From 7f4565b048176535e210bf208297a4042a0c1fe5 Mon Sep 17 00:00:00 2001 From: Bernd Schoolmann Date: Thu, 28 Dec 2023 13:11:00 +0100 Subject: [PATCH] Auto detect git signage --- agent/ssh/ssh.go | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/agent/ssh/ssh.go b/agent/ssh/ssh.go index 01dafd6..f7edf02 100644 --- a/agent/ssh/ssh.go +++ b/agent/ssh/ssh.go @@ -100,7 +100,17 @@ func (vaultAgent vaultAgent) Sign(key ssh.PublicKey, data []byte) (*ssh.Signatur } } - message := fmt.Sprintf("%s on %s>%s>%s is requesting signage with key %s", vaultAgent.context.UserName, vaultAgent.context.GrandParentProcessName, vaultAgent.context.ParentProcessName, vaultAgent.context.ProcessName, sshKey.Name) + isGit := false + magicHeader := []byte("SSHSIG\x00\x00\x00\x03git") + if bytes.HasPrefix(data, magicHeader) { + isGit = true + } + + requestTemplate := "%s on %s>%s>%s is requesting ssh signage with key %s" + if isGit { + requestTemplate = "%s on %s>%s>%s is requesting git signage with key %s" + } + message := fmt.Sprintf(requestTemplate, vaultAgent.context.UserName, vaultAgent.context.GrandParentProcessName, vaultAgent.context.ParentProcessName, vaultAgent.context.ProcessName, sshKey.Name) if approved, err := pinentry.GetApproval("SSH Key Signing Request", message); err != nil || !approved { log.Info("Sign Request for key: %s denied", sshKey.Name) @@ -114,7 +124,11 @@ func (vaultAgent vaultAgent) Sign(key ssh.PublicKey, data []byte) (*ssh.Signatur var rand = rand.Reader log.Info("Sign Request for key: %s %s accepted", ssh.FingerprintSHA256(key), sshKey.Name) - notify.Notify("Goldwarden", fmt.Sprintf("SSH Key Signing Request Approved for %s", sshKey.Name), "", func() {}) + if isGit { + notify.Notify("Goldwarden", fmt.Sprintf("Git Signing Request Approved for %s", sshKey.Name), "", func() {}) + } else { + notify.Notify("Goldwarden", fmt.Sprintf("SSH Signing Request Approved for %s", sshKey.Name), "", func() {}) + } return signer.Sign(rand, data) }