static int client(ssh_session session){
int auth=0;
char *banner;
int state;
if (ssh_options_set(session, SSH_OPTIONS_HOST ,host) < 0)
return -1;
ssh_options_parse_config(session, NULL);
if(ssh_connect(session)){
fprintf(stderr,"Connection failed : %s\n",ssh_get_error(session));
return -1;
}
state=verify_knownhost(session);
if (state != 0)
return -1;
ssh_userauth_none(session, NULL);
banner=ssh_get_issue_banner(session);
if(banner){
printf("%s\n",banner);
free(banner);
}
auth=authenticate_console(session);
if(auth != SSH_AUTH_SUCCESS){
return -1;
}
forwarding(session);
return 0;
}
int authenticate_console(ssh_session session, char* pwd){
int rc;
int method;
char password[128] = {0};
char *banner;
// Try to authenticate
rc = ssh_userauth_none(session, NULL);
if (rc == SSH_AUTH_ERROR) {
error(session);
return rc;
}
method = ssh_auth_list(session);
while (rc != SSH_AUTH_SUCCESS) {
// Try to authenticate with public key first
if (method & SSH_AUTH_METHOD_PUBLICKEY) {
rc = ssh_userauth_autopubkey(session, NULL);
if (rc == SSH_AUTH_ERROR) {
error(session);
return rc;
} else if (rc == SSH_AUTH_SUCCESS) {
break;
}
}
/*
// Try to authenticate with keyboard interactive";
if (method & SSH_AUTH_METHOD_INTERACTIVE) {
rc = authenticate_kbdint(session, NULL);
if (rc == SSH_AUTH_ERROR) {
error(session);
return rc;
} else if (rc == SSH_AUTH_SUCCESS) {
break;
}
}
if (ssh_getpass("Password: "******"%s\n",banner);
free(banner);
}
return rc;
}
static int client(ssh_session_t *session)
{
int auth=0;
char *banner;
int state;
if (user)
{
if (ssh_options_set(session, SSH_OPTIONS_USER, user) < 0)
{
return -1;
}
}
if (ssh_options_set(session, SSH_OPTIONS_HOST ,host) < 0)
{
return -1;
}
if (proxycommand != NULL)
{
if(ssh_options_set(session, SSH_OPTIONS_PROXYCOMMAND, proxycommand))
{
return -1;
}
}
ssh_options_parse_config(session, NULL);
if(ssh_connect(session))
{
fprintf(stderr,"Connection failed : %s\n",ssh_get_error(session));
return -1;
}
state = verify_knownhost(session);
if (state != 0)
{
return -1;
}
ssh_userauth_none(session, NULL);
banner = ssh_get_issue_banner(session);
if(banner)
{
printf("%s\n", banner);
free(banner);
}
auth = authenticate_console(session);
if(auth != SSH_AUTH_SUCCESS)
{
return -1;
}
if(!cmds[0]) {
shell(session);
} else {
batch_shell(session);
}
return 0;
}
int main(int argc, char **argv){
SSH_SESSION *session;
SSH_OPTIONS *options;
int auth=0;
char *password;
char *banner;
int state;
char buf[10];
unsigned char hash[MD5_DIGEST_LEN];
options=ssh_options_new();
if(ssh_options_getopt(options,&argc, argv))
usage();
opts(argc,argv);
signal(SIGTERM,do_exit);
if(user)
ssh_options_set_username(options,user);
ssh_options_set_host(options,host);
session=ssh_new();
ssh_set_options(session,options);
if(ssh_connect(session)){
fprintf(stderr,"Connection failed : %s\n",ssh_get_error(session));
ssh_disconnect(session);
ssh_finalize();
return 1;
}
state=ssh_is_server_known(session);
switch(state){
case SSH_SERVER_KNOWN_OK:
break; /* ok */
case SSH_SERVER_KNOWN_CHANGED:
fprintf(stderr,"Host key for server changed : server's one is now :\n");
ssh_get_pubkey_hash(session,hash);
ssh_print_hexa("Public key hash",hash,MD5_DIGEST_LEN);
fprintf(stderr,"For security reason, connection will be stopped\n");
ssh_disconnect(session);
ssh_finalize();
exit(-1);
case SSH_SERVER_FOUND_OTHER:
fprintf(stderr,"The host key for this server was not found but an other type of key exists.\n");
fprintf(stderr,"An attacker might change the default server key to confuse your client"
"into thinking the key does not exist\n"
