output chan Message) {
 
 	client := &ssh.Client{
-		Host:           cmd.Host,
-		User:           cmd.User,
-		Password:       cmd.Server.Password,
-		PrivateKeyPath: cmd.Server.PrivateKeyPath,
+		Host:                 cmd.Host,
+		User:                 cmd.User,
+		Password:             cmd.Server.Password,
+		PrivateKeyPath:       cmd.Server.PrivateKeyPath,
+		PrivateKeyPassphrase: cmd.Server.PrivateKeyPassphrase,
 	}
 
 	if err := client.Connect(); err != nil {

command/config.go

@@ -1,14 +1,15 @@
 package command
 
 type Server struct {
-	ServerName     string `toml:"server_name"`
-	Hostname       string `toml:"hostname"`
-	Port           int    `toml:"port"`
-	User           string `toml:"user"`
-	Password       string `toml:"password"`
-	PrivateKeyPath string `toml:"private_key_path"`
-	TailFile       string `toml:"tail_file"`
-	TailFlags      string `toml:"tail_flags"`
+	ServerName           string `toml:"server_name"`
+	Hostname             string `toml:"hostname"`
+	Port                 int    `toml:"port"`
+	User                 string `toml:"user"`
+	Password             string `toml:"password"`
+	PrivateKeyPath       string `toml:"private_key_path"`
+	PrivateKeyPassphrase string `toml:"private_key_passphrase"`
+	TailFile             string `toml:"tail_file"`
+	TailFlags            string `toml:"tail_flags"`
 }
 
 type Config struct {

ssh/ssh.go

@@ -13,10 +13,11 @@ import (
 )
 
 type Client struct {
-	Host           string
-	User           string
-	Password       string
-	PrivateKeyPath string
+	Host                 string
+	User                 string
+	Password             string
+	PrivateKeyPath       string
+	PrivateKeyPassphrase string
 	*ssh.Client
 }
 
@@ -29,7 +30,7 @@ func (sshClient *Client) Connect() error {
 	if sshClient.Password != "" {
 		conf.Auth = append(conf.Auth, ssh.Password(sshClient.Password))
 	} else if sshClient.PrivateKeyPath != "" {
-		privateKey, err := getPrivateKey(sshClient.PrivateKeyPath)
+		privateKey, err := getPrivateKey(sshClient.PrivateKeyPath, sshClient.PrivateKeyPassphrase)
 		if err != nil {
 			return err
 		}
@@ -65,7 +66,7 @@ func (sshClient *Client) Close() {
 }
 
 // Get the private key for current user
-func getPrivateKey(privateKeyPath string) (ssh.AuthMethod, error) {
+func getPrivateKey(privateKeyPath string, privateKeyPassphrase string) (ssh.AuthMethod, error) {
 	if !fileExist(privateKeyPath) {
 		defaultPrivateKeyPath := filepath.Join(os.Getenv("HOME"), ".ssh/id_rsa")
 		log.Printf("Warning: private key path [%s] does not exist, using default %s instead", privateKeyPath, defaultPrivateKeyPath)
@@ -78,7 +79,12 @@ func getPrivateKey(privateKeyPath string) (ssh.AuthMethod, error) {
 		return nil, fmt.Errorf("unable to parse private key: %v", err)
 	}
 
-	signer, err := ssh.ParsePrivateKey(key)
+	var signer ssh.Signer
+	if privateKeyPassphrase != "" {
+		signer, err = ssh.ParsePrivateKeyWithPassphrase(key, []byte(privateKeyPassphrase))
+	} else {
+		signer, err = ssh.ParsePrivateKey(key)
+	}
 	if err != nil {
 		return nil, fmt.Errorf("parse private key failed: %v", err)
 	}