static ssh_session create_ssh_connection(const char* hostname, const unsigned int port, const char* username,
const char* password, const char* sshkey_path, const char* sshkey_passphrase)
{
ssh_session sshs;
/* Open session and set options */
sshs = ssh_new();
if (sshs == NULL) {
errmsg_print("Can't create ssh session");
return NULL;
}
if (!hostname)
return NULL;
if (ssh_options_set(sshs, SSH_OPTIONS_HOST, hostname)) {
errmsg_print("Can't set the hostname: %s\n", hostname);
goto failure;
}
if (port != 0) {
if (ssh_options_set(sshs, SSH_OPTIONS_PORT, &port)) {
errmsg_print("Can't set the port: %d\n", port);
goto failure;
}
}
if (!username)
username = g_get_user_name();
if (ssh_options_set(sshs, SSH_OPTIONS_USER, username)) {
errmsg_print("Can't set the username: %s\n", username);
goto failure;
}
verbose_print("Opening ssh connection to %s@%s:%u\n", username, hostname, port);
/* Connect to server */
if (ssh_connect(sshs) != SSH_OK) {
errmsg_print("Error connecting to %s@%s:%u (%s)\n", username, hostname, port,
ssh_get_error(sshs));
goto failure;
}
#ifdef HAVE_LIBSSH_USERAUTH_AGENT
verbose_print("Connecting using ssh-agent...");
/* Try to authenticate using ssh agent */
if (ssh_userauth_agent(sshs, NULL) == SSH_AUTH_SUCCESS) {
verbose_print("done\n");
return sshs;
}
verbose_print("failed\n");
#endif
/* If a public key path has been provided, try to authenticate using it */
if (sshkey_path) {
ssh_key pkey = ssh_key_new();
int ret;
verbose_print("Connecting using public key in %s...", sshkey_path);
ret = ssh_pki_import_privkey_file(sshkey_path, sshkey_passphrase, NULL, NULL, &pkey);
if (ret == SSH_OK) {
if (ssh_userauth_publickey(sshs, NULL, pkey) == SSH_AUTH_SUCCESS) {
verbose_print("done\n");
ssh_key_free(pkey);
return sshs;
}
}
ssh_key_free(pkey);
verbose_print("failed (%s)\n", ssh_get_error(sshs));
}
/* Try to authenticate using standard public key */
verbose_print("Connecting using standard public key...");
if (ssh_userauth_publickey_auto(sshs, NULL, NULL) == SSH_AUTH_SUCCESS) {
verbose_print("done\n");
return sshs;
}
verbose_print("failed\n");
/* If a password has been provided and all previous attempts failed, try to use it */
if (password) {
verbose_print("Connecting using password...");
if (ssh_userauth_password(sshs, username, password) == SSH_AUTH_SUCCESS) {
verbose_print("done\n");
return sshs;
}
verbose_print("failed\n");
}
errmsg_print("Can't find a valid authentication. Disconnecting.\n");
/* All authentication failed. Disconnect and return */
ssh_disconnect(sshs);
failure:
ssh_free(sshs);
return NULL;
}
static int authenticate_password(ssh_session session, url_t* urlp)
{
if (urlp->password)
return ssh_userauth_password(session, NULL, urlp->password);
if (!ftp->getpass_hook)
return SSH_AUTH_ERROR;
if (get_password(urlp, NULL, false))
return SSH_AUTH_ERROR;
return ssh_userauth_password(session, NULL, urlp->password);
}
SSH::SSH(const std::string& host, const std::string& user, const std::string& pass, const std::string port):
host_(host),user_(user),pass_(pass),sftp_(0) {
std::string timeout = getEnv(envTIMEOUT);
timeout_ = atol(timeout.c_str());
if (timeout_ == 0) {
throw Error(1, "Timeout Environmental Variable must be a positive integer.");
}
session_ = ssh_new();
if (session_ == NULL) {
throw Error(1, "Unable to create the the ssh session");
}
// try to connect
ssh_options_set(session_, SSH_OPTIONS_HOST, host_.c_str());
ssh_options_set(session_, SSH_OPTIONS_USER, user_.c_str());
ssh_options_set(session_, SSH_OPTIONS_TIMEOUT, &timeout_);
if (port != "") ssh_options_set(session_, SSH_OPTIONS_PORT_STR, port.c_str());
if (ssh_connect(session_) != SSH_OK) {
throw Error(1, ssh_get_error(session_));
}
// Authentication
if (ssh_userauth_password(session_, NULL, pass_.c_str()) != SSH_AUTH_SUCCESS) {
throw Error(1, ssh_get_error(session_));
}
}
static void torture_auth_password_nonblocking(void **state) {
struct torture_state *s = *state;
ssh_session session = s->ssh.session;
int rc;
rc = ssh_options_set(session, SSH_OPTIONS_USER, TORTURE_SSH_USER_BOB);
assert_int_equal(rc, SSH_OK);
rc = ssh_connect(session);
assert_int_equal(rc, SSH_OK);
ssh_set_blocking(session,0);
do {
rc = ssh_userauth_none(session, NULL);
} while (rc == SSH_AUTH_AGAIN);
/* This request should return a SSH_REQUEST_DENIED error */
if (rc == SSH_AUTH_ERROR) {
assert_true(ssh_get_error_code(session) == SSH_REQUEST_DENIED);
}
rc = ssh_userauth_list(session, NULL);
assert_true(rc & SSH_AUTH_METHOD_PASSWORD);
do {
rc = ssh_userauth_password(session, NULL, TORTURE_SSH_USER_BOB_PASSWORD);
} while(rc==SSH_AUTH_AGAIN);
assert_int_equal(rc, SSH_AUTH_SUCCESS);
}
void
Session::connect() {
if (this->c_session != NULL) {
this->disconnect();
}
this->c_session = ssh_new();
if (this->c_session == NULL) {
throw std::runtime_error("Cannot start session");
}
ssh_options_set(this->c_session, SSH_OPTIONS_HOST, this->hostname.c_str());
ssh_options_set(this->c_session, SSH_OPTIONS_PORT, &this->port);
int rc = ssh_connect(this->c_session);
if (rc != SSH_OK) {
fprintf(stderr, "Error connecting to localhost: %s\n", ssh_get_error(this->c_session));
throw std::runtime_error("Cannot connect to server");
}
if (this->password_auth) {
rc = ssh_userauth_password(this->c_session, NULL, this->password.c_str());
if (rc != SSH_AUTH_SUCCESS) {
throw std::runtime_error("Cannot authenticate with server");
}
} else {
rc = ssh_userauth_autopubkey(this->c_session, NULL);
if (rc != SSH_AUTH_SUCCESS) {
throw std::runtime_error("Cannot authenticate with server");
