-
-
Notifications
You must be signed in to change notification settings - Fork 931
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Agent auth and Keygen #794
Conversation
be269df
to
ce48377
Compare
d1a1cd5
to
f7fad26
Compare
Hey @drieseng, Would be awesome if you could take a look here. A merge and release of SSH.NET would allow me to finalize my planned SSH.NET Extensions.
Thanks in advance |
src/Renci.SshNet/Security/Cryptography/EcdsaDigitalSignature.cs
Outdated
Show resolved
Hide resolved
Apart from minor conditionals change (see above) this code looks great to me. Edit: |
Can't see any conflict.
This extension uses the same interface: https://github.com/darinkes/SshNet.Agent (Includes SSH-Agent und Pageant) |
Great! Can you please change the |
I actually think it should be an extra issue and PR. Or is there a reason we need it now? |
With the current condition, the implementation of |
@drieseng can you please have a look at this PR? It provides a great extensibility point and would either close or support closing many issues. |
@IgorMilavec I'll try to find time for this sometime this week. Sorry for the lag. |
src/Renci.SshNet/Security/Cryptography/EcdsaDigitalSignature.cs
Outdated
Show resolved
Hide resolved
src/Renci.SshNet/PrivateKeyFile.cs
Outdated
@@ -63,7 +63,7 @@ namespace Renci.SshNet | |||
/// </list> | |||
/// </para> | |||
/// </remarks> | |||
public class PrivateKeyFile : IDisposable | |||
public class PrivateKeyFile : IPrivateKeyFile, IDisposable |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we want to make this one sealed to allow the JIT to devirtualize calls?
Not a big deal.
src/Renci.SshNet/IPrivateKeyFile.cs
Outdated
/// <summary> | ||
/// Represents private key file interface. | ||
/// </summary> | ||
public interface IPrivateKeyFile |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There's nothing file-related in this interface. Do we want to extend it with file related properties or methods, or change the name of the interface?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
maybe IPrivateKeySource?
So you can add your own Key-Classes to SSH.NET Add ED25519 ctor for just pub key part.
You cant export imported CngKeys. To be able to export them to agent or Key-Files make the private bits also accessible.
So Extension can add own PrivateKeyFiles, e.g. PuttyKeyFile.
@darinkes Thanks! |
@drieseng also thanks! I will update my extensions ASAP :) |
* Allow to set PrivateKeyFile Key directly So you can add your own Key-Classes to SSH.NET * Add ED25519 ctor for just pub key part. * Make ECDSA Key Bits accessible You cant export imported CngKeys. To be able to export them to agent or Key-Files make the private bits also accessible. * Better NETFRAMEWORK vs NETSTANDARD handling * Add Comment Property to Key * Add IPrivateKeySource So Extension can add own PrivateKeyFiles, e.g. PuttyKeyFile.
