Man page - libssh2_userauth_publickey_sk(3)
Packages contas this manual
- libssh2_sftp_fsync(3)
- libssh2_channel_process_startup(3)
- libssh2_channel_free(3)
- libssh2_channel_x11_req(3)
- libssh2_channel_window_write_ex(3)
- libssh2_userauth_password(3)
- libssh2_agent_sign(3)
- libssh2_channel_read(3)
- libssh2_channel_request_pty_ex(3)
- libssh2_channel_close(3)
- libssh2_session_flag(3)
- libssh2_channel_handle_extended_data2(3)
- libssh2_trace_sethandler(3)
- libssh2_channel_write_ex(3)
- libssh2_channel_flush(3)
- libssh2_agent_get_identity_path(3)
- libssh2_sftp_close(3)
- libssh2_sftp_fstat(3)
- libssh2_exit(3)
- libssh2_knownhost_del(3)
- libssh2_session_disconnect(3)
- libssh2_channel_forward_cancel(3)
- libssh2_channel_forward_listen(3)
- libssh2_sftp_mkdir_ex(3)
- libssh2_sftp_tell(3)
- libssh2_session_init(3)
- libssh2_channel_open_session(3)
- libssh2_session_startup(3)
- libssh2_agent_free(3)
- libssh2_channel_forward_accept(3)
- libssh2_sftp_posix_rename_ex(3)
- libssh2_userauth_hostbased_fromfile(3)
- libssh2_session_free(3)
- libssh2_agent_userauth(3)
- libssh2_poll(3)
- libssh2_sftp_posix_rename(3)
- libssh2_sftp_stat_ex(3)
- libssh2_publickey_add_ex(3)
- libssh2_knownhost_writeline(3)
- libssh2_poll_channel_read(3)
- libssh2_channel_window_read_ex(3)
- libssh2_channel_wait_closed(3)
- libssh2_channel_request_auth_agent(3)
- libssh2_userauth_hostbased_fromfile_ex(3)
- libssh2_knownhost_writefile(3)
- libssh2_channel_write_stderr(3)
- libssh2_channel_wait_eof(3)
- libssh2_agent_connect(3)
- libssh2_channel_direct_tcpip(3)
- libssh2_session_get_timeout(3)
- libssh2_hostkey_hash(3)
- libssh2_publickey_shutdown(3)
- libssh2_sftp_rewind(3)
- libssh2_channel_get_exit_signal(3)
- libssh2_session_callback_set(3)
- libssh2_sftp_symlink(3)
- libssh2_channel_flush_stderr(3)
- libssh2_keepalive_send(3)
- libssh2_sftp_readlink(3)
- libssh2_channel_request_pty_size_ex(3)
- libssh2_scp_send(3)
- libssh2_sftp_opendir(3)
- libssh2_session_init_ex(3)
- libssh2_channel_setenv_ex(3)
- libssh2_userauth_keyboard_interactive(3)
- libssh2_sftp_rmdir_ex(3)
- libssh2_scp_recv(3)
- libssh2_channel_exec(3)
- libssh2_session_handshake(3)
- libssh2_session_supported_algs(3)
- libssh2_scp_send_ex(3)
- libssh2_userauth_publickey_frommemory(3)
- libssh2_sftp_readdir_ex(3)
- libssh2_userauth_list(3)
- libssh2_userauth_authenticated(3)
- libssh2_sftp_init(3)
- libssh2_sftp_get_channel(3)
- libssh2_sftp_stat(3)
- libssh2_sftp_tell64(3)
- libssh2_channel_receive_window_adjust2(3)
- libssh2_sftp_unlink_ex(3)
- libssh2_session_disconnect_ex(3)
- libssh2_session_get_blocking(3)
- libssh2_sftp_open(3)
- libssh2_sftp_read(3)
- libssh2_sftp_open_ex(3)
- libssh2_channel_forward_listen_ex(3)
- libssh2_channel_subsystem(3)
- libssh2_sftp_statvfs(3)
- libssh2_channel_flush_ex(3)
- libssh2_session_abstract(3)
- libssh2_keepalive_config(3)
- libssh2_channel_x11_req_ex(3)
- libssh2_session_last_errno(3)
- libssh2_version(3)
- libssh2_channel_set_blocking(3)
- libssh2_publickey_remove_ex(3)
- libssh2_channel_request_pty(3)
- libssh2_knownhost_free(3)
- libssh2_userauth_password_ex(3)
- libssh2_session_hostkey(3)
- libssh2_channel_read_ex(3)
- libssh2_init(3)
- libssh2_session_last_error(3)
- libssh2_sftp_fsetstat(3)
- libssh2_session_callback_set2(3)
- libssh2_sftp_last_error(3)
- libssh2_session_set_timeout(3)
- libssh2_channel_ignore_extended_data(3)
- libssh2_publickey_add(3)
- libssh2_channel_direct_streamlocal_ex(3)
