While waiting for some long-running automated tasks at work to complete, I passed the time by writing a simple program using github.com/pkg/sftp <http://github.com/pkg/sftp> to automate dumping the latest backups from our backup server onto my computer for using them to test other parts of our workflow. I have an encrypted id_rsa with a passphrase, which ssh.ParsePrivateKey() doesn't support right now. I admittedly don’t understand ssh the toolchain enough to know how to have ssh prompt for a passphrase without an agent (because I dislike GUI agent prompters), and I didn't know (until it was pointed out to me) that git was running ssh behind my back (I thought it was producing passphrase prompts itself). So I examined the package’s source and a few other packages to rolled together this solution, which works for me:
https://play.golang.org/p/M93Dk9_ufa <https://play.golang.org/p/M93Dk9_ufa> import ( "crypto/x509" "encoding/pem" "io/ioutil" "golang.org/x/crypto/ssh" ) // Pass the returned ssh.Signer to ssh.PublicKeys() to get its ssh.AuthMethod func ParseEncryptedPrivateKey(key []byte, passphrase string) (ssh.Signer, error) { block, _ := pem.Decode(key) key, err := x509.DecryptPEMBlock(block, []byte(passphrase)) if err != nil { return nil, err } block.Headers = nil block.Bytes = key return ssh.ParsePrivateKey(pem.EncodeToMemory(block)) } My question is: is there any gotcha or caveat about the above that I don't know about? Because I'd like to add it to crypto/ssh, to make the lives of other people dealing with passphrased keys easier. Thanks. -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
