.TH ssh_client_key_api 3erl "ssh 4.15.3.1" "Ericsson AB" "Erlang Module Definition"
.SH NAME
ssh_client_key_api \- 
     -behaviour(ssh_client_key_api).
  
.SH DESCRIPTION
.LP
Behavior describing the API for public key handling of an SSH client\&. By implementing the callbacks defined in this behavior, the public key handling of an SSH client can be customized\&. By default the \fIssh\fR\& application implements this behavior with help of the standard OpenSSH files, see the  ssh(7) application manual\&.
.SH DATA TYPES
.nf

\fBclient_key_cb_options(T)\fR\& = 
.br
    [{key_cb_private, [T]} | ssh:client_option()]
.br
.fi
.RS
.LP
Options provided to ssh:connect/[3,4]\&.
.LP
The option list given in the \fIkey_cb\fR\& option is available with the key \fIkey_cb_private\fR\&\&.
.RE

.SH EXPORTS
.LP
.B
Module:add_host_key(HostNames, PublicHostKey, ConnectOptions) -> ok | {error, Reason}
.br
.RS
.LP
Types:

.RS 3
HostNames = string()
.br
.RS 2
Description of the host that owns the \fIPublicHostKey\fR\&\&.
.RE
PublicHostKey = public_key:public_key()
.br
.RS 2
Of ECDSA keys, only the Normally an RSA, DSA or ECDSA public key, but handling of other public keys can be added\&.
.RE
ConnectOptions = client_key_cb_options()
.br
.RE
.RE
.RS
.LP
This function is retired in favour for \fIModule:add_host_key/4\fR\& which is the preferred API function\&. The calling SSH application will still try the \fIadd_host_key/3\fR\& if the call to \fIadd_host_key/4\fR\& failed\&.
.LP
Adds a host key to the set of trusted host keys\&.
.RE

.LP
.B
Module:add_host_key(Host, Port, PublicHostKey, ConnectOptions) -> ok | {error, Reason}
.br
.RS
.LP
Types:

.RS 3
Host = inet:ip_address() | inet:hostname() | [ inet:ip_address() | inet:hostname() ]
.br
.RS 2
The host that owns the \fIPublicHostKey\fR\&\&. One or more IP addresses or hostnames\&.
.RE
Port = inet:port_number()
.br
.RS 2
The Port number of the Host\&.
.RE
PublicHostKey = public_key:public_key()
.br
.RS 2
Of ECDSA keys, only the Normally an RSA, DSA or ECDSA public key, but handling of other public keys can be added\&.
.RE
ConnectOptions = client_key_cb_options()
.br
.RE
.RE
.RS
.LP
Adds a host key to the set of trusted host keys\&.
.LP
This function is preferred to the old \fIModule:add_host_key/3\fR\& since it also uses the peer host port number and may return an error message\&.
.LP
The OTP/SSH application first calls this function in the callback module, and then the old \fIModule:add_host_key/3\fR\& for compatibility\&.
.RE

.LP
.B
Module:is_host_key(Key, Host, Algorithm, ConnectOptions) -> Result
.br
.RS
.LP
Types:

.RS 3
Key = public_key:public_key()
.br
.RS 2
Normally an RSA, DSA or ECDSA public key, but handling of other public keys can be added\&.
.RE
Host = string()
.br
.RS 2
Description of the host\&.
.RE
Algorithm = ssh:pubkey_alg()
.br
.RS 2
Host key algorithm\&.
.RE
ConnectOptions = client_key_cb_options()
.br
Result = boolean()
.br
.RE
.RE
.RS
.LP
This function is retired in favour for \fIModule:is_host_key/5\fR\& which is the preferred API function\&. The calling SSH application will still try the \fIis_host_key/4\fR\& if the call to \fIis_host_key/5\fR\& failed\&.
.LP
Checks if a host key is trusted\&.
.RE

.LP
.B
Module:is_host_key(Key, Host, Port, Algorithm, ConnectOptions) -> Result
.br
.RS
.LP
Types:

.RS 3
Key = public_key:public_key()
.br
.RS 2
Normally an RSA, DSA or ECDSA public key, but handling of other public keys can be added\&.
.RE
Host = inet:ip_address() | inet:hostname() | [ inet:ip_address() | inet:hostname() ]
.br
.RS 2
Description of the host with one or more IP addresses or hostnames\&.
.RE
Port = inet:port_number()
.br
.RS 2
The Port number of the host\&.
.RE
Algorithm = ssh:pubkey_alg()
.br
.RS 2
Host key algorithm\&.
.RE
ConnectOptions = client_key_cb_options()
.br
Result = boolean() | {error, Error::term()}
.br
.RS 2
The exact error message depends on the actual callback module\&. The Error message makes the connection to fail, and is returned from e\&.g ssh:connect/3\&.
.RE
.RE
.RE
.RS
.LP
Checks if a host key is trusted\&.
.LP
This function is preferred to the old \fIModule:is_host_key/4\fR\& since it also uses the peer host port number and may return an error message\&.
.LP
The OTP/SSH application first calls this function in the callback module, and then the old \fIModule:is_host_key/4\fR\& for compatibility\&.
.RE

.LP
.B
Module:user_key(Algorithm, ConnectOptions) -> Result
.br
.RS
.LP
Types:

.RS 3
Algorithm = ssh:pubkey_alg()
.br
.RS 2
Host key algorithm\&.
.RE
ConnectOptions = client_key_cb_options()
.br
Result = {ok, public_key:private_key()} | {ok, {ssh2_pubkey, PubKeyBlob :: binary()}} | {error, term()}
.br
.RE
.RE
.RS
.LP
Fetches the users \fIpublic key\fR\& matching the \fIAlgorithm\fR\&\&. Some key callback modules may return \fI{ssh2_pubkey, PubKeyBlob :: binary()}\fR\&\&.
.LP

.RS -4
.B
Note:
.RE
The private key contains the public key\&.

.RE