Allow SSH Public Keys to be stored on machine.

[DomBlack]

This is sort of an extension to #110 and #76

I am using a Ledger Nano S, with 1 keypair per SSH host I connect to. I'm using the sub-shell whenever I want to use git,ssh or scp. Pointing it at a file containing all my public keys;

ledger-agent -v -s ~dom/.ssh/ledger.conf

The problem is on the first command I issue, all public keys are fetched from the Ledger, forcing me to allow it to provide the public key multiple times.

I'm worried that I'll get used to hitting yes, and accidentally hit yes on a connection I'm not expecting.

One solution to this would be to allow me to store the actual public key in the ledger.conf file along side the generation string, meaning the agent can just read them rather than requesting them from device each time I try and use anything.

Related: LedgerHQ/app-ssh-agent#10

[romanz]

Sounds great!
Thanks for the suggestion :)

[romanz]

BTW, following 26d7dd3 the agent will cache all SSH keys during its run - so you can also use the following trick to "split" public key retrieval from actual signature:

$ trezor-agent /path/to/config -s
$ ssh-add -L     # will retrieve public keys from the device (and cache them)
$ ssh user@host  # will sign the challenge (reusing the public keys cached before)

What do you think?

[DomBlack]

That would work, however I'd still be worried about something sneaking into the "allow" loop.

Given enough "per host" keys, even that work around would be annoying, because you could easily be talking about 25+ keys to allow to be fetched.

Where as having them on the machine permiantely, would be a one time "allow key" requirement, followed by automatic reuse every other time the trezor-agent requires the public key

[romanz]

Please take a look :)

[romanz]

I've released new libagent version to PyPI (so please make sure you're using the latest one).

[DomBlack]

That works brilliantly, thank you for adding this feature so quickly!

[romanz]

You're welcome :)