SSH_SESSION *connect_host(const char *hostname){ SSH_SESSION *session; SSH_OPTIONS *options; int auth=0; int state; options=ssh_options_new(); ssh_options_set_host(options,hostname); session=ssh_new(); ssh_set_options(session,options); if(ssh_connect(session)){ fprintf(stderr,"Connection failed : %s\n",ssh_get_error(session)); ssh_disconnect(session); return NULL; } state = ssh_session_is_known_server(session); switch(state){ case SSH_SERVER_KNOWN_OK: break; /* ok */ case SSH_SERVER_KNOWN_CHANGED: fprintf(stderr,"Host key for server changed : server's one is now :\n"); fprintf(stderr,"For security reason, connection will be stopped\n"); ssh_disconnect(session); ssh_finalize(); return NULL; case SSH_SERVER_FOUND_OTHER: fprintf(stderr,"The host key for this server was not found but an other type of key exists.\n"); fprintf(stderr,"An attacker might change the default server key to confuse your client" "into thinking the key does not exist\n" "We advise you to rerun the client with -d or -r for more safety.\n"); ssh_disconnect(session); ssh_finalize(); return NULL; case SSH_SERVER_NOT_KNOWN: fprintf(stderr,"The server is unknown. Leaving now"); ssh_disconnect(session); return NULL; case SSH_SERVER_ERROR: fprintf(stderr,"%s",ssh_get_error(session)); ssh_disconnect(session); return NULL; } ssh_userauth_none(session, NULL); auth=ssh_userauth_autopubkey(session, NULL); if(auth==SSH_AUTH_ERROR){ fprintf(stderr,"Authenticating with pubkey: %s\n",ssh_get_error(session)); ssh_disconnect(session); return NULL; } if(auth!=SSH_AUTH_SUCCESS){ fprintf(stderr,"Authentication failed: %s\n",ssh_get_error(session)); ssh_disconnect(session); return NULL; } ssh_log(session, SSH_LOG_FUNCTIONS, "Authentication success"); return session; }
void Session::connect() { if (this->c_session != NULL) { this->disconnect(); } this->c_session = ssh_new(); if (this->c_session == NULL) { throw std::runtime_error("Cannot start session"); } ssh_options_set(this->c_session, SSH_OPTIONS_HOST, this->hostname.c_str()); ssh_options_set(this->c_session, SSH_OPTIONS_PORT, &this->port); int rc = ssh_connect(this->c_session); if (rc != SSH_OK) { fprintf(stderr, "Error connecting to localhost: %s\n", ssh_get_error(this->c_session)); throw std::runtime_error("Cannot connect to server"); } if (this->password_auth) { rc = ssh_userauth_password(this->c_session, NULL, this->password.c_str()); if (rc != SSH_AUTH_SUCCESS) { throw std::runtime_error("Cannot authenticate with server"); } } else { rc = ssh_userauth_autopubkey(this->c_session, NULL); if (rc != SSH_AUTH_SUCCESS) { throw std::runtime_error("Cannot authenticate with server"); } } }
bool clSSH::LoginPublicKey(bool throwExc) { if(!m_session) { THROW_OR_FALSE("NULL SSH session"); } int rc; rc = ssh_userauth_autopubkey(m_session, NULL); if(rc != SSH_AUTH_SUCCESS) { THROW_OR_FALSE(wxString() << _("Public Key error: ") << ssh_get_error(m_session)); } return true; }
int authenticate_console(ssh_session session, char* pwd){ int rc; int method; char password[128] = {0}; char *banner; // Try to authenticate rc = ssh_userauth_none(session, NULL); if (rc == SSH_AUTH_ERROR) { error(session); return rc; } method = ssh_auth_list(session); while (rc != SSH_AUTH_SUCCESS) { // Try to authenticate with public key first if (method & SSH_AUTH_METHOD_PUBLICKEY) { rc = ssh_userauth_autopubkey(session, NULL); if (rc == SSH_AUTH_ERROR) { error(session); return rc; } else if (rc == SSH_AUTH_SUCCESS) { break; } } /* // Try to authenticate with keyboard interactive"; if (method & SSH_AUTH_METHOD_INTERACTIVE) { rc = authenticate_kbdint(session, NULL); if (rc == SSH_AUTH_ERROR) { error(session); return rc; } else if (rc == SSH_AUTH_SUCCESS) { break; } } if (ssh_getpass("Password: "******"%s\n",banner); free(banner); } return rc; }
