package main
import (
"errors"
"fmt"
"net"
"golang.org/x/crypto/ssh"
)
var (
socks string = "127.0.0.1:8000"
server string = "192.168.1.1:2222"
cmd string = ""
login string = "root"
password string = ""
)
func main() {
c, err := netConn(socks)
if err != nil {
fmt.Println(err)
}
conf := &ssh.ClientConfig{
User: login,
Auth: []ssh.AuthMethod{
ssh.Password(password),
},
}
client, err := Dialer(conf, c, server)
if err != nil {
fmt.Println(err)
}
session, err := client.NewSession()
defer session.Close()
if err != nil {
fmt.Println(err)
}
session.Run(cmd)
}
func netConn(addr string) (net.Conn, error) {
conn, err := net.Dial("tcp", addr)
if err != nil {
return nil, errors.New(fmt.Sprintf("Unable to connect to %v", err))
}
return conn, nil
}
func Dialer(conf *ssh.ClientConfig, c net.Conn, host string) (*ssh.Client, error) {
conn, chans, reqs, err := ssh.NewClientConn(c, host, conf)
if err != nil {
return nil, err
}
return ssh.NewClient(conn, chans, reqs), nil
}
Client panic
ssh: handshake failed: EOF
panic: runtime error: invalid memory address or nil pointer dereference
[signal 0xb code=0x1 addr=0x0 pc=0x80f3e2d]
goroutine 1 [running]:
panic(0x8201b60, 0x18522030)
/usr/lib/go/src/runtime/panic.go:464 +0x326
golang.org/x/crypto/ssh.(*Client).NewSession(0x0, 0x1, 0x0, 0x0)
/home/user/go/src/golang.org/x/crypto/ssh/client.go:129 +0xcd
main.main()
/home/user/go/src/ss/i.go:34 +0x276
And socks server in log
[ERR] socks: Unsupported SOCKS version: [83]
How i can make it posible? Thanks.
You can use the x/net/proxy package as follows:
package main
import (
"log"
"golang.org/x/crypto/ssh"
"golang.org/x/net/proxy"
)
func main() {
sshConfig := &ssh.ClientConfig{
User: "user",
// Auth: .... fill out with keys etc as normal
}
client, err := proxiedSSHClient("127.0.0.1:8000", "127.0.0.1:22", sshConfig)
if err != nil {
log.Fatal(err)
}
// get a session etc...
}
func proxiedSSHClient(proxyAddress, sshServerAddress string, sshConfig *ssh.ClientConfig) (*ssh.Client, error) {
dialer, err := proxy.SOCKS5("tcp", proxyAddress, nil, proxy.Direct)
if err != nil {
return nil, err
}
conn, err := dialer.Dial("tcp", sshServerAddress)
if err != nil {
return nil, err
}
c, chans, reqs, err := ssh.NewClientConn(conn, sshServerAddress, sshConfig)
if err != nil {
return nil, err
}
return ssh.NewClient(c, chans, reqs), nil
}
As you can see from the ssh package API, the function
func Dial(network, addr string, config *ClientConfig) (*Client, error)
directly returns an object of type ssh.Client.
Therefore you can shorten a lot your code with:
func main() {
conf := &ssh.ClientConfig{
User: login,
Auth: []ssh.AuthMethod{
ssh.Password(password),
},
}
client, err := ssh.Dial("tcp", server, conf)
if err != nil {
fmt.Println(err)
}
defer client.Close()
session, err := client.NewSession()
defer session.Close()
if err != nil {
fmt.Println(err)
}
session.Run(cmd)
}
Hope this helps !
Related
I have an issue with my grpc server and client, I'm trying to create a repeated field in the grpc and send it to the client. but it failed on error, what am I doing wrong on my grpc client/server? i tried send the RequestsCommand as value but this didn't work to.
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x20 pc=0x165cf0e]
goroutine 40 [running]:
main.(*Server).RunCommands(0x172b960?, {0x18be540?, 0xc00031c030?}, 0x107a360?)
