Implement SSH Phase 9: Publickey authentication

- Add handle_publickey_auth() with authorized_keys verification - Support SSH_MSG_USERAUTH_PK_OK response (query phase) - Add base64 decoding for SSH public keys - Publickey auth now working: ssh, sftp, scp all support - Eliminates password requirement with authorized_keys setup
2026-06-15 13:54:57 +08:00
parent b66f727622
commit 012920e590
3 changed files with 130 additions and 4 deletions
--- a/markbase-core/src/ssh_server/server.rs
+++ b/markbase-core/src/ssh_server/server.rs
@@ -270,6 +270,31 @@ AuthResult::Failure(message) => {
                warn!("Partial success auth not implemented");
                continue;
            }
+            AuthResult::PublicKeyOk(algorithm, public_key_blob) => {
+                // SSH_MSG_USERAUTH_PK_OK：public key acceptable
+                info!("Public key acceptable, sending USERAUTH_PK_OK");
+                
+                let mut pk_ok_payload = Vec::new();
+                pk_ok_payload.write_u8(PacketType::SSH_MSG_USERAUTH_PK_OK as u8)?;
+                
+                // algorithm (SSH string)
+                pk_ok_payload.write_u32::<BigEndian>(algorithm.len() as u32)?;
+                pk_ok_payload.write_all(algorithm.as_bytes())?;
+                
+                // public key blob (SSH string)
+                pk_ok_payload.write_u32::<BigEndian>(public_key_blob.len() as u32)?;
+                pk_ok_payload.write_all(&public_key_blob)?;
+                
+                let encrypted_pk_ok = EncryptedPacket::new(
+                    &pk_ok_payload,
+                    encryption_ctx,
+                    true,
+                )?;
+                encrypted_pk_ok.write(stream)?;
+                info!("Sent SSH_MSG_USERAUTH_PK_OK");
+                
+                continue;  // Wait for signed request
+            }
        }
    }
 }