Support SSH agent

[kg4zow]

trafficstars

Tried to run codexctl install rm2_xxxxx.swu. It asked me for the IP, whether I wanted to use a password, and then the path to an SSH secret key file.

The problem is, there is no file on the computer which contains the secret key - my SSH keys are stored in a Yubikey. This means that I have to physically insert the right Yubikey in order to SSH into anything, but it also means that if somebody breaks into or steals the computer, they can't get my SSH secret keys.

This means I cannot use codexctl to upgrade my tablets.

Please update codexctl to support talking to an SSH agent.

If it helps, the authentication "flow" I've used in the past when writing SSH clients (in other languages) is this:

1. If an SSH_AUTH_SOCK environment variable exists, try to use the agent first. (This environment variable contains the path to a UNIX socket where an SSH agent should be listening.) The documentation suggests that paramiko.Agent() knows this internally. If no agent is available, it will return "no error" and get_keys() will return an empty list. Here is a simple example.

2. If we didn't authenticate yet ... if the user specified a -i option, treat its value as the filename for an SSH secret key file. (I always use -i for this because it's kind of the standard - the ssh, scp, and sftp programs all use -i to point to a secret key file.)

3. If we didn't authenticate yet, THEN start asking the user for a password.