1 /* $OpenBSD: sshconnect1.c,v 1.77 2015/01/14 20:05:27 djm Exp $ */ 2 /* 3 * Author: Tatu Ylonen <ylo (at) cs.hut.fi> 4 * Copyright (c) 1995 Tatu Ylonen <ylo (at) cs.hut.fi>, Espoo, Finland 5 * All rights reserved 6 * Code to connect to a remote host, and to perform the client side of the 7 * login (authentication) dialog. 8 * 9 * As far as I am concerned, the code I have written for this software 10 * can be used freely for any purpose. Any derived versions of this 11 * software must be clearly marked as such, and if the derived work is 12 * incompatible with the protocol description in the RFC file, it must be 13 * called by a name other than "ssh" or "Secure Shell". 14 */ 15 16 #include "includes.h" 17 18 #ifdef WITH_SSH1 19 20 #include <sys/types.h> 21 #include <sys/socket.h> 22 23 #include <openssl/bn.h> 24 25 #include <errno.h> 26 #include <stdarg.h> 27 #include <stdio.h> 28 #include <stdlib.h> 29 #include <string.h> 30 #include <signal.h> 31 #include <pwd.h> 32 33 #include "xmalloc.h" 34 #include "ssh.h" 35 #include "ssh1.h" 36 #include "rsa.h" 37 #include "buffer.h" 38 #include "packet.h" 39 #include "key.h" 40 #include "cipher.h" 41 #include "kex.h" 42 #include "uidswap.h" 43 #include "log.h" 44 #include "misc.h" 45 #include "readconf.h" 46 #include "authfd.h" 47 #include "sshconnect.h" 48 #include "authfile.h" 49 #include "canohost.h" 50 #include "hostfile.h" 51 #include "auth.h" 52 #include "digest.h" 53 #include "ssherr.h" 54 55 /* Session id for the current session. */ 56 u_char session_id[16]; 57 u_int supported_authentications = 0; 58 59 extern Options options; 60 extern char *__progname; 61 62 /* 63 * Checks if the user has an authentication agent, and if so, tries to 64 * authenticate using the agent. 65 */ 66 static int 67 try_agent_authentication(void) 68 { 69 int r, type, agent_fd, ret = 0; 70 u_char response[16]; 71 size_t i; 72 BIGNUM *challenge; 73 struct ssh_identitylist *idlist = NULL; 74 75 /* Get connection to the agent. */ 76 if ((r = ssh_get_authentication_socket(&agent_fd)) != 0) { 77 if (r != SSH_ERR_AGENT_NOT_PRESENT) 78 debug("%s: ssh_get_authentication_socket: %s", 79 __func__, ssh_err(r)); 80 return 0; 81 } 82 83 if ((challenge = BN_new()) == NULL) 84 fatal("try_agent_authentication: BN_new failed"); 85 86 /* Loop through identities served by the agent. */ 87 if ((r = ssh_fetch_identitylist(agent_fd, 1, &idlist)) != 0) { 88 if (r != SSH_ERR_AGENT_NO_IDENTITIES) 89 debug("%s: ssh_fetch_identitylist: %s", 90 __func__, ssh_err(r)); 91 goto out; 92 } 93 for (i = 0; i < idlist->nkeys; i++) { 94 /* Try this identity. */ 95 debug("Trying RSA authentication via agent with '%.100s'", 96 idlist->comments[i]); 97 98 /* Tell the server that we are willing to authenticate using this key. */ 99 packet_start(SSH_CMSG_AUTH_RSA); 100 packet_put_bignum(idlist->keys[i]->rsa->n); 101 packet_send(); 102 packet_write_wait(); 103 104 /* Wait for server's response. */ 105 type = packet_read(); 106 107 /* The server sends failure if it doesn't like our key or 108 does not support RSA authentication. */ 109 if (type == SSH_SMSG_FAILURE) { 110 debug("Server refused our key."); 111 continue; 112 } 113 /* Otherwise it should have sent a challenge. */ 114 if (type != SSH_SMSG_AUTH_RSA_CHALLENGE) 115 packet_disconnect("Protocol error during RSA authentication: %d", 116 type); 117 118 packet_get_bignum(challenge); 119 packet_check_eom(); 120 121 debug("Received RSA challenge from server."); 122 123 /* Ask the agent to decrypt the challenge. */ 124 if ((r = ssh_decrypt_challenge(agent_fd, idlist->keys[i], 125 challenge, session_id, response)) != 0) { 126 /* 127 * The agent failed to authenticate this identifier 128 * although it advertised it supports this. Just 129 * return a wrong value. 