[
https://issues.apache.org/jira/browse/SSHD-1161?focusedWorklogId=597415&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-597415
]
ASF GitHub Bot logged work on SSHD-1161:
----------------------------------------
Author: ASF GitHub Bot
Created on: 16/May/21 18:43
Start Date: 16/May/21 18:43
Worklog Time Spent: 10m
Work Description: tomaswolf edited a comment on pull request #194:
URL: https://github.com/apache/mina-sshd/pull/194#issuecomment-841858902
Good points. I suggest we do both in follow-up changes.
* Validation of the certificate type would also have to happen in the
server-side code (client certificate presented in pubkey auth, and don't
consider and log host keys that are client certificates?) and in client-side
code (host certificate in presented as host key, and in pubkey auth skip and
log certificates that are not client certificates?), and need additional tests
for these cases.
* The clean-up for determining the signature algorithm name could be done
separately anyway. Needs a little thought, too. I like FliegenKLATSCH's
approach with the method on `Signature`, but unfortunately the logic in
`UserAuthPublicKey` is a bit different and we don't have direct access to the
`Signature`object there.
However, I'll make one more change in `ClientOpenSSHCertificatesTest`:
derive it from `BaseTestSupport` and then use `setupTestClient()` instead of
`SshClient.setUpDefaultClient()`. That way, the test will _not_ read the real
`~/.ssh/config`.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
Issue Time Tracking
-------------------
Worklog Id: (was: 597415)
Remaining Estimate: 19h 50m (was: 20h)
Time Spent: 4h 10m (was: 4h)
> Support OpenSSH client certificates for publickey authentication
> ----------------------------------------------------------------
>
> Key: SSHD-1161
> URL: https://issues.apache.org/jira/browse/SSHD-1161
> Project: MINA SSHD
> Issue Type: New Feature
> Reporter: Alex Sherwin
> Priority: Major
> Original Estimate: 24h
> Time Spent: 4h 10m
> Remaining Estimate: 19h 50m
>
> Support OpenSSH client certificates for publickey authentication
> This extends the existing publickey authentication protocol described in RFC
> 4252 Section 7: https://datatracker.ietf.org/doc/html/rfc4252#section-7
> The extensions are described in
> [https://cvsweb.openbsd.org/src/usr.bin/ssh/PROTOCOL.certkeys?annotate=HEAD]
> Currently the MINA code base supports host key certificates (where the client
> can optionally validate a host certificate), but client certificates are not
> supported (where the client can use a certificate for authentication to the
> server)
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
