Skip to content

hostkey generation for your next golang ssh server

License

Notifications You must be signed in to change notification settings

fasmide/hostkeys

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

22 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

hostkeys

A host key manager for your golang ssh daemons

hostkeys will manage private keys for an ssh.ServerConfig. It creates missing private keys if the application is run for the first time and makes sure to reuse them if they already exist.

Its goal is predictability and does things exactly like one would expect a typical OpenSSH installation to do.

By default, it manages three keys, rsa 3072 bits, ecdsa P256, and an ed25519 key, similar to running ssh-keygen -A.

Basic usage:

// An SSH server is represented by a ServerConfig, which holds
// certificate details and handles authentication of ServerConns.
config := &ssh.ServerConfig{
    PasswordCallback: func(...) {
        // ... omitted ...
    },

    PublicKeyCallback: func(...) (...) {
        // ... omitted ...
    },
}

manager := &hostkeys.Manager{
    Directory: "/etc/app",
}

err := m.Manage(config)
if err != nil {
    t.Fatalf("hostkeys: %s", err)
}

Using existing openssh host keys:

manager := &hostkeys.Manager{
    Directory:    "/etc/ssh",
    NamingScheme: "ssh_host_%s_key",
}

Using stronger keys:

manager := &hostkeys.Manager{
    Directory: "/etc/app",
    Keys: []hostkeys.Generator{
		&generator.RSA{BitSize: 4096},
		&generator.ECDSA{Curve: elliptic.P521()},
	},
}

hostkeys will not update or delete existing keys. Changing key parameters requires the user to manually remove the old keys to have new generated.

About

hostkey generation for your next golang ssh server

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages