Public key authentication

[GoogleCodeExporter]

What steps will reproduce the problem?
1. From Host List, click Menu
2. Select Preferences
3. Select Public Keys
4. Click Generate Key

What is the expected output? What do you see instead?
Key generation is expected, but no UI feedback is experienced.

Original issue reported on code.google.com by kenny@the-b.org on 27 Aug 2008 at 4:42

[GoogleCodeExporter]

This might be due to submenus changing in the newest SDK.

Original comment by kenny@the-b.org on 27 Aug 2008 at 5:46

[GoogleCodeExporter]

generating sshkeys on the device is interesting, but i think we should push 
this to a
later version.

people might be copying over existing keys on their /sdcard.

interestingly, we should consider an "automation" framework.  it might run "cat
'[key]' >> ~/.ssh/authorized_keys" upon login.  other usage might include users
saying run "screen -dr" on connect, etc.

Original comment by Jeffrey.Sharkey on 25 Oct 2008 at 3:24

• Added labels: Priority-Low, Type-Enhancement
• Removed labels: Priority-Medium, Type-Defect

[GoogleCodeExporter]

I would like to suggest that this is a higher priority than "low" ... I can't 
use ssh
for anything real without key based auth.  I'm sure there are other people out 
there
who are similarly paranoid about their ssh requirements.

Original comment by johnk...@gmail.com on 26 Oct 2008 at 12:46

[GoogleCodeExporter]

I think this was marked "low" because you can always generate the actual keys on
another machine and then migrate them to the phone.  Judging from irc chatter, 
this
was considered the best solution because they didn't want to have to vouch for 
the
safety of the java sshkey generation and didn't want another debian/ubuntu-style
clusterfuck on their hands.

There was some debate on irc as to the best way to get an ssh keypair (or at 
least
the private key) to the phone-- ota methods like web and email were ruled out 
for
security reasons.  The SDcard import looks to be the safest way.

As for the actual sshkey-auth method, I believe it is going in as we speak.  
Just
generate your keys on another machine and move it to your phone when this thing 
is
ready (which I hear may be Monday)

Kudos to Jeff Sharkey and the other developers!

W

Original comment by vva...@gmail.com on 26 Oct 2008 at 5:45

[GoogleCodeExporter]

[deleted comment]

[GoogleCodeExporter]

Will it just find the private key on the SD card?  or do I need to put it 
somewhere
specific?

Original comment by johnk...@gmail.com on 27 Oct 2008 at 12:56

[GoogleCodeExporter]

I personally would not put my private key on the SD card.  I believe any 
Android app
can access the entire SD card with no permissions.

However, I also think the app should not generate the private key.  I have 
doubts
about the quality of the devices RNG.

If the app could implement SCP, that would be best.  Or perhaps offer a menu 
item to
"copy and paste" the private key from an active (password-authenticated) 
session into
the private keystore?

Original comment by abliss on 28 Oct 2008 at 9:43

[GoogleCodeExporter]

There have been a few discussions about how to import a key.  if you do it off 
the SDCard it will be imported 
and then you could delete it-- it wouldn't need to be there long.  Someone 
could have a service constantly 
scanning the card looking for keys, but you'd have to have run that program...

Alternatives discussed on IRC included mailing the key (insecure), IMing the 
key (insecure), etc etc.  SCP or 
copy/paste from a secure session would be good, but you'd need a secure 
connection (via password) in the 
first place...

Personally I think the app generating the key is a good idea... cuz at least if 
there are problems you can shut 
down access to this one key...  then again, people have their public key 
already on 50 machines so maybe they 
do want to import...

W

Original comment by vva...@gmail.com on 29 Oct 2008 at 1:01

[GoogleCodeExporter]

I just added rudimentary publickey support in SVN r86.

Right now you can only generate public keys on the device itself. Randomness is
generated by the user, so people don't have to worry about weak entropy sources.

RSA and DSA keys can be copied to the clipboard and deleted only for right now.

Original comment by kenny@the-b.org on 29 Oct 2008 at 5:05

• Changed state: Started

[GoogleCodeExporter]

While I realize keygen isn't expected to work fully in SVN r86, I thought you 
should
be aware that while generating a key in landscape mode you can't see all of the
options and there is no ability to scroll.

Original comment by phas...@gmail.com on 29 Oct 2008 at 2:28

[GoogleCodeExporter]

I made a change in SVN r87 to allow scrolling in landscape mode until we get
something better looking in there. 

Original comment by kenny@the-b.org on 29 Oct 2008 at 5:56

[GoogleCodeExporter]

I just downloaded the App from the Android market, and cannot find a way to 
provide 
my key even though there seems to be at least "some way" to do it (see comment 
9). 
Could it be that version on the Android Market is older and does not yet have 
this 
feature? 
Thanks

Original comment by amazza...@gmail.com on 30 Oct 2008 at 5:52

[GoogleCodeExporter]

The version in the market is r85 (
http://code.google.com/p/connectbot/source/detail?r=85 ). Public key generation
started in r86. Note that it's public key *generation*; import doesn't work yet.
Also, while it can generate keys with a passphrase it can't yet use those to 
login
(although eys without a passphrase work beautifully). 

