Skip to content

Change key transfering method #815

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 5 commits into
base: main
Choose a base branch
from
Open

Change key transfering method #815

wants to merge 5 commits into from

Conversation

@takara9
Copy link
Contributor

@takara9 takara9 commented Oct 14, 2025
edited
Loading

Changes to the Internal Structure of ckecli ssh

The method of retrieving the private key from Vault, writing it three times via a named pipe, and passing it to the ssh command has been discontinued.

Stability is achieved by passing the private key to the ssh command via ssh-agent.

https://bozuman.cybozu.com/k/#/space/3801/thread/76755/5837513/12062963

@takara9 takara9 self-assigned this Oct 14, 2025
@takara9
Change key transfering method
f19768d 
fix

debug

test

update

debug

merge func

merge func

update syntax

update
@takara9 takara9 requested a review from masa213f October 15, 2025 01:59
masa213f
masa213f requested changes Oct 23, 2025
View reviewed changes
pkg/ckecli/cmd/ssh.go
})
return err
}

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We may need to defer here. If an error occurs until line 205, the file may remain.

defer os.Remove(fifo)

Copy link
Contributor Author

@takara9 takara9 Oct 23, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Moved "defer os.Remove(pipeFilename)" after the error check.

pkg/ckecli/cmd/ssh.go Outdated
if err != nil {
log.Error("failed to create the named pipe", map[string]interface{}{
log.FnError: err,
"fifo name": pipeFilename,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

When an error occurs in createFifo(), pipeFileName is empty. There is no meaning in outputting here.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Deleted it.

pkg/ckecli/cmd/ssh.go Outdated
}

func writeToFifo(fifo string, data string) error {
f, err := os.OpenFile(fifo, os.O_WRONLY|os.O_CREATE|os.O_APPEND, os.ModeNamedPipe)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why use os.O_CREATE? The file is created in createFifo() as far as I understand.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Deleted "os.O_WRONLY|"

pkg/ckecli/cmd/ssh.go Outdated
})
return err
}
log.Info("killed ssh-agent", map[string]interface{}{
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  1. This info log is not output.
    Please check the usage of cybozu-go/log. The usable field keys are limited.
    https://github.com/cybozu-go/log/blob/v1.7.0/formatter.go#L43

    You can check the behavior of cybozu-go/log using the following command.

    package main

import (
	"github.com/cybozu-go/log"
)

func main() {
	log.Info("hello1", nil)
	log.Info("hello2", map[string]interface{}{"message": ""})
	log.Info("hello3", map[string]interface{}{"foo bar": "hoge"})
    log.Info("hello4", map[string]interface{}{"Foo": "hoge"})
    log.Info("hello5", map[string]interface{}{"foo": "hoge"})
}

  2. Please change this log to the debug level.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you kindness the explanation.
I changed appropirate key and level.

pkg/ckecli/cmd/ssh.go Outdated
Comment on lines 84 to 88
sshArgs := []string{
"-s",
}

return fifo, nil
cmd := exec.CommandContext(ctx, "ssh-agent", sshArgs...)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This option is short, so there's no need to make a variable.

IMO, this variable decreases readability. And Unnecessary line breaks have been inserted.

Suggested change
sshArgs := []string{
"-s",
}
return fifo, nil
cmd := exec.CommandContext(ctx, "ssh-agent", sshArgs...)
cmd := exec.CommandContext(ctx, "ssh-agent", "-s")

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Deleted sshArgs, and put "-s" after "ssh-agent"

pkg/ckecli/cmd/scp.go Outdated
if err = writeToFifo(pipeFilename, pirvateKey); err != nil {
log.Error("failed to write the named pipe", map[string]interface{}{
log.FnError: err,
"named pipe": pipeFilename,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This field key is not valid.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

changed it

pkg/ckecli/cmd/scp.go
})
return err
}

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It needs to defer here.

Suggested change
defer os.Remove(pipeFilename)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

changed it

pkg/ckecli/cmd/ssh.go Outdated
Comment on lines 121 to 125
sshArgs2 := []string{
privateKeyFile,
}
cmd0 := exec.CommandContext(ctx, "ssh-add", sshArgs2...)
_, err = cmd0.CombinedOutput()
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  • There is no need to make the option a variable.
  • I cannot understand the naming conventions of local variables in this function. Why does cmd0 come after cmd? It might just be better to reuse cmd.
Suggested change
sshArgs2 := []string{
privateKeyFile,
}
cmd0 := exec.CommandContext(ctx, "ssh-add", sshArgs2...)
_, err = cmd0.CombinedOutput()
cmd = exec.CommandContext(ctx, "ssh-add", privateKeyFile)
_, err = cmd0.CombinedOutput()

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

changed it

pkg/ckecli/cmd/ssh.go
})
}
}()

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If writeToFifo() fails, ssh-agent is not killed.

Suggested change
defer killSshAgent(ctx)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

moved it.

pkg/ckecli/cmd/scp.go
})
}
}()

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It needs to defer here.

Suggested change
defer killSshAgent(ctx)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

put it here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@masa213f masa213f masa213f requested changes

Requested changes must be addressed to merge this pull request.

Assignees

@takara9 takara9

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@takara9 @masa213f