[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Using keyboard-interactive and publickey in the same server
[Thread Prev] | [Thread Next]
- Subject: Re: Using keyboard-interactive and publickey in the same server
- From: Jakub Jelen <jjelen@xxxxxxxxxx>
- Reply-to: libssh@xxxxxxxxxx
- Date: Mon, 10 Mar 2025 09:58:43 +0100
- To: libssh@xxxxxxxxxx
Heya, I do not think there should be anything preventing implementing this server in libssh. If you are starting new project, please make sure you use a callback based api, for example in examples/ssh_server.c: https://gitlab.com/libssh/libssh-mirror/-/blob/master/examples/ssh_server.c We have some more example servers that use the old deprecated API, so please do not use these. The other place to check could be the existing test server that use this new API: https://gitlab.com/libssh/libssh-mirror/-/tree/master/tests/server/test_server/ Note, that libssh does not hold any information about the authentication result -- its your application to decide the success or failure based on what is provided by the user by return values from the callbacks. For example for the public key authentication in the following callback in the test server lets any public key in: https://gitlab.com/libssh/libssh-mirror/-/blob/master/tests/server/test_server/default_cb.c?ref_type=heads#L88 You should also be able to use the `SSH_AUTH_PARTIAL` return value to say the authentication worked, but you need some more methods to succeed before accepting the user. And between the callbacks, its the application and developer task to keep track of these. Jakub On Sun, Mar 9, 2025 at 8:44 AM Runxi Yu <me@xxxxxxxxxxx> wrote: > > Hi all, > > I am trying to port https://git.sr.ht/~runxiyu/forge from Go to C > because of garbage collection issues and other reasons. I'm considering > using libssh for the SSH server, but I'm not sure if it'll work for my > use-case. > > I currently use gliderlabs's SSH server in Go like this > > PublicKeyHandler: func(ctx glider_ssh.Context, key glider_ssh.PublicKey) bool { return true }, > KeyboardInteractiveHandler: func(ctx glider_ssh.Context, challenge go_ssh.KeyboardInteractiveChallenge) bool { return true }, > > Essentially, I want to accept all connections; but by setting up both a > public key handler and a keyboard interactive handler, effectively I can > let all users log in without any auth, and get their public key if they > have one, and let them in anonymously if they don't. > > Is this possible with libssh? I think it's possible with > ssh_message_auth_publickey_state, but that seems to be deprecated in > favor of the callback-based API, which doesn't seem to support > keyboard-interactive. > > -- > Thanks, > > Runxi Yu (they/them) > Y11 Student > E306, E House > Songjiang Campus > YK Pao School > >
| Using keyboard-interactive and publickey in the same server | "Runxi Yu" <me@xxxxxxxxxxx> |