Documentation
¶
Overview ¶
Package ssh provides SSH key generation, validation, and path utilities.
Index ¶
- func AddKeyToAgent(keyPath string) error
- func AddKeyToAgentWithPassphrase(keyPath string, passphrase []byte) error
- func DefaultSSHKeyPath(identityName string) string
- func ExpandPath(path string) (string, error)
- func GenerateKeyPair(comment string, passphrase []byte) (privateKeyPEM, publicKey []byte, err error)
- func GetFingerprint(publicKey []byte) (string, error)
- func IsAgentRunning() bool
- func IsEncrypted(pemData []byte) bool
- func ValidateEd25519Key(pemData []byte) error
- func ValidateKeyPath(path string) error
- func WriteKeyFiles(privateKeyPath string, privateKey, publicKey []byte) error
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func AddKeyToAgent ¶
AddKeyToAgent adds an SSH key to the running ssh-agent. On macOS, uses /usr/bin/ssh-add with --apple-use-keychain for Keychain integration. On other platforms, uses standard ssh-add. This method uses exec to shell out, allowing passphrase prompts to work interactively.
func AddKeyToAgentWithPassphrase ¶
AddKeyToAgentWithPassphrase adds an SSH key to the agent programmatically. If passphrase is nil or empty and the key requires one, falls back to AddKeyToAgent to allow interactive passphrase prompting.
func DefaultSSHKeyPath ¶
DefaultSSHKeyPath returns the default SSH key path for a gitch identity. Format: ~/.ssh/gitch_{identityName}_ed25519
func ExpandPath ¶
ExpandPath expands ~ and environment variables in a path. Returns the cleaned, absolute path.
func GenerateKeyPair ¶
func GenerateKeyPair(comment string, passphrase []byte) (privateKeyPEM, publicKey []byte, err error)
GenerateKeyPair generates an Ed25519 SSH keypair. Returns the private key in PEM format and the public key in authorized_keys format. If passphrase is provided, the private key will be encrypted.
func GetFingerprint ¶
GetFingerprint returns the SHA256 fingerprint of an SSH public key. The input should be in authorized_keys format (e.g., "ssh-ed25519 AAAA... comment").
func IsAgentRunning ¶
func IsAgentRunning() bool
IsAgentRunning checks if ssh-agent is running and accessible. Returns true if SSH_AUTH_SOCK is set and the socket is reachable.
func IsEncrypted ¶
IsEncrypted checks if the given PEM data represents an encrypted private key.
func ValidateEd25519Key ¶
ValidateEd25519Key validates that the given PEM data is an Ed25519 private key. Returns nil if the key is a valid Ed25519 key (encrypted or not). Returns an error if the key is not Ed25519 or cannot be parsed.
func ValidateKeyPath ¶
ValidateKeyPath validates an SSH key file at the given path. Expands the path, checks the file exists, validates it's not a .pub file, and verifies it's an Ed25519 key.
func WriteKeyFiles ¶
WriteKeyFiles writes the SSH keypair to disk with appropriate permissions. Private key is written with 0600 permissions. Public key is written to {path}.pub with 0644 permissions.
Types ¶
This section is empty.
Source Files