* Assets/logos (#782) * Added logo assets * Added PNG 1260x640 with white border Co-authored-by: 103filgualan <[email protected]> * OPENSSH KeyReader for more keys (#614) * OPENSSH KeyReader for more keys Add support to parse OpenSSH Keys with ECDSA 256/384/521 and RSA. https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.key Change-Id: Iaa9cce0f2522e5fee377a82cb252f81f0b7cc563 * Fix ED25519Key KeyLength * Fix ED25519 PubKey-auth LeadingZeros of BigInteger-Conversion have to be removed before sending the Key. * Add interface to SftpFile #120 (#812) * Create ISftpFile interface. SftpFile sealed. Return ISftpFile from SftpClient instead of SftpFile. Make ISftpClient interface disposable. Co-authored-by: Wojciech Swieboda <[email protected]> * Start MessageListener with ThreadAbstraction.ExecuteThreadLongRunning (#902) * Fix Thread pool exhaustion due to MessageListener running on ThreadPool * Mark long running thread as background * Add async support to SftpClient and SftpFileStream (#819) * Add FEATURE_TAP and net472 target * Add TAP async support to SftpClient and SftpFileStream * Add async support to DnsAbstraction and SocketAbstraction * Add async support to *Connector and refactor the hierarchy * Add ConnectAsync to BaseClient * Add CODEOWNERS file. * Fix virus false-positive by Defender on Renci.SSHNet.Tests.dll (#867) Co-authored-by: Pedro Fonseca <[email protected]> * Add unit tests for task-based asynchronous API (#906) * Fix runtime and culture dependant tests. * Set C# 7.3 in Tests.csproj to limit intellisense's suggestions under different targets * Add SftpClientTest.*Async * Add SftpFileStreamTest_OpenAsync_* * Add SftpFileStreamTest_WriteAsync_* * Add SftpFileStreamTest_ReadAsync_* * Align AppVeyor script with Test project target frameworks * correct 'Documenation' to 'Documentation' (#838) in the documentation's window title * Agent auth and Keygen (#794) * Allow to set PrivateKeyFile Key directly So you can add your own Key-Classes to SSH.NET * Add ED25519 ctor for just pub key part. * Make ECDSA Key Bits accessible You cant export imported CngKeys. To be able to export them to agent or Key-Files make the private bits also accessible. * Better NETFRAMEWORK vs NETSTANDARD handling * Add Comment Property to Key * Add IPrivateKeySource So Extension can add own PrivateKeyFiles, e.g. PuttyKeyFile. * Use cryptographically secure random number generator. Fixes CVE-2022-29245. * Remove unused import. * Add IBaseClient for BaseClient and ISftpClient to inherit from (#975) Add IBaseClient for BaseClient and ISftpClient to inherit from * fix typo (#999) * Fix Seek Operations in SftpFileStream (#910) * Fix offset operations in SftpFileStream.Seek * Fix seek exception message and add default case for invalid seek origin * Use named params when throwing ArgumentException * Add tests for seeking from end of file * Add back copyright to license. (#1060) Fixes #1059. * Removing old target frameworks (#1109) Remove support for legacy / deprecated target frameworks while adding support for .NET 6.0 (and higher). The supported target frameworks are now: * .NETFramework 4.6.2 (and higher) * .NET Standard 2.0 * .NET 6.0 (and higher) * Remove old features [Part 1] (#1117) Remove obsolete feature switches (now that we've remove support for legacy target frameworks) and remove corresponding conditional code. * Remove FEATURE_DIRECTORYINFO_ENUMERATEFILES (#1119) * Remove FEATURE_DIRECTORYINFO_ENUMERATEFILES * Add exception documentation * Fix some (lots of) issues reported by analyzers. (#1125) Fix some (lots of) issues reported by analyzers. * Round 2 of analyzer fixes and general cleanup. (#1132) * Analyzer fixes round 3. (#1135) * Replace Array<T>.Empty with Array.Empty<T>() (#1137) * Replace IsNullOrWhiteSpace extension (#1142) * Use License Expression for NuGet Package licenseUrl is deprecated, see NuGet/Announcements#32 * Integration tests * Remove todos * Update CODEOWNERS * Use correct SSH.NET * ListDirectoryAsync