Allow private key to be specified by user

[tcurdt]

Is there a particular reason the private key is compiled in and not generated or passed in?

I found this https://github.com/NHAS/reverse_ssh/issues/107 but that does not quite cover the reasoning.

[NHAS]

In most cases someone using this project has their server set-up to use the link command, which enables effectively mutual authentication as the server knows the public key of the client and the client has a hash of the server fingerprint baked in.

Most of the time you dont want to pass in a private key as an argument, because you're trying to implant the client binary on a system that you might have very limited access to, thus another argument may be too cumbersome.

[tcurdt]

I would love to use it more from an ops perspective to eliminate the need for a way in. I get it that in a infosec/opsec context you want to eliminate fussing around with the configuration - but maybe there is way to allow for both?

I would be a shame to miss out on this because of the focus on infosec/opsec.

[NHAS]

Im more than happy to add a flag that allows users to specify a path to a private key for the client if that would suite what you're thinking of.

[tcurdt]

That's what I had in mind, cool.

Only question is what that means to the build process and the included key. Just add a key that is not used?

[NHAS]

Eh we can always change the build process and how private keys are embedded

[NHAS]

This is now on unstable, and will be in the next release.

Clients now support --private-key-path as an option, where you can specify a SSH private key that the client will attempt to use to connect to your server.

I have not removed the embedding of the private key, as I didnt feel like it.

Hopefully this sorts what you want!