feat: add SSH TOTP/two-factor authentication support (#312)

Author: datlechin

CHANGELOG.md

@@ -27,6 +27,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Added
 
+- SSH TOTP/two-factor authentication support (auto-generate and prompt modes)
+- SSH host key verification with fingerprint confirmation
+- Keyboard Interactive SSH authentication method
 - Column visibility: toggle individual columns on/off via "Columns" button in the status bar or right-click header context menu "Hide Column", with per-tab and per-table persistence
 - `SQLDialectDescriptor` in TableProPluginKit: plugins can now self-describe their SQL dialect (keywords, functions, data types, identifier quoting), with `SQLDialectFactory` preferring plugin-provided dialect info over built-in structs
 - DDL schema generation protocol in TableProPluginKit: plugins can now optionally provide database-specific ALTER TABLE syntax (ADD/MODIFY/DROP COLUMN, ADD/DROP INDEX, ADD/DROP FK, MODIFY PK) via `PluginDatabaseDriver`, with `SchemaStatementGenerator` trying plugin methods first before falling back to built-in logic

Libs/libssh2.a

@@ -0,0 +1 @@
+libssh2_universal.a

Libs/libssh2_arm64.a

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:166e0e23ce60fd2edcae38b6005de106394f7e2bc922a4944317d6aa576f284c
+size 367728

Libs/libssh2_universal.a

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:445b51e6fdaa0a0eceb8090e6d552a551ec15d91e4370a4cc356c8f561e8b469
+size 729032

Libs/libssh2_x86_64.a

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:76681299c4305273cea62e59cfa366ceb5cc320831b87fd6a06143d342f8b7db
+size 361256

TablePro.xcodeproj/project.pbxproj

@@ -1715,9 +1715,19 @@
 				"INFOPLIST_KEY_UIStatusBarStyle[sdk=iphonesimulator*]" = UIStatusBarStyleDefault;
 				LD_RUNPATH_SEARCH_PATHS = "@executable_path/Frameworks";
 				"LD_RUNPATH_SEARCH_PATHS[sdk=macosx*]" = "@executable_path/../Frameworks";
+				HEADER_SEARCH_PATHS = "$(SRCROOT)/TablePro/Core/SSH/CLibSSH2/include";
 				MACOSX_DEPLOYMENT_TARGET = 14.0;
 				MARKETING_VERSION = 0.17.0;
-				OTHER_LDFLAGS = "-Wl,-w";
+				OTHER_LDFLAGS = (
+					"-Wl,-w",
+					"-force_load",
+					"$(PROJECT_DIR)/Libs/libssh2.a",
+					"-force_load",
+					"$(PROJECT_DIR)/Libs/libssl.a",
+					"-force_load",
+					"$(PROJECT_DIR)/Libs/libcrypto.a",
+					"-lz",
+				);
 				PRODUCT_BUNDLE_IDENTIFIER = com.TablePro;
 				PRODUCT_NAME = "$(TARGET_NAME)";
 				PROVISIONING_PROFILE_SPECIFIER = "";
@@ -1734,6 +1744,7 @@
 				SUPPORTS_MACCATALYST = NO;
 				SWIFT_APPROACHABLE_CONCURRENCY = YES;
 				SWIFT_EMIT_LOC_STRINGS = YES;
+				SWIFT_INCLUDE_PATHS = "$(SRCROOT)/TablePro/Core/SSH/CLibSSH2";
 				SWIFT_UPCOMING_FEATURE_MEMBER_IMPORT_VISIBILITY = YES;
 				SWIFT_VERSION = 5.9;
 				XROS_DEPLOYMENT_TARGET = 26.2;
@@ -1757,6 +1768,7 @@
 				DEAD_CODE_STRIPPING = YES;
 				DEPLOYMENT_POSTPROCESSING = YES;
 				DEVELOPMENT_TEAM = D7HJ5TFYCU;
+				HEADER_SEARCH_PATHS = "$(SRCROOT)/TablePro/Core/SSH/CLibSSH2/include";
 				ENABLE_APP_SANDBOX = NO;
 				ENABLE_HARDENED_RUNTIME = YES;
 				ENABLE_PREVIEWS = YES;
@@ -1779,7 +1791,16 @@
 				"LD_RUNPATH_SEARCH_PATHS[sdk=macosx*]" = "@executable_path/../Frameworks";
 				MACOSX_DEPLOYMENT_TARGET = 14.0;
 				MARKETING_VERSION = 0.17.0;
-				OTHER_LDFLAGS = "-Wl,-w";
+				OTHER_LDFLAGS = (
+					"-Wl,-w",
+					"-force_load",
+					"$(PROJECT_DIR)/Libs/libssh2.a",
+					"-force_load",
+					"$(PROJECT_DIR)/Libs/libssl.a",
+					"-force_load",
+					"$(PROJECT_DIR)/Libs/libcrypto.a",
+					"-lz",
+				);
 				PRODUCT_BUNDLE_IDENTIFIER = com.TablePro;
 				PRODUCT_NAME = "$(TARGET_NAME)";
 				PROVISIONING_PROFILE_SPECIFIER = "";
@@ -1796,6 +1817,7 @@
 				SUPPORTS_MACCATALYST = NO;
 				SWIFT_APPROACHABLE_CONCURRENCY = YES;
 				SWIFT_EMIT_LOC_STRINGS = YES;
+				SWIFT_INCLUDE_PATHS = "$(SRCROOT)/TablePro/Core/SSH/CLibSSH2";
 				SWIFT_UPCOMING_FEATURE_MEMBER_IMPORT_VISIBILITY = YES;
 				SWIFT_VERSION = 5.9;
 				XROS_DEPLOYMENT_TARGET = 26.2;

