@theia/remote 1.43.0

package/src/electron-node/setup/remote-setup-service.ts

@@ -0,0 +1,197 @@
+// *****************************************************************************
+// Copyright (C) 2023 TypeFox and others.
+//
+// This program and the accompanying materials are made available under the
+// terms of the Eclipse Public License v. 2.0 which is available at
+// http://www.eclipse.org/legal/epl-2.0.
+//
+// This Source Code may also be made available under the following Secondary
+// Licenses when the conditions for such availability set forth in the Eclipse
+// Public License v. 2.0 are satisfied: GNU General Public License, version 2
+// with the GNU Classpath Exception which is available at
+// https://www.gnu.org/software/classpath/license.html.
+//
+// SPDX-License-Identifier: EPL-2.0 OR GPL-2.0-only WITH Classpath-exception-2.0
+// *****************************************************************************
+
+import { inject, injectable } from '@theia/core/shared/inversify';
+import { RemoteConnection, RemoteExecResult, RemotePlatform, RemoteStatusReport } from '../remote-types';
+import { ApplicationPackage } from '@theia/core/shared/@theia/application-package';
+import { RemoteCopyService } from './remote-copy-service';
+import { RemoteNativeDependencyService } from './remote-native-dependency-service';
+import { OS, THEIA_VERSION } from '@theia/core';
+import { RemoteNodeSetupService } from './remote-node-setup-service';
+import { RemoteSetupScriptService } from './remote-setup-script-service';
+
+export interface RemoteSetupOptions {
+    connection: RemoteConnection;
+    report: RemoteStatusReport;
+    nodeDownloadTemplate?: string;
+}
+
+@injectable()
+export class RemoteSetupService {
+
+    @inject(RemoteCopyService)
+    protected readonly copyService: RemoteCopyService;
+
+    @inject(RemoteNativeDependencyService)
+    protected readonly nativeDependencyService: RemoteNativeDependencyService;
+
+    @inject(RemoteNodeSetupService)
+    protected readonly nodeSetupService: RemoteNodeSetupService;
+
+    @inject(RemoteSetupScriptService)
+    protected readonly scriptService: RemoteSetupScriptService;
+
+    @inject(ApplicationPackage)
+    protected readonly applicationPackage: ApplicationPackage;
+
+    async setup(options: RemoteSetupOptions): Promise<void> {
+        const {
+            connection,
+            report,
+            nodeDownloadTemplate
+        } = options;
+        report('Identifying remote system...');
+        // 1. Identify remote platform
+        const platform = await this.detectRemotePlatform(connection);
+        // 2. Setup home directory
+        const remoteHome = await this.getRemoteHomeDirectory(connection, platform);
+        const applicationDirectory = this.scriptService.joinPath(platform, remoteHome, `.${this.getRemoteAppName()}`);
+        await this.mkdirRemote(connection, platform, applicationDirectory);
+        // 3. Download+copy node for that platform
+        const nodeFileName = this.nodeSetupService.getNodeFileName(platform);
+        const nodeDirName = this.nodeSetupService.getNodeDirectoryName(platform);
+        const remoteNodeDirectory = this.scriptService.joinPath(platform, applicationDirectory, nodeDirName);
+        const nodeDirExists = await this.dirExistsRemote(connection, remoteNodeDirectory);
+        if (!nodeDirExists) {
+            report('Downloading and installing Node.js on remote...');
+            // Download the binaries locally and move it via SSH
+            const nodeArchive = await this.nodeSetupService.downloadNode(platform, nodeDownloadTemplate);
+            const remoteNodeZip = this.scriptService.joinPath(platform, applicationDirectory, nodeFileName);
+            await connection.copy(nodeArchive, remoteNodeZip);
+            await this.unzipRemote(connection, platform, remoteNodeZip, applicationDirectory);
+        }
+        // 4. Copy backend to remote system
+        const libDir = this.scriptService.joinPath(platform, applicationDirectory, 'lib');
+        const libDirExists = await this.dirExistsRemote(connection, libDir);
+        if (!libDirExists) {
+            report('Installing application on remote...');
+            const applicationZipFile = this.scriptService.joinPath(platform, applicationDirectory, `${this.getRemoteAppName()}.tar`);
+            await this.copyService.copyToRemote(connection, platform, applicationZipFile);
