Initial OSS check-in

LICENSE

@@ -1,21 +1,21 @@
 BSD 3-Clause License
 
-Copyright (c) 2019, Security Sauce
+Copyright (c) 2019, NVIDIA Corporation
 All rights reserved.
 
 Redistribution and use in source and binary forms, with or without
 modification, are permitted provided that the following conditions are met:
 
-1. Redistributions of source code must retain the above copyright notice, this
-   list of conditions and the following disclaimer.
+* Redistributions of source code must retain the above copyright notice, this
+  list of conditions and the following disclaimer.
 
-2. Redistributions in binary form must reproduce the above copyright notice,
-   this list of conditions and the following disclaimer in the documentation
-   and/or other materials provided with the distribution.
+* Redistributions in binary form must reproduce the above copyright notice,
+  this list of conditions and the following disclaimer in the documentation
+  and/or other materials provided with the distribution.
 
-3. Neither the name of the copyright holder nor the names of its
-   contributors may be used to endorse or promote products derived from
-   this software without specific prior written permission.
+* Neither the name of the copyright holder nor the names of its
+  contributors may be used to endorse or promote products derived from
+  this software without specific prior written permission.
 
 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
 AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
@@ -27,3 +27,4 @@ SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
 CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
 OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+

Makefile

@@ -0,0 +1,34 @@
+# Copyright (c) 2019, NVIDIA CORPORATION. All rights reserved.
+# Copyrights licensed under the BSD 3-Clause License. See the
+# accompanying LICENSE.txt file for terms.
+
+.PHONY: all build test release clean
+SHELL := /bin/bash
+
+VERSION := 1.0.0
+DATE := $(shell date +"%Y-%m-%d")
+ARCH := $(shell go version | awk '{print $$4}' | tr '/' '-')
+
+LDFLAGS=-ldflags "-w -X main.releaseDate=$(DATE) -X main.versionNumber=$(VERSION)"
+
+build:
+	go fmt
+	go build -o zcretshare $(LDFLAGS) zcretshare.go
+
+test:
+	go test
+
+release:
+	tar zcvf bin/zcretshare-$(VERSION)-$(ARCH).tgz zcretshare
+
+all: build test release
+
+install:
+	tar -C /usr/local/bin -xzf bin/zcretshare-$(VERSION)-$(ARCH).tgz
+
+uninstall:
+	rm /usr/local/bin/zcretshare
+
+clean:
+	rm ./zcretshare
+	rm ./zcretshare_test

