ssh2-streams
ssh2-streams copied to clipboard
mscdex
Add support for SSH certificates
see mscdex/ssh2#808
The biggest issue when debugging this was was that the code unconditionally used the key type as the signature type. For SSH certificates these do not match up. Apart from that the code already handled certificates well.
Would love to have this merged! Using @TimWolla's changes works great in our tests.
Tested it -- works as expected with [email protected] and [email protected] user certificates. Anything I could do to help move this along?
I am trying to use this for SSH Certificate Authority authentication using Hashicorp VAULT SSH CA. I have the appropriate VAULT SSH CA key on the OpenSSH
On the client side I have a private key id_rsa_<user> and valid Vault SSH CA signed certificate id_rsa_<user>-cert.pub that i have attempted to use as the public_key in this ssh2 branch.
Note: This works perfectly from an openssh client in bash
ssh -i id_rsa_<user> <user>@<server>
However I am unable to make work using this branch of SSH2. I am testing with the modified SSH2 example https://github.com/mscdex/ssh2#execute-uptime-on-a-server
I get the error: Error('publicKey does not belong to the private key')
Thank you for your work in this PR
var Client = require('ssh2').Client;
var conn = new Client();
conn.on('ready', function() {
console.log('Client :: ready');
conn.exec('uptime', function(err, stream) {
if (err) throw err;
stream.on('close', function(code, signal) {
console.log('Stream :: close :: code: ' + code + ', signal: ' + signal);
conn.end();
}).on('data', function(data) {
console.log('STDOUT: ' + data);
}).stderr.on('data', function(data) {
console.log('STDERR: ' + data);
});
});
}).connect({
host: '<server>',
port: 22,
username: '<user>',
privateKey: require('fs').readFileSync('<full_path>/id_rsa_<user>'),
publicKey: require('fs').readFileSync('<full_path>/id_rsa_<user>-cert.pub')
});
