SSH agent support #1

New Issue

kuschelyagi · 2020-10-22T09:07:14Z

kuschelyagi commented

2020-10-22 09:07:14 +00:00

Currently passwords have to be stored in the server configuration, in plaintext of all things. This is obviously very undesirable.

It would be very nifty if pie cannon had the ability to talk to an SSH agent running on the computer (on GNU/Linux or Windows). There is a apparently a library for JSch that has this capability: https://github.com/ymnk/jsch-agent-proxy/blob/master/examples/src/main/java/com/jcraft/jsch/agentproxy/examples/JSchWithAgentProxy.java

Currently passwords have to be stored in the server configuration, in plaintext of all things. This is obviously very undesirable. It would be very nifty if pie cannon had the ability to talk to an SSH agent running on the computer (on GNU/Linux or Windows). There is a apparently a library for JSch that has this capability: https://github.com/ymnk/jsch-agent-proxy/blob/master/examples/src/main/java/com/jcraft/jsch/agentproxy/examples/JSchWithAgentProxy.java

kuschelyagi added the

sftp

label 2020-10-22 19:10:14 +00:00

kuschelyagi commented

2020-11-05 10:12:14 +00:00

This is currently implemented in a feature branch but with a caveat: the jsch-agent-proxy is not compatible with the JSch fork we are using:

java.lang.AbstractMethodError: Receiver class com.jcraft.jsch.agentproxy.RemoteIdentityRepository$1 does not define or inherit an implementation of the resolved method 'abstract byte[] getSignature(byte[], java.lang.String)' of interface com.jcraft.jsch.Identity.
        at com.jcraft.jsch.UserAuthPublicKey.start(UserAuthPublicKey.java:254)
        at com.jcraft.jsch.Session.connect(Session.java:473)
        at com.jcraft.jsch.Session.connect(Session.java:186)
        at net.monarchpass.piecannon.impl.SftpServer.upload(SftpServer.java:43)
        at net.monarchpass.piecannon.Server.upload(Server.java:11)
        at net.monarchpass.piecannon.App.main(App.java:53)
        at org.codehaus.mojo.exec.ExecJavaMojo$1.run(ExecJavaMojo.java:254)
        at java.base/java.lang.Thread.run(Unknown Source)

We are using a fork of jsch because the original outdated version will soon no longer work by default.

The obvious way around this is to fork the jsch-agent-proxy to make it compatible with this new version of jsch. Maybe there's already a fork out there.

This is currently implemented in a feature branch but with a caveat: the jsch-agent-proxy is [not compatible](https://github.com/mwiede/jsch/commit/045799e55e11ce90a1cf5be8e3abdf4e6a7549f4#diff-c0dbbd2ba6a77b105be2398c03b889e9fc7da9edcae40d0838ab05c6917fac05) with the JSch fork we are using: ``` java.lang.AbstractMethodError: Receiver class com.jcraft.jsch.agentproxy.RemoteIdentityRepository$1 does not define or inherit an implementation of the resolved method 'abstract byte[] getSignature(byte[], java.lang.String)' of interface com.jcraft.jsch.Identity. at com.jcraft.jsch.UserAuthPublicKey.start(UserAuthPublicKey.java:254) at com.jcraft.jsch.Session.connect(Session.java:473) at com.jcraft.jsch.Session.connect(Session.java:186) at net.monarchpass.piecannon.impl.SftpServer.upload(SftpServer.java:43) at net.monarchpass.piecannon.Server.upload(Server.java:11) at net.monarchpass.piecannon.App.main(App.java:53) at org.codehaus.mojo.exec.ExecJavaMojo$1.run(ExecJavaMojo.java:254) at java.base/java.lang.Thread.run(Unknown Source) ``` We are using a fork of jsch because the original outdated version [will soon no longer work by default](http://www.matez.de/index.php/2020/06/22/the-future-of-jsch-without-ssh-rsa/). The obvious way around this is to fork the jsch-agent-proxy to make it compatible with this new version of jsch. Maybe there's already a fork out there.

kuschelyagi added the

GNU/Linux

Windows

labels 2020-11-05 10:15:10 +00:00

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: kuschelyagi/piecannon#1