Add ssh key import support for ed25519 keys

[poelzi]

Description

• "sui keytool import-ssh" allows to import openssh private keys
• "sui keytool ssh-address" prints the sui address from a openssh public key
• update russh package

This allows to use the ssh key for authentication. Also is a new primitive that allows the hosts ssh key to be used for authentication and the address can be remotely determined with something like:

ssh-keyscan localhost | grep ssh-ed25519 | sed 's/^[^ ]* //' | xargs -n1 -d\\n ./target/debug/sui keytool ssh-address

Test plan

imported ssh keys, also encrypted one, multiple times to check if pubkey is the same.

---

Release notes

Check each box that your changes affect. If none of the boxes relate to your changes, release notes aren't required.

For each box you select, include information after the relevant heading that describes the impact of your changes that a user might notice and any actions they must take to implement updates.

• [ ] Protocol:
• [ ] Nodes (Validators and Full nodes):
• [ ] gRPC:
• [ ] JSON-RPC:
• [ ] GraphQL:
• [x] CLI:
• [ ] Rust SDK:

[vercel[bot]]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

2 Skipped Deployments

Name	Status	Preview	Comments	Updated (UTC)
multisig-toolkit	⬜️ Ignored (Inspect)	Visit Preview		Apr 11, 2025 2:57pm
sui-kiosk	⬜️ Ignored (Inspect)	Visit Preview		Apr 11, 2025 2:57pm

[stefan-mysten]

Sorry for missing this PR @poelzi!

[joyqvq]

in general i prefer this to live outside the main sui cli. ssh keys are encrypted for a reason, if i import an encrypted ssh key to sui cli it will be saved in plaintext, which defeats the purpose for encryption, no?

alternatively, please contribute this as a separate cli tool since our team won't have bandwidth to maintain this (unless you do @stefan-mysten ). we have also scheduled modular signer work in Q4 this year, in which we could allow external contribution more leniently.