}
}
}
static void torture_auth_password(void **state) {
ssh_session session = *state;
char *user = getenv("TORTURE_USER");
char *password = getenv("TORTURE_PASSWORD");
int rc;
if (user == NULL) {
print_message("*** Please set the environment variable TORTURE_USER"
" to enable this test!!\n");
return;
}
if (password == NULL) {
print_message("*** Please set the environment variable "
"TORTURE_PASSWORD to enable this test!!\n");
return;
}
rc = ssh_options_set(session, SSH_OPTIONS_USER, user);
assert_true(rc == SSH_OK);
rc = ssh_connect(session);
assert_true(rc == SSH_OK);
rc = ssh_userauth_none(session, NULL);
/* This request should return a SSH_REQUEST_DENIED error */
if (rc == SSH_AUTH_ERROR) {
assert_true(ssh_get_error_code(session) == SSH_REQUEST_DENIED);
}
rc = ssh_userauth_list(session, NULL);
assert_true(rc & SSH_AUTH_METHOD_PASSWORD);
rc = ssh_userauth_password(session, NULL, password);
assert_true(rc == SSH_AUTH_SUCCESS);
}
int ssh_login(const char *user, const char *passwd){
ssh_session ssh_id;
int ret = 0;
printf("[*] testing => %s:%s:%s\n", target, user, passwd);
ssh_id = ssh_new();
ssh_options_set(ssh_id, SSH_OPTIONS_HOST, target);
ssh_options_set(ssh_id, SSH_OPTIONS_USER, user);
if(ssh_connect(ssh_id) != SSH_OK){
goto end;
}
if(ssh_userauth_password(ssh_id, NULL, passwd) != SSH_AUTH_SUCCESS){
goto end;
}
printf("\n\n\tCracked --> [%s : %s]\n\n", user, passwd);
ret = 1;
end:
ssh_disconnect(ssh_id);
ssh_free(ssh_id);
return ret;
}
int authenticate_console(ssh_session session, char* pwd){
int rc;
int method;
char password[128] = {0};
char *banner;
// Try to authenticate
rc = ssh_userauth_none(session, NULL);
if (rc == SSH_AUTH_ERROR) {
error(session);
return rc;
}
method = ssh_auth_list(session);
while (rc != SSH_AUTH_SUCCESS) {
// Try to authenticate with public key first
if (method & SSH_AUTH_METHOD_PUBLICKEY) {
rc = ssh_userauth_autopubkey(session, NULL);
if (rc == SSH_AUTH_ERROR) {
error(session);
return rc;
} else if (rc == SSH_AUTH_SUCCESS) {
break;
}
}
/*
// Try to authenticate with keyboard interactive";
if (method & SSH_AUTH_METHOD_INTERACTIVE) {
rc = authenticate_kbdint(session, NULL);
if (rc == SSH_AUTH_ERROR) {
error(session);
return rc;
} else if (rc == SSH_AUTH_SUCCESS) {
break;
}
}
if (ssh_getpass("Password: "******"%s\n",banner);
free(banner);
}
return rc;
}
void SSH::authenticate()
{
int rc = ssh_userauth_password(_ssh, NULL, _password.c_str());
_logger->debug("SSH Authentication status: %d", rc);
if (rc == SSH_AUTH_ERROR) {
_authenticated = false;
return;
}
_authenticated = true;
}
int authenticate_console(ssh_session session)
{
int rc;
int method;
// Try to authenticate
rc = ssh_userauth_none(session, NULL);
if (rc == SSH_AUTH_ERROR)
{
error(session);
return rc;
}
method = ssh_userauth_list(session,NULL);
while (rc != SSH_AUTH_SUCCESS)
{
// Try to authenticate with public key first
rc = ssh_userauth_autopubkey(session, NULL);
if (rc == SSH_AUTH_ERROR)
{
error(session);
return rc;
} else if (rc == SSH_AUTH_SUCCESS)
{
break;
}
rc=authenticate_kbdint(session,pass_word);
if (rc == SSH_AUTH_ERROR)
{
error(session);
return rc;
} else if (rc == SSH_AUTH_SUCCESS)
{
break;
}
rc = ssh_userauth_password(session, NULL, pass_word);
if (rc == SSH_AUTH_ERROR)
{
error(session);
return rc;
} else if (rc == SSH_AUTH_SUCCESS)
{
break;
} else if(rc == SSH_AUTH_DENIED)
{
} else if(rc == SSH_AUTH_PARTIAL)
{
} else if(rc == SSH_AUTH_INFO)
{
} else if(rc == SSH_AUTH_AGAIN)
{
}
}
return rc;
}
int test()
{
ssh_session my_ssh_session;
int rc;
// Open session and set options
my_ssh_session = ssh_new();
if (my_ssh_session == NULL)
exit(-1);
ssh_options_set(my_ssh_session, SSH_OPTIONS_HOST, "localhost");
// Connect to server
rc = ssh_connect(my_ssh_session);
if (rc != SSH_OK)
{
fprintf(stderr, "Error connecting to localhost: %s\n",
ssh_get_error(my_ssh_session));
ssh_free(my_ssh_session);
exit(-1);
}
// Verify the server's identity
// For the source code of verify_knowhost(), check previous example
// if (verify_knownhost(my_ssh_session) < 0)
// {
// ssh_disconnect(my_ssh_session);
// ssh_free(my_ssh_session);
// exit(-1);
// }
// Authenticate ourselves
QString password("whcrosedu");
rc = ssh_userauth_password(my_ssh_session, NULL, password.toLatin1());
if (rc != SSH_AUTH_SUCCESS)
{
fprintf(stderr, "Error authenticating with password: %s\n",
ssh_get_error(my_ssh_session));
ssh_disconnect(my_ssh_session);
ssh_free(my_ssh_session);
exit(-1);
}
qDebug()<<"evrika";
show_remote_processes(my_ssh_session);
ssh_disconnect(my_ssh_session);
ssh_free(my_ssh_session);
}
// libssh login version
void Connector::libsshLogin() {
// the verbosity of the ssh log
int verbosity = SSH_LOG_PROTOCOL;
int port = 22; // the port used (22 is default)
sshSession = ssh_new() ;
if (sshSession == NULL){
exit(-1);
}
output->append("Initializing connection with RVS cluster...") ;
/*Setting the options of this connection*/
ssh_options_set(sshSession, SSH_OPTIONS_HOST, "rvs.sara.nl") ;
ssh_options_set(sshSession, SSH_OPTIONS_USER, m_username.c_str()) ; // TODO, make the username and host flexibile
ssh_options_set(sshSession, SSH_OPTIONS_LOG_VERBOSITY, &verbosity);
ssh_options_set(sshSession, SSH_OPTIONS_PORT, &port);
output->append("\n") ;
/*Connecting*/
int response = ssh_connect(sshSession);
if (response != SSH_OK) {
output->append("Error connecting to the RVS") ;
output->append(ssh_get_error(sshSession)) ;
ssh_free(sshSession);
exit(-1);
}
// TODO check if the server is known!
