Add support for %h and %r escape characters in IdentityFile for SSH. (#10343)

* Add support for %h and %r escape characters in IdentityFile for SSH.
See section "IdentityFile" on https://linux.die.net/man/5/ssh_config for
details.

* Fix lint warnings.

.github/workflows/build.yml

@@ -258,7 +258,7 @@ jobs:
         repo: 'eugeny/tabby'
         dir: 'dist'
         rpmvers: 'el/9 el/8 ol/6 ol/7'
-        debvers: 'ubuntu/bionic ubuntu/focal ubuntu/hirsute ubuntu/impish ubuntu/jammy ubuntu/kinetic ubuntu/noble ubuntu/oracular debian/jessie debian/stretch debian/buster'
+        debvers: 'ubuntu/bionic ubuntu/focal ubuntu/hirsute ubuntu/impish ubuntu/jammy ubuntu/kinetic ubuntu/noble ubuntu/oracular debian/jessie debian/stretch debian/buster debian/bullseye debian/bookworm debian/trixie'
 
     - uses: actions/upload-artifact@master
       name: Upload AppImage (${{matrix.arch}})

README.de-DE.md

@@ -347,7 +347,6 @@ Dank geht an diese wunderbaren Menschen ([emoji key](https://allcontributors.org
     </tr>
     <tr>
       <td align="center" valign="top" width="14.28%"><a href="https://github.com/geodic"><img src="https://avatars.githubusercontent.com/u/64704703?v=4?s=100" width="100px;" alt="geodic"/><br /><sub><b>geodic</b></sub></a><br /><a href="https://github.com/Eugeny/tabby/commits?author=geodic" title="Code">💻</a></td>
-      <td align="center" valign="top" width="14.28%"><a href="https://aminelch.github.io"><img src="https://avatars.githubusercontent.com/u/32558537?v=4?s=100" width="100px;" alt="aminelch"/><br /><sub><b>aminelch</b></sub></a><br /><a href="#design-aminelch" title="Design">🎨</a></td>
     </tr>
   </tbody>
 </table>

README.id-ID.md

@@ -346,7 +346,6 @@ Terima kasih kepada mereka yang telah membantu ([emoji key](https://allcontribut
     </tr>
     <tr>
       <td align="center" valign="top" width="14.28%"><a href="https://github.com/geodic"><img src="https://avatars.githubusercontent.com/u/64704703?v=4?s=100" width="100px;" alt="geodic"/><br /><sub><b>geodic</b></sub></a><br /><a href="https://github.com/Eugeny/tabby/commits?author=geodic" title="Code">💻</a></td>
-      <td align="center" valign="top" width="14.28%"><a href="https://aminelch.github.io"><img src="https://avatars.githubusercontent.com/u/32558537?v=4?s=100" width="100px;" alt="aminelch"/><br /><sub><b>aminelch</b></sub></a><br /><a href="#design-aminelch" title="Design">🎨</a></td>
     </tr>
   </tbody>
 </table>

README.it-IT.md

@@ -342,7 +342,6 @@ Grazie a queste persone meravigliose ([emoji key](https://allcontributors.org/do
     </tr>
     <tr>
       <td align="center" valign="top" width="14.28%"><a href="https://github.com/geodic"><img src="https://avatars.githubusercontent.com/u/64704703?v=4?s=100" width="100px;" alt="geodic"/><br /><sub><b>geodic</b></sub></a><br /><a href="https://github.com/Eugeny/tabby/commits?author=geodic" title="Code">💻</a></td>
-      <td align="center" valign="top" width="14.28%"><a href="https://aminelch.github.io"><img src="https://avatars.githubusercontent.com/u/32558537?v=4?s=100" width="100px;" alt="aminelch"/><br /><sub><b>aminelch</b></sub></a><br /><a href="#design-aminelch" title="Design">🎨</a></td>
     </tr>
   </tbody>
 </table>

