summaryrefslogtreecommitdiff
path: root/posts/ssl-and-ssh.mdwn
blob: 5f50d638f8ddf1e7e2597774416d4319133b113a (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
[[!meta title="SSL and SSH public key frobbery…"]]
[[!meta author="Daniel Silverstone"]]
[[!meta date="2012-09-01 11:44:12 +0100"]]
[[!tag converted-badly-from-textile tech]]

As some of you know, I am working on a server-side git management system
called [Gitano](http://www.gitano.org.uk/) which currently only allows
incoming authenticated connections via SSH. It then uses the presented
SSH public key to identify the incoming user and grant permissions
appropriately. A very good friend of mine has asked if I might be
persuaded to support HTTPS access to Gitano. To do this, I need a way to
identify incoming users. I was hoping to be able to use their SSH public
keys to that end.

I know it’s possible to get an appropriately formatted (i.e. then
openssl tool can read it) RSA public key out of an SSH public key
(assuming it’s an RSA one) by the simple expedient of
`ssh-keygen -e -m PKCS8 -f somekey.pub > somekey.pub.rsa` however I
am now stuck as to how to allow the user to use that public key to
engage in establishing an SSL connection (for HTTPS).

If any of you have any ideas how I can get further than I have without
relying on the users’ private key except for when they try and initiate
the SSL connection then I would be very appreciative of emails. (Note,
no way to comment on this blog)