+            await this.unzipRemote(connection, platform, applicationZipFile, applicationDirectory);
+        }
+        // 5. start remote backend
+        report('Starting application on remote...');
+        const port = await this.startApplication(connection, platform, applicationDirectory, remoteNodeDirectory);
+        connection.remotePort = port;
+    }
+
+    protected async startApplication(connection: RemoteConnection, platform: RemotePlatform, remotePath: string, nodeDir: string): Promise<number> {
+        const nodeExecutable = this.scriptService.joinPath(platform, nodeDir, ...(platform.os === OS.Type.Windows ? ['node.exe'] : ['bin', 'node']));
+        const mainJsFile = this.scriptService.joinPath(platform, remotePath, 'lib', 'backend', 'main.js');
+        const localAddressRegex = /listening on http:\/\/127.0.0.1:(\d+)/;
+        let prefix = '';
+        if (platform.os === OS.Type.Windows) {
+            // We might to switch to PowerShell beforehand on Windows
+            prefix = this.scriptService.exec(platform) + ' ';
+        }
+        // Change to the remote application path and start a node process with the copied main.js file
+        // This way, our current working directory is set as expected
+        const result = await connection.execPartial(`${prefix}cd "${remotePath}";${nodeExecutable}`,
+            stdout => localAddressRegex.test(stdout),
+            [mainJsFile, '--hostname=127.0.0.1', '--port=0', '--remote']);
+
+        const match = localAddressRegex.exec(result.stdout);
+        if (!match) {
+            throw new Error('Could not start remote system: ' + result.stdout);
+        } else {
+            return Number(match[1]);
+        }
+    }
+
+    protected async detectRemotePlatform(connection: RemoteConnection): Promise<RemotePlatform> {
+        const osResult = await connection.exec('uname -s');
+
+        let os: OS.Type | undefined;
+        if (osResult.stderr) {
+            // Only Windows systems return an error stream here
+            os = OS.Type.Windows;
+        } else if (osResult.stdout) {
+            if (osResult.stdout.includes('windows32') || osResult.stdout.includes('MINGW64')) {
+                os = OS.Type.Windows;
+            } else if (osResult.stdout.includes('Linux')) {
+                os = OS.Type.Linux;
+            } else if (osResult.stdout.includes('Darwin')) {
+                os = OS.Type.OSX;
+            }
+        }
+        if (!os) {
+            throw new Error('Failed to identify remote system: ' + osResult.stdout + '\n' + osResult.stderr);
+        }
+        let arch: string | undefined;
+        if (os === OS.Type.Windows) {
+            const wmicResult = await connection.exec('wmic OS get OSArchitecture');
+            if (wmicResult.stdout.includes('64-bit')) {
+                arch = 'x64';
+            } else if (wmicResult.stdout.includes('32-bit')) {
+                arch = 'x86';
+            }
+        } else {
+            const archResult = (await connection.exec('uname -m')).stdout;
+            if (archResult.includes('x86_64')) {
+                arch = 'x64';
+            } else if (archResult.match(/i\d83/)) { // i386, i483, i683
+                arch = 'x86';
+            } else {
+                arch = archResult.trim();
+            }
+        }
+        if (!arch) {
+            throw new Error('Could not identify remote system architecture');
+        }
+        return {
+            os,
+            arch
+        };
+    }
+
+    protected async getRemoteHomeDirectory(connection: RemoteConnection, platform: RemotePlatform): Promise<string> {
+        const result = await connection.exec(this.scriptService.home(platform));
+        return result.stdout.trim();
+    }
+
+    protected getRemoteAppName(): string {
+        const appName = this.applicationPackage.pck.name || 'theia';
+        const appVersion = this.applicationPackage.pck.version || THEIA_VERSION;
+        return `${this.cleanupDirectoryName(`${appName}-${appVersion}`)}-remote`;
+    }
+
+    protected cleanupDirectoryName(name: string): string {
+        return name.replace(/[@<>:"\\|?*]/g, '').replace(/\//g, '-');
+    }
+
+    protected async mkdirRemote(connection: RemoteConnection, platform: RemotePlatform, remotePath: string): Promise<void> {
