<div dir="ltr"><br><div class="gmail_extra"><br><br><div class="gmail_quote">On 22 April 2013 12:01, Adi Roiban <span dir="ltr"><<a href="mailto:adi@roiban.ro" target="_blank">adi@roiban.ro</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div dir="ltr">Hi,<div><br></div><div>In RFC 4252 <a href="http://www.ietf.org/rfc/rfc4252.txt" target="_blank">http://www.ietf.org/rfc/rfc4252.txt</a> for <span style="white-space:pre-wrap">The Secure Shell (SSH) Authentication Protocol at section </span><span style="white-space:pre-wrap">7. Public Key Authentication Method: "publickey"</span><div>
<br></div><div>There is the following information about SSH public key signature.</div><div><pre style="white-space:pre-wrap;word-wrap:break-word"> The value of 'signature' is a signature by the corresponding private key over the following data, in the following order:
string session identifier
byte SSH_MSG_USERAUTH_REQUEST
string user name
string service name
string "publickey"
boolean TRUE
string public key algorithm name
string public key to be used for authentication
When the server receives this message, it MUST check whether the supplied key is acceptable for authentication, and if so, it MUST check whether the signature is correct.</pre></div><div>The current code check that key is accepted for authentication and it also verifies if signature is correct.</div>
<div><br></div><div>It does not check that session the format of the signed data, especially if session identifier from signed data is the same as the session of the the current SSH transport session.</div><div>
<br></div><div>-----</div><div><br></div><div>I also found this document describing how ssh public key authentication works, but it differes from the current conch.ssh userauth.py implementation... maybe it is for SSH v1 <a href="http://www.unixwiz.net/techtips/ssh-agent-forwarding.html#chal" target="_blank">http://www.unixwiz.net/techtips/ssh-agent-forwarding.html#chal</a></div>
<div><br></div><div>------</div><div><br></div><div>Shouldn't twisted.conch.checkers.SSHPublicKeyDatabase also check that session id from signed data match the one from transport session?<br></div>
<div><br></div><div>Maybe it does but I am not looking at the right place.</div><div><br></div><div>I see that in conch/checkers.py line 167 <a href="https://github.com/tomprince/twisted/blob/trunk/twisted/conch/checkers.py#L167" target="_blank">https://github.com/tomprince/twisted/blob/trunk/twisted/conch/checkers.py#L167</a></div>
<div>there is this check, which once signature is valid it just returns avatar_id:</div><div><br></div><div><div> if pubKey.verify(credentials.signature, credentials.sigData):</div><div> return credentials.username</div>
</div></div></div></blockquote><div><br></div><div style>I found out that I was wrong and I found how the signed data is generated. Here is the imprtant part:</div><div style><a href="https://github.com/tomprince/twisted/blob/trunk/twisted/conch/ssh/userauth.py#L268">https://github.com/tomprince/twisted/blob/trunk/twisted/conch/ssh/userauth.py#L268</a> </div>
</div><div class="gmail_extra"><br></div><div class="gmail_extra"><br></div>Sorry for the trouble!<br>-- <br>Adi Roiban
</div></div>