I have a C++ application that uses the
libssh2_userauth_publickey_frommemory api when running commands on
remote servers. I'm using libssh2 1.8.0.
The application has been working fine with normal keys for 6 or so years
now but I now need it to work with user certificates.
https://support.ssh.com/manuals/server-admin/64/userauth-cert.html
Our new key generation logic produces a private key, a pub key and a pub
cert.
-rw------- 1 587204286 587204286 411 Jan 22 14:02 id_ed25519
-rw-r--r-- 1 587204286 587204286 101 Jan 22 14:02 id_ed25519.pub
-rw-r--r-- 1 587204286 587204286 1891 Jan 23 17:17 id_ed25519-cert.pub
They work properly with the normal ssh command.
[Wed Jan 23 17:26:39] root_at_mon034.bur:~/src/event_ssh-src# ssh -i
.ssh/id_ed25519 root_at_cache101.cha "uptime"
18:52:21 up 85 days, 13:14, 1 user, load average: 4.64, 4.33, 4.22
Prior to this I've always passed a NULL and 0 for the public key string
and length.
Trying to get the user certificate to work I've been trying to pass it
(id_ed25519-cert.pub's content) in as the public key. I've also tried it
as the private key and a few other combinations.
But keep getting
[Wed Jan 23 18:51:26] root_at_mon034.bur:~/src/event_ssh-src#
build/src/event_ssh --canary="" --cmd=uptime --servers=cache101.cha
--user=root --key=.ssh/id_ed25519 --pub-key=.ssh/id_ed25519-cert.pub
read priv key from .ssh/id_ed25519
read pub key from .ssh/id_ed25519-cert.pub
called libssh2_userauth_publickey_frommemory, username: root, pub key
len: 1891, priv key len: 411
[1/1] cache101.cha Authentication by public key failed, rc: -19,
The username/public key combination was invalid.
Has anyone gotten authentication with user certificates to work with
libssh2, if so what needs to be done differently compared to just using
a normal private key?
Thanks,
Scott Yeager
_______________________________________________
libssh2-devel https://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
Received on 2019-01-23