README.md

@@ -1,2 +1,215 @@
 # zcretshare
+
 A command-line tool to share secret/key materials between two (or more) users using SSH keys
+
+`zcretshare` provides a reasonably secure mechanism to share secrets with your co-workers. As an engineer your often would have
+enountered situations where you need to share key materials (secrets, key files, license keys etc.) with your co-workers.
+The common, but **insecure** practice is to share it over IM/chat channel or email. Sharing secrets through these 
+communication channels expose those secrets to their servers in unencrypted form. This poses a significant security risk
+to the company. Though GPG encryption is the recommended practice, it is not widely used because: (a) not many engineers have
+their GPG keys handy with them or published, (b) poor usability - difficulty for the users to learn and use.
+
+### `zcretshare` features:
+* Setup a secure tunnel between workstations and share secrets over it
+* Use your existing SSH setup and keys; no need to create or manage other kinds of keys
+* Usable security: Intuitive to use. Simple send and receive commands
+* Stream the secret over secure tunnel; no need to encrypt store and forward data - common with GPG encryption and similar tools. Since PGP encrypted data are typically sent over email, multiple copies of encrypted data end up in third-party mail servers.
+* Perfect Forward Secrecy
+
+Cons:
+* Both sender and receiver have to be online to make this work
+* Depends on third party to authenticate peer's public key - hence more suitable in trusted environments, for instance, your organiation/employer can acts as a trusted third party between sender and receiver (e.g. use corporate authentication enabled source repo to distribute public keys).
+* Not suitable for sharing files larger than 200KB (may increace the limit later)
+
+### Scenarios
+
+1. If both users are in same (reachable) network, they may exchange secrets directly as follows:
+<p align="center">
+  <img src="docs/zcretshare.png" width="50%" height="80%">
+</p>
+
+2. If the receiver can reach sender but not the otherway. For example, the receiver would be inside a firewall'd network or using non-routable/private IP, hence not directly reachable by sender.
+<p align="center">
+  <img src="docs/zcretshare-rev.png" width="50%" height="80%">
+</p>
+
+3. If the sender cannot reach receiver's workstation directly, he/she may use a proxy host (e.g. AWS EC2 instance or a DC host) as follows:
+<p align="center">
+  <img src="docs/zcretshare-proxy.png" width="70%" height="80%">
+</p>
+
+In the above case, both users should have SSH access to the proxy host.
+
+### Why SSH keys?
+* Most engineers are familiar with SSH and its usage.
+* If you are an engineer, you likely have SSH keys to login to remote machines as part of your job - means you can use the same keys, no need to manage additional keys.
+* No additional software required for proxy server. It just works with stock OpenSSH daemon.
+
+### Why not TLS & X509 certificates?
+* Unlike SSH keys, X.509 user certificates are not widely used. It also requires integration with PKI infrastrcture (or use self-signed certificates).
+* The burden of managing yet another rarely used keys.
+* For proxy use-case, you need to run a TLS proxy server, and even that requires TLS certificates.
+
+### Sharing public keys
+The easiest way to exchange public keys between users is to use out-of-band channels - for example, Slack channel or over email, GitHub (personal repo) etc.
+
+## Installation
+
+Supported OS:
+* MacOS
+* Linux(Ubuntu)
+* Windows
+
+### Build from source
+
+*Build Pre-requisites :*
+
+[GoLang](https://golang.org/dl/)
+
+Set the `GOPATH` and then  try the following command:
+
+```bash
+go get github.com/prbinu/zcretshare
+```
+
+A `Makefile` is also included. It supports build, test, release, install and uninstall options.
+
+## Usage
+
+**zcretshare receive**
+```bash
+% zcretshare receive -h
+Usage: zcretshare receive [-h] [options]
+
+  -cacert string
+    	x509 CA certificate bundle file; used for -receiver-pubkey HTTPS URL certificate validation. (default: use system CA bunde)
+  -connect string
+    	Target host to connect; format: host:port (not required if you use -proxy)
+  -dangerous-forever
+    	do not exit after processing first request, instead run for ever (not recommended)
+  -dangerous-stdout
+    	Output secrets to stdout (warning: your secret may get exposed; not recommended)
+  -dir string
+    	Output file save directory (default "~/.zcretshare")
+  -key string
+    	SSH private key file to authenticate the receiver (mandatory field) (default "~/.ssh/id_rsa")
+  -listen string
+    	Listen on host:port; format: [host]:port (not required if you use -proxy)
+  -overwrite
+    	Overwrites the output file if the file already exists
+  -proxy string
+    	Intermediate SSH server to connect; format: ssh://user@host[:port]] (not required if you use -listen)
