EldoS | Feel safer!

Software components for data protection, secure storage and transfer

SSH: Public key authentication with multiple user keys

Posted: 11/10/2006 05:23:54
by Babak Maraghechi (Priority Standard support level)
Joined: 07/04/2006
Posts: 7

I want to implement public key authentication with multiple keys similar to other SSH clients, which prompt the user for the passphrase only for the key that has been accepted by the server with SSH_MSG_USERAUTH_PK_OK message, as described in http://www.ietf.org/rfc/rfc4252.txt, page 8.
Can you explain how I can do this with SecureBlackbox? It seems I can only pre-load all keys with LoadPrivateKey into the keystore to be used by ElSSHClient (having to know all passwords), or select a specific key before knowing if it will be accepted by the server.
To make SecurBlackbox work like other SSH clients, I would expect the ability to pre-load ElSSHClient.KeyStorage with the user’s public keys, and have some OnPublicKeyAccept event, giving me the ability to load the private key into the KeyStorage after prompting the user for the pass phrase and continue the authentication.

Babak Maraghechi
comForte GmbH

Posted: 11/10/2006 05:48:01
by Eugene Mayevski (Team)

Unfortunately at the moment there's no way to accomplish what you want and we don't have plans to implement this functionality any time soon.

Sincerely yours
Eugene Mayevski
Posted: 11/10/2006 06:39:38
by Babak Maraghechi (Priority Standard support level)
Joined: 07/04/2006
Posts: 7

Just some weird brain storming if there could be a workaround: Is there any possibility to “subclass” ElSSHkey, overriding the methods/properties accessing private key information to call LoadPrivateKey upon first request? Or could we create wrapper ActiveX component with the same interface as ElSSHkey, delegating to a real ElSSHKey with only public key loaded at first, and calling LoadPrivateKey if the private key is required?
Do you think anything of that would work?
Posted: 11/10/2006 07:11:31
by Eugene Mayevski (Team)

The private key is stored in a field, which is accessed directly. So overriding the methods won't work.

Sincerely yours
Eugene Mayevski



Topic viewed 3062 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!