static ssh_session create_ssh_connection(const char* hostname, const unsigned int port, const char* username, const char* password, const char* sshkey_path, const char* sshkey_passphrase) { ssh_session sshs; /* Open session and set options */ sshs = ssh_new(); if (sshs == NULL) { errmsg_print("Can't create ssh session"); return NULL; } if (!hostname) return NULL; if (ssh_options_set(sshs, SSH_OPTIONS_HOST, hostname)) { errmsg_print("Can't set the hostname: %s\n", hostname); goto failure; } if (port != 0) { if (ssh_options_set(sshs, SSH_OPTIONS_PORT, &port)) { errmsg_print("Can't set the port: %d\n", port); goto failure; } } if (!username) username = g_get_user_name(); if (ssh_options_set(sshs, SSH_OPTIONS_USER, username)) { errmsg_print("Can't set the username: %s\n", username); goto failure; } verbose_print("Opening ssh connection to %s@%s:%u\n", username, hostname, port); /* Connect to server */ if (ssh_connect(sshs) != SSH_OK) { errmsg_print("Error connecting to %s@%s:%u (%s)\n", username, hostname, port, ssh_get_error(sshs)); goto failure; } #ifdef HAVE_LIBSSH_USERAUTH_AGENT verbose_print("Connecting using ssh-agent..."); /* Try to authenticate using ssh agent */ if (ssh_userauth_agent(sshs, NULL) == SSH_AUTH_SUCCESS) { verbose_print("done\n"); return sshs; } verbose_print("failed\n"); #endif /* If a public key path has been provided, try to authenticate using it */ if (sshkey_path) { ssh_key pkey = ssh_key_new(); int ret; verbose_print("Connecting using public key in %s...", sshkey_path); ret = ssh_pki_import_privkey_file(sshkey_path, sshkey_passphrase, NULL, NULL, &pkey); if (ret == SSH_OK) { if (ssh_userauth_publickey(sshs, NULL, pkey) == SSH_AUTH_SUCCESS) { verbose_print("done\n"); ssh_key_free(pkey); return sshs; } } ssh_key_free(pkey); verbose_print("failed (%s)\n", ssh_get_error(sshs)); } /* Try to authenticate using standard public key */ verbose_print("Connecting using standard public key..."); if (ssh_userauth_publickey_auto(sshs, NULL, NULL) == SSH_AUTH_SUCCESS) { verbose_print("done\n"); return sshs; } verbose_print("failed\n"); /* If a password has been provided and all previous attempts failed, try to use it */ if (password) { verbose_print("Connecting using password..."); if (ssh_userauth_password(sshs, username, password) == SSH_AUTH_SUCCESS) { verbose_print("done\n"); return sshs; } verbose_print("failed\n"); } errmsg_print("Can't find a valid authentication. Disconnecting.\n"); /* All authentication failed. Disconnect and return */ ssh_disconnect(sshs); failure: ssh_free(sshs); return NULL; }
static void torture_auth_cert(void **state) { struct torture_state *s = *state; ssh_session session = s->ssh.session; ssh_key privkey = NULL; ssh_key cert = NULL; char bob_ssh_key[1024]; char bob_ssh_cert[2048]; struct passwd *pwd; int rc; pwd = getpwnam("bob"); assert_non_null(pwd); snprintf(bob_ssh_key, sizeof(bob_ssh_key), "%s/.ssh_cert/id_rsa", pwd->pw_dir); snprintf(bob_ssh_cert, sizeof(bob_ssh_cert), "%s-cert.pub", bob_ssh_key); /* cert has been signed for login as alice */ rc = ssh_options_set(session, SSH_OPTIONS_USER, TORTURE_SSH_USER_ALICE); assert_int_equal(rc, SSH_OK); rc = ssh_connect(session); assert_int_equal(rc, SSH_OK); rc = ssh_pki_import_privkey_file(bob_ssh_key, NULL, NULL, NULL, &privkey); assert_int_equal(rc, SSH_OK); rc = ssh_pki_import_cert_file(bob_ssh_cert, &cert); assert_int_equal(rc, SSH_OK); rc = ssh_pki_copy_cert_to_privkey(cert, privkey); assert_int_equal(rc, SSH_OK); rc = ssh_userauth_try_publickey(session, NULL, cert); assert_int_equal(rc, SSH_AUTH_SUCCESS); rc = ssh_userauth_publickey(session, NULL, privkey); assert_int_equal(rc, SSH_AUTH_SUCCESS); ssh_key_free(privkey); ssh_key_free(cert); }
static gint remmina_ssh_auth_pubkey (RemminaSSH *ssh) { gint ret; ssh_key priv_key; if (ssh->authenticated) return 1; if (ssh->privkeyfile == NULL) { ssh->error = g_strdup_printf(_("SSH public key authentication failed: %s"), _("SSH Key file not yet set.")); return 0; } if ( ssh_pki_import_privkey_file( ssh->privkeyfile, (ssh->password ? ssh->password : ""), NULL, NULL, &priv_key ) != SSH_OK ) { if (ssh->password == NULL || ssh->password[0] == '\0') return -1; remmina_ssh_set_error (ssh, _("SSH public key authentication failed: %s")); return 0; } ret = ssh_userauth_publickey (ssh->session, NULL, priv_key); ssh_key_free(priv_key); if (ret != SSH_AUTH_SUCCESS) { remmina_ssh_set_error (ssh, _("SSH public key authentication failed: %s")); return 0; } ssh->authenticated = TRUE; return 1; }