It’s very rough, but: https://gist.github.com/FGasper/4fb5b702489b9eb12c2133e9da5c5beb
-FG > On Jun 30, 2020, at 3:40 PM, Alberto Garcia <[email protected]> wrote: > > Hi, > Can you share that code to take a look at it? > > Thanks > > On Tue, Jun 30, 2020 at 11:28 AM Felipe Gasper <[email protected]> > wrote: > Hi Aris, > > I got a proof-of-concept up of a workflow that uses libssh to do key exchange > and then public key authn on preexisting sockets, then drops the SSH session > entirely, leaving the preexisting sockets up. That may be what we end up > doing. > > It would be much simpler just to do: > > - Server sends a secret. > - Client signs the secret, sends the signature and key. > - Server verifies the signature on the key, and the key’s authz on the > account. > > … which would seem to thwart replay attacks, but I’m not sure what else we’d > be missing, and we’d be “on the hook” for maintaining basically our own > custom “pseudo-SSH”, which doesn’t sound very appetizing. > > TLS client certs would involve setting up a CA or using a commercial one, > both of which sound like workflow problems. > > Anyhow, thank you for your response! > > -FG > > > > On Jun 30, 2020, at 2:04 PM, Aris Adamantiadis <[email protected]> wrote: > > > > Hi Felipe, > > > > In SSH, all authentication schemes are signature-based. Specifically user > > authentication is based on signing the master hash that's derived from key > > exchange (i.e. everything that was shared by peers + shared secret). SSH > > ensures that the authentication is safe because it's impossible for either > > party to replay or precompute that hash. I don't think TLS would let you > > extract or derive secrets based on the session's secret. You could craft an > > authentication protocol inspired by SSH on top of TLS but you'd have to > > ensure that the challenges are immune to replay, but in that case it > > wouldn't be simple anymore. > > > > TLS has built-in support for client certificates. It's not very > > straightforward but it might be the way to go if you insist on having > > public key authentication. > > > > Regards, > > > > Aris > > > > Le 30/06/20 à 01:50, Felipe Gasper a écrit : > >> Hello, > >> > >> I want to rig up a simple authentication based on SSH keys but over a > >> preexisting TLS connection. > >> > >> Since TLS already handles the encryption, would the authentication be > >> as simple as verifying a decode of a string that the public key encodes? > >> > >> Is there any prior art for this? > >> > >> (I realize this isn’t really on-topic for this list, but I’m not sure > >> where else to ask … ?) > >> > >> Thank you! > >> > >> -Felipe Gasper > >> Ontario, Canada > > > > > > > -- > Alberto García Illera > > GPG Public Key
