ghidra
ghidra copied to clipboard
NationalSecurityAgency
Add certificate based authentication to Ghidra Remote Debugging via SSH
Remote gdb via ssh is currently only authenticated using username/password. We are respectfully requesting the addition of certificate-based authentication because:
- Most cloud-based providers use certificate based authentication and we actually have to weaken authentication to use Ghidra's debugger on those systems.
- As a teacher, I want to encourage students to use good, secure administration practices. I also want to teach students how to use Ghidra. Our teaching environments have to go against best practices for authentication to use Ghidra.
Thank you for Ghidra -- my students and I love this tool.
I assume you are using the latest release, and not building from source?
It's likely the next (non-patch) release will have the requested feature. If you are able and willing, could you build the latest development code from source and give it a try. The new system, instead of using a Java-based SSH library, just shells out to your installed ssh command. In theory, if that's configured to use certificates, then it'll just work.
- Build and install Ghidra from a clone of the latest source.
- Start a new project (so you don't risk breaking any existing program databases.)
- Import a target.
- Delete your Debugger Tool, and re-import it from the defaults (Tools → Import Default Tools)
- Open your target in the Debugger Tool.
- Click the drop-down by the Launch button and select gdb via ssh.
- Fill out the fields. There should be a field in there for extra arguments to
ssh, if those are necessary. - Click Launch.
- Pay attention to the terminal. It might prompt for a password. Take note whether its for the user's password or the password to unlock a private key.
- Let me know how it goes.
If this is already what you're doing, then I'm sorry for the pedantic response. If it's not working, then I'd be interested in the steps to reproduce the authentication failure when certificates are required.
