Skarafaz
commented
9 years ago This feature is not implemented yet, but it will be added very soon!
Closed rigid closed 7 years ago
Skarafaz
commented
9 years ago This feature is not implemented yet, but it will be added very soon!
emmtte
commented
9 years ago I need it too
P4z
commented
9 years ago Hope to see key-based authentication available as soon as possible! :+1: Without that Mercury-SSH is useless to me.
rigid
commented
9 years ago maybe there is a way to use ConnectBot for that? That could save a lot of coding work if ConnectBot could handle the key management and open the connection for Mercury.
ahstro
commented
9 years ago Is this being worked on? Same problem as @P4z, I can't use this app without key auth, which is a shame. I'd try to figure it out myself, but school is unfortunately a thing.
mastershadow
commented
9 years ago @LumenTeun opensource is great as you can build your feature too ^_^ so, before saying "this is a shame" you could implement it... if you are not able to do it yourself you can always donate something to accelerate the process. otherwise be quiet and wait for the willing @Skarafaz :+1:
jubalh
commented
8 years ago Would be nice :-)
pheanex
commented
8 years ago +1
thessy
commented
8 years ago +1
drozdziak1
commented
8 years ago Please add that, storing passwords in JSON plaintext is just asking for trouble, really!
chumma12
commented
8 years ago If someone steals your phone, does it matter if you have stored plaintext password or the private key?
rigid
commented
8 years ago @chumma12 sure it does. A public key can (and should) be encrypted.
chumma12
commented
8 years ago @rigid then you provide your password everytime you use the Mercury-SSH program?
drozdziak1
commented
8 years ago @chumma12 Well, in case of your device getting stolen bulk-revoking RSA keys is way less of a hassle than setting and remembering new passwords, especially for sysadmins with multiple clients, who have Mercury-SSH on their phones to check up on the machines they're managing every now and then. These guys would have to dig up the old passwords from god knows where (since along with their phone they've lost the JSON), SSH into every single host, change the password, possibly tell every client how they've f-ed up, send them new passes and lose people's trust. And that's the least they'd have to do in the best-case scenario where the thief wouldn't know about/what to do with what was on the phone. So yeah, that might be a nice feature.
rigid
commented
8 years ago @chumma12 at least, once everytime you reboot your phone, yes.
ahstro
commented
7 years ago Whoop whoop :clap: :tada: :smile:
emmtte
commented
7 years ago Yep! but to late I'm on iPhone now
tristan-k
commented
7 years ago Is it possible to add support for ssh key passphrases?
Skarafaz
commented
7 years ago I don't think it would so useful
tristan-k
commented
7 years ago Can you explain why?
Skarafaz
commented
7 years ago This app uses a self generated private key which is stored in the internal storage (secure), so... why adding a passphrase? Just to type it each time you send a command?
rigid
commented
7 years ago Passphrase protected keys are an additional way to gain time between loss of key and server side invalidation of the key (as they are hard to brute-force when generated correctly). Surely one could rely solely on android mechanisms to prevent unwanted access to the secret key, but the choice should be left to the user. Also, manually generated keys should be importable (maybe another issue) to prevent relying on a monoculture ecosystem.
is there (will there be) a way to use public keys instead of passwords?