130 */ 131 logit("Authentication agent failed to decrypt " 132 "challenge: %s", ssh_err(r)); 133 explicit_bzero(response, sizeof(response)); 134 } 135 debug("Sending response to RSA challenge."); 136 137 /* Send the decrypted challenge back to the server. */ 138 packet_start(SSH_CMSG_AUTH_RSA_RESPONSE); 139 for (i = 0; i < 16; i++) 140 packet_put_char(response[i]); 141 packet_send(); 142 packet_write_wait(); 143 144 /* Wait for response from the server. */ 145 type = packet_read(); 146 147 /* 148 * The server returns success if it accepted the 149 * authentication. 150 */ 151 if (type == SSH_SMSG_SUCCESS) { 152 debug("RSA authentication accepted by server."); 153 ret = 1; 154 break; 155 } else if (type != SSH_SMSG_FAILURE) 156 packet_disconnect("Protocol error waiting RSA auth " 157 "response: %d", type); 158 } 159 if (ret != 1) 160 debug("RSA authentication using agent refused."); 161 out: 162 ssh_free_identitylist(idlist); 163 ssh_close_authentication_socket(agent_fd); 164 BN_clear_free(challenge); 165 return ret; 166 } 167 168 /* 169 * Computes the proper response to a RSA challenge, and sends the response to 170 * the server. 171 */ 172 static void 173 respond_to_rsa_challenge(BIGNUM * challenge, RSA * prv) 174 { 175 u_char buf[32], response[16]; 176 struct ssh_digest_ctx *md; 177 int i, len; 178 179 /* Decrypt the challenge using the private key. */ 180 /* XXX think about Bleichenbacher, too */ 181 if (rsa_private_decrypt(challenge, challenge, prv) != 0) 182 packet_disconnect( 183 "respond_to_rsa_challenge: rsa_private_decrypt failed"); 184 185 /* Compute the response. */ 186 /* The response is MD5 of decrypted challenge plus session id. */ 187 len = BN_num_bytes(challenge); 188 if (len <= 0 || (u_int)len > sizeof(buf)) 189 packet_disconnect( 190 "respond_to_rsa_challenge: bad challenge length %d", len); 191 192 memset(buf, 0, sizeof(buf)); 193 BN_bn2bin(challenge, buf + sizeof(buf) - len); 194 if ((md = ssh_digest_start(SSH_DIGEST_MD5)) == NULL || 195 ssh_digest_update(md, buf, 32) < 0 || 196 ssh_digest_update(md, session_id, 16) < 0 || 197 ssh_digest_final(md, response, sizeof(response)) < 0) 198 fatal("%s: md5 failed", __func__); 199 ssh_digest_free(md); 200 201 debug("Sending response to host key RSA challenge."); 202 203 /* Send the response back to the server. */ 204 packet_start(SSH_CMSG_AUTH_RSA_RESPONSE); 205 for (i = 0; i < 16; i++) 206 packet_put_char(response[i]); 207 packet_send(); 208 packet_write_wait(); 209 210 explicit_bzero(buf, sizeof(buf)); 211 explicit_bzero(response, sizeof(response)); 212 explicit_bzero(&md, sizeof(md)); 213 } 214 215 /* 216 * Checks if the user has authentication file, and if so, tries to authenticate 217 * the user using it. 218 */ 219 static int 220 try_rsa_authentication(int idx) 221 { 222 BIGNUM *challenge; 223 Key *public, *private; 224 char buf[300], *passphrase, *comment, *authfile; 225 int i, perm_ok = 1, type, quit; 226 227 public = options.identity_keys[idx]; 228 authfile = options.identity_files[idx]; 229 comment = xstrdup(authfile); 230 231 debug("Trying RSA authentication with key '%.100s'", comment); 232 233 /* Tell the server that we are willing to authenticate using this key. */ 234 packet_start(SSH_CMSG_AUTH_RSA); 235 packet_put_bignum(public->rsa->n); 236 packet_send(); 237 packet_write_wait(); 238 239 /* Wait for server's response. */ 240 type = packet_read(); 241 242 /* 243 * The server responds with failure if it doesn't like our key or 244 * doesn't support RSA authentication. 