Add gssapi-with-mic user authentication #188
Conversation
Add support for gssapi-with-mic user authentication. This can be used to connect to an SSH server that support GSSAPI/Kerberos authentication using GSSAPI on nix and SSPI on Windows.
jborean93
force-pushed
the
gssapi-with-mic
branch
4 times, most recently
from
1922bf8 to
534b916
Compare
|
@jborean93 thanks for picking this up! The PR is already looking quite comprehensive! I read through the PR and added some feedback. |
|
@jborean93 thanks a lot for contributing this very useful feature! |
|
Thank you for writing such a great library and a very speedy review, it is very much appreciated! |
|
This is part of 0.4.0 which was just uploaded to nuget.org. |
| // While only Sign is needed we need to set EncryptAndSign for | ||
| // Windows client support. Sign only will pass in SECQOP_WRAP_NO_ENCRYPT | ||
| // to MakeSignature which fails. | ||
| // https://github.com/dotnet/runtime/issues/103461 |
There was a problem hiding this comment.
hi @jborean93, the issue you referenced here is closed. Is there some change we can/should make for .NET9+?
There was a problem hiding this comment.
With the fix we can change it to RequiredProtectionLevel = ProtectionLevel.Sign;. but I don't think it ended up being backported to net9 so the fix is only present in net10. The PR which fixed it dotnet/runtime#105605 was merged after net9 was created and I don't see any reference to a backport.
There was a problem hiding this comment.
Thanks for the input! I assumed it was fixed in .NET 9 based on the issue milestone.
We can add the change under an #if NET10_0_OR_GREATER.
Add support for gssapi-with-mic user authentication. This can be used to connect to an SSH server that support GSSAPI/Kerberos authentication using GSSAPI on nix and SSPI on Windows.
Fixes: #184
Let me know what you think about my approach in the tests. Kerberos is very picky when it comes to hostnames but hacking in localhost seems to been enough for it to run locally. I'm also unsure how to deal with authentication errors so any suggestion as to when it should raise an exception or just ignore and try and next one would be nice to hear.