ssh

package
v1.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 26, 2025 License: MIT Imports: 11 Imported by: 0

Documentation

Overview

Package ssh provides SSH key utilities for CLI applications.

This package includes:

  • SSH key discovery (find default key, list all keys)
  • Public key parsing and fingerprint computation
  • SSH agent connection and signing
  • Direct key file signing

Finding SSH Keys

Find the default SSH key: 

info, err := ssh.FindDefaultKey()
if err != nil {
    log.Fatal(err)
}
fmt.Println(info.Fingerprint) // SHA256:...

List all SSH keys in ~/.ssh: 

keys, err := ssh.ListLocalKeys()
for _, key := range keys {
    fmt.Printf("%s: %s\n", key.KeyType, key.Fingerprint)
}

SSH Agent Signing

Sign a challenge using the SSH agent: 

agent, err := ssh.GetAgent()
if err != nil {
    log.Fatal(err)
}

sig, err := ssh.SignWithAgent(agent, fingerprint, challengeBytes)

Direct Key Signing

Sign using a private key file (unencrypted keys only): 

sig, err := ssh.SignWithKeyFile(keyPath, challengeBytes)

Custom Configuration

Use Config for custom SSH directory or key preferences: 

cfg := ssh.Config{
    SSHDir:        "/custom/path/.ssh",
    PreferredKeys: []string{"id_ed25519.pub", "id_ecdsa.pub"},
}

info, err := ssh.FindDefaultKeyWithConfig(cfg)

Index

Constants

This section is empty.

Variables

View Source 
var (
	// ErrNoSSHAgent is returned when the SSH agent is not available.
	ErrNoSSHAgent = errors.New("ssh-agent not available")

	// ErrNoSSHKeys is returned when no SSH keys are found.
	ErrNoSSHKeys = errors.New("no SSH keys found")

	// ErrKeyNotFound is returned when a specific key is not found in the agent.
	ErrKeyNotFound = errors.New("SSH key not found in agent")

	// ErrInvalidKeyFormat is returned when a public key file has invalid format.
	ErrInvalidKeyFormat = errors.New("invalid SSH public key format")
)

SSH key errors.

View Source 
var DefaultPreferredKeys = []string{
	"id_ed25519.pub",
	"id_ecdsa.pub",
	"id_rsa.pub",
}

DefaultPreferredKeys is the default key preference order.

Functions

func ComputeFingerprint 

func ComputeFingerprint(keyBlob []byte) string

ComputeFingerprint computes the SHA256 fingerprint of a key blob.

func FindAgentKeyByFingerprint 

func FindAgentKeyByFingerprint(ag agent.Agent, fingerprint string) (*agent.Key, error)

FindAgentKeyByFingerprint finds a key in the agent by its fingerprint.

func ListAgentKeys 

func ListAgentKeys(ag agent.Agent) ([]*agent.Key, error)

ListAgentKeys lists all keys currently in the SSH agent.

func SignChallengeWithAgent 

func SignChallengeWithAgent(ag agent.ExtendedAgent, fingerprint, challenge string) (string, error)

SignChallengeWithAgent signs a base64-encoded challenge using the SSH agent. This is a convenience wrapper for challenge-response authentication.

func SignChallengeWithKeyFile 

func SignChallengeWithKeyFile(keyPath, challenge string) (string, error)

SignChallengeWithKeyFile signs a base64-encoded challenge using a key file.

func SignWithAgent 

func SignWithAgent(ag agent.ExtendedAgent, fingerprint string, data []byte) (string, error)

SignWithAgent signs data using the SSH agent. The fingerprint is used to find the correct key in the agent. Returns the signature encoded as base64.

func SignWithKeyFile 

func SignWithKeyFile(keyPath string, data []byte) (string, error)

SignWithKeyFile signs data using a private key file. Note: Only unencrypted keys are supported. For encrypted keys, use ssh-agent.

Types

type AgentConnection 

type AgentConnection struct {
	agent.ExtendedAgent
	// contains filtered or unexported fields
}

AgentConnection wraps an SSH agent with its underlying connection for proper resource cleanup.

func GetAgent 

func GetAgent() (*AgentConnection, error)

GetAgent connects to the SSH agent via SSH_AUTH_SOCK. The returned AgentConnection should be closed when done to avoid resource leaks.

func (*AgentConnection) Close 

func (a *AgentConnection) Close() error

Close closes the underlying connection to the SSH agent.

type Config 

type Config struct {
	// SSHDir is the SSH directory path.
	// Defaults to ~/.ssh if empty.
	SSHDir string

	// PreferredKeys is the preference order for key types.
	// Defaults to ed25519, ecdsa, rsa if empty.
	PreferredKeys []string
}

Config holds configuration for SSH key operations.

type KeyInfo 

type KeyInfo struct {
	// Path is the path to the public key file.
	Path string

	// PublicKey is the full public key in authorized_keys format.
	PublicKey string

	// KeyType is the key algorithm (e.g., "ssh-ed25519", "ssh-rsa").
	KeyType string

	// Fingerprint is the SHA256 fingerprint of the key.
	Fingerprint string

	// Comment is the optional key comment.
	Comment string
}

KeyInfo holds information about an SSH key.

func FindDefaultKey 

func FindDefaultKey() (*KeyInfo, error)

FindDefaultKey finds the default SSH key using default configuration.

func FindDefaultKeyWithConfig 

func FindDefaultKeyWithConfig(cfg Config) (*KeyInfo, error)

FindDefaultKeyWithConfig finds the default SSH key using custom configuration.

func ListLocalKeys 

func ListLocalKeys() ([]*KeyInfo, error)

ListLocalKeys lists all SSH public keys in the SSH directory.

func ListLocalKeysWithConfig 

func ListLocalKeysWithConfig(cfg Config) ([]*KeyInfo, error)

ListLocalKeysWithConfig lists all SSH public keys using custom configuration.

func ParsePublicKey 

func ParsePublicKey(path, keyData string) (*KeyInfo, error)

ParsePublicKey parses an SSH public key string.

func ReadPublicKey 

func ReadPublicKey(path string) (*KeyInfo, error)

ReadPublicKey reads and parses an SSH public key file.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.