response = ssh_userauth_password(sshSession, NULL, m_passSara.c_str());
if (response != SSH_AUTH_SUCCESS){
output->append("ERROR: Auth. failed") ;
output->append(ssh_get_error(sshSession)) ;
ssh_free(sshSession);
exit(-1);
} else {
output->append("Authorization succesful!") ;
}
output->append("\n") ;
output->append("Waiting for VNC connection...") ;
qApp->processEvents() ;
}
int main(int argc, char *argv[])
{
umask(0);
con.verbosity = SSH_LOG_PROTOCOL;
con.port = 22;
con.user = "******";
con.password = "******";
con.my_ssh_session = ssh_new();
con.mountpath = "/tmp/fuse/";
if (con.my_ssh_session == NULL)
perror("unable to craete a session");
//ssh_options_set(con.my_ssh_session, SSH_OPTIONS_USER, "akanksha");
//ssh_options_set(con.my_ssh_session, SSH_OPTIONS_HOST, "192.168.1.2");
ssh_options_set(con.my_ssh_session, SSH_OPTIONS_HOST, "localhost");
ssh_options_set(con.my_ssh_session, SSH_OPTIONS_LOG_VERBOSITY, &con.verbosity);
ssh_options_set(con.my_ssh_session, SSH_OPTIONS_PORT, &con.port);
con.rc = ssh_connect(con.my_ssh_session);
if (con.rc != SSH_OK)
{
fprintf(stderr, "Error connecting to localhost: %s\n",
ssh_get_error(con.my_ssh_session));
} else{
fprintf(stderr, "Connection succesful");
}
//con.password = getpass("Password: "******"Error authenticating with password: %s\n",
ssh_get_error(con.my_ssh_session));
ssh_disconnect(con.my_ssh_session);
ssh_free(con.my_ssh_session);
}
con.sftp = create_sftp_session();
int res = fuse_main(argc, argv, &xmp_oper, NULL);
perror("Fuse main called ");
ssh_disconnect(con.my_ssh_session);
sftp_free(con.sftp);
ssh_free(con.my_ssh_session);
return res;
}
bool clSSH::LoginPassword(bool throwExc)
{
if(!m_session) { THROW_OR_FALSE("NULL SSH session"); }
int rc;
// interactive keyboard method failed, try another method
rc = ssh_userauth_password(m_session, NULL, GetPassword().mb_str().data());
if(rc == SSH_AUTH_SUCCESS) {
return true;
} else if(rc == SSH_AUTH_DENIED) {
THROW_OR_FALSE("Login failed: invalid username/password");
} else {
THROW_OR_FALSE(wxString() << _("Authentication error: ") << ssh_get_error(m_session));
}
return false;
}
int main()
{
// INIT
ssh_session sshsession = ssh_new();
ssh_options_set(sshsession, SSH_OPTIONS_HOST, "192.168.1.117");
if (ssh_connect(sshsession) == 0)
{
if (ssh_userauth_password(sshsession, "root", "password") == 0)
{
sftp_session sftpsession = sftp_new(sshsession);
if (sftp_init(sftpsession) == 0)
{
// DIR READ
sftp_dir dir = sftp_opendir(sftpsession, "/root/");
sftp_attributes file;
while((file = sftp_readdir(sftpsession, dir)))
{
if (file->type == 1) // 1 == file; 2 == dir
{
// todo..
}
}
sftp_closedir(dir);
// FILE READ
sftp_file l_file = sftp_open(sftpsession, "/root/test.txt", O_RDONLY, 0);
sftp_attributes attr = sftp_fstat(l_file);
QByteArray l_ba;
l_ba.resize(attr->size);
sftp_read(l_file, l_ba.data(), attr->size); // Returns readed
sftp_close(l_file);
}
}
ssh_disconnect(sshsession);
}
return 0;
}
/**
* Authenticate in the SSH server with password
* @param QString password the password to use for connect in the SSH server (password or passphrase when you use private key)
* @return bool true if it's ok, false else
*/
bool Kssh::authenticatePassword(QString password)
{
// Try to authenticate without interactive, if fail then try with interactive
int auth;
auth = ssh_userauth_password(this->m_session, NULL, password.toStdString().c_str());
if (auth == SSH_AUTH_SUCCESS) {
return true;
} else if (auth == SSH_AUTH_DENIED || auth == SSH_AUTH_PARTIAL) {
// try with interactive
#ifdef DEBUG
Klog::debug("Authentication fail with password, try with interactive");
#endif
return this->authenticatePasswordInteractive(password);
} else if (auth == SSH_AUTH_ERROR) {
Klog::error(QString("Fatal error in authenticated with password : ") + QString(ssh_get_error(this->m_session)));
return false;
}
return false;
}
static gint
remmina_ssh_auth_password (RemminaSSH *ssh)
{
gint ret;
gint authlist;
gint n;
gint i;
ret = SSH_AUTH_ERROR;
if (ssh->authenticated) return 1;
if (ssh->password == NULL) return -1;
authlist = ssh_userauth_list (ssh->session, NULL);
if (authlist & SSH_AUTH_METHOD_INTERACTIVE)
{
while ((ret = ssh_userauth_kbdint (ssh->session, NULL, NULL)) == SSH_AUTH_INFO)
{
n = ssh_userauth_kbdint_getnprompts (ssh->session);
for (i = 0; i < n; i++)
{
ssh_userauth_kbdint_setanswer(ssh->session, i, ssh->password);
}
}
}
if (ret != SSH_AUTH_SUCCESS && authlist & SSH_AUTH_METHOD_PASSWORD)
{
ret = ssh_userauth_password (ssh->session, NULL, ssh->password);
}
if (ret != SSH_AUTH_SUCCESS)
{
remmina_ssh_set_error (ssh, _("SSH password authentication failed: %s"));
return 0;
}
ssh->authenticated = TRUE;
return 1;
}
static int _sftp_connect(const char *uri) {
char *scheme = NULL;
char *user = NULL;
char *passwd = NULL;
char *host = NULL;
unsigned int port = 0;
char *path = NULL;
unsigned char *hash = NULL;
int hlen;
int rc = -1;
int state = SSH_SERVER_ERROR;
int timeout = 10;
int method;
char *verbosity;
if (_connected) {
return 0;
}
rc = c_parse_uri(uri, &scheme, &user, &passwd, &host, &port, &path);
if (rc < 0) {
goto out;
}
DEBUG_SFTP(("csync_sftp - conntecting to: %s\n", host));
/* create the session */
_ssh_session = ssh_new();
if (_ssh_session == NULL) {
fprintf(stderr, "csync_sftp - error creating new connection: %s\n",
strerror(errno));
rc = -1;
goto out;
}
rc = ssh_options_set(_ssh_session, SSH_OPTIONS_TIMEOUT, &timeout);
if (rc < 0) {
fprintf(stderr, "csync_sftp - error setting options: %s\n",
strerror(errno));
goto out;
}
rc = ssh_options_set(_ssh_session, SSH_OPTIONS_COMPRESSION_C_S, "none");
if (rc < 0) {
fprintf(stderr, "csync_sftp - error setting options: %s\n",
strerror(errno));
goto out;
}
rc = ssh_options_set(_ssh_session, SSH_OPTIONS_COMPRESSION_S_C, "none");
if (rc < 0) {
fprintf(stderr, "csync_sftp - error setting options: %s\n",
strerror(errno));
goto out;
}
ssh_options_set(_ssh_session, SSH_OPTIONS_HOST, host);
if (rc < 0) {
fprintf(stderr, "csync_sftp - error setting options: %s\n",
strerror(errno));
goto out;
}
if (port) {
ssh_options_set(_ssh_session, SSH_OPTIONS_PORT, &port);
if (rc < 0) {
fprintf(stderr, "csync_sftp - error setting options: %s\n",
strerror(errno));
goto out;