return IAsyncEnumerable (#1126) * ListDirectoryAsync return IAsyncEnumerable * Fix documentation * Update README.md * Fix * Add Sftp ListDirectoryAsync test * Revert * Integration tests for ListDirectoryAsync with IAsyncEnumerable * Fix the assembly resolution build warning (#1165) * Delete performance/longrunning tests (#1143) Co-authored-by: Wojciech Nagórski <[email protected]> * Move Integration tests (#1173) * Renci.SshNet.IntegrationTests * Renci.SshNet.TestTools.OpenSSH * Move integration tests to main repo * Move old tests to new integration tests * Move old integration tests to new integration tests * Move more tests * Move authentication tests * Move SshClientTests * Fix some tests * Remove duplicated test * Poc of ProcessDisruptor * Rename * Some fixes * Remove performance tests * Small improvements * Add a benchmarks project (#1151) * Add a benchmarks project * Small improvements --------- Co-authored-by: Wojciech Nagórski <[email protected]> * Use ExceptionDispatchInfo to retain call stack in Session.WaitOnHandle() (#936) * Use ExceptionDispatchInfo to retain call stack in Session.WaitOnHandle() * merge * Update src/Renci.SshNet/Session.cs Co-authored-by: Rob Hague <[email protected]> --------- Co-authored-by: Wojciech Nagórski <[email protected]> Co-authored-by: Rob Hague <[email protected]> * Support SHA256 fingerprints for host key validation (#1098) * Add tests for HostKeyEventArgs * Add SHA256 fingerprint support * Add support for RSA SHA-2 public key algorithms (#1177) * Abstract out the hash algorithm from RsaDigitalSignature * Add integration tests * Add DigitalSignature property to KeyHostAlgorithm * Add IHostAlgorithmsProvider interface * Verify the host signature * Fix HostKeyEventArgsTest after merge * Remove PubkeyAcceptedAlgorithms ssh-rsa * Add test coverage for RSA keys in PrivateKeyFile * Obsolete IPrivateKeySource --------- Co-authored-by: Wojciech Nagórski <[email protected]> * Improvements after #1177 (#1180) * Use ExceptionDispatchInfo in more places (#1182) Co-authored-by: Wojciech Nagórski <[email protected]> * Try to "fix" the flaky test (#1185) * Enable DSA tests (#1181) Co-authored-by: Wojciech Nagórski <[email protected]> * FingerPrints (#1186) * Use OS-agnostic socket error codes to allow tests run on different OSes (#1179) SocketErrorCode is OS agnostic, ErrorCode is OS specific. On Windows ErrorCode = (int) SocketErrorCode, but on Mac and Unix it is not. For example ExitCode for HostNotFound (11001) on Windows is 11001, on Mac & Unix is -131073. So testing for ExitCode == 11001 fails on Mac & Unix. Co-authored-by: Wojciech Nagórski <[email protected]> * Fix for channel session semaphore from thread blocking (#1071) * Merging fix from @clivetong into our own SSH.NET fork - The following article describes some of the issues with the double check lock that we have seen issues with: https://www.sudhanshutheone.com/posts/double-check-lock-csharp * Merging fix from @clivetong into our own SSH.NET fork - The following article describes some of the issues with the double check lock that we have seen issues with: https://www.sudhanshutheone.com/posts/double-check-lock-csharp * Update Channel to fix AppVeyor failure (field should be readonly) * Update ISftpClient for #120 (#1193) * Implement set last write and access time (#1194) * Add/migrate hmac+cipher integration tests (#1189) * Add/migrate hmac+cipher integration tests * fix integration tests --------- Co-authored-by: Wojciech Nagórski <[email protected]> * Update tests for SetLastAccessTime(Utc) to also verify the time component and the Kind of the DateTime value returned by GetLastAccessTime(Utc). (#1198) --------- Co-authored-by: Filippo Gualandi <[email protected]> Co-authored-by: 103filgualan <[email protected]> Co-authored-by: Stefan Rinkes <[email protected]> Co-authored-by: wxtsxt <[email protected]> Co-authored-by: Wojciech Swieboda <[email protected]> Co-authored-by: Igor Milavec <[email protected]> Co-authored-by: