Support OpenSSH Keys

[aaronvegh]

As I use SwiftNIO SSH, I need to provide the ability for my users to employ their existing private keys to connect to a remote host. As has been well-documented, SwiftCrypto lacks the ability to decrypt such keys when generated by OpenSSH.

Quoth @Lukasa in the Slack:

"If the user’s OpenSSH private key is passphrase protected then we cannot handle them in-tree at all. Because the way those keys are encrypted does not allow us to decrypt them with the APIs Swift Crypto provides. This is a ripe opportunity for someone to write a third-party extension to the library to handle this use-case."

This proposed extension to SwiftNIO SSH should solve two orthogonal problems:

• Support RSA, which appears to be partially solved by @Joannis' PR: https://github.com/apple/swift-nio-ssh/pull/62
• Support ECDSA and ed25519 keys, by implementing a package that can parse the key format into the appropriate raw Swift Crypto format. "Basically, anything that does have access to an AES-CBC algorithm could do this. You can construct an SSH key from, say, a P256.Signing.PrivateKey object, and that ultimately can be derived from the OpenSSH private key format," writes @Lukasa.

[Joannis]

@aaronvegh I've also already got an OpenSSH key format parser for RSA which could be updated to support more algorithms.

[WilliamABradley]

@Joannis is there a branch for your RSA implementation somewhere we can take a look at?

Is it this? https://github.com/Joannis/swift-nio-ssh/tree/jo-rsa-private-keys

[Joannis]

@WilliamABradley I currently rely on this: https://github.com/joannis/citadel

[JaapWijnen]

I've written a slightly more general version of Joannis' RSA key parser. It currently also accepts ed25519 keys. Might be a nice addition to swift-nio-ssh in some form once his PR for custom key support is merged. The parser lives in https://github.com/orlandos-nl/Citadel/pull/8