Allow host key configuration through configuration.Global.HostKeys (#17)

Author: antoinedeschenes

README.md

@@ -132,6 +132,8 @@ You can customize the values of the helm deployment by using the following Value
 | `configuration.Global.Chroot.Directory`                     | Global chroot directory for the `sftp` user group. Can be overriden per-user     | `"%h"`                                                  |
 | `configuration.Global.Chroot.StartPath`                     | Start path for the `sftp` user group. Can be overriden per-user                  | `"sftp"`                                                |
 | `configuration.Global.Directories`                          | Directories that get created for all `sftp` users. Can be appended per user      | `["sftp"]`                                              |
+| `configuration.Global.HostKeys.Ed25519`                     | Set the server's ED25519 private key                                             | `""`                                                    |
+| `configuration.Global.HostKeys.Rsa`                         | Set the server's RSA private key                                                 | `""`                                                    |
 | `configuration.Users`                                       | Array of users and their properties                                              | Contains `demo` user by default                         |
 | `configuration.Users[].Username`                            | Set the user's username                                                          | N/A                                                     |
 | `configuration.Users[].Password`                            | Set the user's password. If empty or `null`, password authentication is disabled | N/A                                                     |

src/ES.SFTP.Host/Business/Configuration/GlobalConfiguration.cs

@@ -7,5 +7,6 @@ public class GlobalConfiguration
         public ChrootDefinition Chroot { get; set; }
         public List<string> Directories { get; set; } = new List<string>();
         public LoggingDefinition Logging { get; set; }
+        public HostKeyDefinition HostKeys { get; set; }
     }
 }

src/ES.SFTP.Host/Business/Configuration/HostKeyDefinition.cs

@@ -0,0 +1,8 @@
+namespace ES.SFTP.Host.Business.Configuration
+{
+    public class HostKeyDefinition
+    {
+        public string Ed25519 { get; set; }
+        public string Rsa { get; set; }
+    }
+}

src/ES.SFTP.Host/Business/Configuration/HostKeyType.cs

@@ -0,0 +1,9 @@
+namespace ES.SFTP.Host.Business.Configuration
+{
+    public class HostKeyType
+    {
+        public string Type { get; set; }
+        public string KeygenArgs { get; set; }
+        public string File { get; set; }
+    }
+}

src/ES.SFTP.Host/Orchestrator.cs

@@ -24,10 +24,10 @@ public class Orchestrator : IRequestHandler<PamEventRequest, bool>
         private const string SshHostKeysDirPath = "/etc/ssh/keys";
         private const string SshConfigPath = "/etc/ssh/sshd_config";
 
-        private readonly Dictionary<string, string> _hostKeyFiles = new Dictionary<string, string>
+        private readonly List<HostKeyType> _hostKeyTypes = new List<HostKeyType>
         {
-            {"ssh_host_ed25519_key", "-t ed25519 -f {0} -N \"\""},
-            {"ssh_host_rsa_key", "-t rsa -b 4096 -f {0} -N \"\""}
+            new HostKeyType{Type = "Ed25519", KeygenArgs = "-t ed25519 -f {0} -N \"\"", File = "ssh_host_ed25519_key"},
+            new HostKeyType{Type = "Rsa", KeygenArgs = "-t rsa -b 4096 -f {0} -N \"\"", File = "ssh_host_rsa_key"},
         };
 
         private readonly ILogger<Orchestrator> _logger;
@@ -132,6 +132,7 @@ private Task PrepareAndValidateConfiguration()
             config.Global.Directories ??= new List<string>();
             config.Global.Logging ??= new LoggingDefinition();
             config.Global.Chroot ??= new ChrootDefinition();
+            config.Global.HostKeys ??= new HostKeyDefinition();
             if (string.IsNullOrWhiteSpace(config.Global.Chroot.Directory)) config.Global.Chroot.Directory = "%h";
             if (string.IsNullOrWhiteSpace(config.Global.Chroot.StartPath)) config.Global.Chroot.StartPath = null;
 
