On Tuesday 13 January 2015 11:13:48 Michal Vaško wrote: > Hi, > > I managed to implement a server with public key verification as one of the > supported authentication methods. I set "ssh_server_cb" structure with the > "auth_pubkey_function" callback that is correctly called. My problem is > that if someone has a valid public key, they can authenticate themselves > with any username, because I cannot find the information where the public > key came from in the server, only that it is valid (the signature_state > argument). Can you suggest, please, an elegant way of solving this? Thank > you.
The public key is sent by the user to the server. You have to verify in the callback function that the key is valid (ssh_key_cmp). The result you have to return depends on the signature_state and the result of the public key comparison. See rfc4252 section 7 key probe -> key ok -> return PARTIAL key and valid sig -> key ok -> return SUCCESS Cheers, -- andreas -- Andreas Schneider GPG-ID: CC014E3D www.cryptomilk.org a...@cryptomilk.org