Support OpenSSH with certificate user authentication #15183

AliveDevil · 2023-10-09T11:32:10Z

Feature 8.0 mentions support for SSH certificates due to support in SSHJ (v0.32.0), but requires setup to work properly.
In 8.0 Public Key Authentication is used as

cyberduck/ssh/src/main/java/ch/cyberduck/core/sftp/auth/SFTPPublicKeyAuthentication.java

Line 96 in 6584993

    
           provider.init(new InputStreamReader(identity.getInputStream(), StandardCharsets.UTF_8), new PasswordFinder() {

We'd need to forward the absolute file path to SSHJ in order to get SSH certificates to work properly, like:

public static File getPublicKeyFile(File privateKeyFile) {
    File pubKey = new File(privateKeyFile + "-cert.pub");
    if (!pubKey.exists()) {
        pubKey = new File(privateKeyFile + ".pub");
    }
    if (pubKey.exists()) {
        return pubKey;
    }
    return null;
}

https://github.com/hierynomus/sshj/blob/ff4a4774bd1e3d45e9e796c2b17ef835e7e6d67f/src/main/java/com/hierynomus/sshj/userauth/keyprovider/OpenSSHKeyFileUtil.java#L32-L41

or, based on contract, call initPublicKey after init:

https://github.com/hierynomus/sshj/blob/ff4a4774bd1e3d45e9e796c2b17ef835e7e6d67f/src/main/java/net/schmizz/sshj/userauth/keyprovider/OpenSSHKeyFile.java#L88-L92

The text was updated successfully, but these errors were encountered:

Fix #15183.

This reverts commit d823292.

dkocher · 2023-10-23T19:53:03Z

Reverted in 59e1843.

This reverts commit d823292.

AliveDevil added bug sftp SFTP Protocol Implementation labels Oct 9, 2023

AliveDevil assigned dkocher Oct 9, 2023

dkocher added a commit that referenced this issue Oct 10, 2023

Fix #15183.

d823292

dkocher added this to the 8.7.0 milestone Oct 10, 2023

dkocher linked a pull request Oct 10, 2023 that will close this issue

Fix #15183. #15187

Merged

dkocher closed this as completed in #15187 Oct 10, 2023

dkocher added a commit that referenced this issue Oct 10, 2023

Merge pull request #15187 from iterate-ch/bugfix/GH-15183

0e4faf8

Fix #15183.

dkocher mentioned this issue Oct 23, 2023

No initialization of public key depending on constructor usage of file key provider hierynomus/sshj#907

Closed

dkocher added a commit that referenced this issue Oct 23, 2023

Revert "Fix #15183."

59e1843

This reverts commit d823292.

dkocher reopened this Oct 23, 2023

dkocher modified the milestones: 8.7.0, 8.7.1 Oct 23, 2023

dkocher added a commit that referenced this issue Oct 23, 2023

Fix #15183.

d9e7e17

dkocher linked a pull request Oct 23, 2023 that will close this issue

Attempt to load public key when available #15254

Merged

dkocher closed this as completed in e746cc9 Oct 25, 2023

dkocher reopened this Oct 25, 2023

dkocher added a commit that referenced this issue Oct 26, 2023

Revert "Fix #15183."

94b842b

This reverts commit d823292.

dkocher modified the milestones: 8.7.1, 8.7.2 Nov 3, 2023

dkocher modified the milestones: 8.7.2, 8.7.3 Jan 10, 2024

dkocher modified the milestones: 8.8.0, 8.8.1, 8.8.2 Mar 8, 2024

dkocher modified the milestones: 8.8.2, 8.8.3 Apr 8, 2024

dkocher added a commit that referenced this issue Apr 29, 2024

Fix #15183.

e156626

dkocher added a commit that referenced this issue May 8, 2024

Fix #15183.

fcfe761

dkocher mentioned this issue May 8, 2024

Connect using SSH certificates iterate-ch/docs#528

Closed

3 tasks

dkocher closed this as completed in #15254 May 15, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Support OpenSSH with certificate user authentication #15183

Support OpenSSH with certificate user authentication #15183

AliveDevil commented Oct 9, 2023

dkocher commented Oct 23, 2023

Support OpenSSH with certificate user authentication #15183

Support OpenSSH with certificate user authentication #15183

Comments

AliveDevil commented Oct 9, 2023

dkocher commented Oct 23, 2023