245 */ 246 if (type == SSH_SMSG_FAILURE) { 247 debug("Server refused our key."); 248 free(comment); 249 return 0; 250 } 251 /* Otherwise, the server should respond with a challenge. */ 252 if (type != SSH_SMSG_AUTH_RSA_CHALLENGE) 253 packet_disconnect("Protocol error during RSA authentication: %d", type); 254 255 /* Get the challenge from the packet. */ 256 if ((challenge = BN_new()) == NULL) 257 fatal("try_rsa_authentication: BN_new failed"); 258 packet_get_bignum(challenge); 259 packet_check_eom(); 260 261 debug("Received RSA challenge from server."); 262 263 /* 264 * If the key is not stored in external hardware, we have to 265 * load the private key. Try first with empty passphrase; if it 266 * fails, ask for a passphrase. 267 */ 268 if (public->flags & SSHKEY_FLAG_EXT) 269 private = public; 270 else 271 private = key_load_private_type(KEY_RSA1, authfile, "", NULL, 272 &perm_ok); 273 if (private == NULL && !options.batch_mode && perm_ok) { 274 snprintf(buf, sizeof(buf), 275 "Enter passphrase for RSA key '%.100s': ", comment); 276 for (i = 0; i < options.number_of_password_prompts; i++) { 277 passphrase = read_passphrase(buf, 0); 278 if (strcmp(passphrase, "") != 0) { 279 private = key_load_private_type(KEY_RSA1, 280 authfile, passphrase, NULL, NULL); 281 quit = 0; 282 } else { 283 debug2("no passphrase given, try next key"); 284 quit = 1; 285 } 286 explicit_bzero(passphrase, strlen(passphrase)); 287 free(passphrase); 288 if (private != NULL || quit) 289 break; 290 debug2("bad passphrase given, try again..."); 291 } 292 } 293 /* We no longer need the comment. */ 294 free(comment); 295 296 if (private == NULL) { 297 if (!options.batch_mode && perm_ok) 298 error("Bad passphrase."); 299 300 /* Send a dummy response packet to avoid protocol error. */ 301 packet_start(SSH_CMSG_AUTH_RSA_RESPONSE); 302 for (i = 0; i < 16; i++) 303 packet_put_char(0); 304 packet_send(); 305 packet_write_wait(); 306 307 /* Expect the server to reject it... */ 308 packet_read_expect(SSH_SMSG_FAILURE); 309 BN_clear_free(challenge); 310 return 0; 311 } 312 313 /* Compute and send a response to the challenge. */ 314 respond_to_rsa_challenge(challenge, private->rsa); 315 316 /* Destroy the private key unless it in external hardware. */ 317 if (!(private->flags & SSHKEY_FLAG_EXT)) 318 key_free(private); 319 320 /* We no longer need the challenge. */ 321 BN_clear_free(challenge); 322 323 /* Wait for response from the server. */ 324 type = packet_read(); 325 if (type == SSH_SMSG_SUCCESS) { 326 debug("RSA authentication accepted by server."); 327 return 1; 328 } 329 if (type != SSH_SMSG_FAILURE) 330 packet_disconnect("Protocol error waiting RSA auth response: %d", type); 331 debug("RSA authentication refused."); 332 return 0; 333 } 334 335 /* 336 * Tries to authenticate the user using combined rhosts or /etc/hosts.equiv 337 * authentication and RSA host authentication. 