[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: hostbased authentication in libssh
[Thread Prev] | [Thread Next]
- Subject: Re: hostbased authentication in libssh
- From: "DeJager, Christopher Alan" <dejager@xxxxxxxx>
- Reply-to: libssh@xxxxxxxxxx
- Date: Wed, 15 Feb 2017 18:52:17 +0000
- To: "libssh@xxxxxxxxxx" <libssh@xxxxxxxxxx>
Andreas, I looked into implementing hostbased authentication in libssh. For now I am going to take a different route for our project but I do have a comment/question, in case I or someone else gets around to it. Hostbased authentication depends on the private host keys which a user program cannot read. Openssh¹s client execs a binary called ssh-keysign which has the SUID bit set and then authenticates with the help of that program. Could libssl be dependent on the system binary for ssh-keysign or would a LGPL2 version of ssh-keysign need to be written to be packaged with libssl? Unfortunately this might be out of the scope of libssl because I don¹t know of a neat solution. Relaying on ssh-keysign is questionable because I have not looked to see if that is a standard interface in ssh or if it is just the whim of openssh and could change, I suspect it is the latter. If libssh includes a ssh-keysign like binary then the binary would need to installed in a known location on the system for the library to be fully functional. Thank you, -- Chris DeJager -----Original Message----- From: Andreas Schneider <asn@xxxxxxxxxxxxxx> Reply-To: "libssh@xxxxxxxxxx" <libssh@xxxxxxxxxx> Date: Tuesday, February 14, 2017 at 2:56 AM To: "libssh@xxxxxxxxxx" <libssh@xxxxxxxxxx> Subject: Re: hostbased authentication in libssh >On Thursday, 9 February 2017 23:46:35 CET DeJager, Christopher Alan wrote: >> According to http://api.libssh.org/stable/index.html libssh supports >> hostbased authentication. However, I have yet to be successful using it >>and >> cannot find an example of someone else doing it. >> >> I am trying to write a client to connect to an openssh-server v6.7. I >>did >> not see an authentication function related to hostbased in >> http://api.libssh.org/stable/group__libssh__auth.html so I tried loading >> the private key for the client with ssh_pki_import_privkey_file() and >>then >> authenticating with ssh_userauth_publickey(). I have also tried >> ssh_userauth_none() and skipping that step. I did successfully >>authenticate >> with a public key and with a password. >> >> Is hostbased authentication supported on the client and if so how would >>I go >> about it? > >That is an error on the page. We do not support it but maybe you're >interested >to implement it? > >Shouldn't be very hard to add it. > > >Cheers, > > > Andreas > > >-- >Andreas Schneider GPG-ID: CC014E3D >www.cryptomilk.org asn@xxxxxxxxxxxxxx >
| Re: hostbased authentication in libssh | Aris Adamantiadis <aris@xxxxxxxxxxxx> |
| hostbased authentication in libssh | "DeJager, Christopher Alan" <dejager@xxxxxxxx> |
| Re: hostbased authentication in libssh | Andreas Schneider <asn@xxxxxxxxxxxxxx> |