GuanM/tabby
1
0
Fork 0
mirror of https://github.com/Eugeny/tabby.git synced 2025-06-08 05:20:01 +00:00
Code Issues Packages Projects Releases Wiki Activity

fixed #10180 - encrypted PPK keys

Browse Source
This commit is contained in:
Eugene 2025-01-09 21:06:01 +01:00
parent ba7c31d940
commit 0a475daa9c
No known key found for this signature in database
GPG Key ID: 5896FCBBDD1CF4F4
1 changed files with 18 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
tabby-ssh/src/session/ssh.ts
View File

@ -37,7 +37,6 @@ type AuthMethod = {
type: 'publickey' type: 'publickey'
name: string name: string
contents: Buffer contents: Buffer
hashAlg: 'sha256'|'sha512'|'sha1'|null
} | { } | {
type: 'agent', type: 'agent',
kind: 'unix-socket', kind: 'unix-socket',
@ -139,14 +138,11 @@ export class SSHSession {
} }
private addPublicKeyAuthMethod (name: string, contents: Buffer) { private addPublicKeyAuthMethod (name: string, contents: Buffer) {
for (const hashAlg of ['sha512', 'sha256', 'sha1', null] as const) { this.remainingAuthMethods.push({
this.remainingAuthMethods.push({ type: 'publickey',
type: 'publickey', name,
name, contents,
contents, })
hashAlg,
})
}
} }
async init (): Promise<void> { async init (): Promise<void> {
@ -553,19 +549,13 @@ export class SSHSession {
if (method.type === 'publickey') { if (method.type === 'publickey') {
try { try {
const key = await this.loadPrivateKey(method.name, method.contents) const key = await this.loadPrivateKey(method.name, method.contents)
const possibleHashAlgs = (['ssh-rsa', 'rsa-sha2-256', 'rsa-sha2-512'].includes(key.algorithm) ? ['sha256', 'sha512', 'sha1'] : [null]) as (string|null)[] const possibleHashAlgs = ['ssh-rsa', 'rsa-sha2-256', 'rsa-sha2-512'].includes(key.algorithm) ? ['sha256', 'sha512', 'sha1'] as const : [null] as const
if (!possibleHashAlgs.includes(method.hashAlg)) { this.emitServiceMessage(`Trying private key: ${method.name}`)
// skip incompatible hash algs for (const alg of possibleHashAlgs) {
continue const result = await this.ssh.authenticateWithKeyPair(this.authUsername, key, alg)
} if (result instanceof russh.AuthenticatedSSHClient) {
let msg = `Using private key: ${method.name}` return result
if (method.hashAlg) { }
msg += ` (${method.hashAlg})`
}
this.emitServiceMessage(msg)
const result = await this.ssh.authenticateWithKeyPair(this.authUsername, key, method.hashAlg)
if (result instanceof russh.AuthenticatedSSHClient) {
return result
} }
} catch (e) { } catch (e) {
this.emitServiceMessage(colors.bgYellow.yellow.black(' ! ') + ` Failed to load private key ${method.name}: ${e}`) this.emitServiceMessage(colors.bgYellow.yellow.black(' ! ') + ` Failed to load private key ${method.name}: ${e}`)
@ -752,7 +742,12 @@ export class SSHSession {
triedSavedPassphrase = true triedSavedPassphrase = true
continue continue
} }
if (e.toString() === 'Error: Keys(KeyIsEncrypted)' || e.toString() === 'Error: Keys(SshKey(Crypto))') { if ([
'Error: Keys(KeyIsEncrypted)',
'Error: Keys(SshKey(Ppk(Encrypted)))',
'Error: Keys(SshKey(Ppk(IncorrectMac)))',
'Error: Keys(SshKey(Crypto))',
].includes(e.toString())) {
await this.passwordStorage.deletePrivateKeyPassword(keyHash) await this.passwordStorage.deletePrivateKeyPassword(keyHash)
const modal = this.ngbModal.open(PromptModalComponent) const modal = this.ngbModal.open(PromptModalComponent)