remove ssh private key contents from errors
A misformatted private key may fail to parse correctly, but might still contain sensitive data. Don't display the private key in any error messages.
This commit is contained in:
James Bardin
parent
3db95d510a
commit
f68a1a9c76
|
|
@ -3,6 +3,7 @@ package ssh
|
||||||
import (
|
import (
|
||||||
"bytes"
|
"bytes"
|
||||||
"encoding/pem"
|
"encoding/pem"
|
||||||
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
"io/ioutil"
|
"io/ioutil"
|
||||||
"log"
|
"log"
|
||||||
|
|
@ -259,17 +260,17 @@ func readPrivateKey(pk string) (ssh.AuthMethod, error) {
|
||||||
// show a nicer error if the private key has a password.
|
// show a nicer error if the private key has a password.
|
||||||
block, _ := pem.Decode([]byte(pk))
|
block, _ := pem.Decode([]byte(pk))
|
||||||
if block == nil {
|
if block == nil {
|
||||||
return nil, fmt.Errorf("Failed to read key %q: no key found", pk)
|
return nil, errors.New("Failed to read ssh private key: no key found")
|
||||||
}
|
}
|
||||||
if block.Headers["Proc-Type"] == "4,ENCRYPTED" {
|
if block.Headers["Proc-Type"] == "4,ENCRYPTED" {
|
||||||
return nil, fmt.Errorf(
|
return nil, errors.New(
|
||||||
"Failed to read key %q: password protected keys are\n"+
|
"Failed to read ssh private key: password protected keys are\n" +
|
||||||
"not supported. Please decrypt the key prior to use.", pk)
|
"not supported. Please decrypt the key prior to use.")
|
||||||
}
|
}
|
||||||
|
|
||||||
signer, err := ssh.ParsePrivateKey([]byte(pk))
|
signer, err := ssh.ParsePrivateKey([]byte(pk))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, fmt.Errorf("Failed to parse key file %q: %s", pk, err)
|
return nil, fmt.Errorf("Failed to parse ssh private key: %s", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
return ssh.PublicKeys(signer), nil
|
return ssh.PublicKeys(signer), nil
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue