Add SSH Key Management

README.md

@@ -334,6 +334,7 @@ No technical reasons using `sudo` or switching to `root` is not possible.
 ### Authentication
 
 Authentication is performed using SSH Keys.
+They are associated o distillery user accounts.
 Within each instance, ssh keys can be added to the file `/var/www/.ssh/authorized_keys` using the default OpenSSH `authorized_keys` format.
 
 Furthermore, global ssh Keys (that have access to every instance) can be added to a `GLOBAL_AUTHORIZED_KEYS_FILE`. This is set in the Distillery `.env` file, and defaults to `/distillery/authorized_keys/`.

cmd/bootstrap.go

@@ -148,16 +148,6 @@ func (bs cBootstrap) Run(context wisski_distillery.Context) error {
 					return err
 				}
 
-				context.Println(tpl.AuthorizedKeys)
-				if err := environment.WriteFile(
-					env,
-					tpl.AuthorizedKeys,
-					bootstrap.DefaultAuthorizedKeys,
-					fs.ModePerm,
-				); err != nil {
-					return err
-				}
-
 				context.Println(tpl.SelfResolverBlockFile)
 				if err := environment.WriteFile(
 					env,

cmd/dis_ssh.go

@@ -0,0 +1,105 @@
+package cmd
+
+import (
+	wisski_distillery "github.com/FAU-CDI/wisski-distillery"
+	"github.com/FAU-CDI/wisski-distillery/internal/cli"
+	"github.com/FAU-CDI/wisski-distillery/internal/dis/component/auth"
+	"github.com/FAU-CDI/wisski-distillery/pkg/environment"
+	"github.com/tkw1536/goprogram/exit"
+
+	gossh "golang.org/x/crypto/ssh"
+)
+
+// DisSSH is the 'dis_ssh' command
+var DisSSH wisski_distillery.Command = disSSH{}
+
+type disSSH struct {
+	Add     bool   `short:"a" long:"add" description:"add key to user"`
+	Remove  bool   `short:"r" long:"remove" description:"remove key from user"`
+	Comment string `short:"c" long:"comment" description:"comment of new key"`
+
+	Positionals struct {
+		User string `positional-arg-name:"USER" required:"1-1" description:"distillery username"`
+		Path string `positional-arg-name:"PATH" required:"1-1" description:"Path of key to add"`
+	} `positional-args:"true"`
+}
+
+func (disSSH) Description() wisski_distillery.Description {
+	return wisski_distillery.Description{
+		Requirements: cli.Requirements{
+			NeedsDistillery: true,
+		},
+		Command:     "dis_ssh",
+		Description: "add or remove an ssh key from a user",
+	}
+}
+
+func (ds disSSH) AfterParse() error {
+	var counter int
+	for _, action := range []bool{
+		ds.Add,
+		ds.Remove,
+	} {
+		if action {
+			counter++
+		}
+	}
+
+	if counter != 1 {
+		return errNoActionSelected
+	}
+
+	return nil
+}
+
+func (ds disSSH) Run(context wisski_distillery.Context) error {
+	switch {
+	case ds.Add:
+		return ds.runAdd(context)
+	case ds.Remove:
+		return ds.runRemove(context)
+	}
+	panic("never reached")
+}
+
+var errNoKey = exit.Error{
+	Message:  "unable to parse key",
+	ExitCode: exit.ExitCommandArguments,
+}
+
+func (ds disSSH) parseOpts(context wisski_distillery.Context) (user *auth.AuthUser, key gossh.PublicKey, err error) {
+	user, err = context.Environment.Auth().User(context.Context, ds.Positionals.User)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	content, err := environment.ReadFile(context.Environment.Environment, ds.Positionals.Path)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	pk, _, _, _, err := gossh.ParseAuthorizedKey(content)
+	if pk == nil || err != nil {
+		return nil, nil, errNoKey
+	}
+
+	return user, pk, nil
+}
+
+func (ds disSSH) runAdd(context wisski_distillery.Context) error {
+	user, key, err := ds.parseOpts(context)
+	if err != nil {
+		return err
+	}
+
+	return context.Environment.Keys().Add(context.Context, user.User.User, ds.Comment, key)
+}
+
+func (ds disSSH) runRemove(context wisski_distillery.Context) error {
+	user, key, err := ds.parseOpts(context)
+	if err != nil {
+		return err
+	}
+
+	return context.Environment.Keys().Remove(context.Context, user.User.User, key)
+}

cmd/server.go

@@ -5,7 +5,6 @@ import (
 
 	wisski_distillery "github.com/FAU-CDI/wisski-distillery"
 	"github.com/FAU-CDI/wisski-distillery/internal/cli"
-	"github.com/FAU-CDI/wisski-distillery/pkg/cancel"
 	"github.com/rs/zerolog"
 	"github.com/tkw1536/goprogram/exit"
 )
@@ -15,8 +14,8 @@ var Server wisski_distillery.Command = server{}
 
 type server struct {
 	Trigger      bool   `short:"t" long:"trigger" description:"instead of running on the existing server, simply trigger a cron run"`
-	Prefix  string `short:"p" long:"prefix" description:"prefix to listen under"`
 	Bind         string `short:"b" long:"bind" description:"address to listen on" default:"127.0.0.1:8888"`
+	InternalBind string `short:"i" long:"internal-bind" description:"address to listen on for internal server" default:"127.0.0.1:9999"`
 }
 
 func (s server) Description() wisski_distillery.Description {
@@ -55,35 +54,54 @@ func (s server) Run(context wisski_distillery.Context) error {
 	}
 
 	// and start the server
-	handler, err := dis.Control().Server(context.Context, context.Stderr)
+	public, internal, err := dis.Control().Server(context.Context, context.Stderr)
 	if err != nil {
 		return err
 	}
 
-	zerolog.Ctx(context.Context).Info().Str("bind", s.Bind).Msg("listening")
+	// start the public listener
-
+	publicS := http.Server{Handler: public}
-	// create a new listener
+	publicC := make(chan error)
-	listener, err := dis.Still.Environment.Listen("tcp", s.Bind)
+	{
+		zerolog.Ctx(context.Context).Info().Str("bind", s.Bind).Msg("listening public server")
+		publicL, err := dis.Still.Environment.Listen("tcp", s.Bind)
 		if err != nil {
 			return errServerListen.Wrap(err)
 		}
+		defer publicS.Shutdown(context.Context)
+		go func() {
+			publicC <- publicS.Serve(publicL)
+		}()
+	}
+
+	// start the internal listener
+	internalS := http.Server{Handler: internal}
+	internalC := make(chan error)
+	{
+		zerolog.Ctx(context.Context).Info().Str("bind", s.InternalBind).Msg("listening internal server")
+		internalL, err := dis.Still.Environment.Listen("tcp", s.InternalBind)
+		if err != nil {
+			return errServerListen.Wrap(err)
+		}
+		defer internalS.Shutdown(context.Context)
+		go func() {
+			internalC <- internalS.Serve(internalL)
+		}()
+	}
 
 	go func() {
 		<-context.Context.Done()
-		listener.Close()
+		zerolog.Ctx(context.Context).Info().Msg("shutting down server")
+		publicS.Shutdown(context.Context)
+		internalS.Shutdown(context.Context)
 	}()
 
-	server := http.Server{
+	if err2 := <-internalC; err2 != nil {
-		Handler: http.StripPrefix(s.Prefix, handler),
+		err = err2
+	}
+	if err1 := <-publicC; err1 != nil {
+		err = err1
 	}
-
-	err, _ = cancel.WithContext(context.Context, func(start func()) error {
-		start()
-		return server.Serve(listener)
-	}, func() {
-		zerolog.Ctx(context.Context).Info().Msg("shutting down server")
-		server.Shutdown(context.Context)
-	})
 
 	return errServerListen.Wrap(err)
 }

cmd/wdcli/main.go

@@ -54,6 +54,7 @@ func init() {
 	// distillery auth
 	wdcli.Register(cmd.DisUser)
 	wdcli.Register(cmd.DisGrant)
+	wdcli.Register(cmd.DisSSH)
 
 	// backup & cron
 	wdcli.Register(cmd.Snapshot)

internal/bootstrap/bootstrap.go

@@ -34,11 +34,3 @@ const ResolverBlockedTXT = "resolver-blocked.txt"
 //
 //go:embed resolver-blocked.txt
 var DefaultResolverBlockedTXT []byte
-
-// AuthorizedKeys contains the default name for the 'global_authorized_keys' file
-const AuthorizedKeys = "authorized_keys"
-
-// DefaultAuthorizedKeys contains a template for a new 'global_authorized_keys' file
-//
-//go:embed global_authorized_keys
-var DefaultAuthorizedKeys []byte

internal/bootstrap/global_authorized_keys

@@ -1,2 +0,0 @@
-# This file contains authorized_keys files valid for every repository in the distillery
-# The syntax of this file is easy, one key per line, empty lines or those starting with '#' are ignored

internal/cli/cli_notices.go

@@ -1,7 +1,7 @@
 package cli
 
 // ===========================================================================================================
-// This file was generated automatically at 11-01-2023 13:28:38 using gogenlicense.
+// This file was generated automatically at 15-01-2023 11:33:49 using gogenlicense.
 // Do not edit manually, as changes may be overwritten.
 // ===========================================================================================================
 
