Hello, I am a new one here, and I am trying to understand this library. I find the doc rather lacking, however the examples are very helpful. (maybe someday I can help improve the doc... but not as a newbie).
I have sshd running on a Linux machine, and I'm connecting from a Windows client app I'm developing. It is working, but there are things I am not clear about. First correct me if I'm wrong, but the protocol seems to use a PKI, but not certificates. So the public/private exchange is used to generate the symmetric key, like SSL, but there is no requirement for a CA. Now connecting as a client, the function libssh2_userauth_publickey_fromfile(...) requires BOTH the public and private key. Why? Having both keys out in the wild seems to be a serious security risk. Also, I've done some testing, and it appears that only the private key is needed. I can NULL out the public key. (and yet the function name is " ... publickey_fromfile" ) Again, why? I have both keys also on the linux server, but it appears (via the conf) that the server only uses the public key. It would seem that putting the public key "out in the wild" and keeping the private key on the server is the normal step, at least when creating SSL handshakes. Would it function if I placed the private key in the authorized_keys file on the server, and used the public key on the client? And educational advice is appreciated. Scott Weber scotty2...@gmail.com
_______________________________________________ libssh2-devel https://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