+  -proxy-host-pubkey string
+    	Proxy host public key file (default "~/.ssh/known_hosts")
+  -proxy-key string
+    	SSH private key file for proxy authentication (default: use ssh-agent if configured)
+  -quiet
+    	supress all info messages on stdout
+  -rf-port string
+    	Proxy SSH RemoteForward port, used with -proxy option (default "15432")
+  -sender-pubkey string
+    	Sender\'s SSH public key file  - local filename or an HTTPS URL
+
+  Valid options for -proxy:
+	-key -sender-pubkey -proxy-key -proxy-host-pubkey -rf-port -overwrite -dir -dangerous-stdout -dangerous-forever -cacert -quiet
+  Valid options for -listen:
+	-key -receiver-pubkey -overwrite -dir -dangerous-stdout -dangerous-forever -cacert -quiet
+  Valid options for -connect:
+	-key -receiver-pubkey -overwrite -dir -dangerous-stdout -cacert -quiet
+
+Examples:
+	zcretshare receive -listen <your-host-ip>:<15432> -key ~/.ssh/recv_id_rsa  -sender-pubkey ~/.ssh/sender_id_rsa.pub
+
+	zcretshare receive -proxy ssh://<user>@<proxy-ssh-server>:<22> -key ~/.ssh/recv_id_rsa -sender-pubkey https://example.com/sender/id_rsa.pub -dir /tmp
+
+	zcretshare receive -proxy ssh://<user>@<proxy-ssh-server>:<22> -key ~/.ssh/recv_id_rsa -proxy-key ~/.ssh/id_rsa_proxy -sender-pubkey ~/.ssh/sender_id_rsa.pub -dir /tmp
+
+	zcretshare receive -connect ssh://<receiver-host>:<15432> -key recv_id_rsa -sender-pubkey sender_id_rsa.pub -overwrite -dir /tmp
+
+```
+
+**zcretshare send**
+```bash
+% zcretshare send -h
+Usage: zcretshare send [-h] [options]
+
+  -cacert string
+    	X.509 CA certificate bundle file; used for -receiver-pubkey HTTPS URL certificate validation. (default: use system CA bunde)
+  -connect string
+    	Target host to connect; format: host:port (not required if you use -proxy)
+  -dangerous-forever
+    	Skip exiting after first request, instead run for ever (not recommended)
+  -in-file string
+    	Secret file to share with the remote party
+  -key string
+    	SSH private key file for authentication (default: use ssh-agent if configured)
+  -listen string
+    	Listen on host:port; format: [host]:port (not required if you use -proxy)
+  -proxy string
+    	Intermediate SSH server to connect; format: ssh://user@host[:port] (not required if you use -connect)
+  -proxy-host-pubkey string
+    	Proxy host public key file (default "~/.ssh/known_hosts")
+  -proxy-key string
+    	SSH private key file for proxy authentication (default: use ssh-agent if configured)
+  -quiet
+    	Supress all info messages on stdout
+  -receiver-pubkey string
+    	Receiver\'s SSH public key/cert - local filename or an HTTPS URL
+  -rf-port string
+    	Proxy SSH RemoteForward port, used with -proxy option (default "15432")
+
+  Valid options for -proxy:
+	-key -receiver-pubkey -proxy-key -proxy-host-pubkey -rf-proxy -in-file -cacert -quiet
+  Valid options for -connect:
+	-key -receiver-pubkey -in-file -cacert -quiet
+  Valid options for -listen:
+	-key -receiver-pubkey -in-file -dangerous-forever -cacert -quiet
+
+Examples:
+	zcretshare send -connect ssh://<receiver-host>:<15432> -key ~/.ssh/id_rsa -in-file ~/secret-file.txt -receiver-pubkey ~/.ssh/recv_id_rsa.pub
+
+	zcretshare send -proxy ssh://<user>@<proxy-ssh-server>:<22> -key ~/.ssh/id_rsa -in-file ~/secret-file.txt -receiver-pubkey https://example.com/receiver/id_rsa.pub
+
+	zcretshare send -proxy ssh://<user>@<proxy-ssh-server>:<22> -proxy-key ~/.ssh/id_rsa_proxy -in-file ~/secret-file.txt -receiver-pubkey ~/.ssh/recv_id_rsa.pub
+
+	zcretshare send -listen 0:<15432> -key sender_id_rsa -receiver-pubkey recv_id_rsa.pub -in-file super-secret.txt
+```
+
+### Demo
+
+**Receiver**
+
+```bash
+% zcretshare receive -listen 127.0.0.1:15432 -key test/id_rsa_test  -sender-pubkey test/id_rsa_test.pub -overwrite  -dir /tmp
+  /\_/\
+ ( o.o )  SECRET SHARE PROGRAM
+  > ^ <   --------------------
+Authorized sender(s) key fingerprint (from test/id_rsa_test.pub):
+  SHA256:JuUpVhauR02fYEKLbhITm2T+afZolfQvwxSsX4VdurE
+
+
+Listening on 127.0.0.1:15432
+
+New connection: sender: secret-shell-user	 sender-addr: 127.0.0.1:56381	 key fingerprint:
+  SHA256:JuUpVhauR02fYEKLbhITm2T+afZolfQvwxSsX4VdurE
+Time: 2019-02-26 11:09:52.486911 -0800 PST
+Secret content saved to: /tmp/super-secret-test
+Content fingerprint: SHA256:6pqtydvHHizpAWD+Bs83V7NZ/txqkMmwRj6c8xalIPw=
+```
+
+**Sender**
+```bash
+% zcretshare send -connect ssh://127.0.0.1:15432 -key test/id_rsa_test  -receiver-pubkey test/id_rsa_test.pub  -in-file test/super-secret-test
+  /\_/\
+ ( o.o )  SECRET SHARE PROGRAM
+  > ^ <   --------------------
+Receiver key fingerprint: SHA256:JuUpVhauR02fYEKLbhITm2T+afZolfQvwxSsX4VdurE
+Connected to: 127.0.0.1:15432
+Content fingerprint: SHA256:6pqtydvHHizpAWD+Bs83V7NZ/txqkMmwRj6c8xalIPw=
+Secret file: test/super-secret-test
+Transfer complete!
+```
+
+**NOTE** 
+Only public-key based authentication is supported. Proxies configured to accept `passwords` or `keyboard-interactive` may not work.
+ 

