static ssh_session create_ssh_connection(const char* hostname, const unsigned int port, const char* username,
const char* password, const char* sshkey_path, const char* sshkey_passphrase)
{
ssh_session sshs;
/* Open session and set options */
sshs = ssh_new();
if (sshs == NULL) {
errmsg_print("Can't create ssh session");
return NULL;
}
if (!hostname)
return NULL;
if (ssh_options_set(sshs, SSH_OPTIONS_HOST, hostname)) {
errmsg_print("Can't set the hostname: %s\n", hostname);
goto failure;
}
if (port != 0) {
if (ssh_options_set(sshs, SSH_OPTIONS_PORT, &port)) {
errmsg_print("Can't set the port: %d\n", port);
goto failure;
}
}
if (!username)
username = g_get_user_name();
if (ssh_options_set(sshs, SSH_OPTIONS_USER, username)) {
errmsg_print("Can't set the username: %s\n", username);
goto failure;
}
verbose_print("Opening ssh connection to %s@%s:%u\n", username, hostname, port);
/* Connect to server */
if (ssh_connect(sshs) != SSH_OK) {
errmsg_print("Error connecting to %s@%s:%u (%s)\n", username, hostname, port,
ssh_get_error(sshs));
goto failure;
}
#ifdef HAVE_LIBSSH_USERAUTH_AGENT
verbose_print("Connecting using ssh-agent...");
/* Try to authenticate using ssh agent */
if (ssh_userauth_agent(sshs, NULL) == SSH_AUTH_SUCCESS) {
verbose_print("done\n");
return sshs;
}
verbose_print("failed\n");
#endif
/* If a public key path has been provided, try to authenticate using it */
if (sshkey_path) {
ssh_key pkey = ssh_key_new();
int ret;
verbose_print("Connecting using public key in %s...", sshkey_path);
ret = ssh_pki_import_privkey_file(sshkey_path, sshkey_passphrase, NULL, NULL, &pkey);
if (ret == SSH_OK) {
if (ssh_userauth_publickey(sshs, NULL, pkey) == SSH_AUTH_SUCCESS) {
verbose_print("done\n");
ssh_key_free(pkey);
return sshs;
}
}
ssh_key_free(pkey);
verbose_print("failed (%s)\n", ssh_get_error(sshs));
}
/* Try to authenticate using standard public key */
verbose_print("Connecting using standard public key...");
if (ssh_userauth_publickey_auto(sshs, NULL, NULL) == SSH_AUTH_SUCCESS) {
verbose_print("done\n");
return sshs;
}
verbose_print("failed\n");
/* If a password has been provided and all previous attempts failed, try to use it */
if (password) {
verbose_print("Connecting using password...");
if (ssh_userauth_password(sshs, username, password) == SSH_AUTH_SUCCESS) {
verbose_print("done\n");
return sshs;
}
verbose_print("failed\n");
}
errmsg_print("Can't find a valid authentication. Disconnecting.\n");
/* All authentication failed. Disconnect and return */
ssh_disconnect(sshs);
failure:
ssh_free(sshs);
return NULL;
}
static void torture_auth_cert(void **state) {
struct torture_state *s = *state;
ssh_session session = s->ssh.session;
ssh_key privkey = NULL;
ssh_key cert = NULL;
char bob_ssh_key[1024];
char bob_ssh_cert[2048];
struct passwd *pwd;
int rc;
pwd = getpwnam("bob");
assert_non_null(pwd);
snprintf(bob_ssh_key,
sizeof(bob_ssh_key),
"%s/.ssh_cert/id_rsa",
pwd->pw_dir);
snprintf(bob_ssh_cert,
sizeof(bob_ssh_cert),
"%s-cert.pub",
bob_ssh_key);
/* cert has been signed for login as alice */
rc = ssh_options_set(session, SSH_OPTIONS_USER, TORTURE_SSH_USER_ALICE);
assert_int_equal(rc, SSH_OK);
rc = ssh_connect(session);
assert_int_equal(rc, SSH_OK);
rc = ssh_pki_import_privkey_file(bob_ssh_key, NULL, NULL, NULL, &privkey);
assert_int_equal(rc, SSH_OK);
rc = ssh_pki_import_cert_file(bob_ssh_cert, &cert);
assert_int_equal(rc, SSH_OK);
rc = ssh_pki_copy_cert_to_privkey(cert, privkey);
assert_int_equal(rc, SSH_OK);
rc = ssh_userauth_try_publickey(session, NULL, cert);
assert_int_equal(rc, SSH_AUTH_SUCCESS);
rc = ssh_userauth_publickey(session, NULL, privkey);
assert_int_equal(rc, SSH_AUTH_SUCCESS);
ssh_key_free(privkey);
ssh_key_free(cert);
}
static gint
remmina_ssh_auth_pubkey (RemminaSSH *ssh)
{
gint ret;
ssh_key priv_key;
if (ssh->authenticated) return 1;
if (ssh->privkeyfile == NULL)
{
ssh->error = g_strdup_printf(_("SSH public key authentication failed: %s"),
_("SSH Key file not yet set."));
return 0;
}
if ( ssh_pki_import_privkey_file( ssh->privkeyfile, (ssh->password ? ssh->password : ""),
NULL, NULL, &priv_key ) != SSH_OK )
{
if (ssh->password == NULL || ssh->password[0] == '\0') return -1;
remmina_ssh_set_error (ssh, _("SSH public key authentication failed: %s"));
return 0;
}
ret = ssh_userauth_publickey (ssh->session, NULL, priv_key);
ssh_key_free(priv_key);
if (ret != SSH_AUTH_SUCCESS)
{
remmina_ssh_set_error (ssh, _("SSH public key authentication failed: %s"));
return 0;
}
ssh->authenticated = TRUE;
return 1;
}
