On Tuesday 13 January 2015 11:13:48 Michal Vaško wrote:
> Hi,
>
> I managed to implement a server with public key verification as one of the
> supported authentication methods. I set "ssh_server_cb" structure with the
> "auth_pubkey_function" callback that is correctly called. My problem is
> that if someone has a valid public key, they can authenticate themselves
> with any username, because I cannot find the information where the public
> key came from in the server, only that it is valid (the signature_state
> argument). Can you suggest, please, an elegant way of solving this? Thank
> you.
The public key is sent by the user to the server. You have to verify in the
callback function that the key is valid (ssh_key_cmp). The result you have to
return depends on the signature_state and the result of the public key
comparison.
See rfc4252 section 7
key probe -> key ok -> return PARTIAL
key and valid sig -> key ok -> return SUCCESS
Cheers,
-- andreas
--
Andreas Schneider GPG-ID: CC014E3D
www.cryptomilk.org [email protected]
