Re: public key authentication & apache
The ssh tools don't export the operations (signing, checking signatures). I looked into teases them out out of the code, for example authfd.c has the signing code. One could create a command to bootstrap an authenticated session and then hand it off to the browser. Bridging auth to unlocked keys available in client side session state (like ssh-agent) is a good thing. Hooking it into some browsers is intentionally difficult. Which is one reason why Liberty was designed to allow "zero-install" on the clients/browsers. - ben On Tuesday, October 15, 2002, at 03:54 AM, Dirk-Willem van Gulik wrote: > > > On Mon, 14 Oct 2002, Ian Holsman wrote: > >> I was wondering if anyone knows of something (preferably using >> openSSH) >> which would allow Apache to authenticate via a SSH keypair. > >> what i would like ideally is for the browser to use the >> passwords/pass-phrases of the ssh-agent running on the local machine >> to execute something remotely without the middleman (web-server) >> requiring to know the passphrase/private key of the user > > I've once had to do this - but it was hard to get it working > properly/perform decently - as, if you are not careful, the negotiation > needs to be done again and again. > > If all you want is making sure that the web server does not know the > password; there are a lot of one way crypt/digest things one can do to > solve that. Even standard crypt()ed passwords go a long way. > > Dw > >
Re: public key authentication & apache
On Mon, 14 Oct 2002, Ian Holsman wrote: > I was wondering if anyone knows of something (preferably using openSSH) > which would allow Apache to authenticate via a SSH keypair. > what i would like ideally is for the browser to use the > passwords/pass-phrases of the ssh-agent running on the local machine > to execute something remotely without the middleman (web-server) > requiring to know the passphrase/private key of the user I've once had to do this - but it was hard to get it working properly/perform decently - as, if you are not careful, the negotiation needs to be done again and again. If all you want is making sure that the web server does not know the password; there are a lot of one way crypt/digest things one can do to solve that. Even standard crypt()ed passwords go a long way. Dw
Re: public key authentication & apache
On Mon, 14 Oct 2002, Ian Holsman wrote: > I was wondering if anyone knows of something (preferably using openSSH) > which would allow Apache to authenticate via a SSH keypair. what i would > like ideally is for the browser to use the passwords/pass-phrases of the > ssh-agent running on the local machine to execute something remotely > without the middleman (web-server) requiring to know the > passphrase/private key of the user Well, it's not precisely the same thing, but that's what SSL client certificates are used for... --Cliff
public key authentication & apache
I was wondering if anyone knows of something (preferably using openSSH) which would allow Apache to authenticate via a SSH keypair. what i would like ideally is for the browser to use the passwords/pass-phrases of the ssh-agent running on the local machine to execute something remotely without the middleman (web-server) requiring to know the passphrase/private key of the user