Subject: Re: [libssh2] Libgcrypt port update

Re: [libssh2] Libgcrypt port update

From: Simon Josefsson <simon_at_josefsson.org>
Date: Fri, 19 Jan 2007 09:16:07 +0100

"Mononen Jussi" <Jussi.Mononen_at_comptel.com> writes:

>>> > I thought this was only about the disk-format, does it
>>> affect the wire
>>> > format also? I'd assume that the protocol clearly specified the
>>> > format of public keys on the wire.
>>> >
>>> The format of the blob which is sent over the wire is fixed and well
>>> defined. It's basicly the base64 decode version of the meaningful
>>> portion of either file (hence my earlier example using the
>>> same base64
>>> sequence in both versions).
>
> Exactly, current version of libssh2 does not know how to extract SECSH
> blob from the key file. Although it is not very important feature to
> recognise SECSH files it is a very trivial addition and can help the end
> user a lot (user may skip converting the keys from one format to
> another).
>
> I've had some problems with commercial SSH servers regarding pubkey
> authentication and due to customers strict policies I can not set up my
> own instance of their server leaving me in a quite awkward position
> debugging-wise. This addition is a one of my shots to the dark, since I
> am getting "Username/PublicKey combination invalid" without any
> explanation from the server why.
>
> If this feature seems to be useless from the majority point of view it
> does not have to be included.

Since RFC 4716 only describes the file format for public keys, would
another (and perhaps better) solution for you not be to actually only
use the private key? It contains the public key, after all, and as
far as I know there is only one widely used format for the public key
files. Then we avoid all the hassles related to the public key file
formats.

One argument may be that you may want to keep those two things apart,
but to be able to do anything useful, libssh2 will need your private
key anyway. So I don't think it matters.

I still don't understand why you get errors from the SERVER though.
The public key that is sent over the wire should be in a well-defined
format, and that shouldn't be related to the disk format, if I
understand correctly. I'd assume that if you don't have a public key
in OpenSSH format in the client, libssh2 will give you a more fatal
error than the error you indicate. Maybe there is some other problem?
Does OpenSSH work against the server?

/Simon

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
libssh2-devel mailing list
libssh2-devel_at_lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/libssh2-devel
Received on 2007-01-19