int authenticate_console(ssh_session session) { int rc; int method; // Try to authenticate rc = ssh_userauth_none(session, NULL); if (rc == SSH_AUTH_ERROR) { error(session); return rc; } method = ssh_userauth_list(session,NULL); while (rc != SSH_AUTH_SUCCESS) { // Try to authenticate with public key first rc = ssh_userauth_autopubkey(session, NULL); if (rc == SSH_AUTH_ERROR) { error(session); return rc; } else if (rc == SSH_AUTH_SUCCESS) { break; } rc=authenticate_kbdint(session,pass_word); if (rc == SSH_AUTH_ERROR) { error(session); return rc; } else if (rc == SSH_AUTH_SUCCESS) { break; } rc = ssh_userauth_password(session, NULL, pass_word); if (rc == SSH_AUTH_ERROR) { error(session); return rc; } else if (rc == SSH_AUTH_SUCCESS) { break; } else if(rc == SSH_AUTH_DENIED) { } else if(rc == SSH_AUTH_PARTIAL) { } else if(rc == SSH_AUTH_INFO) { } else if(rc == SSH_AUTH_AGAIN) { } } return rc; }
static void torture_channel_read_error(void **state) { ssh_session session = *state; char *user = getenv("TORTURE_USER"); ssh_channel channel; int rc; int i; if (user == NULL) { print_message("*** Please set the environment variable TORTURE_USER" " to enable this test!!\n"); return; } rc = ssh_options_set(session, SSH_OPTIONS_USER, user); assert_true(rc == SSH_OK); rc = ssh_connect(session); assert_true(rc == SSH_OK); rc = ssh_userauth_none(session,NULL); /* This request should return a SSH_REQUEST_DENIED error */ if (rc == SSH_ERROR) { assert_true(ssh_get_error_code(session) == SSH_REQUEST_DENIED); } assert_true(ssh_auth_list(session) & SSH_AUTH_METHOD_PUBLICKEY); rc = ssh_userauth_autopubkey(session, NULL); assert_true(rc == SSH_AUTH_SUCCESS); channel = ssh_channel_new(session); assert_true(channel != NULL); rc = ssh_channel_open_session(channel); assert_true(rc == SSH_OK); rc = ssh_channel_request_exec(channel, "hexdump -C /dev/urandom"); assert_true(rc == SSH_OK); /* send crap and for server to send us a disconnect */ rc = write(ssh_get_fd(session),"AAAA", 4); assert_int_equal(rc, 4); for (i=0;i<20;++i){ rc = ssh_channel_read(channel,buffer,sizeof(buffer),0); if (rc == SSH_ERROR) break; } assert_true(rc == SSH_ERROR); }
static gint remmina_ssh_auth_auto_pubkey (RemminaSSH* ssh) { gint ret; ret = ssh_userauth_autopubkey (ssh->session, ""); if (ret != SSH_AUTH_SUCCESS) { remmina_ssh_set_error (ssh, _("SSH automatic public key authentication failed: %s")); return 0; } ssh->authenticated = TRUE; return 1; }
static ssh_session connect_host(const char *host, int verbose, char *cipher){ ssh_session session=ssh_new(); if(session==NULL) goto error; if(ssh_options_set(session,SSH_OPTIONS_HOST, host)<0) goto error; ssh_options_set(session, SSH_OPTIONS_LOG_VERBOSITY, &verbose); if(cipher != NULL){ if (ssh_options_set(session, SSH_OPTIONS_CIPHERS_C_S, cipher) || ssh_options_set(session, SSH_OPTIONS_CIPHERS_S_C, cipher)){ goto error; } } ssh_options_parse_config(session, NULL); if(ssh_connect(session)==SSH_ERROR) goto error; if(ssh_userauth_autopubkey(session,NULL) != SSH_AUTH_SUCCESS) goto error; return session; error: fprintf(stderr,"Error connecting to \"%s\": %s\n",host,ssh_get_error(session)); ssh_free(session); return NULL; }
