Blink: Consider support for ed25519 keys

Unfortunately it isn't that easy. We are using libssh2 under the hood, and they do not have support for ecdsa keys yet. I think they might add it at some point or I will just get someone to do it ;)

https://github.com/libssh2/libssh2/issues/39 yeah buddy lightweight

With the following /etc/sshd_config you're unable to login with Blink -

KexAlgorithms [email protected]
Ciphers [email protected],[email protected],[email protected],aes256-ctr,aes192-ctr,aes128-ctr
MACs [email protected],[email protected],[email protected],hmac-sha2-512,hmac-sha2-256,[email protected]

There's a workaround in adding diffie-hellman-group-exchange-sha256 to KexAlgorithms, however, this is not free because you _should_ likely regenerate DH moduli.

# DH Moduli
# Note: This takes around 30 minutes and cannot be disabled without also removing
#       DH Group 5 (diffie-hellman-group-exchange-sha256) from sshd_config KexAlgorithms.
if grep -q "diffie-hellman-group-exchange-sha256" /etc/ssh/sshd_config;
then
  ssh-keygen -G /etc/ssh/moduli.all -b 4096
  ssh-keygen -T /etc/ssh/moduli.safe -f /etc/ssh/moduli.all
  mv /etc/ssh/moduli.safe /etc/ssh/moduli
  rm /etc/ssh/moduli.all
fi

This is computationally expensive to undertake, it'd be great to have Blink be able to connect to systems using ECC if possible. Not sure when it'll land in libssh2, your linked issue is interesting.

I'd contribute $$ for ed25519 support.

I'm currently working on #59 (Persistent Connections) and was planning to jump on this right after completed.

We can prioritise it by hiring someone to start working on it. I wanna reach out to a few developers that I have seen from the libssh2 repo, but if you know someone who might be able to do it, just let me know :)

Hello,

my company use ed25519 too and we will be really happy if Buddy can support it.
More and more people will use it ...

Can't wait to be able to use this crypto with Buddy ;).

An update on the state of things. I discussed with a lawyer and it seems that we are on solid ground if we are able to move to libssh: we are open source, and the additional restrictions clause wouldn't apply on this case. This would bring ed25519 a lot more useful features too, as they are usually more up to date. We are also exploring PuTTY as there is apparently another branch with support for ed25519, and also they are more up to date with new features.

Any ideas, suggestions or just cheering appreciated :)

Another ios app already support ed25519, it called Lterminal:
https://appsto.re/au/3Gtihb.i

Terrible UI/UX, however the only one at the moment supports ed25519.
I would like to pay double if blink shell support ed25519.

Great news, libssh2 now supports ed25519 and ECDSA! Time to revisit ;)

Wonderful! o/

Complete change of plans, but great news!

I didn't want us to be behind again, and not using the fact that we are open source and can leverage a ton more libraries was weird. So we are moving to libssh!

I've successfully compiled it and have it running for iOS. I'm migrating our ssh client, and key generation code. libssh has a few more advantages for us than libssh2:

• We will simplify all the code to generate and use keys.
• Keep all the protocols more up to date with OpenSSH (ed25519 supported since 2015).
• Using the "connectors/events" API will simplify things like port forwarding, etc...

The change is easy as our client isn't very complex, and the APIs for libssh are really well done. I will keep you posted!

great news, this is the main reason I supported blink. Happy to beta test if needed! see my github profile for email.

👍 Looking forward to this feature. :)
I came here because I was wondering how to add ed25519 keys in Blink. BTW thank you for your great work.

Just picked up Blink for iOS. Would be willing to throw an additional $20 into the pot towards getting this feature added.

Is there a recommended place to start a bug bounty for Blink, or should I do some research and decide on one myself?