Skip to content

grawity/ssh-publickeyd

main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
doc
 
 
 
 
 
 

ssh-publickeyd, a RFC 4819 server

This is a server implementation of VanDyke's RFC 4819 public key management protocol for SSHv2, which lets clients upload authorized SSH keys without needing to know implementation details. In the future it might also support RFC 7076.

Configuring OpenSSH server

Add the following to your /etc/ssh/sshd_config:

Subsystem  publickey              /usr/local/bin/ssh-publickeyd
Subsystem  publickey@vandyke.com  /usr/local/bin/ssh-publickeyd

You'll also need nullroute.authorized_keys somewhere Python can find it. Apologies for not making it a proper pip module yet.

Writing a client

publickeyd is meant to be invoked as a SSH subsystem, for example, using ssh -s foo.example.com publickey or libssh2_channel_subsystem() (example).

However, the only difference between normal commands (ssh foo whoami) and subsystems is that the latter have a well-known name. Otherwise they work like regular commands and speak over stdin/stdout.

After connecting, speak the RFC 4819 protocol. Its structure follows the main SSH protocol (binary length+data packets); see RFC 4251 §5 for a short reference.

Known clients

  • VanDyke SecureCRT (did most of the testing on this)
  • Bitvise Tunnelier (apparently, but untested)
  • Multinet SSH (untested)
  • there is a wishlist entry for PuTTY
  • no OpenSSH yet

Known servers

  • VanDyke VShell
  • Bitvise WinSSHd
  • Multinet SSH
  • ssh-publickeyd!

About

Server-side implementation of RFC 4819

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages