[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Authenticate with pki

On 5/5/21 7:53 PM, John Dunn wrote:
  > Hi John... I've hit this before myself.

You need to call ssh_pki_copy_cert_to_privkey(pubKey, privateKey) after ssh_pki_import_privkey_base64() and before ssh_userauth_publickey() to
add the public key certificate to the private key before authenticating.

Hope that helps!

That did! Thanks!

It's odd that requirement isn't documented as far as I can tell. It's also not used in the authentication example here ( https://gitlab.com/libssh/libssh-mirror/-/blob/master/examples/authentication.c ) either. I wonder if that's only required in some cases, and if that's the case how one would know that it needed to be done.

Interesting. In the original message, there was no mention of the certificates, just public and private keys, which should work as described.

If the certificate is needed for authentication, it indeed, requires loading it beforehand and separately. I do not think we have a lot of documentation about these, but contributing examples for this or updates for documentation, would be welcomed.

Jakub Jelen
Senior Software Engineer
Crypto Team, Security Engineering
Red Hat, Inc.

Authenticate with pkiJohn Dunn <John.Dunn@xxxxxxx>
RE: Authenticate with pkiJeremy Cross <JCross@xxxxxxxxxxxxxxx>
RE: Authenticate with pkiJohn Dunn <John.Dunn@xxxxxxx>
Archive administrator: postmaster@lists.cynapses.org