While x/crypto/ssh has at present ParseKnownHosts and ParseAuthorizedKey functions, it lacks support for parsing the allowed_signers format as documented in the ssh-keygen(1) manual page.
Proposal is to add a ParseAllowedSigners function, with a likewise signature as ParseKnownHosts:
// ParseAllowedSigners parses an entry in the format of the allowed_signers file.
//
// The allowed_signers format is documented in the ssh-keygen(1) manual page.
// This function will parse a single entry from in. On successful return,
// principals will contain the list of principals that this entry matches,
// options will contain the list of options that this entry matches (i.e.
// "cert-authority", "namespaces=file,git"), and pubKey will contain the
// public key. See the ssh-keygen(1) manual page for the various forms that a
// principal string can take, and further details on the options.
//
// The unparsed remainder of the input will be returned in rest. This function
// can be called repeatedly to parse multiple entries.
//
// If no entries were found in the input then err will be io.EOF. Otherwise, a
// non-nil err value indicates a parse error.
func ParseAllowedSigners(in []byte) (principals []string, options []string, pubKey ssh.PublicKey, rest []byte, err error)
Adding this would compliment the existing API, and would help facilitate working with the SSH signing features the library has to offer. While leaving the implementation of the actual SSH Signature format as an exercise for another time.
While
x/crypto/sshhas at presentParseKnownHostsandParseAuthorizedKeyfunctions, it lacks support for parsing theallowed_signersformat as documented in the ssh-keygen(1) manual page.Proposal is to add a
ParseAllowedSignersfunction, with a likewise signature asParseKnownHosts:Adding this would compliment the existing API, and would help facilitate working with the SSH signing features the library has to offer. While leaving the implementation of the actual SSH Signature format as an exercise for another time.