338 */ 339 static int 340 try_rhosts_rsa_authentication(const char *local_user, Key * host_key) 341 { 342 int type; 343 BIGNUM *challenge; 344 345 debug("Trying rhosts or /etc/hosts.equiv with RSA host authentication."); 346 347 /* Tell the server that we are willing to authenticate using this key. */ 348 packet_start(SSH_CMSG_AUTH_RHOSTS_RSA); 349 packet_put_cstring(local_user); 350 packet_put_int(BN_num_bits(host_key->rsa->n)); 351 packet_put_bignum(host_key->rsa->e); 352 packet_put_bignum(host_key->rsa->n); 353 packet_send(); 354 packet_write_wait(); 355 356 /* Wait for server's response. */ 357 type = packet_read(); 358 359 /* The server responds with failure if it doesn't admit our 360 .rhosts authentication or doesn't know our host key. */ 361 if (type == SSH_SMSG_FAILURE) { 362 debug("Server refused our rhosts authentication or host key."); 363 return 0; 364 } 365 /* Otherwise, the server should respond with a challenge. */ 366 if (type != SSH_SMSG_AUTH_RSA_CHALLENGE) 367 packet_disconnect("Protocol error during RSA authentication: %d", type); 368 369 /* Get the challenge from the packet. */ 370 if ((challenge = BN_new()) == NULL) 371 fatal("try_rhosts_rsa_authentication: BN_new failed"); 372 packet_get_bignum(challenge); 373 packet_check_eom(); 374 375 debug("Received RSA challenge for host key from server."); 376 377 /* Compute a response to the challenge. */ 378 respond_to_rsa_challenge(challenge, host_key->rsa); 379 380 /* We no longer need the challenge. */ 381 BN_clear_free(challenge); 382 383 /* Wait for response from the server. */ 384 type = packet_read(); 385 if (type == SSH_SMSG_SUCCESS) { 386 debug("Rhosts or /etc/hosts.equiv with RSA host authentication accepted by server."); 387 return 1; 388 } 389 if (type != SSH_SMSG_FAILURE) 390 packet_disconnect("Protocol error waiting RSA auth response: %d", type); 391 debug("Rhosts or /etc/hosts.equiv with RSA host authentication refused."); 392 return 0; 393 } 394 395 /* 396 * Tries to authenticate with any string-based challenge/response system. 397 * Note that the client code is not tied to s/key or TIS. 398 */ 399 static int 400 try_challenge_response_authentication(void) 401 { 402 int type, i; 403 u_int clen; 404 char prompt[1024]; 405 char *challenge, *response; 406 407 debug("Doing challenge response authentication."); 408 409 for (i = 0; i < options.number_of_password_prompts; i++) { 410 /* request a challenge */ 411 packet_start(SSH_CMSG_AUTH_TIS); 412 packet_send(); 413 packet_write_wait(); 414 415 type = packet_read(); 416 if (type != SSH_SMSG_FAILURE && 417 type != SSH_SMSG_AUTH_TIS_CHALLENGE) { 418 packet_disconnect("Protocol error: got %d in response " 419 "to SSH_CMSG_AUTH_TIS", type); 420 } 421 if (type != SSH_SMSG_AUTH_TIS_CHALLENGE) { 422 debug("No challenge."); 423 return 0; 424 } 425 challenge = packet_get_string(&clen); 426 packet_check_eom(); 427 snprintf(prompt, sizeof prompt, "%s%s", challenge, 428 strchr(challenge, '\n') ? "" : "\nResponse: "); 429 free(challenge); 430 if (i != 0) 431 error("Permission denied, please try again."); 432 if (options.cipher == SSH_CIPHER_NONE) 433 logit("WARNING: Encryption is disabled! " 434 "Response will be transmitted in clear text."); 435 response = read_passphrase(prompt, 0); 436 if (strcmp(response, "") == 0) { 437 free(response); 438 break; 439 } 440 packet_start(SSH_CMSG_AUTH_TIS_RESPONSE); 441 ssh_put_password(response); 442 explicit_bzero(response, strlen(response)); 443 free(response); 444 packet_send(); 445 packet_write_wait(); 446 type = packet_read(); 447 if (type == SSH_SMSG_SUCCESS) 448 return 1; 449 if (type != SSH_SMSG_FAILURE) 450 packet_disconnect("Protocol error: got %d in response " 451 "to SSH_CMSG_AUTH_TIS_RESPONSE", type); 452 } 453 /* failure */ 454 return 0; 455 } 456 457 /* 458 * Tries to authenticate with plain passwd authentication. 