5 files changed, 46 insertions, 68 deletions

diff --git a/cmd/podman/common/completion.go b/cmd/podman/common/completion.go
index 02369c74a..71c62a7af 100644
--- a/cmd/podman/common/completion.go
+++ b/cmd/podman/common/completion.go
@@ -13,6 +13,7 @@ import (
 	libimageDefine "github.com/containers/common/libimage/define"
 	"github.com/containers/common/libnetwork/types"
 	"github.com/containers/common/pkg/config"
+	"github.com/containers/common/pkg/ssh"
 	"github.com/containers/image/v5/pkg/sysregistriesv2"
 	"github.com/containers/podman/v4/cmd/podman/registry"
 	"github.com/containers/podman/v4/libpod/define"
@@ -1628,3 +1629,11 @@ func AutocompleteClone(cmd *cobra.Command, args []string, toComplete string) ([]
 	}
 	return nil, cobra.ShellCompDirectiveNoFileComp
 }
+
+// AutocompleteSSH - Autocomplete ssh modes
+func AutocompleteSSH(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
+	if !validCurrentCmdLine(cmd, args, toComplete) {
+		return nil, cobra.ShellCompDirectiveNoFileComp
+	}
+	return []string{string(ssh.GolangMode), string(ssh.NativeMode)}, cobra.ShellCompDirectiveNoFileComp
+}
diff --git a/cmd/podman/common/sign.go b/cmd/podman/common/sign.go
index e8a90ed57..dc0d3ff5d 100644
--- a/cmd/podman/common/sign.go
+++ b/cmd/podman/common/sign.go
@@ -3,9 +3,9 @@ package common
 import (
 	"fmt"
 
+	"github.com/containers/common/pkg/ssh"
 	"github.com/containers/image/v5/pkg/cli"
 	"github.com/containers/podman/v4/pkg/domain/entities"
-	"github.com/containers/podman/v4/pkg/terminal"
 )
 
 // PrepareSigningPassphrase updates pushOpts.SignPassphrase and SignSigstorePrivateKeyPassphrase based on a --sign-passphrase-file value signPassphraseFile,
@@ -27,7 +27,7 @@ func PrepareSigningPassphrase(pushOpts *entities.ImagePushOptions, signPassphras
 		}
 		passphrase = p
 	} else if pushOpts.SignBySigstorePrivateKeyFile != "" {
-		p := terminal.ReadPassphrase()
+		p := ssh.ReadPassphrase()
 		passphrase = string(p)
 	} // pushOpts.SignBy triggers a GPG-agent passphrase prompt, possibly using a more secure channel, so we usually shouldn’t prompt ourselves if no passphrase was explicitly provided.
 	pushOpts.SignPassphrase = passphrase
diff --git a/cmd/podman/images/scp.go b/cmd/podman/images/scp.go
index a7aa43e61..18899d251 100644
--- a/cmd/podman/images/scp.go
+++ b/cmd/podman/images/scp.go
@@ -4,6 +4,7 @@ import (
 	"os"
 	"strings"
 
+	"github.com/containers/common/pkg/ssh"
 	"github.com/containers/podman/v4/cmd/podman/common"
 	"github.com/containers/podman/v4/cmd/podman/registry"
 	"github.com/spf13/cobra"
@@ -48,6 +49,11 @@ func scp(cmd *cobra.Command, args []string) (finalErr error) {
 	var (
 		err error
 	)
+
+	containerConfig := registry.PodmanConfig()
+
+	sshType := containerConfig.SSHMode
+
 	for i, val := range os.Args {
 		if val == "image" {
 			break
@@ -67,7 +73,8 @@ func scp(cmd *cobra.Command, args []string) (finalErr error) {
 		dst = args[1]
 	}
 
-	err = registry.ImageEngine().Scp(registry.Context(), src, dst, parentFlags, quiet)
+	sshEngine := ssh.DefineMode(sshType)
+	err = registry.ImageEngine().Scp(registry.Context(), src, dst, parentFlags, quiet, sshEngine)
 	if err != nil {
 		return err
 	}
diff --git a/cmd/podman/root.go b/cmd/podman/root.go
index 48f8470be..3637b2674 100644
--- a/cmd/podman/root.go
+++ b/cmd/podman/root.go
@@ -12,6 +12,7 @@ import (
 
 	"github.com/containers/common/pkg/completion"
 	"github.com/containers/common/pkg/config"
+	"github.com/containers/common/pkg/ssh"
 	"github.com/containers/podman/v4/cmd/podman/common"
 	"github.com/containers/podman/v4/cmd/podman/registry"
 	"github.com/containers/podman/v4/cmd/podman/validate"
@@ -338,6 +339,10 @@ func rootFlags(cmd *cobra.Command, opts *entities.PodmanConfig) {
 
 	lFlags := cmd.Flags()
 