static int _sftp_connect(const char *uri) { char *scheme = NULL; char *user = NULL; char *passwd = NULL; char *host = NULL; unsigned int port = 0; char *path = NULL; unsigned char *hash = NULL; int hlen; int rc = -1; int state = SSH_SERVER_ERROR; int timeout = 10; int method; char *verbosity; if (_connected) { return 0; } rc = c_parse_uri(uri, &scheme, &user, &passwd, &host, &port, &path); if (rc < 0) { goto out; } DEBUG_SFTP(("csync_sftp - conntecting to: %s\n", host)); /* create the session */ _ssh_session = ssh_new(); if (_ssh_session == NULL) { fprintf(stderr, "csync_sftp - error creating new connection: %s\n", strerror(errno)); rc = -1; goto out; } rc = ssh_options_set(_ssh_session, SSH_OPTIONS_TIMEOUT, &timeout); if (rc < 0) { fprintf(stderr, "csync_sftp - error setting options: %s\n", strerror(errno)); goto out; } rc = ssh_options_set(_ssh_session, SSH_OPTIONS_COMPRESSION_C_S, "none"); if (rc < 0) { fprintf(stderr, "csync_sftp - error setting options: %s\n", strerror(errno)); goto out; } rc = ssh_options_set(_ssh_session, SSH_OPTIONS_COMPRESSION_S_C, "none"); if (rc < 0) { fprintf(stderr, "csync_sftp - error setting options: %s\n", strerror(errno)); goto out; } ssh_options_set(_ssh_session, SSH_OPTIONS_HOST, host); if (rc < 0) { fprintf(stderr, "csync_sftp - error setting options: %s\n", strerror(errno)); goto out; } if (port) { ssh_options_set(_ssh_session, SSH_OPTIONS_PORT, &port); if (rc < 0) { fprintf(stderr, "csync_sftp - error setting options: %s\n", strerror(errno)); goto out; } DEBUG_SFTP(("csync_sftp - port set to: %d\n", port)); } if (user && *user) { ssh_options_set(_ssh_session, SSH_OPTIONS_USER, user); if (rc < 0) { fprintf(stderr, "csync_sftp - error setting options: %s\n", strerror(errno)); goto out; } DEBUG_SFTP(("csync_sftp - username set to: %s\n", user)); } verbosity = getenv("CSYNC_SFTP_LOG_VERBOSITY"); if (verbosity) { rc = ssh_options_set(_ssh_session, SSH_OPTIONS_LOG_VERBOSITY_STR, verbosity); if (rc < 0) { goto out; } } /* read ~/.ssh/config */ rc = ssh_options_parse_config(_ssh_session, NULL); if (rc < 0) { goto out; } _ssh_callbacks = (ssh_callbacks) c_malloc(sizeof(struct ssh_callbacks_struct)); if (_ssh_callbacks == NULL) { rc = -1; goto out; } ZERO_STRUCTP(_ssh_callbacks); _ssh_callbacks->userdata = _userdata; _ssh_callbacks->auth_function = _ssh_auth_callback; ssh_callbacks_init(_ssh_callbacks); ssh_set_callbacks(_ssh_session, _ssh_callbacks); rc = ssh_connect(_ssh_session); if (rc < 0) { fprintf(stderr, "csync_sftp - error connecting to the server: %s\n", ssh_get_error(_ssh_session)); ssh_disconnect(_ssh_session); _ssh_session = NULL; ssh_finalize(); goto out; } hlen = ssh_get_pubkey_hash(_ssh_session, &hash); if (hlen < 0) { fprintf(stderr, "csync_sftp - error connecting to the server: %s\n", ssh_get_error(_ssh_session)); ssh_disconnect(_ssh_session); _ssh_session = NULL; ssh_finalize(); goto out; } /* check the server public key hash */ state = ssh_is_server_known(_ssh_session); switch (state) { case SSH_SERVER_KNOWN_OK: break; case SSH_SERVER_KNOWN_CHANGED: fprintf(stderr, "csync_sftp - The host key for this server was " "not found, but another type of key exists.\n" "An attacker might change the default server key to confuse your " "client into thinking the key does not exist.\n" "Please contact your system administrator.\n" "%s\n", ssh_get_error(_ssh_session)); ssh_print_hexa("csync_sftp - public key hash", hash, hlen); ssh_disconnect(_ssh_session); _ssh_session = NULL; ssh_finalize(); rc = -1; goto out; break; case SSH_SERVER_FOUND_OTHER: fprintf(stderr, "csync_sftp - the host key for this server was not " "found but an other type of key exists.