docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Correct error handling for external SSH client 

In some cases, (e.g. private key not accessible or has incorrect
permissions) docker-machine failed with error "Something went wrong
running an SSH command!". This commit will add the correct debug
messages and show the correct errors for the bad private keys.

Signed-off-by: Maksim Malchuk <maksim.malchuk@gmail.com>
This commit is contained in:
Maksim Malchuk 2016-03-26 00:02:41 +03:00
parent 8141874120
commit f2acfa9492
2 changed files with 46 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
libmachine/ssh/client.go
View File

@ -321,6 +321,19 @@ func NewExternalClient(sshBinaryPath, user, host string, port int, auth *Auth) (
// Specify which private keys to use to authorize the SSH request. // Specify which private keys to use to authorize the SSH request.
for _, privateKeyPath := range auth.Keys { for _, privateKeyPath := range auth.Keys {
if privateKeyPath != "" { if privateKeyPath != "" {
// Check each private key before use it
fi, err := os.Stat(privateKeyPath)
if err != nil {
// Abort if key not accessible
return nil, err
}
mode := fi.Mode()
log.Debugf("Using SSH private key: %s (%s)", privateKeyPath, mode)
// Private key file should have strict permissions
if mode != 0600 {
// Abort with correct message
return nil, fmt.Errorf("Permissions %#o for '%s' are too open.", mode, privateKeyPath)
}
args = append(args, "-i", privateKeyPath) args = append(args, "-i", privateKeyPath)
} }
} }

33
libmachine/ssh/client_test.go
View File

@ -43,3 +43,36 @@ func TestGetSSHCmdArgs(t *testing.T) {
assert.Equal(t, cmd.Args, c.expectedArgs) assert.Equal(t, cmd.Args, c.expectedArgs)
} }
} }
func TestNewExternalClient(t *testing.T) {
cases := []struct {
sshBinaryPath string
user string
host string
port int
auth *Auth
expectedError string
}{
{
sshBinaryPath: "/usr/local/bin/ssh",
user: "docker",
host: "localhost",
port: 22,
auth: &Auth{Keys: []string{"/tmp/private-key-not-exist"}},
expectedError: "stat /tmp/private-key-not-exist: no such file or directory",
},
{
sshBinaryPath: "/usr/local/bin/ssh",
user: "docker",
host: "localhost",
port: 22,
auth: &Auth{Keys: []string{"/dev/null"}},
expectedError: "Permissions 0410000666 for '/dev/null' are too open.",
},
}
for _, c := range cases {
_, err := NewExternalClient(c.sshBinaryPath, c.user, c.host, c.port, c.auth)
assert.EqualError(t, err, c.expectedError)
}
}