<autogenerated>:1 +0x2e
github.com/mygithub/some-package/proto._ExecuterService_RunCommands_Handler({0x1701a20?, 0xc0002430d0}, {0x18be540, 0xc00031c030}, 0xc000318070, 0x0)
..../executer_grpc.pb.go:93 +0x170
executer_grpc.pb.go:93 is :
in := new(CommandsRequest)
return srv.(ExecuterServiceServer).RunCommands(ctx, in)
on the server side I have the following:
grpc_server.go:
package main
import (
"fmt"
pb "github.com/mygithub/some-package/proto"
"google.golang.org/grpc"
)
type Server struct {
pb.ExecuterServiceServer
}
func startServer() {
addr := GetAgentAddress()
lis, err := net.Listen("tcp", addr)
if err != nil {
log.Fatalf("Faild to listen on %v\n", err)
}
s := grpc.NewServer()
pb.RegisterExecuterServiceServer(s, &Server{})
if err = s.Serve(lis); err != nil {
log.Fatalf("Failed to serve: %v\n", err)
}
}
grpc_client.go:
package main
import (
"context"
"encoding/json"
"fmt"
v1 "github.com/mygithub/some-package/api/v1"
pb "github.com/mygithub/some-package/proto"
"google.golang.org/grpc"
"google.golang.org/grpc/credentials/insecure"
)
func sendCommandsWithClient() (string, error) {
command := v1.CommandSpec{
BashCommand: "ls",
Async: false,
}
addr := "localhost:4000"
conn, err := grpc.Dial(addr, grpc.WithTransportCredentials(insecure.NewCredentials()))
if err != nil {
return "", err
}
defer conn.Close()
client := pb.NewExecuterServiceClient(conn)
if err != nil {
return "", err
}
commandRequest := &pb.CommandRequest{
BashCommand: command.BashCommand,
Slug: "test",
Async: command.Async,
}
req := &pb.CommandsRequest{}
req.Commands = append(req.Commands, commandRequest)
aAsJsonString, _ := json.Marshal(req)
fmt.Println(string(aAsJsonString))
res, err := client.RunCommands(context.Background(), req)
if err != nil {
return "", err
}
return res.Content, nil
}
func main() {
_, err := sendCommandsWithClient()
if err != nil {
return
}
}
RunCommands:
func (s *Server) RunCommands(ctx context.Context, in *pb.CommandsRequest) (*pb.CommandsResponse, error) {
log.Println("test")
command := v1.CommandSpec{BashCommand: "ls", Slug: "test", Async: true}
CommandsQueue := append(CommandsQueue, command)
size := len(CommandsQueue)
return &pb.CommandsResponse{Status: 0, Content: strconv.Itoa(size)}, nil
}
go version: go version go1.18.2 darwin/amd64
protoc: proto3
you should go build or go run with all of your go files.
go run main.go model.go somefile.go
I'm using quic-go to implement my thought, I need the server to forwardly send request to client to get response, just like we do that client sends request to web server commonly. But with quic-go, after connection is setup, can server initialize streams to send request to client and get responses? I did a trying but haven't made it work. The code below is from the echo.go of example dir, the two parts between comment lines are added by me.
package main
import (
"context"
"crypto/rand"
"crypto/rsa"
"crypto/tls"
"crypto/x509"
"encoding/pem"
"fmt"
"io"
"log"
"math/big"
"github.com/lucas-clemente/quic-go"
)
const addr = "localhost:4242"
const message = "foobar"
// We start a server echoing data on the first stream the client opens,
// then connect with a client, send the message, and wait for its receipt.
