Re: [JSch-users] How to get sch to support ssh-agent
Status: Alpha
Brought to you by:
ymnk
From: Roberto C. S. <ro...@fa...> - 2005-09-16 14:43:46
|
On Fri, Sep 16, 2005 at 04:07:42PM +0200, Eric DECORNOD wrote: > Le Vendredi 16 Septembre 2005 13:33, Roberto C. Sanchez a =E9crit=A0: > > [...] > > There exists a standard way to access the ssh-agent on *nix platforms,= =20 > > we just have to figure out how to make that happen from Java. Besides, > > Eclipse itself takes advantage of certain OS-specific features in > > Windows (so I am told, since I don't use Windows), so it would not be > > unprecedented to have it take advantage of *nix-specific feature and > > default to generic behavior if it is not there. > > > > > Supporting ssh-agent is more or less complex task and it is not yet c= lear > > > whether this could be done with Java at all. None of the java ssh > > > libraries (free and commercials) support ssh-agent. > > > > How about this? > > > > http://themes.freshmeat.net/projects/j-buds/ > > > > [...] >=20 > The project you mention uses JNI. It is highly platform dependent > (it is C code compiled in a .so shared library loaded by java). > (see http://java.sun.com/j2se/1.5.0/docs/guide/jni/index.html for JNI) >=20 OK. I am familiar with JNI, but I was not aware that was the mechanism used by j-buds. > Meanwhile, using unix domain sockets isn't required to partially suppor= t=20 > agent forwarding. Agent forwarding could be handled purely with Java Clas= ses > doing the ssh-agent work. (i.e. holding keys and verify keys). > I'm not sure of that, but PuTTY's pagent seems to use Windows Inter pro= cess=20 > Communications functions. >=20 > Supporting agent forwarding is not supporting unix domain socket. > Unix domain socket are a way to connect ssh and ssh-agent locally under U= NIX. > Agent forwarding is a channel (just like port forwaring, or X11 forwardin= g) >=20 > If you don't need to communicate between jsch (java) and ssh-agent (nat= ive)=20 > but just a key storage (java) and agent forwarding (java), I think it is= =20 > possible. > The way of that could be to write an agent-forwarding channel type in j= sch,=20 > and a key agent doing the same job as ssh-agent. Your java program should= =20 > then create an agent object, fill it with private keys, and then when nee= ded,=20 > create as many jsch connections as needed, declaring the agent as auth=20 > method, and as agent forwarding endpoint. > There is no unix domain socket, it's 100% pure java, and cross platform= ;=20 > but writing an agent and a jsch channel type is not so easy as downloadin= g=20 > some project and writing a few lines of code. >=20 Is that sufficient to allow it to connect with the ssh-agent that is started on my machine whenever I log in? If I understand what you are saying, you are talking about writing a sepearate agent. My main concern is that if one is already running, jsch (or whatever else) should be able to connect to it directly. -Roberto --=20 Roberto C. Sanchez http://familiasanchez.net/~roberto |