Code Monkey home page Code Monkey logo

Comments (4)

mzch avatar mzch commented on June 1, 2024 1

I see. I can connect to my servers with a empty passphrase keys. Thanks!

from sshwifty.

nirui avatar nirui commented on June 1, 2024

Hello,

I've just tested it a bit, and can confirm it works at my end.

Have the key been encrypted? We don't support encrypted keys as doing so would require user to handover more of their secrets to the software, which is of course bad for their own security.

Also, I've failed to found the source error message "cannot decode private key". The closest I did found was "ssh: cannot decode encrypted private keys" here.

If that was the actual message, then it confirms that the key is indeed encrypted, and you need to manually decrypt it in order for Sshwifty to recognize it.

However, if the message was "Cannot use encrypted Private Key file" and you are using a old version (Order than 0.0.8-alpha that is), then there is a bug in the software which will block valid non-RSA private keys from been submitted. If this is the case, please use a newer version, lot's of other bugs has also been fixed since then.

from sshwifty.

mzch avatar mzch commented on June 1, 2024

Oh, sorry, yes, the message is "ssh: cannot decode encrypted private keys".
I'd like you to use ParseRawPrivateKeyWithPassphrase() instead of ParseRawPrivateKey(), so Sshwifty will recognize encrypted private keys. How about?

from sshwifty.

nirui avatar nirui commented on June 1, 2024

Sorry, I don't think I can do that. Because this software has been designed to collect as few data as possible.

If the software wants to decrypt user's private key, it will then have to collect the key passphrase, which is bad when you consider that later both information will be sent to the back-end server through public network.

An important background is, many people use one single passphrase to encrypt all of their private keys, effectively turning the passphrase to a master key. Handling and protecting a master key is too great of a responsibility for us, and a web app such as Sshwifty just doesn't have the power needed to fulfill it.

So, for the best interest of the user and their security, I have to refuse that. Hope you understand :)

from sshwifty.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.