@@ -2417,7 +2417,7 @@ package cli
 // # Generation
 //
 // This variable and the associated documentation have been automatically generated using the 'gogenlicense' tool.
-// It was last updated at 11-01-2023 13:28:38.
+// It was last updated at 15-01-2023 11:33:49.
 var LegalNotices string
 
 func init() {

internal/config/config.go

@@ -74,9 +74,6 @@ type Config struct {
 	// Public port to use for the ssh server
 	PublicSSHPort uint16 `env:"SSH_PORT" default:"2222" parser:"port"`
 
-	// A file to be used for global authorized_keys for the ssh server.
-	GlobalAuthorizedKeysFile string `env:"GLOBAL_AUTHORIZED_KEYS_FILE" default:"/var/www/deploy/authorized_keys" parser:"file"`
-
 	// admin credentials for graphdb
 	TriplestoreAdminUser     string `env:"GRAPHDB_ADMIN_USER" default:"admin" parser:"nonempty"`
 	TriplestoreAdminPassword string `env:"GRAPHDB_ADMIN_PASSWORD" default:"" parser:"nonempty"`

internal/config/config_template

@@ -55,9 +55,6 @@ DISTILLERY_BOOKKEEPING_DATABASE=distillery
 # This variable can be used to determine their length. 
 PASSWORD_LENGTH=64
 
-# A file to be used for global authorized_keys for the ssh server.
-GLOBAL_AUTHORIZED_KEYS_FILE=${AUTHORIZED_KEYS_FILE}
-
 # the port to use for the ssh server
 SSH_PORT=2222
 

internal/config/domains.go

@@ -30,6 +30,15 @@ func (cfg Config) HTTPSEnabledEnv() string {
 	return "false"
 }
 
+// HostFromSlug returns the hostname belonging to a given slug.
+// When the slug is empty, returns the default (top-level) domain.
+func (cfg Config) HostFromSlug(slug string) string {
+	if slug == "" {
+		return cfg.DefaultDomain
+	}
+	return fmt.Sprintf("%s.%s", slug, cfg.DefaultDomain)
+}
+
 // DefaultHostRule returns the default traefik hostname rule for this distillery.
 // This consists of the [DefaultDomain] as well as [ExtraDomains].
 func (cfg Config) DefaultHostRule() string {
@@ -43,6 +52,8 @@ func (cfg Config) DefaultHostRule() string {
 func (cfg Config) SlugFromHost(host string) (slug string, ok bool) {
 	// extract an ':port' that happens to be in the host.
 	domain, _, _ := strings.Cut(host, ":")
+	domain = TrimSuffixFold(domain, ".wisski") // remove optional ".wisski" ending that is used inside docker
+
 	domainL := strings.ToLower(domain)
 
 	// check all the possible domain endings
@@ -59,3 +70,10 @@ func (cfg Config) SlugFromHost(host string) (slug string, ok bool) {
 	// no domain found!
 	return "", ok
 }
+
+func TrimSuffixFold(s string, suffix string) string {
+	if len(s) >= len(suffix) && strings.EqualFold(s[len(s)-len(suffix):], suffix) {
+		return s[:len(s)-len(suffix)]
+	}
+	return s
+}

internal/config/template.go

@@ -21,7 +21,6 @@ type Template struct {
 	DefaultDomain            string `env:"DEFAULT_DOMAIN"`
 	SelfOverridesFile        string `env:"SELF_OVERRIDES_FILE"`
 	SelfResolverBlockFile    string `env:"SELF_RESOLVER_BLOCK_FILE"`
-	AuthorizedKeys           string `env:"AUTHORIZED_KEYS_FILE"`
 	TriplestoreAdminUser     string `env:"GRAPHDB_ADMIN_USER"`
 	TriplestoreAdminPassword string `env:"GRAPHDB_ADMIN_PASSWORD"`
 	MysqlAdminUsername       string `env:"MYSQL_ADMIN_USER"`
@@ -48,10 +47,6 @@ func (tpl *Template) SetDefaults(env environment.Environment) (err error) {
 		tpl.SelfResolverBlockFile = filepath.Join(tpl.DeployRoot, bootstrap.ResolverBlockedTXT)
 	}
 
-	if tpl.AuthorizedKeys == "" {
-		tpl.AuthorizedKeys = filepath.Join(tpl.DeployRoot, bootstrap.AuthorizedKeys)
-	}
-
 	if tpl.TriplestoreAdminUser == "" {
 		tpl.TriplestoreAdminUser = "admin"
 	}

internal/dis/component/auth/panel/panel.go

@@ -10,6 +10,7 @@ import (
 	"github.com/FAU-CDI/wisski-distillery/internal/dis/component/auth/policy"
 	"github.com/FAU-CDI/wisski-distillery/internal/dis/component/control/static/custom"
 	"github.com/FAU-CDI/wisski-distillery/internal/dis/component/instances"
+	"github.com/FAU-CDI/wisski-distillery/internal/dis/component/ssh2/sshkeys"
 	"github.com/FAU-CDI/wisski-distillery/internal/models"
 	"github.com/FAU-CDI/wisski-distillery/pkg/httpx"
 	"github.com/julienschmidt/httprouter"
@@ -23,6 +24,7 @@ type UserPanel struct {
 		Policy    *policy.Policy
 		Instances *instances.Instances
 		Next      *next.Next
+		Keys      *sshkeys.SSHKeys
 	}
 }
 
@@ -73,6 +75,22 @@ func (panel *UserPanel) HandleRoute(ctx context.Context, route string) (http.Han
 		router.Handler(http.MethodPost, route+"totp/disable", totpdisable)
 	}
 
+	{
+		ssh := panel.sshRoute(ctx)
+		router.Handler(http.MethodGet, route+"ssh", ssh)
+	}
+
+	{
+		add := panel.sshAddRoute(ctx)
+		router.Handler(http.MethodGet, route+"ssh/add", add)
+		router.Handler(http.MethodPost, route+"ssh/add", add)
+	}
+
+	{
+		delete := panel.sshDeleteRoute(ctx)
+		router.Handler(http.MethodPost, route+"ssh/delete", delete)
+	}
+
 	// ensure that the user is logged in!
 	return panel.Dependencies.Auth.Protect(router, nil), nil
 }

