[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Problem with server key verification
[Thread Prev] | [Thread Next]
- Subject: Re: Problem with server key verification
- From: Andreas Schneider <asn@xxxxxxxxxxxxxx>
- Reply-to: libssh@xxxxxxxxxx
- Date: Tue, 13 Jan 2015 11:56:33 +0100
- To: libssh@xxxxxxxxxx
On Tuesday 13 January 2015 11:13:48 Michal Vaško wrote: > Hi, > > I managed to implement a server with public key verification as one of the > supported authentication methods. I set "ssh_server_cb" structure with the > "auth_pubkey_function" callback that is correctly called. My problem is > that if someone has a valid public key, they can authenticate themselves > with any username, because I cannot find the information where the public > key came from in the server, only that it is valid (the signature_state > argument). Can you suggest, please, an elegant way of solving this? Thank > you. The public key is sent by the user to the server. You have to verify in the callback function that the key is valid (ssh_key_cmp). The result you have to return depends on the signature_state and the result of the public key comparison. See rfc4252 section 7 key probe -> key ok -> return PARTIAL key and valid sig -> key ok -> return SUCCESS Cheers, -- andreas -- Andreas Schneider GPG-ID: CC014E3D www.cryptomilk.org asn@xxxxxxxxxxxxxx
| Problem with server key verification | Michal Vaško <mvasko@xxxxxxxxx> |