Allow the use of private keys (deployment keys)

[leo-unglaub]

trafficstars

Hey, when i use your tool to deploy to SFTP servers, sometimes they dont allow username/password authentication and they demand the use of public/private keys.

What are your thoughts on that? Whould you be open to supporting that as well? Thanks so much and greetings Leo

[cschlosser]

From a quick look at it it should be possible.

How would you store the key? as file? as secret?

[leo-unglaub]

I think as a secret would be the best way to go. The only "problem" i see is that you would have to write the secret somewhere down into a temporary file and then specify a link to it in the lftp command. Because as far as i have seen its impossible to supply the ssh key as an argument. (propobly because its multiline)

[cschlosser]

I had some success with the ssh-agent and reading it from an env var through stdin. Trying to throw something together soonish. Something like

eval $(ssh-agent)
echo "$SSH_KEY" | tr -d '\r' | ssh-add -
lftp -c 'set sftp:auto-confirm yes; set sftp:connect-program "ssh -v"; ...

[leo-unglaub]

Using ssh-agent is a brilliant idea. That looks great! Thanks for the research/work.

[leo-unglaub]

I thought about this and i think using echo "$SSH_KEY" is a security problem. Other processes could see the key. There is printenv for that. I did a try with the following and it worked fine.

eval $(ssh-agent)
printenv SSH_KEY | ssh-add -