Certs (#31)

* Added certificate key types and certificate authentication functions * Added cert signing to embedded openssh server, CA host and user keys and certificate authentication tests * Added exec example
ParallelSSH · Oct 21, 2020 · 69d4a51 · 69d4a51
1 parent eaa6587
commit 69d4a51
Show file tree

Hide file tree

Showing 21 changed files with 4,801 additions and 6,434 deletions.
diff --git a/.gitignore b/.gitignore
@@ -9,3 +9,4 @@ local
 libssh/compile_commands.json
 wheelhouse
 .idea
+tests/unit_test_cert_key-cert.pub
diff --git a/examples/exec.py b/examples/exec.py
@@ -0,0 +1,33 @@
+import os
+import pwd
+import socket
+
+from ssh.session import Session
+from ssh import options
+
+# Linux only
+USERNAME = pwd.getpwuid(os.geteuid()).pw_name
+HOST = 'localhost'
+PORT = 22
+
+sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+sock.connect((HOST, PORT))
+
+s = Session()
+s.options_set(options.HOST, HOST)
+s.options_set(options.USER, USERNAME)
+s.options_set_port(PORT)
+s.set_socket(sock)
+s.connect()
+
+# Authenticate with agent
+s.userauth_agent(USERNAME)
+
+chan = s.channel_new()
+chan.open_session()
+chan.request_exec('echo me')
+size, data = chan.read()
+while size > 0:
+    print(data.strip())
+    size, data = chan.read()
+chan.close()
diff --git a/ssh/c_ssh.pxd b/ssh/c_ssh.pxd
@@ -175,7 +175,14 @@ cdef extern from "libssh/libssh.h" nogil:
         SSH_KEYTYPE_ECDSA,
         SSH_KEYTYPE_ED25519,
         SSH_KEYTYPE_DSS_CERT01,
-        SSH_KEYTYPE_RSA_CERT01
+        SSH_KEYTYPE_RSA_CERT01,
+        SSH_KEYTYPE_ECDSA_P256,
+        SSH_KEYTYPE_ECDSA_P384,
+        SSH_KEYTYPE_ECDSA_P521,
+        SSH_KEYTYPE_ECDSA_P256_CERT01,
+        SSH_KEYTYPE_ECDSA_P384_CERT01,
+        SSH_KEYTYPE_ECDSA_P521_CERT01,
+        SSH_KEYTYPE_ED25519_CERT01
     enum ssh_keycmp_e:
         SSH_KEY_CMP_PUBLIC,
         SSH_KEY_CMP_PRIVATE
@@ -452,6 +459,12 @@ cdef extern from "libssh/libssh.h" nogil:
 
     const char *ssh_pki_key_ecdsa_name(const ssh_key key)
 
+    char *ssh_get_fingerprint_hash(ssh_publickey_hash_type type,
+                                   unsigned char *hash,
+                                   size_t len)
+    void ssh_print_hash(ssh_publickey_hash_type type,
+                        unsigned char *hash,
+                        size_t len)
     void ssh_print_hexa(
         const char *descr, const unsigned char *what, size_t len)
     int ssh_send_ignore(ssh_session session, const char *data)