static int client(ssh_session session){ int auth=0; char *banner; int state; if (ssh_options_set(session, SSH_OPTIONS_HOST ,host) < 0) return -1; ssh_options_parse_config(session, NULL); if(ssh_connect(session)){ fprintf(stderr,"Connection failed : %s\n",ssh_get_error(session)); return -1; } state=verify_knownhost(session); if (state != 0) return -1; ssh_userauth_none(session, NULL); banner=ssh_get_issue_banner(session); if(banner){ printf("%s\n",banner); free(banner); } auth=authenticate_console(session); if(auth != SSH_AUTH_SUCCESS){ return -1; } forwarding(session); return 0; }
int authenticate_console(ssh_session session, char* pwd){ int rc; int method; char password[128] = {0}; char *banner; // Try to authenticate rc = ssh_userauth_none(session, NULL); if (rc == SSH_AUTH_ERROR) { error(session); return rc; } method = ssh_auth_list(session); while (rc != SSH_AUTH_SUCCESS) { // Try to authenticate with public key first if (method & SSH_AUTH_METHOD_PUBLICKEY) { rc = ssh_userauth_autopubkey(session, NULL); if (rc == SSH_AUTH_ERROR) { error(session); return rc; } else if (rc == SSH_AUTH_SUCCESS) { break; } } /* // Try to authenticate with keyboard interactive"; if (method & SSH_AUTH_METHOD_INTERACTIVE) { rc = authenticate_kbdint(session, NULL); if (rc == SSH_AUTH_ERROR) { error(session); return rc; } else if (rc == SSH_AUTH_SUCCESS) { break; } } if (ssh_getpass("Password: "******"%s\n",banner); free(banner); } return rc; }
static int client(ssh_session_t *session) { int auth=0; char *banner; int state; if (user) { if (ssh_options_set(session, SSH_OPTIONS_USER, user) < 0) { return -1; } } if (ssh_options_set(session, SSH_OPTIONS_HOST ,host) < 0) { return -1; } if (proxycommand != NULL) { if(ssh_options_set(session, SSH_OPTIONS_PROXYCOMMAND, proxycommand)) { return -1; } } ssh_options_parse_config(session, NULL); if(ssh_connect(session)) { fprintf(stderr,"Connection failed : %s\n",ssh_get_error(session)); return -1; } state = verify_knownhost(session); if (state != 0) { return -1; } ssh_userauth_none(session, NULL); banner = ssh_get_issue_banner(session); if(banner) { printf("%s\n", banner); free(banner); } auth = authenticate_console(session); if(auth != SSH_AUTH_SUCCESS) { return -1; } if(!cmds[0]) { shell(session); } else { batch_shell(session); } return 0; }
int main(int argc, char **argv){ SSH_SESSION *session; SSH_OPTIONS *options; int auth=0; char *password; char *banner; int state; char buf[10]; unsigned char hash[MD5_DIGEST_LEN]; options=ssh_options_new(); if(ssh_options_getopt(options,&argc, argv)) usage(); opts(argc,argv); signal(SIGTERM,do_exit); if(user) ssh_options_set_username(options,user); ssh_options_set_host(options,host); session=ssh_new(); ssh_set_options(session,options); if(ssh_connect(session)){ fprintf(stderr,"Connection failed : %s\n",ssh_get_error(session)); ssh_disconnect(session); ssh_finalize(); return 1; } state=ssh_is_server_known(session); switch(state){ case SSH_SERVER_KNOWN_OK: break; /* ok */ case SSH_SERVER_KNOWN_CHANGED: fprintf(stderr,"Host key for server changed : server's one is now :\n"); ssh_get_pubkey_hash(session,hash); ssh_print_hexa("Public key hash",hash,MD5_DIGEST_LEN); fprintf(stderr,"For security reason, connection will be stopped\n"); ssh_disconnect(session); ssh_finalize(); exit(-1); case SSH_SERVER_FOUND_OTHER: fprintf(stderr,"The host key for this server was not found but an other type of key exists.\n"); fprintf(stderr,"An attacker might change the default server key to confuse your client" "into thinking the key does not exist\n" "We advise you to rerun the client with -d or -r for more safety.