Google Git
Sign in
go / crypto / 573951cbe80bb6352881271bb276f48749eab6f4
commit573951cbe80bb6352881271bb276f48749eab6f4[log] [tgz]
authorJames Myers <jfmyers9@gmail.com>Thu Mar 30 18:09:28 2017 +0900
committerAdam Langley <agl@golang.org>Mon Apr 03 15:29:32 2017 +0000
treedd44fa1a11ecb4aa26c617ae1eaba515643cd5aa
parent88915ccf7aeb91e9324fe7cf3eddd1531ced61ea [diff]
ssh: improve client public key authentication

Previously, the public key authentication for clients would send an
enquiry to the remote for every key specified before attempting to
authenticate with the server.

Now, we immediately try to authenticate once a valid key is found.
This results in exchanging fewer packets if the valid key is near the
top of the list. If all keys fail, then the number of packets exchanged
by the client and server is unaffected.

For OpenSSH daemon, an enquiry into the validity of a key without
authentication is still recorded as an authentication attempt, so any
clients with more than MaxAuthTries public keys would not be able to
authenticate using the previous implementation. This change will allow
clients to succeed authentication if the successful key is at the start
of the list of keys.

Change-Id: I8ea42caf40c0864752218c3f6934e86b12f5b81a
Reviewed-on: https://go-review.googlesource.com/38890
Reviewed-by: Adam Langley <agl@golang.org>
1 file changed
tree: dd44fa1a11ecb4aa26c617ae1eaba515643cd5aa
  1. acme/
  2. bcrypt/
  3. blake2b/
  4. blake2s/
  5. blowfish/
  6. bn256/
  7. cast5/
  8. chacha20poly1305/
  9. cryptobyte/
  10. curve25519/
  11. ed25519/
  12. hkdf/
  13. md4/
  14. nacl/
  15. ocsp/
  16. openpgp/
  17. otr/
  18. pbkdf2/
  19. pkcs12/
  20. poly1305/
  21. ripemd160/
  22. salsa20/
  23. scrypt/
  24. sha3/
  25. ssh/
  26. tea/
  27. twofish/
  28. xtea/
  29. xts/
  30. .gitattributes
  31. .gitignore
  32. AUTHORS
  33. codereview.cfg
  34. CONTRIBUTING.md
  35. CONTRIBUTORS
  36. LICENSE
  37. PATENTS
  38. README