Prompt for SSH key encryption passwords on connection

[robled]

I'm running Pisth version 11.3.1. If an encrypted SSH private key is added to the client, it seems that the passphrase for decrypting that SSH private key is saved in the host profile. It seems that this passphrase is stored permanently (plaintext?). The private key should remain encrypted on disk at all times, and only decrypted in-memory when the user connects to a host and enters the passphrase.

[ColdGrub1384]

The passphrase is stored in the iOS keychain, which is encrypted.

Pisth/Pisth Shared/Pisth Shared/View controllers/ConnectionInfoTableViewController.swift

Line 162 in 286468c

KeychainWrapper.standard.set(data, forKey: pubKey)

Pisth/Pisth Shared/Pisth Shared/View controllers/ConnectionInfoTableViewController.swift

Line 170 in 286468c

KeychainWrapper.standard.set(data, forKey: privKey)

[robled]

Oh, that's pretty cool! Does this mean that I should see an entry for it in Settings -> Passwords & Accounts? Is it decrypted at connection time via Face ID? Apologies for all the basic questions, as I'm pretty new to iOS.

Not sure if I missed something in the UI, but since other SSH clients make it fairly clear to the user that the key is encrypted on-disk, it might be helpful to have a little message somewhere near where you put in your passphrase to inform the user of this.

[ColdGrub1384]

Passwords are not stored in Passwords & Accounts. By Keychain, I meant an API by Apple to encrypt things in apps. https://developer.apple.com/documentation/security/keychain_services

I will add a message for making clear the data is encrypted