\n"); ssh_disconnect(session); ssh_finalize(); exit(-1); case SSH_SERVER_NOT_KNOWN: fprintf(stderr,"The server is unknown. Do you trust the host key ?\n"); ssh_get_pubkey_hash(session,hash); ssh_print_hexa("Public key hash",hash,MD5_DIGEST_LEN); fgets(buf,sizeof(buf),stdin); if(strncasecmp(buf,"yes",3)!=0){ ssh_disconnect(session); exit(-1); } fprintf(stderr,"This new key will be written on disk for further usage. do you agree ?\n"); fgets(buf,sizeof(buf),stdin); if(strncasecmp(buf,"yes",3)==0){ if(ssh_write_knownhost(session)) fprintf(stderr,"error %s\n",ssh_get_error(session)); } break; case SSH_SERVER_ERROR: fprintf(stderr,"%s",ssh_get_error(session)); ssh_disconnect(session); ssh_finalize(); exit(-1); } /* no ? you should :) */ auth=ssh_userauth_autopubkey(session); if(auth==SSH_AUTH_ERROR){ fprintf(stderr,"Authenticating with pubkey: %s\n",ssh_get_error(session)); ssh_finalize(); return -1; } banner=ssh_get_issue_banner(session); if(banner){ printf("%s\n",banner); free(banner); } if(auth!=SSH_AUTH_SUCCESS){ auth=auth_kbdint(session); if(auth==SSH_AUTH_ERROR){ fprintf(stderr,"authenticating with keyb-interactive: %s\n", ssh_get_error(session)); ssh_finalize(); return -1; } } if(auth!=SSH_AUTH_SUCCESS){ password=getpass("Password : "******"Authentication failed: %s\n",ssh_get_error(session)); ssh_disconnect(session); ssh_finalize(); return -1; } memset(password,0,strlen(password)); } ssh_say(1,"Authentication success\n"); printf("%s\n",argv[0]); if(strstr(argv[0],"sftp")){ sftp=1; ssh_say(1,"doing sftp instead\n"); } if(!sftp){ if(!cmds[0]) shell(session); else batch_shell(session); } else do_sftp(session); if(!sftp && !cmds[0]) do_cleanup(); ssh_disconnect(session); ssh_finalize(); return 0; }
bool SSHClient::sshConnect(int /* fd */, std::string &hostname) { // GNASH_REPORT_FUNCTION; char *password; char *banner; char *hexa; // We always need a hostname to connect to if (ssh_options_set(_session, SSH_OPTIONS_HOST, hostname.c_str()) < 0) { log_error(_("Couldn't set hostname option")); return false; } // We always need a user name for the connection if (_user.empty()) { if (ssh_options_set(_session, SSH_OPTIONS_USER, _user.c_str()) < 0) { log_error(_("Couldn't set user name option")); return false; } } // Start a new session _session = ssh_new(); if(ssh_connect(_session)){ log_error(_("Connection failed : %s\n"), ssh_get_error(_session)); sshShutdown(); return false; } _state = ssh_is_server_known(_session); unsigned char *hash = 0; int hlen = ssh_get_pubkey_hash(_session, &hash); if (hlen < 0) { sshShutdown(); return false; } switch(_state){ case SSH_SERVER_KNOWN_OK: // ok log_debug(_("SSH Server is currently known: %d"), _state); break; case SSH_SERVER_KNOWN_CHANGED: log_error(_("Host key for server changed : server's one is now: ")); ssh_print_hexa(_("Public key hash"), hash, hlen); free(hash); log_error(_("For security reason, connection will be stopped")); sshShutdown(); return false;; case SSH_SERVER_FOUND_OTHER: log_error(_("The host key for this server was not found but an other type of key exists.")); log_error(_("An attacker might change the default server key to confuse your client" " into thinking the key does not exist" "We advise you to rerun the client with -d or -r for more safety.")); sshShutdown(); return false;; case SSH_SERVER_NOT_KNOWN: hexa = ssh_get_hexa(hash, hlen); free(hash); // FIXME: for now, accecpt all new keys, and update the // $HOME/.ssh/know_hosts file. #if 0 log_error(_("The server is unknown. Do you trust the host key ? (yes,no)")); log_error(_("Public key hash: %s"), hexa); free(hexa); fgets(buf, sizeof(buf), stdin); if(strncasecmp(buf, "yes", 3) != 0){ sshShutdown(); return false; } log_error(_("This new key will be written on disk for further usage. do you agree? (yes,no) ")); fgets(buf, sizeof(buf), stdin); if(strncasecmp(buf, "yes", 3)==0){ if(ssh_write_knownhost(_session)) log_error(ssh_get_error(_session)); } #else if(ssh_write_knownhost(_session)) { log_error(ssh_get_error(_session)); } #endif break; case SSH_SERVER_ERROR: free(hash); log_error(ssh_get_error(_session)); sshShutdown(); return false; } free(hash); ssh_userauth_none(_session, NULL); int auth = ssh_auth_list(_session); // log_debug("auth: 0x%04x", auth); log_debug(_("supported auth methods: ")); if (auth & SSH_AUTH_METHOD_PUBLICKEY) { log_debug(_("\tpublickey")); } if (auth & SSH_AUTH_METHOD_INTERACTIVE) { log_debug(_("\tkeyboard-interactive")); } /* no ? you should :) */ auth=ssh_userauth_autopubkey(_session, NULL); if(auth == SSH_AUTH_ERROR){ log_debug(_("Authenticating with pubkey: %s"), ssh_get_error(_session)); ssh_finalize(); return false; } banner = ssh_get_issue_banner(_session); if(banner){ log_debug(banner); free(banner); } if(auth != SSH_AUTH_SUCCESS){ auth = authKbdint(_session); if(auth == SSH_AUTH_ERROR){ log_error(_("authenticating with keyb-interactive: %s"), ssh_get_error(_session)); ssh_finalize(); return false; } } if(auth != SSH_AUTH_SUCCESS){ password = getpass("Password: "******"Authentication failed: %s"), ssh_get_error(_session)); ssh_disconnect(_session); ssh_finalize(); return false; } memset(password, 0, strlen(password)); } ssh_log(_session, SSH_LOG_FUNCTIONS, "Authentication success"); #if 0 if(strstr(argv[0],"sftp")){ sftp = 1; ssh_log(_session, SSH_LOG_FUNCTIONS, "Doing sftp instead"); } if(!sftp){ if(!cmds[0]) shell(_session); else batch_shell(_session); } else do_sftp(_session); if(!sftp && !cmds[0]) do_cleanup(0); #endif return true; }
int SSH_Socket::authenticate_console() { int rc; int method; char *banner; // Try to authenticate rc = ssh_userauth_none(session, nullptr); switch(rc) { case SSH_AUTH_ERROR: //some error happened during authentication std::cout << "ssh_userauth_none SSH_AUTH_ERROR!" << std::endl; error(); return rc; case SSH_AUTH_DENIED: //no key matched std::cout << "ssh_userauth_none SSH_AUTH_DENIED!" << std::endl; break; case SSH_AUTH_SUCCESS: //you are now authenticated std::cout << "ssh_userauth_none SSH_AUTH_SUCCESS!" << std::endl; break; case SSH_AUTH_PARTIAL: //some key matched but you still have //to provide an other mean of authentication (like a password). std::cout << "ssh_userauth_none SSH_AUTH_PARTIAL!" << std::endl; break; } int failureCounter = 0; // Get a list of excepted Auth Sessions server wants. method = ssh_auth_list(session); while(rc != SSH_AUTH_SUCCESS && failureCounter < 20) { /* Retrieve the public key with ssh_import_pubkey_file(). Offer the public key to the SSH server using ssh_userauth_try_publickey(). * If the return value is SSH_AUTH_SUCCESS, the SSH server accepts * to authenticate using the public key and you can go to the next step. Retrieve the private key, using the ssh_pki_import_privkey_file() function. * If a pass phrase is needed, either the pass phrase specified * as argument or a callback will be used. Authenticate using ssh_userauth_publickey() with your private key. Do not forget cleaning up memory using