README.ko-KR.md

@@ -341,7 +341,6 @@ Pull requests and plugins are welcome!
     </tr>
     <tr>
       <td align="center" valign="top" width="14.28%"><a href="https://github.com/geodic"><img src="https://avatars.githubusercontent.com/u/64704703?v=4?s=100" width="100px;" alt="geodic"/><br /><sub><b>geodic</b></sub></a><br /><a href="https://github.com/Eugeny/tabby/commits?author=geodic" title="Code">💻</a></td>
-      <td align="center" valign="top" width="14.28%"><a href="https://aminelch.github.io"><img src="https://avatars.githubusercontent.com/u/32558537?v=4?s=100" width="100px;" alt="aminelch"/><br /><sub><b>aminelch</b></sub></a><br /><a href="#design-aminelch" title="Design">🎨</a></td>
     </tr>
   </tbody>
 </table>

README.md

@@ -365,7 +365,6 @@ Thanks goes to these wonderful people ([emoji key](https://allcontributors.org/d
     </tr>
     <tr>
       <td align="center" valign="top" width="14.28%"><a href="https://github.com/geodic"><img src="https://avatars.githubusercontent.com/u/64704703?v=4?s=100" width="100px;" alt="geodic"/><br /><sub><b>geodic</b></sub></a><br /><a href="https://github.com/Eugeny/tabby/commits?author=geodic" title="Code">💻</a></td>
-      <td align="center" valign="top" width="14.28%"><a href="https://aminelch.github.io"><img src="https://avatars.githubusercontent.com/u/32558537?v=4?s=100" width="100px;" alt="aminelch"/><br /><sub><b>aminelch</b></sub></a><br /><a href="#design-aminelch" title="Design">🎨</a></td>
     </tr>
   </tbody>
 </table>

README.ru-RU.md

@@ -31,7 +31,7 @@
 * Встроенный SSH- и Telnet-клиент и менеджер подключений;
 * Встроенный последовательный терминал;
 * Темы и цветовые схемы;
-* Полностью настраеваемые сочетания клавиш;
+* Полностью настраиваемые сочетания клавиш;
 * Панели;
 * Запоминание вкладок;
 * Поддержка PowerShell (and PS Core), WSL, Git-Bash, Cygwin, MSYS2, Cmder и CMD;
@@ -342,7 +342,6 @@ Pull-запросы и плагины приветствуются!
     </tr>
     <tr>
       <td align="center" valign="top" width="14.28%"><a href="https://github.com/geodic"><img src="https://avatars.githubusercontent.com/u/64704703?v=4?s=100" width="100px;" alt="geodic"/><br /><sub><b>geodic</b></sub></a><br /><a href="https://github.com/Eugeny/tabby/commits?author=geodic" title="Code">💻</a></td>
-      <td align="center" valign="top" width="14.28%"><a href="https://aminelch.github.io"><img src="https://avatars.githubusercontent.com/u/32558537?v=4?s=100" width="100px;" alt="aminelch"/><br /><sub><b>aminelch</b></sub></a><br /><a href="#design-aminelch" title="Design">🎨</a></td>
     </tr>
   </tbody>
 </table>

README.zh-CN.md

@@ -341,7 +341,6 @@
     </tr>
     <tr>
       <td align="center" valign="top" width="14.28%"><a href="https://github.com/geodic"><img src="https://avatars.githubusercontent.com/u/64704703?v=4?s=100" width="100px;" alt="geodic"/><br /><sub><b>geodic</b></sub></a><br /><a href="https://github.com/Eugeny/tabby/commits?author=geodic" title="Code">💻</a></td>
-      <td align="center" valign="top" width="14.28%"><a href="https://aminelch.github.io"><img src="https://avatars.githubusercontent.com/u/32558537?v=4?s=100" width="100px;" alt="aminelch"/><br /><sub><b>aminelch</b></sub></a><br /><a href="#design-aminelch" title="Design">🎨</a></td>
     </tr>
   </tbody>
 </table>

app/package.json

@@ -30,7 +30,7 @@
     "native-process-working-directory": "^1.0.2",
     "npm": "6",
     "rxjs": "^7.5.7",
-    "russh": "0.1.19",
+    "russh": "0.1.22",
     "source-map-support": "^0.5.20",
     "v8-compile-cache": "^2.3.0",
     "yargs": "^17.7.2"

app/yarn.lock

@@ -3628,10 +3628,10 @@ run-queue@^1.0.0, run-queue@^1.0.3:
   dependencies:
     aproba "^1.1.1"
 
