cloud: use unique SSH keys per VM (#340)

When the gateway creates a new VM for a user, it also generates an
ed25519 key pair that the client can use to login. This change updates
the client to save the key pair in `~/.config/devbox/ssh/keys` and
configures SSH to use it when connecting to the VM.

- Consolidate `cloud/sshclient` and `cloud/openssh` into `cloud/openssh`
to make it clearer that they manipulate the OpenSSH command.
- Remove `openssh.Client.Port` and instead parse the port from the
hostname. This allows the port to be overridden via `DEVBOX_GATEWAY`.
- Add `openssh.AddVMKey(host, key)` that adds a new key to
`~/.config/devbox/ssh/keys`.
- Atomically edit `~/.ssh/config` and `~/.config/devbox/ssh/*` files so
that partial edits don't break the user's SSH.
- Add a bunch of tests that check that the client correctly modifies the
user's `~/.ssh/config` and `~/.config/devbox` files.
- Misc. bug fixes related to SSH configs:
	- Quote paths in ~/.ssh/config to handle paths with spaces.
- Make the devbox include regex case-insensitive and detect when the
include is commented out.
	- Set recommended permissions on the various SSH directories and files.

Author: gcurtis

cloud/cloud.go

@@ -5,24 +5,27 @@ package cloud
 
 import (
 	"encoding/json"
+	"errors"
 	"fmt"
 	"log"
 	"os"
+	"os/exec"
 	"path/filepath"
 	"strings"
 	"time"
 
 	"github.com/AlecAivazis/survey/v2"
 	"github.com/fatih/color"
 	"go.jetpack.io/devbox/cloud/mutagen"
-	"go.jetpack.io/devbox/cloud/sshclient"
-	"go.jetpack.io/devbox/cloud/sshconfig"
+	"go.jetpack.io/devbox/cloud/openssh"
 	"go.jetpack.io/devbox/cloud/stepper"
 	"go.jetpack.io/devbox/debug"
 )
 
 func Shell(configDir string) error {
-	setupSSHConfig()
+	if err := openssh.SetupDevbox(); err != nil {
+		return err
+	}
 
 	c := color.New(color.FgMagenta).Add(color.Bold)
 	c.Println("Devbox Cloud")
@@ -58,12 +61,6 @@ func Shell(configDir string) error {
 	return shell(username, vmHostname, configDir)
 }
 
-func setupSSHConfig() {
-	if err := sshconfig.Setup(); err != nil {
-		log.Fatal(err)
-	}
-}
-
 func promptUsername() string {
 	username := ""
 	prompt := &survey.Input{
@@ -77,33 +74,49 @@ func promptUsername() string {
 	return username
 }
 
-type authResponse struct {
-	VMHostname string `json:"vm_host"`
+type vm struct {
+	JumpHost     string `json:"jump_host"`
+	JumpHostPort int    `json:"jump_host_port"`
+	VMHost       string `json:"vm_host"`
+	VMHostPort   int    `json:"vm_host_port"`
+	VMRegion     string `json:"vm_region"`
+	VMPublicKey  string `json:"vm_public_key"`
+	VMPrivateKey string `json:"vm_private_key"`
 }
 
 func getVirtualMachine(username string) string {
+	client := openssh.Client{
+		Username: username,
+		Hostname: "gateway.devbox.sh",
+	}
+
 	// When developing we can use this env variable to point
 	// to a different gateway
-	hostname := os.Getenv("DEVBOX_GATEWAY")
-	if hostname == "" {
-		hostname = "gateway.devbox.sh"
-	}
-	client := sshclient.Client{
-		Username: username,
-		Hostname: hostname,
+	if envGateway := os.Getenv("DEVBOX_GATEWAY"); envGateway != "" {
+		client.Hostname = envGateway
 	}
 	bytes, err := client.Exec("auth")
 	if err != nil {
-		log.Fatal(err)
+		log.Println(err)
+		var exitErr *exec.ExitError
+		if errors.As(err, &exitErr) {
+			log.Printf("ssh %s stderr:\n%s", client.Hostname, string(exitErr.Stderr))
+		}
+		os.Exit(1)
 	}
-	debug.Log("gateway.devbox.sh auth response: %s", string(bytes))
-	resp := &authResponse{}
+	debug.Log("ssh %s stdout:\n%s", client.Hostname, string(bytes))
+	resp := &vm{}
 	err = json.Unmarshal(bytes, resp)
 	if err != nil {
 		log.Fatal(err)
 	}
-
-	return resp.VMHostname
+	if resp.VMPrivateKey != "" {
+		err := openssh.AddVMKey(resp.VMHost, resp.VMPrivateKey)
+		if err != nil {
+			log.Fatal(err)
+		}
+	}
+	return resp.VMHost
 }
 
 func syncFiles(username, hostname, configDir string) error {
@@ -135,7 +148,7 @@ func syncFiles(username, hostname, configDir string) error {
 }
 
 func shell(username, hostname, configDir string) error {
-	client := &sshclient.Client{
+	client := &openssh.Client{
 		Username:       username,
 		Hostname:       hostname,
 		ProjectDirName: projectDirName(configDir),

cloud/sshclient/sshclient.go renamed to cloud/openssh/client.go

@@ -1,8 +1,11 @@
-package sshclient
+// Copyright 2022 Jetpack Technologies Inc and contributors. All rights reserved.
+// Use of this source code is governed by the license in the LICENSE file.
+
+package openssh
 
 import (
-	"errors"
 	"fmt"
+	"net"
 	"os"
 	"os/exec"
 	"strconv"
@@ -13,7 +16,6 @@ import (
 type Client struct {
 	Username       string
 	Hostname       string
-	Port           int
 	ProjectDirName string
 }
 
@@ -33,30 +35,36 @@ func (c *Client) Shell() error {
 
 func (c *Client) Exec(remoteCmd string) ([]byte, error) {
 	sshCmd := c.cmd()
-
 	sshCmd.Args = append(sshCmd.Args, remoteCmd)
-	bytes, err := sshCmd.Output()
-	var exerr *exec.ExitError
-	if errors.As(err, &exerr) {
-		// Ignore exit code errors and just return the output
-		return bytes, nil
-	}
-	return bytes, err
+	debug.Log("cmd/exec: %s", sshCmd)
+	return sshCmd.Output()
 }
 
 func (c *Client) cmd(sshArgs ...string) *exec.Cmd {
-
+	host, port := c.hostPort()
 	cmd := exec.Command("ssh", sshArgs...)
-	cmd.Args = append(cmd.Args, destination(c.Username, c.Hostname))
+	cmd.Args = append(cmd.Args, destination(c.Username, host))
 
 	// Add any necessary flags:
-	if c.Port != 0 {
-		cmd.Args = append(cmd.Args, "-p", strconv.Itoa(c.Port))
+	if port != 0 && port != 22 {
+		cmd.Args = append(cmd.Args, "-p", strconv.Itoa(port))
 	}
 
 	return cmd
 }
 
+func (c *Client) hostPort() (host string, port int) {
+	host, portStr, err := net.SplitHostPort(c.Hostname)
+	if err != nil {
+		return c.Hostname, 22
+	}
+	port, err = net.LookupPort("tcp", portStr)
+	if err != nil {
+		return host, 22
+	}
+	return host, port
+}
+
 func destination(username, hostname string) string {
 	result := hostname
 	if username != "" {