mina-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Shawn Pearce <...@google.com>
Subject Re: SSHD Server and PublickeyAuthenticator
Date Tue, 19 Oct 2010 02:08:31 GMT
On Mon, Oct 18, 2010 at 14:24,  <hyrth@web.de> wrote:
> I have a general Question about the PublickeyAuthenticator - it's an interface and I
haven't found any sample implementation of it.
> I have public keys from a client application that should connect to my server. I can
put them in the .ssh/authenticated_keys file or store them separately. If I am using the Apache
SSHD and SshServer, do I have to check the validity of the incoming client key manually during
the establishment of the connection from client side? Does this actually mean that I have
to implement the PublickeyAuthenticator.authenticate(String username, PublicKey key, ServerSession
session) method and compare the parameter "key" with the locally stored key file?

Yes.

The authenticator is invoked once for each key the client presents
during authentication.  Your implementation needs to see if the
supplied key is on the list of authorized keys for the given username,
if it is you return true, if it is not, you return false.

When your implementation returns true, MINA SSHD will verify that the
client actually has the private half of the key pair.  If it does,
your authenticator will be called a second time with that key.  If you
still return true, the client will be authenticated.

Mime
View raw message