drieseng <[email protected]> Co-authored-by: Pedro Fonseca <[email protected]> Co-authored-by: Pedro Fonseca <[email protected]> Co-authored-by: Maximiliano Jabase <[email protected]> Co-authored-by: Owen Krueger <[email protected]> Co-authored-by: Masuri <[email protected]> Co-authored-by: LemonPi314 <[email protected]> Co-authored-by: Gert Driesen <[email protected]> Co-authored-by: Rob Hague <[email protected]> Co-authored-by: Rob Hague <[email protected]> Co-authored-by: Marius Thesing <[email protected]> Co-authored-by: Dāvis Mošenkovs <[email protected]> Co-authored-by: Dmitry Tsarevich <[email protected]> Co-authored-by: Patrick Yates <[email protected]>
Version 2023.0.0 has been published https://www.nuget.org/packages/SSH.NET/2023.0.0 |
@darinkes am I missing something? I installed 2023.0 into my project, and I am trying to figure out how to use Pageant - the instructions at https://github.com/darinkes/SshNet.Agent don't work on 2023.0.0 as the Pageant class apparently does not exist... Thanks |
@stevesobol This PR adds the IPrivateKey hooks into SSH.Net, but the Pageant class is added by the SshNet.Agent code, not this one. You just need to compile SshNet.Agent with the latest SSH.Net as a reference. |
Thanks. Since (theoretically) there's no need to build @darinkes 's forked copy of SSH.NET anymore, I removed the Git submodule, removed the reference to said submodule from SshNet.agent's csproj file, and installed SSH.NET 2023.0.0 using Nuget. I'm seeing
and failure to find a bunch of classes that should be provided by the Nuget package. If it matters, I'm on Windows 10, but I am not using Visual Studio; I'm using JetBrains Rider. |
@stevesobol I updated the repo and reenabled the build, now using the official SSH.NET release version. You should open issues on the SshNet.Agent github project. |
* Release 2023.0.0 (#1201) * Assets/logos (#782) * Added logo assets * Added PNG 1260x640 with white border Co-authored-by: 103filgualan <[email protected]> * OPENSSH KeyReader for more keys (#614) * OPENSSH KeyReader for more keys Add support to parse OpenSSH Keys with ECDSA 256/384/521 and RSA. https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.key Change-Id: Iaa9cce0f2522e5fee377a82cb252f81f0b7cc563 * Fix ED25519Key KeyLength * Fix ED25519 PubKey-auth LeadingZeros of BigInteger-Conversion have to be removed before sending the Key. * Add interface to SftpFile #120 (#812) * Create ISftpFile interface. SftpFile sealed. Return ISftpFile from SftpClient instead of SftpFile. Make ISftpClient interface disposable. Co-authored-by: Wojciech Swieboda <[email protected]> * Start MessageListener with ThreadAbstraction.ExecuteThreadLongRunning (#902) * Fix Thread pool exhaustion due to MessageListener running on ThreadPool * Mark long running thread as background * Add async support to SftpClient and SftpFileStream (#819) * Add FEATURE_TAP and net472 target * Add TAP async support to SftpClient and SftpFileStream * Add async support to DnsAbstraction and SocketAbstraction * Add async support to *Connector and refactor the hierarchy * Add ConnectAsync to BaseClient * Add CODEOWNERS file. * Fix virus false-positive by Defender on Renci.SSHNet.Tests.dll (#867) Co-authored-by: Pedro Fonseca <[email protected]> * Add unit tests for task-based asynchronous API (#906) * Fix runtime and culture dependant tests. * Set C# 7.3 in Tests.csproj to limit intellisense's suggestions under different targets * Add SftpClientTest.