+        const result = await connection.exec(this.scriptService.mkdir(platform, remotePath));
+        if (result.stderr) {
+            throw new Error('Failed to create directory: ' + result.stderr);
+        }
+    }
+
+    protected async dirExistsRemote(connection: RemoteConnection, remotePath: string): Promise<boolean> {
+        const cdResult = await connection.exec(`cd "${remotePath}"`);
+        return !Boolean(cdResult.stderr);
+    }
+
+    protected async unzipRemote(connection: RemoteConnection, platform: RemotePlatform, remoteFile: string, remoteDirectory: string): Promise<void> {
+        const result = await connection.exec(this.scriptService.unzip(platform, remoteFile, remoteDirectory));
+        if (result.stderr) {
+            throw new Error('Failed to unzip: ' + result.stderr);
+        }
+    }
+
+    protected async executeScriptRemote(connection: RemoteConnection, platform: RemotePlatform, script: string): Promise<RemoteExecResult> {
+        return connection.exec(this.scriptService.exec(platform), [script]);
+    }
+}

package/src/electron-node/ssh/remote-ssh-connection-provider.ts

@@ -0,0 +1,356 @@
+// *****************************************************************************
+// Copyright (C) 2023 TypeFox and others.
+//
+// This program and the accompanying materials are made available under the
+// terms of the Eclipse Public License v. 2.0 which is available at
+// http://www.eclipse.org/legal/epl-2.0.
+//
+// This Source Code may also be made available under the following Secondary
+// Licenses when the conditions for such availability set forth in the Eclipse
+// Public License v. 2.0 are satisfied: GNU General Public License, version 2
+// with the GNU Classpath Exception which is available at
+// https://www.gnu.org/software/classpath/license.html.
+//
+// SPDX-License-Identifier: EPL-2.0 OR GPL-2.0-only WITH Classpath-exception-2.0
+// *****************************************************************************
+
+import * as ssh2 from 'ssh2';
+import * as net from 'net';
+import * as fs from '@theia/core/shared/fs-extra';
+import SftpClient = require('ssh2-sftp-client');
+import { Emitter, Event, MessageService, QuickInputService } from '@theia/core';
+import { inject, injectable } from '@theia/core/shared/inversify';
+import { RemoteSSHConnectionProvider, RemoteSSHConnectionProviderOptions } from '../../electron-common/remote-ssh-connection-provider';
+import { RemoteConnectionService } from '../remote-connection-service';
+import { RemoteProxyServerProvider } from '../remote-proxy-server-provider';
+import { RemoteConnection, RemoteExecOptions, RemoteExecResult, RemoteExecTester, RemoteStatusReport } from '../remote-types';
+import { Deferred, timeout } from '@theia/core/lib/common/promise-util';
+import { SSHIdentityFileCollector, SSHKey } from './ssh-identity-file-collector';
+import { RemoteSetupService } from '../setup/remote-setup-service';
+import { v4 } from 'uuid';
+
+@injectable()
+export class RemoteSSHConnectionProviderImpl implements RemoteSSHConnectionProvider {
+
+    @inject(RemoteConnectionService)
+    protected readonly remoteConnectionService: RemoteConnectionService;
+
+    @inject(RemoteProxyServerProvider)
+    protected readonly serverProvider: RemoteProxyServerProvider;
+
+    @inject(SSHIdentityFileCollector)
+    protected readonly identityFileCollector: SSHIdentityFileCollector;
+
+    @inject(RemoteSetupService)
+    protected readonly remoteSetup: RemoteSetupService;
+
+    @inject(QuickInputService)
+    protected readonly quickInputService: QuickInputService;
+
+    @inject(MessageService)
+    protected readonly messageService: MessageService;
+
+    protected passwordRetryCount = 3;
+    protected passphraseRetryCount = 3;
+
+    async establishConnection(options: RemoteSSHConnectionProviderOptions): Promise<string> {
+        const progress = await this.messageService.showProgress({
+            text: 'Remote SSH'
+        });
+        const report: RemoteStatusReport = message => progress.report({ message });
+        report('Connecting to remote system...');
+        try {
+            const remote = await this.establishSSHConnection(options.host, options.user);
+            await this.remoteSetup.setup({
+                connection: remote,
+                report,
+                nodeDownloadTemplate: options.nodeDownloadTemplate
+            });
