A library for using the ssh-agent protocol, written to leverage the modern
node Streams API and use sshpk objects. Supports most client operations
(including key add/remove), but agent support is coming. Re-uses socket
connections where possible for lower latency operation.
npm install sshpk-agentvar agent = require('sshpk-agent');
var sshpk = require('sshpk');
var client = new agent.Client();
/* Add a new key to the agent */
var pk = sshpk.parsePrivateKey(fs.readFileSync('id_rsa'), 'pem');
client.addKey(pk, function (err) {
...
});
/* List all the keys stored in the agent */
var key;
client.listKeys(function (err, keys) {
if (err)
return;
/* keys is an array of sshpk.Key objects */
key = keys[0];
});
/* Sign some data with a key */
var data = 'foobar';
client.sign(key, data, function (err, signature) {
/* signature is an sshpk.Signature object */
...
/* to find out what hash algorithm the agent used -- it chooses for you */
var algo = signature.hashAlgorithm;
...
});new Client([options]);Creates a new ssh-agent client.
Parameters
options -- optional Object, containing properties:
socketPath -- an optional String, path to the UNIX socket to reach the SSH
agent via. If not specified, defaults to
process.env['SSH_AUTH_SOCK']timeout -- an optional Number, milliseconds to wait for the agent to
respond to a request before returning error. Defaults to 2000.Client#listKeys([options, ]callback);Retrieves a list of all keys stored in the agent.
Parameters
options -- optional Object, containg properties:
timeout -- an optional Number, overrides the constructor timeout just for
this requestcallback -- function (error, keys) with arguments:
error -- null if no error, otherwise an instance of Error or its
subclasseskeys -- Array of sshpk.Key objects, the available public keysClient#listCertificates([options, ]callback);Retrieves a list of all certificates stored in the agent.
Parameters
options -- optional Object, containg properties:
timeout -- an optional Number, overrides the constructor timeout just for
this requestcallback -- function (error, keys) with arguments:
error -- null if no error, otherwise an instance of Error or its
subclasseskeys -- Array of sshpk.Certificate objects, the available certificatesClient#sign(key, data[, options], callback);Uses a key stored in the agent to sign some data.
Parameters
key -- an Object, instance of sshpk.Key, key to sign withdata -- a Buffer or String, data to be signedoptions -- optional Object, containing properties:
timeout -- an optional Number, overrides the constructor timeout just for
this requestcallback -- function (error, signature) with arguments:
error -- null if no error, otherwise instance of Errorsignature -- an Object, instance of sshpk.SignatureClient#createSelfSignedCertificate(subject, key, options, cb)Uses a key stored in the agent to create a self-signed certificate for that key. The certificate can be read back in both OpenSSH and X.509 formats.
Parameters
subject -- an Identity, the subject of the certificatekey -- an Object, instance of sshpk.Key, key to sign with and the
subject keyoptions -- an Object, additional options, with keys:
lifetime -- optional Number, lifetime of the certificate from now in
secondsvalidFrom, validUntil -- optional Dates, beginning and end of
certificate validity period. If given, lifetime will be ignored.serial -- optional Buffer, the serial number of the certificatepurposes -- optional Array of String, X.509 key usage restrictionscallback -- function (error, certificate), with arguments:
error -- null if no error, otherwise instance of Errorcertificate -- an Object, instance of sshpk.CertificateClient#createCertificate(subject, subjectKey, issuer, key, options, cb)Uses a key stored in the agent to create and sign a certificate for some other key (not necessarily in the agent). The certificate can be read back in both OpenSSH and X.509 formats.
Parameters
subject -- an Identity, the subject of the certificatesubjectKey -- an Object, instance of sshpk.Key, key of the subject
entity (does not have to reside in the agent)issuer -- an Identity, the issuer of the certificatekey -- an Object, instance of sshpk.Key, key to sign with (must be in
the agent, and match up with the issuer identity)options -- an Object, additional options, with keys:
lifetime -- optional Number, lifetime of the certificate from now in
secondsvalidFrom, validUntil -- optional Dates, beginning and end of
certificate validity period. If given, lifetime will be ignored.serial -- optional Buffer, the serial number of the certificatepurposes -- optional Array of String, X.509 key usage restrictionscallback -- function (error, certificate), with arguments:
error -- null if no error, otherwise instance of Errorcertificate -- an Object, instance of sshpk.CertificateClient#addKey(privkey[, options], callback);Adds a new private key to the agent.
Parameters
privkey -- an Object, instance of sshpk.PrivateKey, key to addoptions -- optional Object, containing properties:
expires -- optional Number, seconds until this key expires. If not given,
key will last indefinitely. Expiry is handled by the agent
itself.timeout -- optional Number, overrides the constructor timeoutcallback -- function (error) with arguments:
error -- null if no error, otherwise instance of ErrorClient#addCertificate(cert, privkey[, options], callback);Adds a new certificate and private key pair to the agent.
Parameters
cert -- an Object, instance of sshpk.Certificate, cert to addprivkey -- an Object, instance of sshpk.PrivateKey, subject private key
of the certificateoptions -- optional Object, containing properties:
expires -- optional Number, seconds until this key expires. If not given,
key will last indefinitely. Expiry is handled by the agent
itself.timeout -- optional Number, overrides the constructor timeoutcallback -- function (error) with arguments:
error -- null if no error, otherwise instance of ErrorClient#removeKey(key[, options], callback);Removes a private key from the agent.
Parameters
key -- an Object, instance of sshpk.Key, key to removeoptions -- optional Object, containing properties:
timeout -- an optional Number, overrides the constructor timeout just for
this requestcallback -- function (error) with arguments:
error -- null if no error, otherwise instance of ErrorClient#removeAllKeys([options, ]callback);Removes all private keys from the agent.
Parameters
options -- optional Object, containing properties:
timeout -- an optional Number, overrides the constructor timeout just for
this requestcallback -- function (error) with arguments:
error -- null if no error, otherwise instance of ErrorClient#lock(password[, options], callback);Locks the agent with a password, causing it to respond with failure to all requests (except a request to list keys, which always returns an empty list), until unlocked with the same password.
Parameters
password -- a String, password to be required to unlock the agentoptions -- optional Object, containing properties:
timeout -- an optional Number, overrides the constructor timeout just for
this requestcallback -- function (error) with arguments:
error -- null if no error, otherwise instance of ErrorClient#unlock(password[, options], callback);Unlocks an agent that has been previously locked. The given password must
match the password used to lock the agent.
Parameters
password -- a String, password to unlock the agentoptions -- optional Object, containing properties:
timeout -- an optional Number, overrides the constructor timeout just for
this requestcallback -- function (error) with arguments:
error -- null if no error, otherwise instance of ErrorClient#listExtensions(callback);Requests the "query" extension (see draft-miller-ssh-agent-00) from the agent to list what agent protocol extensions are supported. These are returned as a list of Strings.
Parameters
callback -- function (error, extensions) with arguments:
error -- null if no error, otherwise instance of Errorextensions -- Array of String, supported extensions