Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add certificate based authentication to Ghidra Remote Debugging via SSH #6448

Open
marknelsonengineer-student opened this issue Apr 20, 2024 · 1 comment
Open

Add certificate based authentication to Ghidra Remote Debugging via SSH #6448

marknelsonengineer-student opened this issue Apr 20, 2024 · 1 comment
Assignees
@nsadeveloper789
Labels
Feature: Debugger Status: Waiting on customer Waiting for customer feedback

Comments

@marknelsonengineer-student
Copy link

Remote gdb via ssh is currently only authenticated using username/password. We are respectfully requesting the addition of certificate-based authentication because:

  • Most cloud-based providers use certificate based authentication and we actually have to weaken authentication to use Ghidra's debugger on those systems.
  • As a teacher, I want to encourage students to use good, secure administration practices. I also want to teach students how to use Ghidra. Our teaching environments have to go against best practices for authentication to use Ghidra.

Thank you for Ghidra -- my students and I love this tool.
@nsadeveloper789
Copy link
Contributor

I assume you are using the latest release, and not building from source?

It's likely the next (non-patch) release will have the requested feature. If you are able and willing, could you build the latest development code from source and give it a try. The new system, instead of using a Java-based SSH library, just shells out to your installed ssh command. In theory, if that's configured to use certificates, then it'll just work.

  1. Build and install Ghidra from a clone of the latest source.
  2. Start a new project (so you don't risk breaking any existing program databases.)
  3. Import a target.
  4. Delete your Debugger Tool, and re-import it from the defaults (Tools → Import Default Tools)
  5. Open your target in the Debugger Tool.
  6. Click the drop-down by the Launch button and select gdb via ssh.
  7. Fill out the fields. There should be a field in there for extra arguments to ssh, if those are necessary.
  8. Click Launch.
  9. Pay attention to the terminal. It might prompt for a password. Take note whether its for the user's password or the password to unlock a private key.
  10. Let me know how it goes.

If this is already what you're doing, then I'm sorry for the pedantic response. If it's not working, then I'd be interested in the steps to reproduce the authentication failure when certificates are required.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@nsadeveloper789 nsadeveloper789

Labels
Feature: Debugger Status: Waiting on customer Waiting for customer feedback
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ryanmkurtz @nsadeveloper789 @marknelsonengineer-student