Hi, In RFC 4252 http://www.ietf.org/rfc/rfc4252.txt for The Secure Shell (SSH) Authentication Protocol at section 7. Public Key Authentication Method: "publickey"
There is the following information about SSH public key signature. The value of 'signature' is a signature by the corresponding private key over the following data, in the following order: string session identifier byte SSH_MSG_USERAUTH_REQUEST string user name string service name string "publickey" boolean TRUE string public key algorithm name string public key to be used for authentication When the server receives this message, it MUST check whether the supplied key is acceptable for authentication, and if so, it MUST check whether the signature is correct. The current code check that key is accepted for authentication and it also verifies if signature is correct. It does not check that session the format of the signed data, especially if session identifier from signed data is the same as the session of the the current SSH transport session. ----- I also found this document describing how ssh public key authentication works, but it differes from the current conch.ssh userauth.py implementation... maybe it is for SSH v1 http://www.unixwiz.net/techtips/ssh-agent-forwarding.html#chal ------ Shouldn't twisted.conch.checkers.SSHPublicKeyDatabase also check that session id from signed data match the one from transport session? Maybe it does but I am not looking at the right place. I see that in conch/checkers.py line 167 https://github.com/tomprince/twisted/blob/trunk/twisted/conch/checkers.py#L167 there is this check, which once signature is valid it just returns avatar_id: if pubKey.verify(credentials.signature, credentials.sigData): return credentials.username Thanks! -- Adi Roiban
_______________________________________________ Twisted-Python mailing list Twisted-Python@twistedmatrix.com http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python