Hello Everyone,
I am trying to implement a SSH proxy. In the process of learning I am
trying out libssh*/examples/ssh_server.c.
I was able to complie and run the server.
I am trying public key based authentication.
On the client side I am connecting using following command:
ssh -p 2222 -vv -i ./id_rsa user@192.168.64.2
I am running ssh_server like this ( I have done some minor modifications
w.r.t argp and have retained only pthread based solution)
./ssh_server -a ./id_rsa.pub -r ./ssh_host_rsa_key -p 2222 -v 0.0.0.0
With this I am able to login successfully on the server.
The second case which I tried was to sign the user key with CA. This
resulted me with id_rsa-cert.pub on client side.
I tried the same exercise to connect to the server.
On server side in auth_publickey function I added 2 prints to print
1. ssh_key_type
2. ssh_key_is_public
The first function ssh_key_type resulted as SSH_KEYTYPE_RSA value 2 and
the second function returned as 1 (is_public ).
I was expecting it to be print SSH_KEYTYPE_RSA_CERT01 and 1.
My Question:
In auth_publickey I want to access the user certificate and then verify
the CA signature. Instead of verifying the authorisedKeys I want to
verify it against CA pub key.
A functionality similar to Configuring TrustedUserCAKeys in openssh server.
How can I get hold of the user certificate ?
In ssh_key_struct I see there is a member variable
ssh_buffer cert;
*enum* ssh_keytypes_e cert_type;
};
I did not find any function to access the ssh_key->cert.
Please point me to some code reference or documentation.
Thanks,
Chidanand