+            const registration = this.remoteConnectionService.register(remote);
+            const server = await this.serverProvider.getProxyServer(socket => {
+                remote.forwardOut(socket);
+            });
+            remote.onDidDisconnect(() => {
+                server.close();
+                registration.dispose();
+            });
+            const localPort = (server.address() as net.AddressInfo).port;
+            remote.localPort = localPort;
+            return localPort.toString();
+        } finally {
+            progress.cancel();
+        }
+    }
+
+    async establishSSHConnection(host: string, user: string): Promise<RemoteSSHConnection> {
+        const deferred = new Deferred<RemoteSSHConnection>();
+        const sshClient = new ssh2.Client();
+        const identityFiles = await this.identityFileCollector.gatherIdentityFiles();
+        const sshAuthHandler = this.getAuthHandler(user, host, identityFiles);
+        sshClient
+            .on('ready', async () => {
+                const connection = new RemoteSSHConnection({
+                    client: sshClient,
+                    id: v4(),
+                    name: host,
+                    type: 'SSH'
+                });
+                try {
+                    await this.testConnection(connection);
+                    deferred.resolve(connection);
+                } catch (err) {
+                    deferred.reject(err);
+                }
+            }).on('end', () => {
+                console.log(`Ended remote connection to host '${user}@${host}'`);
+            }).on('error', err => {
+                deferred.reject(err);
+            }).connect({
+                host: host,
+                username: user,
+                authHandler: (methodsLeft, successes, callback) => (sshAuthHandler(methodsLeft, successes, callback), undefined)
+            });
+        return deferred.promise;
+    }
+
+    /**
+     * Sometimes, ssh2.exec will not execute and retrieve any data right after the `ready` event fired.
+     * In this method, we just perform `echo hello` in a loop to ensure that the connection is really ready.
+     * See also https://github.com/mscdex/ssh2/issues/48
+     */
+    protected async testConnection(connection: RemoteSSHConnection): Promise<void> {
+        for (let i = 0; i < 100; i++) {
+            const result = await connection.exec('echo hello');
+            if (result.stdout.includes('hello')) {
+                return;
+            }
+            await timeout(50);
+        }
+        throw new Error('SSH connection failed testing. Could not execute "echo"');
+    }
+
+    protected getAuthHandler(user: string, host: string, identityKeys: SSHKey[]): ssh2.AuthHandlerMiddleware {
+        let passwordRetryCount = this.passwordRetryCount;
+        let keyboardRetryCount = this.passphraseRetryCount;
+        // `false` is a valid return value, indicating that the authentication has failed
+        const END_AUTH = false as unknown as ssh2.AuthenticationType;
+        // `null` indicates that we just want to continue with the next auth type
+        // eslint-disable-next-line no-null/no-null
+        const NEXT_AUTH = null as unknown as ssh2.AuthenticationType;
+        return async (methodsLeft: string[] | null, _partialSuccess: boolean | null, callback: ssh2.NextAuthHandler) => {
+            if (!methodsLeft) {
+                return callback({
+                    type: 'none',
+                    username: user,
+                });
+            }
+            if (methodsLeft && methodsLeft.includes('publickey') && identityKeys.length) {
+                const identityKey = identityKeys.shift()!;
+                if (identityKey.isPrivate) {
+                    return callback({
+                        type: 'publickey',
+                        username: user,
+                        key: identityKey.parsedKey
+                    });
+                }
+                if (!await fs.pathExists(identityKey.filename)) {
+                    // Try next identity file
+                    return callback(NEXT_AUTH);
+                }
+
+                const keyBuffer = await fs.promises.readFile(identityKey.filename);
+                let result = ssh2.utils.parseKey(keyBuffer); // First try without passphrase
+                if (result instanceof Error && result.message.match(/no passphrase given/)) {