"We advise you to rerun the client with -d or -r for more safety.\n");
ssh_disconnect(session);
ssh_finalize();
exit(-1);
case SSH_SERVER_NOT_KNOWN:
fprintf(stderr,"The server is unknown. Do you trust the host key ?\n");
ssh_get_pubkey_hash(session,hash);
ssh_print_hexa("Public key hash",hash,MD5_DIGEST_LEN);
fgets(buf,sizeof(buf),stdin);
if(strncasecmp(buf,"yes",3)!=0){
ssh_disconnect(session);
exit(-1);
}
fprintf(stderr,"This new key will be written on disk for further usage. do you agree ?\n");
fgets(buf,sizeof(buf),stdin);
if(strncasecmp(buf,"yes",3)==0){
if(ssh_write_knownhost(session))
fprintf(stderr,"error %s\n",ssh_get_error(session));
}
break;
case SSH_SERVER_ERROR:
fprintf(stderr,"%s",ssh_get_error(session));
ssh_disconnect(session);
ssh_finalize();
exit(-1);
}
/* no ? you should :) */
auth=ssh_userauth_autopubkey(session);
if(auth==SSH_AUTH_ERROR){
fprintf(stderr,"Authenticating with pubkey: %s\n",ssh_get_error(session));
ssh_finalize();
return -1;
}
banner=ssh_get_issue_banner(session);
if(banner){
printf("%s\n",banner);
free(banner);
}
if(auth!=SSH_AUTH_SUCCESS){
auth=auth_kbdint(session);
if(auth==SSH_AUTH_ERROR){
fprintf(stderr,"authenticating with keyb-interactive: %s\n",
ssh_get_error(session));
ssh_finalize();
return -1;
}
}
if(auth!=SSH_AUTH_SUCCESS){
password=getpass("Password : "******"Authentication failed: %s\n",ssh_get_error(session));
ssh_disconnect(session);
ssh_finalize();
return -1;
}
memset(password,0,strlen(password));
}
ssh_say(1,"Authentication success\n");
printf("%s\n",argv[0]);
if(strstr(argv[0],"sftp")){
sftp=1;
ssh_say(1,"doing sftp instead\n");
}
if(!sftp){
if(!cmds[0])
shell(session);
else
batch_shell(session);
}
else
do_sftp(session);
if(!sftp && !cmds[0])
do_cleanup();
ssh_disconnect(session);
ssh_finalize();
return 0;
}
bool
SSHClient::sshConnect(int /* fd */, std::string &hostname)
{
// GNASH_REPORT_FUNCTION;
char *password;
char *banner;
char *hexa;
// We always need a hostname to connect to
if (ssh_options_set(_session, SSH_OPTIONS_HOST, hostname.c_str()) < 0) {
log_error(_("Couldn't set hostname option"));
return false;
}
// We always need a user name for the connection
if (_user.empty()) {
if (ssh_options_set(_session, SSH_OPTIONS_USER, _user.c_str()) < 0) {
log_error(_("Couldn't set user name option"));
return false;
}
}
// Start a new session
_session = ssh_new();
if(ssh_connect(_session)){
log_error(_("Connection failed : %s\n"), ssh_get_error(_session));
sshShutdown();
return false;
}
_state = ssh_is_server_known(_session);
unsigned char *hash = 0;
int hlen = ssh_get_pubkey_hash(_session, &hash);
if (hlen < 0) {
sshShutdown();
return false;
}
switch(_state){
case SSH_SERVER_KNOWN_OK: // ok
log_debug(_("SSH Server is currently known: %d"), _state);
break;
case SSH_SERVER_KNOWN_CHANGED:
log_error(_("Host key for server changed : server's one is now: "));
ssh_print_hexa(_("Public key hash"), hash, hlen);
free(hash);
log_error(_("For security reason, connection will be stopped"));
sshShutdown();
return false;;
case SSH_SERVER_FOUND_OTHER:
log_error(_("The host key for this server was not found but an other type of key exists."));
log_error(_("An attacker might change the default server key to confuse your client"
" into thinking the key does not exist"
"We advise you to rerun the client with -d or -r for more safety."));
sshShutdown();
return false;;
case SSH_SERVER_NOT_KNOWN:
hexa = ssh_get_hexa(hash, hlen);
free(hash);
// FIXME: for now, accecpt all new keys, and update the
// $HOME/.ssh/know_hosts file.