internal/dis/component/auth/panel/ssh.go

@@ -0,0 +1,193 @@
+package panel
+
+import (
+	"context"
+	"errors"
+	"net/http"
+
+	"github.com/FAU-CDI/wisski-distillery/internal/dis/component"
+	"github.com/FAU-CDI/wisski-distillery/internal/dis/component/auth"
+	"github.com/FAU-CDI/wisski-distillery/internal/dis/component/control/static"
+	"github.com/FAU-CDI/wisski-distillery/internal/dis/component/control/static/custom"
+	"github.com/FAU-CDI/wisski-distillery/internal/models"
+	"github.com/FAU-CDI/wisski-distillery/pkg/httpx"
+	"github.com/FAU-CDI/wisski-distillery/pkg/httpx/field"
+	"github.com/gliderlabs/ssh"
+	"github.com/rs/zerolog"
+
+	gossh "golang.org/x/crypto/ssh"
+
+	_ "embed"
+)
+
+//go:embed "templates/ssh.html"
+var sshTemplateStr string
+var sshTemplate = static.AssetsUser.MustParseShared("ssh.html", sshTemplateStr)
+
+type SSHTemplateContext struct {
+	custom.BaseContext
+
+	Keys []models.Keys
+
+	Domain string // domain name of the distillery
+	Port   uint16 // public port of the distillery ssh servers
+
+	Slug     string // slug of the wisski
+	Hostname string // hostname of an example wisski
+}
+
+func (panel *UserPanel) sshRoute(ctx context.Context) http.Handler {
+	sshTemplate := panel.Dependencies.Custom.Template(sshTemplate)
+	gaps := custom.BaseContextGaps{
+		Crumbs: []component.MenuItem{
+			{Title: "User", Path: "/user/"},
+			{Title: "SSH Keys", Path: "/user/ssh/"},
+		},
+		Actions: []component.MenuItem{
+			{Title: "Add New Key", Path: "/user/ssh/add/"},
+		},
+	}
+
+	return httpx.HTMLHandler[SSHTemplateContext]{
+		Handler: func(r *http.Request) (sc SSHTemplateContext, err error) {
+			panel.Dependencies.Custom.Update(&sc, r, gaps)
+
+			user, err := panel.Dependencies.Auth.UserOf(r)
+			if err != nil {
+				return sc, err
+			}
+
+			sc.Domain = panel.Config.DefaultDomain
+			sc.Port = panel.Config.PublicSSHPort
+
+			// pick the first domain that the user has access to as an example
+			grants, err := panel.Dependencies.Policy.User(r.Context(), user.User.User)
+			if err != nil && len(grants) > 0 {
+				sc.Slug = grants[0].Slug
+			} else {
+				sc.Slug = "example"
+			}
+			sc.Hostname = panel.Config.HostFromSlug(sc.Slug)
+
+			sc.Keys, err = panel.Dependencies.Keys.Keys(r.Context(), user.User.User)
+			if err != nil {
+				return sc, err
+			}
+
+			return sc, nil
+		},
+		Template: sshTemplate,
+	}
+}
+
+//go:embed "templates/ssh_add.html"
+var sshAddTemplateStr string
+var sshAddTemplate = static.AssetsUser.MustParseShared("ssh_add.html", sshAddTemplateStr)
+
+type addKeyResult struct {
+	User    *auth.AuthUser
+	Comment string
+	Key     ssh.PublicKey
+}
+
+var (
+	errInvalidUser = errors.New("invalid user")
+	errKeyParse    = errors.New("unable to parse ssh key")
+	errAddKey      = errors.New("unable to add key")
+)
+
+func (panel *UserPanel) sshDeleteRoute(ctx context.Context) http.Handler {
+	logger := zerolog.Ctx(ctx)
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		if err := r.ParseForm(); err != nil {
+			logger.Err(err).Str("action", "delete ssh key").Msg("failed to parse form")
+			httpx.HTMLInterceptor.Fallback.ServeHTTP(w, r)
+			return
+		}
+		user, err := panel.Dependencies.Auth.UserOf(r)
+		if err != nil {
+			logger.Err(err).Str("action", "delete ssh key").Msg("failed to get current user")
+			httpx.HTMLInterceptor.Fallback.ServeHTTP(w, r)
+			return
+		}
+
+		key, _ := parseKey(r.PostFormValue("signature"))
+		if key == nil {
+			logger.Err(err).Str("action", "delete ssh key").Msg("failed to parse signature")
+			httpx.HTMLInterceptor.Fallback.ServeHTTP(w, r)
+			return
+		}
+
+		if err := panel.Dependencies.Keys.Remove(r.Context(), user.User.User, key); err != nil {
+			logger.Err(err).Str("action", "delete ssh key").Msg("failed to delete key")
+			httpx.HTMLInterceptor.Fallback.ServeHTTP(w, r)
+			return
+		}
+
+		http.Redirect(w, r, "/user/ssh/", http.StatusSeeOther)
+	})
+}
+
+func (panel *UserPanel) sshAddRoute(ctx context.Context) http.Handler {
+	sshAddTemplate := panel.Dependencies.Custom.Template(sshAddTemplate)
+	gaps := custom.BaseContextGaps{
+		Crumbs: []component.MenuItem{
+			{Title: "User", Path: "/user/"},
+			{Title: "SSH Keys", Path: "/user/ssh/"},
+			{Title: "Add New Key", Path: "/user/ssh/add/"},
+		},
+	}
+
+	return &httpx.Form[addKeyResult]{
+		Fields: []field.Field{
+			{Name: "comment", Type: field.Text, Label: "Comment"},
+			{Name: "key", Type: field.Textarea, Label: "Key in authorized_keys format"}, // has hacked css!
+		},
+		FieldTemplate: field.PureCSSFieldTemplate,
+
+		RenderTemplate: sshAddTemplate,
+		RenderTemplateContext: func(ctx httpx.FormContext, r *http.Request) any {
+			return panel.Dependencies.Custom.NewForm(ctx, r, gaps)
+		},
+
+		Validate: func(r *http.Request, values map[string]string) (ak addKeyResult, err error) {
+			ak.User, err = panel.Dependencies.Auth.UserOf(r)
+			if err != nil || ak.User == nil {
+				return ak, errInvalidUser
+			}
+
+			// parse key and comment
+			var key, comment string
+			ak.Comment, key = values["comment"], values["key"]
+			ak.Key, comment = parseKey(key)
+			if ak.Key == nil {
+				return ak, errKeyParse
+			}
+
+			// set the comment if the user didn't provide one!
+			if ak.Comment == "" && comment != "" {
+				ak.Comment = comment
+			}
+			return ak, nil
+		},
+
+		RenderSuccess: func(ak addKeyResult, values map[string]string, w http.ResponseWriter, r *http.Request) error {
+			// add the key to the user
+			if err := panel.Dependencies.Keys.Add(r.Context(), ak.User.User.User, ak.Comment, ak.Key); err != nil {
+				return errAddKey
+			}
+			// everything went fine, redirect the user back to the user page!
+			http.Redirect(w, r, "/user/ssh/", http.StatusSeeOther)
+			return nil
+		},
+	}
+}
+
+func parseKey(authorized_keys string) (out gossh.PublicKey, comment string) {
+	var err error
+	out, comment, _, _, err = gossh.ParseAuthorizedKey([]byte(authorized_keys))
+	if err != nil || out == nil {
+		return nil, ""
+	}
+	return out, comment
+}

internal/dis/component/auth/panel/templates/ssh.html

@@ -0,0 +1,104 @@
+{{ template "_base.html" . }}
+{{ define "title" }}SSH Keys{{ end }}
+
+{{ define "content" }}
+
+<div class="pure-u-1">
+    <p>
+        This page allows you to add, view and remove ssh keys to and from your distillery account.
+    </p>
+</div>
+
+<div class="pure-u-1">
+    <p>
+        This table shows ssh keys currently associated with your account.
+        To add a new key, use the <em>Add New Key</em> button above.
+        To remove an ssh key from your account, simply click the <em>Delete</em> button.
+    </p>
+    <div class="padding">
+        <div class="overflow">
+
+            <table class="pure-table pure-table-bordered">
+                <thead>
+                    <tr>
+                        <th>
+                            Comment
+                        </th>
+                        <th>
+                            Signature
+                        </th>
+                        <th>
+                            Actions
+                        </th>
+                    </tr>
+                </thead>
+                <tbody>
+                    {{ $csrf := .CSRF }}
+                    {{ range .Keys }}
+                        {{ $sig := .SignatureString }}
+                        <tr>
+                            <td>
+                                {{ .Comment }}
+                            </td>
+                            <td>
+                                <code>
+                                    {{ $sig }}
+                                </code>
+                            </td>
+                            <td>
+                                <div class="pure-button-group" role="group">
+                                    <form action="/user/ssh/delete" method="POST" class="pure-form-group">
+                                        <input type="hidden" name="signature" value="{{ $sig }}">
+                                        <input type="submit" class="pure-button pure-button-danger" value="Delete">
+                                        {{ $csrf }}
+                                    </form>
+                                </div>
+                            </td>
+                        </tr>
+                    {{ end }}
+                </tbody>
+            </table>
+        </div>
+    </div>
+</div>
+
+
+<div class="pure-u-1">
+    <p>
+        You can use these ssh keys to connect to the distillery via ssh.
+        You can only connect to instances for which you appear as an <em>Administrator</em> on your user page.
+    </p>
+    <p>
+        In the following we will provide instructions on how to connect to your WissKI instance via the distillery server. 
+        In the following we will assume <code>{{ .Slug }}</code> is the name of the WissKI you want to you want to connect to.
+    </p>
+    <p>
+        From a Linux (or Mac, or Windows 11) command line you may use:
+    </p>
+    <code class="copy">
+        ssh -J {{ .Domain }}:{{ .Port }} www-data@{{ .Hostname }}
+    </code>
+    <p>
+        You may also place the following into your <code>$HOME/.ssh/config</code> file:
+    </p>
+    <code class="copy">
+<pre>Host *.{{ .Domain }}
+    ProxyJump {{ .Domain }}.proxy
+    User www-data
+Host {{ .Domain }}.proxy
+    User www-data
+    Hostname {{ .Domain }}
+    Port {{ .Port }}
+</pre>
+    </code>
+
+    <p>
+        and then connect simply via:
+    </p>
+
+    <code>
+        ssh {{ .Hostname }}
+    </code>
+</div>
+</div>
+{{ end }}

internal/dis/component/auth/panel/templates/ssh_add.html

@@ -0,0 +1,11 @@
+{{ template "_form.html" . }}
+{{ define "form/title" }}Add SSH Key{{ end }}
+{{ define "form/button" }}Add{{ end }}
+
+{{ define "form/inside" }}
+<div>
+   <p>
+      Use this form to add a new <em>SSH Key</em> to your account.
+   </p>
+</div>
+{{ end }}

internal/dis/component/auth/panel/user.go

@@ -41,13 +41,14 @@ func (panel *UserPanel) routeUser(ctx context.Context) http.Handler {
 			{Title: "User", Path: "/user/"},
 		},
 		Actions: []component.MenuItem{
-			{Title: "Change Password", Path: "/user/password"},
+			{Title: "Change Password", Path: "/user/password/"},
+			{Title: "*to be replaced*", Path: ""},
+			{Title: "SSH Keys", Path: "/user/ssh/"},
 		},
 	}
 
