cnbugs
/
network-topology-discovery


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202
							package sshclient

import (
	"bytes"
	"fmt"
	"net"
	"os"
	"time"

	"golang.org/x/crypto/ssh"
)

// Client SSH客户端
type Client struct {
	client          *ssh.Client
	timeout         time.Duration
	host            string
	port            int
	username        string
	password        string
	keyFile         string
	insecureCiphers bool
}

// Config SSH客户端配置
type Config struct {
	Host            string
	Port            int
	Username        string
	Password        string
	KeyFile         string
	Timeout         time.Duration
	InsecureCiphers bool // 启用不安全的加密算法(用于兼容老旧设备)
}

// NewClient 创建新的SSH客户端
func NewClient(config Config) *Client {
	if config.Port == 0 {
		config.Port = 22
	}
	if config.Timeout == 0 {
		config.Timeout = 30 * time.Second
	}
	return &Client{
		host:            config.Host,
		port:            config.Port,
		username:        config.Username,
		password:        config.Password,
		keyFile:         config.KeyFile,
		timeout:         config.Timeout,
		insecureCiphers: config.InsecureCiphers,
	}
}

// Connect 连接到SSH服务器
func (c *Client) Connect() error {
	config := &ssh.ClientConfig{
		User:            c.username,
		Auth:            []ssh.AuthMethod{},
		HostKeyCallback: ssh.InsecureIgnoreHostKey(),
		Timeout:         c.timeout,
	}

	// 添加密码认证
	if c.password != "" {
		config.Auth = append(config.Auth, ssh.Password(c.password))
	}

	// 添加密钥认证
	if c.keyFile != "" {
		key, err := loadPrivateKey(c.keyFile)
		if err != nil {
			return fmt.Errorf("failed to load private key: %w", err)
		}
		config.Auth = append(config.Auth, ssh.PublicKeys(key))
	}

	// 如果启用不安全加密算法,添加旧版算法支持(用于兼容老旧设备)
	if c.insecureCiphers {
		config.Ciphers = []string{
			"aes128-ctr", "aes192-ctr", "aes256-ctr",
			"aes128-gcm@openssh.com", "aes256-gcm@openssh.com",
			"chacha20-poly1305@openssh.com",
			"aes128-cbc", "aes256-cbc", // 旧版CBC算法
		}
		config.KeyExchanges = []string{
			"curve25519-sha256", "curve25519-sha256@libssh.org",
			"ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521",
			"diffie-hellman-group14-sha256", "diffie-hellman-group16-sha512",
			"diffie-hellman-group14-sha1", "diffie-hellman-group1-sha1", // 旧版KEX算法
		}
		config.MACs = []string{
			"hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com",
			"hmac-sha2-256", "hmac-sha2-512",
			"hmac-sha1", "hmac-sha1-96", // 旧版MAC算法
		}
	}

	// 连接
	addr := fmt.Sprintf("%s:%d", c.host, c.port)
	client, err := ssh.Dial("tcp", addr, config)
	if err != nil {
		return fmt.Errorf("failed to connect to %s: %w", addr, err)
	}

	c.client = client
	return nil
}

// Close 关闭SSH连接
func (c *Client) Close() error {
	if c.client != nil {
		return c.client.Close()
	}
	return nil
}

// ExecuteCommand 执行命令并返回输出（每个命令使用新会话）
func (c *Client) ExecuteCommand(command string) (string, error) {
	if c.client == nil {
		return "", fmt.Errorf("not connected")
	}

	// 创建新会话
	session, err := c.client.NewSession()
	if err != nil {
		return "", fmt.Errorf("failed to create session: %w", err)
	}
	defer session.Close()

	var stdoutBuf bytes.Buffer
	session.Stdout = &stdoutBuf
	session.Stderr = &stdoutBuf

	err = session.Run(command)
	if err != nil {
		return stdoutBuf.String(), fmt.Errorf("command '%s' failed: %w", command, err)
	}

	return stdoutBuf.String(), nil
}

// ExecuteCommands 执行多个命令
func (c *Client) ExecuteCommands(commands []string) ([]string, error) {
	results := make([]string, 0, len(commands))
	for _, cmd := range commands {
		result, err := c.ExecuteCommand(cmd)
		if err != nil {
			return results, fmt.Errorf("failed to execute command '%s': %w", cmd, err)
		}
		results = append(results, result)
	}
	return results, nil
}

// CheckSSH 检查主机是否开启SSH
func CheckSSH(host string, port int, timeout time.Duration) bool {
	if port == 0 {
		port = 22
	}
	if timeout == 0 {
		timeout = 2 * time.Second
	}

	addr := fmt.Sprintf("%s:%d", host, port)
	conn, err := net.DialTimeout("tcp", addr, timeout)
	if err != nil {
		return false
	}
	defer conn.Close()
	return true
}

// loadPrivateKey 加载私钥文件
func loadPrivateKey(keyFile string) (ssh.Signer, error) {
	keyData, err := os.ReadFile(keyFile)
	if err != nil {
		return nil, fmt.Errorf("failed to read key file: %w", err)
	}

	signer, err := ssh.ParsePrivateKey(keyData)
	if err != nil {
		return nil, fmt.Errorf("failed to parse private key: %w", err)
	}

	return signer, nil
}

// Ping 检查主机是否可达 (使用ICMP)
func Ping(host string, timeout time.Duration) bool {
	// 简单的TCP ping,实际项目可以使用专门的ICMP库
	ports := []int{22, 80, 443, 3389}
	for _, port := range ports {
		addr := fmt.Sprintf("%s:%d", host, port)
		conn, err := net.DialTimeout("tcp", addr, timeout)
		if err == nil {
			conn.Close()
			return true
		}
	}
	return false
}