Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

request for ENHANCEMENT: [github] xanzy/ssh-agent and/or passphrases for private keys ... #149

Open
pichwo opened this issue Jan 30, 2021 · 3 comments
Open

request for ENHANCEMENT: [github] xanzy/ssh-agent and/or passphrases for private keys ... #149

pichwo opened this issue Jan 30, 2021 · 3 comments

Comments

@pichwo
Copy link

pichwo commented Jan 30, 2021

hi !

introductionar words :

  1. wonderful work - especially looking forward the rpc ( btw. what are the intentions behind ? ;-) )
  2. personally i use linux, but i try to use mole for rdp/ssh on windows for my users - much fuzz there - tried all what is available in the internet - and not satisfied so far ... not even one ONESTOP console program to achieve things ... ;-)
    that said -

for mass deployment it is a no-go to use private keys /wo passphrases.
since mole has no feature to collect the passphrase from the user from console (commandline-args or config-files are NO good idea) the only possibility (on windows) is to start pageant with '-c "mole.exe ..."' but ...
for that reason mole would have to use xanzy/ssh-agent instead of golang.org/x/crypto/ssh/agent

SCENARIO :

"mole add alias ccc ... ... --deferred-passphrase"

"mole start alias ccc --passphrase-from-console" or
"mole start alias ccc --passphrase-from-stdin" or
"mole start alias ccc --passphrase supersecret"

OR WITH RPC :

"mole start alias ccc ... ... --defer-connect --rpc"

"mole misc rpc ask_private_key_passphrase_from_console" or
"mole misc rpc ask_private_key_passphrase_from_stdin" or
"mole misc rpc specify_private_key_passphrase supersecret"

"mole misc rpc connect"

at least please comment if passphrase handling will be managed somehow sometime and/or
if golang.org/x/crypto/ssh/agent is possible

thank you very much
wolfgang
@pichwo
Copy link
Author

pichwo commented Feb 16, 2021

bumpup. any chance ?

@davrodpin
Copy link
Owner

Hi @pichwo,

Sorry for taking this long to get back to you.

Thank you for the kinds words :)

I want to have a RPC server on Mole to enable a scenario where other programs can control Mole instances. That would allow, for example, to build a UI to manage current and new instances using a programmable interface.

So, today Mole handles passphrases on private keys by asking the user for an input (see below).
That only happens if the Mole instance runs on foreground.

$ mole start local --key /path/to/key-with-passphrase ...
The key provided is secured by a password. Please provide it below:
Password:

Mole already supports delegating authentication to a ssh-agent by using the flag --ssh-agent or -A where the user can specify the unix socket to a running ssh-agent.

I don't like much the idea of adding a flag to pass passphrases since it can potentially be stores somewhere as plain text (e.g. shell history).

@davrodpin
Copy link
Owner

@pichwo, anything to add? Otherwise I will close this issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@davrodpin @pichwo