 	return &httpx.HTMLHandler[routeUserContext]{
 		Handler: func(r *http.Request) (ruc routeUserContext, err error) {
-
 			// find the user
 			ruc.AuthUser, err = panel.Dependencies.Auth.UserOf(r)
 			if err != nil || ruc.AuthUser == nil {
@@ -57,15 +58,15 @@ func (panel *UserPanel) routeUser(ctx context.Context) http.Handler {
 			// build the gaps
 			gaps := gaps.Clone()
 			if ruc.AuthUser.IsTOTPEnabled() {
-				gaps.Actions = append(gaps.Actions, component.MenuItem{
+				gaps.Actions[1] = component.MenuItem{
 					Title: "Disable Passcode (TOTP)",
 					Path:  "/user/totp/disable/",
-				})
+				}
 			} else {
-				gaps.Actions = append(gaps.Actions, component.MenuItem{
+				gaps.Actions[1] = component.MenuItem{
 					Title: "Enable Passcode (TOTP)",
 					Path:  "/user/totp/enable/",
-				})
+				}
 			}
 			panel.Dependencies.Custom.Update(&ruc, r, gaps)
 

internal/dis/component/control/admin/html/index.html

@@ -134,14 +134,6 @@
                             <code>{{.Config.ConfigPath}}</code>
                         </td>
                     </tr>
-                    <tr>
-                        <td>
-                            <code>authorized_keys</code>
-                        </td>
-                        <td>
-                            <code>{{.Config.GlobalAuthorizedKeysFile}}</code>
-                        </td>
-                    </tr>
                 </tbody>
             </table>
         </div>

internal/dis/component/control/admin/users.go

@@ -37,6 +37,9 @@ func (admin *Admin) users(r *http.Request) (uc userContext, err error) {
 			{Title: "Admin", Path: "/admin/"},
 			{Title: "Users", Path: "/admin/users/"},
 		},
+		Actions: []component.MenuItem{
+			{Title: "Create New", Path: "/admin/users/create/"},
+		},
 	})
 
 	uc.Error = r.URL.Query().Get("error")
@@ -70,9 +73,6 @@ func (admin *Admin) createUser(ctx context.Context) http.Handler {
 			{Title: "Users", Path: "/admin/users"},
 			{Title: "Create", Path: "/admin/users/create"},
 		},
-		Actions: []component.MenuItem{
-			{Title: "Create New", Path: "/admin/users/create/"},
-		},
 	}
 
 	return &httpx.Form[createUserResult]{

internal/dis/component/control/control.env

@@ -2,7 +2,6 @@ HOST_RULE=${HOST_RULE}
 
 CONFIG_PATH=${CONFIG_PATH}
 DEPLOY_ROOT=${DEPLOY_ROOT}
-GLOBAL_AUTHORIZED_KEYS_FILE=${GLOBAL_AUTHORIZED_KEYS_FILE}
 SELF_OVERRIDES_FILE=${SELF_OVERRIDES_FILE}
 SELF_RESOLVER_BLOCK_FILE=${SELF_RESOLVER_BLOCK_FILE}
 

internal/dis/component/control/control.go

@@ -49,7 +49,6 @@ func (control *Control) Stack(env environment.Environment) component.StackWithRe
 			"CONFIG_PATH": control.Config.ConfigPath,
 			"DEPLOY_ROOT": control.Config.DeployRoot,
 
-			"GLOBAL_AUTHORIZED_KEYS_FILE": control.Config.GlobalAuthorizedKeysFile,
 			"SELF_OVERRIDES_FILE":      control.Config.SelfOverridesFile,
 			"SELF_RESOLVER_BLOCK_FILE": control.Config.SelfResolverBlockFile,
 

internal/dis/component/control/control/Dockerfile

@@ -2,4 +2,4 @@ FROM docker.io/library/docker:20.10-cli
 
 COPY wdcli /wdcli
 EXPOSE 8888
-CMD ["/wdcli","--internal-in-docker","server","--bind","0.0.0.0:8888"]
+CMD ["/wdcli","--internal-in-docker","server","--bind","0.0.0.0:8888", "--internal-bind", "0.0.0.0:9999"]

internal/dis/component/control/control/docker-compose.yml

@@ -25,7 +25,6 @@ services:
       - "/var/run/docker.sock:/var/run/docker.sock"
       - "${CONFIG_PATH}:${CONFIG_PATH}:ro"
       - "${DEPLOY_ROOT}:${DEPLOY_ROOT}:rw"
-      - "${GLOBAL_AUTHORIZED_KEYS_FILE}:${GLOBAL_AUTHORIZED_KEYS_FILE}:ro"
       - "${SELF_OVERRIDES_FILE}:${SELF_OVERRIDES_FILE}:ro"
       - "${SELF_RESOLVER_BLOCK_FILE}:${SELF_RESOLVER_BLOCK_FILE}:ro"
       - "${CUSTOM_ASSETS_PATH}:${CUSTOM_ASSETS_PATH}:ro"

internal/dis/component/control/news/NEWS/2023-01-15-news.md

@@ -0,0 +1,9 @@
+---
+title: Reworked SSH key support
+date: 2023-01-15
+---
+
+- reworked and added ssh key management to the server
+    - users can now add and remove ssh keys to their account
+    - each user with an admin grant for a specific instance has ssh access via their keys
+    - distillery administrators have implicit access to all instances

internal/dis/component/control/server.go

@@ -18,17 +18,17 @@ import (
 // The server may spawn background tasks, but these should be terminated once context closes.
 //
 // Logging messages are directed to progress
-func (control *Control) Server(ctx context.Context, progress io.Writer) (http.Handler, error) {
+func (control *Control) Server(ctx context.Context, progress io.Writer) (public http.Handler, internal http.Handler, err error) {
 	logger := zerolog.Ctx(ctx)
 
-	var mux mux.Mux[component.RouteContext]
+	var publicM, internalM mux.Mux[component.RouteContext]
-	mux.Context = func(r *http.Request) component.RouteContext {
+	publicM.Context = func(r *http.Request) component.RouteContext {
 		slug, ok := control.Still.Config.SlugFromHost(r.Host)
 		return component.RouteContext{
 			DefaultDomain: slug == "" && ok,
 		}
 	}
-	mux.Panic = func(panic any, w http.ResponseWriter, r *http.Request) {
+	publicM.Panic = func(panic any, w http.ResponseWriter, r *http.Request) {
 		// log the panic
 		logger.Error().
 			Str("panic", fmt.Sprint(panic)).
@@ -39,6 +39,10 @@ func (control *Control) Server(ctx context.Context, progress io.Writer) (http.Ha
 		httpx.TextInterceptor.Fallback.ServeHTTP(w, r)
 	}
 
+	// setup the internal server identically
+	internalM.Panic = publicM.Panic
+	internalM.Context = publicM.Context
+
 	// create a csrf protector
 	csrfProtector := control.CSRF()
 
@@ -52,6 +56,7 @@ func (control *Control) Server(ctx context.Context, progress io.Writer) (http.Ha
 			Bool("Exact", routes.Exact).
 			Bool("CSRF", routes.CSRF).
 			Bool("Decorator", routes.Decorator != nil).
+			Bool("Internal", routes.Internal).
 			Bool("MatchAllDomains", routes.MatchAllDomains).
 			Msg("mounting route")
 
@@ -69,19 +74,23 @@ func (control *Control) Server(ctx context.Context, progress io.Writer) (http.Ha
 		handler = routes.Decorate(handler, csrfProtector)
 
 		// determine the predicate
-		predicate := routes.Predicate(mux.ContextOf)
+		predicate := routes.Predicate(publicM.ContextOf)
 
 		// and add all the prefixes
 		for _, prefix := range append([]string{routes.Prefix}, routes.Aliases...) {
-			mux.Add(prefix, predicate, routes.Exact, handler)
+			if routes.Internal {
+				internalM.Add(prefix, predicate, routes.Exact, handler)
+			} else {
+				publicM.Add(prefix, predicate, routes.Exact, handler)
+			}
 		}
 	}
 
 	// apply the given context function
-	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+	public = httpx.WithContextWrapper(&publicM, func(rcontext context.Context) context.Context { return cancel.ValuesOf(rcontext, ctx) })
-		r = r.WithContext(cancel.ValuesOf(r.Context(), ctx))
+	internal = httpx.WithContextWrapper(&internalM, func(rcontext context.Context) context.Context { return cancel.ValuesOf(rcontext, ctx) })
-		mux.ServeHTTP(w, r)
+	err = nil
-	}), nil
+	return
 }
 
 // CSRF returns a CSRF handler for the given function

internal/dis/component/control/static/assets_dist.go

@@ -15,12 +15,12 @@ var AssetsDefault = Assets{
 
 // AssetsUser contains assets for the 'User' entrypoint.
 var AssetsUser = Assets{
-	Scripts: `<script type="module" src="/static/Default.38d394c2.js"></script><script src="/static/Default.38d394c2.js" nomodule="" defer></script><script type="module" src="/static/User.4197014b.js"></script><script src="/static/User.30d54198.js" nomodule="" defer></script>`,
+	Scripts: `<script type="module" src="/static/Default.38d394c2.js"></script><script src="/static/Default.38d394c2.js" nomodule="" defer></script><script type="module" src="/static/User.e0367d79.js"></script><script src="/static/User.b2f9a57c.js" nomodule="" defer></script>`,
-	Styles:  `<link rel="stylesheet" href="/static/Default.db26a303.css"><link rel="stylesheet" href="/static/User.38d394c2.css">`,	
+	Styles:  `<link rel="stylesheet" href="/static/Default.db26a303.css"><link rel="stylesheet" href="/static/User.68febbf8.css"><link rel="stylesheet" href="/static/User.840de3b4.css">`,	
 }
 
