From a3fe2fbcb679d5921f2c532e6a08f7bbeee11954 Mon Sep 17 00:00:00 2001
From: Erik Brakkee <erik@brakkee.org>
Date: Sat, 17 Aug 2024 21:35:29 +0200
Subject: [PATCH] hostkey is now sent from the server to the agent so that at a
 later stage we can make the hostkey conrfigurable at the server level instead
 of using a fixed hardcoded key.

---
 cmd/agent/agent.go                               |  7 ++-----
 cmd/agent/sshauthorizedkeys.go                   |  1 -
 pkg/comms/events.go                              |  5 +++--
 pkg/server/admin/admin.go                        |  9 +++++----
 {cmd/agent => pkg/server/matchmaker}/hostkey.pem |  0
 pkg/server/matchmaker/matchmaker.go              | 10 +++++++++-
 6 files changed, 19 insertions(+), 13 deletions(-)
 rename {cmd/agent => pkg/server/matchmaker}/hostkey.pem (100%)

diff --git a/cmd/agent/agent.go b/cmd/agent/agent.go
index e62c64f..22d773b 100755
--- a/cmd/agent/agent.go
+++ b/cmd/agent/agent.go
@@ -29,9 +29,6 @@ import (
 	_ "net/http/pprof"
 )
 
-//go:embed hostkey.pem
-var hostPrivateKey []byte
-
 func SftpHandler(sftpSession ssh.Session) {
 	sessionInfo := comms.NewSessionInfo(
 		sftpSession.LocalAddr().String(),
@@ -65,7 +62,7 @@ func SftpHandler(sftpSession ssh.Session) {
 	}
 }
 
-func sshServer(hostKeyFile string, shellCommand string,
+func sshServer(hostPrivateKey []byte, shellCommand string,
 	authorizedPublicKeys *AuthorizedPublicKeys) *ssh.Server {
 	ssh.Handle(func(sshSession ssh.Session) {
 		workingDirectory, _ := os.Getwd()
@@ -333,7 +330,7 @@ func main() {
 	var service AgentService
 
 	service = ListenerServer(func() *ssh.Server {
-		return sshServer("hostkey.pem", shell, authorizedKeys)
+		return sshServer(registration.HostPrivateKey, shell, authorizedKeys)
 	})
 	//service = ConnectionServer(netCatServer)
 	//service = ConnectionServer(echoServer)
diff --git a/cmd/agent/sshauthorizedkeys.go b/cmd/agent/sshauthorizedkeys.go
index 5aed9f2..0ba4fa0 100644
--- a/cmd/agent/sshauthorizedkeys.go
+++ b/cmd/agent/sshauthorizedkeys.go
@@ -99,7 +99,6 @@ func (pubkeys *AuthorizedPublicKeys) monitorAuthorizedKeysFile(authorizedPublicK
 			authorizedPublicKeysFile, err)
 	}
 	defer watcher.Close()
-	log.Println("XXX: monitor " + dir)
 	err = watcher.Add(dir)
 	if err != nil {
 		log.Printf("Cannot watch hold file %s, user notifications for change in expiry time will be unavailable: %v", authorizedPublicKeysFile, err)
diff --git a/pkg/comms/events.go b/pkg/comms/events.go
index dedb71c..a3f9200 100644
--- a/pkg/comms/events.go
+++ b/pkg/comms/events.go
@@ -8,7 +8,7 @@ import (
 	"time"
 )
 
-const PROTOCOL_VERSION = 3
+const PROTOCOL_VERSION = 4
 
 func init() {
 	RegisterEventsWithGob()
@@ -58,7 +58,8 @@ type AgentRegistration struct {
 	Message string
 	// final Id assigned by the server. Usually identical to the requested id
 	// but if there is a conflict, a new id is chosen.
-	Id string
+	Id             string
+	HostPrivateKey []byte
 }
 
 // Generic wrapper message required to send messages of arbitrary type
diff --git a/pkg/server/admin/admin.go b/pkg/server/admin/admin.go
index 97dd57e..4461ed9 100644
--- a/pkg/server/admin/admin.go
+++ b/pkg/server/admin/admin.go
@@ -105,7 +105,7 @@ func (admin *Admin) getFreeId(publicId models.RendezVousId) (models.RendezVousId
 	return "", fmt.Errorf("Could not allocate agent id based on requested public id '%s'", publicId)
 }
 
-func (admin *Admin) AddAgent(publicId models.RendezVousId, agentInfo comms.EnvironmentInfo, conn io.ReadWriteCloser) (*agentConnection, error) {
+func (admin *Admin) AddAgent(hostKey []byte, publicId models.RendezVousId, agentInfo comms.EnvironmentInfo, conn io.ReadWriteCloser) (*agentConnection, error) {
 	admin.mutex.Lock()
 	defer admin.mutex.Unlock()
 
@@ -117,9 +117,10 @@ func (admin *Admin) AddAgent(publicId models.RendezVousId, agentInfo comms.Envir
 		}
 		publicId = newPublicId
 		comms.SendRegistrationMessage(conn, comms.AgentRegistration{
-			Ok:      true,
-			Message: message,
-			Id:      string(publicId),
+			Ok:             true,
+			Message:        message,
+			Id:             string(publicId),
+			HostPrivateKey: hostKey,
 		})
 	} else {
 		comms.SendRegistrationMessage(conn, comms.AgentRegistration{
diff --git a/cmd/agent/hostkey.pem b/pkg/server/matchmaker/hostkey.pem
similarity index 100%
rename from cmd/agent/hostkey.pem
rename to pkg/server/matchmaker/hostkey.pem
diff --git a/pkg/server/matchmaker/matchmaker.go b/pkg/server/matchmaker/matchmaker.go
index b243fcf..8542992 100644
--- a/pkg/server/matchmaker/matchmaker.go
+++ b/pkg/server/matchmaker/matchmaker.go
@@ -1,6 +1,7 @@
 package matchmaker
 
 import (
+	_ "embed"
 	"fmt"
 	"git.wamblee.org/converge/pkg/comms"
 	"git.wamblee.org/converge/pkg/models"
@@ -11,6 +12,13 @@ import (
 	"time"
 )
 
+// Use a fixed host key for all agents. Using a dynamic host key would be madness.
+// An alternative would be to configure the host key on the server side and send it
+// to agents before establishing a session.
+//
+//go:embed hostkey.pem
+var hostPrivateKey []byte
+
 type MatchMaker struct {
 	admin    admin.Admin
 	notifier Notifier
@@ -34,7 +42,7 @@ func (converge *MatchMaker) Register(publicId models.RendezVousId, conn io.ReadW
 		return err
 	}
 
-	agent, err := converge.admin.AddAgent(publicId, agentInfo, conn)
+	agent, err := converge.admin.AddAgent(hostPrivateKey, publicId, agentInfo, conn)
 	converge.logStatus()
 	if err != nil {
 		return err