On Tue, Jun 30, 2020 at 1:59 AM Felipe Gasper <fel...@felipegasper.com> wrote: > > Hello, > > I want to rig up a simple authentication based on SSH keys but over a > preexisting TLS connection. > > Since TLS already handles the encryption, would the authentication be > as simple as verifying a decode of a string that the public key encodes? > > Is there any prior art for this? > > (I realize this isn’t really on-topic for this list, but I’m not sure > where else to ask … ?)
If you have a TLS channel you could use the raw public key authentication (rfc7250) feature of TLS to authenticate each party. In that case it doesn't matter whether you have SSH keys or any other types of keys, you only need to read them and feed them to your implementation as raw public keys. That way you stay within the TLS protocol design. regards, Nikos