diff --git a/main.go b/main.go index ea9175e..42a9e0b 100644 --- a/main.go +++ b/main.go @@ -121,8 +121,10 @@ func main() { } config := &ssh.ClientConfig{ - User: cfg.RemoteUser, - Auth: []ssh.AuthMethod{privateKey}, + User: cfg.RemoteUser, + Auth: []ssh.AuthMethod{privateKey}, + + //#nosec G106 // For now no validation is supported HostKeyCallback: ssh.InsecureIgnoreHostKey(), } @@ -212,15 +214,14 @@ func main() { sigC <- syscall.SIGINT }() - for { - select { - case <-sigC: - log.Info("Signal triggered, shutting down") - if err := session.Signal(ssh.SIGHUP); err != nil { - log.WithError(err).Error("Unable to send TERM signal to remote process") - } - running = false - return - } + // Wait for signal to occur + <-sigC + + // Do a proper teardown + log.Info("Signal triggered, shutting down") + running = false + + if err := session.Signal(ssh.SIGHUP); err != nil { + log.WithError(err).Error("Unable to send TERM signal to remote process") } } diff --git a/ssh_key.go b/ssh_key.go index b281ae2..797bbac 100644 --- a/ssh_key.go +++ b/ssh_key.go @@ -3,19 +3,18 @@ package main import ( "crypto/x509" "encoding/pem" - "errors" - "fmt" + "github.com/pkg/errors" "golang.org/x/crypto/ssh" ) func signerFromPem(pemBytes []byte, password []byte) (ssh.Signer, error) { + var err error // read pem block - err := errors.New("Pem decode failed, no key found") pemBlock, _ := pem.Decode(pemBytes) if pemBlock == nil { - return nil, err + return nil, errors.New("Pem decode failed, no key found") } // handle encrypted key @@ -23,7 +22,7 @@ func signerFromPem(pemBytes []byte, password []byte) (ssh.Signer, error) { // decrypt PEM pemBlock.Bytes, err = x509.DecryptPEMBlock(pemBlock, password) if err != nil { - return nil, fmt.Errorf("Decrypting PEM block failed %v", err) + return nil, errors.Wrap(err, "Decrypting PEM block failed") } // get RSA, EC or DSA key @@ -35,45 +34,47 @@ func signerFromPem(pemBytes []byte, password []byte) (ssh.Signer, error) { // generate signer instance from key signer, err := ssh.NewSignerFromKey(key) if err != nil { - return nil, fmt.Errorf("Creating signer from encrypted key failed %v", err) - } - - return signer, nil - } else { - // generate signer instance from plain key - signer, err := ssh.ParsePrivateKey(pemBytes) - if err != nil { - return nil, fmt.Errorf("Parsing plain private key failed %v", err) + return nil, errors.Wrap(err, "Creating signer from encrypted key failed") } return signer, nil } + + // generate signer instance from plain key + signer, err := ssh.ParsePrivateKey(pemBytes) + if err != nil { + return nil, errors.Wrap(err, "Parsing plain private key failed") + } + + return signer, nil } func parsePemBlock(block *pem.Block) (interface{}, error) { switch block.Type { + case "RSA PRIVATE KEY": key, err := x509.ParsePKCS1PrivateKey(block.Bytes) if err != nil { - return nil, fmt.Errorf("Parsing PKCS private key failed %v", err) - } else { - return key, nil + return nil, errors.Wrap(err, "Parsing PKCS private key failed") } + return key, nil + case "EC PRIVATE KEY": key, err := x509.ParseECPrivateKey(block.Bytes) if err != nil { - return nil, fmt.Errorf("Parsing EC private key failed %v", err) - } else { - return key, nil + return nil, errors.Wrap(err, "Parsing EC private key failed") } + return key, nil + case "DSA PRIVATE KEY": key, err := ssh.ParseDSAPrivateKey(block.Bytes) if err != nil { - return nil, fmt.Errorf("Parsing DSA private key failed %v", err) - } else { - return key, nil + return nil, errors.Wrap(err, "Parsing DSA private key failed") } + return key, nil + default: - return nil, fmt.Errorf("Parsing private key failed, unsupported key type %q", block.Type) + return nil, errors.Errorf("Parsing private key failed, unsupported key type %q", block.Type) + } }