Hello Everyone, I found the problem. Only when we issue an ssh command using "-o CertificateFile=yourcert" the certificate can be fetched in auth_pubkey_function.
Thanks, Chidanand On Fri, Sep 5, 2025 at 3:49 PM Chidanand Gangur <chidanand.gan...@gmail.com> wrote: > Hello Everyone, > > > I am trying to implement a SSH proxy. In the process of learning I am > trying out libssh*/examples/ssh_server.c. > > I was able to complie and run the server. > > > I am trying public key based authentication. > > On the client side I am connecting using following command: > > ssh -p 2222 -vv -i ./id_rsa user@192.168.64.2 > > > I am running ssh_server like this ( I have done some minor modifications > w.r.t argp and have retained only pthread based solution) > > > ./ssh_server -a ./id_rsa.pub -r ./ssh_host_rsa_key -p 2222 -v 0.0.0.0 > > > With this I am able to login successfully on the server. > > > The second case which I tried was to sign the user key with CA. This > resulted me with id_rsa-cert.pub on client side. > > > I tried the same exercise to connect to the server. > > On server side in auth_publickey function I added 2 prints to print > > > 1. ssh_key_type > > 2. ssh_key_is_public > > > The first function ssh_key_type resulted as SSH_KEYTYPE_RSA value 2 and > the second function returned as 1 (is_public ). > > I was expecting it to be print SSH_KEYTYPE_RSA_CERT01 and 1. > > > My Question: > > > In auth_publickey I want to access the user certificate and then verify > the CA signature. Instead of verifying the authorisedKeys I want to > verify it against CA pub key. > > A functionality similar to Configuring TrustedUserCAKeys in openssh server. > > > > How can I get hold of the user certificate ? > > > In ssh_key_struct I see there is a member variable > > > ssh_buffer cert; > > *enum* ssh_keytypes_e cert_type; > > }; > > > I did not find any function to access the ssh_key->cert. > > > Please point me to some code reference or documentation. > > > Thanks, > > Chidanand >