I imagine that the app won't be updated on the market again until public keys 
are
more fully supported, but I'm not on the dev team so I don't know. In the 
meantime
there are instructions on the project homepage about how to install the latest
development builds. Also, if you haven't seen it this page is an easy way to 
keep up
with the dev. build process:

http://code.google.com/p/connectbot/updates/list

Original comment by mco...@gmail.com on 30 Oct 2008 at 1:11

[GoogleCodeExporter]

I'm going to wait for this to be complete to release 1.2

Original comment by kenny@the-b.org on 31 Oct 2008 at 9:42

• Changed title: Public key authentication
• Added labels: Milestone-Release1.2

[GoogleCodeExporter]

I added support for password-protected pubkeys in SVN r102

Original comment by kenny@the-b.org on 1 Nov 2008 at 9:46

[GoogleCodeExporter]

latest svn now has support for importing existing keys from /sdcard, which 
includes
any openssh-formatted keys (with or without passphrases).  format similar to:

-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,0000000000000000

OhHaiImRand0mBase64T3xt...

-----END RSA PRIVATE KEY-----

Original comment by Jeffrey.Sharkey on 3 Nov 2008 at 3:23

[GoogleCodeExporter]

I'm considering pubkey authentication complete. Any defects should be opened up 
as a
new issue. Thanks for the import function, Jeffrey.

Original comment by kenny@the-b.org on 3 Nov 2008 at 4:06

• Changed state: Fixed

[GoogleCodeExporter]

This works, but the current language is slightly confusing.  When there are no 
keys,
it says "Tap Menu to create or import public keys."  However, what you are 
really
doing is creating key pairs or importing your _private_ keys.

Original comment by sjschul...@gmail.com on 10 Nov 2008 at 3:47

[GoogleCodeExporter]

Oh, also... when the sd card is not available (not inserted or currently 
mounted by
computer), you get the "pick from sdcard" dialog with nothing listed.  Ideally 
it
would tell you that the sdcard is not available (otherwise this dialog is kinda
confusing).

Original comment by sjschul...@gmail.com on 10 Nov 2008 at 3:48

[GoogleCodeExporter]

And one more note, the file list from the sdcard is in no discernible order.  
It'd be
great if it were alphabetical.

Original comment by sjschul...@gmail.com on 10 Nov 2008 at 3:49

[GoogleCodeExporter]

Hi folks 

I may be extremely dense, but could anyone point me to where and how one can 
mount
/sdcard. It definitely is neither mounted nor available on my htc magic. 

Also it would be extremely helpful if the accepted import format for rsa 
private keys
could be defined somewhere. 

Where is the pubic key exported to and how can it be copied to the target 
machine.
Basically I would expect it to be stored somewherre on the sdcard and accessible
through all normal usb mass storage operation, but then...

Original comment by grouc...@gmail.com on 6 Nov 2009 at 8:48

[GoogleCodeExporter]

I made a video tutorial on how to use pubkey authentication. That and other 
videos
can be reached at http://code.google.com/p/connectbot/wiki/UserInterface

There's not a way to export the pubkey to the SD card, but there is a ticket 
open for
that. Right now it just copies it to the clipboard for pasting in another 
application.

Original comment by kenny@the-b.org on 6 Nov 2009 at 1:45

[GoogleCodeExporter]

I'd love to have it be able to read from any folder in the SD card. Only after I
found this ticket was I able to get my private key imported, and I use SSH 
literally
hundreds of times a day, with multiple private keys, on multiple operating 
systems.

Original comment by Martin.B...@gmail.com on 11 Nov 2009 at 4:36

[GoogleCodeExporter]

I am going to make a quick post explaining how to import your private key 
because this was not obvious to me.

1 - Plug in your phone
2 - Go to the status menu pulldown on the home screen and click something like 
"USB Connected" from the menu
3 - Click MOUNT
4 - Go to My Computer (if you are using Windows) and double click the new drive 
letter which should be your SD Card.   If you are using Linux then mount the 
new drive (in KDE you click on the USB notification on the bottom right then 
open it with Nautilus). 
5 - Copy your private key to the root of the SD card (don't put it in a folder 
or you cannot import it into ConnectBot).
6 - Unmount the folder on Linux.  If you are using Windows then double click 
the Safely Remove Device icon on the bottom right hand corner of your screen.   
(If not sure how to navigate the complicated device removal wizard then convert 
to Ubuntu because it is easier.)
7 - Go back to your phone, go back to the status drag-down menu, click Turn Off 
USB Storage, click TurnOff
8 - Launch ConnectBot
9 - Click MENU -> Manage Public Keys -> Click the MENU key again -> Click IMPORT
10 - You should see your private key in the list.  Click on it to import it.
11 - You should now see your private key in the list of available keys.   You 
have to unlock the key by clicking on the red lock once and you may have to 
enter your key's passphrase/passcode.  Once loaded your "lock" should turn 
green and look like an open padlock.  You can also automatically load the key 
by pressing and holding your finger on the key until the menu appears.  Check 
"Load key on start".

I hope this helps someone. 

Original comment by dogatemy...@gmail.com on 2 Sep 2010 at 2:50

[GoogleCodeExporter]

Regarding importing public/private keys -- I put my keys into the root of my 
sdcard and connectbot didn't see them.  After many different changes which I 
won't bore you with, I found another post which said to connect via the local 
command-line.  

I ended up copying my .ssh folder from my desktop and placing it onto my sdcard 
(as 'ssh' not '.ssh').  Then from connectbot's "local" shell:
cd /sdcard
cp ssh/id* .

At this point the permissions were automatically set to something connectbot 
could see.  Maybe because I don't have root on this device? After reading in 
the keys with connectbot I deleted them from the sdcard. 

Original comment by adrian.d...@gmail.com on 13 Apr 2011 at 7:37