Using Net::SSH::Perl to sign stuff in SSH agents

Posted on by A.Karl Kornel

Quick note for me: How to use Net::SSH::Perl to have a remote SSH key sign something, and then verify that signature later.

use Net::SSH::Perl::Key
use Net::SSH::Perl::Agent

$a = Net::SSH::Perl::Agent->new(2);
$i = $a->identity_iterator;
$m = "My message here";
while (my ($k,$c) = $i->()) {
    print "Key '$c'\n";
    $s = $a->sign($k,$m);
    next unless defined($s);
    print "Message signed!";
    # The next line is needed, or else the key can't be parsed.
    $k->{datafellows} = \0;
    $z=$k->verify($s,$m);
    print 'Message ', ($z ? '' : 'not '), "verified\n";
}

Maybe use this, with SSH agent forwarding, as a challenge-response method of saying “Hey, end-user, are you still there?”

NOTE: The signature you get back from this method is not something that you can feed into Crypt::RSA unmodified. It includes SSH-specific stuff (like, for example, “ssh-rsa” at the start of the signature).

Leave a Reply

Your email address will not be published. Required fields are marked *