Feature Request: support certificate authentication. #551
Comments
|
AFAIK it should already work as such private keys are designed to be supported. Does it not work when you just supply the |
|
It does not work. In OpenSSH I have to have both the When I try to only use the private key with SSH2 it returns an error at client-authentication with this error message: |
|
Ok and just to clarify what |
|
Was looking for this, too. Here's a pretty good description of what they are and the |
|
Any update on this one? Instead of generating a new public key in client.js, I tried sending the 'id_rsa-cert.pub'. From what I could understand, this seems to be passing the authentication ( |
|
I couldn't figure out how to make this work either... I tried passing in the private key as the |
|
The CA signed key type is not supported it looks like? Tried adding |
|
As of Version 6.2.0, @baelter's statement rings true, and force-swapping the |
|
see #808 |
Above PR doesn't really solve connecting to SSH2 hosts that can only authenticate through Example debug output when using above PR branch: |
My PR is for certificates for client authentication. It's not for server / machine authentication like your log appears to require. |
|
Would love to use this feature too. |
|
What needs to be done here to take this across the finish line? Seems it has been kicked down the road for 5-ish years. |
|
any proposals in this case? at least an implementation approach? thanks |
|
Any news or at least implementation plans in this issue after a next year? :-) |
|
bruh this is a 7-year-old issue, any work around for it? |
const sshArgs = [
"-o",
"StrictHostKeyChecking=no",
"-o",
"UserKnownHostsFile=/dev/null",
"-o",
"PreferredAuthentications=publickey,password", // 指定认证方式顺序
"-t", // 强制分配伪终端
];
// 添加端口参数
if (port && port !== 22) {
sshArgs.push("-p", port.toString());
}
let useSshpass = false;
let connected = false;
const command = "ssh";
const finalArgs = [...sshArgs];
// 如果有私钥,使用公钥认证
finalArgs.push(
"-i",
"~/.ssh/xxx_priv",
"-o",
"CertificateFile=~/.ssh/xxx.pub",
"-o",
"IdentitiesOnly=yes"
);
// 添加目标地址
finalArgs.push(`${username}@${ip}`);
// console.log(`Starting SSH connection with: ${command} ${finalArgs.join(' ')}`);
// 使用node-pty创建SSH连接
const shell = pty.spawn(command, finalArgs, {
name: SSH_CONFIG.TERM,
cols: cols || 80,
rows: rows || 24,
cwd: process.env.HOME,
env: process.env,
});
// 处理终端输出
// @ts-ignore
shell.on("data", (data) => {
// 标准化换行符并确保输出正确
const normalizedData = data.replace(/\r?\n/g, "\r\n");
// ssh 登录失败后,使用 password 登录
if (!useSshpass && normalizedData.includes("password:")) {
shell.write(`${password}\n`);
useSshpass = true;
}
// 登录成功后,设置一下环境变量
if (!connected && normalizedData.includes("Last login:")) {
streamer.emit(`connected-${id}`);
connected = true;
}
});
// 处理错误和退出
// @ts-ignore
shell.on("exit", (code, signal) => {
if (code !== 0) {
const message = `\r\nSSH session closed with code ${code}${
signal ? ` (signal: ${signal})` : ""
}\r\n`;
}
});最后我是通过用 |
In OpenSSH one can use a CA-signed key and certificate pair to sign-in to an SSH server with CA authentication turned on. The server sets a public certificate as the "trusted ca" and the client then uses a private key signed by that certificate to connect to the server.
The private key is just like an id_rsa file
You also need the signing public certificate file.
In OpenSSH this is passed using a convention:
Example:
id_rsa<- the name of the signed private key.id_rsa-cert.pub<- the public certificate used to sign the private key.you would then connect to your server with this command:
ssh -i id_rsa [email protected]I would like to see SSH2 support this authentication mechanism.
My suggestion for interface would be to add a "certKey" option to the connection options where we can include the certificate.
The text was updated successfully, but these errors were encountered: