Comments (22)
Passphrase protected keys are an additional way to gain time between loss of key and server side invalidation of the key (as they are hard to brute-force when generated correctly).
Surely one could rely solely on android mechanisms to prevent unwanted access to the secret key, but the choice should be left to the user.
Also, manually generated keys should be importable (maybe another issue) to prevent relying on a monoculture ecosystem.
from mercury.
This feature is not implemented yet, but it will be added very soon!
from mercury.
@chumma12 sure it does. A public key can (and should) be encrypted.
from mercury.
@chumma12 Well, in case of your device getting stolen bulk-revoking RSA keys is way less of a hassle than setting and remembering new passwords, especially for sysadmins with multiple clients, who have Mercury-SSH on their phones to check up on the machines they're managing every now and then. These guys would have to dig up the old passwords from god knows where (since along with their phone they've lost the JSON), SSH into every single host, change the password, possibly tell every client how they've f-ed up, send them new passes and lose people's trust. And that's the least they'd have to do in the best-case scenario where the thief wouldn't know about/what to do with what was on the phone. So yeah, that might be a nice feature.
from mercury.
Is it possible to add support for ssh key passphrases?
from mercury.
I need it too
from mercury.
Hope to see key-based authentication available as soon as possible! 👍
Without that Mercury-SSH is useless to me.
from mercury.
maybe there is a way to use ConnectBot for that? That could save a lot of coding work if ConnectBot could handle the key management and open the connection for Mercury.
from mercury.
Is this being worked on? Same problem as @P4z, I can't use this app without key auth, which is a shame. I'd try to figure it out myself, but school is unfortunately a thing.
from mercury.
@LumenTeun opensource is great as you can build your feature too ^_^
so, before saying "this is a shame" you could implement it... if you are not able to do it yourself you can always donate something to accelerate the process.
otherwise be quiet and wait for the willing @Skarafaz 👍
from mercury.
Would be nice :-)
from mercury.
+1
from mercury.
+1
from mercury.
Please add that, storing passwords in JSON plaintext is just asking for trouble, really!
from mercury.
If someone steals your phone, does it matter if you have stored plaintext password or the private key?
from mercury.
@rigid then you provide your password everytime you use the Mercury-SSH program?
from mercury.
@chumma12 at least, once everytime you reboot your phone, yes.
from mercury.
Whoop whoop 👏 🎉 😄
from mercury.
Yep! but to late I'm on iPhone now
from mercury.
I don't think it would so useful
from mercury.
Can you explain why?
from mercury.
This app uses a self generated private key which is stored in the internal storage (secure), so... why adding a passphrase? Just to type it each time you send a command?
from mercury.
Related Issues (20)
- Feature request: make individual scripts available as activities HOT 1
- (Non-)Feature-Request: Keep it simple HOT 5
- rsync help HOT 1
- [feature-request] Homescreen widgets HOT 1
- TTY ? HOT 2
- Change the default keysize to 4096 bit HOT 1
- Push f-droid version HOT 7
- Dynamic Variables HOT 2
- Android TV HOT 4
- sudoNoPasswd is no known property HOT 3
- Reading position in Help page gets lost after device rotation HOT 1
- Running a command through an intent HOT 2
- Using custom and/or separate keys for separate connections. HOT 2
- YAML config file
- Command Organization
- Duplicate Server tabs HOT 1
- [Feature request] OpenKeychain integration HOT 1
- Screenshots for F-Droid
- Can Mercury work with root but no sudo? HOT 2
- Windows support
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from mercury.