Thomas Wolf created SSHD-1170:
---------------------------------
Summary: OpenSSH certificates: handle ssh config CertificateFile
Key: SSHD-1170
URL: https://issues.apache.org/jira/browse/SSHD-1170
Project: MINA SSHD
Issue Type: Improvement
Affects Versions: 2.7.1
Reporter: Thomas Wolf
{{SshClient.doConnect()}} handles creating {{PrivateKeyIdentity}} objects to be
used in {{UserAuthPublicKey}} from the host entry's {{IdentityFile}}
configuration.
A similar mechanism is needed for {{CertificateFile}}, combining a *-cert
public key with a private key, or *-cert.pub file with a matching private key
file.
See [sshconnect2.c in
OpenSSH|https://github.com/openssh/openssh-portable/blob/c4902e1/sshconnect2.c#L1620]
for the expected order in which to try public keys.
Care must be taken that constructing this (or a similar) order of keys doesn't
load the private keys yet. One wouldn't want to load private keys that in the
end are unused -- if these unused private keys are passphrase-protected, the
user might be asked for far too many passphrases.
See also https://man.openbsd.org/ssh_config#CertificateFile .
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
