helper/ssh: error if private key on SSH [GH-73]
This commit is contained in:
parent
642fed0356
commit
a74775d077
10
CHANGELOG.md
10
CHANGELOG.md
|
@ -14,17 +14,19 @@ BUG FIXES:
|
|||
|
||||
* core: Default variable file "terraform.tfvars" is auto-loaded. [GH-59]
|
||||
* providers/cloudflare: Include the proper bins so the cloudflare
|
||||
provider is compiled
|
||||
provider is compiled
|
||||
* providers/aws: Engine version for RDS now properly set [GH-118]
|
||||
* providers/aws: Security groups now depend on each other and
|
||||
* providers/aws: DB instances now wait for destroys, have proper
|
||||
dependencies and allow passing skip_final_snapshot
|
||||
dependencies and allow passing skip_final_snapshot
|
||||
* providers/aws: Add associate_public_ip_address as an attribute on
|
||||
the aws_instance resource [GH-85]
|
||||
the aws_instance resource [GH-85]
|
||||
* providers/aws: Fix cidr blocks being updated [GH-65, GH-85]
|
||||
* providers/aws: Description is now required for security groups
|
||||
* providers/digitalocean: Private IP addresses are now a separate
|
||||
attribute
|
||||
attribute
|
||||
* provisioner/all: If an SSH key is given with a password, a better
|
||||
error message is shown. [GH-73]
|
||||
|
||||
## 0.1.0 (July 28, 2014)
|
||||
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
package ssh
|
||||
|
||||
import (
|
||||
"encoding/pem"
|
||||
"fmt"
|
||||
"io/ioutil"
|
||||
"log"
|
||||
|
@ -105,10 +106,25 @@ func PrepareConfig(conf *SSHConfig) (*Config, error) {
|
|||
if err != nil {
|
||||
return nil, fmt.Errorf("Failed to read key file '%s': %v", conf.KeyFile, err)
|
||||
}
|
||||
|
||||
// We parse the private key on our own first so that we can
|
||||
// show a nicer error if the private key has a password.
|
||||
block, _ := pem.Decode(key)
|
||||
if block == nil {
|
||||
return nil, fmt.Errorf(
|
||||
"Failed to read key '%s': no key found", conf.KeyFile)
|
||||
}
|
||||
if block.Headers["Proc-Type"] == "4,ENCRYPTED" {
|
||||
return nil, fmt.Errorf(
|
||||
"Failed to read key '%s': password protected keys are\n"+
|
||||
"not supported. Please decrypt the key prior to use.", conf.KeyFile)
|
||||
}
|
||||
|
||||
signer, err := ssh.ParsePrivateKey(key)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("Failed to parse key file '%s': %v", conf.KeyFile, err)
|
||||
}
|
||||
|
||||
sshConf.Auth = append(sshConf.Auth, ssh.PublicKeys(signer))
|
||||
}
|
||||
if conf.Password != "" {
|
||||
|
|
Loading…
Reference in New Issue