}
DEBUG_SFTP(("csync_sftp - port set to: %d\n", port));
}
if (user && *user) {
ssh_options_set(_ssh_session, SSH_OPTIONS_USER, user);
if (rc < 0) {
fprintf(stderr, "csync_sftp - error setting options: %s\n",
strerror(errno));
goto out;
}
DEBUG_SFTP(("csync_sftp - username set to: %s\n", user));
}
verbosity = getenv("CSYNC_SFTP_LOG_VERBOSITY");
if (verbosity) {
rc = ssh_options_set(_ssh_session, SSH_OPTIONS_LOG_VERBOSITY_STR, verbosity);
if (rc < 0) {
goto out;
}
}
/* read ~/.ssh/config */
rc = ssh_options_parse_config(_ssh_session, NULL);
if (rc < 0) {
goto out;
}
_ssh_callbacks = (ssh_callbacks) c_malloc(sizeof(struct ssh_callbacks_struct));
if (_ssh_callbacks == NULL) {
rc = -1;
goto out;
}
ZERO_STRUCTP(_ssh_callbacks);
_ssh_callbacks->userdata = _userdata;
_ssh_callbacks->auth_function = _ssh_auth_callback;
ssh_callbacks_init(_ssh_callbacks);
ssh_set_callbacks(_ssh_session, _ssh_callbacks);
rc = ssh_connect(_ssh_session);
if (rc < 0) {
fprintf(stderr, "csync_sftp - error connecting to the server: %s\n", ssh_get_error(_ssh_session));
ssh_disconnect(_ssh_session);
_ssh_session = NULL;
ssh_finalize();
goto out;
}
hlen = ssh_get_pubkey_hash(_ssh_session, &hash);
if (hlen < 0) {
fprintf(stderr, "csync_sftp - error connecting to the server: %s\n",
ssh_get_error(_ssh_session));
ssh_disconnect(_ssh_session);
_ssh_session = NULL;
ssh_finalize();
goto out;
}
/* check the server public key hash */
state = ssh_is_server_known(_ssh_session);
switch (state) {
case SSH_SERVER_KNOWN_OK:
break;
case SSH_SERVER_KNOWN_CHANGED:
fprintf(stderr, "csync_sftp - The host key for this server was "
"not found, but another type of key exists.\n"
"An attacker might change the default server key to confuse your "
"client into thinking the key does not exist.\n"
"Please contact your system administrator.\n"
"%s\n", ssh_get_error(_ssh_session));
ssh_print_hexa("csync_sftp - public key hash", hash, hlen);
ssh_disconnect(_ssh_session);
_ssh_session = NULL;
ssh_finalize();
rc = -1;
goto out;
break;
case SSH_SERVER_FOUND_OTHER:
fprintf(stderr, "csync_sftp - the host key for this server was not "
"found but an other type of key exists.\n");
fprintf(stderr, "csync_sftp - an attacker might change the default "
"server key to confuse your client into thinking the key does not "
"exist\n");
fprintf(stderr, "The host key for the server %s has changed.\n"
"This could either mean that DNS SPOOFING is happening or the IP "
"address for the host and its host key have changed at the same time.\n"
"The fingerprint for the key sent by the remote host is:\n", host);
ssh_print_hexa("", hash, hlen);
fprintf(stderr, "Please contact your system administrator.\n"
"%s\n", ssh_get_error(_ssh_session));
ssh_disconnect(_ssh_session);
_ssh_session = NULL;
ssh_finalize();
rc = -1;
goto out;
break;
case SSH_SERVER_NOT_KNOWN:
if (_authcb) {
char *hexa;
char *prompt;
char buf[4] = {0};
hexa = ssh_get_hexa(hash, hlen);
if (hexa == NULL) {
ssh_disconnect(_ssh_session);
_ssh_session = NULL;
ssh_finalize();
rc = -1;
goto out;
}
if (asprintf(&prompt,
"The authenticity of host '%s' can't be established.\n"
"RSA key fingerprint is %s.\n"
"Are you sure you want to continue connecting (yes/no)?",
host, hexa) < 0 ) {
free(hexa);
ssh_disconnect(_ssh_session);
_ssh_session = NULL;
ssh_finalize();
rc = -1;
goto out;
}
free(hexa);
if ((*_authcb)(prompt, buf, sizeof(buf), 1, 0, _userdata) < 0) {
free(prompt);
ssh_disconnect(_ssh_session);
_ssh_session = NULL;
ssh_finalize();
rc = -1;
goto out;
}
free(prompt);
if (strncasecmp(buf, "yes", 3) != 0) {
ssh_disconnect(_ssh_session);
_ssh_session = NULL;
ssh_finalize();
rc = -1;
goto out;
}
if (ssh_write_knownhost(_ssh_session) < 0) {
ssh_disconnect(_ssh_session);
_ssh_session = NULL;
ssh_finalize();
rc = -1;
goto out;
}
} else {
fprintf(stderr,"csync_sftp - the server is unknown. Connect manually to "
"the host to retrieve the public key hash, then try again.\n");
}
ssh_disconnect(_ssh_session);
_ssh_session = NULL;
ssh_finalize();
rc = -1;
goto out;
break;
case SSH_SERVER_ERROR:
fprintf(stderr, "%s\n", ssh_get_error(_ssh_session));
ssh_disconnect(_ssh_session);
_ssh_session = NULL;
ssh_finalize();
rc = -1;
goto out;
break;
default:
break;
}
/* Try to authenticate */
rc = ssh_userauth_none(_ssh_session, NULL);
if (rc == SSH_AUTH_ERROR) {
ssh_disconnect(_ssh_session);
_ssh_session = NULL;
ssh_finalize();
rc = -1;
goto out;
}
#if 0
/* authenticate with the server */
if (passwd && *passwd) {
DEBUG_SFTP(("csync_sftp - authenticating with user/password\n"));
/*
* This is tunneled cleartext password authentication and possibly needs
* to be allowed by the ssh server. Set 'PasswordAuthentication yes'
*/
auth = ssh_userauth_password(_ssh_session, user, passwd);
} else {
DEBUG_SFTP(("csync_sftp - authenticating with pubkey\n"));
auth = ssh_userauth_autopubkey(_ssh_session, NULL);
}
if (auth == SSH_AUTH_ERROR) {
fprintf(stderr, "csync_sftp - authenticating with pubkey: %s\n",
ssh_get_error(_ssh_session));
ssh_disconnect(_ssh_session);
_ssh_session = NULL;
ssh_finalize();
rc = -1;
goto out;
}
if (auth != SSH_AUTH_SUCCESS) {
if (_authcb != NULL) {
auth = auth_kbdint(_ssh_session);
if (auth == SSH_AUTH_ERROR) {
fprintf(stderr,"csync_sftp - authentication failed: %s\n",
ssh_get_error(_ssh_session));
ssh_disconnect(_ssh_session);
_ssh_session = NULL;
ssh_finalize();
rc = -1;
goto out;
}
} else {
ssh_disconnect(_ssh_session);
_ssh_session = NULL;
ssh_finalize();
rc = -1;
goto out;
}
}
#endif
method = ssh_auth_list(_ssh_session);
while (rc != SSH_AUTH_SUCCESS) {
/* Try to authenticate with public key first */
if (method & SSH_AUTH_METHOD_PUBLICKEY) {
rc = ssh_userauth_autopubkey(_ssh_session, NULL);
if (rc == SSH_AUTH_ERROR) {
ssh_disconnect(_ssh_session);
_ssh_session = NULL;
ssh_finalize();
rc = -1;
goto out;
} else if (rc == SSH_AUTH_SUCCESS) {
break;
}
}
/* Try to authenticate with keyboard interactive */
if (method & SSH_AUTH_METHOD_INTERACTIVE) {
rc = auth_kbdint(_ssh_session, user, passwd);
if (rc == SSH_AUTH_ERROR) {
ssh_disconnect(_ssh_session);
_ssh_session = NULL;
ssh_finalize();
rc = -1;
goto out;
} else if (rc == SSH_AUTH_SUCCESS) {
break;
}
}
/* Try to authenticate with password */
