Skip to content

feat: Browser-side SSH Key Generation#303

Draft
mkitti wants to merge 1 commit intomainfrom
mkitti-frontend-ssh-key-generator
Draft

feat: Browser-side SSH Key Generation#303
mkitti wants to merge 1 commit intomainfrom
mkitti-frontend-ssh-key-generator

Conversation

@mkitti
Copy link
Contributor

@mkitti mkitti commented Jan 23, 2026

This pull request adds browser-side SSH key generation utility code. The Web Crypto API is used to implement the underlying cryptographic algorithms. The code currently implements Ed25519 with a fallback to RSA-4096 if Ed25519 is not available.

The generated keys are checked against the ssh-keygen command line utility for compatability.

This is a draft request for evaluation of this alternative approach to server-side SSH key generation.

Advantages

  • SSH private keys may stay entirely on the client side and never need to be communicated with the server. This more closely mimics the standard procedure for SSH key generation where the SSH server only sees the public key.
  • Private key handling concerns are no longer required of the Python backend.

Disadvantages

  • The SSH key generation environment is less controlled.
  • The current implementation does not allow for a SSH private key passphrase. However, it could be added later by ssh-keygen.

Next Steps

  • I am currently looking into adding SSH private key passphrase capability. This is complicated and may require an additional dependency such as bcryptjs
  • I will defer the frontend user interface integration to others.

@krokicki
Copy link
Member

krokicki commented Jan 23, 2026

Thanks, @mkitti. As we discussed, we’re going to hold off on implementing this for now so we can keep the door open for adding server-side key submission.

@mkitti
Copy link
Contributor Author

mkitti commented Jan 23, 2026
edited
Loading

This is just an extraction of the key generation code from my earlier single HTML prototype. The main purpose is to assess viability of this approach.

The progression here would be for the frontend to communicate the public key to the server in order for it to be added to the ~/.ssh/authorized_keys file similar to how public keys are added to Github. The private key could be either added to Seqera or retained by the user on their client machine for alternate uses.

I am thus not sure how this precludes server side key submission, unless I misunderstand what you mean by that. Do you mean we would automate the submission of the private key to Seqera?

@krokicki
Copy link
Member

krokicki commented Jan 23, 2026
edited
Loading

Do you mean we would automate the submission of the private key to Seqera?

Yes.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mkitti @krokicki