 // AssetsAdmin contains assets for the 'Admin' entrypoint.
 var AssetsAdmin = Assets{
-	Scripts: `<script nomodule="" defer src="/static/User.30d54198.js"></script><script type="module" src="/static/User.4197014b.js"></script><script type="module" src="/static/Default.38d394c2.js"></script><script src="/static/Default.38d394c2.js" nomodule="" defer></script><script type="module" src="/static/Admin.4ca3cb6f.js"></script><script src="/static/Admin.9750ba9c.js" nomodule="" defer></script>`,
+	Scripts: `<script nomodule="" defer src="/static/User.b2f9a57c.js"></script><script type="module" src="/static/User.e0367d79.js"></script><script type="module" src="/static/Default.38d394c2.js"></script><script src="/static/Default.38d394c2.js" nomodule="" defer></script><script type="module" src="/static/Admin.4ca3cb6f.js"></script><script src="/static/Admin.9750ba9c.js" nomodule="" defer></script>`,
-	Styles:  `<link rel="stylesheet" href="/static/Default.db26a303.css"><link rel="stylesheet" href="/static/Admin.6d59e220.css"><link rel="stylesheet" href="/static/User.38d394c2.css"><link rel="stylesheet" href="/static/Admin.6d2ae968.css">`,	
+	Styles:  `<link rel="stylesheet" href="/static/Default.db26a303.css"><link rel="stylesheet" href="/static/Admin.6d59e220.css"><link rel="stylesheet" href="/static/User.840de3b4.css"><link rel="stylesheet" href="/static/User.68febbf8.css"><link rel="stylesheet" href="/static/Admin.6d2ae968.css">`,	
 }

internal/dis/component/control/static/dist/User.30d54198.js

@@ -1 +0,0 @@
-!function(){var e="undefined"!=typeof globalThis?globalThis:"undefined"!=typeof self?self:"undefined"!=typeof window?window:"undefined"!=typeof global?global:{},n={},r={},o=e.parcelRequireafa4;null==o&&((o=function(e){if(e in n)return n[e].exports;if(e in r){var o=r[e];delete r[e];var i={id:e,exports:{}};return n[e]=i,o.call(i.exports,i,i.exports),i.exports}var t=new Error("Cannot find module '"+e+"'");throw t.code="MODULE_NOT_FOUND",t}).register=function(e,n){r[e]=n},e.parcelRequireafa4=o),o.register("kEAtK",(function(e,n){})),o("kEAtK")}();

internal/dis/component/control/static/dist/User.4197014b.js

@@ -1 +0,0 @@
-var e="undefined"!=typeof globalThis?globalThis:"undefined"!=typeof self?self:"undefined"!=typeof window?window:"undefined"!=typeof global?global:{},n={},r={},o=e.parcelRequireafa4;null==o&&((o=function(e){if(e in n)return n[e].exports;if(e in r){var o=r[e];delete r[e];var i={id:e,exports:{}};return n[e]=i,o.call(i.exports,i,i.exports),i.exports}var t=new Error("Cannot find module '"+e+"'");throw t.code="MODULE_NOT_FOUND",t}).register=function(e,n){r[e]=n},e.parcelRequireafa4=o),o.register("gkpdw",(function(e,n){})),o("gkpdw");

internal/dis/component/control/static/dist/User.68febbf8.css

@@ -0,0 +1 @@
+.copy{-webkit-user-select:all;user-select:all}

internal/dis/component/control/static/dist/User.840de3b4.css

@@ -0,0 +1 @@
+textarea#key{width:50%;height:10em;resize:both}

internal/dis/component/control/static/dist/User.b2f9a57c.js

@@ -0,0 +1 @@
+!function(){var e="undefined"!=typeof globalThis?globalThis:"undefined"!=typeof self?self:"undefined"!=typeof window?window:"undefined"!=typeof global?global:{},r={},n={},o=e.parcelRequireafa4;null==o&&((o=function(e){if(e in r)return r[e].exports;if(e in n){var o=n[e];delete n[e];var t={id:e,exports:{}};return r[e]=t,o.call(t.exports,t,t.exports),t.exports}var i=new Error("Cannot find module '"+e+"'");throw i.code="MODULE_NOT_FOUND",i}).register=function(e,r){n[e]=r},e.parcelRequireafa4=o),o.register("kEAtK",(function(e,r){o("15EWx")})),o.register("15EWx",(function(e,r){document.querySelectorAll(".copy").forEach((e=>{e.addEventListener("click",(()=>{navigator.clipboard&&navigator.clipboard.writeText(e.innerText)}))}))})),o("kEAtK")}();

internal/dis/component/control/static/dist/User.e0367d79.js

@@ -0,0 +1 @@
+var e="undefined"!=typeof globalThis?globalThis:"undefined"!=typeof self?self:"undefined"!=typeof window?window:"undefined"!=typeof global?global:{},r={},n={},o=e.parcelRequireafa4;null==o&&((o=function(e){if(e in r)return r[e].exports;if(e in n){var o=n[e];delete n[e];var i={id:e,exports:{}};return r[e]=i,o.call(i.exports,i,i.exports),i.exports}var t=new Error("Cannot find module '"+e+"'");throw t.code="MODULE_NOT_FOUND",t}).register=function(e,r){n[e]=r},e.parcelRequireafa4=o),o.register("gkpdw",(function(e,r){o("hZNgY")})),o.register("hZNgY",(function(e,r){document.querySelectorAll(".copy").forEach((e=>{e.addEventListener("click",(()=>{navigator.clipboard&&navigator.clipboard.writeText(e.innerText)}))}))})),o("gkpdw");

internal/dis/component/control/static/src/entry/User/index.css

@@ -1 +1,6 @@
-/* nothing for now */
+/* textarea on the /user/ssh/add form */
+textarea#key {
+    width: 50%;
+    height: 10em;
+    resize: both; 
+}

internal/dis/component/control/static/src/entry/User/index.ts

@@ -1 +1 @@
-// nothing for now
+import "~/src/lib/copy"

internal/dis/component/control/static/src/lib/copy/index.css

@@ -0,0 +1,3 @@
+.copy {
+    user-select: all;
+}

internal/dis/component/control/static/src/lib/copy/index.ts

@@ -0,0 +1,8 @@
+import "./index.css"
+
+document.querySelectorAll('.copy').forEach((elem: Element) => {
+    elem.addEventListener('click', () => {
+        if (!navigator.clipboard) return;
+         navigator.clipboard.writeText((elem as HTMLElement).innerText);
+    })
+})

internal/dis/component/exporter/extras_config.go

@@ -41,6 +41,5 @@ func (control *Config) backupFiles() []string {
 		control.Config.ExecutablePath(),
 		control.Config.SelfOverridesFile,
 		control.Config.SelfResolverBlockFile,
-		control.Config.GlobalAuthorizedKeysFile,
 	}
 }

internal/dis/component/instances/malt/malt.go

@@ -6,6 +6,7 @@ import (
 	"github.com/FAU-CDI/wisski-distillery/internal/dis/component/exporter/logger"
 	"github.com/FAU-CDI/wisski-distillery/internal/dis/component/meta"
 	"github.com/FAU-CDI/wisski-distillery/internal/dis/component/sql"
+	"github.com/FAU-CDI/wisski-distillery/internal/dis/component/ssh2/sshkeys"
 	"github.com/FAU-CDI/wisski-distillery/internal/dis/component/triplestore"
 )
 
@@ -21,4 +22,6 @@ type Malt struct {
 	Meta        *meta.Meta               `auto:"true"`
 	ExporterLog *logger.Logger           `auto:"true"`
 	Policy      *policy.Policy           `auto:"true"`
+
+	Keys *sshkeys.SSHKeys `auto:"true"`
 }

internal/dis/component/server.go

@@ -26,6 +26,10 @@ type Routes struct {
 	// MatchAllDomains indicates that all domains, even the non-default domain, should be matched
 	MatchAllDomains bool
 
+	// Internal indicates that this route should only answer on the internal server.
+	// Internal implies MatchAllDomains.
+	Internal bool
+
 	// MenuTitle and MenuPriority return the priority and title of this menu item
 	MenuTitle    string
 	MenuPriority MenuPriority
@@ -52,7 +56,7 @@ type RouteContext struct {
 