\n"); fprintf(stderr, "csync_sftp - an attacker might change the default " "server key to confuse your client into thinking the key does not " "exist\n"); fprintf(stderr, "The host key for the server %s has changed.\n" "This could either mean that DNS SPOOFING is happening or the IP " "address for the host and its host key have changed at the same time.\n" "The fingerprint for the key sent by the remote host is:\n", host); ssh_print_hexa("", hash, hlen); fprintf(stderr, "Please contact your system administrator.\n" "%s\n", ssh_get_error(_ssh_session)); ssh_disconnect(_ssh_session); _ssh_session = NULL; ssh_finalize(); rc = -1; goto out; break; case SSH_SERVER_NOT_KNOWN: if (_authcb) { char *hexa; char *prompt; char buf[4] = {0}; hexa = ssh_get_hexa(hash, hlen); if (hexa == NULL) { ssh_disconnect(_ssh_session); _ssh_session = NULL; ssh_finalize(); rc = -1; goto out; } if (asprintf(&prompt, "The authenticity of host '%s' can't be established.\n" "RSA key fingerprint is %s.\n" "Are you sure you want to continue connecting (yes/no)?", host, hexa) < 0 ) { free(hexa); ssh_disconnect(_ssh_session); _ssh_session = NULL; ssh_finalize(); rc = -1; goto out; } free(hexa); if ((*_authcb)(prompt, buf, sizeof(buf), 1, 0, _userdata) < 0) { free(prompt); ssh_disconnect(_ssh_session); _ssh_session = NULL; ssh_finalize(); rc = -1; goto out; } free(prompt); if (strncasecmp(buf, "yes", 3) != 0) { ssh_disconnect(_ssh_session); _ssh_session = NULL; ssh_finalize(); rc = -1; goto out; } if (ssh_write_knownhost(_ssh_session) < 0) { ssh_disconnect(_ssh_session); _ssh_session = NULL; ssh_finalize(); rc = -1; goto out; } } else { fprintf(stderr,"csync_sftp - the server is unknown. Connect manually to " "the host to retrieve the public key hash, then try again.\n"); } ssh_disconnect(_ssh_session); _ssh_session = NULL; ssh_finalize(); rc = -1; goto out; break; case SSH_SERVER_ERROR: fprintf(stderr, "%s\n", ssh_get_error(_ssh_session)); ssh_disconnect(_ssh_session); _ssh_session = NULL; ssh_finalize(); rc = -1; goto out; break; default: break; } /* Try to authenticate */ rc = ssh_userauth_none(_ssh_session, NULL); if (rc == SSH_AUTH_ERROR) { ssh_disconnect(_ssh_session); _ssh_session = NULL; ssh_finalize(); rc = -1; goto out; } #if 0 /* authenticate with the server */ if (passwd && *passwd) { DEBUG_SFTP(("csync_sftp - authenticating with user/password\n")); /* * This is tunneled cleartext password authentication and possibly needs * to be allowed by the ssh server. Set 'PasswordAuthentication yes' */ auth = ssh_userauth_password(_ssh_session, user, passwd); } else { DEBUG_SFTP(("csync_sftp - authenticating with pubkey\n")); auth = ssh_userauth_autopubkey(_ssh_session, NULL); } if (auth == SSH_AUTH_ERROR) { fprintf(stderr, "csync_sftp - authenticating with pubkey: %s\n", ssh_get_error(_ssh_session)); ssh_disconnect(_ssh_session); _ssh_session = NULL; ssh_finalize(); rc = -1; goto out; } if (auth != SSH_AUTH_SUCCESS) { if (_authcb != NULL) { auth = auth_kbdint(_ssh_session); if (auth == SSH_AUTH_ERROR) { fprintf(stderr,"csync_sftp - authentication failed: %s\n", ssh_get_error(_ssh_session)); ssh_disconnect(_ssh_session); _ssh_session = NULL; ssh_finalize(); rc = -1; goto out; } } else { ssh_disconnect(_ssh_session); _ssh_session = NULL; ssh_finalize(); rc = -1; goto out; } } #endif method = ssh_auth_list(_ssh_session); while (rc != SSH_AUTH_SUCCESS) { /* Try to authenticate with public key first */ if (method & SSH_AUTH_METHOD_PUBLICKEY) { rc = ssh_userauth_autopubkey(_ssh_session, NULL); if (rc == SSH_AUTH_ERROR) { ssh_disconnect(_ssh_session); _ssh_session = NULL; ssh_finalize(); rc = -1; goto out; } else if (rc == SSH_AUTH_SUCCESS) { break; } } /* Try