if ((method & SSH_AUTH_METHOD_PASSWORD) && passwd && *passwd) {
rc = ssh_userauth_password(_ssh_session, user, passwd);
if (rc == SSH_AUTH_ERROR) {
ssh_disconnect(_ssh_session);
_ssh_session = NULL;
ssh_finalize();
rc = -1;
goto out;
} else if (rc == SSH_AUTH_SUCCESS) {
break;
}
}
}
DEBUG_SFTP(("csync_sftp - creating sftp channel...\n"));
/* start the sftp session */
_sftp_session = sftp_new(_ssh_session);
if (_sftp_session == NULL) {
fprintf(stderr, "csync_sftp - sftp error initialising channel: %s\n", ssh_get_error(_ssh_session));
rc = -1;
goto out;
}
rc = sftp_init(_sftp_session);
if (rc < 0) {
fprintf(stderr, "csync_sftp - error initialising sftp: %s\n", ssh_get_error(_ssh_session));
goto out;
}
DEBUG_SFTP(("csync_sftp - connection established...\n"));
_connected = 1;
rc = 0;
out:
SAFE_FREE(scheme);
SAFE_FREE(user);
SAFE_FREE(passwd);
SAFE_FREE(host);
SAFE_FREE(path);
SAFE_FREE(hash);
return rc;
}
int main(int argc, char **argv) {
// check for args num
if (argc < 3) exit(-1);
// assign first arg to host var
char host[20];
strcpy(host, argv[1]);
// assign second arg to port var
int port = atoi(argv[2]);
// set verbosity if need
// int verbosity = SSH_LOG_FUNCTIONS;
// int verbosity = SSH_LOG_PROTOCOL;
int connection;
ssh_session session;
session = ssh_new();
if (session == NULL) exit(-1);
ssh_options_set(session, SSH_OPTIONS_HOST, host);
// ssh_options_set(session, SSH_OPTIONS_LOG_VERBOSITY, &verbosity);
ssh_options_set(session, SSH_OPTIONS_PORT, &port);
ssh_options_set(session, SSH_OPTIONS_USER, "gluck");
printf("Connecting to host %s and port %d\n", host, port);
connection = ssh_connect(session);
if (connection != SSH_OK) {
printf("Error connecting to %s: %s\n", host, ssh_get_error(session));
exit -1;
} else {
printf("Connected.\n");
}
if (verify_knownhost(session) < 0) {
ssh_disconnect(session);
ssh_free(session);
exit(-1);
}
int rc;
char *password;
password = getpass("Password: "******"Error authenticating with password: %s\n",
ssh_get_error(session));
ssh_disconnect(session);
ssh_free(session);
exit(-1);
}
if (show_remote_processes(session) != SSH_OK) {
printf("Error executing request\n");
ssh_get_error(session);
ssh_disconnect(session);
ssh_free(session);
exit(-1);
} else {
printf("\nRequest completed successfully!\n");
}
ssh_disconnect(session);
ssh_free(session);
}
static const gchar *
cockpit_ssh_authenticate (CockpitSshData *data)
{
gss_cred_id_t gsscreds = GSS_C_NO_CREDENTIAL;
const gchar *password = NULL;
const gchar *problem;
gboolean tried = FALSE;
gchar *description;
int methods;
int rc;
problem = "not-authorized";
rc = ssh_userauth_none (data->session, NULL);
if (rc == SSH_AUTH_ERROR)
{
if (g_atomic_int_get (data->connecting))
g_message ("%s: server authentication handshake failed: %s",
data->logname, ssh_get_error (data->session));
problem = "internal-error";
goto out;
}
if (rc == SSH_AUTH_SUCCESS)
{
problem = NULL;
goto out;
}
methods = ssh_userauth_list (data->session, NULL);
if (methods & SSH_AUTH_METHOD_PASSWORD)
{
password = cockpit_creds_get_password (data->creds);
if (password)
{
tried = TRUE;
rc = ssh_userauth_password (data->session, NULL, password);
switch (rc)
{
case SSH_AUTH_SUCCESS:
g_debug ("%s: password auth succeeded", data->logname);
problem = NULL;
goto out;
case SSH_AUTH_DENIED:
g_debug ("%s: password auth failed", data->logname);
break;
case SSH_AUTH_PARTIAL:
g_message ("%s: password auth worked, but server wants more authentication",
data->logname);
break;
default:
if (g_atomic_int_get (data->connecting))
g_message ("%s: couldn't authenticate: %s", data->logname,
ssh_get_error (data->session));
problem = "internal-error";
goto out;
}
}
}
if (methods & SSH_AUTH_METHOD_GSSAPI_MIC)
{
tried = TRUE;
gsscreds = cockpit_creds_push_thread_default_gssapi (data->creds);
if (gsscreds != GSS_C_NO_CREDENTIAL)
{
#ifdef HAVE_SSH_GSSAPI_SET_CREDS
ssh_gssapi_set_creds (data->session, gsscreds);
#else
g_warning ("unable to forward delegated gssapi kerberos credentials because the "
"version of libssh on this system does not support it.");
#endif
rc = ssh_userauth_gssapi (data->session);
#ifdef HAVE_SSH_GSSAPI_SET_CREDS
ssh_gssapi_set_creds (data->session, NULL);
#endif
switch (rc)
{
case SSH_AUTH_SUCCESS:
g_debug("%s: gssapi auth succeeded", data->logname);
problem = NULL;
goto out;
case SSH_AUTH_DENIED:
g_debug ("%s: gssapi auth failed", data->logname);
break;
case SSH_AUTH_PARTIAL:
g_message ("%s: gssapi auth worked, but server wants more authentication",
data->logname);
break;
default:
if (g_atomic_int_get (data->connecting))
g_message ("%s: couldn't authenticate: %s", data->logname,
ssh_get_error (data->session));
problem = "internal-error";
goto out;
}
}
}
if (!tried)
{
description = auth_method_description (methods);
g_message ("%s: server offered unsupported authentication methods: %s",
data->logname, description);
g_free (description);
problem = "not-authorized";
}
else if (!password && gsscreds == GSS_C_NO_CREDENTIAL)
{
problem = "no-forwarding";
}
else
{
problem = "not-authorized";
}
out:
cockpit_creds_pop_thread_default_gssapi (data->creds, gsscreds);
return problem;
}
int main(int argc, char **argv)
{
int verbose = SSH_LOG_PROTOCOL;
int port = 22;
int rc = 0;
char *username = "******";
char *passwd = "2113";
ssh_session my_ssh_session = ssh_new();
if (my_ssh_session == NULL)
exit(-1);
ssh_options_set(my_ssh_session, SSH_OPTIONS_HOST, "localhost");
ssh_options_set(my_ssh_session, SSH_OPTIONS_LOG_VERBOSITY, &verbose);
ssh_options_set(my_ssh_session, SSH_OPTIONS_PORT, &port);
rc = ssh_connect(my_ssh_session);
printf("conn: ok=?%d, %d, %s\n", rc==SSH_OK, rc, ssh_get_error(my_ssh_session));
rc = ssh_userauth_password(my_ssh_session, username, passwd);
printf("conn: ok=?%d, %d, %s\n", rc==SSH_OK, rc, ssh_get_error(my_ssh_session));
ssh_channel channel;
channel = ssh_channel_new(my_ssh_session);
if (channel == NULL) {
}
rc = ssh_channel_open_session(channel);
printf("conn: ok=?%d, %d, %s\n", rc==SSH_OK, rc, ssh_get_error(my_ssh_session));
rc = ssh_channel_request_exec(channel, "ls -lh");
printf("conn: ok=?%d, %d, %s\n", rc==SSH_OK, rc, ssh_get_error(my_ssh_session));
char buffer[100];
unsigned int nbytes;
