On 22 April 2013 12:01, Adi Roiban <a...@roiban.ro> wrote: > Hi, > > In RFC 4252 http://www.ietf.org/rfc/rfc4252.txt for The Secure Shell > (SSH) Authentication Protocol at section 7. Public Key Authentication > Method: "publickey" > > There is the following information about SSH public key signature. > > The value of 'signature' is a signature by the corresponding private key > over the following data, in the following order: > > string session identifier > byte SSH_MSG_USERAUTH_REQUEST > string user name > string service name > string "publickey" > boolean TRUE > string public key algorithm name > string public key to be used for authentication > > When the server receives this message, it MUST check whether the supplied > key is acceptable for authentication, and if so, it MUST check whether the > signature is correct. > > The current code check that key is accepted for authentication and it also > verifies if signature is correct. > > It does not check that session the format of the signed data, especially > if session identifier from signed data is the same as the session of the > the current SSH transport session. > > ----- > > I also found this document describing how ssh public key authentication > works, but it differes from the current conch.ssh userauth.py > implementation... maybe it is for SSH v1 > http://www.unixwiz.net/techtips/ssh-agent-forwarding.html#chal > > ------ > > Shouldn't twisted.conch.checkers.SSHPublicKeyDatabase also check that > session id from signed data match the one from transport session? > > Maybe it does but I am not looking at the right place. > > I see that in conch/checkers.py line 167 > https://github.com/tomprince/twisted/blob/trunk/twisted/conch/checkers.py#L167 > there is this check, which once signature is valid it just returns > avatar_id: > > if pubKey.verify(credentials.signature, > credentials.sigData): > return credentials.username >
I found out that I was wrong and I found how the signed data is generated. Here is the imprtant part: https://github.com/tomprince/twisted/blob/trunk/twisted/conch/ssh/userauth.py#L268 Sorry for the trouble! -- Adi Roiban
_______________________________________________ Twisted-Python mailing list Twisted-Python@twistedmatrix.com http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