- libssh2_sftp_setstat(3)
- libssh2_channel_write(3)
- libssh2_session_set_blocking(3)
- libssh2_sftp_close_handle(3)
- libssh2_sftp_closedir(3)
- libssh2_session_method_pref(3)
- libssh2_knownhost_readfile(3)
- libssh2_userauth_publickey_sk(3)
- libssh2_sftp_realpath(3)
- libssh2_sftp_unlink(3)
- libssh2_channel_shell(3)
- libssh2_channel_eof(3)
- libssh2_sftp_open_r(3)
- libssh2_session_banner_get(3)
- libssh2_session_get_read_timeout(3)
- libssh2_sftp_fstat_ex(3)
- libssh2_channel_window_read(3)
- libssh2_channel_handle_extended_data(3)
- libssh2_agent_init(3)
- libssh2_sftp_seek(3)
- libssh2_sftp_seek64(3)
- libssh2_base64_decode(3)
- libssh2_sftp_rename(3)
- libssh2_session_set_read_timeout(3)
- libssh2_sftp_write(3)
- libssh2_channel_direct_tcpip_ex(3)
- libssh2_channel_request_pty_size(3)
- libssh2_trace(3)
- libssh2_sftp_mkdir(3)
- libssh2_session_block_directions(3)
- libssh2_knownhost_get(3)
- libssh2_knownhost_init(3)
- libssh2_sftp_rename_ex(3)
- libssh2_userauth_publickey_fromfile(3)
- libssh2_channel_signal_ex(3)
- libssh2_userauth_publickey_fromfile_ex(3)
- libssh2_agent_list_identities(3)
- libssh2_banner_set(3)
- libssh2_agent_get_identity(3)
- libssh2_userauth_publickey(3)
- libssh2_channel_read_stderr(3)
- libssh2_knownhost_readline(3)
- libssh2_free(3)
- libssh2_knownhost_addc(3)
- libssh2_sftp_rmdir(3)
- libssh2_channel_send_eof(3)
- libssh2_scp_send64(3)
- libssh2_session_set_last_error(3)
- libssh2_channel_get_exit_status(3)
- libssh2_sftp_lstat(3)
- libssh2_knownhost_check(3)
- libssh2_sftp_shutdown(3)
- libssh2_channel_window_write(3)
- libssh2_sftp_symlink_ex(3)
- libssh2_agent_disconnect(3)
- libssh2_knownhost_checkp(3)
- libssh2_scp_recv2(3)
- libssh2_publickey_list_fetch(3)
- libssh2_channel_receive_window_adjust(3)
- libssh2_sftp_fstatvfs(3)
- libssh2_channel_open_ex(3)
- libssh2_crypto_engine(3)
- libssh2_userauth_banner(3)
- libssh2_sftp_open_ex_r(3)
- libssh2_channel_setenv(3)
- libssh2_sign_sk(3)
- libssh2_userauth_keyboard_interactive_ex(3)
- libssh2_publickey_remove(3)
- libssh2_publickey_list_free(3)
- libssh2_knownhost_add(3)
- libssh2_session_banner_set(3)
- libssh2_session_methods(3)
- libssh2_publickey_init(3)
- libssh2_agent_set_identity_path(3)
- libssh2_sftp_readdir(3)
apt-get install libssh2-1-dev
Manual
| libssh2_userauth_publickey_sk(3) | libssh2 | libssh2_userauth_publickey_sk(3) |
NAME
libssh2_userauth_publickey_sk - authenticate a session with a FIDO2 authenticator
SYNOPSIS
#include <libssh2.h> int libssh2_userauth_publickey_sk(LIBSSH2_SESSION *session,
const char *username,
size_t username_len,
const unsigned char *publickeydata,
size_t publickeydata_len,
const char *privatekeydata,
size_t privatekeydata_len,
const char *passphrase,
LIBSSH2_USERAUTH_SK_SIGN_FUNC((*sign_callback)),
void **abstract);
CALLBACK
#define LIBSSH2_SK_PRESENCE_REQUIRED 0x01
#define LIBSSH2_SK_VERIFICATION_REQUIRED 0x04
typedef struct _LIBSSH2_SK_SIG_INFO {
uint8_t flags;
uint32_t counter;
unsigned char *sig_r;
size_t sig_r_len;
unsigned char *sig_s;
size_t sig_s_len;
} LIBSSH2_SK_SIG_INFO;
int name(LIBSSH2_SESSION *session, LIBSSH2_SK_SIG_INFO *sig_info,
const unsigned char *data, size_t data_len, int algorithm,
uint8_t flags, const char *application,
const unsigned char *key_handle, size_t handle_len,
void **abstract);
DESCRIPTION
session - Session instance as returned by libssh2_session_init_ex(3)
username - Name of user to attempt authentication for.