 // Predicate returns the predicate corresponding to the given route
 func (routes Routes) Predicate(context func(*http.Request) RouteContext) mux.Predicate {
-	if routes.MatchAllDomains {
+	if routes.MatchAllDomains || routes.Internal {
 		return nil
 	}
 

internal/dis/component/ssh2/api.go

@@ -0,0 +1,58 @@
+package ssh2
+
+import (
+	"context"
+	"net/http"
+
+	"github.com/FAU-CDI/wisski-distillery/internal/dis/component"
+	"github.com/FAU-CDI/wisski-distillery/pkg/httpx"
+	gossh "golang.org/x/crypto/ssh"
+)
+
+func (ssh2 *SSH2) Routes() component.Routes {
+	return component.Routes{
+		Prefix:   "/authorized_keys/",
+		Exact:    true,
+		Internal: true,
+	}
+}
+func (ssh2 *SSH2) HandleRoute(ctx context.Context, path string) (http.Handler, error) {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		// fetch the global keys
+		gkeys, err := ssh2.Dependencies.Keys.Admin(r.Context())
+		if err != nil {
+			httpx.TextInterceptor.Intercept(w, r, err)
+			return
+		}
+
+		// find the host
+		slug, ok := ssh2.Config.SlugFromHost(r.Host)
+		if slug == "" || !ok {
+			httpx.TextInterceptor.Intercept(w, r, httpx.ErrNotFound)
+			return
+		}
+
+		// fetch the instance
+		instance, err := ssh2.Dependencies.Instances.WissKI(r.Context(), slug)
+		if err != nil {
+			httpx.TextInterceptor.Intercept(w, r, httpx.ErrNotFound)
+			return
+		}
+
+		// fetch the instance keys
+		keys, err := instance.SSH().Keys(r.Context())
+		if err != nil {
+			httpx.TextInterceptor.Intercept(w, r, err)
+			return
+		}
+
+		// marshal out everything!
+		for _, key := range gkeys {
+			w.Write(gossh.MarshalAuthorizedKey(key))
+		}
+		for _, key := range keys {
+			w.Write(gossh.MarshalAuthorizedKey(key))
+		}
+
+	}), nil
+}

internal/dis/component/ssh2/server_auth.go

@@ -1,8 +1,7 @@
 package ssh2
 
 import (
-	"time"
+	"github.com/FAU-CDI/wisski-distillery/internal/dis/component/ssh2/sshkeys"
-
 	"github.com/gliderlabs/ssh"
 )
 
@@ -47,19 +46,17 @@ func getAnyPermission(context ssh.Context) (string, bool) {
 	return "", (false || value[""])
 }
 
-const authDelay = time.Second / 10
-
 func (ssh2 *SSH2) handleAuth(ctx ssh.Context, key ssh.PublicKey) bool {
-	return slowdown(func() (ok bool) {
+	return sshkeys.Slowdown(func() (ok bool) {
 		permissions := make(map[string]bool)
 
 		// grab the global permissions
 		{
-			globalKeys, err := ssh2.GlobalKeys()
+			globalKeys, err := ssh2.Dependencies.Keys.Admin(ctx)
 			if err != nil {
 				return false
 			}
-			permissions[""] = isKey(globalKeys, key)
+			permissions[""] = sshkeys.KeyOneOf(globalKeys, key)
 			ok = permissions[""]
 		}
 
@@ -71,11 +68,11 @@ func (ssh2 *SSH2) handleAuth(ctx ssh.Context, key ssh.PublicKey) bool {
 			}
 
 			for _, instance := range instances {
-				ikeys, err := instance.SSH().Keys()
+				ikeys, err := instance.SSH().Keys(ctx)
 				if err != nil {
 					continue
 				}
-				access := isKey(ikeys, key)
+				access := sshkeys.KeyOneOf(ikeys, key)
 
 				permissions[instance.Slug] = access || permissions[""]
 				ok = ok || access
@@ -84,27 +81,5 @@ func (ssh2 *SSH2) handleAuth(ctx ssh.Context, key ssh.PublicKey) bool {
 
 		setPermissions(ctx, permissions)
 		return
-	}, authDelay)
+	})
-}
-
-// slowdown invokes f immediatly, but only returns the result to the caller after at least duration.
-// It can be used to prevent timing attacks
-func slowdown[T any](f func() T, duration time.Duration) T {
-	result := make(chan T, 1)
-	go func() {
-		result <- f()
-	}()
-	time.Sleep(duration)
-	return <-result
-}
-
-// isKey checks if keys contains key in O(len(keys))
-func isKey(keys []ssh.PublicKey, key ssh.PublicKey) bool {
-	var res bool
-	for _, ak := range keys {
-		if ssh.KeysEqual(ak, key) {
-			res = true
-		}
-	}
-	return res
 }

internal/dis/component/ssh2/ssh2.env

@@ -2,7 +2,6 @@ HOST_RULE=${HOST_RULE}
 
 CONFIG_PATH=${CONFIG_PATH}
 DEPLOY_ROOT=${DEPLOY_ROOT}
-GLOBAL_AUTHORIZED_KEYS_FILE=${GLOBAL_AUTHORIZED_KEYS_FILE}
 SELF_OVERRIDES_FILE=${SELF_OVERRIDES_FILE}
 SELF_RESOLVER_BLOCK_FILE=${SELF_RESOLVER_BLOCK_FILE}
 

internal/dis/component/ssh2/ssh2.go

@@ -1,34 +1,24 @@
 package ssh2
 
 import (
-	"io"
-
 	"github.com/FAU-CDI/wisski-distillery/internal/dis/component"
+	"github.com/FAU-CDI/wisski-distillery/internal/dis/component/auth"
 	"github.com/FAU-CDI/wisski-distillery/internal/dis/component/instances"
-	"github.com/FAU-CDI/wisski-distillery/pkg/sshx"
+	"github.com/FAU-CDI/wisski-distillery/internal/dis/component/sql"
-	"github.com/gliderlabs/ssh"
+	"github.com/FAU-CDI/wisski-distillery/internal/dis/component/ssh2/sshkeys"
 )
 
 type SSH2 struct {
 	component.Base
 	Dependencies struct {
+		SQL       *sql.SQL
 		Instances *instances.Instances
+		Auth      *auth.Auth
+		Keys      *sshkeys.SSHKeys
 	}
 }
 
 var (
 	_ component.Installable = (*SSH2)(nil)
+	_ component.Routeable   = (*SSH2)(nil)
 )
-
-// GlobalKeys returns the global authorized keys
-func (s *SSH2) GlobalKeys() ([]ssh.PublicKey, error) {
-	file, err := s.Environment.Open(s.Config.GlobalAuthorizedKeysFile)
-	if err != nil {
-		return nil, err
-	}
-	bytes, err := io.ReadAll(file)
-	if err != nil {
-		return nil, err
-	}
-	return sshx.ParseAllKeys(bytes), nil
-}

internal/dis/component/ssh2/ssh2/docker-compose.yml

@@ -12,7 +12,6 @@ services:
       - "/var/run/docker.sock:/var/run/docker.sock"
       - "${CONFIG_PATH}:${CONFIG_PATH}:ro"
       - "${DEPLOY_ROOT}:${DEPLOY_ROOT}:rw"
-      - "${GLOBAL_AUTHORIZED_KEYS_FILE}:${GLOBAL_AUTHORIZED_KEYS_FILE}:ro"
       - "${SELF_OVERRIDES_FILE}:${SELF_OVERRIDES_FILE}:ro"
       - "${SELF_RESOLVER_BLOCK_FILE}:${SELF_RESOLVER_BLOCK_FILE}:ro"
       - "./data/:/data/"

internal/dis/component/ssh2/sshkeys/sshkeys.go

@@ -0,0 +1,51 @@
+package sshkeys
+
+import (
+	"context"
+
+	"github.com/FAU-CDI/wisski-distillery/internal/dis/component"
+	"github.com/FAU-CDI/wisski-distillery/internal/dis/component/auth"
+	"github.com/FAU-CDI/wisski-distillery/internal/dis/component/sql"
+	"github.com/gliderlabs/ssh"
+)
+
+type SSHKeys struct {
+	component.Base
+	Dependencies struct {
+		SQL  *sql.SQL
+		Auth *auth.Auth
+	}
+}
+
+var (
+	_ component.Table          = (*SSHKeys)(nil)
+	_ component.UserDeleteHook = (*SSHKeys)(nil)
+)
+
+// Admin returns the set of administrative ssh keys.
+// These are ssh keys associated to distillery admin users.
+func (k *SSHKeys) Admin(ctx context.Context) (keys []ssh.PublicKey, err error) {
+	users, err := k.Dependencies.Auth.Users(ctx)
+	if err != nil {
+		return nil, err
+	}
+
+	// iterate over enabled distillery admin users
+	for _, user := range users {
+		if !user.IsEnabled() || !user.IsAdmin() {
+			continue
+		}
+		ukeys, err := k.Keys(ctx, user.User.User)
+		if err != nil {
+			return nil, err
+		}
+		for _, ukey := range ukeys {
+			if pk := ukey.PublicKey(); pk != nil {
+				keys = append(keys, pk)
+			}
+		}
+	}
+
+	// and return the keys!
+	return keys, nil
+}

