[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: ssh_userauth_publickey_auto - file name of the key being unlocked
[Thread Prev] | [Thread Next]
- Subject: Re: ssh_userauth_publickey_auto - file name of the key being unlocked
- From: Václav Kubernát <sir.venceslas@xxxxxxxxx>
- Reply-to: libssh@xxxxxxxxxx
- Date: Fri, 24 Apr 2020 14:09:26 +0200
- To: libssh@xxxxxxxxxx
,Hello, I'm willing to submit a PR, but I'm not sure if I can figure out the refactoring myself. I'd be glad if you could give me some pointers on how to accomplish this whole thing and where I should start. Václav Kubernát čt 23. 4. 2020 v 13:38 odesílatel Jakub Jelen <jjelen@xxxxxxxxxx> napsal: > > On Thu, 2020-04-23 at 10:47 +0200, Václav Kubernát wrote: > > Hello, > > I'm trying to use ssh_userauth_publickey_auto to authenticate to an > > SSH server. I posted a question on the bug tracker > > (https://bugs.libssh.org/T217) asking if it was possible to specify a > > callback for unlocking a key. I was able to set up the callback. > > However, I found out that the prompt arg the callback gets only reads > > "Passphrase". So, if I want to prompt the user for the password for > > the key, the user doesn't know which key he is supposed to unlock. I > > have already kind of solved the issue by reading and unlocking the > > key > > myself, and injecting the callback's private data with the filename, > > but that meant I had to reimplement most of the "auto" functionality > > myself, which seems like a waste. The code can be seen here: > > https://gerrit.cesnet.cz/c/CzechLight/netconf-cli/+/2286/16/src/cli-netconf.cpp#118. > > > > What do you think? Is it possible for ssh_userauth_publickey_auto to > > tell me which key it is currently unlocking via the callback? Or if > > not, what approach would you suggest? > > Hello, > if the prompt contains only "Passphrase", you are likely unlocking the > key that is in the new OpenSSH format (see > src/pki_container_openssh.c). It is called from function > pki_private_key_decrypt(), which at this moment, does not know the > actual filename, but adding it to the prompt (also from other key > formats) would make sense from my point of view. > > It will require some refactoring to get the filename to the prompt, but > it should be doable. Would you like to submit a PR on gitlab [1]? > > [1] https://gitlab.com/libssh/libssh-mirror > > Regards, > -- > Jakub Jelen > Senior Software Engineer > Security Technologies > Red Hat, Inc. > >
| ssh_userauth_publickey_auto - file name of the key being unlocked | Václav Kubernát <sir.venceslas@xxxxxxxxx> |
| Re: ssh_userauth_publickey_auto - file name of the key being unlocked | Jakub Jelen <jjelen@xxxxxxxxxx> |