username_len - Length of username parameter.
publickeydata - Buffer containing the contents of a public key file. If NULL, the public key will be extracted from the privatekeydata. When using certificate authentication, this buffer should contain the public certificate data.
publickeydata_len - Length of public key data.
privatekeydata - Buffer containing the contents of a private key file.
privatekeydata_len - Length of private key data.
passphrase - Passphrase to use when decoding private key file.
sign_callback - Callback to communicate with FIDO2 authenticator.
abstract - User-provided data to pass to callback.
Attempt FIDO2 authentication. using either the sk-ssh-ed25519@openssh.com or sk-ecdsa-sha2-nistp256@openssh.com key exchange algorithms.
This function is only supported when libssh2 is backed by OpenSSL.
CALLBACK DESCRIPTION
session - Session instance as returned by libssh2_session_init_ex(3)
sig_info - Filled in by the callback with the signature and accompanying information from the authenticator.
data - The data to sign.
data_len - The length of the data parameter.
algorithm - The signing algorithm to use. Possible values are LIBSSH2_HOSTKEY_TYPE_ED25519 and LIBSSH2_HOSTKEY_TYPE_ECDSA_256.
flags - A bitmask specifying options for the authenticator. When LIBSSH2_SK_PRESENCE_REQUIRED is set, the authenticator requires a touch. When LIBSSH2_SK_VERIFICATION_REQUIRED is set, the authenticator requires a PIN. Many servers and authenticators do not work properly when LIBSSH2_SK_PRESENCE_REQUIRED is not set.
application - A user-defined string to use as the RP name for the authenticator. Usually "ssh:".
key_handle - The key handle to use for the authenticator's allow list.
handle_len - The length of the key_handle parameter.
abstract - User-defined data. When a PIN is required, use this to pass in the PIN, or a function pointer to retrieve the PIN.
The sign_callback is responsible for communicating with the hardware authenticator to generate a signature. On success, the signature information must be placed in the `sig_info sig_info parameter and the callback must return 0. On failure, it should return a negative number.
The fields of the LIBSSH2_SK_SIG_INFO are as follows.
flags - A bitmask specifying options for the authenticator. This should be read from the authenticator and not merely copied from the flags parameter to the callback.
counter - A value returned from the authenticator.
sig_r - For Ed25519 signatures, this contains the entire signature, as returned directly from the authenticator. For ECDSA signatures, this contains the r component of the signature in a big-endian binary representation. For both algorithms, use LIBSSH2_ALLOC to allocate memory. It will be freed by the caller.
sig_r_len - The length of the sig_r parameter.
sig_s - For ECDSA signatures, this contains the s component of the signature in a big-endian binary representation. Use LIBSSH2_ALLOC to allocate memory. It will be freed by the caller. For Ed25519 signatures, set this to NULL.
sig_s_len - The length of the sig_s parameter.
RETURN VALUE
Return 0 on success or negative on failure. It returns LIBSSH2_ERROR_EAGAIN when it would otherwise block. While LIBSSH2_ERROR_EAGAIN is a negative number, it is not really a failure per se.
ERRORS
Some of the errors this function may return include:
LIBSSH2_ERROR_ALLOC - An internal memory allocation call failed.
LIBSSH2_ERROR_SOCKET_SEND - Unable to send data on socket.
LIBSSH2_ERROR_AUTHENTICATION_FAILED - failed, invalid username/key.
AVAILABILITY
Added in libssh2 1.10.0
SEE ALSO
libssh2_session_init_ex(3)
| 1 Jun 2022 | libssh2 |