Finding appropriate keys to use for authenticating an SSH connection with Objective-C

Question

Several native Mac applications I've used that open SSH connections seem to have this magical ability to find the appropriate public+private keys to use for connecting (if present) and then present the system keychain dialog to ask the user to enter the password to decrypt the private key. I'd like to do this in my application. How does this work, exactly?

I'm currently using https://github.com/Lejdborg/NMSSH as an Objective-C wrapper for libssh which provides methods for authentication via public+private keys, but as far as I can tell I'd have to pop open a file open dialog and have the user select the needed keys (not ideal) and present my own password dialog in place of the system's.

Answer 1

The way it is working for native apps is ssh-agent. MacOS since Leopard has built in custom agent which is started with the system.

ssh application automatically tries identities loaded into the agent, and it is the agent that shows the keychain access dialog once a password protected identity is added.

You can use ssh-add program to add identities to the agent, then ssh will simply work.

Please note that keys in the agent take precedence over the keys supplied in the command line to the ssh (via -i parameter). Sometimes this will make the ssh fail because there were too many erroneous attempts (while it was trying all loaded ssh agent keys)

I am not sure if there is a library interface to the agent; it uses Unix Domain Socket to communicate with ssh and ssh-add programs.

https://help.github.com/articles/working-with-ssh-key-passphrases/ https://developer.apple.com/library/mac/documentation/Darwin/Reference/ManPages/man1/ssh-agent.1.html