[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ssh_userauth_publickey_auto - file name of the key being unlocked


,Hello,
I'm willing to submit a PR, but I'm not sure if I can figure out the
refactoring myself. I'd be glad if you could give me some pointers on
how to accomplish this whole thing and where I should start.

Václav Kubernát

čt 23. 4. 2020 v 13:38 odesílatel Jakub Jelen <jjelen@xxxxxxxxxx> napsal:
>
> On Thu, 2020-04-23 at 10:47 +0200, Václav Kubernát wrote:
> > Hello,
> > I'm trying to use ssh_userauth_publickey_auto to authenticate to an
> > SSH server. I posted a question on the bug tracker
> > (https://bugs.libssh.org/T217) asking if it was possible to specify a
> > callback for unlocking a key. I was able to set up the callback.
> > However, I found out that the prompt arg the callback gets only reads
> > "Passphrase". So, if I want to prompt the user for the password for
> > the key, the user doesn't know which key he is supposed to unlock. I
> > have already kind of solved the issue by reading and unlocking the
> > key
> > myself, and injecting the callback's private data with the filename,
> > but that meant I had to reimplement most of the "auto" functionality
> > myself, which seems like a waste. The code can be seen here:
> > https://gerrit.cesnet.cz/c/CzechLight/netconf-cli/+/2286/16/src/cli-netconf.cpp#118.
> >
> > What do you think? Is it possible for ssh_userauth_publickey_auto to
> > tell me which key it is currently unlocking via the callback? Or if
> > not, what approach would you suggest?
>
> Hello,
> if the prompt contains only "Passphrase", you are likely unlocking the
> key that is in the new OpenSSH format (see
> src/pki_container_openssh.c). It is called from function
> pki_private_key_decrypt(), which at this moment, does not know the
> actual filename, but adding it to the prompt (also from other key
> formats) would make sense from my point of view.
>
> It will require some refactoring to get the filename to the prompt, but
> it should be doable. Would you like to submit a PR on gitlab [1]?
>
> [1] https://gitlab.com/libssh/libssh-mirror
>
> Regards,
> --
> Jakub Jelen
> Senior Software Engineer
> Security Technologies
> Red Hat, Inc.
>
>

Archive administrator: postmaster@lists.cynapses.org