search

dlech / KeeAgent

ssh agent plugin for KeePass 2.x
http://lechnology.com/software/keeagent
Other
522 stars 35 forks source link

Support PEM-Encoded Keys #331

Closed aj-stein-nist closed 2 years ago

aj-stein-nist commented 2 years ago

Albeit less popular, AWS is one such large cloud service provider that does not generate a public/private keypair in PEM format. KeeAgent does not seem to detect this when you opt with KeeAgent to load a file from the KeePass database and not a remote file (I don't want it lying around, AWS does not password protect them), and it is not clear if this plugin supports it. The underlying SshAgentLib seems to or has tests for it, however. Is there something I can do to make it work? Definitely interested in contributing!

ezekielnewren commented 2 years ago

I think I duplicated the problem that you're facing. KeeAgent didn't autoload the key for me, but when I specified the attachment and then exited KeePass and reopened. It read and used the openssh formatted private key just fine. Try finagling with it some more to see if the problem persists.

If it still doesn't work you can try using puttygen to convert from openssh to ppk. Make sure to use ppk version 2 i.e. Key -> parameters for saving key files... -> PPK file version -> tick 2. My pull request for supporting ppkv3 is still pending as of THIS post. Issue #316 talks about failing to load ppkv3 files.

aj-stein-nist commented 2 years ago

I think I duplicated the problem that you're facing. KeeAgent didn't autoload the key for me, but when I specified the attachment and then exited KeePass and reopened. It read and used the openssh formatted private key just fine. Try finagling with it some more to see if the problem persists.

So maybe I am not following, @ezekielnewren, I do not even see it as an option here.

image

I obscured the data about "Development SSH Key" because it is already added, that one is fine and that is a conventional OpenSSH (id_rsa and id_rsa.pub as stored in that KeePass entry) key. The PEM one I added with a separate name, adjacent to the aforementioned one ("Development SSH Key"), let's call that entry "Test Backup SSH Key" in the root directory of the KeePass database folder structure is not listed at all. Only the one I previously configured is listed.

How were you able to get around this?

If it still doesn't work you can try using puttygen to convert from openssh to ppk. Make sure to use ppk version 2 i.e. Key -> parameters for saving key files... -> PPK file version -> tick 2. My pull request for supporting ppkv3 is still pending as of THIS post. Issue #316 talks about failing to load ppkv3 files.

Interesting, I'll take a look. I am saving this for emergency "break glass" purposes, and I want to be able to easily use and/or compare when other developers have issues by examining the PEM file in its original format, perhaps scripting its inclusion into the database by code, but I will take a look at the PPKv3 issue anyway. Thanks!

ezekielnewren commented 2 years ago

You need to edit the KeeAgent settings for the specific entry that holds the private key.

kp_edit_entry

Make sure that your private key is saved as a file attachment.

kp_attachment

Then check the "Allow KeeAgent to use this entry" it should auto detect the file attachment, but if not then manually select it.

kp_select_private_key

aj-stein-nist commented 2 years ago

Thanks, @ezekielnewren, I'll check this out!

aj-stein-nist commented 2 years ago

That worked, thanks. I guess I had some PEBKAC issues reading the manual long ago and/or forgetting necessary steps recently. My bad!