iterate-ch · dkocher · Jan 13, 2022 · Dec 23, 2021
@@ -43,6 +43,7 @@
 import ch.cyberduck.core.sftp.openssh.OpenSSHCredentialsConfigurator;
 import ch.cyberduck.core.sftp.openssh.OpenSSHHostnameConfigurator;
 import ch.cyberduck.core.sftp.openssh.OpenSSHIdentitiesOnlyConfigurator;
+import ch.cyberduck.core.sftp.openssh.OpenSSHIdentityAgentConfigurator;
 import ch.cyberduck.core.sftp.openssh.OpenSSHJumpHostConfigurator;
 import ch.cyberduck.core.sftp.openssh.OpenSSHPreferredAuthenticationsConfigurator;
 import ch.cyberduck.core.sftp.putty.PageantAuthenticator;
@@ -220,22 +221,22 @@ public boolean alert(final ConnectionCallback prompt) throws BackgroundException
         }
         if(!preferences.getBoolean(String.format("ssh.algorithm.whitelist.%s", host.getHostname()))) {
             if(preferences.getList("ssh.algorithm.cipher.blacklist").contains(algorithms.getClient2ServerCipherAlgorithm())) {
-                alert(prompt, algorithms.getClient2ServerCipherAlgorithm());
+                this.alert(prompt, algorithms.getClient2ServerCipherAlgorithm());
             }
             if(preferences.getList("ssh.algorithm.cipher.blacklist").contains(algorithms.getServer2ClientCipherAlgorithm())) {
-                alert(prompt, algorithms.getServer2ClientCipherAlgorithm());
+                this.alert(prompt, algorithms.getServer2ClientCipherAlgorithm());
             }
             if(preferences.getList("ssh.algorithm.mac.blacklist").contains(algorithms.getClient2ServerMACAlgorithm())) {
-                alert(prompt, algorithms.getClient2ServerMACAlgorithm());
+                this.alert(prompt, algorithms.getClient2ServerMACAlgorithm());
             }
             if(preferences.getList("ssh.algorithm.mac.blacklist").contains(algorithms.getServer2ClientMACAlgorithm())) {
-                alert(prompt, algorithms.getServer2ClientMACAlgorithm());
+                this.alert(prompt, algorithms.getServer2ClientMACAlgorithm());
             }
             if(preferences.getList("ssh.algorithm.kex.blacklist").contains(algorithms.getKeyExchangeAlgorithm())) {
-                alert(prompt, algorithms.getKeyExchangeAlgorithm());
+                this.alert(prompt, algorithms.getKeyExchangeAlgorithm());
             }
             if(preferences.getList("ssh.algorithm.signature.blacklist").contains(algorithms.getSignatureAlgorithm())) {
-                alert(prompt, algorithms.getSignatureAlgorithm());
+                this.alert(prompt, algorithms.getSignatureAlgorithm());
             }
         }
         return super.alert(prompt);
@@ -286,7 +287,9 @@ private void authenticate(final SSHClient client, final Host host, final LoginCa
                         defaultMethods.add(new SFTPAgentAuthentication(client, new PageantAuthenticator()));
                         break;
                     default:
-                        defaultMethods.add(new SFTPAgentAuthentication(client, new OpenSSHAgentAuthenticator()));
+                        defaultMethods.add(new SFTPAgentAuthentication(client, new OpenSSHAgentAuthenticator(
+                                new OpenSSHIdentityAgentConfigurator().getIdentityAgent(host.getHostname())
+                        )));
                         break;
                 }
             }

@@ -38,9 +38,9 @@ public class OpenSSHAgentAuthenticator extends AgentAuthenticator {
 
     private AgentProxy proxy;
 
-    public OpenSSHAgentAuthenticator() {
+    public OpenSSHAgentAuthenticator(final String socket) {
         try {
-            proxy = new AgentProxy(new SSHAgentConnector(new JNAUSocketFactory()));
+            proxy = new AgentProxy(new SSHAgentConnector(new JNAUSocketFactory(), socket));
         }
         catch(AgentProxyException e) {
             log.warn(String.format("Agent proxy %s failed with %s", this, e));