459 */ 460 static int 461 try_password_authentication(char *prompt) 462 { 463 int type, i; 464 char *password; 465 466 debug("Doing password authentication."); 467 if (options.cipher == SSH_CIPHER_NONE) 468 logit("WARNING: Encryption is disabled! Password will be transmitted in clear text."); 469 for (i = 0; i < options.number_of_password_prompts; i++) { 470 if (i != 0) 471 error("Permission denied, please try again."); 472 password = read_passphrase(prompt, 0); 473 packet_start(SSH_CMSG_AUTH_PASSWORD); 474 ssh_put_password(password); 475 explicit_bzero(password, strlen(password)); 476 free(password); 477 packet_send(); 478 packet_write_wait(); 479 480 type = packet_read(); 481 if (type == SSH_SMSG_SUCCESS) 482 return 1; 483 if (type != SSH_SMSG_FAILURE) 484 packet_disconnect("Protocol error: got %d in response to passwd auth", type); 485 } 486 /* failure */ 487 return 0; 488 } 489 490 /* 491 * SSH1 key exchange 492 */ 493 void 494 ssh_kex(char *host, struct sockaddr *hostaddr) 495 { 496 int i; 497 BIGNUM *key; 498 Key *host_key, *server_key; 499 int bits, rbits; 500 int ssh_cipher_default = SSH_CIPHER_3DES; 501 u_char session_key[SSH_SESSION_KEY_LENGTH]; 502 u_char cookie[8]; 503 u_int supported_ciphers; 504 u_int server_flags, client_flags; 505 u_int32_t rnd = 0; 506 507 debug("Waiting for server public key."); 508 509 /* Wait for a public key packet from the server. */ 510 packet_read_expect(SSH_SMSG_PUBLIC_KEY); 511 512 /* Get cookie from the packet. */ 513 for (i = 0; i < 8; i++) 514 cookie[i] = packet_get_char(); 515 516 /* Get the public key. */ 517 server_key = key_new(KEY_RSA1); 518 bits = packet_get_int(); 519 packet_get_bignum(server_key->rsa->e); 520 packet_get_bignum(server_key->rsa->n); 521 522 rbits = BN_num_bits(server_key->rsa->n); 523 if (bits != rbits) { 524 logit("Warning: Server lies about size of server public key: " 525 "actual size is %d bits vs. announced %d.", rbits, bits); 526 logit("Warning: This may be due to an old implementation of ssh."); 527 } 528 /* Get the host key. */ 529 host_key = key_new(KEY_RSA1); 530 bits = packet_get_int(); 531 packet_get_bignum(host_key->rsa->e); 532 packet_get_bignum(host_key->rsa->n); 533 534 rbits = BN_num_bits(host_key->rsa->n); 535 if (bits != rbits) { 536 logit("Warning: Server lies about size of server host key: " 537 "actual size is %d bits vs. announced %d.", rbits, bits); 538 logit("Warning: This may be due to an old implementation of ssh."); 539 } 540 541 /* Get protocol flags. */ 542 server_flags = packet_get_int(); 543 packet_set_protocol_flags(server_flags); 544 545 supported_ciphers = packet_get_int(); 546 supported_authentications = packet_get_int(); 547 packet_check_eom(); 548 549 debug("Received server public key (%d bits) and host key (%d bits).", 550 BN_num_bits(server_key->rsa->n), BN_num_bits(host_key->rsa->n)); 551 552 if (verify_host_key(host, hostaddr, host_key) == -1) 553 fatal("Host key verification failed."); 554 555 client_flags = SSH_PROTOFLAG_SCREEN_NUMBER | SSH_PROTOFLAG_HOST_IN_FWD_OPEN; 556 557 derive_ssh1_session_id(host_key->rsa->n, server_key->rsa->n, cookie, session_id); 558 559 /* 560 * Generate an encryption key for the session. The key is a 256 bit 561 * random number, interpreted as a 32-byte key, with the least 562 * significant 8 bits being the first byte of the key. 563 */ 