Add console flag to ssh commands

This commit adds the `--console` flag to the following commands: * `step ssh certificate` * `step ssh config` * `step ssh hosts` * `step ssh login` * `step ssh proxycommand`
smallstep · Jul 16, 2024 · 2a6e644 · 2a6e644
1 parent 3b1e836
commit 2a6e644
Show file tree

Hide file tree

Showing 10 changed files with 21 additions and 23 deletions.
diff --git a/command/ca/ca.go b/command/ca/ca.go
@@ -137,11 +137,6 @@ location being served by an existing fileserver in order to respond to ACME
 challenge validation requests.`,
  }
 
- consoleFlag = cli.BoolFlag{
- Name: "console",
- Usage: "Complete the flow while remaining inside the terminal",
- }
-
  fingerprintFlag = cli.StringFlag{
  Name: "fingerprint",
  Usage: "The <fingerprint> of the targeted root certificate.",

diff --git a/command/ca/certificate.go b/command/ca/certificate.go
@@ -191,7 +191,7 @@ multiple SANs. The '--san' flag and the '--token' flag are mutually exclusive.`,
  flags.Force,
  flags.Offline,
  flags.PasswordFile,
- consoleFlag,
+ flags.Console,
  flags.KMSUri,
  flags.X5cCert,
  flags.X5cKey,

diff --git a/command/ca/sign.go b/command/ca/sign.go
@@ -124,7 +124,7 @@ $ step ca sign foo.csr foo.crt \
  flags.Force,
  flags.Offline,
  flags.PasswordFile,
- consoleFlag,
+ flags.Console,
  flags.KMSUri,
  flags.X5cCert,
  flags.X5cKey,

diff --git a/command/oauth/cmd.go b/command/oauth/cmd.go
@@ -1,7 +1,6 @@
 package oauth
 
 import (
- "bufio"
  "bytes"
  "crypto/sha256"
  "crypto/x509"
@@ -901,11 +900,9 @@ func (o *oauth) DoDeviceAuthorization() (*token, error) {
  idr.Interval = defaultDeviceAuthzInterval
  }
 
- fmt.Fprintf(os.Stderr, "Visit %s and enter the code: (press 'ENTER' to open default browser)\n", idr.VerificationURI)
+ fmt.Fprintf(os.Stderr, "Visit %s and enter the code:\n", idr.VerificationURI)
  fmt.Fprintln(os.Stderr, idr.UserCode)
 
- go openBrowserIfAsked(o, idr.VerificationURI)
-
  // Poll the Token endpoint until the user completes the flow.
  data = url.Values{}
  data.Set("client_id", o.clientID)
@@ -939,13 +936,6 @@ func (o *oauth) DoDeviceAuthorization() (*token, error) {
  }
 }
 
-func openBrowserIfAsked(o *oauth, u string) {
- reader := bufio.NewReader(os.Stdin)
- reader.ReadString('\n')
-
- exec.OpenInBrowser(u, o.browser)
-}
-
 var errHTTPToken = errors.New("bad request; token not returned")
 
 func (o *oauth) deviceAuthzTokenPoll(data url.Values) (*token, error) {

diff --git a/command/ssh/certificate.go b/command/ssh/certificate.go
@@ -39,7 +39,7 @@ func certificateCommand() cli.Command {
 [**--password-file**=<file>] [**--provisioner-password-file**=<file>]
 [**--add-user**] [**--not-before**=<time|duration>] [**--comment**=<comment>]
 [**--not-after**=<time|duration>] [**--token**=<token>] [**--issuer**=<name>]
-[**--no-password**] [**--insecure**] [**--force**] [**--x5c-cert**=<file>]
+[**--console**] [**--no-password**] [**--insecure**] [**--force**] [**--x5c-cert**=<file>]
 [**--x5c-key**=<file>] [**--k8ssa-token-path**=<file>] [**--no-agent**]
 [**--kty**=<key-type>] [**--curve**=<curve>] [**--size**=<size>]
 [**--ca-url**=<uri>] [**--root**=<file>] [**--context**=<name>]`,
@@ -176,6 +176,7 @@ $ step ssh certificate --kty OKP --curve Ed25519 mariano@work id_ed25519
  flags.Token,
  flags.TemplateSet,
  flags.TemplateSetFile,
+ flags.Console,
  sshAddUserFlag,
  sshHostFlag,
  sshHostIDFlag,