*Async * Add SftpFileStreamTest_OpenAsync_* * Add SftpFileStreamTest_WriteAsync_* * Add SftpFileStreamTest_ReadAsync_* * Align AppVeyor script with Test project target frameworks * correct 'Documenation' to 'Documentation' (#838) in the documentation's window title * Agent auth and Keygen (#794) * Allow to set PrivateKeyFile Key directly So you can add your own Key-Classes to SSH.NET * Add ED25519 ctor for just pub key part. * Make ECDSA Key Bits accessible You cant export imported CngKeys. To be able to export them to agent or Key-Files make the private bits also accessible. * Better NETFRAMEWORK vs NETSTANDARD handling * Add Comment Property to Key * Add IPrivateKeySource So Extension can add own PrivateKeyFiles, e.g. PuttyKeyFile. * Use cryptographically secure random number generator. Fixes CVE-2022-29245. * Remove unused import. * Add IBaseClient for BaseClient and ISftpClient to inherit from (#975) Add IBaseClient for BaseClient and ISftpClient to inherit from * fix typo (#999) * Fix Seek Operations in SftpFileStream (#910) * Fix offset operations in SftpFileStream.Seek * Fix seek exception message and add default case for invalid seek origin * Use named params when throwing ArgumentException * Add tests for seeking from end of file * Add back copyright to license. (#1060) Fixes #1059. * Removing old target frameworks (#1109) Remove support for legacy / deprecated target frameworks while adding support for .NET 6.0 (and higher). The supported target frameworks are now: * .NETFramework 4.6.2 (and higher) * .NET Standard 2.0 * .NET 6.0 (and higher) * Remove old features [Part 1] (#1117) Remove obsolete feature switches (now that we've remove support for legacy target frameworks) and remove corresponding conditional code. * Remove FEATURE_DIRECTORYINFO_ENUMERATEFILES (#1119) * Remove FEATURE_DIRECTORYINFO_ENUMERATEFILES * Add exception documentation * Fix some (lots of) issues reported by analyzers. (#1125) Fix some (lots of) issues reported by analyzers. * Round 2 of analyzer fixes and general cleanup. (#1132) * Analyzer fixes round 3. (#1135) * Replace Array<T>.Empty with Array.Empty<T>() (#1137) * Replace IsNullOrWhiteSpace extension (#1142) * Use License Expression for NuGet Package licenseUrl is deprecated, see NuGet/Announcements#32 * Integration tests * Remove todos * Update CODEOWNERS * Use correct SSH.NET * ListDirectoryAsync return IAsyncEnumerable (#1126) * ListDirectoryAsync return IAsyncEnumerable * Fix documentation * Update README.md * Fix * Add Sftp ListDirectoryAsync test * Revert * Integration tests for ListDirectoryAsync with IAsyncEnumerable * Fix the assembly resolution build warning (#1165) * Delete performance/longrunning tests (#1143) Co-authored-by: Wojciech Nagórski <[email protected]> * Move Integration tests (#1173) * Renci.SshNet.IntegrationTests * Renci.SshNet.TestTools.OpenSSH * Move integration tests to main repo * Move old tests to new integration tests * Move old integration tests to new integration tests * Move more tests * Move authentication tests * Move SshClientTests * Fix some tests * Remove duplicated test * Poc of ProcessDisruptor * Rename * Some fixes * Remove performance tests * Small improvements * Add a benchmarks project (#1151) * Add a benchmarks project * Small improvements --------- Co-authored-by: Wojciech Nagórski <[email protected]> * Use ExceptionDispatchInfo to retain call stack in Session.WaitOnHandle() (#936) * Use ExceptionDispatchInfo to retain call stack in Session.WaitOnHandle() * merge * Update src/Renci.SshNet/Session.cs Co-authored-by: Rob Hague <[email protected]> --------- Co-authored-by: Wojciech Nagórski <[email protected]> Co-authored-by: Rob Hague <[email protected]> * Support SHA256 fingerprints for host key validation (#1098) * Add tests for HostKeyEventArgs * Add SHA256 fingerprint support * Add support for RSA SHA-2 public key algorithms (#1177) * Abstract out the hash algorithm from RsaDigitalSignature * Add integration tests * Add DigitalSignature property to KeyHostAlgorithm * Add IHostAlgorithmsProvider interface * Verify the host signature * Fix HostKeyEventArgsTest after merge * Remove PubkeyAcceptedAlgorithms ssh-rsa * Add test coverage for RSA keys in PrivateKeyFile * Obsolete IPrivateKeySource --------- Co-authored-by: Wojciech Nagórski <[email protected]> * Improvements after #1177 (#1180) * Use ExceptionDispatchInfo in more places (#1182) Co-authored-by: Wojciech Nagórski <[email protected]> * Try to "fix" the