ssh_key_free(). */ // The function ssh_userauth_autopubkey() does this using the // available keys in "~/.ssh/" or ssh-agent. The return values are the following: // ** Public Key Needs more testing. if(method & SSH_AUTH_METHOD_PUBLICKEY) { rc = ssh_userauth_autopubkey(session, nullptr); switch(rc) { case SSH_AUTH_ERROR: //some serious error happened during authentication std::cout << "SSH_AUTH_METHOD_PUBLICKEY - SSH_AUTH_ERROR!" << std::endl; error(); return rc; case SSH_AUTH_DENIED: //no key matched std::cout << "SSH_AUTH_METHOD_PUBLICKEY - SSH_AUTH_DENIED!" << std::endl; ++failureCounter; break; case SSH_AUTH_SUCCESS: //you are now authenticated std::cout << "SSH_AUTH_METHOD_PUBLICKEY - SSH_AUTH_SUCCESS!" << std::endl; break; case SSH_AUTH_PARTIAL: // some key matched but you still have // to provide an other mean of authentication (like a password). std::cout << "SSH_AUTH_METHOD_PUBLICKEY - SSH_AUTH_PARTIAL!" << std::endl; ++failureCounter; break; default: break; } /* // Validate with specific public key file rc = ssh_userauth_try_publickey(session, NULL, "pubkey.pub"); switch (rc) { case SSH_AUTH_ERROR: //some serious error happened during authentication printf("\r\n try_publickey - SSH_AUTH_ERROR! \r\n"); error(session); return rc; case SSH_AUTH_DENIED: //no key matched printf("\r\n try_publickey - SSH_AUTH_DENIED! \r\n"); break; case SSH_AUTH_SUCCESS: //you are now authenticated printf("\r\n try_publickey - SSH_AUTH_SUCCESS! \r\n"); break; case SSH_AUTH_PARTIAL: //some key matched but you still have to //provide an other mean of authentication (like a password). printf("\r\n try_publickey - SSH_AUTH_PARTIAL! \r\n"); break; default: break; } */ } // Try to authenticate with keyboard interactive"; if(method & SSH_AUTH_METHOD_INTERACTIVE) { //rc = authenticate_kbdint(session, NULL); switch(rc) { case SSH_AUTH_ERROR: //some serious error happened during authentication std::cout << "SSH_AUTH_METHOD_INTERACTIVE - SSH_AUTH_ERROR!" << std::endl; error(); return rc; case SSH_AUTH_DENIED: //no key matched std::cout << "SSH_AUTH_METHOD_INTERACTIVE - SSH_AUTH_DENIED!" << std::endl; ++failureCounter; break; case SSH_AUTH_SUCCESS: //you are now authenticated std::cout << "SSH_AUTH_METHOD_INTERACTIVE - SSH_AUTH_SUCCESS!" << std::endl; break; case SSH_AUTH_PARTIAL: //some key matched but you still have to //provide an other mean of authentication (like a password). std::cout << "SSH_AUTH_METHOD_INTERACTIVE - SSH_AUTH_PARTIAL!" << std::endl; ++failureCounter; break; default: break; } } /* if (ssh_getpass("Password: "******"") { rc = ssh_userauth_password(session, nullptr, password.c_str()); switch(rc) { case SSH_AUTH_ERROR: //some serious error happened during authentication std::cout << "SSH_AUTH_METHOD_PASSWORD - SSH_AUTH_ERROR!" << std::endl; error(); return rc; case SSH_AUTH_DENIED: //no key matched std::cout << "SSH_AUTH_METHOD_PASSWORD - SSH_AUTH_DENIED!" << std::endl; ++failureCounter; break; case SSH_AUTH_SUCCESS: //you are now authenticated std::cout << "SSH_AUTH_METHOD_PASSWORD - SSH_AUTH_SUCCESS!" << std::endl; break; case SSH_AUTH_PARTIAL: //some key matched but you still have to // provide an other mean of authentication (like a password). std::cout << "SSH_AUTH_METHOD_PASSWORD - SSH_AUTH_PARTIAL!" << std::endl; ++failureCounter; break; default: break; } } } } banner = ssh_get_issue_banner(session); if(banner) { std::cout << banner << std::endl; ssh_string_free_char(banner); } std::cout << " *** SSH Authenticate Completed." << std::endl; return rc; }