On Mon, Oct 18, 2010 at 14:24, <hy...@web.de> wrote: > I have a general Question about the PublickeyAuthenticator - it's an > interface and I haven't found any sample implementation of it. > I have public keys from a client application that should connect to my > server. I can put them in the .ssh/authenticated_keys file or store them > separately. If I am using the Apache SSHD and SshServer, do I have to check > the validity of the incoming client key manually during the establishment of > the connection from client side? Does this actually mean that I have to > implement the PublickeyAuthenticator.authenticate(String username, PublicKey > key, ServerSession session) method and compare the parameter "key" with the > locally stored key file?
Yes. The authenticator is invoked once for each key the client presents during authentication. Your implementation needs to see if the supplied key is on the list of authorized keys for the given username, if it is you return true, if it is not, you return false. When your implementation returns true, MINA SSHD will verify that the client actually has the private half of the key pair. If it does, your authenticator will be called a second time with that key. If you still return true, the client will be authenticated.
