ssh certificate support

Peter Stuge peter at
Mon Sep 13 19:58:08 CEST 2021

Peter Stuge via libssh2-devel wrote:
> > I was curious about using ssh certificates with libssh2. I dug around a
> > little and it seemed that support for some of the lower level crypto
> > methods are not available. I wasn't sure if I was doing something
> > incorrect.
> What methods do you find missing?

This is still an important question. I don't think any crypto is missing?

> > Has anyone done authentication with ssh based certificates using
> > libssh2?
> Not that I know of. But how is it different from publickey auth?

Reading OpenSSH PROTOCOL.certkeys it becomes clear that certificates
are further key types used with unchanged publickey auth. Sorry.

libssh2 may not support all key types allowed in OpenSSH certificates
but the ones that are supported could be made to work with relatively
little effort. The authentication method is still publickey and works
the same, it's just a matter of loading the certificate and using the
corresponding key type for the publickey auth.


More information about the libssh2-devel mailing list