aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssh/doc/src/ssh_server_key_api.xml
blob: c6808b95d12be7219b11992b5e8bfcaa3916184a (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE erlref SYSTEM "erlref.dtd">

<erlref>
  <header>
    <copyright>
      <year>2012</year>
      <year>2015</year>
      <holder>Ericsson AB, All Rights Reserved</holder>
    </copyright>
    <legalnotice>
      Licensed under the Apache License, Version 2.0 (the "License");
      you may not use this file except in compliance with the License.
      You may obtain a copy of the License at
 
          http://www.apache.org/licenses/LICENSE-2.0

      Unless required by applicable law or agreed to in writing, software
      distributed under the License is distributed on an "AS IS" BASIS,
      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
      See the License for the specific language governing permissions and
      limitations under the License.

      The Initial Developer of the Original Code is Ericsson AB.
    </legalnotice>
    <title>ssh_server_key_api</title>
    <prepared></prepared>
    <docno></docno>
    <date></date>
    <rev></rev>
  </header>
  <module>ssh_server_key_api</module>
  <modulesummary>
    -behaviour(ssh_server_key_api).
  </modulesummary>
  <description>
    <p>Behaviour describing the API for public key handling of an SSH server. By implementing
    the callbacks defined in this behavior, the public key handling of an SSH server can
    be customized. By default the SSH application implements this behavior
    with help of the standard OpenSSH files,
    see the <seealso marker="SSH_app"> ssh(6)</seealso> application manual.</p>
  </description>

  <section>
    <title>DATA TYPES</title>

    <p>Type definitions that are used more than once in this module,
    or abstractions to indicate the intended use of the data
    type, or both. For more details on public key data types,
    refer to Section 2 Public Key Records in the
    <seealso marker="public_key:public_key_records"> public_key user's guide</seealso>.
    </p>

    <taglist>
      <tag><c>boolean() =</c></tag>
      <item><p><c>true | false</c></p></item>
      <tag><c>string() =</c></tag>
      <item><p><c>[byte()]</c></p></item>
      <tag><c>public_key() =</c></tag>
      <item><p><c>#'RSAPublicKey'{} 
      | {integer(),#'Dss-Parms'{}} 
      | {#'ECPoint'{},{namedCurve,Curve::string()}}</c></p></item>
      <tag><c>private_key() =</c></tag>
      <item><p><c>#'RSAPrivateKey'{} 
      | #'DSAPrivateKey'{} 
      | #'ECPrivateKey'{}</c></p></item>      
      <tag><c>public_key_algorithm() =</c></tag>
      <item><p><c>'ssh-rsa' | 'ssh-dss' 
      | 'rsa-sha2-256' | 'rsa-sha2-384' | 'rsa-sha2-512'
      | 'ecdsa-sha2-nistp256' | 'ecdsa-sha2-nistp384' | 'ecdsa-sha2-nistp521' </c></p></item>
    </taglist>
  </section>
  
  <funcs>
    <func>
      <name>Module:host_key(Algorithm, DaemonOptions) ->
      {ok, Key} | {error, Reason}</name>
      <fsummary>Fetches the host’s private key.</fsummary>
      <type>
	<v>Algorithm = public_key_algorithm()</v>
	<d>Host key algorithm.</d>
	<v>DaemonOptions = proplists:proplist()</v>
	<d>Options provided to <seealso marker="ssh#daemon-2">ssh:daemon/[2,3]</seealso>. The option list given in
	the <c>key_cb</c> option is available with the key <c>key_cb_private</c>.</d>
	<v>Key = private_key() | crypto:engine_key_ref()</v>
	<d>Private key of the host matching the <c>Algorithm</c>.
	It may be a reference to a 'ssh-rsa', rsa-sha2-* or 'ssh-dss' (NOT ecdsa) key stored in a loaded Engine.</d>
	<v>Reason = term()</v>
      </type>
      <desc>
	  <p>Fetches the private key of the host.</p>
      </desc>
    </func>

    <func>
      <name>Module:is_auth_key(Key, User, DaemonOptions) -> Result</name>
      <fsummary>Checks if the user key is authorized.</fsummary>
      <type>
	<v>Key = public_key()</v>
	<d>Normally an RSA, DSA or ECDSA public key, but handling of other public keys can be added</d>
	<v>User = string()</v>
	<d>User owning the public key.</d>
	<v>DaemonOptions = proplists:proplist()</v>
	<d>Options provided to <seealso marker="ssh#daemon-2">ssh:daemon/[2,3]</seealso>. The option list given in
	the <c>key_cb</c> option is available with the key <c>key_cb_private</c>.</d>
	<v>Result = boolean()</v>
      </type>
      <desc>
	 <p>Checks if the user key is authorized.</p>
      </desc>
    </func>

  </funcs>

</erlref>