From 3ee34d37d91bf2a2cb69b4686e60e833fa30f00f Mon Sep 17 00:00:00 2001
From: Arnaud Meukam <ameukam@gmail.com>
Date: Mon, 7 Apr 2025 22:15:06 +0200
Subject: [PATCH] toolbox: ensure SSH keys are loaded

Ensure `kops toolbox enroll` verify if SSH keys are loaded before
authenticate to the host.

Signed-off-by: Arnaud Meukam <ameukam@gmail.com>
---
 pkg/commands/toolbox_enroll.go | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/pkg/commands/toolbox_enroll.go b/pkg/commands/toolbox_enroll.go
index 268563d6a4..736e977689 100644
--- a/pkg/commands/toolbox_enroll.go
+++ b/pkg/commands/toolbox_enroll.go
@@ -261,6 +261,16 @@ func NewSSHHost(ctx context.Context, host string, sshPort int, sshUser string, s
 
 	agentClient := agent.NewClient(conn)
 
+	signers, err := agentClient.Signers()
+	if err != nil {
+		_ = conn.Close()
+		return nil, fmt.Errorf("failed to get signers: %w", err)
+	}
+
+	if len(signers) == 0 {
+		return nil, fmt.Errorf("SSH agent has no keys")
+	}
+
 	sshConfig := &ssh.ClientConfig{
 		HostKeyCallback: func(hostname string, remote net.Addr, key ssh.PublicKey) error {
 			klog.Warningf("accepting SSH key %v for %q", key, hostname)