Support allowed signers #7
Conversation
This just adds the lowest level API to match the golang.org/x/crypto/ssh package. The library itself should offer a nicer API addition to also provide proper verification while utilizing the principals and options from the `allowed_signers` file. Signed-off-by: Hidde Beydals <[email protected]>
hiddeco
force-pushed
the
allowed-signers
branch
from
df17ff4 to
b73c7e3
Compare
|
Is there a reason why this was never merged? |
|
It hasn't been finalized, and I need to find time to do this. What I recall from the top of my head: while this allows parsing of the file, by itself it would be insufficient to support principals in full, which would require additional logic. For example to support wild cards, and some other features which an |
|
I see, I'll take a look at it next week and maybe shoot a PR your way then. |
|
Ok, I implemented it over at my own tool: |
The implementation in this PR should also successfully parse the file, but does not provide them as output. Which I think is the correct thing to do, as we strive to follow the specification as close as possible within this library except if it breaks integration with more loose implementations (which shouldn't be the case for something that is practically metadata). I will try to find some time soon (probably next week) to get this PR landed without the further abstractions, as I think it should be placed somewhere else e.g. |
This just adds the lowest level API to match the golang.org/x/crypto/ssh package.
The library itself should offer a nicer API addition to also provide proper verification while utilizing the principals and options from the allowed_signers file.
To-do