#if 0
log_error(_("The server is unknown. Do you trust the host key ? (yes,no)"));
log_error(_("Public key hash: %s"), hexa);
free(hexa);
fgets(buf, sizeof(buf), stdin);
if(strncasecmp(buf, "yes", 3) != 0){
sshShutdown();
return false;
}
log_error(_("This new key will be written on disk for further usage. do you agree? (yes,no) "));
fgets(buf, sizeof(buf), stdin);
if(strncasecmp(buf, "yes", 3)==0){
if(ssh_write_knownhost(_session))
log_error(ssh_get_error(_session));
}
#else
if(ssh_write_knownhost(_session)) {
log_error(ssh_get_error(_session));
}
#endif
break;
case SSH_SERVER_ERROR:
free(hash);
log_error(ssh_get_error(_session));
sshShutdown();
return false;
}
free(hash);
ssh_userauth_none(_session, NULL);
int auth = ssh_auth_list(_session);
// log_debug("auth: 0x%04x", auth);
log_debug(_("supported auth methods: "));
if (auth & SSH_AUTH_METHOD_PUBLICKEY) {
log_debug(_("\tpublickey"));
}
if (auth & SSH_AUTH_METHOD_INTERACTIVE) {
log_debug(_("\tkeyboard-interactive"));
}
/* no ? you should :) */
auth=ssh_userauth_autopubkey(_session, NULL);
if(auth == SSH_AUTH_ERROR){
log_debug(_("Authenticating with pubkey: %s"), ssh_get_error(_session));
ssh_finalize();
return false;
}
banner = ssh_get_issue_banner(_session);
if(banner){
log_debug(banner);
free(banner);
}
if(auth != SSH_AUTH_SUCCESS){
auth = authKbdint(_session);
if(auth == SSH_AUTH_ERROR){
log_error(_("authenticating with keyb-interactive: %s"),
ssh_get_error(_session));
ssh_finalize();
return false;
}
}
if(auth != SSH_AUTH_SUCCESS){
password = getpass("Password: "******"Authentication failed: %s"), ssh_get_error(_session));
ssh_disconnect(_session);
ssh_finalize();
return false;
}
memset(password, 0, strlen(password));
}
ssh_log(_session, SSH_LOG_FUNCTIONS, "Authentication success");
#if 0
if(strstr(argv[0],"sftp")){
sftp = 1;
ssh_log(_session, SSH_LOG_FUNCTIONS, "Doing sftp instead");
}
if(!sftp){
if(!cmds[0])
shell(_session);
else
batch_shell(_session);
}
else
do_sftp(_session);
if(!sftp && !cmds[0])
do_cleanup(0);
#endif
return true;
}
int SSH_Socket::authenticate_console()
{
int rc;
int method;
char *banner;
// Try to authenticate
rc = ssh_userauth_none(session, nullptr);
switch(rc)
{
case SSH_AUTH_ERROR: //some error happened during authentication
std::cout << "ssh_userauth_none SSH_AUTH_ERROR!" << std::endl;
error();
return rc;
case SSH_AUTH_DENIED: //no key matched
std::cout << "ssh_userauth_none SSH_AUTH_DENIED!" << std::endl;
break;
case SSH_AUTH_SUCCESS: //you are now authenticated
std::cout << "ssh_userauth_none SSH_AUTH_SUCCESS!" << std::endl;
break;
case SSH_AUTH_PARTIAL:
//some key matched but you still have
//to provide an other mean of authentication (like a password).
std::cout << "ssh_userauth_none SSH_AUTH_PARTIAL!" << std::endl;
break;
}
int failureCounter = 0;
// Get a list of excepted Auth Sessions server wants.
method = ssh_auth_list(session);
while(rc != SSH_AUTH_SUCCESS && failureCounter < 20)
{
/*
Retrieve the public key with ssh_import_pubkey_file().
Offer the public key to the SSH server using ssh_userauth_try_publickey().
* If the return value is SSH_AUTH_SUCCESS, the SSH server accepts
* to authenticate using the public key and you can go to the next step.
Retrieve the private key, using the ssh_pki_import_privkey_file() function.
