Correct comparison of ssh.PublicKey

I am writing an SSH server using and I wish to compare an ssh.PublicKey provided at login to a list of ssh.PublicKeys parsed from an authorized keys file. My current strategy is

bytes.Equal(a.Marshal(), b.Marshal())

I am only interested in the case where the keys are actual public keys, not certificates. Is this the best approach?

This should work for you I would just make sure the keys have gone through ParsePublicKey() and ParseAuthorizedKey(). I don’t know if it is included in the output but the associated email address on a public key isn’t relevant to the validity of the key so a public key could be valid but have different email addresses connected to it. You might also potentially run into an issue of the “ssh-rsa” string at the beginning being in alternate cases, which shouldn’t affect the validity either.

ssh-rsa AAA…Vta3
is equal to
SSH-rsa AAA…Vta3

In the SSH example tests they place the auth keys into a hash map and for the callback function check if the attempting key is in the authorized_key map. This is more performant [O(1)] than running O(N) [N = number of authorized keys].

See line 53

1 Like

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.