osal.sshagent #

SSH Agent Module

SSH agent management library for V language. Provides secure key handling, agent lifecycle control, and remote integration.

Features

Manage SSH keys (generate, load, import)
Single agent per user with auto-cleanup
Start/stop/reset agent easily
Diagnostics and status checks
Push keys to remote nodes & verify access
Security-first (file permissions, socket handling)

Platform Support

Linux, macOS
Windows (not yet supported)

Quick Start

import incubaid.herolib.osal.sshagent

mut agent := sshagent.new()!
mut key := agent.generate('my_key', '')!
key.load()!
println(agent)

Usage

Agent

mut agent := sshagent.new()!
mut agent := sshagent.new(homepath: '/custom/ssh/path')!
mut agent := sshagent.new_single()!

Keys

mut key := agent.generate('my_key', '')!
agent.add('imported_key', privkey)!
key.load()!
if agent.exists(name: 'my_key') { println('Key exists') }
agent.forget('my_key')!

Agent Ops

println(agent.diagnostics())
println(agent.keys_loaded()!)
agent.reset()!

Remote

import incubaid.herolib.builder

mut node := builder.node_new(ipaddr: 'user@remote:22')!
agent.push_key_to_node(mut node, 'my_key')!

Security

Private keys set to 0600
Secure sockets & user isolation
Validated inputs & safe memory handling

Examples

See examples/osal/sshagent/ for demos.

Testing

v test lib/osal/sshagent/

fn agent_check #

fn agent_check(mut agent SSHAgent) !

Check if SSH agent is properly configured and all is good

fn agent_status #

fn agent_status() !map[string]string

check if SSH agent is properly configured and running

fn check_system_security #

fn check_system_security() !map[string]string

check_system_security performs basic system security checks

fn get_secure_socket_path #

fn get_secure_socket_path(user string) !string

get_secure_socket_path returns a secure socket path for the given user

fn loaded #

fn loaded() bool

fn new #

fn new(args_ SSHAgentNewArgs) !SSHAgent

fn new_single #

fn new_single(args_ SSHAgentNewArgs) !SSHAgent

create new SSH agent with single instance guarantee

fn play #

fn play(mut plbook PlayBook) !

fn remote_auth #

fn remote_auth(mut agent SSHAgent, node_addr string, key_name string) !

Add public key to authorized_keys on remote node

fn remote_copy #

fn remote_copy(mut agent SSHAgent, node_addr string, key_name string) !

Copy private key to remote node

fn sanitize_environment_variables #

fn sanitize_environment_variables()

sanitize_environment_variables cleans SSH-related environment variables

fn secure_file_permissions #

fn secure_file_permissions(file_path string, is_private bool) !

secure_file_permissions sets appropriate permissions for SSH key files

fn sshkey_check #

fn sshkey_check(mut agent SSHAgent, name string) !

Check if SSH key is valid

fn sshkey_create #

fn sshkey_create(mut agent SSHAgent, name string, passphrase string) !

Create a new SSH key

fn sshkey_delete #

fn sshkey_delete(mut agent SSHAgent, name string) !

Delete an SSH key

fn sshkey_load #

fn sshkey_load(mut agent SSHAgent, name string) !

Load SSH key into agent

fn validate_file_path #

fn validate_file_path(path string, base_dir string) !string

validate_file_path ensures file paths are safe and within expected directories

fn validate_key_name #

fn validate_key_name(name string) !string

validate_key_name ensures SSH key names are safe and follow conventions

fn validate_passphrase #

fn validate_passphrase(passphrase string) !string

validate_passphrase checks passphrase strength (basic validation)

fn validate_private_key #

fn validate_private_key(privkey string) !string

validate_private_key checks if the provided string is a valid SSH private key

enum SSHKeyCat #

enum SSHKeyCat {
	ed25519
	rsa
}

struct KeyGetArgs #

@[params]

struct KeyGetArgs {
pub mut:
	pubkey string
	// privkey string	
	// privkey_path string
	name string
}

struct SSHAgent #

@[heap]

struct SSHAgent {
pub mut:
	keys     []SSHKey
	active   bool
	homepath pathlib.Path
}

fn (SSHAgent) add #

fn (mut agent SSHAgent) add(name string, privkey_ string) !SSHKey

load the key, they key is content (private key) . a name is required

fn (SSHAgent) cleanup_orphaned_agents #

fn (mut agent SSHAgent) cleanup_orphaned_agents() !

