Skip to content
This repository was archived by the owner on Aug 26, 2025. It is now read-only.

Commit c644bfe

Browse files
authored
Merge pull request #23 from beekeeper-studio/encrypted-ppk
encrypted ppk support
2 parents 54f9d5a + 12e0283 commit c644bfe

2 files changed

Lines changed: 8 additions & 2 deletions

File tree

README.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -95,6 +95,7 @@ Options are an object with following properties:
9595
* `endPort` (optional): Port number of the server. Needed in case the server runs on a custom port (defaults to `22`)
9696
* `bastionHost` (optional): You can specify a bastion host if you want
9797
* `passphrase` (optional): You can specify the passphrase when you have an encrypted private key. If you don't specify the passphrase and you use an encrypted private key, you get prompted in the command line.
98+
* `noReadline` (optional): Don't prompt for private key passphrases using readline (eg if this is not run in an interactive session)
9899

99100
#### `connection.executeCommand(command: string): Promise<void>`
100101

src/Connection.ts

Lines changed: 7 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -34,6 +34,7 @@ interface Options {
3434
endHost: string
3535
agentSocket?: string,
3636
skipAutoPrivateKey?: boolean
37+
noReadline?: boolean
3738
}
3839

3940
interface ForwardingOptions {
@@ -176,8 +177,12 @@ class SSHConnection {
176177
if (stream) {
177178
options['sock'] = stream
178179
}
179-
if (options.privateKey && options.privateKey.toString().toLowerCase().includes('encrypted')) {
180-
options['passphrase'] = (this.options.passphrase) ? this.options.passphrase : await this.getPassphrase()
180+
// PPK private keys can be encrypted, but won't contain the word 'encrypted'
181+
// in fact they always contain a `encryption` header, so we can't do a simple check
182+
options['passphrase'] = this.options.passphrase
183+
const looksEncrypted: boolean = this.options.privateKey ? this.options.privateKey.toString().toLowerCase().includes('encrypted') : false
184+
if (looksEncrypted && !options['passphrase'] && !this.options.noReadline ) {
185+
options['passphrase'] = await this.getPassphrase()
181186
}
182187
connection.on('ready', () => {
183188
this.connections.push(connection)

0 commit comments

Comments
 (0)