-
Notifications
You must be signed in to change notification settings - Fork 97
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
request for ENHANCEMENT: [github] xanzy/ssh-agent and/or passphrases for private keys ... #149
Comments
bumpup. any chance ? |
Hi @pichwo, Sorry for taking this long to get back to you. Thank you for the kinds words :) I want to have a RPC server on Mole to enable a scenario where other programs can control Mole instances. That would allow, for example, to build a UI to manage current and new instances using a programmable interface. So, today Mole handles passphrases on private keys by asking the user for an input (see below). $ mole start local --key /path/to/key-with-passphrase ...
The key provided is secured by a password. Please provide it below:
Password: Mole already supports delegating authentication to a ssh-agent by using the flag I don't like much the idea of adding a flag to pass passphrases since it can potentially be stores somewhere as plain text (e.g. shell history). |
@pichwo, anything to add? Otherwise I will close this issue. |
hi !
introductionar words :
that said -
for mass deployment it is a no-go to use private keys /wo passphrases.
since mole has no feature to collect the passphrase from the user from console (commandline-args or config-files are NO good idea) the only possibility (on windows) is to start pageant with '-c "mole.exe ..."' but ...
for that reason mole would have to use xanzy/ssh-agent instead of golang.org/x/crypto/ssh/agent
SCENARIO :
"mole add alias ccc ... ... --deferred-passphrase"
"mole start alias ccc --passphrase-from-console" or
"mole start alias ccc --passphrase-from-stdin" or
"mole start alias ccc --passphrase supersecret"
OR WITH RPC :
"mole start alias ccc ... ... --defer-connect --rpc"
"mole misc rpc ask_private_key_passphrase_from_console" or
"mole misc rpc ask_private_key_passphrase_from_stdin" or
"mole misc rpc specify_private_key_passphrase supersecret"
"mole misc rpc connect"
at least please comment if passphrase handling will be managed somehow sometime and/or
if golang.org/x/crypto/ssh/agent is possible
thank you very much
wolfgang
The text was updated successfully, but these errors were encountered: