[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: auth_pubkry callback is only getting called with signature_state == SSH_PUBLICKEY_STATE_NONE


On Saturday, 21 October 2017 20:48:27 CET Eric Bentley wrote:
> I changed the return to SSH_AUTH_SUCCESS and am now I get the second
> authentication attempt and can authenticate.  So is the documentation wrong
> or am doing the wrong (but working) thing?

If signature_state is SSH_PUBLICKEY_STATE_NONE then it is tries if the server 
would accept the public key. You need to compare them and if they match with 
an allowed key for the user, you would return SSH_AUTH_PARTIAL.

The function should be called again with SSH_PUBLICKEY_STATE_VALID. And if the 
key match return SSH_AUTH_SUCCESS else it should be denied.


It is possible that we have a bug in the auth fuctions ...


	Andreas


-- 
Andreas Schneider                   GPG-ID: CC014E3D
www.cryptomilk.org                asn@xxxxxxxxxxxxxx

Archive administrator: postmaster@lists.cynapses.org