[vlc-commits] [Git][videolan/vlc][3.0.x] 3 commits: access: sftp: add public key auth options
Steve Lhomme (@robUx4)
gitlab at videolan.org
Fri Apr 24 08:13:59 UTC 2026
Steve Lhomme pushed to branch 3.0.x at VideoLAN / VLC
Commits:
a2bf6bcc by Steven Waddy at 2026-04-24T07:50:34+00:00
access: sftp: add public key auth options
Attempt public key authentication using user specified path.
Or, if user specified key file path unset.
Attempt public key authentication by trying common default file paths:
~/.ssh/id_rsa
~/.ssh/id_ed25519
~/.ssh/id_dsa
~/.ssh/id_ecdsa
In both cases fall back to password autentication if key authetication
fails.
(cherry picked from commit 543675fa43a508380bc8696970ac66328eaaeab2)
- - - - -
01184986 by Steven Waddy at 2026-04-24T07:50:34+00:00
access: sftp: add ED25519 hostkey support
(cherry picked from commit 8fc7d1efe4978c517134529e25df5c475eb33b79)
- - - - -
4a41ddfe by Tim Schumacher at 2026-04-24T07:50:34+00:00
access: sftp: store creds on successful pubkey auth
(cherry picked from commit 4a271ea9fe9819f30d1445bf2aa05871432f4773)
- - - - -
1 changed file:
- modules/access/sftp.c
Changes:
=====================================
modules/access/sftp.c
=====================================
@@ -58,6 +58,10 @@ static void Close( vlc_object_t* );
#define PASS_TEXT N_("Password")
#define PASS_LONGTEXT N_("Password that will be used for the connection, " \
"if no username or password are set in URL.")
+#define PRIVATEKEY_TEXT N_("Private key file")
+#define PRIVATEKEY_LONGTEXT N_("Private-key file used for SSH public key authentication. "\
+ "Public-key file is assumed to be in the same directory with '.pub' appended. "\
+ "If unset, standard key paths will be attempted (e.g. '~/.ssh/id_rsa').")
vlc_module_begin ()
set_shortname( "SFTP" )
@@ -68,6 +72,7 @@ vlc_module_begin ()
add_integer( "sftp-port", 22, PORT_TEXT, PORT_LONGTEXT, true )
add_string( "sftp-user", NULL, USER_TEXT, USER_LONGTEXT, false )
add_password( "sftp-pwd", NULL, PASS_TEXT, PASS_LONGTEXT, false )
+ add_loadfile( "sftp-privatekey", NULL, PRIVATEKEY_TEXT, PRIVATEKEY_LONGTEXT, false )
add_shortcut( "sftp" )
set_callbacks( Open, Close )
vlc_module_end ()
@@ -147,30 +152,65 @@ bailout:
static int AuthPublicKey( stream_t *p_access, const char *psz_home, const char *psz_username )
{
access_sys_t* p_sys = p_access->p_sys;
- int i_result = VLC_EGENERIC;
char *psz_keyfile1 = NULL;
char *psz_keyfile2 = NULL;
+ static const char defaultkeys[4][8] = {
+ "rsa", "ed25519", "ecdsa", "dsa"
+ };
+
if( !psz_username || !psz_username[0] )
- return i_result;
+ return VLC_EGENERIC;
- if( asprintf( &psz_keyfile1, "%s/.ssh/id_rsa.pub", psz_home ) == -1 ||
- asprintf( &psz_keyfile2, "%s/.ssh/id_rsa", psz_home ) == -1 )
- goto bailout;
+ psz_keyfile2 = var_InheritString( p_access, "sftp-privatekey" );
- if( libssh2_userauth_publickey_fromfile( p_sys->ssh_session, psz_username, psz_keyfile1, psz_keyfile2, NULL ) )
+ /* Attempt public key authentication using user specified key, if specified. */
