From 20706854c013e7331a6ff48690749734fd1e1ff7 Mon Sep 17 00:00:00 2001 From: pratikjagrut <26519653+pratikjagrut@users.noreply.github.com> Date: Thu, 24 Nov 2022 14:56:02 +0530 Subject: [PATCH 1/2] fix: generate keys using ecdsa instead of rsa fixes linear issue id ENG-689 --- .../services/proxycommands/commands.go | 3 +- pkg/devspace/services/ssh/config.go | 9 ++-- pkg/devspace/services/ssh/keys.go | 46 +++++++++++++------ 3 files changed, 40 insertions(+), 18 deletions(-) diff --git a/pkg/devspace/services/proxycommands/commands.go b/pkg/devspace/services/proxycommands/commands.go index 6c483c471d..d1d7666c71 100644 --- a/pkg/devspace/services/proxycommands/commands.go +++ b/pkg/devspace/services/proxycommands/commands.go @@ -3,6 +3,8 @@ package proxycommands import ( "encoding/base64" "fmt" + "strings" + sshpkg "github.com/gliderlabs/ssh" "github.com/loft-sh/devspace/pkg/devspace/config/loader" "github.com/loft-sh/devspace/pkg/devspace/config/versions/latest" @@ -13,7 +15,6 @@ import ( "github.com/loft-sh/devspace/pkg/devspace/services/targetselector" "github.com/loft-sh/devspace/pkg/util/tomb" "github.com/pkg/errors" - "strings" ) var DefaultRemotePort = 10567 diff --git a/pkg/devspace/services/ssh/config.go b/pkg/devspace/services/ssh/config.go index e026d462e1..43c2784704 100644 --- a/pkg/devspace/services/ssh/config.go +++ b/pkg/devspace/services/ssh/config.go @@ -1,16 +1,17 @@ package ssh import ( - "github.com/loft-sh/devspace/pkg/util/log" - "github.com/loft-sh/devspace/pkg/util/scanner" - "github.com/mitchellh/go-homedir" - "github.com/pkg/errors" "io" "os" "path/filepath" "strconv" "strings" "sync" + + "github.com/loft-sh/devspace/pkg/util/log" + "github.com/loft-sh/devspace/pkg/util/scanner" + "github.com/mitchellh/go-homedir" + "github.com/pkg/errors" ) var configLock sync.Mutex diff --git a/pkg/devspace/services/ssh/keys.go b/pkg/devspace/services/ssh/keys.go index a2758bed34..0e9d1f2497 100644 --- a/pkg/devspace/services/ssh/keys.go +++ b/pkg/devspace/services/ssh/keys.go @@ -1,26 +1,28 @@ package ssh import ( + "crypto/ecdsa" + "crypto/elliptic" "crypto/rand" - "crypto/rsa" "crypto/x509" "encoding/base64" "encoding/pem" - "github.com/loft-sh/devspace/pkg/devspace/config/constants" - "github.com/mitchellh/go-homedir" - "github.com/pkg/errors" - "golang.org/x/crypto/ssh" "os" "path/filepath" "strings" "sync" + + "github.com/loft-sh/devspace/pkg/devspace/config/constants" + "github.com/mitchellh/go-homedir" + "github.com/pkg/errors" + "golang.org/x/crypto/ssh" ) var ( DevSpaceSSHFolder = "ssh" - DevSpaceSSHHostKeyFile = "id_devspace_host_rsa" - DevSpaceSSHPrivateKeyFile = "id_devspace_rsa" - DevSpaceSSHPublicKeyFile = "id_devspace_rsa.pub" + DevSpaceSSHHostKeyFile = "id_devspace_host_ecdsa" + DevSpaceSSHPrivateKeyFile = "id_devspace_ecdsa" + DevSpaceSSHPublicKeyFile = "id_devspace_ecdsa.pub" ) func init() { @@ -34,14 +36,18 @@ func init() { var keyLock sync.Mutex func MakeHostKey() (string, error) { - privateKey, err := rsa.GenerateKey(rand.Reader, 2048) + privateKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) if err != nil { return "", err } // generate and write private key as PEM var privKeyBuf strings.Builder - privateKeyPEM := &pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(privateKey)} + privateKeyPEM, err := pemBlock(privateKey) + if err != nil { + return "", err + } + if err := pem.Encode(&privKeyBuf, privateKeyPEM); err != nil { return "", err } @@ -50,14 +56,17 @@ func MakeHostKey() (string, error) { } func MakeSSHKeyPair() (string, string, error) { - privateKey, err := rsa.GenerateKey(rand.Reader, 2048) + privateKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) if err != nil { return "", "", err } - // generate and write private key as PEM var privKeyBuf strings.Builder - privateKeyPEM := &pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(privateKey)} + privateKeyPEM, err := pemBlock(privateKey) + if err != nil { + return "", "", err + } + if err := pem.Encode(&privKeyBuf, privateKeyPEM); err != nil { return "", "", err } @@ -147,3 +156,14 @@ func getPublicKey() (string, error) { return base64.StdEncoding.EncodeToString(out), nil } + +func pemBlock(privateKey *ecdsa.PrivateKey) (*pem.Block, error) { + if b, err := x509.MarshalPKCS8PrivateKey(privateKey); err == nil { + return &pem.Block{ + Type: "PRIVATE KEY", + Bytes: b, + }, nil + } else { + return nil, err + } +} From 96471cd828206f1eda0ba0b382d65270a8b97f06 Mon Sep 17 00:00:00 2001 From: pratikjagrut <26519653+pratikjagrut@users.noreply.github.com> Date: Thu, 24 Nov 2022 15:25:46 +0530 Subject: [PATCH 2/2] fix: make function for generating key --- pkg/devspace/services/ssh/keys.go | 52 +++++++++++++------------------ 1 file changed, 21 insertions(+), 31 deletions(-) diff --git a/pkg/devspace/services/ssh/keys.go b/pkg/devspace/services/ssh/keys.go index 0e9d1f2497..04374b302c 100644 --- a/pkg/devspace/services/ssh/keys.go +++ b/pkg/devspace/services/ssh/keys.go @@ -35,39 +35,40 @@ func init() { var keyLock sync.Mutex -func MakeHostKey() (string, error) { +func generatePrivateKey() (*ecdsa.PrivateKey, string, error) { privateKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) if err != nil { - return "", err + return nil, "", err } // generate and write private key as PEM - var privKeyBuf strings.Builder - privateKeyPEM, err := pemBlock(privateKey) + var privateKeyBuf strings.Builder + b, err := x509.MarshalPKCS8PrivateKey(privateKey) if err != nil { - return "", err + return nil, "", err } - - if err := pem.Encode(&privKeyBuf, privateKeyPEM); err != nil { - return "", err + privateKeyPEM := &pem.Block{ + Type: "PRIVATE KEY", + Bytes: b, + } + if err := pem.Encode(&privateKeyBuf, privateKeyPEM); err != nil { + return nil, "", err } - return privKeyBuf.String(), nil + return privateKey, privateKeyBuf.String(), nil } -func MakeSSHKeyPair() (string, string, error) { - privateKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) - if err != nil { - return "", "", err - } - // generate and write private key as PEM - var privKeyBuf strings.Builder - privateKeyPEM, err := pemBlock(privateKey) +func MakeHostKey() (string, error) { + _, privKeyStr, err := generatePrivateKey() if err != nil { - return "", "", err + return "", err } + return privKeyStr, nil +} - if err := pem.Encode(&privKeyBuf, privateKeyPEM); err != nil { +func MakeSSHKeyPair() (string, string, error) { + privateKey, privKeyStr, err := generatePrivateKey() + if err != nil { return "", "", err } @@ -79,7 +80,7 @@ func MakeSSHKeyPair() (string, string, error) { var pubKeyBuf strings.Builder pubKeyBuf.Write(ssh.MarshalAuthorizedKey(pub)) - return pubKeyBuf.String(), privKeyBuf.String(), nil + return pubKeyBuf.String(), privKeyStr, nil } func getHostKey() (string, error) { @@ -156,14 +157,3 @@ func getPublicKey() (string, error) { return base64.StdEncoding.EncodeToString(out), nil } - -func pemBlock(privateKey *ecdsa.PrivateKey) (*pem.Block, error) { - if b, err := x509.MarshalPKCS8PrivateKey(privateKey); err == nil { - return &pem.Block{ - Type: "PRIVATE KEY", - Bytes: b, - }, nil - } else { - return nil, err - } -}