Add support for system ssh-agent

hugoduncan · hugoduncan · commit b857bd2d4471 · 2012-05-14T21:51:56.000-04:00
Support the system ssh-agent (or pageant on windows when using putty) via
jsch-agent-proxy. Introduces a new agent function, clj-ssh.ssh/ssh-agent.
diff --git a/pom.xml b/pom.xml
@@ -97,7 +97,12 @@
     <dependency>
       <groupId>com.jcraft</groupId>
       <artifactId>jsch</artifactId>
-      <version>0.1.44-1</version>
+      <version>${jsch.version}</version>
+    </dependency>
+    <dependency>
+      <groupId>jsch-agent-proxy</groupId>
+      <artifactId>jsch-agent-proxy</artifactId>
+      <version>0.0.4-SNAPSHOT</version>
     </dependency>
     <dependency>
       <groupId>log4j</groupId>
@@ -149,5 +154,6 @@
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
     <clojure.version>1.2.0</clojure.version>
     <slingshot.version>0.2.0</slingshot.version>
+    <jsch.version>0.1.48</jsch.version>
   </properties>
 </project>
diff --git a/src/clj_ssh/agent.clj b/src/clj_ssh/agent.clj
@@ -0,0 +1,38 @@
+(ns clj-ssh.agent
+  "Agent integration (using jsch-agent-proxy)"
+  (:require
+   [clojure.tools.logging :as logging])
+  (:import
+   com.jcraft.jsch.JSch
+   [com.jcraft.jsch.agentproxy
+    AgentProxyException Connector RemoteIdentityRepository]
+   [com.jcraft.jsch.agentproxy.connector
+    PageantConnector SSHAgentConnector]
+   com.jcraft.jsch.agentproxy.usocket.JNAUSocketFactory))
+
+(defn sock-agent-connector
+  []
+  (when (SSHAgentConnector/isConnectorAvailable)
+    (try
+      (let [usf (JNAUSocketFactory.)]
+        (SSHAgentConnector. usf))
+      (catch AgentProxyException e
+        (logging/warnf
+         e "Failed to load JNA connector, although SSH_AUTH_SOCK is set")))))
+
+(defn pageant-connector
+  []
+  (when (PageantConnector/isConnectorAvailable)
+    (try
+      (PageantConnector.)
+      (catch AgentProxyException e
+        (logging/warn
+         e "Failed to load Pageant connector, although running on windows")))))
+
+(defn connect
+  "Connect the specified jsch object to the system ssh-agent."
+  [^JSch jsch]
+  (when-let [connector (or (sock-agent-connector) (pageant-connector))]
+    (doto jsch
+      ;(.setConfig "PreferredAuthentications" "publickey")
+      (.setIdentityRepository (RemoteIdentityRepository. connector)))))
diff --git a/src/clj_ssh/ssh.clj b/src/clj_ssh/ssh.clj
@@ -38,6 +38,7 @@ Leiningen (http://github.com/technomancy/leiningen).
 
 Licensed under EPL (http://www.eclipse.org/legal/epl-v10.html)"
   (:require
+   [clj-ssh.agent :as agent]
    [clj-ssh.keychain :as keychain]
    [clj-ssh.reflect :as reflect]
    [clojure.java.io :as io]
@@ -177,6 +178,11 @@ Licensed under EPL (http://www.eclipse.org/legal/epl-v10.html)"
              (logging/error "Passphrase required, but none findable."))
            (add-identity agent identity))))))
 
+(defn ssh-agent
+  "Create an agent that uses the system ssh-agent (or paegant on windows)."
+  []
+  (doto (JSch.) (agent/connect)))
+
 (defn create-ssh-agent
   "Create an ssh-agent. By default try and add the current user's id_rsa key."
   ([] (create-ssh-agent true))
diff --git a/test/clj_ssh/ssh_test.clj b/test/clj_ssh/ssh_test.clj
@@ -137,7 +137,18 @@ list, Alan Dipert and MeikelBrandmeyer."
        (.getBytes (slurp (public-key-path)))
        nil)
       (is (= 1 (count (.getIdentityNames *ssh-agent*))))
-      (is (= "name" (first (.getIdentityNames *ssh-agent*)))))))
+      (is (= "name" (first (.getIdentityNames *ssh-agent*))))))
+  (testing "ssh-agent"
+    (with-ssh-agent (ssh-agent)
+      (let [n (count (.getIdentityNames *ssh-agent*))]
+        (add-identity
+         *ssh-agent*
+         "name"
+         (.getBytes (slurp (private-key-path)))
+         (.getBytes (slurp (public-key-path)))
+         nil)
+        (is (= (inc n) (count (.getIdentityNames *ssh-agent*)))))
+      (is (some #(= "name" %) (.getIdentityNames *ssh-agent*))))))
 
 (deftest has-identity?-test
   (let [key (private-key-path)]
