func InitFromSecret()

in pkg/sshd/ssh.go [60:119]

• 50 lines of code
• 13 McCabe index (conditional complexity)

func InitFromSecret(sshCM map[string][]byte, ns string) {

	var signer gossh.Signer
	var r string

	sshCA := sshCM["SSHCA_ADDR"]

	var authKeys []gossh.PublicKey
	for k, v := range sshCM {
		if strings.HasPrefix(k, "authorized_key_") {
			pubk1, _, _, _, err := gossh.ParseAuthorizedKey(v)
			if err != nil {
				log.Println("SSH_DEBUG: invalid ", k, err)
			} else {
				authKeys = append(authKeys, pubk1)
				log.Println("Adding authorized key", k, string(v))
			}
		}
	}

	extra := os.Getenv("SSH_AUTH")
	if extra != "" {
		pubk1, _, _, _, err := gossh.ParseAuthorizedKey([]byte(extra))
		if err != nil {
			log.Println("SSH_DEBUG: invalid SSH_AUTH", err)
		} else {
			authKeys = append(authKeys, pubk1)
		}
	}

	if len(authKeys) == 0 && sshCA == nil {
		// No debug config, skip creating SSHD
		return
	}

	// load private key and cert from secret, if present
	ek := sshCM["id_ecdsa"]
	if ek != nil {
		pk, err := gossh.ParsePrivateKey(ek)
		if err != nil {
			log.Println("Failed to parse key ", err)
		}
		signer = pk
	}
	if signer == nil {
		privk1, _ := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
		signer, _ = gossh.NewSignerFromKey(privk1)
	}

	ssht, err := NewSSHTransport(signer, "", ns, r)
	if err != nil {
		log.Println("SSH debug init failed", err)
		return
	}
	if len(authKeys) != 0 {
		ssht.AddAuthorizedKeys(authKeys)
	}
	go ssht.Start()

}