Open worksofliam opened 2 years ago
@priceaj I would love to continue this chat and hear your ideas if you have any.
Thats cool
I still not able to fix the SSH key issue. could you share a detail guideline on how to set up SSH? System admin confirms that ssh agent is active, but I’m not able to connect to backend.
@anson2416 I think perhaps this is the wrong issue to raise your issue since this is for a brand new feature.
You should likely create a new one.
@worksofliam I see this closed as completed without implementation, but I am reopening since I think an implementation similar to discussed in this comment is feasible.
If we get a flow working where we autogenerate a key pair and load it onto the system, we could then entertain ideas for discouraging password-based authentication.
(feel free to re-close again if I am misunderstanding or you'd like a fresh issue)
There is an alternative to ssh-copy-id on this page https://askubuntu.com/questions/46424/how-do-i-add-ssh-keys-to-authorized-keys-file
I'm not sure if ssh-copy-id is available by default on PASE
I also still prefer the idea of using an agent (like pageant or keepass with the SSH agent plugin) if it can be supported. (Maybe that's a separate feature??).
Sorry for the comment spam, looks like the ssh2 module allows for generating keypairs. Not sure if this was the case previously because of Liam's above comment.
There is an alternative to ssh-copy-id on this page https://askubuntu.com/questions/46424/how-do-i-add-ssh-keys-to-authorized-keys-file
I'm not sure if ssh-copy-id is available by default on PASE
ssh-copy-id needs to be on the client, which is troublesome when building a cross-platform solution. Not an issue, though. I have already written the code to do this part.
The big undefined would be the user flow and storage of the private key, I think.
I also still prefer the idea of using an agent (like pageant or keepass with the SSH agent plugin) if it can be supported. (Maybe that's a separate feature??).
I agree (but also think it's a separate feature without a clear path to implementation at this time)
it's a separate feature without a clear path to implementation at this time
The SSH2 module supports agents already, just no investigation work has been done to see if it works from within a VScode extension
ssh-copy-id needs to be on the client, which is troublesome when building a cross-platform solution. Not an issue, though. I have already written the code to do this part.
Make sure you append to the Auth keys file and don't overwrite!
The big undefined would be the user flow and storage of the private key, I think.
User flow yes it needs to be defined, I'm thinking some kind of prompt after a login to switch to SSH keys, then once we verify it works the existing connection config could be overwritten to use the new key.
The private key should be stored using VScode secrets I would have thought, it's what we use to store passwords at the moment. There are some notes on the original PR:
https://github.com/halcyon-tech/vscode-ibmi/pull/310
Edit: Looks like I originally intended to implement storing of private key into secret storage, then realised it actually read the file each time and changed my mind because of security concerns (i.e. not having multiple copies of Private key in multiple places): https://github.com/halcyon-tech/vscode-ibmi/pull/308#issuecomment-923875914
We probably need to store any generated keys in the secret storage, but also leave the option to read directly from the client filesystem for compatibility.
The SSH2 module supports agents already, just no investigation work has been done to see if it works from within a VScode extension
I'm guessing it will "just plain work" but not for all environments. Even so, in my opinion, some kind of conditional agent support is good-enough
User flow yes it needs to be defined, I'm thinking some kind of prompt after a login to switch to SSH keys, then once we verify it works the existing connection config could be overwritten to use the new key.
Yep, I was thinking maybe a checkbox saying "use extension-generated key pair" and we just ask them for a password the first time through.
Edit: Looks like I originally intended to implement storing of private key into secret storage, then realised it actually read the file each time and changed my mind because of security concerns (i.e. not having multiple copies of Private key in multiple places): #308 (comment)
Yep, I saw those comments but still haven't digested your PR. I was also envisioning a slightly different approach to secret storage: simply saving a private key in each system's config (each system would have its own key pair).
At the end of the day, though, that means that a password stored in secret storage is not less secure than an SSH private key stored in secret storage. And if we already have the password, it weakens the case for the key.
Yep, I saw those comments but still haven't digested your PR. I was also envisioning a slightly different approach to secret storage: simply saving a private key in each system's config (each system would have its own key pair).
Secret storage is extremely easy to implement and backed by the OS and the recommended way to store passwords etc. Settings.json I believe is fully readable by any extension. Private keys are easy to identify and would be targets for any malicious extensions.
The current way of using SSH keys relies on the private key existing on a file on the system, it's read in at connection time and used if there is one specified:
https://github.com/halcyon-tech/vscode-ibmi/blob/master/src/api/IBMi.ts#L120
It would be fairly easy to check if a private key exists in secret storage for a given connection (if a user supplied key isn't already specified) and use that if it's there. From memory this is how the password prompt works (or used to!) i.e. for every connection it says do we have a password stored, if not then display a password prompt.
EDIT: Password prompt code: https://github.com/halcyon-tech/vscode-ibmi/blob/master/src/webviews/login/index.ts#L132-L135
The chances of us dropping credentials right now are very low - I think if we did that, we'd need to add a way to make it easy to generate SSH keys and get them uploaded to IBM i automatically (ssh-copy-id?)
I think what we should do in the meantime, is absolutely warn the user when they log in with a password.
Then the yes button could generate a key, upload it to the system, update their connection settings to point to the key, and then disconnect. What do you think of that?
Some things to consider:
ssh-keygen
.ssh2
generate a key?