#10 support ecdsa and ed25519 keys

[roguelazer]

OpenSSH 5.7 added support for ECDSA keys; OpenSSH 6.5 added support for Ed25519 keys. EC keys in general are quite convenient on constrained devices like mobile. The key-handling code in pam-ssh-agent-auth seems to predate them by a few years. What would it take to get support? It looks like key.c and key.h were pretty much copied wholesale from OpenSSH 5.1; is it just a matter of copying in key.c and key.h from a more modern release and renaming calls to fatal() to pamsshagentauth_fatal() instead?

[Jakub Jelen]

Check pam_ssh_avent_auth package in Fedora/RHEL/CentOS. We rebase to current openssh libraries (and build against them). It is sometimes painful if there are extensive refactorization, but these keys are supported natively.

[roguelazer]

@Jakub: I just built from the F23 sources, and it does indeed look a lot better. It'd still be great to upstream that work, though...

[jbeverly]

@Jakub Any objections if I "borrow" that work. I have been porting to 7.2 myself to add certificate and the new curves. Had no idea fedora had done some of that work already. I plan on migrating source to github also, if that helps with future contributions.

[Jakub Jelen]

As far as I know, what we do for Fedora is opensource and contribution to upstream projects is encouradged. So feel free to pick up what we have in dist-git. Or let me know if there is something unclear or anything I can do for you in this way.

We build the pam_ssh_agent_auth this way for years, but I did rebase to the current version of pam_ssh_agent_auth just recently, which was basically only removing most of your prefixes and cheching that I don't miss any symbols and functionality against your sources.

Moving to github would be great news since I really struggled with the SVN repository last time I had to dig up something from there.

[sergio]

Should be closed as ecdsa and ed25519 keys are supported, right?

[Jakub Jelen]

Yes