564 for (i = 0; i < 32; i++) { 565 if (i % 4 == 0) 566 rnd = arc4random(); 567 session_key[i] = rnd & 0xff; 568 rnd >>= 8; 569 } 570 571 /* 572 * According to the protocol spec, the first byte of the session key 573 * is the highest byte of the integer. The session key is xored with 574 * the first 16 bytes of the session id. 575 */ 576 if ((key = BN_new()) == NULL) 577 fatal("ssh_kex: BN_new failed"); 578 if (BN_set_word(key, 0) == 0) 579 fatal("ssh_kex: BN_set_word failed"); 580 for (i = 0; i < SSH_SESSION_KEY_LENGTH; i++) { 581 if (BN_lshift(key, key, 8) == 0) 582 fatal("ssh_kex: BN_lshift failed"); 583 if (i < 16) { 584 if (BN_add_word(key, session_key[i] ^ session_id[i]) 585 == 0) 586 fatal("ssh_kex: BN_add_word failed"); 587 } else { 588 if (BN_add_word(key, session_key[i]) == 0) 589 fatal("ssh_kex: BN_add_word failed"); 590 } 591 } 592 593 /* 594 * Encrypt the integer using the public key and host key of the 595 * server (key with smaller modulus first). 596 */ 597 if (BN_cmp(server_key->rsa->n, host_key->rsa->n) < 0) { 598 /* Public key has smaller modulus. */ 599 if (BN_num_bits(host_key->rsa->n) < 600 BN_num_bits(server_key->rsa->n) + SSH_KEY_BITS_RESERVED) { 601 fatal("respond_to_rsa_challenge: host_key %d < server_key %d + " 602 "SSH_KEY_BITS_RESERVED %d", 603 BN_num_bits(host_key->rsa->n), 604 BN_num_bits(server_key->rsa->n), 605 SSH_KEY_BITS_RESERVED); 606 } 607 if (rsa_public_encrypt(key, key, server_key->rsa) != 0 || 608 rsa_public_encrypt(key, key, host_key->rsa) != 0) 609 fatal("%s: rsa_public_encrypt failed", __func__); 610 } else { 611 /* Host key has smaller modulus (or they are equal). */ 612 if (BN_num_bits(server_key->rsa->n) < 613 BN_num_bits(host_key->rsa->n) + SSH_KEY_BITS_RESERVED) { 614 fatal("respond_to_rsa_challenge: server_key %d < host_key %d + " 615 "SSH_KEY_BITS_RESERVED %d", 616 BN_num_bits(server_key->rsa->n), 617 BN_num_bits(host_key->rsa->n), 618 SSH_KEY_BITS_RESERVED); 619 } 620 if (rsa_public_encrypt(key, key, host_key->rsa) != 0 || 621 rsa_public_encrypt(key, key, server_key->rsa) != 0) 622 fatal("%s: rsa_public_encrypt failed", __func__); 623 } 624 625 /* Destroy the public keys since we no longer need them. */ 626 key_free(server_key); 627 key_free(host_key); 628 629 if (options.cipher == SSH_CIPHER_NOT_SET) { 630 if (cipher_mask_ssh1(1) & supported_ciphers & (1 << ssh_cipher_default)) 631 options.cipher = ssh_cipher_default; 632 } else if (options.cipher == SSH_CIPHER_INVALID || 633 !(cipher_mask_ssh1(1) & (1 << options.cipher))) { 634 logit("No valid SSH1 cipher, using %.100s instead.", 635 cipher_name(ssh_cipher_default)); 636 options.cipher = ssh_cipher_default; 637 } 638 /* Check that the selected cipher is supported. */ 639 if (!(supported_ciphers & (1 << options.cipher))) 640 fatal("Selected cipher type %.100s not supported by server.", 641 cipher_name(options.cipher)); 642 643 debug("Encryption type: %.100s", cipher_name(options.cipher)); 644 645 /* Send the encrypted session key to the server. */ 646 packet_start(SSH_CMSG_SESSION_KEY); 647 packet_put_char(options.cipher); 648 649 /* Send the cookie back to the server. */ 650 for (i = 0; i < 8; i++) 651 packet_put_char(cookie[i]); 652 653 /* Send and destroy the encrypted encryption key integer. */ 654 packet_put_bignum(key); 655 BN_clear_free(key); 656 657 /* Send protocol flags. */ 658 packet_put_int(client_flags); 659 660 /* Send the packet now. */ 661 packet_send(); 662 packet_write_wait(); 663 664 debug("Sent encrypted session key."); 665 666 /* Set the encryption key. */ 667 packet_set_encryption_key(session_key, SSH_SESSION_KEY_LENGTH, options.cipher); 668 669 /* 670 * We will no longer need the session key here. 671 * Destroy any extra copies. 