Hi Fabrizio,
Most clients will usually first send an auth.request message containing just the public key and not a signature, to test that their public key is acceptable by the server. If that 'test' request succeeds then they will send a second auth request containing both the public key and the signature generated using the client's private key. This is a strategy to save to client some unnecessary processing for generating signatures. There is a Boolean field in the body of the auth.request messages to distinguish between the 'test' and the 'real' request. If that's what is happening in your case then I believe you could still cache the auth state of the public key from the first request. However, when the second request comes in you also need to verify the signature before allowing the client to authenticate. Cheers, Stathis Stathis Voukelatos Senior Software Engineer Linn Products Ltd. Glasgow Road Eaglesham, Glasgow G76 0EQ, UK Tel: +44 (0)141 3035191 Email: [email protected] From: [email protected] [mailto:[email protected]] On Behalf Of Fabrizio Bertocci Sent: 16 March 2012 23:11 To: [email protected] Subject: Multiple auth requests? Hi guys, I'm working on a project that uses dropbear, and I'm modifying the code to add a custom lookup mechanism for pub/priv keys that uses a database instead of a file. While debugging it, I've noticed that the server sometimes receives message type 50 (that I understand it means auth. request) more than once. The server, every time it receives an auth request, always attempts to authenticate the client like it's the first time. To limit the load on the server and reduce the number of calls to the database, I was wondering if somebody (Matt?) can help me understanding if it is safe to 'cache' the auth state (or, since it's already present in ses.authstate, reuse that value) and send back immediately the previous auth state. Unfortunately right now I'm on dropbear 0.52 (it's very stable for me and I'm not very motivated to upgrade to the latest version yet). Any help is highly appreciated!! Regards, Fabrizio