flaky test (#1185) * Enable DSA tests (#1181) Co-authored-by: Wojciech Nagórski <[email protected]> * FingerPrints (#1186) * Use OS-agnostic socket error codes to allow tests run on different OSes (#1179) SocketErrorCode is OS agnostic, ErrorCode is OS specific. On Windows ErrorCode = (int) SocketErrorCode, but on Mac and Unix it is not. For example ExitCode for HostNotFound (11001) on Windows is 11001, on Mac & Unix is -131073. So testing for ExitCode == 11001 fails on Mac & Unix. Co-authored-by: Wojciech Nagórski <[email protected]> * Fix for channel session semaphore from thread blocking (#1071) * Merging fix from @clivetong into our own SSH.NET fork - The following article describes some of the issues with the double check lock that we have seen issues with: https://www.sudhanshutheone.com/posts/double-check-lock-csharp * Merging fix from @clivetong into our own SSH.NET fork - The following article describes some of the issues with the double check lock that we have seen issues with: https://www.sudhanshutheone.com/posts/double-check-lock-csharp * Update Channel to fix AppVeyor failure (field should be readonly) * Update ISftpClient for #120 (#1193) * Implement set last write and access time (#1194) * Add/migrate hmac+cipher integration tests (#1189) * Add/migrate hmac+cipher integration tests * fix integration tests --------- Co-authored-by: Wojciech Nagórski <[email protected]> * Update tests for SetLastAccessTime(Utc) to also verify the time component and the Kind of the DateTime value returned by GetLastAccessTime(Utc). (#1198) --------- Co-authored-by: Filippo Gualandi <[email protected]> Co-authored-by: 103filgualan <[email protected]> Co-authored-by: Stefan Rinkes <[email protected]> Co-authored-by: wxtsxt <[email protected]> Co-authored-by: Wojciech Swieboda <[email protected]> Co-authored-by: Igor Milavec <[email protected]> Co-authored-by: drieseng <[email protected]> Co-authored-by: Pedro Fonseca <[email protected]> Co-authored-by: Pedro Fonseca <[email protected]> Co-authored-by: Maximiliano Jabase <[email protected]> Co-authored-by: Owen Krueger <[email protected]> Co-authored-by: Masuri <[email protected]> Co-authored-by: LemonPi314 <[email protected]> Co-authored-by: Gert Driesen <[email protected]> Co-authored-by: Rob Hague <[email protected]> Co-authored-by: Rob Hague <[email protected]> Co-authored-by: Marius Thesing <[email protected]> Co-authored-by: Dāvis Mošenkovs <[email protected]> Co-authored-by: Dmitry Tsarevich <[email protected]> Co-authored-by: Patrick Yates <[email protected]> * Remove code examples --------- Co-authored-by: Filippo Gualandi <[email protected]> Co-authored-by: 103filgualan <[email protected]> Co-authored-by: Stefan Rinkes <[email protected]> Co-authored-by: wxtsxt <[email protected]> Co-authored-by: Wojciech Swieboda <[email protected]> Co-authored-by: Igor Milavec <[email protected]> Co-authored-by: drieseng <[email protected]> Co-authored-by: Pedro Fonseca <[email protected]> Co-authored-by: Pedro Fonseca <[email protected]> Co-authored-by: Maximiliano Jabase <[email protected]> Co-authored-by: Owen Krueger <[email protected]> Co-authored-by: Masuri <[email protected]> Co-authored-by: LemonPi314 <[email protected]> Co-authored-by: Gert Driesen <[email protected]> Co-authored-by: Rob Hague <[email protected]> Co-authored-by: Rob Hague <[email protected]> Co-authored-by: Marius Thesing <[email protected]> Co-authored-by: Dāvis Mošenkovs <[email protected]> Co-authored-by: Dmitry Tsarevich <[email protected]> Co-authored-by: Patrick Yates <[email protected]>
Its based on the openssh_format_rsa branch, so ignore the first three commits.
"Allow to set PrivateKeyFile Key directly" and "Make ECDSA Key Bits accessible" Commits are needed for the WIP SSH.NET Extensions https://github.com/darinkes/SshNet.Keygen and https://github.com/darinkes/SshNet.Agent.
"Enable netstandard2.1 build" is a build fix, which respect netstandard versions newer than 2.0 for ECDSA Keys