+                    let passphraseRetryCount = this.passphraseRetryCount;
+                    while (result instanceof Error && passphraseRetryCount > 0) {
+                        const passphrase = await this.quickInputService.input({
+                            title: `Enter passphrase for ${identityKey.filename}`,
+                            password: true
+                        });
+                        if (!passphrase) {
+                            break;
+                        }
+                        result = ssh2.utils.parseKey(keyBuffer, passphrase);
+                        passphraseRetryCount--;
+                    }
+                }
+                if (!result || result instanceof Error) {
+                    // Try next identity file
+                    return callback(NEXT_AUTH);
+                }
+
+                const key = Array.isArray(result) ? result[0] : result;
+                return callback({
+                    type: 'publickey',
+                    username: user,
+                    key
+                });
+            }
+            if (methodsLeft && methodsLeft.includes('password') && passwordRetryCount > 0) {
+                const password = await this.quickInputService.input({
+                    title: `Enter password for ${user}@${host}`,
+                    password: true
+                });
+                passwordRetryCount--;
+
+                return callback(password
+                    ? {
+                        type: 'password',
+                        username: user,
+                        password
+                    }
+                    : END_AUTH);
+            }
+            if (methodsLeft && methodsLeft.includes('keyboard-interactive') && keyboardRetryCount > 0) {
+                return callback({
+                    type: 'keyboard-interactive',
+                    username: user,
+                    prompt: async (_name, _instructions, _instructionsLang, prompts, finish) => {
+                        const responses: string[] = [];
+                        for (const prompt of prompts) {
+                            const response = await this.quickInputService.input({
+                                title: `(${user}@${host}) ${prompt.prompt}`,
+                                password: !prompt.echo
+                            });
+                            if (response === undefined) {
+                                keyboardRetryCount = 0;
+                                break;
+                            }
+                            responses.push(response);
+                        }
+                        keyboardRetryCount--;
+                        finish(responses);
+                    }
+                });
+            }
+
+            callback(END_AUTH);
+        };
+    }
+}
+
+export interface RemoteSSHConnectionOptions {
+    id: string;
+    name: string;
+    type: string;
+    client: ssh2.Client;
+}
+
+export class RemoteSSHConnection implements RemoteConnection {
+
+    id: string;
+    name: string;
+    type: string;
+    client: ssh2.Client;
+    localPort = 0;
+    remotePort = 0;
+
+    private sftpClientPromise: Promise<SftpClient>;
+
+    private readonly onDidDisconnectEmitter = new Emitter<void>();
+
+    get onDidDisconnect(): Event<void> {
+        return this.onDidDisconnectEmitter.event;
+    }
+
+    constructor(options: RemoteSSHConnectionOptions) {
+        this.id = options.id;
+        this.type = options.type;
+        this.name = options.name;
+        this.client = options.client;
+        this.onDidDisconnect(() => this.dispose());
+        this.client.on('end', () => {
+            this.onDidDisconnectEmitter.fire();
+        });
+        this.sftpClientPromise = this.setupSftpClient();
+    }
+
+    protected async setupSftpClient(): Promise<SftpClient> {
+        // eslint-disable-next-line @typescript-eslint/no-explicit-any
+        const sftpClient = new SftpClient() as any;
+        // A hack to set the internal ssh2 client of the sftp client
+        // That way, we don't have to create a second connection
+        sftpClient.client = this.client;
+        // Calling this function establishes the sftp connection on the ssh client
+        await sftpClient.getSftpChannel();
+        return sftpClient;
+    }
+
+    forwardOut(socket: net.Socket): void {
