dashboard / erock/utils / feat: add ssh cert file support to ssh client impl #99 rss

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56

diff --git a/pipe/client.go b/pipe/client.go
index 31b2bb7..b737eb7 100644
--- a/pipe/client.go
+++ b/pipe/client.go
@@ -182,11 +182,12 @@ func (c *Client) RemoveSession(id string) error {
 
 // SSHClientInfo represents the SSH connection information.
 type SSHClientInfo struct {
-	RemoteHost     string
-	RemoteHostname string
-	RemoteUser     string
-	KeyLocation    string
-	KeyPassphrase  string
+	RemoteHost      string
+	RemoteHostname  string
+	RemoteUser      string
+	KeyLocation     string
+	KeyPassphrase   string
+	CertificateFile string
 }
 
 // NewSSHClient creates a new SSH client.
@@ -226,6 +227,33 @@ func NewSSHClient(info *SSHClientInfo) (*ssh.Client, error) {
 		if err != nil {
 			return nil, err
 		}
+
+		if info.CertificateFile != "" {
+			certPath, err := filepath.Abs(info.CertificateFile)
+			if err != nil {
+				return nil, err
+			}
+
+			certData, err := os.ReadFile(certPath)
+			if err != nil {
+				return nil, err
+			}
+
+			pubKey, _, _, _, err := ssh.ParseAuthorizedKey(certData)
+			if err != nil {
+				return nil, fmt.Errorf("failed to parse certificate: %w", err)
+			}
+
+			cert, ok := pubKey.(*ssh.Certificate)
+			if !ok {
+				return nil, fmt.Errorf("file is not an SSH certificate")
+			}
+
+			signer, err = ssh.NewCertSigner(cert, signer)
+			if err != nil {
+				return nil, fmt.Errorf("failed to create cert signer: %w", err)
+			}
+		}
 	}
 
 	var authMethods []ssh.AuthMethod