How to access user certificate in auth_pubkey_function

[Chidanand Gangur <chidanand.gangur@xxxxxxxxx>]

Hello Everyone,


I am trying to implement a SSH proxy. In the process of learning I am
trying out libssh*/examples/ssh_server.c.

I was able to complie and run the server.


I am trying public key based authentication.

On the client side I am connecting using following command:

ssh -p 2222 -vv -i ./id_rsa user@192.168.64.2


I am running ssh_server like this ( I have done some minor modifications
w.r.t argp and have retained only pthread based solution)


./ssh_server -a ./id_rsa.pub -r ./ssh_host_rsa_key  -p 2222 -v 0.0.0.0


With this I am able to login successfully on the server.


The second case which I tried was to sign the user key with CA. This
resulted me with id_rsa-cert.pub on client side.


I tried the same exercise to connect to the server.

On server side in auth_publickey function I  added 2 prints to print


1. ssh_key_type

2.  ssh_key_is_public


The first function ssh_key_type resulted as SSH_KEYTYPE_RSA  value 2 and
the second function returned as  1 (is_public ).

I was expecting it to be print SSH_KEYTYPE_RSA_CERT01   and 1.


My Question:


In auth_publickey  I want to access the user certificate and then verify
the CA signature.  Instead of verifying the authorisedKeys  I want to
verify it against CA pub key.

A functionality similar to Configuring TrustedUserCAKeys in openssh server.


How can I get hold of the user certificate ?


In  ssh_key_struct I see there is a member variable


  ssh_buffer cert;

    *enum* ssh_keytypes_e cert_type;

};


I did not find any function to access the ssh_key->cert.


Please point me to some code reference or documentation.


Thanks,

Chidanand