go/rclone
1
0
Fork 0
mirror of https://github.com/rclone/rclone.git synced 2025-01-24 12:56:36 +02:00
Code Issues Releases Activity

sft[: added --sftp-pem-key to support inline key files

Browse Source
This commit is contained in:
calisro 2020-05-19 06:55:38 -04:00 committed by GitHub
parent 8c37ae8f5c
commit bcbfad1482
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 31 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
backend/sftp/sftp.go
View File

@ -69,6 +69,9 @@ func init() {
Name: "pass", Name: "pass",
Help: "SSH password, leave blank to use ssh-agent.", Help: "SSH password, leave blank to use ssh-agent.",
IsPassword: true, IsPassword: true,
}, {
Name: "key_pem",
Help: "Raw PEM-encoded private key, If specified, will override key_file parameter.",
}, { }, {
Name: "key_file", Name: "key_file",
Help: "Path to PEM-encoded private key file, leave blank or set key-use-agent to use ssh-agent.", Help: "Path to PEM-encoded private key file, leave blank or set key-use-agent to use ssh-agent.",
@ -172,6 +175,7 @@ type Options struct {
User string `config:"user"` User string `config:"user"`
Port string `config:"port"` Port string `config:"port"`
Pass string `config:"pass"` Pass string `config:"pass"`
KeyPem string `config:"key_pem"`
KeyFile string `config:"key_file"` KeyFile string `config:"key_file"`
KeyFilePass string `config:"key_file_pass"` KeyFilePass string `config:"key_file_pass"`
KeyUseAgent bool `config:"key_use_agent"` KeyUseAgent bool `config:"key_use_agent"`
@ -390,6 +394,7 @@ func NewFs(name, root string, m configmap.Mapper) (fs.Fs, error) {
} }
keyFile := env.ShellExpand(opt.KeyFile) keyFile := env.ShellExpand(opt.KeyFile)
//keyPem := env.ShellExpand(opt.KeyPem)
// Add ssh agent-auth if no password or file specified // Add ssh agent-auth if no password or file specified
if (opt.Pass == "" && keyFile == "" && !opt.AskPassword) || opt.KeyUseAgent { if (opt.Pass == "" && keyFile == "" && !opt.AskPassword) || opt.KeyUseAgent {
sshAgentClient, _, err := sshagent.New() sshAgentClient, _, err := sshagent.New()
@ -427,11 +432,21 @@ func NewFs(name, root string, m configmap.Mapper) (fs.Fs, error) {
} }
// Load key file if specified // Load key file if specified
if keyFile != "" { if keyFile != "" || opt.KeyPem != "" {
key, err := ioutil.ReadFile(keyFile) var key []byte
if opt.KeyPem == "" {
key, err = ioutil.ReadFile(keyFile)
if err != nil { if err != nil {
return nil, errors.Wrap(err, "failed to read private key file") return nil, errors.Wrap(err, "failed to read private key file")
} }
} else {
// wrap in quotes because the config is a coming as a literal without them.
opt.KeyPem, err = strconv.Unquote("\"" + opt.KeyPem + "\"")
if err != nil {
return nil, errors.Wrap(err, "pem key not formatted properly")
}
key = []byte(opt.KeyPem)
}
clearpass := "" clearpass := ""
if opt.KeyFilePass != "" { if opt.KeyFilePass != "" {
clearpass, err = obscure.Reveal(opt.KeyFilePass) clearpass, err = obscure.Reveal(opt.KeyFilePass)

14
docs/content/sftp.md
View File

@ -107,10 +107,20 @@ The SFTP remote supports three authentication methods:
Key files should be PEM-encoded private key files. For instance `/home/$USER/.ssh/id_rsa`. Key files should be PEM-encoded private key files. For instance `/home/$USER/.ssh/id_rsa`.
Only unencrypted OpenSSH or PEM encrypted files are supported. Only unencrypted OpenSSH or PEM encrypted files are supported.
If you don't specify `pass` or `key_file` then rclone will attempt to contact an ssh-agent. The key file can be specified in either an external file (key_file) or contained within the
rclone config file (key_pem). If using key_pem in the config file, the entry should be on a
single line with new line ('\n' or '\r\n') separating lines. i.e.
key_pem = -----BEGIN RSA PRIVATE KEY-----\nMaMbaIXtE\n0gAMbMbaSsd\nMbaass\n-----END RSA PRIVATE KEY-----
This will generate it correctly for key_pem for use in the config:
awk '{printf "%s\\n", $0}' < ~/.ssh/id_rsa
If you don't specify `pass`, `key_file`, or `key_pem` then rclone will attempt to contact an ssh-agent.
You can also specify `key_use_agent` to force the usage of an ssh-agent. In this case You can also specify `key_use_agent` to force the usage of an ssh-agent. In this case
`key_file` can also be specified to force the usage of a specific key in the ssh-agent. `key_file` or `key_pem` can also be specified to force the usage of a specific key in the ssh-agent.
Using an ssh-agent is the only way to load encrypted OpenSSH keys at the moment. Using an ssh-agent is the only way to load encrypted OpenSSH keys at the moment.