static void
keygrab_ssh2(con *c)
{
const char *myproposal[PROPOSAL_MAX] = { KEX_CLIENT };
int r;
switch (c->c_keytype) {
case KT_DSA:
myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = get_cert ?
"*****@*****.**" : "ssh-dss";
break;
case KT_RSA:
myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = get_cert ?
"*****@*****.**" : "ssh-rsa";
break;
case KT_ED25519:
myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = get_cert ?
"*****@*****.**" : "ssh-ed25519";
break;
case KT_XMSS:
myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = get_cert ?
"*****@*****.**" : "*****@*****.**";
break;
case KT_ECDSA:
myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = get_cert ?
"[email protected],"
"[email protected],"
"*****@*****.**" :
"ecdsa-sha2-nistp256,"
"ecdsa-sha2-nistp384,"
"ecdsa-sha2-nistp521";
break;
default:
fatal("unknown key type %d", c->c_keytype);
break;
}
if ((r = kex_setup(c->c_ssh, myproposal)) != 0) {
free(c->c_ssh);
fprintf(stderr, "kex_setup: %s\n", ssh_err(r));
exit(1);
}
#ifdef WITH_OPENSSL
c->c_ssh->kex->kex[KEX_DH_GRP1_SHA1] = kex_gen_client;
c->c_ssh->kex->kex[KEX_DH_GRP14_SHA1] = kex_gen_client;
c->c_ssh->kex->kex[KEX_DH_GRP14_SHA256] = kex_gen_client;
c->c_ssh->kex->kex[KEX_DH_GRP16_SHA512] = kex_gen_client;
c->c_ssh->kex->kex[KEX_DH_GRP18_SHA512] = kex_gen_client;
c->c_ssh->kex->kex[KEX_DH_GEX_SHA1] = kexgex_client;
c->c_ssh->kex->kex[KEX_DH_GEX_SHA256] = kexgex_client;
c->c_ssh->kex->kex[KEX_ECDH_SHA2] = kex_gen_client;
#endif
c->c_ssh->kex->kex[KEX_C25519_SHA256] = kex_gen_client;
c->c_ssh->kex->kex[KEX_KEM_SNTRUP4591761X25519_SHA512] = kex_gen_client;
ssh_set_verify_host_key_callback(c->c_ssh, key_print_wrapper);
/*
* do the key-exchange until an error occurs or until
* the key_print_wrapper() callback sets c_done.
*/
ssh_dispatch_run(c->c_ssh, DISPATCH_BLOCK, &c->c_done);
}
static void
keygrab_ssh2(con *c)
{
const char *myproposal[PROPOSAL_MAX] = { KEX_CLIENT };
int r;
enable_compat20();
myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] =
c->c_keytype == KT_DSA ? "ssh-dss" :
(c->c_keytype == KT_RSA ? "ssh-rsa" :
(c->c_keytype == KT_ED25519 ? "ssh-ed25519" :
"ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521"));
if ((r = kex_setup(c->c_ssh, myproposal)) != 0) {
free(c->c_ssh);
fprintf(stderr, "kex_setup: %s\n", ssh_err(r));
exit(1);
}
#ifdef WITH_OPENSSL
c->c_ssh->kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client;
c->c_ssh->kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client;
c->c_ssh->kex->kex[KEX_DH_GEX_SHA1] = kexgex_client;
c->c_ssh->kex->kex[KEX_DH_GEX_SHA256] = kexgex_client;
c->c_ssh->kex->kex[KEX_ECDH_SHA2] = kexecdh_client;
#endif
c->c_ssh->kex->kex[KEX_C25519_SHA256] = kexc25519_client;
ssh_set_verify_host_key_callback(c->c_ssh, key_print_wrapper);
/*
* do the key-exchange until an error occurs or until
* the key_print_wrapper() callback sets c_done.
*/
ssh_dispatch_run(c->c_ssh, DISPATCH_BLOCK, &c->c_done, c->c_ssh);
}
static void
process_buffered_input_packets(struct ssh *ssh)
{
int r;
if ((r = ssh_dispatch_run(ssh, DISPATCH_NONBLOCK, NULL)) != 0)
fatal("%s: %s", __func__, ssh_err(r));
}
void
ssh_dispatch_run_fatal(struct ssh *ssh, int mode, volatile sig_atomic_t *done)
{
int r;
if ((r = ssh_dispatch_run(ssh, mode, done)) != 0)
sshpkt_fatal(ssh, r, "%s", __func__);
}
/*
* loop until authctxt->success == TRUE
*/
void
do_authentication2(struct ssh *ssh)
{
struct authctxt *authctxt = ssh->authctxt;
int r;
ssh_dispatch_init(ssh, &dispatch_protocol_error);
ssh_dispatch_set(ssh, SSH2_MSG_SERVICE_REQUEST, &input_service_request);
if ((r = ssh_dispatch_run(ssh, DISPATCH_BLOCK, &authctxt->success)) != 0)
fatal("%s: ssh_dispatch_run failed: %s", __func__, ssh_err(r));
}