672 */ 673 explicit_bzero(session_key, sizeof(session_key)); 674 675 /* 676 * Expect a success message from the server. Note that this message 677 * will be received in encrypted form. 678 */ 679 packet_read_expect(SSH_SMSG_SUCCESS); 680 681 debug("Received encrypted confirmation."); 682 } 683 684 /* 685 * Authenticate user 686 */ 687 void 688 ssh_userauth1(const char *local_user, const char *server_user, char *host, 689 Sensitive *sensitive) 690 { 691 int i, type; 692 693 if (supported_authentications == 0) 694 fatal("ssh_userauth1: server supports no auth methods"); 695 696 /* Send the name of the user to log in as on the server. */ 697 packet_start(SSH_CMSG_USER); 698 packet_put_cstring(server_user); 699 packet_send(); 700 packet_write_wait(); 701 702 /* 703 * The server should respond with success if no authentication is 704 * needed (the user has no password). Otherwise the server responds 705 * with failure. 706 */ 707 type = packet_read(); 708 709 /* check whether the connection was accepted without authentication. */ 710 if (type == SSH_SMSG_SUCCESS) 711 goto success; 712 if (type != SSH_SMSG_FAILURE) 713 packet_disconnect("Protocol error: got %d in response to SSH_CMSG_USER", type); 714 715 /* 716 * Try .rhosts or /etc/hosts.equiv authentication with RSA host 717 * authentication. 718 */ 719 if ((supported_authentications & (1 << SSH_AUTH_RHOSTS_RSA)) && 720 options.rhosts_rsa_authentication) { 721 for (i = 0; i < sensitive->nkeys; i++) { 722 if (sensitive->keys[i] != NULL && 723 sensitive->keys[i]->type == KEY_RSA1 && 724 try_rhosts_rsa_authentication(local_user, 725 sensitive->keys[i])) 726 goto success; 727 } 728 } 729 /* Try RSA authentication if the server supports it. */ 730 if ((supported_authentications & (1 << SSH_AUTH_RSA)) && 731 options.rsa_authentication) { 732 /* 733 * Try RSA authentication using the authentication agent. The 734 * agent is tried first because no passphrase is needed for 735 * it, whereas identity files may require passphrases. 736 */ 737 if (try_agent_authentication()) 738 goto success; 739 740 /* Try RSA authentication for each identity. */ 741 for (i = 0; i < options.num_identity_files; i++) 742 if (options.identity_keys[i] != NULL && 743 options.identity_keys[i]->type == KEY_RSA1 && 744 try_rsa_authentication(i)) 745 goto success; 746 } 747 /* Try challenge response authentication if the server supports it. */ 748 if ((supported_authentications & (1 << SSH_AUTH_TIS)) && 749 options.challenge_response_authentication && !options.batch_mode) { 750 if (try_challenge_response_authentication()) 751 goto success; 752 } 753 /* Try password authentication if the server supports it. */ 754 if ((supported_authentications & (1 << SSH_AUTH_PASSWORD)) && 755 options.password_authentication && !options.batch_mode) { 756 char prompt[80]; 757 758 snprintf(prompt, sizeof(prompt), "%.30s@%.128s's password: ", 759 server_user, host); 760 if (try_password_authentication(prompt)) 761 goto success; 762 } 763 /* All authentication methods have failed. Exit with an error message. */ 764 fatal("Permission denied."); 765 /* NOTREACHED */ 766 767 success: 768 return; /* need statement after label */ 769 } 770 771 #endif /* WITH_SSH1 */ 772