@@ -176,14 +177,22 @@ private async Task ImportOrCreateHostKeyFiles()
             if (!Directory.Exists(SshHostKeysDirPath))
                 Directory.CreateDirectory(SshHostKeysDirPath);
 
-
-            foreach (var hostKeyFile in _hostKeyFiles)
+            foreach (var hostKeyType in _hostKeyTypes)
             {
-                var filePath = Path.Combine(SshHostKeysDirPath, hostKeyFile.Key);
+                var filePath = Path.Combine(SshHostKeysDirPath, hostKeyType.File);
                 if (File.Exists(filePath)) continue;
+                var keyConfig = (string)_config.Global.HostKeys.GetType().GetProperty(hostKeyType.Type).GetValue(_config.Global.HostKeys, null);
+                if (!string.IsNullOrWhiteSpace(keyConfig))
+                {
+                _logger.LogDebug("Writing host key file '{file}' from config", filePath);
+                await File.WriteAllTextAsync(filePath, keyConfig); 
+                }
+                else
+                {
                 _logger.LogDebug("Generating host key file '{file}'", filePath);
-                var keygenArgs = string.Format(hostKeyFile.Value, filePath);
+                var keygenArgs = string.Format(hostKeyType.KeygenArgs, filePath);
                 await ProcessUtil.QuickRun("ssh-keygen", keygenArgs);
+                }
             }
 
             foreach (var file in Directory.GetFiles(SshHostKeysDirPath))

src/deploy/docker-compose/docker-compose.override.dev.yaml

@@ -10,3 +10,4 @@ services:
     volumes:
     - ../samples/sample.dev.sftp.json:/app/config/sftp.json:ro
     - ../samples/.ssh/id_demo2_rsa.pub:/home/demo2/.ssh/keys/id_rsa.pub:ro
+    - ../samples/.ssh/id_demo2_ed25519.pub:/home/demo2/.ssh/keys/id_ed25519.pub:ro

src/deploy/samples/.ssh/id_demo2_ed25519

@@ -0,0 +1,7 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
+QyNTUxOQAAACCItsK7CZxhI38h+dvuQOSbUZpIV84n7QAmt7XXONbxLQAAAIgMsBerDLAX
+qwAAAAtzc2gtZWQyNTUxOQAAACCItsK7CZxhI38h+dvuQOSbUZpIV84n7QAmt7XXONbxLQ
+AAAECGtcsqvGH3fXmxHiuFdK+qYJsJrTpHVP6CCEPnMGByDIi2wrsJnGEjfyH52+5A5JtR
+mkhXziftACa3tdc41vEtAAAAAAECAwQF
+-----END OPENSSH PRIVATE KEY-----

src/deploy/samples/.ssh/id_demo2_ed25519.pub

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIi2wrsJnGEjfyH52+5A5JtRmkhXziftACa3tdc41vEt 

src/deploy/samples/sample.dev.sftp.json

@@ -4,7 +4,10 @@
             "Directory": "%h",
             "StartPath": "sftp"
         },
-        "Directories": ["sftp"]
+        "Directories": ["sftp"],
+        "HostKeys": {
+            "Ed25519": "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW\nQyNTUxOQAAACBvlz4T2Fh9PKKeVhSupzXsBYVt44VJcb1554gRLKS2oAAAAIiJdbTtiXW0\n7QAAAAtzc2gtZWQyNTUxOQAAACBvlz4T2Fh9PKKeVhSupzXsBYVt44VJcb1554gRLKS2oA\nAAAEDI/igTE3dx3UC0As1d4kL0BNDaA3MkO9lDyWXqfErITm+XPhPYWH08op5WFK6nNewF\nhW3jhUlxvXnniBEspLagAAAAAAECAwQF\n-----END OPENSSH PRIVATE KEY-----\n"
+        }
     },
     "Users": [
         {