hostkey is now sent from the server to the agent so that at a later

stage we can make the hostkey conrfigurable at the server level instead
of using a fixed hardcoded key.

cmd/agent/agent.go

@@ -29,9 +29,6 @@ import (
 	_ "net/http/pprof"
 )
 
-//go:embed hostkey.pem
-var hostPrivateKey []byte
-
 func SftpHandler(sftpSession ssh.Session) {
 	sessionInfo := comms.NewSessionInfo(
 		sftpSession.LocalAddr().String(),
@@ -65,7 +62,7 @@ func SftpHandler(sftpSession ssh.Session) {
 	}
 }
 
-func sshServer(hostKeyFile string, shellCommand string,
+func sshServer(hostPrivateKey []byte, shellCommand string,
 	authorizedPublicKeys *AuthorizedPublicKeys) *ssh.Server {
 	ssh.Handle(func(sshSession ssh.Session) {
 		workingDirectory, _ := os.Getwd()
@@ -333,7 +330,7 @@ func main() {
 	var service AgentService
 
 	service = ListenerServer(func() *ssh.Server {
-		return sshServer("hostkey.pem", shell, authorizedKeys)
+		return sshServer(registration.HostPrivateKey, shell, authorizedKeys)
 	})
 	//service = ConnectionServer(netCatServer)
 	//service = ConnectionServer(echoServer)

cmd/agent/sshauthorizedkeys.go

@@ -99,7 +99,6 @@ func (pubkeys *AuthorizedPublicKeys) monitorAuthorizedKeysFile(authorizedPublicK
 			authorizedPublicKeysFile, err)
 	}
 	defer watcher.Close()
-	log.Println("XXX: monitor " + dir)
 	err = watcher.Add(dir)
 	if err != nil {
 		log.Printf("Cannot watch hold file %s, user notifications for change in expiry time will be unavailable: %v", authorizedPublicKeysFile, err)

pkg/comms/events.go

@@ -8,7 +8,7 @@ import (
 	"time"
 )
 
-const PROTOCOL_VERSION = 3
+const PROTOCOL_VERSION = 4
 
 func init() {
 	RegisterEventsWithGob()
@@ -58,7 +58,8 @@ type AgentRegistration struct {
 	Message string
 	// final Id assigned by the server. Usually identical to the requested id
 	// but if there is a conflict, a new id is chosen.
-	Id string
+	Id             string
+	HostPrivateKey []byte
 }
 
 // Generic wrapper message required to send messages of arbitrary type

pkg/server/admin/admin.go

@@ -105,7 +105,7 @@ func (admin *Admin) getFreeId(publicId models.RendezVousId) (models.RendezVousId
 	return "", fmt.Errorf("Could not allocate agent id based on requested public id '%s'", publicId)
 }
 
-func (admin *Admin) AddAgent(publicId models.RendezVousId, agentInfo comms.EnvironmentInfo, conn io.ReadWriteCloser) (*agentConnection, error) {
+func (admin *Admin) AddAgent(hostKey []byte, publicId models.RendezVousId, agentInfo comms.EnvironmentInfo, conn io.ReadWriteCloser) (*agentConnection, error) {
 	admin.mutex.Lock()
 	defer admin.mutex.Unlock()
 
@@ -117,9 +117,10 @@ func (admin *Admin) AddAgent(publicId models.RendezVousId, agentInfo comms.Envir
 		}
 		publicId = newPublicId
 		comms.SendRegistrationMessage(conn, comms.AgentRegistration{
-			Ok:      true,
-			Message: message,
-			Id:      string(publicId),
+			Ok:             true,
+			Message:        message,
+			Id:             string(publicId),
+			HostPrivateKey: hostKey,
 		})
 	} else {
 		comms.SendRegistrationMessage(conn, comms.AgentRegistration{

pkg/server/matchmaker/matchmaker.go

@@ -1,6 +1,7 @@
 package matchmaker
 
 import (
+	_ "embed"
 	"fmt"
 	"git.wamblee.org/converge/pkg/comms"
 	"git.wamblee.org/converge/pkg/models"
@@ -11,6 +12,13 @@ import (
 	"time"
 )
 
+// Use a fixed host key for all agents. Using a dynamic host key would be madness.
+// An alternative would be to configure the host key on the server side and send it
+// to agents before establishing a session.
+//
+//go:embed hostkey.pem
+var hostPrivateKey []byte
+
 type MatchMaker struct {
 	admin    admin.Admin
 	notifier Notifier
@@ -34,7 +42,7 @@ func (converge *MatchMaker) Register(publicId models.RendezVousId, conn io.ReadW
 		return err
 	}
 
-	agent, err := converge.admin.AddAgent(publicId, agentInfo, conn)
+	agent, err := converge.admin.AddAgent(hostPrivateKey, publicId, agentInfo, conn)
 	converge.logStatus()
 	if err != nil {
 		return err