to authenticate with keyboard interactive */ if (method & SSH_AUTH_METHOD_INTERACTIVE) { rc = auth_kbdint(_ssh_session, user, passwd); if (rc == SSH_AUTH_ERROR) { ssh_disconnect(_ssh_session); _ssh_session = NULL; ssh_finalize(); rc = -1; goto out; } else if (rc == SSH_AUTH_SUCCESS) { break; } } /* Try to authenticate with password */ if ((method & SSH_AUTH_METHOD_PASSWORD) && passwd && *passwd) { rc = ssh_userauth_password(_ssh_session, user, passwd); if (rc == SSH_AUTH_ERROR) { ssh_disconnect(_ssh_session); _ssh_session = NULL; ssh_finalize(); rc = -1; goto out; } else if (rc == SSH_AUTH_SUCCESS) { break; } } } DEBUG_SFTP(("csync_sftp - creating sftp channel...\n")); /* start the sftp session */ _sftp_session = sftp_new(_ssh_session); if (_sftp_session == NULL) { fprintf(stderr, "csync_sftp - sftp error initialising channel: %s\n", ssh_get_error(_ssh_session)); rc = -1; goto out; } rc = sftp_init(_sftp_session); if (rc < 0) { fprintf(stderr, "csync_sftp - error initialising sftp: %s\n", ssh_get_error(_ssh_session)); goto out; } DEBUG_SFTP(("csync_sftp - connection established...\n")); _connected = 1; rc = 0; out: SAFE_FREE(scheme); SAFE_FREE(user); SAFE_FREE(passwd); SAFE_FREE(host); SAFE_FREE(path); SAFE_FREE(hash); return rc; }
int main(int argc, char **argv){ SSH_SESSION *session; SSH_OPTIONS *options; int auth=0; char *password; char *banner; int state; char buf[10]; unsigned char hash[MD5_DIGEST_LEN]; options=ssh_options_new(); if(ssh_options_getopt(options,&argc, argv)) usage(); opts(argc,argv); signal(SIGTERM,do_exit); if(user) ssh_options_set_username(options,user); ssh_options_set_host(options,host); session=ssh_new(); ssh_set_options(session,options); if(ssh_connect(session)){ fprintf(stderr,"Connection failed : %s\n",ssh_get_error(session)); ssh_disconnect(session); ssh_finalize(); return 1; } state=ssh_is_server_known(session); switch(state){ case SSH_SERVER_KNOWN_OK: break; /* ok */ case SSH_SERVER_KNOWN_CHANGED: fprintf(stderr,"Host key for server changed : server's one is now :\n"); ssh_get_pubkey_hash(session,hash); ssh_print_hexa("Public key hash",hash,MD5_DIGEST_LEN); fprintf(stderr,"For security reason, connection will be stopped\n"); ssh_disconnect(session); ssh_finalize(); exit(-1); case SSH_SERVER_FOUND_OTHER: fprintf(stderr,"The host key for this server was not found but an other type of key exists.\n"); fprintf(stderr,"An attacker might change the default server key to confuse your client" "into thinking the key does not exist\n" "We advise you to rerun the client with -d or -r for more safety.\n"); ssh_disconnect(session); ssh_finalize(); exit(-1); case SSH_SERVER_NOT_KNOWN: fprintf(stderr,"The server is unknown. Do you trust the host key ?\n"); ssh_get_pubkey_hash(session,hash); ssh_print_hexa("Public key hash",hash,MD5_DIGEST_LEN); fgets(buf,sizeof(buf),stdin); if(strncasecmp(buf,"yes",3)!=0){ ssh_disconnect(session); exit(-1); } fprintf(stderr,"This new key will be written on disk for further usage. do you agree ?\n"); fgets(buf,sizeof(buf),stdin); if(strncasecmp(buf,"yes",3)==0){ if(ssh_write_knownhost(session)) fprintf(stderr,"error %s\n",ssh_get_error(session)); } break; case SSH_SERVER_ERROR: fprintf(stderr,"%s",ssh_get_error(session)); ssh_disconnect(session); ssh_finalize(); exit(-1); } /* no ? you should :) */ auth=ssh_userauth_autopubkey(session); if(auth==SSH_AUTH_ERROR){ fprintf(stderr,"Authenticating with pubkey: %s\n",ssh_get_error(session)); ssh_finalize(); return -1; } banner=ssh_get_issue_banner(session); if(banner){ printf("%s\n",banner); free(banner); } if(auth!