feat: Add support for the ssh_keyvalue parameter for credentials

- Allows us to specify an ssh_keyvalue instead of a password or
  ssh_keyfile.
- It is supported for both credential creation and edits.

qpc/cred/add.py

@@ -73,6 +73,12 @@ def __init__(self, subparsers):
             metavar="FILENAME",
             help=_(messages.CRED_SSH_HELP),
         )
+        group.add_argument(
+            "--sshkeyvalue",
+            dest="ssh_keyvalue",
+            action="store_true",
+            help=_(messages.CRED_SSHVALUE_HELP),
+        )
         group.add_argument(
             "--token",
             dest="token",

qpc/cred/edit.py

@@ -69,6 +69,12 @@ def __init__(self, subparsers):
             metavar="FILENAME",
             help=_(messages.CRED_SSH_HELP),
         )
+        group.add_argument(
+            "--sshkeyvalue",
+            dest="ssh_keyvalue",
+            action="store_true",
+            help=_(messages.CRED_SSHVALUE_HELP),
+        )
         self.parser.add_argument(
             "--sshpassphrase",
             dest="ssh_passphrase",
@@ -103,6 +109,7 @@ def _validate_args(self):
             self.args.username
             or self.args.password
             or self.args.filename
+            or self.args.ssh_keyvalue
             or self.args.ssh_passphrase
             or self.args.become_method
             or self.args.become_user

qpc/cred/utils.py

@@ -1,5 +1,7 @@
 """Utilities for the credential credentials module."""
 
+import sys
+import termios
 from getpass import getpass
 from logging import getLogger
 
@@ -25,6 +27,15 @@ def get_password(args, req_payload, add_none=True):
         req_payload["password"] = pass_prompt
     elif add_none:
         req_payload["password"] = None
+    if "ssh_keyvalue" in args and args.ssh_keyvalue:
+        print(_(messages.SSH_KEYVALUE))
+        ssh_keyvalue_prompt = get_multiline_pass(
+            prompt=f"{messages.SSH_KEYVALUE_PROMPT}"
+        )
+        check_if_prompt_is_not_empty(ssh_keyvalue_prompt)
+        req_payload["ssh_keyvalue"] = ssh_keyvalue_prompt
+    elif add_none:
+        req_payload["ssh_keyvalue"] = None
     if "ssh_passphrase" in args and args.ssh_passphrase:
         print(_(messages.SSH_PASSPHRASE))
         pass_prompt = getpass()
@@ -72,3 +83,21 @@ def build_credential_payload(args, cred_type, add_none=True):
 
     req_payload = get_password(args, req_payload, add_none)
     return req_payload
+
+
+def get_multiline_pass(prompt="Password: "):
+    """Multiline no-echo password input using Posix tty controls."""
+    multiline_password = []
+    sys.stderr.write(prompt)
+    sys.stderr.flush()
+    stdin_fd = sys.stdin.fileno()
+    orig_tios = termios.tcgetattr(stdin_fd)
+    noecho_tios = termios.tcgetattr(stdin_fd)
+    noecho_tios[3] = noecho_tios[3] & ~termios.ECHO
+    try:
+        termios.tcsetattr(stdin_fd, termios.TCSADRAIN, noecho_tios)
+        multiline_password = sys.stdin.readlines()
+    finally:
+        termios.tcsetattr(stdin_fd, termios.TCSADRAIN, orig_tios)
+        sys.stderr.flush()
+    return "".join(multiline_password)

qpc/messages.py

@@ -12,6 +12,7 @@
 CRED_USER_HELP = "User name for authenticating against the target system."
 CRED_PWD_HELP = "Password for authenticating against the target system."
 CRED_SSH_HELP = "File that contains the SSH key."
+CRED_SSHVALUE_HELP = "The SSH Private Key value."
 CRED_SSH_PSPH_HELP = "SSH passphrase for authenticating against the target system."
 CRED_SUDO_HELP = "Password for running sudo."
 CRED_CLEAR_ALL_HELP = "Remove all credentials."
@@ -299,6 +300,8 @@
 CONN_PASSWORD = "Provide a connection password."
 SUDO_PASSWORD = "Provide a password for sudo."
 SSH_PASSPHRASE = "Provide a passphrase for the SSH keyfile."
+SSH_KEYVALUE = "Provide a Private SSH Key."
+SSH_KEYVALUE_PROMPT = "Private SSH Key: "
 BECOME_PASSWORD = (
     "Provide a privilege escalation password to be used when running a network scan."
 )