Would you be able to add ssh-agent and Pageant support for SSH connection authentication?
That way the authentication process can be a lot more secure since we don’t need to leave key files sitting around on a disk.
It’s been a while since I tested this, but I don’t believe we need to do anything specific for ssh-agent, if it’s configured correctly git will use the agent
Sorry I didn’t mean git, I was actually referring to SFTP connect and SSH open connection actions.
I use the former to upload software to our web-server and the latter to build on a remote machine. Now both these actions require a key file to be on a disk for key authentication, which is not very secure.
If these actions could make use of the agent, that would be great.
I will look into it but not making promises - all depends on the client library - they don’t use open ssh or putty so not sure how they would use them.
It looks like you are using SecureBlackbox, in which case it should be possible - please see this link.
Yes we do, although planning to move away from secureblackbox very soon - so will need to confirm it can be done with whatever library we go with.
For SBB - all I could find is one line on this page
UseAuthAgent
Boolean Enables or disables the use of external key agent, such as Putty key agent.
I guess it just works if I set to true?
We do not have a current subscription with nsoftware so no support (for reasons I don’t want to go into here) - but I’ll see what I can find out.
Perhaps you could simply add a checkbox “Use agent” in the action, which will set this option and hopefully that’s all that is needed.
If you walk away from SBB that’s fine, but there is not much choice for Delphi. There is IPWorks SSH from the now-same vendor, then there is SecureBridge from DevArt. Otherwise it would have to be a DLL for an external implementation.
We’re actually using the .net version of SBB (we host the clr) - I forget why as that choice was made a long time ago.
We are considering either Rebex.NET (which we use in Continua CI and know works really well and is fast) or Securebridge - I just looked the doco for both and there is no mention of using agents for auth.
More investigation needed, we don’t want to be adding a feature in FB8 that we could not implement in FB9.