[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: OFF-TOPIC: SSH authn over TLS?
[Thread Prev] | [Thread Next]
- Subject: Re: OFF-TOPIC: SSH authn over TLS?
- From: Nikos Mavrogiannopoulos <nmav@xxxxxxxxxx>
- Reply-to: libssh@xxxxxxxxxx
- Date: Wed, 1 Jul 2020 08:14:12 +0200
- To: libssh@xxxxxxxxxx
On Tue, Jun 30, 2020 at 1:59 AM Felipe Gasper <felipe@xxxxxxxxxxxxxxxx> wrote: > > Hello, > > I want to rig up a simple authentication based on SSH keys but over a preexisting TLS connection. > > Since TLS already handles the encryption, would the authentication be as simple as verifying a decode of a string that the public key encodes? > > Is there any prior art for this? > > (I realize this isn’t really on-topic for this list, but I’m not sure where else to ask … ?) If you have a TLS channel you could use the raw public key authentication (rfc7250) feature of TLS to authenticate each party. In that case it doesn't matter whether you have SSH keys or any other types of keys, you only need to read them and feed them to your implementation as raw public keys. That way you stay within the TLS protocol design. regards, Nikos
| Re: OFF-TOPIC: SSH authn over TLS? | Felipe Gasper <felipe@xxxxxxxxxxxxxxxx> |