internal/dis/component/ssh2/sshkeys/subtle.go

@@ -0,0 +1,55 @@
+package sshkeys
+
+import (
+	"crypto/rand"
+	"math/big"
+	"time"
+
+	"github.com/gliderlabs/ssh"
+)
+
+// KeyOneOf checks if keys is one of the given set of keys.
+func KeyOneOf(keys []ssh.PublicKey, key ssh.PublicKey) bool {
+	return len(KeyIndexes(keys, key)) > 0
+}
+
+// KeyIndexes returns a slice of ints that contain the indexes of the given key.
+func KeyIndexes(keys []ssh.PublicKey, key ssh.PublicKey) []int {
+	indexes := make([]int, 0, len(keys))
+	for i, cey := range keys {
+		if ssh.KeysEqual(key, cey) {
+			indexes = append(indexes, i)
+		}
+	}
+	return indexes
+}
+
+const (
+	slowdownMinDelay = time.Second / 10
+	slowdownJitter   = time.Second / 10
+)
+
+// slowdown invokes f immediatly, but introduces a random delay to prevent timing attacks.
+// the delay is also introduced if f() panics.
+func Slowdown[T any](f func() T) T {
+	start := time.Now()
+	defer func() {
+		// sleep the minimum remaining time
+		remain := time.Since(start) - slowdownMinDelay
+		if remain > 0 {
+			time.Sleep(remain)
+		}
+
+		// find a second random delay
+		delay, err := rand.Int(rand.Reader, big.NewInt(int64(slowdownJitter)))
+		if err != nil {
+			return
+		}
+
+		// and wait that long
+		time.Sleep(time.Duration(delay.Int64()))
+	}()
+
+	return f()
+
+}

internal/dis/component/ssh2/sshkeys/table.go

@@ -0,0 +1,128 @@
+package sshkeys
+
+import (
+	"context"
+
+	"github.com/FAU-CDI/wisski-distillery/internal/dis/component"
+	"github.com/FAU-CDI/wisski-distillery/internal/models"
+	"github.com/gliderlabs/ssh"
+	"github.com/tkw1536/goprogram/lib/reflectx"
+)
+
+func (ssh2 *SSHKeys) TableInfo() component.TableInfo {
+	return component.TableInfo{
+		Model: reflectx.TypeOf[models.Keys](),
+		Name:  models.KeysTable,
+	}
+}
+
+// Keys returns a list of keys for the given user
+func (ssh2 *SSHKeys) Keys(ctx context.Context, user string) ([]models.Keys, error) {
+	// the empty user has no key
+	if user == "" {
+		return nil, nil
+	}
+
+	// get the table
+	table, err := ssh2.Dependencies.SQL.QueryTable(ctx, ssh2)
+	if err != nil {
+		return nil, err
+	}
+
+	var keys []models.Keys
+
+	// make a query to find all keys (in the underlying model)
+	query := table.Find(&keys, &models.Keys{User: user})
+	if query.Error != nil {
+		return nil, query.Error
+	}
+
+	return keys, nil
+}
+
+// Add adds a new key to the given user, unless it already exists
+func (ssh2 *SSHKeys) Add(ctx context.Context, user string, comment string, key ssh.PublicKey) error {
+	// check that the given user exists
+	{
+		_, err := ssh2.Dependencies.Auth.User(ctx, user)
+		if err != nil {
+			return err
+		}
+	}
+
+	// fetch all the keys
+	keys, err := ssh2.Keys(ctx, user)
+	if err != nil {
+		return err
+	}
+
+	pks := make([]ssh.PublicKey, 0, len(keys))
+	for _, key := range keys {
+		if pk := key.PublicKey(); pk != nil {
+			pks = append(pks, pk)
+		}
+	}
+
+	// key already exists
+	if KeyOneOf(pks, key) {
+		return nil
+	}
+
+	// create a new key with the given comment
+	mk := models.Keys{
+		User:    user,
+		Comment: comment,
+	}
+	mk.SetPublicKey(key)
+
+	// get the table
+	table, err := ssh2.Dependencies.SQL.QueryTable(ctx, ssh2)
+	if err != nil {
+		return err
+	}
+
+	// create the key instance
+	return table.Create(&mk).Error
+}
+
+// Remove removes a given publuc key from a user.
+func (ssh2 *SSHKeys) Remove(ctx context.Context, user string, key ssh.PublicKey) error {
+	// find all the keys for the given user
+	keys, err := ssh2.Keys(ctx, user)
+	if err != nil {
+		return err
+	}
+
+	// iterate and find all the public keys
+	var pks []uint
+	for _, candidate := range keys {
+		if ssh.KeysEqual(candidate.PublicKey(), key) {
+			pks = append(pks, candidate.Pk)
+		}
+	}
+
+	// nothing to delete
+	if len(pks) == 0 {
+		return nil
+	}
+
+	// query the table again
+	table, err := ssh2.Dependencies.SQL.QueryTable(ctx, ssh2)
+	if err != nil {
+		return nil
+	}
+
+	// and do the delete
+	return table.Where("pk in ?", pks).Delete(&models.Keys{}).Error
+}
+
+func (ssh2 *SSHKeys) OnUserDelete(ctx context.Context, user *models.User) error {
+	// get the table
+	table, err := ssh2.Dependencies.SQL.QueryTable(ctx, ssh2)
+	if err != nil {
+		return err
+	}
+
+	// delete all keys for the user
+	return table.Delete(&models.Keys{}, &models.Keys{User: user.User}).Error
+}

internal/dis/component/ssh2/stack.go

@@ -31,7 +31,6 @@ func (ssh *SSH2) Stack(env environment.Environment) component.StackWithResources
 			"CONFIG_PATH": ssh.Config.ConfigPath,
 			"DEPLOY_ROOT": ssh.Config.DeployRoot,
 
-			"GLOBAL_AUTHORIZED_KEYS_FILE": ssh.Config.GlobalAuthorizedKeysFile,
 			"SELF_OVERRIDES_FILE":      ssh.Config.SelfOverridesFile,
 			"SELF_RESOLVER_BLOCK_FILE": ssh.Config.SelfResolverBlockFile,
 

internal/dis/distillery.go

@@ -28,6 +28,7 @@ import (
 	"github.com/FAU-CDI/wisski-distillery/internal/dis/component/solr"
 	"github.com/FAU-CDI/wisski-distillery/internal/dis/component/sql"
 	"github.com/FAU-CDI/wisski-distillery/internal/dis/component/ssh2"
+	"github.com/FAU-CDI/wisski-distillery/internal/dis/component/ssh2/sshkeys"
 	"github.com/FAU-CDI/wisski-distillery/internal/dis/component/triplestore"
 	"github.com/FAU-CDI/wisski-distillery/internal/dis/component/web"
 	"github.com/FAU-CDI/wisski-distillery/pkg/lazy"
@@ -81,6 +82,9 @@ func (dis *Distillery) SSH() *ssh2.SSH2 {
 func (dis *Distillery) Auth() *auth.Auth {
 	return export[*auth.Auth](dis)
 }
+func (dis *Distillery) Keys() *sshkeys.SSHKeys {
+	return export[*sshkeys.SSHKeys](dis)
+}
 
 func (dis *Distillery) Cron() *cron.Cron {
 	return export[*cron.Cron](dis)
@@ -162,6 +166,7 @@ func (dis *Distillery) allComponents() []initFunc {
 
 		// ssh server
 		auto[*ssh2.SSH2],
+		auto[*sshkeys.SSHKeys],
 
 		// Control server
 		auto[*control.Control],

internal/models/keys.go

@@ -0,0 +1,45 @@
+package models
+
+import (
+	"github.com/gliderlabs/ssh"
+	gossh "golang.org/x/crypto/ssh"
+)
+
+// KeysTable is the name of the table the [Keys] model is stored in.
+const KeysTable = "keys"
+
+// Keys represents a distillery ssh key
+type Keys struct {
+	Pk uint `gorm:"column:pk;primaryKey"`
+
+	User string `gorm:"column:user;not null"` // username of the ssh key
+
+	Signature []byte `gorm:"column:signature;not null"` // signature of the ssh key
+	Comment   string `gorm:"column:comment"`
+}
+
+// PublicKey returns the public key corresponding to this keys.
+// If the key cannot be parsed, returns nil.
+func (keys *Keys) PublicKey() ssh.PublicKey {
+	key, err := ssh.ParsePublicKey(keys.Signature)
+	if err != nil {
+		return nil
+	}
+	return key
+}
+
+func (keys *Keys) SignatureString() string {
+	// try to get the public key
+	key := keys.PublicKey()
+	if key == nil {
+		return ""
+	}
+
+	// marshal the key!
+	return string(gossh.MarshalAuthorizedKey(key))
+}
+
+// SetPublicKey stores a specific public key in this key
+func (keys *Keys) SetPublicKey(key ssh.PublicKey) {
+	keys.Signature = key.Marshal()
+}

internal/status/wisski.go

@@ -29,7 +29,7 @@ type WissKI struct {
 	// List of backups made
 	Snapshots []models.Export
 
-	// List of SSH Keys
+	// List of SSH Keys that have access to this server
 	SSHKeys []string
 
 	// WissKI content information

internal/wisski/ingredient/barrel/barrel.env

@@ -1,6 +1,5 @@
 DATA_PATH=${DATA_PATH}
 RUNTIME_DIR=${RUNTIME_DIR}
-GLOBAL_AUTHORIZED_KEYS_FILE=${GLOBAL_AUTHORIZED_KEYS_FILE}
 
