SSHClient::~SSHClient()
{
// GNASH_REPORT_FUNCTION;
sshShutdown();
}
SSHServer::~SSHServer()
{
// GNASH_REPORT_FUNCTION;
sshShutdown();
}
bool
SSHClient::sshConnect(int /* fd */, std::string &hostname)
{
// GNASH_REPORT_FUNCTION;
char *password;
char *banner;
char *hexa;
// We always need a hostname to connect to
if (ssh_options_set(_session, SSH_OPTIONS_HOST, hostname.c_str()) < 0) {
log_error(_("Couldn't set hostname option"));
return false;
}
// We always need a user name for the connection
if (_user.empty()) {
if (ssh_options_set(_session, SSH_OPTIONS_USER, _user.c_str()) < 0) {
log_error(_("Couldn't set user name option"));
return false;
}
}
// Start a new session
_session = ssh_new();
if(ssh_connect(_session)){
log_error(_("Connection failed : %s\n"), ssh_get_error(_session));
sshShutdown();
return false;
}
_state = ssh_is_server_known(_session);
unsigned char *hash = 0;
int hlen = ssh_get_pubkey_hash(_session, &hash);
if (hlen < 0) {
sshShutdown();
return false;
}
switch(_state){
case SSH_SERVER_KNOWN_OK: // ok
log_debug(_("SSH Server is currently known: %d"), _state);
break;
case SSH_SERVER_KNOWN_CHANGED:
log_error(_("Host key for server changed : server's one is now: "));
ssh_print_hexa(_("Public key hash"), hash, hlen);
free(hash);
log_error(_("For security reason, connection will be stopped"));
sshShutdown();
return false;;
case SSH_SERVER_FOUND_OTHER:
log_error(_("The host key for this server was not found but an other type of key exists."));
log_error(_("An attacker might change the default server key to confuse your client"
" into thinking the key does not exist"
"We advise you to rerun the client with -d or -r for more safety."));
sshShutdown();
return false;;
case SSH_SERVER_NOT_KNOWN:
hexa = ssh_get_hexa(hash, hlen);
free(hash);
// FIXME: for now, accecpt all new keys, and update the
// $HOME/.ssh/know_hosts file.
#if 0
log_error(_("The server is unknown. Do you trust the host key ? (yes,no)"));
log_error(_("Public key hash: %s"), hexa);
free(hexa);
fgets(buf, sizeof(buf), stdin);
if(strncasecmp(buf, "yes", 3) != 0){
sshShutdown();
return false;
}
log_error(_("This new key will be written on disk for further usage. do you agree? (yes,no) "));
fgets(buf, sizeof(buf), stdin);
if(strncasecmp(buf, "yes", 3)==0){
if(ssh_write_knownhost(_session))
log_error(ssh_get_error(_session));
}
#else
if(ssh_write_knownhost(_session)) {
log_error(ssh_get_error(_session));
}
#endif
break;
case SSH_SERVER_ERROR:
free(hash);
log_error(ssh_get_error(_session));
sshShutdown();
return false;
}
free(hash);
ssh_userauth_none(_session, NULL);
int auth = ssh_auth_list(_session);
// log_debug("auth: 0x%04x", auth);
log_debug(_("supported auth methods: "));
if (auth & SSH_AUTH_METHOD_PUBLICKEY) {
log_debug(_("\tpublickey"));
}
if (auth & SSH_AUTH_METHOD_INTERACTIVE) {
log_debug(_("\tkeyboard-interactive"));
}
/* no ? you should :) */
auth=ssh_userauth_autopubkey(_session, NULL);
if(auth == SSH_AUTH_ERROR){
log_debug(_("Authenticating with pubkey: %s"), ssh_get_error(_session));
ssh_finalize();
return false;
}
banner = ssh_get_issue_banner(_session);
if(banner){
log_debug(banner);
free(banner);
}
if(auth != SSH_AUTH_SUCCESS){
auth = authKbdint(_session);
if(auth == SSH_AUTH_ERROR){
log_error(_("authenticating with keyb-interactive: %s"),
ssh_get_error(_session));
ssh_finalize();
return false;
}
}
if(auth != SSH_AUTH_SUCCESS){
password = getpass("Password: "******"Authentication failed: %s"), ssh_get_error(_session));
ssh_disconnect(_session);
ssh_finalize();
return false;
}
memset(password, 0, strlen(password));
}
ssh_log(_session, SSH_LOG_FUNCTIONS, "Authentication success");
#if 0
if(strstr(argv[0],"sftp")){
sftp = 1;
ssh_log(_session, SSH_LOG_FUNCTIONS, "Doing sftp instead");
}
if(!sftp){
if(!cmds[0])
shell(_session);
else
batch_shell(_session);
}
else
do_sftp(_session);
if(!sftp && !cmds[0])
do_cleanup(0);
#endif
return true;
}
