Closed rigid closed 7 years ago
This feature is not implemented yet, but it will be added very soon!
I need it too
Hope to see key-based authentication available as soon as possible! :+1: Without that Mercury-SSH is useless to me.
maybe there is a way to use ConnectBot for that? That could save a lot of coding work if ConnectBot could handle the key management and open the connection for Mercury.
Is this being worked on? Same problem as @P4z, I can't use this app without key auth, which is a shame. I'd try to figure it out myself, but school is unfortunately a thing.
@LumenTeun opensource is great as you can build your feature too ^_^ so, before saying "this is a shame" you could implement it... if you are not able to do it yourself you can always donate something to accelerate the process. otherwise be quiet and wait for the willing @Skarafaz :+1:
Would be nice :-)
+1
+1
Please add that, storing passwords in JSON plaintext is just asking for trouble, really!
If someone steals your phone, does it matter if you have stored plaintext password or the private key?
@chumma12 sure it does. A public key can (and should) be encrypted.
@rigid then you provide your password everytime you use the Mercury-SSH program?
@chumma12 Well, in case of your device getting stolen bulk-revoking RSA keys is way less of a hassle than setting and remembering new passwords, especially for sysadmins with multiple clients, who have Mercury-SSH on their phones to check up on the machines they're managing every now and then. These guys would have to dig up the old passwords from god knows where (since along with their phone they've lost the JSON), SSH into every single host, change the password, possibly tell every client how they've f-ed up, send them new passes and lose people's trust. And that's the least they'd have to do in the best-case scenario where the thief wouldn't know about/what to do with what was on the phone. So yeah, that might be a nice feature.
@chumma12 at least, once everytime you reboot your phone, yes.
Whoop whoop :clap: :tada: :smile:
Yep! but to late I'm on iPhone now
Is it possible to add support for ssh key passphrases?
I don't think it would so useful
Can you explain why?
This app uses a self generated private key which is stored in the internal storage (secure), so... why adding a passphrase? Just to type it each time you send a command?
Passphrase protected keys are an additional way to gain time between loss of key and server side invalidation of the key (as they are hard to brute-force when generated correctly). Surely one could rely solely on android mechanisms to prevent unwanted access to the secret key, but the choice should be left to the user. Also, manually generated keys should be importable (maybe another issue) to prevent relying on a monoculture ecosystem.
is there (will there be) a way to use public keys instead of passwords?