SSH Key generation service

[King Lung Chiu]

Hi Evan,

I was wondering if you could add an SSH key-pair generation function to the SSH service please?

This was the code I needed to use JSch for, which had the conflict with the MF-supplied JSch. And since this is a generic function, I thought it might be more useful for everyone if comes built-in with Mediaflux, rather than me trying to write a work-around for our group only which would only make this service available for our own plugin users.

I already have working code if you're happy to use the relevant parts:

- KeyPair.genRSA(...) shows how the generation is done with JSch, specifically lines 46 & 48. Line 50 converts them to char[] so you can write out the bytes as Strings:

https://code.google.com/p/nectar-cvl-mfp-sink/source/browse/trunk/src/main/java/nig/ssh/KeyPair.java#42

- Test.GEN_KEY_PAIR.exec(...) shows a sample MF service using the above code (line 119) and writing out the generated keys as XML:

https://code.google.com/p/nectar-cvl-mfp-sink/source/browse/trunk/src/main/java/nig/test/Test.java#103

The generated keypair XML is as follows:

:keypair < :public publicPartOfKeyAsString :private privatePartOfKeyAsString >

- function genKeyPair (line 156) in testSink.tcl here shows the envisaged use of the service, combined with adding the result as an entry into SecureWallet:

https://code.google.com/p/nectar-cvl-mfp-sink/source/browse/trunk/bin/testSink.tcl#156

Let me know what you think, thanks!

King

[Evan Thomas]

That seems quite useful. When we first did the ssh services Jason suggested something similar.

I’ll try and do it for the next release (or the release after).

Evan.

Evan Thomas

Senior Software Engineer

ARCITECTA

5/26-36 High Street, Northcote

Victoria, Australia 3070

T:+61 3 8683 8527

M:+61 423 000 246

F:+61 3 9005 2876

Skype: evanathomas

http://www.arcitecta.com

Privileged/Confidential Information may be contained in this message. If you are not the addressee indicated in this message (or responsible for delivery of the message to such person), you may not copy or deliver this message to anyone. In such case, you should destroy this message and kindly notify the sender by reply email. Please advise immediately if you or your employer does not consent to email or messages of this kind. Opinions, conclusions and other information in this message that do not relate to the official business of Arcitecta shall be understood as neither given nor endorsed by it.

--
You received this message because you are subscribed to the Google Groups "mediaflux" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mediaflux+...@googlegroups.com.
To post to this group, send email to medi...@googlegroups.com.
Visit this group at http://groups.google.com/group/mediaflux.
For more options, visit https://groups.google.com/groups/opt_out.

[King Lung Chiu]

Awesome. Thanks Evan!

[Evan Thomas]

As of 3.8.056 there is now

> help secure.shell.keygen

help: secure.shell.keygen

synopsis:

Generate public/private key pair for use with secure shell (or SSH) services.

arguments:

:comment (type=string, min-occurs=0, max-occurs=1) An optional comment.

:passphrase (type=password, min-occurs=0, max-occurs=1) An optional passphrase.

:size (type=enumeration, min-occurs=0, max-occurs=1) Key size (defaults to 

restriction (enumeration)

:value 1024

:value 2048

:value 4096

:type (type=enumeration, min-occurs=0, max-occurs=1) Encryption to use (defaults to rsa).

restriction (enumeration)

:value rsa

:value dsa

execution: local

authority required: ACCESS

can abort: false

Evan.

Evan Thomas

Senior Software Engineer

ARCITECTA

5/26-36 High Street, Northcote

Victoria, Australia 3070

T:+61 3 8683 8527

M:+61 423 000 246

F:+61 3 9005 2876

Skype: evanathomas

http://www.arcitecta.com

Privileged/Confidential Information may be contained in this message. If you are not the addressee indicated in this message (or responsible for delivery of the message to such person), you may not copy or deliver this message to anyone. In such case, you should destroy this message and kindly notify the sender by reply email. Please advise immediately if you or your employer does not consent to email or messages of this kind. Opinions, conclusions and other information in this message that do not relate to the official business of Arcitecta shall be understood as neither given nor endorsed by it.

From: Evan Thomas <evan....@arcitecta.com>
Date: Thursday, 23 January 2014 9:30 pm
To: King Lung Chiu <kinglu...@gmail.com>, "medi...@googlegroups.com" <medi...@googlegroups.com>
Subject: Re: [mediaflux:435] SSH Key generation service

That seems quite useful. When we first did the ssh services Jason suggested something similar.

I’ll try and do it for the next release (or the release after).

Evan.

Evan Thomas

Senior Software Engineer

ARCITECTA

5/26-36 High Street, Northcote

Victoria, Australia 3070

T:+61 3 8683 8527

M:+61 423 000 246

F:+61 3 9005 2876

Skype: evanathomas

http://www.arcitecta.com

Privileged/Confidential Information may be contained in this message. If you are not the addressee indicated in this message (or responsible for delivery of the message to such person), you may not copy or deliver this message to anyone. In such case, you should destroy this message and kindly notify the sender by reply email. Please advise immediately if you or your employer does not consent to email or messages of this kind. Opinions, conclusions and other information in this message that do not relate to the official business of Arcitecta shall be understood as neither given nor endorsed by it.

From: King Lung Chiu <kinglu...@gmail.com>
Date: Thursday, 23 January 2014 9:07 pm
To: "medi...@googlegroups.com" <medi...@googlegroups.com>
Subject: [mediaflux:435] SSH Key generation service

--

[King Lung Chiu]

Thanks Evan!