TablePro/Core/Database/DatabaseManager.swift

@@ -353,10 +353,11 @@ final class DatabaseManager {
 
         // Load Keychain credentials off the main thread to avoid blocking UI
         let connectionId = connection.id
-        let (storedSshPassword, keyPassphrase) = await Task.detached {
+        let (storedSshPassword, keyPassphrase, totpSecret) = await Task.detached {
             let pwd = ConnectionStorage.shared.loadSSHPassword(for: connectionId)
             let phrase = ConnectionStorage.shared.loadKeyPassphrase(for: connectionId)
-            return (pwd, phrase)
+            let totp = ConnectionStorage.shared.loadTOTPSecret(for: connectionId)
+            return (pwd, phrase, totp)
         }.value
 
         let sshPassword = sshPasswordOverride ?? storedSshPassword
@@ -373,7 +374,12 @@ final class DatabaseManager {
             agentSocketPath: connection.sshConfig.agentSocketPath,
             remoteHost: connection.host,
             remotePort: connection.port,
-            jumpHosts: connection.sshConfig.jumpHosts
+            jumpHosts: connection.sshConfig.jumpHosts,
+            totpMode: connection.sshConfig.totpMode,
+            totpSecret: totpSecret,
+            totpAlgorithm: connection.sshConfig.totpAlgorithm,
+            totpDigits: connection.sshConfig.totpDigits,
+            totpPeriod: connection.sshConfig.totpPeriod
         )
 
