Optional passthrase when using SSH key in UI

[worksofliam]

Needed as a new connection prop

[priceaj]

If we are doing this for security, then I think SSH2 supports using an SSH agent (e.g. Pagent), which is definitely better than storing the credentials in our extension (even with secure storage). Maybe we should steer people to use that and possibly drop support for storing credentials at all?

Best practice would be to store the SSH Keys in an Agent, and have the extension retreive them from said agent as required. User/password logins should never be used, and keyboard interactive logins should definitely be turned off!!

Here is some 10 year old security advice for your delectation!

https://www.youtube.com/watch?v=_i7v7Of5UPI https://www.youtube.com/watch?v=ougAC38QCTY

[worksofliam]

@priceaj The chances of us dropping credentials right now are very low - I think if we did that, we'd need to add a way to make it easy to generate SSH keys and get them uploaded to IBM i automatically (ssh-copy-id?)

I think what we should do in the meantime, is absolutely warn the user when they log in with a password.

You should log in using an SSH key instead. Would you like to set one up now? <YES>

Then the yes button could generate a key, upload it to the system, update their connection settings to point to the key, and then disconnect. What do you think of that?

Also, the original issue here is when using an SSH key + passphrase. Perhaps the passphrase could be a quick popup box where the user needs to enter it in every time they connect like they would when they connect thru a terminal.

[worksofliam]

@priceaj Created #475 to continue talking about automatically generating a key. Let's leave this issue for the passphrase.