SshServerCore key based authentication example

0
I would like an example of how to verify the key signature for key based authentication inside of the SshServerCore.Authentication event. SecureShellPublicKey.VerifySignature(byte[] hash, byte[] signature, ComponentPro.Security.Certificates.SignatureHashAlgorithm algorithm) It is unclear to me where the hash, signature and algorithm values should come from, given the "Key" data provided for the event. Once I can get key based authentication working and tested, I will be ready to purchase a license.
 
asked 12/4/2020 4:44:29 PM
add a comment

2 Answers

0
Martin, thank you for responding. The problem I am having is I do not see any way to get the signature, hash and algo to pass into the VerifySignature function. The AuthenticationEventArgs passed to the authentication handler does not appear to pass those values. Can you provide a snippet? private async void AuthenticateSftpUser( AuthenticationEventArgs e, SftpSshServer server) { var serverUser = e.Users.FirstOrDefault(u => string.Equals(u.Name, e.UserName, StringComparison.Ordinal)); bool ok = false; if (serverUser != null) { var t = e.GetType(); if (e.Key != null) { var pubServer = new SecureShellPublicKey("C:\\Users\\myuser\\keys\\id.pub"); var pubClient = e.Key.GetPublicKey(); byte[] hash = {}; // ??? byte[] sig = {}; // ??? var algo = ComponentPro.Security.Certificates.SignatureHashAlgorithm.SHA1; // ??? hard coded? ok = pubServer.VerifySignature(hash, sig, algo); Console.WriteLine($" key {e.Key.Fingerprint.ToString()} {(ok ? "matched" : "did not match")}."); } } if (ok) { e.Accept(serverUser); } else { e.Reject(); } }
 
answered 2/9/2021 7:17:43 PM
add a comment
0
Hi, The secure SecureShellPublicKey contains the public key we trust, hash is the hash value computed from the received certificate, the signature we received. The algorithm (algo) is just the algo we negotiate with the client-side. Then, the magic is that we use the algo to decrypt the signature by using the public key (which is encrypted by the client's private key), which produces a hash value; check that hash which the hash value we compute from certificate. If the two hash matched then VerifySignature returns true, otherwise it returns false
 
answered 2/5/2021 2:58:57 PM
  Bump! Could you take a look at my last response when you get a moment? I really want to get a resolution on this issue. Thanks. y2kiah 3/1/2021 4:37:39 AM
add a comment

Your Answer

Not the answer you're looking for? Browse other questions tagged ultimate sftp or ask your own question.