Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support auth using SSH Agent keys. #281

Merged
merged 12 commits into from
Dec 20, 2024
Merged

Support auth using SSH Agent keys. #281

merged 12 commits into from
Dec 20, 2024

Conversation

tmds
Copy link
Owner

@tmds tmds commented Dec 19, 2024

Fixes #213.

cc @jborean93

tmds
tmds commented Dec 19, 2024
View reviewed changes
src/Tmds.Ssh/SshAgent.cs
{
string? sshAuthSock = Environment.GetEnvironmentVariable("SSH_AUTH_SOCK");

if (OperatingSystem.IsWindows())
Copy link
Owner Author

@tmds tmds Dec 19, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@jborean93 (assuming you have a Windows machine/VM) is this something you'd want to look into?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Will try it out and get back to you.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

On Windows it looks like it doesn't use a socket at all but rather a named pipe called openssh-ssh-agent. You can use NamedPipeClientStream to connect to it

using var agentPipe = new NamedPipeClientStream("openssh-ssh-agent");
await agentPipe.ConnectAsync();
...

There's probably some considerations needed around

  • Whether any custom PipeOption is needed, like Asynchronous
  • Whether we should specify TokenImpersonationLevel.Anonymous or Identification to stop the service from pretending to be us
    • I'm not aware of any reason why it would need to do so but it's worth looking into

The pipe implements a Stream and not a Socket which will have some work needed to fit into the existing API model.

Copy link
Owner Author

@tmds tmds Dec 20, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The pipe implements a Stream and not a Socket which will have some work needed to fit into the existing API model.

For this, you can change SocketSshConnection to accept a Stream instead of Socket and for the Socket-case create a NetworkStream. These changes will be useful for proxy jumping. Feel free to rename the class (e.g. StreamSshConnection).

@jborean93
Copy link
Contributor

Nice, I was planning on looking at this during the Christmas break but you've beaten me to it. I'll try out the changes on Windows to see what platform differences are there (if any).

tmds
tmds commented Dec 20, 2024
View reviewed changes
src/Tmds.Ssh/SshAgent.cs
private const uint SSH_AGENT_RSA_SHA2_256 = 2;
private const uint SSH_AGENT_RSA_SHA2_512 = 4;

private static EndPoint? _defaultEndPoint;
Copy link
Owner Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@jborean93 for adding the named pipe support, we can probably change this from using an EndPoint to use a string. On Windows we will then assume this string is a named pipe address and on non-Windows it is a unix socket path.

@tmds tmds merged commit febaf54 into main Dec 20, 2024
2 checks passed
This was referenced Dec 20, 2024
Closed
Closed
Closed
@tmds
Copy link
Owner Author

tmds commented Dec 20, 2024

@jborean93 I've merged this and created some issues to tackle remaining things.

#288 is for the Windows support.

#284 is also important. I think you may be interested in working on this as well.

If you have an interest in working on any of the other issues, add a comment to it.

@tmds tmds deleted the ssh_agent branch December 20, 2024 12:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jborean93 jborean93 jborean93 left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Support ssh-agent keys
2 participants
@tmds @jborean93