Add option for client binary to specify private key, closes #200

Author: NHAS

cmd/client/main.go

@@ -14,6 +14,7 @@ import (
 	"syscall"
 
 	"github.com/NHAS/reverse_ssh/internal/client"
+	"github.com/NHAS/reverse_ssh/internal/client/keys"
 	"github.com/NHAS/reverse_ssh/internal/terminal"
 	"github.com/NHAS/reverse_ssh/pkg/logger"
 )
@@ -64,6 +65,8 @@ func printHelp() {
 	fmt.Println("\t\t--sni\tWhen using TLS set the clients requested SNI to this value")
 	fmt.Println("\t\t--log-level\tChange logging output levels, [INFO,WARNING,ERROR,FATAL,DISABLED]")
 	fmt.Println("\t\t--version-string\tSSH version string to use, i.e SSH-VERSION, defaults to internal.Version-runtime.GOOS_runtime.GOARCH")
+	fmt.Println("\t\t--private-key-path\tOptional path to unencrypted SSH key to use for connecting")
+
 	if runtime.GOOS == "windows" {
 		fmt.Println("\t\t--host-kerberos\tUse kerberos authentication on proxy server (if proxy server specified)")
 	}
@@ -146,6 +149,25 @@ func main() {
 		}
 	}
 
+	privateKeyPath, err := line.GetArgString("private-key-path")
+	if err == nil {
+		keyBytes, err := os.ReadFile(privateKeyPath)
+		if err != nil {
+			log.Fatalf("private key path was specified %q, but could not read: %s", privateKeyPath, err)
+		}
+
+		if err = keys.SetPrivateKey(string(keyBytes)); err != nil {
+			log.Fatalf("invalid private key %q: %s", privateKeyPath, err)
+		}
+
+		authKeyLine, err := keys.AuthorisedKeysLine()
+		if err != nil {
+			log.Fatalf("failed to generate authorised key line from private key %q, %s", privateKeyPath, err)
+		}
+
+		log.Printf("authorized_controllee_key line: %q", strings.TrimSpace(authKeyLine))
+	}
+
 	userSpecifiedSNI, err := line.GetArgString("sni")
 	if err == nil {
 		settings.SNI = userSpecifiedSNI

internal/client/keys/embed.go

@@ -2,17 +2,18 @@ package keys
 
 import (
 	_ "embed"
+	"fmt"
 	"log"
 
 	"github.com/NHAS/reverse_ssh/internal"
 	"golang.org/x/crypto/ssh"
 )
 
 //go:embed private_key
-var privateKey []byte
+var privateKey string
 
 func GetPrivateKey() (ssh.Signer, error) {
-	sshPriv, err := ssh.ParsePrivateKey(privateKey)
+	sshPriv, err := ssh.ParsePrivateKey([]byte(privateKey))
 	if err != nil {
 		log.Println("Unable to load embedded private key: ", err)
 		bs, err := internal.GeneratePrivateKey()
@@ -28,3 +29,23 @@ func GetPrivateKey() (ssh.Signer, error) {
 
 	return sshPriv, nil
 }
+
+func SetPrivateKey(key string) error {
+	_, err := ssh.ParsePrivateKey([]byte(key))
+	if err != nil {
+		return fmt.Errorf("private key invalid: %w", err)
+	}
+
+	privateKey = key
+	return nil
+}
+
+func AuthorisedKeysLine() (string, error) {
+	priv, err := ssh.ParsePrivateKey([]byte(privateKey))
+	if err != nil {
+		return "", fmt.Errorf("private key invalid: %w", err)
+	}
+
+	return string(ssh.MarshalAuthorizedKey(priv.PublicKey())), nil
+
+}

internal/client/proxy_test.go

@@ -83,7 +83,7 @@ func createType2Message() []byte {
 	return challengeMessage
 }
 
-func setupTestServer(t *testing.T) *httptest.Server {
+func setupTestServer() *httptest.Server {
 	return httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		w.WriteHeader(http.StatusOK)
 		w.Write([]byte("Connected to target"))
@@ -140,7 +140,7 @@ func TestNTLMProxyAuth(t *testing.T) {
 		},
 	}
 
-	target := setupTestServer(t)
+	target := setupTestServer()
 	defer target.Close()
 
 	for _, tt := range tests {