+        this.client.forwardOut(socket.localAddress!, socket.localPort!, '127.0.0.1', this.remotePort, (err, stream) => {
+            if (err) {
+                console.debug('Proxy message rejected', err);
+            } else {
+                stream.pipe(socket).pipe(stream);
+            }
+        });
+    }
+
+    async copy(localPath: string, remotePath: string): Promise<void> {
+        const sftpClient = await this.sftpClientPromise;
+        await sftpClient.put(localPath, remotePath);
+    }
+
+    exec(cmd: string, args?: string[], options: RemoteExecOptions = {}): Promise<RemoteExecResult> {
+        const deferred = new Deferred<RemoteExecResult>();
+        cmd = this.buildCmd(cmd, args);
+        this.client.exec(cmd, options, (err, stream) => {
+            if (err) {
+                return deferred.reject(err);
+            }
+            let stdout = '';
+            let stderr = '';
+            stream.on('close', () => {
+                deferred.resolve({ stdout, stderr });
+            }).on('data', (data: Buffer | string) => {
+                stdout += data.toString();
+            }).stderr.on('data', (data: Buffer | string) => {
+                stderr += data.toString();
+            });
+        });
+        return deferred.promise;
+    }
+
+    execPartial(cmd: string, tester: RemoteExecTester, args?: string[], options: RemoteExecOptions = {}): Promise<RemoteExecResult> {
+        const deferred = new Deferred<RemoteExecResult>();
+        cmd = this.buildCmd(cmd, args);
+        this.client.exec(cmd, {
+            ...options,
+            // Ensure that the process on the remote ends when the connection is closed
+            pty: true
+        }, (err, stream) => {
+            if (err) {
+                return deferred.reject(err);
+            }
+            // in pty mode we only have an stdout stream
+            // return stdout as stderr as well
+            let stdout = '';
+            stream.on('close', () => {
+                if (deferred.state === 'unresolved') {
+                    deferred.resolve({ stdout, stderr: stdout });
+                }
+            }).on('data', (data: Buffer | string) => {
+                if (deferred.state === 'unresolved') {
+                    stdout += data.toString();
+
+                    if (tester(stdout, stdout)) {
+                        deferred.resolve({ stdout, stderr: stdout });
+                    }
+                }
+            });
+        });
+        return deferred.promise;
+    }
+
+    protected buildCmd(cmd: string, args?: string[]): string {
+        const escapedArgs = args?.map(arg => `"${arg.replace(/"/g, '\\"')}"`) || [];
+        const fullCmd = cmd + (escapedArgs.length > 0 ? (' ' + escapedArgs.join(' ')) : '');
+        return fullCmd;
+    }
+
+    dispose(): void {
+        this.client.end();
+        this.client.destroy();
+    }
+
+}

package/src/electron-node/ssh/ssh-identity-file-collector.ts

@@ -0,0 +1,137 @@
+// *****************************************************************************
+// Copyright (C) 2023 TypeFox and others.
+//
+// This program and the accompanying materials are made available under the
+// terms of the Eclipse Public License v. 2.0 which is available at
+// http://www.eclipse.org/legal/epl-2.0.
+//
+// This Source Code may also be made available under the following Secondary
+// Licenses when the conditions for such availability set forth in the Eclipse
+// Public License v. 2.0 are satisfied: GNU General Public License, version 2
+// with the GNU Classpath Exception which is available at
+// https://www.gnu.org/software/classpath/license.html.
+//
+// SPDX-License-Identifier: EPL-2.0 OR GPL-2.0-only WITH Classpath-exception-2.0
+// *****************************************************************************
+
+import * as fs from '@theia/core/shared/fs-extra';
+import * as os from 'os';
+import * as path from 'path';
+import * as crypto from 'crypto';
+import { ParsedKey } from 'ssh2';
+import * as ssh2 from 'ssh2';
+import { injectable } from '@theia/core/shared/inversify';
+
+export interface SSHKey {
+    filename: string;
+    parsedKey: ParsedKey;
+    fingerprint: string;
+    agentSupport?: boolean;
+    isPrivate?: boolean;
+}
+
+@injectable()
+export class SSHIdentityFileCollector {
+
+    protected getDefaultIdentityFiles(): string[] {