func main() {
go func() { log.Fatal(echoServer()) }()
err := clientMain()
if err != nil {
panic(err)
}
}
// Start a server that echos all data on the first stream opened by the client
func echoServer() error {
listener, err := quic.ListenAddr(addr, generateTLSConfig(), nil)
if err != nil {
return err
}
conn, err := listener.Accept(context.Background())
if err != nil {
return err
}
stream, err := conn.AcceptStream(context.Background())
if err != nil {
panic(err)
}
// Echo through the loggingWriter
_, err = io.Copy(loggingWriter{stream}, stream)
if err != nil {
panic(err)
}
//------------------------------
stream1, err := conn.OpenStream()
if err != nil {
panic(err)
}
message := "aaaaa"
fmt.Printf("2-Server: Sending '%s'\n", message)
_, err = stream1.Write([]byte(message))
//------------------------------
return err
}
func clientMain() error {
tlsConf := &tls.Config{
InsecureSkipVerify: true,
NextProtos: []string{"quic-echo-example"},
}
conn, err := quic.DialAddr(addr, tlsConf, nil)
if err != nil {
return err
}
stream, err := conn.OpenStreamSync(context.Background())
if err != nil {
return err
}
fmt.Printf("Client: Sending '%s'\n", message)
_, err = stream.Write([]byte(message))
if err != nil {
return err
}
buf := make([]byte, len(message))
_, err = io.ReadFull(stream, buf)
if err != nil {
return err
}
fmt.Printf("Client: Got '%s'\n", buf)
err = stream.Close()
if err != nil {
return err
}
//-------------------------------
for {
stream1, err := conn.AcceptStream(context.Background())
if err != nil {
panic(err)
}
buf1 := make([]byte, len(message))
_, err = io.ReadFull(stream1, buf1)
if err != nil {
panic(err)
}
fmt.Printf("2-Client: Got '%s'\n", buf1)
err = stream1.Close()
if err != nil {
panic(err)
}
}
//-------------------------------
return nil
}
// A wrapper for io.Writer that also logs the message.
type loggingWriter struct{ io.Writer }
func (w loggingWriter) Write(b []byte) (int, error) {
fmt.Printf("Server: Got '%s'\n", string(b))
return w.Writer.Write(b)
}
// Setup a bare-bones TLS config for the server
func generateTLSConfig() *tls.Config {
key, err := rsa.GenerateKey(rand.Reader, 1024)
if err != nil {
panic(err)
}
template := x509.Certificate{SerialNumber: big.NewInt(1)}
certDER, err := x509.CreateCertificate(rand.Reader, &template, &template, &key.PublicKey, key)
if err != nil {
panic(err)
}
keyPEM := pem.EncodeToMemory(&pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(key)})
certPEM := pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: certDER})
tlsCert, err := tls.X509KeyPair(certPEM, keyPEM)
if err != nil {
panic(err)
}
return &tls.Config{
Certificates: []tls.Certificate{tlsCert},
NextProtos: []string{"quic-echo-example"},
}
}
You are close.
Notice how the server writes, then returns, it reaches out to log.Fatal before the client had a chance to read and handle the data.
Take care to the message variable, one is 6 length long, the other one is only 5 length long.
Properly close your stream, the server was not ending it ending before handing over;
package main
import (
"context"
"crypto/rand"
"crypto/rsa"
"crypto/tls"
"crypto/x509"
"encoding/pem"
"fmt"
"io"
"log"
"math/big"
"github.com/lucas-clemente/quic-go"
)
const addr = "localhost:4242"
const message = "foobar"
// We start a server echoing data on the first stream the client opens,
// then connect with a client, send the message, and wait for its receipt.
