Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support OpenSSH Keys #66

Open
aaronvegh opened this issue Jan 21, 2021 · 4 comments
Open

Support OpenSSH Keys #66

aaronvegh opened this issue Jan 21, 2021 · 4 comments
Labels
enhancement New feature or request

Comments

@aaronvegh
Copy link

As I use SwiftNIO SSH, I need to provide the ability for my users to employ their existing private keys to connect to a remote host. As has been well-documented, SwiftCrypto lacks the ability to decrypt such keys when generated by OpenSSH.

Quoth @Lukasa in the Slack:

"If the user’s OpenSSH private key is passphrase protected then we cannot handle them in-tree at all. Because the way those keys are encrypted does not allow us to decrypt them with the APIs Swift Crypto provides. This is a ripe opportunity for someone to write a third-party extension to the library to handle this use-case."

This proposed extension to SwiftNIO SSH should solve two orthogonal problems:

  • Support RSA, which appears to be partially solved by @Joannis' PR: Add support for custom cryptography #62
  • Support ECDSA and ed25519 keys, by implementing a package that can parse the key format into the appropriate raw Swift Crypto format. "Basically, anything that does have access to an AES-CBC algorithm could do this. You can construct an SSH key from, say, a P256.Signing.PrivateKey object, and that ultimately can be derived from the OpenSSH private key format," writes @Lukasa.
@Lukasa Lukasa added the enhancement New feature or request label Jan 21, 2021
@Joannis
Copy link
Collaborator

Joannis commented Jan 21, 2021

@aaronvegh I've also already got an OpenSSH key format parser for RSA which could be updated to support more algorithms.

@WilliamABradley
Copy link

WilliamABradley commented Sep 25, 2021
edited

@Joannis is there a branch for your RSA implementation somewhere we can take a look at?

Is it this? https://github.com/Joannis/swift-nio-ssh/tree/jo-rsa-private-keys

@Joannis
Copy link
Collaborator

Joannis commented Sep 25, 2021

@WilliamABradley I currently rely on this: https://github.com/joannis/citadel

@JaapWijnen
Copy link

JaapWijnen commented May 7, 2022
edited

I've written a slightly more general version of Joannis' RSA key parser. It currently also accepts ed25519 keys. Might be a nice addition to swift-nio-ssh in some form once his PR for custom key support is merged. The parser lives in
orlandos-nl/Citadel#8

@chengpan168 chengpan168 mentioned this issue Sep 9, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@aaronvegh @Lukasa @Joannis @JaapWijnen @WilliamABradley