Support for adding keys is missing

[hugoduncan]

Would it be possible to add support for adding keys to the agent?

I believe the SSH2_AGENTC_ADD_IDENTITY protocol message would be required, but have no idea how widely supported that is outside of openssh.

[ymnk]

JSch 0.1.49 has the following method,

  KeyPair#forSSHAgent()

, and you can use it to add keys to the agent.

For example, ....

   AgentProxy ap = new AgentProxy(new PageantConnector());

   KeyPair kpair = KeyPair.load(jsch, "id_rsa");
   byte[] key = kpair.forSSHAgent();
   ap.addIdentity(key);

   kpair = KeyPair.load(jsch, "id_rsa.ppk");
   key = kpair.forSSHAgent();
   ap.addIdentity(key);

Please try it.

[hugoduncan]

Thanks! This seems to be working.

I had to use reflection to be able to call JSch#getIdentityRepository, and then call IdentityRepository#add.

When listing the added key with ssh-add -l the key comment is shown, rather than the path to the key (which would be shown if the key were added with ssh-add -K path_to_key.

[ymnk]

I had to use reflection to be able to call JSch#getIdentityRepository, and then call IdentityRepository#add.

JSch#addIdentity() method support the key encoded for ssh-agent,

KeyPair kpair = KeyPair.load(jsch, "id_rsa");
byte[] key = kpair.forSSHAgent();
jsch.addIdentity("John Doe", key, null, null)

, which will invoke JSch#getIdentityRepository, and then IdentityRepository#add, internally. Is it not enough?

[ymnk]

When listing the added key with ssh-add -l the key comment is shown, rather than the path to the key (which would be shown if the key were added with ssh-add -K path_to_key.

I don't know about the option "-K" for ssh-add. Do you have a pointer for it in on the web?

[hugoduncan]

It adds a key permanently - I think this may be OSX specific. The same thing happens with a plain ssh-add path_to_key.

[hugoduncan]

On a related note, com.jcraft.jsch.KeyPairRSA#forSSHAgent seems to throw when passed a key with passphrase, and I don't see any way of providing the passphrase. to KeyPair.

[hugoduncan]

In JSch#addIdentity(), there is an explicit type check for LocalIdentityRepository, and it does nothing for RemoteIdentityRepository,

[ymnk]

It adds a key permanently - I think this may be OSX specific. The same thing happens with a plain ssh-add path_to_key.

If you prefer a path-name to its comment, you can use KeyPair#setPublicKeyComment(),

KeyPair kpair = KeyPair.load(jsch, "id_rsa");
kpair.setPublicKeyComment("path name of id_rsa");

[ymnk]

On a related note, com.jcraft.jsch.KeyPairRSA#forSSHAgent seems to throw when passed a key with passphrase, and I don't see any way of providing the passphrase. to KeyPair.

KeyPair kpair = KeyPair.load(jsch, "id_rsa");
kpair.decrypt("passphrase")
if(!kpair.isEncrypted())
  System.out.println(kpair.forSSHAgent()));

KeyPair#setPassphrase() was introduced to generate a cyphered private key file. It should be deprecated, and KeyPair#writePrivateKey() method should accept a passphrase as an argument.

[ymnk]

In JSch#addIdentity(), there is an explicit type check for LocalIdentityRepository, and it does nothing for RemoteIdentityRepository,

You are right. That is my fault. TODO has still existed. In the next release, it will be implemented, and JSch#getIdentityRepository() method will become public to allow users to list identities.

[ymnk]

We have improved code related to IdentityRepository in jsch 0.1.50. Could you try it. At least, JSch#addIdentity() will work for your requirement.

[ymnk]

Re-open this issue if it is required.

[kwin]

Just calling JSch#addIdentity() works indeed fine with jsch 0.1.51. The problem now is, that it will always ask for the passphrase if I call that method. How do I find out whether I need to provide a new identity or whether ssh-agent already has an identity which I could just use in my code?