 SLUG=${SLUG}
 VIRTUAL_HOST=${VIRTUAL_HOST}

internal/wisski/ingredient/barrel/barrel.go

@@ -20,7 +20,3 @@ type Barrel struct {
 func (barrel *Barrel) DataPath() string {
 	return filepath.Join(barrel.FilesystemBase, "data")
 }
-
-func (barrel *Barrel) AuthorizedKeysPath() string {
-	return filepath.Join(barrel.DataPath(), "authorized_keys")
-}

internal/wisski/ingredient/barrel/barrel/docker-compose.yml

@@ -8,9 +8,6 @@ services:
 
     # label it with the current slug
     labels:
-      - "eu.wiss-ki.barrel.slug=${SLUG}"
-      - "eu.wiss-ki.barrel.authfile=/var/www/.ssh/authorized_keys,/var/www/.ssh/global_authorized_keys"
-
       - "traefik.enable=True"
       - "eu.wiss-ki.barrel.distillery=${DOCKER_NETWORK_NAME}"
 
@@ -21,12 +18,10 @@ services:
     
     # volumes that are mounted
     volumes:
-      - ${GLOBAL_AUTHORIZED_KEYS_FILE}:/var/www/.ssh/global_authorized_keys:ro
       - ${DATA_PATH}/.composer:/var/www/.composer
       - ${DATA_PATH}/data:/var/www/data
       - ${DATA_PATH}/home:/var/www/
       - ${DATA_PATH}/hostkeys:/ssh/hostkeys:rw
-      - ${DATA_PATH}/authorized_keys:/var/www/.ssh/authorized_keys
       - ${RUNTIME_DIR}:/runtime:ro
 
 networks:

internal/wisski/ingredient/barrel/barrel/ssh/keys.sh

@@ -1,3 +1,3 @@
 #!/bin/bash
 
-cat /var/www/.ssh/authorized_keys /var/www/.ssh/global_authorized_keys 2> /dev/null || exit 0
+curl -H "Host:$(hostname -f)" http://dis:9999/authorized_keys

internal/wisski/ingredient/barrel/ssh/ssh.go

@@ -1,13 +1,11 @@
 package ssh
 
 import (
-	"io"
+	"context"
 
 	"github.com/FAU-CDI/wisski-distillery/internal/status"
 	"github.com/FAU-CDI/wisski-distillery/internal/wisski/ingredient"
 	"github.com/FAU-CDI/wisski-distillery/internal/wisski/ingredient/barrel"
-	"github.com/FAU-CDI/wisski-distillery/pkg/environment"
-	"github.com/FAU-CDI/wisski-distillery/pkg/sshx"
 	"github.com/gliderlabs/ssh"
 	gossh "golang.org/x/crypto/ssh"
 )
@@ -23,28 +21,57 @@ var (
 	_ ingredient.WissKIFetcher = (*SSH)(nil)
 )
 
-func (ssh *SSH) Keys() ([]ssh.PublicKey, error) {
+func (ssh *SSH) Keys(ctx context.Context) (keys []ssh.PublicKey, err error) {
-	file, err := ssh.Environment.Open(ssh.Dependencies.Barrel.AuthorizedKeysPath())
+	grants, err := ssh.Liquid.Policy.Instance(ctx, ssh.Slug)
-	if environment.IsNotExist(err) {
-		return nil, nil
-	}
 	if err != nil {
 		return nil, err
 	}
 
-	bytes, err := io.ReadAll(file)
+	// iterate over enabled distillery admin users
+	for _, grant := range grants {
+		if !grant.DrupalAdminRole {
+			continue
+		}
+		ukeys, err := ssh.Liquid.Keys.Keys(ctx, grant.User)
 		if err != nil {
 			return nil, err
 		}
-	return sshx.ParseAllKeys(bytes), nil
+		for _, ukey := range ukeys {
+			if pk := ukey.PublicKey(); pk != nil {
+				keys = append(keys, pk)
+			}
+		}
 	}
 
-func (sshx *SSH) Fetch(flags ingredient.FetcherFlags, info *status.WissKI) error {
+	// and return the keys!
+	return keys, nil
+}
+
+// AllKeys returns the keys specifically registered to this instance and all the globally registered keys.
+func (ssh *SSH) AllKeys(ctx context.Context) (keys []ssh.PublicKey, err error) {
+	lkeys, err := ssh.Keys(ctx)
+	if err != nil {
+		return nil, err
+	}
+
+	gkeys, err := ssh.Liquid.Keys.Admin(ctx)
+	if err != nil {
+		return nil, err
+	}
+
+	keys = append(keys, lkeys...)
+	keys = append(keys, gkeys...)
+
+	return keys, nil
+}
+
+func (ssh *SSH) Fetch(flags ingredient.FetcherFlags, info *status.WissKI) error {
 	if flags.Quick {
 		return nil
 	}
 
-	keys, err := sshx.Keys()
+	// add the instance keys
+	keys, err := ssh.AllKeys(flags.Context)
 	if err != nil {
 		return err
 	}
@@ -53,5 +80,6 @@ func (sshx *SSH) Fetch(flags ingredient.FetcherFlags, info *status.WissKI) error
 	for i, key := range keys {
 		info.SSHKeys[i] = string(gossh.MarshalAuthorizedKey(key))
 	}
+
 	return nil
 }

internal/wisski/ingredient/barrel/stack.go

@@ -31,13 +31,8 @@ func (barrel *Barrel) Stack() component.StackWithResources {
 
 			"DATA_PATH":   filepath.Join(barrel.FilesystemBase, "data"),
 			"RUNTIME_DIR": barrel.Malt.Config.RuntimeDir(),
-			"GLOBAL_AUTHORIZED_KEYS_FILE": barrel.Malt.Config.GlobalAuthorizedKeysFile,
 		},
 
 		MakeDirs: []string{"data", ".composer"},
-
-		TouchFiles: []string{
-			filepath.Join("data", "authorized_keys"),
-		},
 	}
 }

internal/wisski/liquid/domain.go

@@ -1,13 +1,12 @@
 package liquid
 
 import (
-	"fmt"
 	"net/url"
 )
 
 // Domain returns the full domain name of this WissKI
 func (liquid *Liquid) Domain() string {
-	return fmt.Sprintf("%s.%s", liquid.Slug, liquid.Malt.Config.DefaultDomain)
+	return liquid.Config.HostFromSlug(liquid.Slug)
 }
 
 // URL returns the public URL of this instance

pkg/httpx/field/field.go

@@ -6,9 +6,23 @@ import (
 )
 
 // DefaultFieldTemplate is the default template to render fields.
-var DefaultFieldTemplate = template.Must(template.New("").Parse(`<input type="{{.Type}}" value="{{.Value}}" name="{{.Name}}" placeholder={{.Placeholder}}{{if .Autocomplete }} autocomplete="{{.Autocomplete}}{{end}}>`))
+var DefaultFieldTemplate = template.Must(template.New("").Parse(`
+{{ if (eq .Type "textarea" )}}
+<textarea name="{{.Name}}" id="{{.Name}}" placeholder="{{.Placeholder}}"{{if .Autocomplete }} autocomplete="{{.Autocomplete}}" {{end}}>{{.Value}}</textarea>
+{{ else }}
+<input type="{{.Type}}" value="{{.Value}}" name="{{.Name}}" placeholder={{.Placeholder}}{{if .Autocomplete }} autocomplete="{{.Autocomplete}}{{end}}>
+{{ end }}`))
+
 var PureCSSFieldTemplate = template.Must(template.New("").Parse(`
-<div class="pure-control-group"><label for="{{.Name}}">{{.Label}}</label><input type="{{.Type}}" value="{{.Value}}" name="{{.Name}}" id="{{.Name}}" placeholder="{{.Placeholder}}"{{if .Autocomplete }} autocomplete="{{.Autocomplete}}" {{end}}></div>`))
+
+<div class="pure-control-group">
+<label for="{{.Name}}">{{.Label}}</label>
+{{ if (eq .Type "textarea" )}}
+<textarea name="{{.Name}}" id="{{.Name}}" placeholder="{{.Placeholder}}"{{if .Autocomplete }} autocomplete="{{.Autocomplete}}" {{end}}>{{.Value}}</textarea>
+{{ else }}
+<input type="{{.Type}}" value="{{.Value}}" name="{{.Name}}" id="{{.Name}}" placeholder="{{.Placeholder}}"{{if .Autocomplete }} autocomplete="{{.Autocomplete}}" {{end}}>
+{{ end }}
+</div>`))
 
 // Field represents a field inside a form.
 type Field struct {

pkg/httpx/field/type.go

@@ -27,4 +27,6 @@ const (
 	Url           InputType = "url"
 	Week          InputType = "week"
 	Datetime      InputType = "datetime"
+
+	Textarea InputType = "textarea" // special
 )

pkg/httpx/wrap.go

@@ -0,0 +1,14 @@
+package httpx
+
+import (
+	"context"
+	"net/http"
+)
+
+// WithContextWrapper generates a new handler that wraps the context of each request with the wrapper function.
+func WithContextWrapper(handler http.Handler, wrapper func(context.Context) context.Context) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		r = r.WithContext(wrapper(r.Context()))
+		handler.ServeHTTP(w, r)
+	})
+}