func main() {
go func() {
err := echoServer()
if err != nil {
log.Println(err)
}
}()
err := clientMain()
if err != nil {
panic(err)
}
}
// Start a server that echos all data on the first stream opened by the client
func echoServer() error {
listener, err := quic.ListenAddr(addr, generateTLSConfig(), nil)
if err != nil {
return err
}
conn, err := listener.Accept(context.Background())
if err != nil {
return err
}
stream, err := conn.AcceptStream(context.Background())
if err != nil {
panic(err)
}
// Echo through the loggingWriter
_, err = io.Copy(loggingWriter{stream}, stream)
if err != nil {
log.Println(err)
return err
}
//------------------------------
fmt.Printf("Server: open stream\n")
stream1, err := conn.OpenStream()
if err != nil {
return err
}
fmt.Printf("2-Server: Sending '%s'\n", message)
var n int
n, err = stream1.Write([]byte(message))
fmt.Printf("Server: write %v %v\n", n, err)
stream1.Close()
//------------------------------
return err
}
func clientMain() error {
tlsConf := &tls.Config{
InsecureSkipVerify: true,
NextProtos: []string{"quic-echo-example"},
}
conn, err := quic.DialAddr(addr, tlsConf, nil)
if err != nil {
return err
}
stream, err := conn.OpenStreamSync(context.Background())
if err != nil {
return err
}
fmt.Printf("Client: Sending '%s'\n", message)
_, err = stream.Write([]byte(message))
if err != nil {
return err
}
buf := make([]byte, len(message))
_, err = io.ReadFull(stream, buf)
if err != nil {
return err
}
fmt.Printf("Client: Got '%s'\n", buf)
err = stream.Close()
if err != nil {
return err
}
//-------------------------------
for {
fmt.Printf("Client: accept stream\n")
stream1, err := conn.AcceptStream(context.Background())
if err != nil {
return err
}
fmt.Printf("Client: got stream %v\n", err)
buf1 := make([]byte, len(message))
_, err = io.ReadFull(stream1, buf1)
if err != nil {
return err
}
fmt.Printf("2-Client: Got '%s'\n", buf1)
err = stream1.Close()
if err != nil {
return err
}
break
}
//-------------------------------
return nil
}
// A wrapper for io.Writer that also logs the message.
type loggingWriter struct{ io.Writer }
func (w loggingWriter) Write(b []byte) (int, error) {
fmt.Printf("Server: Got '%s'\n", string(b))
return w.Writer.Write(b)
}
// Setup a bare-bones TLS config for the server
func generateTLSConfig() *tls.Config {
key, err := rsa.GenerateKey(rand.Reader, 1024)
if err != nil {
panic(err)
}
template := x509.Certificate{SerialNumber: big.NewInt(1)}
certDER, err := x509.CreateCertificate(rand.Reader, &template, &template, &key.PublicKey, key)
if err != nil {
panic(err)
}
keyPEM := pem.EncodeToMemory(&pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(key)})
certPEM := pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: certDER})
tlsCert, err := tls.X509KeyPair(certPEM, keyPEM)
if err != nil {
panic(err)
}
return &tls.Config{
Certificates: []tls.Certificate{tlsCert},
NextProtos: []string{"quic-echo-example"},
}
}
I have multiple servers that I'm trying to establish SSH connections to, and I'm spawning a new goroutine for every SSH connection I have to establish. I then send some commands. This program sort of works, but just exits after the first connection.
What am I doing wrong here?
package main
import (
"bufio"
"log"
"os"
"time"
"golang.org/x/crypto/ssh"
)
func main() {
file, err := os.Open("servers.txt")
if err != nil {
log.Fatal(err)
}
defer file.Close()
scanner := bufio.NewScanner(file)
for scanner.Scan() {
go ssh_login(scanner.Text())
}
if err := scanner.Err(); err != nil {
log.Fatal(err)
}
}
func ssh_login(host string) {
port := "22"
user := "testing"
pass := "testing"
cmd := "uname -a"
config := &ssh.ClientConfig{
User: user,
Auth: []ssh.AuthMethod{
ssh.Password(pass),
},
HostKeyCallback: ssh.InsecureIgnoreHostKey(),
Timeout: 1 * time.Second,
}
client, err := ssh.Dial("tcp", host+":"+port, config)
if err != nil {
log.Fatal(err)
}
defer client.Close()
sess, err := client.NewSession()
if err != nil {
log.Fatal(err)
}
defer sess.Close()
sess.Stdout = os.Stdout
sess.Stderr = os.Stderr
err = sess.Run(cmd)
if err != nil {
log.Fatal(err)
}
}
What am I doing wrong?
I am trying to connect to a remote EC2-server through Go code using a PEM key provided by AWS. I am able to log in to the server through the command line using the PEM key.
