[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Keyboard interactive authentication

we first used libssh in our server around a year ago and since we needed interactive authentication and I did not see something like auth_kbdint_function in the ssh_server_callbacks structure, we used the old server API (as demonstrated in the samplesshd-kbdint example, more-or-less). Disregarding some issues (there are leaks and since version 0.7.0, if I remember correctly, echo is not exchanged properly and passwords can be seen as they are typed), it is working. However, using the new API in a new project would make things significantly easier.

As I looked at the API today I noticed that it may be possible to combine server callbacks with ssh_bind_message_callback (set by ssh_set_message_callback()) meaning if the message is interactive auth request, it will be processed in the callback and if not, 1 will be returned and server callbacks will handle it. I am not sure whether this would work, though (it is even possible I have tried this before, I cannot remember).

Finally, my question is, how to best implement interactive authentication? Is there perhaps a plan to support this authentication directly as a server callback? Thank you for clearing it up.

Kind regards,
Michal Vasko

Archive administrator: postmaster@lists.cynapses.org