Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] Extension doesn't see custom ssh agent #1393

Closed
kobrineli opened this issue Jan 14, 2025 · 11 comments
Closed

[BUG] Extension doesn't see custom ssh agent #1393

kobrineli opened this issue Jan 14, 2025 · 11 comments
Labels
bug Something isn't working

Comments

@kobrineli
Copy link

Hi! I am using custom ssh agent, which is set in both ~/.ssh/config and SSH_AUTH_SOCK env variable.
But when I try to connect to database via SSH tunnel, I see that plugin tries to use a default ssh agent instead of the custom one, and thus the authentication doesn't pass.

Is there any option to provide concrete path to ssh agent sock in the extension?
@kobrineli kobrineli added the bug Something isn't working label Jan 14, 2025
@AlexEfnd
Copy link

AlexEfnd commented Jan 14, 2025
edited
Loading

Upvote!

I'm having exact same issue. Used to have a direct connection to DB and it worked fine, bought the extension for it. But right now the policy changed and I need to use ssh tunnel with a custom agent - yet I'm stuck with the same problem, extension doesn't seem to use the agent specified in ~/.ssh/config

System Info:
MacOS Sonoma 14.7

@kobrineli
Copy link
Author

UPD. The agent is selected correctly, but the problem still exists.

When agent provides more than one key/cert, the plugin takes only the first one, tries to authenticate with it, and, if it fails, closes the connection instead of trying to authenticate with the other provided keys or certificates.

@kobrineli
Copy link
Author

@cweijan

@cweijan
Copy link
Owner

cweijan commented Jan 14, 2025

Thanks for the feedback, I don't know enough about ssh agent, I will try to support it better. As for now, I can only promise that I will never steal your private key.

@kobrineli
Copy link
Author

kobrineli commented Jan 14, 2025
edited
Loading

All the patch is just to try authenticate with all provided identities instead of just the first one.

@cweijan
Copy link
Owner

cweijan commented Jan 14, 2025

@kobrineli I tested it and found that the ssh-agent supports multiple private keys. Please tell me your private key type. Maybe the private key format is not supported.

@kobrineli
Copy link
Author

kobrineli commented Jan 14, 2025
edited
Loading

@cweijan public key type is [email protected]
I think this is mostly about public keys rather than private keys, 'cause agent doesn't give private keys themselves.

@kobrineli
Copy link
Author

@cweijan
Hi! Are there any updates on this issue?

@cweijan
Copy link
Owner

cweijan commented Jan 25, 2025

Hi, in the latest version 8.1.3, it supports custom SSH Agent path and automatically reads the key path from ~/.ssh/config.

Image

@cweijan cweijan closed this as completed Jan 30, 2025
@kobrineli
Copy link
Author

@cweijan
It appeared that agent is being used correctly, but underlying lib for SSH doesn't support using certificates.

@kobrineli
Copy link
Author

mscdex/ssh2#1440

Here is fix for ssh2.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@AlexEfnd @cweijan @kobrineli