I have done the following so far.
package main
import (
"io"
"io/ioutil"
"os"
"time"
"golang.org/x/crypto/ssh"
)
func publicKey(path string) ssh.AuthMethod {
key, err := ioutil.ReadFile(path)
if err != nil {
panic(err)
}
signer, err := ssh.ParsePrivateKey(key)
if err != nil {
panic(err)
}
return ssh.PublicKeys(signer)
}
func runCommand(cmd string, conn *ssh.Client) {
sess, err := conn.NewSession()
if err != nil {
panic(err)
}
defer sess.Close()
sessStdOut, err := sess.StdoutPipe()
if err != nil {
panic(err)
}
go io.Copy(os.Stdout, sessStdOut)
sessStderr, err := sess.StderrPipe()
if err != nil {
panic(err)
}
go io.Copy(os.Stderr, sessStderr)
err = sess.Run(cmd) // eg., /usr/bin/whoami
if err != nil {
panic(err)
}
}
func main() {
config := &ssh.ClientConfig{
User: "ec2-user",
Auth: []ssh.AuthMethod{
publicKey("mykey"),
},
Timeout: 15 * time.Second,
HostKeyCallback: ssh.InsecureIgnoreHostKey(),
}
conn, err := ssh.Dial("tcp", "remote-server:22", config)
if err != nil {
panic(err.Error())
}
defer conn.Close()
runCommand("whoami", conn)
}
I keep getting the following error. What am I missing?
panic: ssh: handshake failed: read tcp "localhost"->"remotehost:22": read: operation timed out
In the above message I have replaced the IP addresses of the actual machines with bogus names.
I was able to resolve this since I was using an incorrect port to connect to :). I should be using port 22 for SSH, but was using some other service port.
Thanks.
I am trying to SSH to a Cisco wireless controller through Go, using Go's golang.org/x/crypto/ssh library, to programmatically configure access points. The problem I'm running into is correctly parsing the controller CLI in Go. For example, this is the typical SSH login to the controller:
$ ssh <controller_ip>
(Cisco Controller)
User: username
Password:****************
(Cisco Controller) >
I am trying to figure out how to send the username and then the password after the SSH session is established in Go. So far, I am able to successfully SSH to the controller, but the program exits at the username prompt, like this:
$ go run main.go
(Cisco Controller)
User:
How would I go about sending the username when prompted, then repeating that for the password prompt?
No errors are being thrown or exit codes are being given, so I'm not sure why the program is exiting immediately at the username prompt. But Even if it wasn't exiting that way, I'm still unsure of how to send the username and password when the controller's CLI is expecting it.
Here is my code:
package main
import (
"golang.org/x/crypto/ssh"
"log"
"io/ioutil"
"os"
"strings"
"path/filepath"
"bufio"
"fmt"
"errors"
"time"
)
const (
HOST = "host"
)
func main() {
hostKey, err := checkHostKey(HOST)
if err != nil {
log.Fatal(err)
}
key, err := ioutil.ReadFile("/Users/user/.ssh/id_rsa")
if err != nil {
log.Fatalf("unable to read private key: %v", err)
}
// Create the Signer for this private key.
signer, err := ssh.ParsePrivateKey(key)
if err != nil {
log.Fatalf("unable to parse private key: %v", err)
}
// Create client config
config := &ssh.ClientConfig{
User: "username",
Auth: []ssh.AuthMethod{
ssh.Password("password"),
// Use the PublicKeys method for remote authentication.
ssh.PublicKeys(signer),
},
HostKeyCallback: ssh.FixedHostKey(hostKey),
Timeout: time.Second * 5,
}
// Connect to the remote server and perform the SSH handshake.