test/id_ecdsa_rsa_test.pub

@@ -0,0 +1,2 @@
+ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBH1c8dfXc6XS6uy7PE7uNLFSoVr/HpnhPAZFtcfQgi+EjG11M/z9r5tNBMHvbzOHSLg0gSj4Mw4X9dpYDVA+WNQ= [email protected]
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCzoRbcpt7WZlXl1ZK4Gnt38tkKT7+L/ixOiUJtCyxtc+cpXDxmZsoGpbHVSYU1zxqJG8c/z1IZWy8AHBYj5xo65sIj+JX9a7lozV4kUGuPGMZPtoDWYHpJMj/sQ3uaE78rEMcFIqfLOBpGLh4ZfpA0jxvyhmaIURom/wtKopJ3vL0qPjGU729B84SVsKZtcP+bhXLB6zCrBWKCee6TnF2IMz2rd0q8DaDTsa0/xo893+u/delAy6QeSp7fai8rt74igoa9tmiTzyMpVW/we7fP3be++IfSLmufpux6U1rWb9iApWmQuPSJ0P9iLNwfYwjLtrjG7Urt7UaptPDedenP zcretshare-test@localhost

test/id_ecdsa_test

@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIEDai1AY/enilM75lO5SD1ZL7fy1c/WNv76sEYyn+41UoAoGCCqGSM49
+AwEHoUQDQgAEfVzx19dzpdLq7Ls8Tu40sVKhWv8emeE8BkW1x9CCL4SMbXUz/P2v
+m00Ewe9vM4dIuDSBKPgzDhf12lgNUD5Y1A==
+-----END EC PRIVATE KEY-----

test/id_ecdsa_test.pub

@@ -0,0 +1 @@
+ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBH1c8dfXc6XS6uy7PE7uNLFSoVr/HpnhPAZFtcfQgi+EjG11M/z9r5tNBMHvbzOHSLg0gSj4Mw4X9dpYDVA+WNQ= [email protected]

