[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: ssh_userauth_publickey_auto - file name of the key being unlocked
[Thread Prev] | [Thread Next]
- Subject: Re: ssh_userauth_publickey_auto - file name of the key being unlocked
- From: Jakub Jelen <jjelen@xxxxxxxxxx>
- Reply-to: libssh@xxxxxxxxxx
- Date: Thu, 23 Apr 2020 13:37:25 +0200
- To: libssh@xxxxxxxxxx
On Thu, 2020-04-23 at 10:47 +0200, Václav Kubernát wrote: > Hello, > I'm trying to use ssh_userauth_publickey_auto to authenticate to an > SSH server. I posted a question on the bug tracker > (https://bugs.libssh.org/T217) asking if it was possible to specify a > callback for unlocking a key. I was able to set up the callback. > However, I found out that the prompt arg the callback gets only reads > "Passphrase". So, if I want to prompt the user for the password for > the key, the user doesn't know which key he is supposed to unlock. I > have already kind of solved the issue by reading and unlocking the > key > myself, and injecting the callback's private data with the filename, > but that meant I had to reimplement most of the "auto" functionality > myself, which seems like a waste. The code can be seen here: > https://gerrit.cesnet.cz/c/CzechLight/netconf-cli/+/2286/16/src/cli-netconf.cpp#118. > > What do you think? Is it possible for ssh_userauth_publickey_auto to > tell me which key it is currently unlocking via the callback? Or if > not, what approach would you suggest? Hello, if the prompt contains only "Passphrase", you are likely unlocking the key that is in the new OpenSSH format (see src/pki_container_openssh.c). It is called from function pki_private_key_decrypt(), which at this moment, does not know the actual filename, but adding it to the prompt (also from other key formats) would make sense from my point of view. It will require some refactoring to get the filename to the prompt, but it should be doable. Would you like to submit a PR on gitlab [1]? [1] https://gitlab.com/libssh/libssh-mirror Regards, -- Jakub Jelen Senior Software Engineer Security Technologies Red Hat, Inc.
Re: ssh_userauth_publickey_auto - file name of the key being unlocked | Václav Kubernát <sir.venceslas@xxxxxxxxx> |
ssh_userauth_publickey_auto - file name of the key being unlocked | Václav Kubernát <sir.venceslas@xxxxxxxxx> |