[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Problem with server key verification


On Tuesday 13 January 2015 11:13:48 Michal Vaško wrote:
> Hi,
> 
> I managed to implement a server with public key verification as one of the
> supported authentication methods. I set "ssh_server_cb" structure with the
> "auth_pubkey_function" callback that is correctly called. My problem is
> that if someone has a valid public key, they can authenticate themselves
> with any username, because I cannot find the information where the public
> key came from in the server, only that it is valid (the signature_state
> argument). Can you suggest, please, an elegant way of solving this? Thank
> you.

The public key is sent by the user to the server. You have to verify in the 
callback function that the key is valid (ssh_key_cmp). The result you have to 
return depends on the signature_state and the result of the public key 
comparison.

See rfc4252 section 7

key probe -> key ok -> return PARTIAL
key and valid sig -> key ok -> return SUCCESS


Cheers,


	-- andreas

-- 
Andreas Schneider                   GPG-ID: CC014E3D
www.cryptomilk.org                asn@xxxxxxxxxxxxxx


References:
Problem with server key verificationMichal Vaško <mvasko@xxxxxxxxx>
Archive administrator: postmaster@lists.cynapses.org