Well, no luck with memory file, I did eventually just tell the C# app to just write a tmp file to the users appDataPath, then it removes it away shortly after, to keep it from remaining on the box except while program is running. The other thing is I added an additional header to the webClient to check on the php side (if block $_SERVER), it only returns the key if the header name / value matches, otherwise you get a "404". This prevents people from getting the key by just browsing to the URL. Also put a certificate on the apache instance so that sniffing cannot occur to detect what the headers are required to be. Lastly, locked down server by IP to our subnet only. I'm open for other ideas on how to more secure this particular use-case =) Below is the code:
private void button1_Click(object sender, EventArgs e)
{
try
{
//Directory where the key will be written to temporarily.
Program._tempKeyPath = Application.UserAppDataPath + "\\the_private_key";
//Create a web client, send it additional headers for DiD, and download it to the workstation.
var webClient = new WebClient();
webClient.Headers.Set("app_name1", "app_key1");
webClient.DownloadFile(""https://10.1.1.45/rkey.php", Program._tempKeyPath);
//CREDENTIALS
//string pathToKey = "C:\\Users\\~\\Documents\\DAR\\Keys\\joes_pk";
string hostname = "10.1.1.10";
int port = 22;
string username = "unix_username";
//Objects INIT
PrivateKeyFile privatekey = new PrivateKeyFile(Program._tempKeyPath);
SshClient client = new SshClient(hostname, port, username, privatekey);
client.Connect();
//RUN command
if (client.IsConnected)
{
string cmd = "ls -la";
MessageBox.Show("Conected! Running " + cmd);
var output = client.RunCommand(cmd);
MessageBox.Show(output.Result.ToString() + " Will disconnect now...");
client.Disconnect();
}
}
catch (Exception exc)
{
MessageBox.Show("Error on connection:" + exc.Message.ToString() + ":" + exc.StackTrace.ToString());
}
finally
{
if (File.Exists(Program._tempKeyPath) == true)
{
File.Delete(Program._tempKeyPath);
}
}
}