+ if ( psz_keyfile2 )
{
- msg_Dbg( p_access, "Public key authentication failed" );
- goto bailout;
+ if( asprintf( &psz_keyfile1, "%s.pub", psz_keyfile2 ) == -1 )
+ {
+ free( psz_keyfile2 );
+ return VLC_EGENERIC;
+ }
+
+ msg_Dbg( p_access, "Trying paths %s (public) and %s (private) as a possible key pair", psz_keyfile1, psz_keyfile2 );
+
+ int res = libssh2_userauth_publickey_fromfile( p_sys->ssh_session, psz_username, psz_keyfile1, psz_keyfile2, NULL );
+ free( psz_keyfile1 );
+ free( psz_keyfile2 );
+ if( !res )
+ {
+ msg_Info( p_access, "Public key authentication succeeded" );
+ return VLC_SUCCESS;
+ }
+ msg_Err( p_access, "Public key authentication failed" );
+ return VLC_EGENERIC;
}
- msg_Info( p_access, "Public key authentication succeeded" );
- i_result = VLC_SUCCESS;
+ /* If no custom path is provided, try all standard key files. */
+ for( size_t i = 0; i < ARRAY_SIZE(defaultkeys); i++)
+ {
+ if( asprintf( &psz_keyfile1, "%s/.ssh/id_%s.pub", psz_home, defaultkeys[i] ) == -1 )
+ return VLC_EGENERIC;
+ if( asprintf( &psz_keyfile2, "%s/.ssh/id_%s", psz_home, defaultkeys[i] ) == -1 )
+ {
+ free( psz_keyfile1 );
+ return VLC_EGENERIC;
+ }
- bailout:
- free( psz_keyfile1 );
- free( psz_keyfile2 );
- return i_result;
+ msg_Dbg( p_access, "Trying paths %s (public) and %s (private) as a possible key pair", psz_keyfile1, psz_keyfile2 );
+
+ int res = libssh2_userauth_publickey_fromfile( p_sys->ssh_session, psz_username, psz_keyfile1, psz_keyfile2, NULL );
+ free( psz_keyfile1 );
+ free( psz_keyfile2 );
+ if( !res )
+ {
+ msg_Info( p_access, "Public key authentication succeeded" );
+ return VLC_SUCCESS;
+ }
+ msg_Dbg( p_access, "Public key authentication failed" );
+ }
+ return VLC_EGENERIC;
}
static void SSHSessionDestroy( stream_t *p_access )
@@ -322,6 +362,10 @@ static int Open( vlc_object_t* p_this )
case LIBSSH2_HOSTKEY_TYPE_ECDSA_521:
knownhost_fingerprint_algo = LIBSSH2_KNOWNHOST_KEY_ECDSA_521;
break;
+
+ case LIBSSH2_HOSTKEY_TYPE_ED25519:
+ knownhost_fingerprint_algo = LIBSSH2_KNOWNHOST_KEY_ED25519;
+ break;
#endif
default:
msg_Err( p_access, "Host uses unrecognized session-key algorithm" );
@@ -397,7 +441,11 @@ static int Open( vlc_object_t* p_this )
b_publickey_tried = true;
if( AuthKeyAgent( p_access, credential.psz_username ) == VLC_SUCCESS
|| AuthPublicKey( p_access, psz_home, credential.psz_username ) == VLC_SUCCESS )
+ {
+ /* Password validity is unknown with the pubkey, but keep the username. */
+ vlc_credential_store( &credential, p_access );
break;
+ }
}
if( strstr( psz_userauthlist, "password" ) != NULL
View it on GitLab: https://code.videolan.org/videolan/vlc/-/compare/632204a0691aa831846fd7fcc1a47f1ff3bd81b0...4a41ddfed30e11ad912e50b44e64ad70c5b4b0b7
--
View it on GitLab: https://code.videolan.org/videolan/vlc/-/compare/632204a0691aa831846fd7fcc1a47f1ff3bd81b0...4a41ddfed30e11ad912e50b44e64ad70c5b4b0b7
You're receiving this email because of your account on code.videolan.org.
More information about the vlc-commits
mailing list