ssh-publickeyd, a RFC 4819 server
This is a server implementation of VanDyke's RFC 4819 public key management protocol for SSHv2, which lets clients upload authorized SSH keys without needing to know implementation details. In the future it might also support RFC 7076.
Configuring OpenSSH server
Add the following to your
Subsystem publickey /usr/local/bin/ssh-publickeyd Subsystem email@example.com /usr/local/bin/ssh-publickeyd
You'll also need nullroute.authorized_keys somewhere Python can find it. Apologies for not making it a proper pip module yet.
Writing a client
publickeyd is meant to be invoked as a SSH subsystem, for example, using
ssh -s foo.example.com publickey or libssh2_channel_subsystem() (example).
However, the only difference between normal commands (
ssh foo whoami) and subsystems is that the latter have a well-known name. Otherwise they work like regular commands and speak over stdin/stdout.
- VanDyke SecureCRT (did most of the testing on this)
- Bitvise Tunnelier (apparently, but untested)
- Multinet SSH (untested)
- there is a wishlist entry for PuTTY
- no OpenSSH yet
- VanDyke VShell
- Bitvise WinSSHd
- Multinet SSH