nedithgar · nedithgar · Aug 2, 2025 · Jul 29, 2025 · Jul 29, 2025 · Jul 30, 2025
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -37,4 +37,4 @@ jobs:
                 SSH_HOST: ssh-server
                 SSH_PORT: 2222
                 SSH_USERNAME: citadel
-                SSH_PASSWORD: hunter2
+                SSH_PASSWORD: hunter2
diff --git a/Package.resolved b/Package.resolved
diff --git a/Package.swift b/Package.swift
@@ -16,8 +16,7 @@ let package = Package(
         ),
     ],
     dependencies: [
-        // .package(path: "/Users/joannisorlandos/git/joannis/swift-nio-ssh"),
-        .package(name: "swift-nio-ssh", url: "https://github.com/Joannis/swift-nio-ssh.git", "0.3.4" ..< "0.4.0"),
+        .package(url: "https://github.com/nedithgar/Joannis-swift-nio-ssh.git", from: "0.3.5"),
         .package(url: "https://github.com/apple/swift-log.git", from: "1.0.0"),
         .package(url: "https://github.com/attaswift/BigInt.git", from: "5.2.0"),
         .package(url: "https://github.com/apple/swift-crypto.git", from: "3.12.3"),
@@ -29,7 +28,7 @@ let package = Package(
             name: "Citadel",
             dependencies: [
                 .target(name: "CCitadelBcrypt"),
-                .product(name: "NIOSSH", package: "swift-nio-ssh"),
+                .product(name: "NIOSSH", package: "Joannis-swift-nio-ssh"),
                 .product(name: "Crypto", package: "swift-crypto"),
                 .product(name: "_CryptoExtras", package: "swift-crypto"),
                 .product(name: "BigInt", package: "BigInt"),
@@ -46,7 +45,7 @@ let package = Package(
             name: "CitadelTests",
             dependencies: [
                 "Citadel",
-                .product(name: "NIOSSH", package: "swift-nio-ssh"),
+                .product(name: "NIOSSH", package: "Joannis-swift-nio-ssh"),
                 .product(name: "BigInt", package: "BigInt"),
                 .product(name: "Logging", package: "swift-log"),
             ]

diff --git a/README.md b/README.md
@@ -21,6 +21,63 @@ let settings = SSHClientSettings(
 let client = try await SSHClient.connect(to: settings)
 ```
 
+### Authentication Methods
+
+Citadel supports multiple authentication methods:
+
+#### Password Authentication
+
+```swift
+let settings = SSHClientSettings(
+    host: "example.com",
+    authenticationMethod: { .passwordBased(username: "user", password: "pass") },
+    hostKeyValidator: .acceptAnything()
+)
+```
+
+#### Public Key Authentication
+
+```swift
+let privateKey = try Curve25519.Signing.PrivateKey(
+    rawRepresentation: privateKeyData
+)
+let settings = SSHClientSettings(
+    host: "example.com", 
+    authenticationMethod: { .ed25519(username: "user", privateKey: privateKey) },
+    hostKeyValidator: .acceptAnything()
+)
+```
+
+#### Certificate Authentication
+
+Citadel supports SSH certificate authentication for enhanced security:
+
+```swift
+// Load private key and certificate
+let privateKey = try Curve25519.Signing.PrivateKey(
+    rawRepresentation: privateKeyData
+)
+let certificate = try Ed25519.CertificatePublicKey(
+    certificateData: certificateData
+)
+
+// Use certificate authentication
+let settings = SSHClientSettings(
+    host: "example.com",
+    authenticationMethod: { 
+        .ed25519Certificate(username: "user", privateKey: privateKey, certificate: certificate)
+    },
+    hostKeyValidator: .acceptAnything()
+)
+```
+
+Supported certificate types:
+- ✅ Ed25519 certificates (full authentication support)
+- ✅ RSA certificates (parsing only, no NIOSSH authentication support) 
+- ✅ ECDSA certificates (P256, P384, P521 - full authentication support)
+
+For more details on certificate authentication, see the [Certificate Authentication Documentation](Documentation/CertificateAuthentication.md).
+
 Using that client, we support a couple types of operations:
 
 ### Executing Commands
@@ -323,7 +380,6 @@ When you implement SFTP in Citadel, you're responsible for taking care of logist
 ## Helpers
 
 The most important helper most people need is OpenSSH key parsing. We support extensions on PrivateKey types such as our own `Insecure.RSA.PrivateKey`, as well as existing SwiftCrypto types like `Curve25519.Signing.PrivateKey`:
-
 ```swift
 // Parse an OpenSSH RSA private key. This is the same format as the one used by OpenSSH
 let sshFile = try String(contentsOf: ..)