mirror of
https://github.com/DeBrosOfficial/orama.git
synced 2026-03-17 13:16:58 +00:00
6898f47e2e
Replaces plaintext password-based SSH authentication (sshpass) across the entire Go CLI with wallet-derived ed25519 keys via RootWallet. - Add `rw vault ssh agent-load` command to RootWallet CLI for SSH agent forwarding in push fanout - Create wallet.go bridge: PrepareNodeKeys resolves keys from `rw vault ssh get --priv`, writes temp PEMs (0600), zero-overwrites on cleanup - Remove Password field from Node struct, update config parser to new 3-field format (env|user@host|role) - Remove all sshpass branches from inspector/ssh.go and remotessh/ssh.go, require SSHKey on all SSH paths - Add WithAgentForward() option to RunSSHStreaming for hub fanout - Add PrepareNodeKeys + defer cleanup to all 7 entry points: inspect, monitor, push, upgrade, clean, recover, install - Update push fanout to use SSH agent forwarding instead of sshpass on hub - Delete install/ssh.go duplicate, replace with remotessh calls - Create nodes.conf from remote-nodes.conf (topology only, no secrets) - Update all config defaults and help text from remote-nodes.conf to nodes.conf - Use StrictHostKeyChecking=accept-new consistently everywhere
90 lines
2.2 KiB
Go
90 lines
2.2 KiB
Go
package remotessh
|
|
|
|
import (
|
|
"fmt"
|
|
"os"
|
|
"os/exec"
|
|
|
|
"github.com/DeBrosOfficial/network/pkg/inspector"
|
|
)
|
|
|
|
// SSHOption configures SSH command behavior.
|
|
type SSHOption func(*sshOptions)
|
|
|
|
type sshOptions struct {
|
|
agentForward bool
|
|
}
|
|
|
|
// WithAgentForward enables SSH agent forwarding (-A flag).
|
|
// Used by push fanout so the hub can reach targets via the forwarded agent.
|
|
func WithAgentForward() SSHOption {
|
|
return func(o *sshOptions) { o.agentForward = true }
|
|
}
|
|
|
|
// UploadFile copies a local file to a remote host via SCP.
|
|
// Requires node.SSHKey to be set (via PrepareNodeKeys).
|
|
func UploadFile(node inspector.Node, localPath, remotePath string) error {
|
|
if node.SSHKey == "" {
|
|
return fmt.Errorf("no SSH key for %s (call PrepareNodeKeys first)", node.Name())
|
|
}
|
|
|
|
dest := fmt.Sprintf("%s@%s:%s", node.User, node.Host, remotePath)
|
|
|
|
cmd := exec.Command("scp",
|
|
"-o", "StrictHostKeyChecking=accept-new",
|
|
"-o", "ConnectTimeout=10",
|
|
"-i", node.SSHKey,
|
|
localPath, dest,
|
|
)
|
|
|
|
cmd.Stdout = os.Stdout
|
|
cmd.Stderr = os.Stderr
|
|
|
|
if err := cmd.Run(); err != nil {
|
|
return fmt.Errorf("SCP to %s failed: %w", node.Host, err)
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// RunSSHStreaming executes a command on a remote host via SSH,
|
|
// streaming stdout/stderr to the local terminal in real-time.
|
|
// Requires node.SSHKey to be set (via PrepareNodeKeys).
|
|
func RunSSHStreaming(node inspector.Node, command string, opts ...SSHOption) error {
|
|
if node.SSHKey == "" {
|
|
return fmt.Errorf("no SSH key for %s (call PrepareNodeKeys first)", node.Name())
|
|
}
|
|
|
|
var cfg sshOptions
|
|
for _, o := range opts {
|
|
o(&cfg)
|
|
}
|
|
|
|
args := []string{
|
|
"-o", "StrictHostKeyChecking=accept-new",
|
|
"-o", "ConnectTimeout=10",
|
|
"-i", node.SSHKey,
|
|
}
|
|
if cfg.agentForward {
|
|
args = append(args, "-A")
|
|
}
|
|
args = append(args, fmt.Sprintf("%s@%s", node.User, node.Host), command)
|
|
|
|
cmd := exec.Command("ssh", args...)
|
|
cmd.Stdout = os.Stdout
|
|
cmd.Stderr = os.Stderr
|
|
cmd.Stdin = os.Stdin
|
|
|
|
if err := cmd.Run(); err != nil {
|
|
return fmt.Errorf("SSH to %s failed: %w", node.Host, err)
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// SudoPrefix returns "sudo " for non-root users, empty for root.
|
|
func SudoPrefix(node inspector.Node) string {
|
|
if node.User == "root" {
|
|
return ""
|
|
}
|
|
return "sudo "
|
|
}
|