+        const homeDir = os.homedir();
+        const PATH_SSH_CLIENT_ID_DSA = path.join(homeDir, '.ssh', '/id_dsa');
+        const PATH_SSH_CLIENT_ID_ECDSA = path.join(homeDir, '.ssh', '/id_ecdsa');
+        const PATH_SSH_CLIENT_ID_RSA = path.join(homeDir, '.ssh', '/id_rsa');
+        const PATH_SSH_CLIENT_ID_ED25519 = path.join(homeDir, '.ssh', '/id_ed25519');
+        const PATH_SSH_CLIENT_ID_XMSS = path.join(homeDir, '.ssh', '/id_xmss');
+        const PATH_SSH_CLIENT_ID_ECDSA_SK = path.join(homeDir, '.ssh', '/id_ecdsa_sk');
+        const PATH_SSH_CLIENT_ID_ED25519_SK = path.join(homeDir, '.ssh', '/id_ed25519_sk');
+
+        return [
+            PATH_SSH_CLIENT_ID_DSA,
+            PATH_SSH_CLIENT_ID_ECDSA,
+            PATH_SSH_CLIENT_ID_ECDSA_SK,
+            PATH_SSH_CLIENT_ID_ED25519,
+            PATH_SSH_CLIENT_ID_ED25519_SK,
+            PATH_SSH_CLIENT_ID_RSA,
+            PATH_SSH_CLIENT_ID_XMSS
+        ];
+    }
+
+    async gatherIdentityFiles(sshAgentSock?: string): Promise<SSHKey[]> {
+        const identityFiles = this.getDefaultIdentityFiles();
+
+        const identityFileContentsResult = await Promise.allSettled(identityFiles.map(async keyPath => {
+            keyPath = await fs.pathExists(keyPath + '.pub') ? keyPath + '.pub' : keyPath;
+            return fs.promises.readFile(keyPath);
+        }));
+        const fileKeys: SSHKey[] = identityFileContentsResult.map((result, i) => {
+            if (result.status === 'rejected') {
+                return undefined;
+            }
+
+            const parsedResult = ssh2.utils.parseKey(result.value);
+            if (parsedResult instanceof Error || !parsedResult) {
+                console.log(`Error while parsing SSH public key ${identityFiles[i]}:`, parsedResult);
+                return undefined;
+            }
+
+            const parsedKey = Array.isArray(parsedResult) ? parsedResult[0] : parsedResult;
+            const fingerprint = crypto.createHash('sha256').update(parsedKey.getPublicSSH()).digest('base64');
+
+            return {
+                filename: identityFiles[i],
+                parsedKey,
+                fingerprint
+            };
+        }).filter(<T>(v: T | undefined): v is T => !!v);
+
+        let sshAgentParsedKeys: ParsedKey[] = [];
+        if (sshAgentSock) {
+            sshAgentParsedKeys = await new Promise<ParsedKey[]>((resolve, reject) => {
+                const sshAgent = new ssh2.OpenSSHAgent(sshAgentSock);
+                sshAgent.getIdentities((err, publicKeys) => {
+                    if (err) {
+                        reject(err);
+                    } else if (publicKeys) {
+                        resolve(publicKeys.map(key => {
+                            if ('pubKey' in key) {
+                                const pubKey = key.pubKey;
+                                if ('pubKey' in pubKey) {
+                                    return pubKey.pubKey as ParsedKey;
+                                }
+                                return pubKey;
+                            } else {
+                                return key;
+                            }
+                        }));
+                    } else {
+                        resolve([]);
+                    }
+                });
+            });
+        }
+
+        const sshAgentKeys: SSHKey[] = sshAgentParsedKeys.map(parsedKey => {
+            const fingerprint = crypto.createHash('sha256').update(parsedKey.getPublicSSH()).digest('base64');
+            return {
+                filename: parsedKey.comment,
+                parsedKey,
+                fingerprint,
+                agentSupport: true
+            };
+        });
+
+        const agentKeys: SSHKey[] = [];
+        const preferredIdentityKeys: SSHKey[] = [];
+        for (const agentKey of sshAgentKeys) {
+            const foundIdx = fileKeys.findIndex(k => agentKey.parsedKey.type === k.parsedKey.type && agentKey.fingerprint === k.fingerprint);
+            if (foundIdx >= 0) {
+                preferredIdentityKeys.push({ ...fileKeys[foundIdx], agentSupport: true });
+                fileKeys.splice(foundIdx, 1);
+            } else {
+                agentKeys.push(agentKey);
+            }
+        }
+        preferredIdentityKeys.push(...agentKeys);
+        preferredIdentityKeys.push(...fileKeys);
+
+        return preferredIdentityKeys;
+    }
+}