Hi Felipe,
In SSH, all authentication schemes are signature-based. Specifically
user authentication is based on signing the master hash that's derived
from key exchange (i.e. everything that was shared by peers + shared
secret). SSH ensures that the authentication is safe because it's
impossible for either party to replay or precompute that hash. I don't
think TLS would let you extract or derive secrets based on the session's
secret. You could craft an authentication protocol inspired by SSH on
top of TLS but you'd have to ensure that the challenges are immune to
replay, but in that case it wouldn't be simple anymore.
TLS has built-in support for client certificates. It's not very
straightforward but it might be the way to go if you insist on having
public key authentication.
Regards,
Aris
Le 30/06/20 à 01:50, Felipe Gasper a écrit :
Hello,
I want to rig up a simple authentication based on SSH keys but over a
preexisting TLS connection.
Since TLS already handles the encryption, would the authentication be
as simple as verifying a decode of a string that the public key encodes?
Is there any prior art for this?
(I realize this isn’t really on-topic for this list, but I’m not sure
where else to ask … ?)
Thank you!
-Felipe Gasper
Ontario, Canada
