I am writing an SSH server using golang.org/x/crypto/ssh and I wish to compare an ssh.PublicKey provided at login to a list of ssh.PublicKeys parsed from an authorized keys file. My current strategy is
bytes.Equal(a.Marshal(), b.Marshal())
I am only interested in the case where the keys are actual public keys, not certificates. Is this the best approach?
This should work for you I would just make sure the keys have gone through ParsePublicKey() and ParseAuthorizedKey(). I don’t know if it is included in the output but the associated email address on a public key isn’t relevant to the validity of the key so a public key could be valid but have different email addresses connected to it. You might also potentially run into an issue of the “ssh-rsa” string at the beginning being in alternate cases, which shouldn’t affect the validity either.
In the SSH example tests they place the auth keys into a hash map and for the callback function check if the attempting key is in the authorized_key map. This is more performant [O(1)] than running O(N) [N = number of authorized keys].