1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
|
diff --git a/pipe/client.go b/pipe/client.go
index 31b2bb7..b737eb7 100644
--- a/pipe/client.go
+++ b/pipe/client.go
@@ -182,11 +182,12 @@ func (c *Client) RemoveSession(id string) error {
// SSHClientInfo represents the SSH connection information.
type SSHClientInfo struct {
- RemoteHost string
- RemoteHostname string
- RemoteUser string
- KeyLocation string
- KeyPassphrase string
+ RemoteHost string
+ RemoteHostname string
+ RemoteUser string
+ KeyLocation string
+ KeyPassphrase string
+ CertificateFile string
}
// NewSSHClient creates a new SSH client.
@@ -226,6 +227,33 @@ func NewSSHClient(info *SSHClientInfo) (*ssh.Client, error) {
if err != nil {
return nil, err
}
+
+ if info.CertificateFile != "" {
+ certPath, err := filepath.Abs(info.CertificateFile)
+ if err != nil {
+ return nil, err
+ }
+
+ certData, err := os.ReadFile(certPath)
+ if err != nil {
+ return nil, err
+ }
+
+ pubKey, _, _, _, err := ssh.ParseAuthorizedKey(certData)
+ if err != nil {
+ return nil, fmt.Errorf("failed to parse certificate: %w", err)
+ }
+
+ cert, ok := pubKey.(*ssh.Certificate)
+ if !ok {
+ return nil, fmt.Errorf("file is not an SSH certificate")
+ }
+
+ signer, err = ssh.NewCertSigner(cert, signer)
+ if err != nil {
+ return nil, fmt.Errorf("failed to create cert signer: %w", err)
+ }
+ }
}
var authMethods []ssh.AuthMethod
|