I am writing an SSH server using golang.org/x/crypto/ssh and I wish to compare an ssh.PublicKey provided at login to a list of ssh.PublicKeys parsed from an authorized keys file. My current strategy is
bytes.Equal(a.Marshal(), b.Marshal())
I am only interested in the case where the keys are actual public keys, not certificates. Is this the best approach?
This should work for you I would just make sure the keys have gone through ParsePublicKey() and ParseAuthorizedKey(). I don’t know if it is included in the output but the associated email address on a public key isn’t relevant to the validity of the key so a public key could be valid but have different email addresses connected to it. You might also potentially run into an issue of the “ssh-rsa” string at the beginning being in alternate cases, which shouldn’t affect the validity either.
Ex.
ssh-rsa AAA…Vta3 guy@gmail.com
is equal to
SSH-rsa AAA…Vta3 guy@yahoo.com
In the SSH example tests they place the auth keys into a hash map and for the callback function check if the attempting key is in the authorized_key map. This is more performant [O(1)] than running O(N) [N = number of authorized keys].
See line 53
https://go.googlesource.com/crypto/+/bde08f269ed27dc9a9c105465110825e04ab3d41/ssh/example_test.go
This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.