-russh@0.1.19:
-  version "0.1.19"
-  resolved "https://registry.yarnpkg.com/russh/-/russh-0.1.19.tgz#b1e9edeef5bb8502ff083638bf93512dc084c39e"
-  integrity sha512-gfLiz+OyGDcFhm5NE0Y6V1byPSgFNLr+71PFlMMz48oZPXl+WQavdCcyfdy9T/1afip9Vw5lkb6SxZ6/RVj2Lw==
+russh@0.1.22:
+  version "0.1.22"
+  resolved "https://registry.yarnpkg.com/russh/-/russh-0.1.22.tgz#f56e515b1938fa3c1ee7321b2559c17bb7f7f5cc"
+  integrity sha512-ors+8pqxb9cyyy0tkAgEkrEWoN18kJuw0GtcZsheTQBdqEw/BSulmkKqNva6jjvoOc3wP1GIjbkQ5OdRGqQwmg==
   dependencies:
     "@napi-rs/cli" "^2.18.3"
 

tabby-core/src/services/vault.service.ts

@@ -195,7 +195,13 @@ export class VaultService {
         if (!vault) {
             return null
         }
-        return vault.secrets.find(s => s.type === type && this.keyMatches(key, s)) ?? null
+        let vaultSecret = vault.secrets.find(s => s.type === type && this.keyMatches(key, s))
+        if (!vaultSecret) {
+            // search for secret without host in vault (like a default user/password used in multiple servers)
+            key['host'] = null
+            vaultSecret = vault.secrets.find(s => s.type === type && this.keyMatches(key, s))
+        }
+        return vaultSecret ?? null
     }
 
     async addSecret (secret: VaultSecret): Promise<void> {

tabby-ssh/src/services/ssh.service.ts

@@ -1,7 +1,8 @@
-// import * as fs from 'fs/promises'
+import * as fs from 'fs/promises'
+import * as crypto from 'crypto'
 import * as tmp from 'tmp-promise'
 import { Injectable } from '@angular/core'
-import { ConfigService, HostAppService, Platform, PlatformService } from 'tabby-core'
+import { ConfigService, FileProvidersService, HostAppService, Platform, PlatformService } from 'tabby-core'
 import { SSHSession } from '../session/ssh'
 import { SSHProfile } from '../api'
 import { PasswordStorageService } from './passwordStorage.service'
@@ -15,6 +16,7 @@ export class SSHService {
         private config: ConfigService,
         hostApp: HostAppService,
         private platform: PlatformService,
+        private fileProviders: FileProvidersService,
     ) {
         if (hostApp.platform === Platform.Windows) {
             this.detectedWinSCPPath = platform.getWinSCPPath()
@@ -47,14 +49,35 @@ export class SSHService {
         const args = [await this.getWinSCPURI(session.profile, undefined, session.authUsername ?? undefined)]
 