nbytes = ssh_channel_read(channel, buffer, sizeof(buffer)-1, 0);
buffer[nbytes] = '\0';
printf("ssh out byte: %d, %s\n", nbytes, buffer);
while (nbytes > 0) {
nbytes = ssh_channel_read(channel, buffer, sizeof(buffer)-1, 0);
buffer[nbytes] = '\0';
printf("ssh out byte: %d, %s\n", nbytes, buffer);
}
nbytes = ssh_channel_read(channel, buffer, sizeof(buffer)-1, 1);
buffer[nbytes] = '\0';
printf("ssh err byte: %d, %s\n", nbytes, buffer);
while (nbytes > 0) {
nbytes = ssh_channel_read(channel, buffer, sizeof(buffer)-1, 1);
buffer[nbytes] = '\0';
printf("ssh err byte: %d, %s\n", nbytes, buffer);
}
ssh_channel_send_eof(channel);
ssh_channel_close(channel);
ssh_channel_free(channel);
ssh_disconnect(my_ssh_session);
ssh_free(my_ssh_session);
return 0;
}
int start_ssh(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) {
char *empty = "";
char *login, *pass, keep_login[300];
int auth_state = 0, rc = 0, i = 0;
if (strlen(login = hydra_get_next_login()) == 0)
login = empty;
if (strlen(pass = hydra_get_next_password()) == 0)
pass = empty;
if (new_session) {
if (session) {
ssh_disconnect(session);
ssh_finalize();
ssh_free(session);
}
session = ssh_new();
ssh_options_set(session, SSH_OPTIONS_PORT, &port);
ssh_options_set(session, SSH_OPTIONS_HOST, hydra_address2string(ip));
ssh_options_set(session, SSH_OPTIONS_USER, login);
ssh_options_set(session, SSH_OPTIONS_COMPRESSION_C_S, "none");
ssh_options_set(session, SSH_OPTIONS_COMPRESSION_S_C, "none");
if (ssh_connect(session) != 0) {
//if the connection was drop, trying to reconnect
if (verbose)
hydra_report(stderr, "Error: could not connect to target port %d\n", port);
return 1;
}
if ((rc = ssh_userauth_none(session, NULL)) == SSH_AUTH_ERROR) {
return 3;
} else if (rc == SSH_AUTH_SUCCESS) {
hydra_report_found_host(port, ip, "ssh", fp);
hydra_completed_pair_found();
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return 2;
else
return 1;
}
} else
new_session = 1;
auth_state = ssh_auth_list(session);
if ((auth_state & SSH_AUTH_METHOD_PASSWORD) > 0) {
auth_state = ssh_userauth_password(session, NULL, pass);
} else if ((auth_state & SSH_AUTH_METHOD_INTERACTIVE) > 0) {
auth_state = ssh_userauth_kbdint(session, NULL, NULL);
while (auth_state == SSH_AUTH_INFO) {
rc = ssh_userauth_kbdint_getnprompts(session);
for (i = 0; i < rc; i++)
ssh_userauth_kbdint_setanswer(session, i, pass);
auth_state = ssh_userauth_kbdint(session, NULL, NULL);
}
} else {
return 4;
}
if (auth_state == SSH_AUTH_ERROR) {
new_session = 1;
return 1;
}
if (auth_state == SSH_AUTH_SUCCESS || auth_state == SSH_AUTH_PARTIAL) {
hydra_report_found_host(port, ip, "ssh", fp);
hydra_completed_pair_found();
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return 2;
return 1;
} else {
strncpy(keep_login, login, sizeof(keep_login) - 1);
keep_login[sizeof(keep_login) - 1] = '\0';
hydra_completed_pair();
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return 2;
login = hydra_get_next_login();
if (strcmp(login, keep_login) == 0)
new_session = 0;
return 1;
}
/* not reached */
return 1;
}
bool
SSHClient::sshConnect(int /* fd */, std::string &hostname)
{
// GNASH_REPORT_FUNCTION;
char *password;
char *banner;
char *hexa;
// We always need a hostname to connect to
if (ssh_options_set(_session, SSH_OPTIONS_HOST, hostname.c_str()) < 0) {
log_error(_("Couldn't set hostname option"));
return false;
}
// We always need a user name for the connection
if (_user.empty()) {
if (ssh_options_set(_session, SSH_OPTIONS_USER, _user.c_str()) < 0) {
log_error(_("Couldn't set user name option"));
return false;
}
}
// Start a new session
_session = ssh_new();
if(ssh_connect(_session)){
log_error(_("Connection failed : %s\n"), ssh_get_error(_session));
sshShutdown();
return false;
}
_state = ssh_is_server_known(_session);
unsigned char *hash = 0;
int hlen = ssh_get_pubkey_hash(_session, &hash);
if (hlen < 0) {
sshShutdown();
return false;
}
switch(_state){
case SSH_SERVER_KNOWN_OK: // ok
log_debug(_("SSH Server is currently known: %d"), _state);
break;
case SSH_SERVER_KNOWN_CHANGED:
log_error(_("Host key for server changed : server's one is now: "));
ssh_print_hexa(_("Public key hash"), hash, hlen);
free(hash);
log_error(_("For security reason, connection will be stopped"));
sshShutdown();
return false;;
case SSH_SERVER_FOUND_OTHER:
log_error(_("The host key for this server was not found but an other type of key exists."));
log_error(_("An attacker might change the default server key to confuse your client"
" into thinking the key does not exist"
"We advise you to rerun the client with -d or -r for more safety."));
sshShutdown();
return false;;
case SSH_SERVER_NOT_KNOWN:
hexa = ssh_get_hexa(hash, hlen);
free(hash);
// FIXME: for now, accecpt all new keys, and update the
// $HOME/.ssh/know_hosts file.
#if 0
log_error(_("The server is unknown. Do you trust the host key ? (yes,no)"));
log_error(_("Public key hash: %s"), hexa);
free(hexa);
fgets(buf, sizeof(buf), stdin);
if(strncasecmp(buf, "yes", 3) != 0){
sshShutdown();
return false;
}
log_error(_("This new key will be written on disk for further usage. do you agree? (yes,no) "));
fgets(buf, sizeof(buf), stdin);
if(strncasecmp(buf, "yes", 3)==0){
if(ssh_write_knownhost(_session))
log_error(ssh_get_error(_session));
}
#else
if(ssh_write_knownhost(_session)) {
log_error(ssh_get_error(_session));
}
#endif
break;
case SSH_SERVER_ERROR:
free(hash);
log_error(ssh_get_error(_session));
sshShutdown();
return false;
}
free(hash);
ssh_userauth_none(_session, NULL);
int auth = ssh_auth_list(_session);
// log_debug("auth: 0x%04x", auth);
log_debug(_("supported auth methods: "));
if (auth & SSH_AUTH_METHOD_PUBLICKEY) {
log_debug(_("\tpublickey"));
}
if (auth & SSH_AUTH_METHOD_INTERACTIVE) {
log_debug(_("\tkeyboard-interactive"));
}
/* no ? you should :) */
auth=ssh_userauth_autopubkey(_session, NULL);
if(auth == SSH_AUTH_ERROR){
log_debug(_("Authenticating with pubkey: %s"), ssh_get_error(_session));
ssh_finalize();
return false;
}
banner = ssh_get_issue_banner(_session);
if(banner){
log_debug(banner);
free(banner);
}
if(auth != SSH_AUTH_SUCCESS){
auth = authKbdint(_session);
if(auth == SSH_AUTH_ERROR){
log_error(_("authenticating with keyb-interactive: %s"),
