You are here

Bind to SSH Agent service

Intents using Bind to SSH Agent service

IBinder for an instance of the AndroidAuthAgent AIDL interface. This interface allows the intent-invoking app to use the intent-serving app as an SSH-Agent.

This intent is used to bind to a service which exposes the AndroidAuthAgent AIDL interface, allowing one app to use another as it's SSH agent.

As part of the development of Agit (Git client for Android) I created a patch of ConnectBot which allows Agit, and other android apps, to use ConnectBot as an ssh-agent. This means that the client apps don't need to actually manage or even store SSH keys themselves, which is pretty cool. You only need to trust one app with your SSH keys - that's ConnectBot, which already has great infrastructure for managing public keys - and all other apps defer to it for signing the cryptographic-challenges required to initiate an SSH session. It works really well - it's a symphony of cryptography and inter-process communication!

This is the bound interface, which the invoking-app can call when making an SSH connection in order to sign the cryptographic-challenges it receives (keys and signatures are OpenSSH-format encoded):

There's a pull-request ( ) to get this functionality merged back into ConnectBot, but unfortunately it looks like original version of ConnectBot is no longer maintained. I've distributed a patched version here:

The ssh-agent patch is also incorporated into this actively maintained fork of ConnectBot by Martin Matuška:

The invoking app will need the org.openintents.ssh.permission.ACCESS_SSH_AGENT permission to invoke the intent and bind to the ssh-agent.

A simple demo implementation (as opposed to the much larger ConnectBot implementation) of an SSH-Agent app can be found here:

Status of intents protocol: