I am trying to connect an Objective-Git/libgit2 app over SSH to a remote running mscdex 's Node ssh2 server, using key pairs.
The libgit2 app can connect to sshd
on the server and implement push. It is implementing libgit2's git_cred_ssh_key_new
and then git_remote_connect
.
However, when the app attempts to connect to the ssh2 server, the server accepts the ssh-userauth
service, but at the ssh-connection
service the method type is 'none', rather than 'publickey'.
Alternatively, when I connect to the ssh2 server using git (rather than the app via libgit2), the ssh2 server accepts the ssh-connection
service and implements method type 'publickey'.
So, I'm not sure where the problem lies: in the libgit2 implementation of the 'publickey' method type, or the ssh2 server falling through to method type 'none'.
Any pointers or help is greatly appreciated. Thanks.
ssh2 server (example server):
new ssh2.Server({
hostKeys: [fs.readFileSync('/Users/almccann/Sites/thenewpop/ssh2server/host_rsa')],
debug: function (cfg) {
console.log('debug', cfg);
}
}, function(client) {
console.log('Client connected!');
client.on('authentication', function(ctx) {
// ctx.method === 'none', no ctx.key
if (ctx.method === 'publickey'
&& ctx.key.algo === pubKey.fulltype
&& buffersEqual(ctx.key.data, pubKey.public)) {
if (ctx.signature) {
var verifier = crypto.createVerify(ctx.sigAlgo);
verifier.update(ctx.blob);
if (verifier.verify(pubKey.publicOrig, ctx.signature))
ctx.accept();
else
ctx.reject();
} else {
ctx.accept();
}
} else
ctx.reject();
}).on('ready', function() {
console.log('Client authenticated!');
}).on('end', function() {
console.log('Client disconnected');
});
})
.listen(22, '127.0.0.1', function() {
console.log('Listening on port ' + this.address().port);
});
The none
authentication method is basically what it sounds like, it's just an authentication method that allows clients access to the server without providing any kind of credentials or other information. That is why there is no ctx.key
in that case.
Most servers will relay valid authentication methods back to the client when rejecting an authentication method, but this is not required (although some clients specifically rely on this, which is actually a bad thing). Assuming the ssh client is expecting this list, you can do something like this to signal you only accept publickey
authentication:
client.on('authentication', function(ctx) {
if (ctx.method === 'publickey'
&& ctx.key.algo === pubKey.fulltype
&& buffersEqual(ctx.key.data, pubKey.public)) {
if (ctx.signature) {
var verifier = crypto.createVerify(ctx.sigAlgo);
verifier.update(ctx.blob);
if (verifier.verify(pubKey.publicOrig, ctx.signature))
ctx.accept();
else
ctx.reject();
} else {
ctx.accept();
}
} else
ctx.reject(['publickey']); // <==============
});
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.