pub struct Agent { /* private fields */ }Expand description
Handle to a running SSH agent.
Thin wrapper over ssh_agent_lib::blocking::Client that translates
its error type into AnvilError and the protocol structs into
more convenient Gitway types.
Implementations§
Source§impl Agent
impl Agent
Sourcepub fn from_env() -> Result<Self, AnvilError>
pub fn from_env() -> Result<Self, AnvilError>
Connects to the agent at $SSH_AUTH_SOCK.
§Errors
Returns AnvilError::invalid_config when $SSH_AUTH_SOCK is
unset or empty, and AnvilError::from an I/O error when the
socket cannot be opened.
Sourcepub fn connect(path: &Path) -> Result<Self, AnvilError>
pub fn connect(path: &Path) -> Result<Self, AnvilError>
Connects to the agent socket at path.
§Errors
Returns AnvilError::from the underlying I/O error when the
socket cannot be opened.
Sourcepub fn list(&mut self) -> Result<Vec<Identity>, AnvilError>
pub fn list(&mut self) -> Result<Vec<Identity>, AnvilError>
Returns the identities currently loaded into the agent.
§Errors
Returns AnvilError on agent protocol or I/O failure.
Sourcepub fn add(
&mut self,
key: &PrivateKey,
lifetime: Option<Duration>,
confirm: bool,
) -> Result<(), AnvilError>
pub fn add( &mut self, key: &PrivateKey, lifetime: Option<Duration>, confirm: bool, ) -> Result<(), AnvilError>
Adds an identity to the agent.
lifetime (if Some) caps how long the agent retains the key;
once elapsed the agent silently evicts it — matching
ssh-add -t <seconds>. confirm asks the agent to prompt the
user interactively before each signing operation (agent-dependent).
§Errors
Returns AnvilError on agent protocol or I/O failure.
Sourcepub fn remove(&mut self, public_key: &PublicKey) -> Result<(), AnvilError>
pub fn remove(&mut self, public_key: &PublicKey) -> Result<(), AnvilError>
Removes a single identity from the agent.
§Errors
Returns AnvilError when the agent rejects the request (e.g.
identity not loaded) or on I/O failure.
Sourcepub fn remove_all(&mut self) -> Result<(), AnvilError>
pub fn remove_all(&mut self) -> Result<(), AnvilError>
Removes all identities from the agent (matches ssh-add -D).
§Errors
Returns AnvilError on agent protocol or I/O failure.
Sourcepub fn lock(&mut self, passphrase: &Zeroizing<String>) -> Result<(), AnvilError>
pub fn lock(&mut self, passphrase: &Zeroizing<String>) -> Result<(), AnvilError>
Locks the agent with a passphrase (matches ssh-add -x).
The agent refuses all signing requests until unlock
is called with the same passphrase.
§Errors
Returns AnvilError when the agent rejects the passphrase or
on I/O failure. The passphrase string passed through to
ssh-agent-lib is a fresh String derived from passphrase; the
caller’s Zeroizing buffer is not moved.
Sourcepub fn unlock(
&mut self,
passphrase: &Zeroizing<String>,
) -> Result<(), AnvilError>
pub fn unlock( &mut self, passphrase: &Zeroizing<String>, ) -> Result<(), AnvilError>
Unlocks a previously-locked agent (matches ssh-add -X).
§Errors
Returns AnvilError when the agent rejects the passphrase or
on I/O failure.
Sourcepub fn sign(
&mut self,
public_key: &PublicKey,
data: &[u8],
) -> Result<Signature, AnvilError>
pub fn sign( &mut self, public_key: &PublicKey, data: &[u8], ) -> Result<Signature, AnvilError>
Asks the agent to sign data with the loaded private key whose
public counterpart matches public_key.
For RSA keys the request carries SSH_AGENT_RSA_SHA2_512
(flag = 4) so the agent returns an rsa-sha2-512 signature —
matching OpenSSH’s -Y sign default and the one SSHSIG
verifiers expect. Ed25519 and ECDSA ignore the flag field; the
algorithm is fixed by the key type.
SHA-1 ssh-rsa downgrade (flag = 0 on an RSA key) is not
requested here — OpenSSH 8.2+ (Jan 2020) always asks for
SHA-2, and our own daemon rejects SHA-1 RSA requests in
crate::agent::daemon.
§Errors
Returns AnvilError when the agent rejects the request
(commonly because the key is not loaded, the agent is locked,
or a --confirm prompt was denied) or on I/O failure.