glm-5.1
5c820a41e9
Add 10 new tasks under tasks/architecture/ for Phase 0a (ADR writing): - 9 ADR tasks (026-034) with dependency-ordered structure - 1 review checkpoint task before Phase 0b spec writing ADR dependency graph (3 generations): Gen 1 (parallel): 026, 029, 030, 031, 032, 034 Gen 2 (depends on 029): 027, 028 Gen 3 (depends on 027+028): 033 Gen 4: review checkpoint Also mark all 34 prior implementation tasks as completed — they were finished but still showing as pending in the taskgraph.
1.5 KiB
1.5 KiB
id, name, status, depends_on, scope, risk, impact, level
| id | name | status | depends_on | scope | risk | impact | level | ||
|---|---|---|---|---|---|---|---|---|---|
| auth/client-auth-handler | Implement client-side SSH authentication with Ed25519 key pairs | completed |
|
narrow | low | component | implementation |
Description
Implement the client-side SSH authentication. The client presents an Ed25519 private key during SSH handshake. This creates the russh::client::Handler implementation and the russh::client::ConnectStreamConfig that uses the loaded key.
No password auth. The client handler is simpler than the server — it just needs to provide the private key and handle the auth callback from russh.
Acceptance Criteria
crates/alknet-core/src/auth/client_auth.rsexportsClientAuthConfigand client handlerClientAuthConfigholds:private_key: KeyPair, optionalpublic_key: PublicKeyClientAuthConfig::from_key_source(source: KeySource) -> Result<Self>— loads key via key-loading module- Implements
russh::client::Handlerwithauth_publickey()returning the public key - Client handler returns
russh::client::AuthResult::Acceptor appropriate auth state - Unit tests: valid key creates handler, auth flow succeeds with mock SSH session
References
- docs/architecture/client.md — "Authentication is Ed25519 public key or OpenSSH certificate (ADR-012)"
- docs/architecture/decisions/012-auth-ed25519-and-cert-authority.md — key-based auth only
Notes
To be filled by implementation agent
Summary
To be filled on completion