         // Adapt SSL config for tunnel: SSH already authenticates the server,

TablePro/Core/SSH/Auth/AgentAuthenticator.swift

@@ -0,0 +1,86 @@
+//
+//  AgentAuthenticator.swift
+//  TablePro
+//
+
+import CLibSSH2
+import Foundation
+import os
+
+struct AgentAuthenticator: SSHAuthenticator {
+    private static let logger = Logger(subsystem: "com.TablePro", category: "AgentAuthenticator")
+
+    let socketPath: String?
+
+    func authenticate(session: OpaquePointer, username: String) throws {
+        // Save original SSH_AUTH_SOCK so we can restore it
+        let originalSocketPath = ProcessInfo.processInfo.environment["SSH_AUTH_SOCK"]
+
+        if let socketPath {
+            Self.logger.debug("Using custom SSH agent socket: \(socketPath, privacy: .private)")
+            setenv("SSH_AUTH_SOCK", socketPath, 1)
+        }
+
+        defer {
+            // Restore original SSH_AUTH_SOCK
+            if let originalSocketPath {
+                setenv("SSH_AUTH_SOCK", originalSocketPath, 1)
+            } else if socketPath != nil {
+                unsetenv("SSH_AUTH_SOCK")
+            }
+        }
+
+        guard let agent = libssh2_agent_init(session) else {
+            throw SSHTunnelError.tunnelCreationFailed("Failed to initialize SSH agent")
+        }
+
+        defer {
+            libssh2_agent_disconnect(agent)
+            libssh2_agent_free(agent)
+        }
+
+        var rc = libssh2_agent_connect(agent)
+        guard rc == 0 else {
+            Self.logger.error("Failed to connect to SSH agent (rc=\(rc))")
+            throw SSHTunnelError.tunnelCreationFailed("Failed to connect to SSH agent")
+        }
+
+        rc = libssh2_agent_list_identities(agent)
+        guard rc == 0 else {
+            Self.logger.error("Failed to list SSH agent identities (rc=\(rc))")
+            throw SSHTunnelError.tunnelCreationFailed("Failed to list SSH agent identities")
+        }
+
+        // Iterate through available identities and try each
+        var previousIdentity: UnsafeMutablePointer<libssh2_agent_publickey>?
+        var currentIdentity: UnsafeMutablePointer<libssh2_agent_publickey>?
+
+        while true {
+            rc = libssh2_agent_get_identity(agent, &currentIdentity, previousIdentity)
+
+            if rc == 1 {
+                // End of identity list, none worked
+                break
+            }
+            if rc < 0 {
+                Self.logger.error("Failed to get SSH agent identity (rc=\(rc))")
+                throw SSHTunnelError.tunnelCreationFailed("Failed to get SSH agent identity")
+            }
+
+            guard let identity = currentIdentity else {
+                break
+            }
+
+            let authRc = libssh2_agent_userauth(agent, username, identity)
+            if authRc == 0 {
+                Self.logger.info("SSH agent authentication succeeded")
+                return
+            }
+
+            previousIdentity = identity
+        }
+
+        Self.logger.error("SSH agent authentication failed: no identity accepted")
+        throw SSHTunnelError.authenticationFailed
+    }
+}

TablePro/Core/SSH/Auth/CompositeAuthenticator.swift

@@ -0,0 +1,35 @@
+//
+//  CompositeAuthenticator.swift
+//  TablePro
+//
+
+import CLibSSH2
+import Foundation
+import os
+
+/// Authenticator that tries multiple auth methods in sequence.
+/// Used for servers requiring e.g. password + keyboard-interactive (TOTP).
+struct CompositeAuthenticator: SSHAuthenticator {
+    private static let logger = Logger(subsystem: "com.TablePro", category: "CompositeAuthenticator")
+
+    let authenticators: [any SSHAuthenticator]
+
+    func authenticate(session: OpaquePointer, username: String) throws {
+        for (index, authenticator) in authenticators.enumerated() {
+            Self.logger.debug(
+                "Trying authenticator \(index + 1)/\(authenticators.count): \(String(describing: type(of: authenticator)))"
+            )
+
+            try authenticator.authenticate(session: session, username: username)
+
+            if libssh2_userauth_authenticated(session) != 0 {
+                Self.logger.info("Authentication succeeded after \(index + 1) step(s)")
+                return
+            }
+        }
+
+        if libssh2_userauth_authenticated(session) == 0 {
+            throw SSHTunnelError.authenticationFailed
+        }
+    }
+}

