New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow other Android Apps to use ConnectBot as an ssh-agent #13
Conversation
…evice Got over the TerminalManager binding race-condition by adding some possibly ill-advised Locking with a capital 'L' Extracting & adding the AndroidAuthAgent.java source file into ConnectBot - just adding the ssh-agent jar to the eclipse project as a jar didn't work, failed on compile, couldn't find it
…ilure If an external program suffers an SSH Auth fail when performing a an ssh op, it's nice to be able to point the user to their keys so that they unlock the required key.
Sounds like a great idea. I will have to test this out when I get a chance. |
Hi @kaleb - there's a bit of documentation on using Agit with this patch of ConnectBot here: https://github.com/rtyley/agit/wiki/SSH -there's also a rather scrappy video of the installation process here: http://www.youtube.com/watch?v=6YXR-ZhZ1Qk |
Hasn't connectbot moved to google code hosting? |
@miniBill it was on github when I wrote this pull request! Thanks for the heads-up tho! I've now moved the patch to Google Code: http://code.google.com/r/robertotyley-connectbot-ssh-agent/source/list?name=ssh-agent |
@kruton there is any chance to get this PR merged? |
Instead of a permission, it should use a PendingIntent and request user confirmation and the button accepting confirmation should have android:filterTouchesWhenObscured set. |
Thanks for the feedback @kruton - that does sound like quite a nice alteration (ensuring that users don't fall victim to apps they blithely granted permissions to, I guess) but it might need some tweaking for Agit's pattern of use - the first time someone does a clone in Agit, it's reasonable that the user might get prompted for confirmation - but subsequently, Agit is supposed to keep the Git repo up to date with periodic polling and fetching - that won't work well if the user is getting prompted each time? |
Why's this cool feature just collecting dust? :) |
Any hope for progress on this? |
What's the status of this? I'd love to have this in mainline as well as the forks so that other programs (e.g. VLC's SFTP suppot) could make use of it. |
getting closer to 6 years... |
Any love for this? I'm looking to integrate this functionality into syncopoli. |
The status of affairs appears to be that @kruton gave feedback requesting changes such that there is user confirmation, then @rtyley opened a discussion, starting that needing to request confirmation each time would be annoying for his agit app, which this patch was originally made for. Since then there has been no response from either party. If I may add to the discussion, I think being able to trust an app using a checkbox on the confirmation screen would resolve the concerns of both parties, this could simply write the name or id of the app to a "trusted_apps_ssh-agent" variable or file. |
|
I've recently released Agit, a Git client for Android (https://market.android.com/details?id=com.madgag.agit). In order to support git+ssh functionality, I created this patch of ConnectBot which allows other android apps to use it in the same manner as an ssh-agent. This means that Agit doesn't need to actually manage or even store SSH keys itself, which is pretty cool - as ConnectBot already has the UI & infrastructure to manage SSH keys, I don't want to have to do it again...!
The functionality is exposed using AIDL, defining a small two-method interface, getIdentities() & sign() :
https://github.com/rtyley/madgag-ssh/blob/master/ssh-android/src/main/java/com/madgag/ssh/android/authagent/AndroidAuthAgent.aidl
The patch adds the AndroidAuthAgent.java generated from this AIDL definition to ConnectBot, and exposes it using a AuthAgentService to external Apps with the
org.openintents.ssh.permission.ACCESS_SSH_AGENT
permission so that they can bind to the agent and use it to provide public-keys and sign the ssh-challenges that they encounter.Just to go over that again, it's the external app (e.g. Agit) that creates the network connection to the remote ssh server, using it's own ssh libraries, it's just that it binds to ConnectBot in order to get a list of available identities (ie public keys), and then later, when the remote ssh server issues a challenge, Agit will call the auth-agent again to sign the issued ssh cryptographic-challenge.
The bit of Agit's code where it does this is here:
https://github.com/rtyley/agit/blob/agit-parent-1.7/agit/src/main/java/com/madgag/agit/ssh/AndroidSshSessionFactory.java
It works really well - it's a symphony of cryptography and inter-process communication!
Hope you like it,
Roberto