ssh tunnel - alternative modes

packages/api/src/utility/crypting.js

@@ -42,31 +42,45 @@ function getEncryptor() {
   return _encryptor;
 }
 
-function encryptConnection(connection) {
+function encryptPasswordField(connection, field) {
   if (
     connection &&
-    connection.password &&
-    !connection.password.startsWith('crypt:') &&
+    connection[field] &&
+    !connection[field].startsWith('crypt:') &&
     connection.passwordMode != 'saveRaw'
   ) {
     return {
       ...connection,
-      password: 'crypt:' + getEncryptor().encrypt(connection.password),
+      [field]: 'crypt:' + getEncryptor().encrypt(connection[field]),
     };
   }
   return connection;
 }
 
-function decryptConnection(connection) {
-  if (connection && connection.password && connection.password.startsWith('crypt:')) {
+function decryptPasswordField(connection, field) {
+  if (connection && connection[field] && connection[field].startsWith('crypt:')) {
     return {
       ...connection,
-      password: getEncryptor().decrypt(connection.password.substring('crypt:'.length)),
+      [field]: getEncryptor().decrypt(connection[field].substring('crypt:'.length)),
     };
   }
   return connection;
 }
 
+function encryptConnection(connection) {
+  connection = encryptPasswordField(connection, 'password');
+  connection = encryptPasswordField(connection, 'sshPassword');
+  connection = encryptPasswordField(connection, 'sshKeyFilePassword');
+  return connection;
+}
+
+function decryptConnection(connection) {
+  connection = decryptPasswordField(connection, 'password');
+  connection = decryptPasswordField(connection, 'sshPassword');
+  connection = decryptPasswordField(connection, 'sshKeyFilePassword');
+  return connection;
+}
+
 module.exports = {
   loadEncryptionKey,
   encryptConnection,

packages/api/src/utility/platformInfo.js

@@ -0,0 +1,27 @@
+const fs = require('fs');
+const os = require('os');
+const path = require('path');
+
+const p = process;
+const platform = p.env.OS_OVERRIDE ? p.env.OS_OVERRIDE : p.platform;
+const isWindows = platform === 'win32';
+const isMac = platform === 'darwin';
+const isLinux = platform === 'linux';
+const isDocker = fs.existsSync('/home/dbgate-docker/build');
+
+const platformInfo = {
+  isWindows,
+  isMac,
+  isLinux,
+  isDocker,
+  isSnap: p.env.ELECTRON_SNAP,
+  isPortable: isWindows && p.env.PORTABLE_EXECUTABLE_DIR,
+  isAppImage: p.env.DESKTOPINTEGRATION === 'AppImageLauncher',
+  sshAuthSock: p.env.SSH_AUTH_SOCK,
+  environment: process.env.NODE_ENV,
+  platform,
+  runningInWebpack: !!p.env.WEBPACK_DEV_SERVER_URL,
+  defaultKeyFile: path.join(os.homedir(), '.ssh/id_rsa'),
+};
+
+module.exports = platformInfo;

packages/api/src/utility/sshTunnel.js

@@ -1,7 +1,9 @@
 const { SSHConnection } = require('node-ssh-forward');
+const fs = require('fs-extra');
 const portfinder = require('portfinder');
 const stableStringify = require('json-stable-stringify');
 const _ = require('lodash');
+const platformInfo = require('./platformInfo');
 
 const sshConnectionCache = {};
 const sshTunnelCache = {};
@@ -16,11 +18,14 @@ async function getSshConnection(connection) {
   const sshConfig = {
     endHost: connection.sshHost || '',
     endPort: connection.sshPort || 22,
-    bastionHost: '',
-    agentForward: false,
-    passphrase: undefined,
+    bastionHost: connection.sshBastionHost || '',
+    agentForward: connection.sshMode == 'agent',
+    passphrase: connection.sshMode == 'keyFile' ? connection.sshKeyFilePassword : undefined,
     username: connection.sshLogin,
-    password: connection.sshPassword,
+    password: connection.sshMode == 'userPassword' ? connection.sshPassword : undefined,
+    agentSocket: connection.sshMode == 'agent' ? platformInfo.sshAuthSock : undefined,
+    privateKey:
+      connection.sshMode == 'keyFile' && connection.sshKeyFile ? await fs.readFile(connection.sshKeyFile) : undefined,
     skipAutoPrivateKey: true,
     noReadline: true,
   };