I can SSH (using openssh client) to my server using two files: ~/.ssh/id_ed25519{,-cert.pub}
debug1: Trying private key: /home/xavier/.ssh/id_ed25519
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Offering ED25519-CERT public key: /home/xavier/.ssh/id_ed25519
debug1: Server accepts key: pkalg ssh-ed25519-cert-v01@openssh.com blen 441
debug1: sign_and_send_pubkey: no separate private key for certificate "/home/xavier/.ssh/id_ed25519"
debug1: Authentication succeeded (publickey).
I would like a go client that does the same thing, but I don't know how to incorporate the id_ed25519-cert.pub
file into the example at https://godoc.org/golang.org/x/crypto/ssh#example-PublicKeys
key, err := ioutil.ReadFile("/home/xavier/.ssh/id_ed25519")
if err != nil {
log.Fatalf("unable to read private key: %v", err)
}
// Create the Signer for this private key.
signer, err := ssh.ParsePrivateKey(key)
if err != nil {
log.Fatalf("unable to parse private key: %v", err)
}
config := &ssh.ClientConfig{
User: "user",
Auth: []ssh.AuthMethod{
// Use the PublicKeys method for remote authentication.
ssh.PublicKeys(signer),
},
}
// Connect to the remote server and perform the SSH handshake.
client, err := ssh.Dial("tcp", "host.com:22", config)
if err != nil {
log.Fatalf("unable to connect: %v", err)
}
defer client.Close()
Part of the problem is I don't know what this file is (PublicKey? Certificate?), part of the problem is even if I did know I don't understand what purpose it is playing in this exchange.
I have confirmed that this file is required: removing it causes the ssh CLI to fail.