Daiki Ueno wrote:
> Thanks for the response. Indeed I realized that the code to talk to
> ssh-agent is too complicated to let users write it by themselves.
Yes, I agree.
> > Also note that Pageant is the de-facto standard agent in Windows
> > and it uses different IPC than the OpenSSH agent, so that needs
> > to be abstracted. Ideally we would also support OpenSSH ssh-agent
> > on Cygwin, which probably uses yet another form of IPC.
>
> All of them seem to use the same command set as OpenSSH's ssh-agent,
> though I need some experiment on Windows.
That's great! The low-level IPC will be different though, but that
should not be so difficult to abstract.
> How about the following API?
>
> #include <libssh2.h>
> #include <libssh2_agent.h>
Not sure we want a new header file for agent support? I think it
could go directly into libssh2.h.
> int main(void)
> {
> LIBSSH2_AGENT *agent;
> LIBSSH2_PUBLICKEY *identities;
> int nidentities, i;
>
> ...
> /* Connect to ssh-agent (Peagent here) */
> agent = libssh2_agent_connect_peagent(session);
Note that the PuTTY agent's name is pageant :)
> /* Request a list of identities */
> libssh2_agent_list_identities(agent, &identities, &nidentities);
>
> /* Try to authenticate with identities one by one */
> for (i = 0; i < nidentities; i++) {
> /* Skip identities which we don't want to use */
> if (...) {
> continue;
> }
> if (libssh2_userauth_agent(session, username, &identities[i])) {
> printf("\tAuthentication by public key %s failed!\n",
> identities[i].comment);
> } else {
> printf("\tAuthentication by public key %s succeeded!\n",
> identities[i].comment);
> break;
> }
> }
..
> If it looks OK, I will try to implement it this weekend.
I think this looks fantastic. :)
> BTW, I wanted ssh-agent suppurt for NetworkManager-openssh, which
> internally uses libssh2, to be better integrated with gnome-keyring:
>
> http://github.com/ueno/network-manager-openssh
The README says:
* How does it work
NetworkManager-openssh internally spawns a setuid'ed process which
does the actual job of relaying IP/Ethernet packets over SSH.
But you want to try to use libssh2 instead? Cool! Note that
[email protected] isn't supported in libssh2 currently, but it could
of course be added.
//Peter
_______________________________________________
libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