cleanup orphaned ssh-agent processes, means all agents for the logged in user

fn (SSHAgent) diagnostics #

fn (mut agent SSHAgent) diagnostics() map[string]string

get agent status and diagnostics

fn (SSHAgent) ensure_single_agent #

fn (mut agent SSHAgent) ensure_single_agent() !

ensure only one SSH agent is running for the current user

fn (SSHAgent) exists #

fn (mut agent SSHAgent) exists(args KeyGetArgs) bool

fn (SSHAgent) forget #

fn (mut agent SSHAgent) forget(name string) !

forget the specified key

fn (SSHAgent) generate #

fn (mut agent SSHAgent) generate(name string, passphrase string) !SSHKey

returns path to sshkey

fn (SSHAgent) get #

fn (mut agent SSHAgent) get(args_ KeyGetArgs) ?SSHKey

fn (SSHAgent) init #

fn (mut agent SSHAgent) init() !

get all keys from sshagent and from the local .ssh dir

fn (SSHAgent) is_agent_responsive #

fn (mut agent SSHAgent) is_agent_responsive() bool

check if current agent is responsive

fn (SSHAgent) keys_loaded #

fn (mut agent SSHAgent) keys_loaded() ![]SSHKey

fn (SSHAgent) load #

fn (mut agent SSHAgent) load(keypath string) !SSHKey

load key starting from path to private key

fn (SSHAgent) push_key_to_node #

fn (mut agent SSHAgent) push_key_to_node(mut node builder.Node, key_name string) !

push SSH public key to a remote node's authorized_keys

fn (SSHAgent) remove_key_from_node #

fn (mut agent SSHAgent) remove_key_from_node(mut node builder.Node, key_name string) !

remove SSH public key from a remote node's authorized_keys

fn (SSHAgent) reset #

fn (mut agent SSHAgent) reset() !

unload all ssh keys

fn (SSHAgent) start_agent_with_socket #

fn (mut agent SSHAgent) start_agent_with_socket(socket_path string) !

start new ssh-agent with specific socket path

fn (SSHAgent) str #

fn (mut agent SSHAgent) str() string

fn (SSHAgent) verify_key_access #

fn (mut agent SSHAgent) verify_key_access(mut node builder.Node, key_name string) !bool

verify SSH key access to remote node

struct SSHAgentNewArgs #

@[params]

struct SSHAgentNewArgs {
pub mut:
	homepath string
}

struct SSHKey #

@[heap]

struct SSHKey {
pub mut:
	name   string
	pubkey string
	loaded bool
	email  string
	agent  &SSHAgent @[skip; str: skip]
	cat    SSHKeyCat
}

fn (SSHKey) keypath #

fn (mut key SSHKey) keypath() !pathlib.Path

fn (SSHKey) keypath_pub #

fn (mut key SSHKey) keypath_pub() !pathlib.Path

fn (SSHKey) keypub #

fn (mut key SSHKey) keypub() !string

fn (SSHKey) forget #

fn (mut key SSHKey) forget() !

load the key, they key is content, other keys will be unloaded

fn (SSHKey) str #

fn (mut key SSHKey) str() string

fn (SSHKey) load #

fn (mut key SSHKey) load() !

README
fn agent_check
fn agent_status
fn check_system_security
fn get_secure_socket_path
fn loaded
fn new
fn new_single
fn play
fn remote_auth
fn remote_copy
fn sanitize_environment_variables
fn secure_file_permissions
fn sshkey_check
fn sshkey_create
fn sshkey_delete
fn sshkey_load
fn validate_file_path
fn validate_key_name
fn validate_passphrase
fn validate_private_key
enum SSHKeyCat
struct KeyGetArgs
struct SSHAgent
- fn add
- fn cleanup_orphaned_agents
- fn diagnostics
- fn ensure_single_agent
- fn exists
- fn forget
- fn generate
- fn get
- fn init
- fn is_agent_responsive
- fn keys_loaded
- fn load
- fn push_key_to_node
- fn remove_key_from_node
- fn reset
- fn start_agent_with_socket
- fn str
- fn verify_key_access
struct SSHAgentNewArgs
struct SSHKey
- fn keypath
- fn keypath_pub
- fn keypub
- fn forget
- fn str
- fn load