-
Notifications
You must be signed in to change notification settings - Fork 35
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SSH transport should support other use cases (validate fingerprints, keys, agents, etc.) for security #315
Comments
PR #314 adds support for passing an existing odbc and idb-connector objects for those transports. Being able to pass in a ssh client object instead of creating one for the ssh transport makes sense too. |
Found some ssh2 connect config options that would help verify the host key and pass in an ssh agent. In theory this should work with the existing code just need pass this along these confis options on the Connection.transport options object. Still need to test these options out to confirm things are working properly.
|
👋 Hi! This issue has been marked stale due to inactivity. If no further activity occurs, it will automatically be closed. |
Example of host fingerprint verification: mscdex/ssh2#985 (comment) We could add some wrappers in this lib to make it easier user just passes in the public key (base64) and we can setup the required configuration. |
Is your feature request related to a problem? Please describe.
The SSH transport doesn't check fingerprints and other non-trivial SSH use cases.
Describe the solution you'd like
The toolkit should support other use cases (validate fingerprints, keys, agents, etc.) for security. Being able to trust a fingerprint would make attackers' lives harder, for instance.
Describe alternatives you've considered
The toolkit gets passed an object with state and handlers defined already, like the Python toolkit needs a Paramiko session object instead of making one for you.
Additional context
I'm developing the SSH feature for the PHP toolkit, so it would be wise to have both parity and security features be consistent.
The text was updated successfully, but these errors were encountered: