search

mwiede / jsch

fork of the popular jsch library
Other
750 stars 143 forks source link

Support for ssh-agent? #65

Closed jsundmannorberg closed 3 years ago

jsundmannorberg commented 3 years ago

HI,

Thanks for maintaining this project, it really is a great contribution to the software development community!

WIth older version of Jsch, it was possible to use jsch-agent-proxy https://github.com/ymnk/jsch-agent-proxy but that is not actively developed and no longer compatible with newer versions of Jsch (does not even compile due to changes in the Identity interface). I have been able to make it work by changing a few lines of the source code, but it would be wonderful (and definitely more secure) to have a solution which is maintained by somebody with deep domain knowledge.

Are there any plans to implement support for ssh-agent or possibly fork the existing repository, or maybe build something new entirely?

Regards, Johan Sundman Norberg

norrisjeremy commented 3 years ago

Hi @jsundmannorberg,

When I have some free time, I may take a look at this and see what it would entail. Out of curiosity, which components from the original jsch-agent-proxy would you require for your particular use cases?

  1. Do you only require the support for traditional ssh-agent? Or do you also need the support for Pageant?
  2. Do you require the integration support it provides with SSHJ & trilead-ssh2? Or do you require its support with JSch?
  3. Also If you require the traditional ssh-agent support, would you need support for it with Java versions prior to Java 16?

Thanks, Jeremy

jsundmannorberg commented 3 years ago

Hi Jeremy!

Thanks for looking at this (if you have time)! It would be incredibly useful to us.

  1. It would be great to support both ssh-agent and Pageant.
  2. We are using this fork of JSch, so that is what we need support for.
  3. For our use case we need to support older Java versions as well, definitely Java 11. And in the future we will also need support for Java 17.

Thanks! Johan

norrisjeremy commented 3 years ago

HI @jsundmannorberg,

In #64 I've included ssh-agent support based upon jsch-agent-proxy. Once it is landed, you should be able to activate along the lines of this:

      JSch jsch=new JSch();

      IdentityRepository irepo = new AgentIdentityRepository(new SSHAgentConnector());
      jsch.setIdentityRepository(irepo);

The empty SSHAgentConnector class constructor will attempt to to use Java 16's JEP 380 if you are running on Java 16+, else it will fall back to trying to use the junixsocket library if it is on the classpath. There are also various constructors to manually specify a specific USocketFactory instance (UnixDomainSocketFactory or JUnixSocketFactory, or even a custom implementation), as well as specifying the filesystem path of the ssh-agent's unix domain socket instead of trying to use the SSH_AUTH_SOCK env variable.

I've not tested the PageantConnector class since I am not a Windows user, but if it was working with the old jsch-agent-proxy, then I imagine it should still work now. Using it requires that the JNA library be included on the classpath.

Thanks, Jeremy

jsundmannorberg commented 3 years ago

Thanks @norrisjeremy for the amazingly fast response , this looks like exactly what we need!

mwiede commented 3 years ago

@jsundmannorberg can you please test latest release 0.1.66 (should be available on maven central in the next 24 hours), if it fits your needs?

jsundmannorberg commented 3 years ago

Absolutely, I will test it as soon as possible

jsundmannorberg commented 3 years ago

Thanks again for the fast response, this works perfectly for our needs.