ssh_get_error(_session));
ssh_finalize();
return false;
}
}
if(auth != SSH_AUTH_SUCCESS){
password = getpass("Password: "******"Authentication failed: %s"), ssh_get_error(_session));
ssh_disconnect(_session);
ssh_finalize();
return false;
}
memset(password, 0, strlen(password));
}
ssh_log(_session, SSH_LOG_FUNCTIONS, "Authentication success");
#if 0
if(strstr(argv[0],"sftp")){
sftp = 1;
ssh_log(_session, SSH_LOG_FUNCTIONS, "Doing sftp instead");
}
if(!sftp){
if(!cmds[0])
shell(_session);
else
batch_shell(_session);
}
else
do_sftp(_session);
if(!sftp && !cmds[0])
do_cleanup(0);
#endif
return true;
}
int FSSftp::CheckSession( int* err, FSCInfo* info )
{
if ( sshSession ) { return 0; }
try
{
sshSession = ssh_new();
if ( !sshSession ) { throw int( SSH_INTERROR_X3 ); }
if ( ssh_options_set( sshSession, SSH_OPTIONS_HOST, unicode_to_utf8( _operParam.server.Data() ).ptr() ) )
{
throw int( SSH_INTERROR_X3 );
}
int port = _operParam.port;
if ( ssh_options_set( sshSession, SSH_OPTIONS_PORT, &port ) )
{
throw int( SSH_INTERROR_X3 );
}
FSString userName = "";
if ( _operParam.user.Data()[0] )
{
userName = _operParam.user.Data();
}
else
{
char* ret = getenv( "LOGNAME" );
if ( ret )
{
userName = FSString( sys_charset_id, ret );
_operParam.user = userName.GetUnicode();
MutexLock infoLock( &infoMutex );
_infoParam.user = userName.GetUnicode();
}
};
if ( ssh_options_set( sshSession, SSH_OPTIONS_USER, ( char* )userName.Get( _operParam.charset ) ) ) //есть сомнения, что надо все таки в utf8
{
throw int( SSH_INTERROR_X3 );
}
if ( ssh_connect( sshSession ) != SSH_OK )
{
throw int( SSH_INTERROR_CONNECT );
}
int method = ssh_userauth_list( sshSession, 0 );
int ret;
static unicode_t userSymbol = '@';
if ( method & SSH_AUTH_METHOD_PASSWORD )
{
FSPromptData data;
data.visible = false;
data.prompt = utf8_to_unicode( "Password:"******"SFTP_" ).ptr(),
carray_cat<unicode_t>( userName.GetUnicode(), &userSymbol, _operParam.server.Data() ).ptr(),
&data, 1 ) ) { throw int( SSH_INTERROR_STOPPED ); }
ret = ssh_userauth_password( sshSession,
( char* )FSString( _operParam.user.Data() ).Get( _operParam.charset ),
( char* )FSString( data.prompt.Data() ).Get( _operParam.charset ) );
}
if ( ret != SSH_AUTH_SUCCESS &&
( method & SSH_AUTH_METHOD_INTERACTIVE ) != 0 )
{
while ( true )
{
ret = ssh_userauth_kbdint( sshSession, 0, 0 );
if ( ret != SSH_AUTH_INFO ) { break; }
const char* instruction = ssh_userauth_kbdint_getinstruction( sshSession );
if ( !instruction ) { instruction = ""; }
int n = ssh_userauth_kbdint_getnprompts( sshSession );
if ( n <= 0 ) { continue; }
std::vector<FSPromptData> pData( n );
int i;
for ( i = 0; i < n; i++ )
{
char echo;
const char* prompt = ssh_userauth_kbdint_getprompt( sshSession, i, &echo );
if ( !prompt ) { break; }
pData[i].visible = echo != 0;
pData[i].prompt = utf8_to_unicode( prompt ).ptr();
}
if ( !info ) { throw int( SSH_INTERROR_AUTH ); }
if ( !info->Prompt(
utf8_to_unicode( "SFTP" ).ptr(),
carray_cat<unicode_t>( userName.GetUnicode(), &userSymbol, _operParam.server.Data() ).ptr(),
pData.ptr(), n ) ) { throw int( SSH_INTERROR_STOPPED ); }
for ( i = 0; i < n; i++ )
{
if ( ssh_userauth_kbdint_setanswer( sshSession, i, ( char* )FSString( pData[i].prompt.Data() ).Get( _operParam.charset ) ) < 0 )
{
throw int( SSH_INTERROR_AUTH );
}
}
}
}
if ( ret != SSH_AUTH_SUCCESS )
{
if ( ret == SSH_AUTH_PARTIAL )
{
throw int( SSH_INTERROR_UNSUPPORTED_AUTH );
}
else
{
throw int( SSH_INTERROR_AUTH );
}
}
sftpSession = sftp_new( sshSession );
if ( !sftpSession ) { throw int( SSH_INTERROR_FATAL ); }
if ( sftp_init( sftpSession ) != SSH_OK ) { throw int( SSH_INTERROR_FATAL ); }
}
catch ( int e )
{
if ( err ) { *err = e; }
if ( sftpSession ) { sftp_free( sftpSession ); }
if ( sshSession ) { ssh_free( sshSession ); }
sshSession = 0;
sftpSession = 0;
return ( e == SSH_INTERROR_STOPPED ) ? -2 : -1;
}
return 0;
}
int SSH_Socket::authenticate_console()
{
int rc;
int method;
char *banner;
// Try to authenticate
rc = ssh_userauth_none(session, nullptr);
switch(rc)
{
case SSH_AUTH_ERROR: //some error happened during authentication
std::cout << "ssh_userauth_none SSH_AUTH_ERROR!" << std::endl;
error();
return rc;
case SSH_AUTH_DENIED: //no key matched
std::cout << "ssh_userauth_none SSH_AUTH_DENIED!" << std::endl;
break;
case SSH_AUTH_SUCCESS: //you are now authenticated
std::cout << "ssh_userauth_none SSH_AUTH_SUCCESS!" << std::endl;
break;
case SSH_AUTH_PARTIAL:
//some key matched but you still have
//to provide an other mean of authentication (like a password).
std::cout << "ssh_userauth_none SSH_AUTH_PARTIAL!" << std::endl;
break;
}
int failureCounter = 0;
// Get a list of excepted Auth Sessions server wants.
method = ssh_auth_list(session);
while(rc != SSH_AUTH_SUCCESS && failureCounter < 20)
{
/*
Retrieve the public key with ssh_import_pubkey_file().
Offer the public key to the SSH server using ssh_userauth_try_publickey().
* If the return value is SSH_AUTH_SUCCESS, the SSH server accepts
* to authenticate using the public key and you can go to the next step.
Retrieve the private key, using the ssh_pki_import_privkey_file() function.
* If a pass phrase is needed, either the pass phrase specified
* as argument or a callback will be used.
Authenticate using ssh_userauth_publickey() with your private key.
Do not forget cleaning up memory using ssh_key_free().
*/
// The function ssh_userauth_autopubkey() does this using the
// available keys in "~/.ssh/" or ssh-agent. The return values are the following:
// ** Public Key Needs more testing.
if(method & SSH_AUTH_METHOD_PUBLICKEY)
{
rc = ssh_userauth_autopubkey(session, nullptr);
switch(rc)
{
case SSH_AUTH_ERROR: //some serious error happened during authentication
std::cout << "SSH_AUTH_METHOD_PUBLICKEY - SSH_AUTH_ERROR!" << std::endl;
error();
return rc;
case SSH_AUTH_DENIED: //no key matched
std::cout << "SSH_AUTH_METHOD_PUBLICKEY - SSH_AUTH_DENIED!" << std::endl;
++failureCounter;
break;
case SSH_AUTH_SUCCESS: //you are now authenticated
std::cout << "SSH_AUTH_METHOD_PUBLICKEY - SSH_AUTH_SUCCESS!" << std::endl;
break;
case SSH_AUTH_PARTIAL:
// some key matched but you still have
// to provide an other mean of authentication (like a password).