TablePro/Core/SSH/Auth/KeyboardInteractiveAuthenticator.swift

@@ -0,0 +1,155 @@
+//
+//  KeyboardInteractiveAuthenticator.swift
+//  TablePro
+//
+
+import CLibSSH2
+import Foundation
+import os
+
+/// Prompt type classification for keyboard-interactive authentication
+enum KBDINTPromptType {
+    case password
+    case totp
+    case unknown
+}
+
+/// Context passed through the libssh2 session abstract pointer to the C callback
+final class KeyboardInteractiveContext {
+    var password: String?
+    var totpCode: String?
+
+    init(password: String?, totpCode: String?) {
+        self.password = password
+        self.totpCode = totpCode
+    }
+}
+
+/// C-compatible callback for libssh2 keyboard-interactive authentication.
+///
+/// libssh2 calls this for each authentication challenge. The context (password/TOTP code)
+/// is retrieved from the session abstract pointer. Responses are allocated with `strdup`
+/// because libssh2 will `free` them.
+private let kbdintCallback: @convention(c) (
+    UnsafePointer<CChar>?, Int32,
+    UnsafePointer<CChar>?, Int32,
+    Int32,
+    UnsafePointer<LIBSSH2_USERAUTH_KBDINT_PROMPT>?,
+    UnsafeMutablePointer<LIBSSH2_USERAUTH_KBDINT_RESPONSE>?,
+    UnsafeMutablePointer<UnsafeMutableRawPointer?>?
+) -> Void = { _, _, _, _, numPrompts, prompts, responses, abstract in
+    guard numPrompts > 0,
+          let prompts,
+          let responses,
+          let abstract,
+          let contextPtr = abstract.pointee else {
+        return
+    }
+
+    let context = Unmanaged<KeyboardInteractiveContext>.fromOpaque(contextPtr)
+        .takeUnretainedValue()
+
+    for i in 0..<Int(numPrompts) {
+        let prompt = prompts[i]
+        let promptText: String
+        if let textPtr = prompt.text, prompt.length > 0 {
+            promptText = String(
+                bytesNoCopy: UnsafeMutableRawPointer(mutating: textPtr),
+                length: Int(prompt.length),
+                encoding: .utf8,
+                freeWhenDone: false
+            ) ?? ""
+        } else {
+            promptText = ""
+        }
+
+        let promptType = KeyboardInteractiveAuthenticator.classifyPrompt(promptText)
+
+        let responseText: String
+        switch promptType {
+        case .password:
+            responseText = context.password ?? ""
+        case .totp:
+            responseText = context.totpCode ?? ""
+        case .unknown:
+            // Fall back to password for unrecognized prompts
+            responseText = context.password ?? ""
+        }
+
+        let duplicated = strdup(responseText)
+        responses[i].text = duplicated
+        responses[i].length = UInt32(strlen(duplicated!))
+    }
+}
+
+struct KeyboardInteractiveAuthenticator: SSHAuthenticator {
+    private static let logger = Logger(
+        subsystem: "com.TablePro",
+        category: "KeyboardInteractiveAuthenticator"
+    )
+
+    let password: String?
+    let totpProvider: (any TOTPProvider)?
+
+    func authenticate(session: OpaquePointer, username: String) throws {
+        // Generate TOTP code if a provider is available
+        let totpCode: String?
+        if let totpProvider {
+            totpCode = try totpProvider.provideCode()
+        } else {
+            totpCode = nil
+        }
+
+        // Create context and store in session abstract pointer
+        let context = KeyboardInteractiveContext(password: password, totpCode: totpCode)
+        let contextPtr = Unmanaged.passRetained(context).toOpaque()
+
+        defer {
+            // Balance the passRetained call
+            Unmanaged<KeyboardInteractiveContext>.fromOpaque(contextPtr).release()
+        }
+
+        // Store context pointer in the session's abstract field
+        let abstractPtr = libssh2_session_abstract(session)
+        let previousAbstract = abstractPtr?.pointee
+        abstractPtr?.pointee = contextPtr
+
+        defer {
+            // Restore previous abstract value
+            abstractPtr?.pointee = previousAbstract
+        }
+
+        Self.logger.debug("Attempting keyboard-interactive authentication for \(username, privacy: .private)")
+
+        let rc = libssh2_userauth_keyboard_interactive_ex(
+            session,
+            username, UInt32(username.utf8.count),
+            kbdintCallback
+        )
+
+        guard rc == 0 else {
+            Self.logger.error("Keyboard-interactive authentication failed (rc=\(rc))")
+            throw SSHTunnelError.authenticationFailed
+        }
+
+        Self.logger.info("Keyboard-interactive authentication succeeded")
+    }
+
+    /// Classify a keyboard-interactive prompt to determine which credential to supply
+    static func classifyPrompt(_ promptText: String) -> KBDINTPromptType {
+        let lower = promptText.lowercased()
+
+        if lower.contains("password") {
+            return .password
+        }
+
+        if lower.contains("verification") || lower.contains("code") ||
+            lower.contains("otp") || lower.contains("token") ||
+            lower.contains("totp") || lower.contains("2fa") ||
+            lower.contains("one-time") || lower.contains("factor") {
+            return .totp
+        }
+
+        return .unknown
+    }
+}