Hi,
I have hacked a bit more on lsh publickey authentication. This time you can
actually log in to an lshd server from an ssh2 client using publickey
authentication, though it's a bit tricky. You'll need to get your ssh2
public keyblob as used in the ssh2 protocol (not as stored in your .ssh2
directory), convert it to SPKI public key, transform it to CANONICAL form,
create an md5 hash of it, and touch $HOME/.lsh/authorization/<md5> into
existence. So it's not quite useful for the end user, but it works. I
release lsh-0.1.6-bazsi, because 1) I plan to move on to client side
publickey auth, 2) I'll be out for the weekend and will not be able to work
at all, so anyone interested can check the code out.
Now, how could you get that md5 hash you'll need for authorization? Create a
public keypair using ssh-keygen2, if you have not yet done so, fire up gdb
lshd, and place a breakpoint to server_authorization.c:92:
balabit:~/ssh/lsh-0.1.6-bazsi/src$ gdb lshd
GNU gdb 4.18
Copyright 1998 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i686-pc-linux-gnu"...
(gdb) b server_authorization.c:92
Breakpoint 1 at 0x8066910: file server_authorization.c, line 92.
(gdb) r -p 1999 -h hostkey
Starting program: /home/bazsi/ssh/lsh-0.1.6-bazsi/src/lshd -p 1999 -h hostkey
The parameter -p 1999 tells lshd to listen on port 1999, and -h hostkey
means to read the hostkey from the current directory. (by default it is read
from /etc/lsh_hostkey). Now fire up ssh2 trying to authenticate using your
previously generated keypair (you'll need to add a line to your
.ssh2/identification file):
balabit:~$ ssh2 -p 1999 localhost
The breakpoint in lshd should fire off:
Breakpoint 1, do_key_lookup (c=0x808e028, keyholder=0x80b39d8, key=0x80b3b48)
at server_authorization.c:92
92 if (stat(filename->data, &st) == 0)
(gdb)
Now to find out the md5 hash lshd looks for:
(gdb) p (char *) filename->data
$1 = 0x80b48ec "/home/bazsi/.lsh/authorization/01b35d4384bfc061db6bc94251f9d1ec"
Touch that file into existance, and you are done. It's not that difficult,
is it?
--
Bazsi
PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1
url: http://www.balabit.hu/pgpkey.txt
PGP signature
