Add support for OpenSSH certificates#1498
Conversation
Co-authored-by: cedricMicrovision <cedric.legoff@microvision.fr>
| var hostAlgs = new Dictionary<string, Func<byte[], KeyHostAlgorithm>>(); | ||
| hostAlgs.Add("ssh-ed25519-cert-v01@openssh.com", data => { var cert = new Certificate(data); return new CertificateHostAlgorithm("ssh-ed25519-cert-v01@openssh.com", cert, hostAlgs); }); |
There was a problem hiding this comment.
In order to make the host validation example work, the certificate algorithms should be listed first (so that the server knows to send its certificate). Doing this comes with a risk in case there is an unknown bug in the new code. I think the test coverage is good enough, but we could list the new algorithms last to avoid this risk.
# Conflicts: # src/Renci.SshNet/PrivateKeyFile.cs
There was a problem hiding this comment.
Nice work!
It would be great to have unit tests for Certificate and the new (or newly implemented) properties of CertificateHostAlgorithm.
I'm not blocking this PR for this though.
Thanks!
|
Thanks! I added some more tests on the public properties. Those for |
|
Fantastic to see this. Is this available in the main branch? When will it be usable? |
|
We will make a release "soon", in the meantime, you can try it out from the CI feed https://ci.appveyor.com/nuget/ssh-net e.g. version |
Here's how to use it:
When authenticating i.e. when you have a certificate for your key which is signed by a certificate authority that the server trusts:
When validating the host i.e. when expecting the server to present a certificate signed by a trusted certificate authority:
closes #479
closes #963
closes #1196
of existing PRs:
closes #595
closes #682