=SSH_AUTH_SUCCESS){ auth=auth_kbdint(session); if(auth==SSH_AUTH_ERROR){ fprintf(stderr,"authenticating with keyb-interactive: %s\n", ssh_get_error(session)); ssh_finalize(); return -1; } } if(auth!=SSH_AUTH_SUCCESS){ password=getpass("Password : "******"Authentication failed: %s\n",ssh_get_error(session)); ssh_disconnect(session); ssh_finalize(); return -1; } memset(password,0,strlen(password)); } ssh_say(1,"Authentication success\n"); printf("%s\n",argv[0]); if(strstr(argv[0],"sftp")){ sftp=1; ssh_say(1,"doing sftp instead\n"); } if(!sftp){ if(!cmds[0]) shell(session); else batch_shell(session); } else do_sftp(session); if(!sftp && !cmds[0]) do_cleanup(); ssh_disconnect(session); ssh_finalize(); return 0; }
static int authenticate_pubkey(ssh_session session) { return ssh_userauth_autopubkey(session, NULL); }
bool SSHClient::sshConnect(int /* fd */, std::string &hostname) { // GNASH_REPORT_FUNCTION; char *password; char *banner; char *hexa; // We always need a hostname to connect to if (ssh_options_set(_session, SSH_OPTIONS_HOST, hostname.c_str()) < 0) { log_error(_("Couldn't set hostname option")); return false; } // We always need a user name for the connection if (_user.empty()) { if (ssh_options_set(_session, SSH_OPTIONS_USER, _user.c_str()) < 0) { log_error(_("Couldn't set user name option")); return false; } } // Start a new session _session = ssh_new(); if(ssh_connect(_session)){ log_error(_("Connection failed : %s\n"), ssh_get_error(_session)); sshShutdown(); return false; } _state = ssh_is_server_known(_session); unsigned char *hash = 0; int hlen = ssh_get_pubkey_hash(_session, &hash); if (hlen < 0) { sshShutdown(); return false; } switch(_state){ case SSH_SERVER_KNOWN_OK: // ok log_debug(_("SSH Server is currently known: %d"), _state); break; case SSH_SERVER_KNOWN_CHANGED: log_error(_("Host key for server changed : server's one is now: ")); ssh_print_hexa(_("Public key hash"), hash, hlen); free(hash); log_error(_("For security reason, connection will be stopped")); sshShutdown(); return false;; case SSH_SERVER_FOUND_OTHER: log_error(_("The host key for this server was not found but an other type of key exists.")); log_error(_("An attacker might change the default server key to confuse your client" " into thinking the key does not exist" "We advise you to rerun the client with -d or -r for more safety.")); sshShutdown(); return false;; case SSH_SERVER_NOT_KNOWN: hexa = ssh_get_hexa(hash, hlen); free(hash); // FIXME: for now, accecpt all new keys, and update the // $HOME/.ssh/know_hosts file. #if 0 log_error(_("The server is unknown. Do you trust the host key ? (yes,no)")); log_error(_("Public key hash: %s"), hexa); free(hexa); fgets(buf, sizeof(buf), stdin); if(strncasecmp(buf, "yes", 3) != 0){ sshShutdown(); return false; } log_error(_("This new key will be written on disk for further usage. do you agree? (yes,no) ")); fgets(buf, sizeof(buf), stdin); if(strncasecmp(buf, "yes", 3)==0){ if(ssh_write_knownhost(_session)) log_error(ssh_get_error(_session)); } #else if(ssh_write_knownhost(_session)) { log_error(ssh_get_error(_session)); } #endif break; case SSH_SERVER_ERROR: free(hash); log_error(ssh_get_error(_session)); sshShutdown(); return false; } free(hash); ssh_userauth_none(_session, NULL); int auth = ssh_auth_list(_session); // log_debug("auth: 0x%04x", auth); log_debug(_("supported auth methods: ")); if (auth & SSH_AUTH_METHOD_PUBLICKEY) { log_debug(_("\tpublickey")); } if (auth & SSH_AUTH_METHOD_INTERACTIVE) { log_debug(_("\tkeyboard-interactive")); } /* no ? you should :) */ auth=ssh_userauth_autopubkey(_session, NULL); if(auth == SSH_AUTH_ERROR){ log_debug(_("Authenticating with pubkey: %s"), ssh_get_error(_session)); ssh_finalize(); return false; } banner = ssh_get_issue_banner(_session); if(banner){ log_debug(banner); free(banner); } if(auth != SSH_AUTH_SUCCESS){ auth = authKbdint(_session); if(auth == SSH_AUTH_ERROR){ log_error(_("authenticating with keyb-interactive: %s"), ssh_get_error(_session)); ssh_finalize(); return false; } } if(auth != SSH_AUTH_SUCCESS){ password = getpass("Password: "******"Authentication failed: %s"), ssh_get_error(_session)); ssh_disconnect(_session); ssh_finalize(); return false; } memset(password, 0, strlen(password)); } ssh_log(_session, SSH_LOG_FUNCTIONS, "Authentication success"); #if 0 if(strstr(argv[0],"sftp")){ sftp = 1; ssh_log(_session, SSH_LOG_FUNCTIONS, "Doing sftp instead"); } if(!sftp){ if(!cmds[0]) shell(_session); else batch_shell(_session); } else do_sftp(_session); if(!sftp && !cmds[0]) do_cleanup(0); #endif return true; }
ssh_session torture_ssh_session(const char *host, const char *user, const char *password) { ssh_session session; int rc; if (host == NULL) { return NULL; } session = ssh_new(); if (session == NULL) { return NULL; } if (ssh_options_set(session, SSH_OPTIONS_HOST, host) < 0) { goto failed; } if (user != NULL) { if (ssh_options_set(session, SSH_OPTIONS_USER, user) < 0) { goto failed; } } if (ssh_options_set(session, SSH_OPTIONS_LOG_VERBOSITY, &verbosity) < 0) { goto failed; } if (ssh_connect(session)) { goto failed; } /* We are in testing mode, so consinder the hostkey as verified ;) */ /* This request should return a SSH_REQUEST_DENIED error */ rc = ssh_userauth_none(session, NULL); if (rc == SSH_ERROR) { goto failed; } if (!(ssh_auth_list(session) & SSH_AUTH_METHOD_INTERACTIVE)) { goto failed; } if (password != NULL) { rc = _torture_auth_kbdint(session, password); } else { rc = ssh_userauth_autopubkey(session, NULL); if (rc == SSH_AUTH_ERROR) { goto failed; } } if (rc != SSH_AUTH_SUCCESS) { goto failed; } return session; failed: if (ssh_is_connected(session)) { ssh_disconnect(session); } ssh_free(session); return NULL; }
int SSH_Socket::authenticate_console() { int rc; int method; char *banner; // Try to authenticate rc = ssh_userauth_none(session, nullptr); switch(rc) { case SSH_AUTH_ERROR: //some error happened during authentication std::cout << "ssh_userauth_none SSH_AUTH_ERROR!" << std::endl; error(); return rc; case SSH_AUTH_DENIED: //no key matched std::cout << "ssh_userauth_none SSH_AUTH_DENIED!" << std::endl; break; case SSH_AUTH_SUCCESS: //you are now authenticated std::cout << "ssh_userauth_none SSH_AUTH_SUCCESS!" << std::endl; break; case SSH_AUTH_PARTIAL: //some key matched but you still have //to provide an other mean of authentication (like a password). std::cout << "ssh_userauth_none SSH_AUTH_PARTIAL!" << std::endl; break; } int failureCounter = 0; // Get a list of excepted Auth Sessions server wants. method = ssh_auth_list(session); while(rc != SSH_AUTH_SUCCESS && failureCounter < 20) { /* Retrieve the public key with ssh_import_pubkey_file(). Offer the public key to the SSH server using ssh_userauth_try_publickey(). * If the return value is SSH_AUTH_SUCCESS, the SSH server accepts * to authenticate using the public key and you can go to the next step. Retrieve the private key, using the ssh_pki_import_privkey_file() function. * If a pass phrase is needed, either the pass phrase specified * as argument or a callback will be used. Authenticate using ssh_userauth_publickey() with your