[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: OFF-TOPIC: SSH authn over TLS?


On Tue, Jun 30, 2020 at 1:59 AM Felipe Gasper <felipe@xxxxxxxxxxxxxxxx> wrote:
>
> Hello,
>
>         I want to rig up a simple authentication based on SSH keys but over a preexisting TLS connection.
>
>         Since TLS already handles the encryption, would the authentication be as simple as verifying a decode of a string that the public key encodes?
>
>         Is there any prior art for this?
>
>         (I realize this isn’t really on-topic for this list, but I’m not sure where else to ask … ?)

If you have a TLS channel you could use the raw public key
authentication (rfc7250) feature of TLS to authenticate each party. In
that case it doesn't matter whether you have SSH keys or any other
types of keys, you only need to read them and feed them to your
implementation as raw public keys. That way you stay within the TLS
protocol design.

regards,
Nikos


Follow-Ups:
Re: OFF-TOPIC: SSH authn over TLS?Felipe Gasper <felipe@xxxxxxxxxxxxxxxx>
Archive administrator: postmaster@lists.cynapses.org