Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Consider support for ed25519 keys #60

Closed
panchoh opened this issue Jul 1, 2016 · 14 comments
Closed

Consider support for ed25519 keys #60

panchoh opened this issue Jul 1, 2016 · 14 comments
Labels
feature Feature requested by users ssh SSH connection issues
Projects
Blink Shell
Milestone
Backlog

Comments

@panchoh
Copy link
Contributor

panchoh commented Jul 1, 2016
edited

Hi!

It would be awesome if you would support using and generating ed25519 keys (in addition or even replacing rsa keys), since all major linux distributions, as well as macOS now support them.

See https://ed25519.cr.yp.to/ as well as http://security.stackexchange.com/questions/50878/ecdsa-vs-ecdh-vs-ed25519-vs-curve25519 for more info.

Ah, in order to generate one, just do: ssh-keygen -t ed25519

Thanks!
@carloscabanero
Copy link
Member

Unfortunately it isn't that easy. We are using libssh2 under the hood, and they do not have support for ecdsa keys yet. I think they might add it at some point or I will just get someone to do it ;)

@carloscabanero
Copy link
Member

libssh2/libssh2#39 yeah buddy lightweight

@agh
Copy link

agh commented Nov 14, 2016

With the following /etc/sshd_config you're unable to login with Blink -

KexAlgorithms curve25519-sha256@libssh.org
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com

There's a workaround in adding diffie-hellman-group-exchange-sha256 to KexAlgorithms, however, this is not free because you should likely regenerate DH moduli.

# DH Moduli
# Note: This takes around 30 minutes and cannot be disabled without also removing
#       DH Group 5 (diffie-hellman-group-exchange-sha256) from sshd_config KexAlgorithms.
if grep -q "diffie-hellman-group-exchange-sha256" /etc/ssh/sshd_config;
then
  ssh-keygen -G /etc/ssh/moduli.all -b 4096
  ssh-keygen -T /etc/ssh/moduli.safe -f /etc/ssh/moduli.all
  mv /etc/ssh/moduli.safe /etc/ssh/moduli
  rm /etc/ssh/moduli.all
fi

This is computationally expensive to undertake, it'd be great to have Blink be able to connect to systems using ECC if possible. Not sure when it'll land in libssh2, your linked issue is interesting.

@agh agh mentioned this issue Nov 14, 2016
Closed
@dch
Copy link

dch commented Nov 14, 2016

I'd contribute $$ for ed25519 support.

@carloscabanero
Copy link
Member

carloscabanero commented Nov 14, 2016
edited

I'm currently working on #59 (Persistent Connections) and was planning to jump on this right after completed.

We can prioritise it by hiring someone to start working on it. I wanna reach out to a few developers that I have seen from the libssh2 repo, but if you know someone who might be able to do it, just let me know :)

@carloscabanero carloscabanero mentioned this issue Nov 14, 2016
Closed
@o-be-one
Copy link

Hello,

my company use ed25519 too and we will be really happy if Buddy can support it.
More and more people will use it ...

Can't wait to be able to use this crypto with Buddy ;).

@carloscabanero
Copy link
Member

An update on the state of things. I discussed with a lawyer and it seems that we are on solid ground if we are able to move to libssh: we are open source, and the additional restrictions clause wouldn't apply on this case. This would bring ed25519 a lot more useful features too, as they are usually more up to date. We are also exploring PuTTY as there is apparently another branch with support for ed25519, and also they are more up to date with new features.

Any ideas, suggestions or just cheering appreciated :)

@hryamzik hryamzik mentioned this issue Apr 8, 2017
Closed
@goerz goerz mentioned this issue Apr 15, 2017
Closed
@ls-jingbo-jin
Copy link

ls-jingbo-jin commented Jul 27, 2017
edited

Another ios app already support ed25519, it called Lterminal:
https://appsto.re/au/3Gtihb.i

Terrible UI/UX, however the only one at the moment supports ed25519.
I would like to pay double if blink shell support ed25519.

@carloscabanero
Copy link
Member

Great news, libssh2 now supports ed25519 and ECDSA! Time to revisit ;)

@carloscabanero carloscabanero added feature Feature requested by users and removed icebox labels Oct 3, 2017
@carloscabanero carloscabanero added this to the Backlog milestone Oct 3, 2017
@panchoh
Copy link
Contributor Author

panchoh commented Oct 3, 2017

Wonderful! \o/

@carloscabanero carloscabanero added the WIP Work In Progress label Oct 10, 2017
@carloscabanero
Copy link
Member

Complete change of plans, but great news!

I didn't want us to be behind again, and not using the fact that we are open source and can leverage a ton more libraries was weird. So we are moving to libssh!

I've successfully compiled it and have it running for iOS. I'm migrating our ssh client, and key generation code. libssh has a few more advantages for us than libssh2:

  • We will simplify all the code to generate and use keys.
  • Keep all the protocols more up to date with OpenSSH (ed25519 supported since 2015).
  • Using the "connectors/events" API will simplify things like port forwarding, etc...

The change is easy as our client isn't very complex, and the APIs for libssh are really well done. I will keep you posted!

@dch
Copy link

dch commented Oct 18, 2017

great news, this is the main reason I supported blink. Happy to beta test if needed! see my github profile for email.

@ghost
Copy link

ghost commented Nov 1, 2017

👍 Looking forward to this feature. :)
I came here because I was wondering how to add ed25519 keys in Blink. BTW thank you for your great work.

@ghost ghost mentioned this issue Nov 9, 2017
Closed
@carloscabanero carloscabanero mentioned this issue Jan 9, 2018
Closed
@carloscabanero carloscabanero added the ssh SSH connection issues label Jan 9, 2018
@jakimfett
Copy link

jakimfett commented Jan 26, 2018
edited

Just picked up Blink for iOS. Would be willing to throw an additional $20 into the pot towards getting this feature added.

Is there a recommended place to start a bug bounty for Blink, or should I do some research and decide on one myself?

@carloscabanero carloscabanero removed the WIP Work In Progress label Jun 1, 2018
@carloscabanero carloscabanero added this to Backlog in Blink Shell Jun 1, 2018
yury added a commit that referenced this issue Aug 10, 2018
@yury
Add support for openssh ed25519 keys. Refs #60
49da67c
@yury yury added the WIP Work In Progress label Aug 10, 2018
yury added a commit that referenced this issue Aug 10, 2018
@yury
Reimplement keys flow. Added ECDSA and Ed25519 keys generation. Refs #…
69c12cf 
…413, #60, #388
@yury yury moved this from Backlog to Done in Blink Shell Sep 5, 2018
@yury yury added RTT Ready to test on Test Flight and removed WIP Work In Progress labels Sep 16, 2018
@yury yury removed the RTT Ready to test on Test Flight label Jan 11, 2019
@yury yury closed this as completed Jan 11, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature Feature requested by users ssh SSH connection issues
Projects
No open projects
Blink Shell
Done
Milestone
Backlog
Development

No branches or pull requests
8 participants
@yury @dch @agh @panchoh @carloscabanero @jakimfett @o-be-one @ls-jingbo-jin