From 94b31eda29d6fbd0b975f392f5a99cbfd635f161 Mon Sep 17 00:00:00 2001
From: Matt Johnston <matt@ucc.asn.au>
Date: Wed, 31 Aug 2022 00:22:59 +0800
Subject: [PATCH] adding openssh pubkey auth
---
async/examples/serv1.rs | 15 ++++++++++++++-
sshproto/src/packets.rs | 16 ++++++++++++++++
2 files changed, 30 insertions(+), 1 deletion(-)
diff --git a/async/examples/serv1.rs b/async/examples/serv1.rs
index 7139e69..e2df57e 100644
--- a/async/examples/serv1.rs
+++ b/async/examples/serv1.rs
@@ -131,13 +131,26 @@ impl ServBehaviour for DemoServer {
}
fn have_auth_pubkey(&self, user: TextString) -> bool {
- false
+ true
}
fn auth_password(&mut self, user: TextString, password: TextString) -> bool {
user.as_str().unwrap_or("") == "matt" && password.as_str().unwrap_or("") == "pw"
}
+ fn auth_pubkey(&mut self, user: TextString, pubkey: &PubKey) -> bool {
+ if user.as_str().unwrap_or("") != "matt" {
+ return false
+ }
+
+ // key is tested1
+ pubkey.matches_openssh("ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMkNdReJERy1rPGqdfTN73TnayPR+lTNhdZvOgkAOs5x")
+ .unwrap_or_else(|e| {
+ warn!("Failed loading openssh key: {e}");
+ false
+ })
+ }
+
fn open_session(&mut self, chan: u32) -> ChanOpened {
if self.sess.is_some() {
ChanOpened::Failure(ChanFail::SSH_OPEN_ADMINISTRATIVELY_PROHIBITED)
diff --git a/sshproto/src/packets.rs b/sshproto/src/packets.rs
index 600a4f1..42003bb 100644
--- a/sshproto/src/packets.rs
+++ b/sshproto/src/packets.rs
@@ -252,6 +252,22 @@ impl<'a> PubKey<'a> {
PubKey::Unknown(u) => Err(u),
}
}
+
+ pub fn matches_openssh(&self, k: &str) -> Result<bool> {
+ let k = ssh_key::PublicKey::from_openssh(k)
+ .map_err(|_| {
+ Error::msg("Unsupported OpenSSH key")
+ })?;
+
+ let m = match (k.key_data(), self) {
+ (ssh_key::public::KeyData::Ed25519(kssh),
+ PubKey::Ed25519(kself)) => {
+ kssh.0 == kself.key.0
+ }
+ _ => false,
+ };
+ Ok(m)
+ }
}
--
GitLab