[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: OFF-TOPIC: SSH authn over TLS?
[Thread Prev] | [Thread Next]
- Subject: Re: OFF-TOPIC: SSH authn over TLS?
- From: Felipe Gasper <felipe@xxxxxxxxxxxxxxxx>
- Reply-to: libssh@xxxxxxxxxx
- Date: Wed, 1 Jul 2020 06:43:38 -0400
- To: libssh@xxxxxxxxxx
> On Jul 1, 2020, at 02:15, Nikos Mavrogiannopoulos <nmav@xxxxxxxxxx> wrote: > > On Tue, Jun 30, 2020 at 1:59 AM Felipe Gasper <felipe@xxxxxxxxxxxxxxxx> wrote: >> >> Hello, >> >> I want to rig up a simple authentication based on SSH keys but over a preexisting TLS connection. >> >> Since TLS already handles the encryption, would the authentication be as simple as verifying a decode of a string that the public key encodes? >> >> Is there any prior art for this? >> >> (I realize this isn’t really on-topic for this list, but I’m not sure where else to ask … ?) > > If you have a TLS channel you could use the raw public key > authentication (rfc7250) feature of TLS to authenticate each party. In > that case it doesn't matter whether you have SSH keys or any other > types of keys, you only need to read them and feed them to your > implementation as raw public keys. That way you stay within the TLS > protocol design. The problem is that we don’t know at TLS time which authentication mechanism will be used: password, or SSH key. Otherwise, yeah, this would be perfect. -F
| Re: OFF-TOPIC: SSH authn over TLS? | Nikos Mavrogiannopoulos <nmav@xxxxxxxxxx> |