Subject: User Certificate Authentication using the libssh2_userauth_publickey_frommemory C++ api

User Certificate Authentication using the libssh2_userauth_publickey_frommemory C++ api

From: Scott Yeager <>
Date: Wed, 23 Jan 2019 10:58:59 -0800

I have a C++ application that uses the
libssh2_userauth_publickey_frommemory api when running commands on
remote servers. I'm using libssh2 1.8.0.

The application has been working fine with normal keys for 6 or so years
now but I now need it to work with user certificates.

Our new key generation logic produces a private key, a pub key and a pub

     -rw------- 1 587204286 587204286  411 Jan 22 14:02 id_ed25519
     -rw-r--r-- 1 587204286 587204286  101 Jan 22 14:02
     -rw-r--r-- 1 587204286 587204286 1891 Jan 23 17:17

They work properly with the normal ssh command.

     [Wed Jan 23 17:26:39] root_at_mon034.bur:~/src/event_ssh-src# ssh -i
.ssh/id_ed25519 root_at_cache101.cha "uptime"
      18:52:21 up 85 days, 13:14,  1 user,  load average: 4.64, 4.33, 4.22

Prior to this I've always passed a NULL and 0 for the public key string
and length.

Trying to get the user certificate to work I've been trying to pass it
('s content) in as the public key. I've also tried it
as the private key and a few other combinations.

But keep getting

[Wed Jan 23 18:51:26] root_at_mon034.bur:~/src/event_ssh-src#
build/src/event_ssh --canary="" --cmd=uptime --servers=cache101.cha
--user=root --key=.ssh/id_ed25519 --pub-key=.ssh/
read priv key from .ssh/id_ed25519
read pub key from .ssh/
called libssh2_userauth_publickey_frommemory, username: root, pub key
len: 1891, priv key len: 411
[1/1] cache101.cha      Authentication by public key failed, rc: -19,
The username/public key combination was invalid.

Has anyone gotten authentication with user certificates to work with
libssh2, if so what needs to be done differently compared to just using
a normal private key?

Scott Yeager

Received on 2019-01-23