diff --git a/command/ssh/config.go b/command/ssh/config.go
@@ -31,7 +31,7 @@ func configCommand() cli.Command {
  UsageText: `**step ssh config**
 [**--team**=<name>] [**--team-authority**=<sub-domain>] [**--host**]
 [**--set**=<key=value>] [**--set-file**=<file>] [**--dry-run**] [**--roots**]
-[**--federation**] [**--force**] [**--offline**] [**--ca-config**=<file>]
+[**--federation**] [**--console**] [**--force**] [**--offline**] [**--ca-config**=<file>]
 [**--ca-url**=<uri>] [**--root**=<file>] [**--context**=<name>]
 [**--authority**=<name>] [**--profile**=<name>]`,
  Description: `**step ssh config** configures SSH to be used with certificates. It also supports
@@ -89,6 +89,7 @@ user or host certificates`,
 times to set multiple variables.`,
  },
  flags.TemplateSetFile,
+ flags.Console,
  flags.DryRun,
  flags.Force,
  flags.CaConfig,
@@ -204,6 +205,9 @@ func configAction(ctx *cli.Context) (recoverErr error) {
  if step.Contexts().Enabled() {
  data["Context"] = step.Contexts().GetCurrent().Name
  }
+ if ctx.Bool("console") {
+ data["Console"] = "true"
+ }
  if len(sets) > 0 {
  for _, s := range sets {
  i := strings.Index(s, "=")

diff --git a/command/ssh/hosts.go b/command/ssh/hosts.go
@@ -19,7 +19,7 @@ func hostsCommand() cli.Command {
  Action: command.ActionFunc(hostsAction),
  Usage: "returns a list of all valid hosts",
  UsageText: `**step ssh hosts** [**--set**=<key=value>] [**--set-file**=<file>]
-[**--offline**] [**--ca-config**=<file>] [**--ca-url**=<uri>] [**--root**=<file>]
+[**--console**] [**--offline**] [**--ca-config**=<file>] [**--ca-url**=<uri>] [**--root**=<file>]
 [**--context**=<name>]`,
  Description: `**step ssh hosts** returns a list of valid hosts for SSH.
 
@@ -35,6 +35,7 @@ $ step ssh hosts
  Flags: []cli.Flag{
  flags.TemplateSet,
  flags.TemplateSetFile,
+ flags.Console,
  flags.Offline,
  flags.CaConfig,
  flags.CaURL,

diff --git a/command/ssh/login.go b/command/ssh/login.go
@@ -29,7 +29,7 @@ func loginCommand() cli.Command {
 [**--token**=<token>] [**--provisioner**=<name>] [**--provisioner-password-file**=<file>]
 [**--principal**=<string>] [**--not-before**=<time|duration>] [**--not-after**=<time|duration>]
 [**--kty**=<key-type>] [**--curve**=<curve>] [**--size**=<size>] [**--comment**=<comment>]
-[**--set**=<key=value>] [**--set-file**=<file>] [**--force**] [**--insecure**]
+[**--set**=<key=value>] [**--set-file**=<file>] [**--console**] [**--force**] [**--insecure**]
 [**--offline**] [**--ca-config**=<file>]
 [**--ca-url**=<uri>] [**--root**=<file>] [**--context**=<name>]`,
  Description: `**step ssh login** generates a new SSH key pair and send a request to [step
@@ -93,6 +93,7 @@ $ step ssh certificate --kty OKP --curve Ed25519 mariano@work id_ed25519
  flags.NotAfter,
  flags.TemplateSet,
  flags.TemplateSetFile,
+ flags.Console,
  flags.Force,
  flags.Offline,
  flags.CaConfig,

diff --git a/command/ssh/proxycommand.go b/command/ssh/proxycommand.go
@@ -33,7 +33,7 @@ func proxycommandCommand() cli.Command {
  Usage: "proxy ssh connections according to the host registry",
  UsageText: `**step ssh proxycommand** <user> <host> <port>
 [**--provisioner**=<name>] [**--set**=<key=value>] [**--set-file**=<file>]
-[**--offline**] [**--ca-config**=<file>]
+[**--console**] [**--offline**] [**--ca-config**=<file>]
 [**--ca-url**=<uri>] [**--root**=<file>] [**--context**=<name>]`,
  Description: `**step ssh proxycommand** looks into the host registry
 and proxies the ssh connection according to its configuration. This command
@@ -56,6 +56,7 @@ This command will add the user to the ssh-agent if necessary.
  flags.ProvisionerPasswordFileWithAlias,
  flags.TemplateSet,
  flags.TemplateSetFile,
+ flags.Console,
  flags.Offline,
  flags.CaConfig,
  flags.CaURL,

diff --git a/flags/flags.go b/flags/flags.go
@@ -467,6 +467,11 @@ flag exists so it can be configured in $STEPPATH/config/defaults.json.`,
  Name: "comment",
  Usage: "The comment used when adding the certificate to an agent. Defaults to the subject if not provided.",
  }
+
+ Console = cli.BoolFlag{
+ Name: "console",
+ Usage: `Complete the flow while remaining inside the terminal.`,
+ }
 )
 
 // FingerprintFormatFlag returns a flag for configuring the fingerprint format.