ResiLien
/
terraform
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

helper/ssh: error if private key on SSH [GH-73]

This commit is contained in:
Mitchell Hashimoto 2014-08-05 09:53:02 -07:00
parent 642fed0356
commit a74775d077
2 changed files with 22 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
CHANGELOG.md
View File

@ -14,17 +14,19 @@ BUG FIXES:
* core: Default variable file "terraform.tfvars" is auto-loaded. [GH-59] * core: Default variable file "terraform.tfvars" is auto-loaded. [GH-59]
* providers/cloudflare: Include the proper bins so the cloudflare * providers/cloudflare: Include the proper bins so the cloudflare
provider is compiled provider is compiled
* providers/aws: Engine version for RDS now properly set [GH-118] * providers/aws: Engine version for RDS now properly set [GH-118]
* providers/aws: Security groups now depend on each other and * providers/aws: Security groups now depend on each other and
* providers/aws: DB instances now wait for destroys, have proper * providers/aws: DB instances now wait for destroys, have proper
dependencies and allow passing skip_final_snapshot dependencies and allow passing skip_final_snapshot
* providers/aws: Add associate_public_ip_address as an attribute on * providers/aws: Add associate_public_ip_address as an attribute on
the aws_instance resource [GH-85] the aws_instance resource [GH-85]
* providers/aws: Fix cidr blocks being updated [GH-65, GH-85] * providers/aws: Fix cidr blocks being updated [GH-65, GH-85]
* providers/aws: Description is now required for security groups * providers/aws: Description is now required for security groups
* providers/digitalocean: Private IP addresses are now a separate * providers/digitalocean: Private IP addresses are now a separate
attribute attribute
* provisioner/all: If an SSH key is given with a password, a better
error message is shown. [GH-73]
## 0.1.0 (July 28, 2014) ## 0.1.0 (July 28, 2014)

16
helper/ssh/provisioner.go
View File

@ -1,6 +1,7 @@
package ssh package ssh
import ( import (
"encoding/pem"
"fmt" "fmt"
"io/ioutil" "io/ioutil"
"log" "log"
@ -105,10 +106,25 @@ func PrepareConfig(conf *SSHConfig) (*Config, error) {
if err != nil { if err != nil {
return nil, fmt.Errorf("Failed to read key file '%s': %v", conf.KeyFile, err) return nil, fmt.Errorf("Failed to read key file '%s': %v", conf.KeyFile, err)
} }
// We parse the private key on our own first so that we can
// show a nicer error if the private key has a password.
block, _ := pem.Decode(key)
if block == nil {
return nil, fmt.Errorf(
"Failed to read key '%s': no key found", conf.KeyFile)
}
if block.Headers["Proc-Type"] == "4,ENCRYPTED" {
return nil, fmt.Errorf(
"Failed to read key '%s': password protected keys are\n"+
"not supported. Please decrypt the key prior to use.", conf.KeyFile)
}
signer, err := ssh.ParsePrivateKey(key) signer, err := ssh.ParsePrivateKey(key)
if err != nil { if err != nil {
return nil, fmt.Errorf("Failed to parse key file '%s': %v", conf.KeyFile, err) return nil, fmt.Errorf("Failed to parse key file '%s': %v", conf.KeyFile, err)
} }
sshConf.Auth = append(sshConf.Auth, ssh.PublicKeys(signer)) sshConf.Auth = append(sshConf.Auth, ssh.PublicKeys(signer))
} }
if conf.Password != "" { if conf.Password != "" {