Blink: Add ssh-agent (or equivalent)

vaguely related to #58

Agreed. Thinking about a way to make everything work together. Still haven't figured out a way to do TouchID that doesn't bother me. If you have any suggestions on what the experience would look like, please shoot :)

I think TouchID is great, but only for those who have it :)

I would appreciate if the ssh-agent-like functionality would not be tied up to TouchID. I don't have a problem typing my passphrase, but please make it only once, then keep the unencrypted key in memory, just like ssh-agent does.

You could ask the passphrase just before connecting to a host that uses a key that is not present in your agent.

edited: I'm also following #58, the discussion is longer there...

Well, it's been a while, so I thought I'd bump this thread, for the following reasons:

• it's VERY tedious to keep typing in my pass phrase on every connection
• without agent forwarding, I can't check out git repos on the remote host

Both of these, put together, mean I can't currently use Blink effectively, so I've gone back to Prompt and am putting up with it's slowness...

I would be strongly against storing the key in memory and prompt nothing when it is used, as ssh-agent does. I guess ssh-agent is designed for personal computera where access is restricted, instead of servers. The remote machine can be shared and someone else can ask for your key without your permission (at least that is my understanding, please let me know if that is not the case). Please at least ask for confirmation when the key stored in memory is requested, if this feature is added some day.

I think the correct way, in iOS 10+, is to use the keychain to store the keys in. Let the keychain unlock and provide the keys for you. Then you don’t have problems with keeping unlocked keys in memory, etc.

And you can leverage TouchID, etc.

I’m going to bump this, since it’s been open since 2016 and is still the main reason I can’t use Blink daily.

Apparently, the mosh protocol does not support ssh-agent; the mosh people have therefore, after having having been asked for support, built their own agent implementation, which also is supposed to be compatible with ssh and offers additional security features, as is described in the research paper.

The implementation of the guardian-agent is located here. It's in go, though, so I don't know how integration into iOS will look like. Seems to be the clearly superior solution from a technical point of view, though.

May I suggest that this implementation could serve as basis for the blink agent support?

BUMP. :)

The implementation of the guardian-agent is located here. It's in go, though, so I don't know how integration into iOS will look like.

FYI, you can use gomobile to generate obj-c bindings and a dylib for iOS.

I would disagree that this is Done from @yury's work, that adds agent to ssh connections, but doesn't deal with the Mosh connections at all? As @schelhorn mentions, guardian-agent appears to be the official Mosh supported way to have agent-like functionality.

Would be nice to have updated docs. The binaries are there, but without the niceties of a standard shell it’s tricky to set these up.

How far along is this? I’ve been checking in every 6 months, and keep using Prompt because a) it understands agents and b) it stores the password for my private key.

Every time I fire up Blink after an update I keep bumping up against it not even saving the private key password (and no, logging in via a password to many servers is not feasible - some I don’t even have passwords for, just the key).

Keep dreaming @rcarmo

Agents are working, just run ssh-agent in separate tab and run ssh-agent.

Private key passwords are rudimental thing since we storing keys in Secure Enclave.

Exactly why do I need to run ssh-agent on a separate tab? Last time I tried there was no documentation about that (only comments on issues here), and I would expect it to be integrated into options...

Agreed here, we need better integration.

And docs. I’m trying ssh-agent right now, and ssh-add apparently does nothing (no idea where it’s looking for keys).

ssh-add <key_name> like ssh-add id_rsa
or path to your key in file system.

Thanks. Not having a default nor any output from the command when invoked without arguments made it hard to figure out.

Too bad this needs to be done every time I start the app, it’s quite kludgy.

Yep, agreed here too. That is why this issue is not closed yet.

Any progress on this? I’ve just had another run in with ssh_agent and really wish this was seamless and only needed to be done once.

Not yet, sir.

Hi there again. I was wondering what was the state of affairs here, since I tried Blink again and I still can’t seem to get ssh-agent to work seamlessly (sometimes not at all).

@rcarmo This has been working flawless for me for a very long time. It would certainly be nice if it were easier to use (i.e. the agent running automatically and keys being added automatically) but it's really not that much of an inconvenience.

1. run ssh-agent
2. douple-tap for new terminal
3. run ssh-add id_rsa (or whatever your key is called)
4. connect normally (i.e. ssh -A user@server).

As ctrl+R works, the setup takes seconds.

The agent functionality was improved a few releases ago.

I agree maybe the agent could run in the background or prompt if you would like to store it within the agent every time, just for convenience. But reality is that for this to be secure, and considering how often iOS clears the app from the background, you will get prompted often anyway.

Having a passphrase for your key on Blink is less necessary as keys are kept within the Secure Enclave anyway, which is already an encrypted area. So you may be better just getting rid of it.

If you may still need it for some reason, it would help to know exactly what isn’t working, other than the UI. Is there anything different when it works and when it doesn’t? What key type of key is it? What type of encoding and encryption?

The agent has been considered to work for a long time, we even have started to add support for hardware keys to it. We want to definitely make it better and for the UI we added some stuff in this Blink 13 so we can finally finish the implementation. But the UI won’t be enough with the “sometimes it works and sometimes doesn’t”

Hi there. I very strongly disagree that it would be OK to get rid of the private key passphrase - I do not want any of my private keys to be potentially unguarded on any system, regardless of where they are stored, and favor explicit unlocking of them.

And yes, the UI is the matter here, since manually starting an agent every time I open Blink (which, incidentally, currently gets killed randomly by iOS 13.2 every time it goes to the background) is untenable (even if 13.2 gets fixed).

The agent does work, except for agent forwarding (for some reason it has never really worked for me, whereas Panic's Prompt "just works").

But I really want to use Blink, and would prefer the experience be as seamless as possible - i.e., that the agent be started in the background, and that the private key password be stored as well and provided automatically upon connection, mirroring the experience I have on Linux and macOS with keychain (get prompted to unlock key upon first connection, then never again).

An option to explicitly use TouchID/FaceID to unlock keys would also be welcome, but that is almost orthogonal to the agent experience.

100% agree on the Agent in the background without requiring to explicitly start it. I may agree on the extra Passphrase for the private key, although the Secure Enclave is a HW encrypted area too, I understand some cases require extra security.

Will take another look at agent forwarding, but would help to know which cases it isn’t working for you or for what type of keys. We have been able to even forward keys into our Bunkr agent.

Now to the important we should decide on functionality, here is the trick:

On Linux and MacOS, the agent can keep the private key decrypted in memory (or the Passphrase, which is equivalent), and survive some time until the agent is required to be locked again. In iOS keeping it in memory will require for you to introduce it again every time it gets removed from memory.

So the experience will never be the same no matter what. It will be difficult to reproduce the “introduce it once and forget”.

We could keep the Passphrase for the key also stored within the Secure Enclave, and then use TouchID/FaceID. I would discard this method though as it would be the same as just keeping the Private Key without the Passphrase.

We could investigate if maybe we could use the “Secure Enclave” for temporary secure storage. So under some conditions the decrypted key would get removed from there. Not sure about the conditions or possibilities of the API though.

Any other ideas?