test/id_rsa_test

@@ -0,0 +1,27 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABFwAAAAdzc2gtcn
+NhAAAAAwEAAQAAAQEAs6EW3Kbe1mZV5dWSuBp7d/LZCk+/i/4sTolCbQssbXPnKVw8ZmbK
+BqWx1UmFNc8aiRvHP89SGVsvABwWI+caOubCI/iV/Wu5aM1eJFBrjxjGT7aA1mB6STI/7E
+N7mhO/KxDHBSKnyzgaRi4eGX6QNI8b8oZmiFEaJv8LSqKSd7y9Kj4xlO9vQfOElbCmbXD/
+m4VyweswqwVignnuk5xdiDM9q3dKvA2g07GtP8aPPd/rv3XpQMukHkqe32ovK7e+IoKGvb
+Zok88jKVVv8Hu3z923vviH0i5rn6bselNa1m/YgKVpkLj0idD/YizcH2MIy7a4xu1K7e1G
+qbTw3nXpzwAAA9ADdJVSA3SVUgAAAAdzc2gtcnNhAAABAQCzoRbcpt7WZlXl1ZK4Gnt38t
+kKT7+L/ixOiUJtCyxtc+cpXDxmZsoGpbHVSYU1zxqJG8c/z1IZWy8AHBYj5xo65sIj+JX9
+a7lozV4kUGuPGMZPtoDWYHpJMj/sQ3uaE78rEMcFIqfLOBpGLh4ZfpA0jxvyhmaIURom/w
+tKopJ3vL0qPjGU729B84SVsKZtcP+bhXLB6zCrBWKCee6TnF2IMz2rd0q8DaDTsa0/xo89
+3+u/delAy6QeSp7fai8rt74igoa9tmiTzyMpVW/we7fP3be++IfSLmufpux6U1rWb9iApW
+mQuPSJ0P9iLNwfYwjLtrjG7Urt7UaptPDedenPAAAAAwEAAQAAAQBIXWM6bTdkpEGCn/HF
+nVWUUw9A6jO+kB0FXqKWD2RMi97aeMAUeOB2oRXtWPsDXHXSOpCgkkL+2A8tOiNpP1b/16
+rqluDGATnmkKWWd5d9RHvP7TQmKSPajRXXdrA6uC3RiabD2NxEMEvVbgrONoCdy/F0WNTB
+ofqpLyI7ZRcgiQnTTpmW9hpNq2vz6WP7+i+yDMcHwy6+C4wa14oUIeFGRyB86FwGUSDq2r
+vZoUcCkE+sBLvXFiJqsyLM8WG39VoRp33Ti83DPIEKzcLop3pXu/EQH1OZmhL7f2w74Wm/
+tCFN+nOJ29qcbiF6NVWdblQWZvDtqt72Fq4KHpntVw6BAAAAgQCUcAKnA/BM8yscm6V+0j
+8l3twauVpd8iUX7yFw8cx/FKu3AXJpEYKRbg8kuRbZO742nBNmkgBDcW4KDBulsU2bzsom
+VBEgHp3TG60tCnrTSarzi3XDsxQ61a573oOmRbQGxNrxEXY+9q/zW/Qzxf/+CS1w1H5l1y
+Kr1M9SI1tqOwAAAIEA2skkXEEapYFulGjagdtHhKR0pG2gTvdmOXMPnXSluZTeJHoryjhv
+e18iYqj0piT3Li6O5HZ7lxKcYSHFgrqrJ1sVkv/g9zyRXMx2d9FnrpHRaKlSRGo6yFNApV
+GRufc/+b9rOO3Vw7GvBcGN2RtcYSU3pdmCsJfiEr/G2fxHLy8AAACBANIu6LkOuCwEEOC+
+xW10N+lYQZFLwfw8797ScuYY2u8xF/JPcSc0iyE1Yef5kytww3w6xsowH5gP6Zs7K0A87m
+UHDnofDULO4+hOanFR/8fbzZYAkOo2CeUP/PDPsK7XzLTnoHN/nlLWJcHt0I+uaKZTGUoS
+3X9GORWJlP/7SUdhAAAAGXpjcmV0c2hhcmUtdGVzdEBsb2NhbGhvc3QB
+-----END OPENSSH PRIVATE KEY-----

test/id_rsa_test.pub

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCzoRbcpt7WZlXl1ZK4Gnt38tkKT7+L/ixOiUJtCyxtc+cpXDxmZsoGpbHVSYU1zxqJG8c/z1IZWy8AHBYj5xo65sIj+JX9a7lozV4kUGuPGMZPtoDWYHpJMj/sQ3uaE78rEMcFIqfLOBpGLh4ZfpA0jxvyhmaIURom/wtKopJ3vL0qPjGU729B84SVsKZtcP+bhXLB6zCrBWKCee6TnF2IMz2rd0q8DaDTsa0/xo893+u/delAy6QeSp7fai8rt74igoa9tmiTzyMpVW/we7fP3be++IfSLmufpux6U1rWb9iApWmQuPSJ0P9iLNwfYwjLtrjG7Urt7UaptPDedenP zcretshare-test@localhost