+	sshFlagName := "ssh"
+	lFlags.StringVar(&opts.SSHMode, sshFlagName, string(ssh.GolangMode), "define the ssh mode")
+	_ = cmd.RegisterFlagCompletionFunc(sshFlagName, common.AutocompleteSSH)
+
 	connectionFlagName := "connection"
 	lFlags.StringVarP(&opts.Engine.ActiveService, connectionFlagName, "c", srv, "Connection to use for remote Podman service")
 	_ = cmd.RegisterFlagCompletionFunc(connectionFlagName, common.AutocompleteSystemConnections)
diff --git a/cmd/podman/system/connection/add.go b/cmd/podman/system/connection/add.go
index 191603718..f3b61b254 100644
--- a/cmd/podman/system/connection/add.go
+++ b/cmd/podman/system/connection/add.go
@@ -1,23 +1,19 @@
 package connection
 
 import (
-	"encoding/json"
 	"errors"
 	"fmt"
-	"net"
 	"net/url"
 	"os"
 	"regexp"
 
 	"github.com/containers/common/pkg/completion"
 	"github.com/containers/common/pkg/config"
+	"github.com/containers/common/pkg/ssh"
 	"github.com/containers/podman/v4/cmd/podman/registry"
 	"github.com/containers/podman/v4/cmd/podman/system"
-	"github.com/containers/podman/v4/libpod/define"
-	"github.com/containers/podman/v4/pkg/domain/utils"
 	"github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
-	"golang.org/x/crypto/ssh"
 )
 
 var (
@@ -74,6 +70,15 @@ func init() {
 
 func add(cmd *cobra.Command, args []string) error {
 	// Default to ssh schema if none given
+
+	entities := &ssh.ConnectionCreateOptions{
+		Port:     cOpts.Port,
+		Path:     args[1],
+		Identity: cOpts.Identity,
+		Name:     args[0],
+		Socket:   cOpts.UDSPath,
+		Default:  cOpts.Default,
+	}
 	dest := args[1]
 	if match, err := regexp.Match("^[A-Za-z][A-Za-z0-9+.-]*://", []byte(dest)); err != nil {
 		return fmt.Errorf("invalid destination: %w", err)
@@ -89,30 +94,20 @@ func add(cmd *cobra.Command, args []string) error {
 		uri.Path = cmd.Flag("socket-path").Value.String()
 	}
 
-	switch uri.Scheme {
-	case "ssh":
-		if uri.User.Username() == "" {
-			if uri.User, err = utils.GetUserInfo(uri); err != nil {
-				return err
-			}
-		}
+	var sshMode ssh.EngineMode
+	containerConfig := registry.PodmanConfig()
 
-		if cmd.Flags().Changed("port") {
-			uri.Host = net.JoinHostPort(uri.Hostname(), cmd.Flag("port").Value.String())
-		}
+	flag := containerConfig.SSHMode
 
-		if uri.Port() == "" {
-			uri.Host = net.JoinHostPort(uri.Hostname(), cmd.Flag("port").DefValue)
-		}
-		iden := ""
-		if cmd.Flags().Changed("identity") {
-			iden = cOpts.Identity
-		}
-		if uri.Path == "" || uri.Path == "/" {
-			if uri.Path, err = getUDS(uri, iden); err != nil {
-				return err
-			}
-		}
+	sshMode = ssh.DefineMode(flag)
+
+	if sshMode == ssh.InvalidMode {
+		return fmt.Errorf("invalid ssh mode")
+	}
+
+	switch uri.Scheme {
+	case "ssh":
+		return ssh.Create(entities, sshMode)
 	case "unix":
 		if cmd.Flags().Changed("identity") {
 			return errors.New("--identity option not supported for unix scheme")
@@ -176,41 +171,3 @@ func add(cmd *cobra.Command, args []string) error {
 	}
 	return cfg.Write()
 }
-
-func getUDS(uri *url.URL, iden string) (string, error) {
-	cfg, err := utils.ValidateAndConfigure(uri, iden)
-	if err != nil {
-		return "", fmt.Errorf("failed to validate: %w", err)
-	}
-	dial, err := ssh.Dial("tcp", uri.Host, cfg)
-	if err != nil {
-		return "", fmt.Errorf("failed to connect: %w", err)
-	}
-	defer dial.Close()
-
-	session, err := dial.NewSession()
-	if err != nil {
-		return "", fmt.Errorf("failed to create new ssh session on %q: %w", uri.Host, err)
-	}
-	defer session.Close()
-
-	// Override podman binary for testing etc
-	podman := "podman"
-	if v, found := os.LookupEnv("PODMAN_BINARY"); found {
-		podman = v
-	}
-	infoJSON, err := utils.ExecRemoteCommand(dial, podman+" info --format=json")
-	if err != nil {
-		return "", err
-	}
-
-	var info define.Info
-	if err := json.Unmarshal(infoJSON, &info); err != nil {
-		return "", fmt.Errorf("failed to parse 'podman info' results: %w", err)
-	}
-
-	if info.Host.RemoteSocket == nil || len(info.Host.RemoteSocket.Path) == 0 {
-		return "", fmt.Errorf("remote podman %q failed to report its UDS socket", uri.Host)
-	}
-	return info.Host.RemoteSocket.Path, nil
-}