[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

server-side public key authentication


I have managed to get an SSH server working within my application thanks
to this library (version 0.6.0) and the excellent example programs.
It uses public key authentication but I have one unanswered mystery
regarding the public key signature_state.

The ssh_auth_pubkey_callback() is called with a signature_state of NONE.
If I return SSH_AUTH_SUCCESS, then the client accepts this and never
prompts for the private key passphrase.
If I return SSH_AUTH_DENIED, then the client stops, of course.
By process of elimination, I tried returning SSH_AUTH_PARTIAL.
Then the client prompts for the passphrase and I get a second callback
with a signature_state of VALID.

So this works with only a cosmetic annoyance on the client side stating
"Authenticated with partial success." right before the passphrase prompt.

But as I understand the documentation, SSH_AUTH_PARTIAL should mean that
additional methods of authentication are required (e.g. password,
GSSAPI, etc).
I only want the one method and would like it to return SUCCESS only with
a VALID signature_state.
Should there be another return value for ssh_auth_pubkey_callback() that
means "IGNORE"?
Or is there some other mechanism I am missing that would cause the
client side to ask for the passphrase?

Thanks for any help and thank you for the awesome library!

Mike Jones


Follow-Ups:
Re: server-side public key authenticationAndreas Schneider <asn@xxxxxxxxxxxxxx>
Archive administrator: postmaster@lists.cynapses.org