test/super-secret-test

@@ -0,0 +1,27 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABFwAAAAdzc2gtcn
+NhAAAAAwEAAQAAAQEAs6EW3Kbe1mZV5dWSuBp7d/LZCk+/i/4sTolCbQssbXPnKVw8ZmbK
+BqWx1UmFNc8aiRvHP89SGVsvABwWI+caOubCI/iV/Wu5aM1eJFBrjxjGT7aA1mB6STI/7E
+N7mhO/KxDHBSKnyzgaRi4eGX6QNI8b8oZmiFEaJv8LSqKSd7y9Kj4xlO9vQfOElbCmbXD/
+m4VyweswqwVignnuk5xdiDM9q3dKvA2g07GtP8aPPd/rv3XpQMukHkqe32ovK7e+IoKGvb
+Zok88jKVVv8Hu3z923vviH0i5rn6bselNa1m/YgKVpkLj0idD/YizcH2MIy7a4xu1K7e1G
+qbTw3nXpzwAAA9ADdJVSA3SVUgAAAAdzc2gtcnNhAAABAQCzoRbcpt7WZlXl1ZK4Gnt38t
+kKT7+L/ixOiUJtCyxtc+cpXDxmZsoGpbHVSYU1zxqJG8c/z1IZWy8AHBYj5xo65sIj+JX9
+a7lozV4kUGuPGMZPtoDWYHpJMj/sQ3uaE78rEMcFIqfLOBpGLh4ZfpA0jxvyhmaIURom/w
+tKopJ3vL0qPjGU729B84SVsKZtcP+bhXLB6zCrBWKCee6TnF2IMz2rd0q8DaDTsa0/xo89
+3+u/delAy6QeSp7fai8rt74igoa9tmiTzyMpVW/we7fP3be++IfSLmufpux6U1rWb9iApW
+mQuPSJ0P9iLNwfYwjLtrjG7Urt7UaptPDedenPAAAAAwEAAQAAAQBIXWM6bTdkpEGCn/HF
+nVWUUw9A6jO+kB0FXqKWD2RMi97aeMAUeOB2oRXtWPsDXHXSOpCgkkL+2A8tOiNpP1b/16
+rqluDGATnmkKWWd5d9RHvP7TQmKSPajRXXdrA6uC3RiabD2NxEMEvVbgrONoCdy/F0WNTB
+ofqpLyI7ZRcgiQnTTpmW9hpNq2vz6WP7+i+yDMcHwy6+C4wa14oUIeFGRyB86FwGUSDq2r
+vZoUcCkE+sBLvXFiJqsyLM8WG39VoRp33Ti83DPIEKzcLop3pXu/EQH1OZmhL7f2w74Wm/
+tCFN+nOJ29qcbiF6NVWdblQWZvDtqt72Fq4KHpntVw6BAAAAgQCUcAKnA/BM8yscm6V+0j
+8l3twauVpd8iUX7yFw8cx/FKu3AXJpEYKRbg8kuRbZO742nBNmkgBDcW4KDBulsU2bzsom
+VBEgHp3TG60tCnrTSarzi3XDsxQ61a573oOmRbQGxNrxEXY+9q/zW/Qzxf/+CS1w1H5l1y
+Kr1M9SI1tqOwAAAIEA2skkXEEapYFulGjagdtHhKR0pG2gTvdmOXMPnXSluZTeJHoryjhv
+e18iYqj0piT3Li6O5HZ7lxKcYSHFgrqrJ1sVkv/g9zyRXMx2d9FnrpHRaKlSRGo6yFNApV
+GRufc/+b9rOO3Vw7GvBcGN2RtcYSU3pdmCsJfiEr/G2fxHLy8AAACBANIu6LkOuCwEEOC+
+xW10N+lYQZFLwfw8797ScuYY2u8xF/JPcSc0iyE1Yef5kytww3w6xsowH5gP6Zs7K0A87m
+UHDnofDULO4+hOanFR/8fbzZYAkOo2CeUP/PDPsK7XzLTnoHN/nlLWJcHt0I+uaKZTGUoS
+3X9GORWJlP/7SUdhAAAAGXpjcmV0c2hhcmUtdGVzdEBsb2NhbGhvc3QB
+-----END OPENSSH PRIVATE KEY-----