private key. Do not forget cleaning up memory using ssh_key_free(). */ // The function ssh_userauth_autopubkey() does this using the // available keys in "~/.ssh/" or ssh-agent. The return values are the following: // ** Public Key Needs more testing. if(method & SSH_AUTH_METHOD_PUBLICKEY) { rc = ssh_userauth_autopubkey(session, nullptr); switch(rc) { case SSH_AUTH_ERROR: //some serious error happened during authentication std::cout << "SSH_AUTH_METHOD_PUBLICKEY - SSH_AUTH_ERROR!" << std::endl; error(); return rc; case SSH_AUTH_DENIED: //no key matched std::cout << "SSH_AUTH_METHOD_PUBLICKEY - SSH_AUTH_DENIED!" << std::endl; ++failureCounter; break; case SSH_AUTH_SUCCESS: //you are now authenticated std::cout << "SSH_AUTH_METHOD_PUBLICKEY - SSH_AUTH_SUCCESS!" << std::endl; break; case SSH_AUTH_PARTIAL: // some key matched but you still have // to provide an other mean of authentication (like a password). std::cout << "SSH_AUTH_METHOD_PUBLICKEY - SSH_AUTH_PARTIAL!" << std::endl; ++failureCounter; break; default: break; } /* // Validate with specific public key file rc = ssh_userauth_try_publickey(session, NULL, "pubkey.pub"); switch (rc) { case SSH_AUTH_ERROR: //some serious error happened during authentication printf("\r\n try_publickey - SSH_AUTH_ERROR! \r\n"); error(session); return rc; case SSH_AUTH_DENIED: //no key matched printf("\r\n try_publickey - SSH_AUTH_DENIED! \r\n"); break; case SSH_AUTH_SUCCESS: //you are now authenticated printf("\r\n try_publickey - SSH_AUTH_SUCCESS! \r\n"); break; case SSH_AUTH_PARTIAL: //some key matched but you still have to //provide an other mean of authentication (like a password). printf("\r\n try_publickey - SSH_AUTH_PARTIAL! \r\n"); break; default: break; } */ } // Try to authenticate with keyboard interactive"; if(method & SSH_AUTH_METHOD_INTERACTIVE) { //rc = authenticate_kbdint(session, NULL); switch(rc) { case SSH_AUTH_ERROR: //some serious error happened during authentication std::cout << "SSH_AUTH_METHOD_INTERACTIVE - SSH_AUTH_ERROR!" << std::endl; error(); return rc; case SSH_AUTH_DENIED: //no key matched std::cout << "SSH_AUTH_METHOD_INTERACTIVE - SSH_AUTH_DENIED!" << std::endl; ++failureCounter; break; case SSH_AUTH_SUCCESS: //you are now authenticated std::cout << "SSH_AUTH_METHOD_INTERACTIVE - SSH_AUTH_SUCCESS!" << std::endl; break; case SSH_AUTH_PARTIAL: //some key matched but you still have to //provide an other mean of authentication (like a password). std::cout << "SSH_AUTH_METHOD_INTERACTIVE - SSH_AUTH_PARTIAL!" << std::endl; ++failureCounter; break; default: break; } } /* if (ssh_getpass("Password: "******"") { rc = ssh_userauth_password(session, nullptr, password.c_str()); switch(rc) { case SSH_AUTH_ERROR: //some serious error happened during authentication std::cout << "SSH_AUTH_METHOD_PASSWORD - SSH_AUTH_ERROR!" << std::endl; error(); return rc; case SSH_AUTH_DENIED: //no key matched std::cout << "SSH_AUTH_METHOD_PASSWORD - SSH_AUTH_DENIED!" << std::endl; ++failureCounter; break; case SSH_AUTH_SUCCESS: //you are now authenticated std::cout << "SSH_AUTH_METHOD_PASSWORD - SSH_AUTH_SUCCESS!" << std::endl; break; case SSH_AUTH_PARTIAL: //some key matched but you still have to // provide an other mean of authentication (like a password). std::cout << "SSH_AUTH_METHOD_PASSWORD - SSH_AUTH_PARTIAL!" << std::endl; ++failureCounter; break; default: break; } } } } banner = ssh_get_issue_banner(session); if(banner) { std::cout << banner << std::endl; ssh_string_free_char(banner); } std::cout << " *** SSH Authenticate Completed." << std::endl; return rc; }