client, err := ssh.Dial("tcp", HOST+":22", config)
if err != nil {
log.Fatalf("unable to connect: %v", err)
}
defer client.Close()
// Create a session
session, err := client.NewSession()
if err != nil {
log.Fatal("Failed to create session: ", err)
}
defer session.Close()
stdin, err := session.StdinPipe()
if err != nil {
log.Fatal(err)
}
stdout, err := session.StdoutPipe()
if err != nil {
log.Fatal(err)
}
modes := ssh.TerminalModes{
ssh.ECHO: 0,
ssh.TTY_OP_ISPEED: 9600,
ssh.TTY_OP_OSPEED: 9600,
}
if err := session.RequestPty("xterm", 0, 200, modes); err != nil {
log.Fatal(err)
}
if err := session.Shell(); err != nil {
log.Fatal(err)
}
buf := make([]byte, 1000)
n, err := stdout.Read(buf) //this reads the ssh terminal welcome message
loadStr := ""
if err == nil {
loadStr = string(buf[:n])
}
for (err == nil) && (!strings.Contains(loadStr, "(Cisco Controller)")) {
n, err = stdout.Read(buf)
loadStr += string(buf[:n])
}
fmt.Println(loadStr)
if _, err := stdin.Write([]byte("show ap summary\r")); err != nil {
panic("Failed to run: " + err.Error())
}
}
func checkHostKey(host string) (ssh.PublicKey, error) {
file, err := os.Open(filepath.Join(os.Getenv("HOME"), ".ssh", "known_hosts"))
if err != nil {
return nil, err
}
defer file.Close()
scanner := bufio.NewScanner(file)
var hostKey ssh.PublicKey
for scanner.Scan() {
fields := strings.Split(scanner.Text(), " ")
if len(fields) != 3 {
continue
}
if strings.Contains(fields[0], host) {
hostKey, _, _, _, err = ssh.ParseAuthorizedKey(scanner.Bytes())
if err != nil {
return nil, errors.New(fmt.Sprintf("error parsing %q: %v", fields[2], err))
}
break
}
}
if hostKey == nil {
return nil, errors.New(fmt.Sprintf("no hostkey for %s", host))
}
return hostKey, nil
}
Finally got it working. Here is my new code inspired by this post:
package main
import (
"golang.org/x/crypto/ssh"
"log"
"io/ioutil"
"os"
"strings"
"path/filepath"
"bufio"
"fmt"
"errors"
"time"
)
func main() {
client, err := authenticate("10.4.112.11", "mwalto7", "lion$Tiger$Bear$")
if err != nil {
log.Fatalf("unable to connect: %v", err)
}
defer client.Close()
// Create a session
session, err := client.NewSession()
if err != nil {
log.Fatal("Failed to create session: ", err)
}
defer session.Close()
stdin, err := session.StdinPipe()
if err != nil {
log.Fatal(err)
}
session.Stdout = os.Stdout
session.Stderr = os.Stderr
if err := session.Shell(); err != nil {
log.Fatal(err)
}
for _, cmd := range os.Args[1:] {
stdin.Write([]byte(cmd + "\n"))
}
stdin.Write([]byte("logout\n"))
stdin.Write([]byte("N\n"))
session.Wait()
}
func authenticate(host, username, password string) (ssh.Client, error) {
hostKey, err := checkHostKey(host)
if err != nil {
log.Fatal(err)
}
key, err := ioutil.ReadFile(filepath.Join(os.Getenv("HOME"), ".ssh", "id_rsa"))
if err != nil {
log.Fatalf("unable to read private key: %v", err)
}
// Create the Signer for this private key.
signer, err := ssh.ParsePrivateKey(key)
if err != nil {
log.Fatalf("unable to parse private key: %v", err)
}
// Create client config
config := &ssh.ClientConfig{
User: username,
Auth: []ssh.AuthMethod{
ssh.Password(password),
// Use the PublicKeys method for remote authentication.
ssh.PublicKeys(signer),
},
HostKeyCallback: ssh.FixedHostKey(hostKey),
Timeout: time.Second * 5,
}
// Connect to the remote server and perform the SSH handshake.
client, err := ssh.Dial("tcp", host+":22", config)
return *client, err
}
func checkHostKey(host string) (ssh.PublicKey, error) {
file, err := os.Open(filepath.Join(os.Getenv("HOME"), ".ssh", "known_hosts"))
if err != nil {
return nil, err
}
defer file.Close()
scanner := bufio.NewScanner(file)
var hostKey ssh.PublicKey
for scanner.Scan() {
fields := strings.Split(scanner.Text(), " ")
if len(fields) != 3 {
continue
}
if strings.Contains(fields[0], host) {
hostKey, _, _, _, err = ssh.ParseAuthorizedKey(scanner.Bytes())
if err != nil {
return nil, errors.New(fmt.Sprintf("error parsing %q: %v", fields[2], err))
}
break
}
}
if hostKey == nil {
return nil, errors.New(fmt.Sprintf("no hostkey for %s", host))
}
return hostKey, nil
}