jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

sftp: ed25519 keys

Browse Source
This commit is contained in:
Girish Ramakrishnan
2023-03-09 10:55:14 +01:00
parent d20958760b
commit d2f0bb2b44
5 changed files with 34 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
src/sftp.js
View File

@@ -15,6 +15,7 @@ const apps = require('./apps.js'),
docker = require('./docker.js'),
hat = require('./hat.js'),
infra = require('./infra_version.js'),
path = require('path'),
paths = require('./paths.js'),
safe = require('safetydance'),
settings = require('./settings.js'),
@@ -24,19 +25,23 @@ const apps = require('./apps.js'),
volumes = require('./volumes.js');
async function ensureKeys() {
const sftpRsaPrivateKey = await blobs.get(blobs.SFTP_RSA_PRIVATE_KEY);
const sftpRsaPublicKey = await blobs.get(blobs.SFTP_RSA_PUBLIC_KEY);
for (const keyType of [ 'rsa', 'ed25519' ]) {
const privateKey = await blobs.get(`sftp_${keyType}_private_key`);
const publicKey = await blobs.get(`sftp_${keyType}_public_key`);
const publicKeyFile = path.join(paths.SFTP_KEYS_DIR, `ssh_host_${keyType}_key.pub`);
const privateKeyFile = path.join(paths.SFTP_KEYS_DIR, `ssh_host_${keyType}_key`);
if (!sftpRsaPrivateKey || !sftpRsaPublicKey) {
debug('ensureSecrets: generating new sftp keys');
if (!safe.child_process.execSync(`ssh-keygen -m PEM -t rsa -f "${paths.SFTP_KEYS_DIR}/ssh_host_rsa_key" -q -N ""`)) throw new BoxError(BoxError.OPENSSL_ERROR, `Could not generate sftp ssh keys: ${safe.error.message}`);
const newSftpPublicKey = safe.fs.readFileSync(paths.SFTP_RSA_PUBLIC_KEY_FILE);
await blobs.set(blobs.SFTP_RSA_PUBLIC_KEY, newSftpPublicKey);
const newSftpPrivateKey = safe.fs.readFileSync(paths.SFTP_RSA_PRIVATE_KEY_FILE);
await blobs.set(blobs.SFTP_RSA_PRIVATE_KEY, newSftpPrivateKey);
} else {
if (!safe.fs.writeFileSync(paths.SFTP_RSA_PUBLIC_KEY_FILE, sftpRsaPublicKey)) throw new BoxError(BoxError.FS_ERROR, `Could not save sftp public key: ${safe.error.message}`);
if (!safe.fs.writeFileSync(paths.SFTP_RSA_PRIVATE_KEY_FILE, sftpRsaPrivateKey, { mode: 0o600 })) throw new BoxError(BoxError.FS_ERROR, `Could not save sftp private key: ${safe.error.message}`);
if (!privateKey || !publicKey) {
debug(`ensureSecrets: generating new sftp keys of type ${keyType}`);
if (!safe.child_process.execSync(`ssh-keygen -m PEM -t ${keyType} -f "${paths.SFTP_KEYS_DIR}/ssh_host_${keyType}_key" -q -N ""`)) throw new BoxError(BoxError.OPENSSL_ERROR, `Could not generate sftp ${keyType} keys: ${safe.error.message}`);
const newPublicKey = safe.fs.readFileSync(publicKeyFile);
await blobs.set(`sftp_${keyType}_public_key`, newPublicKey);
const newPrivateKey = safe.fs.readFileSync(privateKeyFile);
await blobs.set(`sftp_${keyType}_private_key`, newPrivateKey);
} else {
if (!safe.fs.writeFileSync(publicKeyFile, publicKey)) throw new BoxError(BoxError.FS_ERROR, `Could not save sftp public ${keyType} key: ${safe.error.message}`);
if (!safe.fs.writeFileSync(privateKeyFile, privateKey, { mode: 0o600 })) throw new BoxError(BoxError.FS_ERROR, `Could not save sftp private ${keyType} key: ${safe.error.message}`);
}
}
}