std::cout << "SSH_AUTH_METHOD_PUBLICKEY - SSH_AUTH_PARTIAL!" << std::endl;
++failureCounter;
break;
default:
break;
}
/*
// Validate with specific public key file
rc = ssh_userauth_try_publickey(session, NULL, "pubkey.pub");
switch (rc)
{
case SSH_AUTH_ERROR: //some serious error happened during authentication
printf("\r\n try_publickey - SSH_AUTH_ERROR! \r\n");
error(session);
return rc;
case SSH_AUTH_DENIED: //no key matched
printf("\r\n try_publickey - SSH_AUTH_DENIED! \r\n");
break;
case SSH_AUTH_SUCCESS: //you are now authenticated
printf("\r\n try_publickey - SSH_AUTH_SUCCESS! \r\n");
break;
case SSH_AUTH_PARTIAL: //some key matched but you still have to
//provide an other mean of authentication (like a password).
printf("\r\n try_publickey - SSH_AUTH_PARTIAL! \r\n");
break;
default:
break;
}
*/
}
// Try to authenticate with keyboard interactive";
if(method & SSH_AUTH_METHOD_INTERACTIVE)
{
//rc = authenticate_kbdint(session, NULL);
switch(rc)
{
case SSH_AUTH_ERROR: //some serious error happened during authentication
std::cout << "SSH_AUTH_METHOD_INTERACTIVE - SSH_AUTH_ERROR!" << std::endl;
error();
return rc;
case SSH_AUTH_DENIED: //no key matched
std::cout << "SSH_AUTH_METHOD_INTERACTIVE - SSH_AUTH_DENIED!" << std::endl;
++failureCounter;
break;
case SSH_AUTH_SUCCESS: //you are now authenticated
std::cout << "SSH_AUTH_METHOD_INTERACTIVE - SSH_AUTH_SUCCESS!" << std::endl;
break;
case SSH_AUTH_PARTIAL: //some key matched but you still have to
//provide an other mean of authentication (like a password).
std::cout << "SSH_AUTH_METHOD_INTERACTIVE - SSH_AUTH_PARTIAL!" << std::endl;
++failureCounter;
break;
default:
break;
}
}
/*
if (ssh_getpass("Password: "******"")
{
rc = ssh_userauth_password(session, nullptr, password.c_str());
switch(rc)
{
case SSH_AUTH_ERROR: //some serious error happened during authentication
std::cout << "SSH_AUTH_METHOD_PASSWORD - SSH_AUTH_ERROR!" << std::endl;
error();
return rc;
case SSH_AUTH_DENIED: //no key matched
std::cout << "SSH_AUTH_METHOD_PASSWORD - SSH_AUTH_DENIED!" << std::endl;
++failureCounter;
break;
case SSH_AUTH_SUCCESS: //you are now authenticated
std::cout << "SSH_AUTH_METHOD_PASSWORD - SSH_AUTH_SUCCESS!" << std::endl;
break;
case SSH_AUTH_PARTIAL: //some key matched but you still have to
// provide an other mean of authentication (like a password).
std::cout << "SSH_AUTH_METHOD_PASSWORD - SSH_AUTH_PARTIAL!" << std::endl;
++failureCounter;
break;
default:
break;
}
}
}
}
banner = ssh_get_issue_banner(session);
if(banner)
{
std::cout << banner << std::endl;
ssh_string_free_char(banner);
}
std::cout << " *** SSH Authenticate Completed." << std::endl;
return rc;
}
int main(int argc, char **argv){
SSH_SESSION *session;
SSH_OPTIONS *options;
int auth=0;
char *password;
char *banner;
int state;
char buf[10];
unsigned char hash[MD5_DIGEST_LEN];
options=ssh_options_new();
if(ssh_options_getopt(options,&argc, argv))
usage();
opts(argc,argv);
signal(SIGTERM,do_exit);
if(user)
ssh_options_set_username(options,user);
ssh_options_set_host(options,host);
session=ssh_new();
ssh_set_options(session,options);
if(ssh_connect(session)){
fprintf(stderr,"Connection failed : %s\n",ssh_get_error(session));
ssh_disconnect(session);
ssh_finalize();
return 1;
}
state=ssh_is_server_known(session);
switch(state){
case SSH_SERVER_KNOWN_OK:
break; /* ok */
case SSH_SERVER_KNOWN_CHANGED:
fprintf(stderr,"Host key for server changed : server's one is now :\n");
ssh_get_pubkey_hash(session,hash);
ssh_print_hexa("Public key hash",hash,MD5_DIGEST_LEN);
fprintf(stderr,"For security reason, connection will be stopped\n");
ssh_disconnect(session);
ssh_finalize();
exit(-1);
case SSH_SERVER_FOUND_OTHER:
fprintf(stderr,"The host key for this server was not found but an other type of key exists.\n");
fprintf(stderr,"An attacker might change the default server key to confuse your client"
"into thinking the key does not exist\n"
"We advise you to rerun the client with -d or -r for more safety.\n");
ssh_disconnect(session);
ssh_finalize();
exit(-1);
case SSH_SERVER_NOT_KNOWN:
fprintf(stderr,"The server is unknown. Do you trust the host key ?\n");
ssh_get_pubkey_hash(session,hash);
ssh_print_hexa("Public key hash",hash,MD5_DIGEST_LEN);
fgets(buf,sizeof(buf),stdin);
if(strncasecmp(buf,"yes",3)!=0){
ssh_disconnect(session);
exit(-1);
}
fprintf(stderr,"This new key will be written on disk for further usage. do you agree ?\n");
fgets(buf,sizeof(buf),stdin);
if(strncasecmp(buf,"yes",3)==0){
if(ssh_write_knownhost(session))
fprintf(stderr,"error %s\n",ssh_get_error(session));
}
break;
case SSH_SERVER_ERROR:
fprintf(stderr,"%s",ssh_get_error(session));
ssh_disconnect(session);
ssh_finalize();
exit(-1);
}
/* no ? you should :) */
auth=ssh_userauth_autopubkey(session);
if(auth==SSH_AUTH_ERROR){
fprintf(stderr,"Authenticating with pubkey: %s\n",ssh_get_error(session));
ssh_finalize();
return -1;
}
banner=ssh_get_issue_banner(session);
if(banner){
printf("%s\n",banner);
free(banner);
}
if(auth!=SSH_AUTH_SUCCESS){
auth=auth_kbdint(session);
if(auth==SSH_AUTH_ERROR){
fprintf(stderr,"authenticating with keyb-interactive: %s\n",
ssh_get_error(session));
ssh_finalize();
return -1;
}
}
if(auth!=SSH_AUTH_SUCCESS){
password=getpass("Password : "******"Authentication failed: %s\n",ssh_get_error(session));
ssh_disconnect(session);
ssh_finalize();
return -1;
}
memset(password,0,strlen(password));
}
ssh_say(1,"Authentication success\n");
printf("%s\n",argv[0]);
if(strstr(argv[0],"sftp")){
sftp=1;
ssh_say(1,"doing sftp instead\n");
}
if(!sftp){
if(!cmds[0])
shell(session);
else
batch_shell(session);
}
else
do_sftp(session);
if(!sftp && !cmds[0])
do_cleanup();
ssh_disconnect(session);
ssh_finalize();
return 0;
}
int SSHConnection::login(const std::string &username, const std::string &password)
{
return ssh_userauth_password(session.get(), username.c_str(), password.c_str());
}
/**
Authenticating the user by using password
@param session is current ssh password
@param username should be null
@param password is login password
@return integer of the status
*/
int SSHSession::authenticateUser(ssh_session session, const char *username, const char *password) {
return ssh_userauth_password(session, username, password);
}