         let tmpFile: tmp.FileResult|null = null
-        if (session.activePrivateKey) {
-            tmpFile = await tmp.file()
-            // await fs.writeFile(tmpFile.path, session.activePrivateKey)
-            const winSCPcom = path.slice(0, -3) + 'com'
-            await this.platform.exec(winSCPcom, ['/keygen', tmpFile.path, `/output=${tmpFile.path}`])
-            args.push(`/privatekey=${tmpFile.path}`)
+        try {
+            if (session.activePrivateKey && session.profile.options.privateKeys && session.profile.options.privateKeys.length > 0) {
+                tmpFile = await tmp.file()
+                let passphrase: string|null = null
+                for (const pk of session.profile.options.privateKeys) {
+                    let privateKeyContent: string|null = null
+                    const buffer = await this.fileProviders.retrieveFile(pk)
+                    privateKeyContent = buffer.toString()
+                    await fs.writeFile(tmpFile.path, privateKeyContent)
+                    const keyHash = crypto.createHash('sha512').update(privateKeyContent).digest('hex')
+                    // need to pass an default passphrase, otherwise it might get stuck at the passphrase input
+                    passphrase = await this.passwordStorage.loadPrivateKeyPassword(keyHash) ?? 'tabby'
+                    const winSCPcom = path.slice(0, -3) + 'com'
+                    try {
+                        await this.platform.exec(winSCPcom, ['/keygen', tmpFile.path, '-o', tmpFile.path, '--old-passphrase', passphrase])
+                    } catch (error) {
+                        console.warn('Could not convert private key ', error)
+                        continue
+                    }
+                    break
+                }
+                args.push(`/privatekey=${tmpFile.path}`)
+                if (passphrase != null) {
+                    args.push(`/passphrase=${passphrase}`)
+                }
+            }
+            await this.platform.exec(path, args)
+        } finally {
+            tmpFile?.cleanup()
         }
-        await this.platform.exec(path, args)
-        tmpFile?.cleanup()
     }
 }

tabby-ssh/src/session/ssh.ts

@@ -162,9 +162,11 @@ export class SSHSession {
         this.allAuthMethods = [{ type: 'none' }]
         if (!this.profile.options.auth || this.profile.options.auth === 'publicKey') {
             if (this.profile.options.privateKeys?.length) {
-                for (const pk of this.profile.options.privateKeys) {
+                for (let pk of this.profile.options.privateKeys) {
                     // eslint-disable-next-line @typescript-eslint/init-declarations
                     let contents: Buffer
+                    pk = pk.replace('%h', this.profile.options.host)
+                    pk = pk.replace('%r', this.profile.options.user)
                     try {
                         contents = await this.fileProviders.retrieveFile(pk)
                     } catch (error) {

tabby-terminal/src/middleware/oscProcessing.ts

@@ -3,7 +3,7 @@ import { Subject, Observable } from 'rxjs'
 import { SessionMiddleware } from '../api/middleware'
 
 const OSCPrefix = Buffer.from('\x1b]')
-const OSCSuffix = Buffer.from('\x07')
+const OSCSuffixes = [Buffer.from('\x07'), Buffer.from('\x1b\\')]
 
 export class OSCProcessor extends SessionMiddleware {
     get cwdReported$ (): Observable<string> { return this.cwdReported }
@@ -14,11 +14,22 @@ export class OSCProcessor extends SessionMiddleware {
 
     feedFromSession (data: Buffer): void {
         let startIndex = 0
-        while (data.includes(OSCPrefix, startIndex) && data.includes(OSCSuffix, startIndex)) {
-            const params = data.subarray(data.indexOf(OSCPrefix, startIndex) + OSCPrefix.length)
-            const oscString = params.subarray(0, params.indexOf(OSCSuffix)).toString()
+        while (data.includes(OSCPrefix, startIndex)) {
+            const si = startIndex
+            if (!OSCSuffixes.some(s => data.includes(s, si))) {
+                break
+            }
 
-            startIndex = data.indexOf(OSCSuffix, startIndex) + OSCSuffix.length
+            const params = data.subarray(data.indexOf(OSCPrefix, startIndex) + OSCPrefix.length)
+
+            const [closesSuffix, closestSuffixIndex] = OSCSuffixes
+                .map((suffix): [Buffer, number] => [suffix, params.indexOf(suffix)])
+                .filter(([_, index]) => index !== -1)
+                .sort(([_, a], [__, b]) => a - b)[0]
+
+            const oscString = params.subarray(0, closestSuffixIndex).toString()
+
+            startIndex = data.indexOf(closesSuffix, startIndex) + closesSuffix.length
 
             const [oscCodeString, ...oscParams] = oscString.split(';')
             const oscCode = parseInt(oscCodeString)