@@ -0,0 +1,46 @@
+package ch.cyberduck.core.sftp.openssh;
+
+/*
+ * Copyright (c) 2012 David Kocher. All rights reserved.
+ * http://cyberduck.ch/
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * Bug fixes, suggestions and comments should be sent to:
+ * dkocher@cyberduck.ch
+ */
+
+import ch.cyberduck.core.LocalFactory;
+import ch.cyberduck.core.sftp.openssh.config.transport.OpenSshConfig;
+
+public class OpenSSHIdentityAgentConfigurator {
+    private final OpenSshConfig configuration;
+
+    public OpenSSHIdentityAgentConfigurator() {
+        this(new OpenSshConfig(LocalFactory.get(LocalFactory.get(LocalFactory.get(), ".ssh"), "config")));
+    }
+
+    public OpenSSHIdentityAgentConfigurator(final OpenSshConfig configuration) {
+        this.configuration = configuration;
+    }
+
+    public String getIdentityAgent(final String alias) {
+        return configuration.lookup(alias).getIdentityAgent();
+    }
+
+    @Override
+    public String toString() {
+        final StringBuilder sb = new StringBuilder("OpenSSHIdentityAgentConfigurator{");
+        sb.append("configuration=").append(configuration);
+        sb.append('}');
+        return sb.toString();
+    }
+}
@@ -77,7 +77,7 @@ public class OpenSshConfig {
      * Cached entries read out of the configuration file.
      */
     private Map<String, Host> hosts
-        = Collections.emptyMap();
+            = Collections.emptyMap();
 
     /**
      * Obtain the user's configuration data.
@@ -226,6 +226,13 @@ else if("IdentityFile".equalsIgnoreCase(keyword)) {
                     }
                 }
             }
+            else if("IdentityAgent".equalsIgnoreCase(keyword)) {
+                for(final Host c : current) {
+                    if(c.identityAgent == null) {
+                        c.identityAgent = dequote(argValue);
+                    }
+                }
+            }
             else if("PreferredAuthentications".equalsIgnoreCase(keyword)) {
                 for(final Host c : current) {
                     if(c.preferredAuthentications == null) {
@@ -308,6 +315,7 @@ public static class Host {
         String proxyJump;
         int port;
         Local identityFile;
+        String identityAgent;
         String user;
         String preferredAuthentications;
         Boolean identitiesOnly;
@@ -326,6 +334,9 @@ void copyFrom(final Host src) {
             if(identityFile == null) {
                 identityFile = src.identityFile;
             }
+            if(identityAgent == null) {
+                identityAgent = src.identityAgent;
+            }
             if(user == null) {
                 user = src.user;
             }
@@ -366,6 +377,13 @@ public Local getIdentityFile() {
             return identityFile;
         }
 
+        /**
+         * @return Specifies the UNIX-domain socket used to communicate with the authentication agent.
+         */
+        public String getIdentityAgent() {
+            return identityAgent;
+        }
+
         /**
          * @return the real user name to connect as; never null.
          */
@@ -403,6 +421,7 @@ public String toString() {
             sb.append(", proxyJump='").append(proxyJump).append('\'');
             sb.append(", port=").append(port);
             sb.append(", identityFile=").append(identityFile);
+            sb.append(", identityAgent=").append(identityAgent);
             sb.append(", user='").append(user).append('\'');
             sb.append(", preferredAuthentications='").append(preferredAuthentications).append('\'');
             sb.append(", identitiesOnly=").append(identitiesOnly);

@@ -33,7 +33,7 @@ public class OpenSSHAgentAuthenticatorTest {
     @Test
     @Ignore
     public void testGetIdentities() {
-        final OpenSSHAgentAuthenticator authenticator = new OpenSSHAgentAuthenticator();
+        final OpenSSHAgentAuthenticator authenticator = new OpenSSHAgentAuthenticator(null);
         final Collection<Identity> identities = authenticator.getIdentities();
         assertNotNull(authenticator.getProxy());
         assertFalse(identities.isEmpty());