* If a pass phrase is needed, either the pass phrase specified
* as argument or a callback will be used.
Authenticate using ssh_userauth_publickey() with your private key.
Do not forget cleaning up memory using ssh_key_free().
*/
// The function ssh_userauth_autopubkey() does this using the
// available keys in "~/.ssh/" or ssh-agent. The return values are the following:
// ** Public Key Needs more testing.
if(method & SSH_AUTH_METHOD_PUBLICKEY)
{
rc = ssh_userauth_autopubkey(session, nullptr);
switch(rc)
{
case SSH_AUTH_ERROR: //some serious error happened during authentication
std::cout << "SSH_AUTH_METHOD_PUBLICKEY - SSH_AUTH_ERROR!" << std::endl;
error();
return rc;
case SSH_AUTH_DENIED: //no key matched
std::cout << "SSH_AUTH_METHOD_PUBLICKEY - SSH_AUTH_DENIED!" << std::endl;
++failureCounter;
break;
case SSH_AUTH_SUCCESS: //you are now authenticated
std::cout << "SSH_AUTH_METHOD_PUBLICKEY - SSH_AUTH_SUCCESS!" << std::endl;
break;
case SSH_AUTH_PARTIAL:
// some key matched but you still have
// to provide an other mean of authentication (like a password).
std::cout << "SSH_AUTH_METHOD_PUBLICKEY - SSH_AUTH_PARTIAL!" << std::endl;
++failureCounter;
break;
default:
break;
}
/*
// Validate with specific public key file
rc = ssh_userauth_try_publickey(session, NULL, "pubkey.pub");
switch (rc)
{
case SSH_AUTH_ERROR: //some serious error happened during authentication
printf("\r\n try_publickey - SSH_AUTH_ERROR! \r\n");
error(session);
return rc;
case SSH_AUTH_DENIED: //no key matched
printf("\r\n try_publickey - SSH_AUTH_DENIED! \r\n");
break;
case SSH_AUTH_SUCCESS: //you are now authenticated
printf("\r\n try_publickey - SSH_AUTH_SUCCESS! \r\n");
break;
case SSH_AUTH_PARTIAL: //some key matched but you still have to
//provide an other mean of authentication (like a password).
printf("\r\n try_publickey - SSH_AUTH_PARTIAL! \r\n");
break;
default:
break;
}
*/
}
// Try to authenticate with keyboard interactive";
if(method & SSH_AUTH_METHOD_INTERACTIVE)
{
//rc = authenticate_kbdint(session, NULL);
switch(rc)
{
case SSH_AUTH_ERROR: //some serious error happened during authentication
std::cout << "SSH_AUTH_METHOD_INTERACTIVE - SSH_AUTH_ERROR!" << std::endl;
error();
return rc;
case SSH_AUTH_DENIED: //no key matched
std::cout << "SSH_AUTH_METHOD_INTERACTIVE - SSH_AUTH_DENIED!" << std::endl;
++failureCounter;
break;
case SSH_AUTH_SUCCESS: //you are now authenticated
std::cout << "SSH_AUTH_METHOD_INTERACTIVE - SSH_AUTH_SUCCESS!" << std::endl;
break;
case SSH_AUTH_PARTIAL: //some key matched but you still have to
//provide an other mean of authentication (like a password).
std::cout << "SSH_AUTH_METHOD_INTERACTIVE - SSH_AUTH_PARTIAL!" << std::endl;
++failureCounter;
break;
default:
break;
}
}
/*
if (ssh_getpass("Password: "******"")
{
rc = ssh_userauth_password(session, nullptr, password.c_str());
switch(rc)
{
case SSH_AUTH_ERROR: //some serious error happened during authentication
std::cout << "SSH_AUTH_METHOD_PASSWORD - SSH_AUTH_ERROR!" << std::endl;
error();
return rc;
case SSH_AUTH_DENIED: //no key matched
std::cout << "SSH_AUTH_METHOD_PASSWORD - SSH_AUTH_DENIED!" << std::endl;
++failureCounter;
break;
case SSH_AUTH_SUCCESS: //you are now authenticated
std::cout << "SSH_AUTH_METHOD_PASSWORD - SSH_AUTH_SUCCESS!" << std::endl;
break;
case SSH_AUTH_PARTIAL: //some key matched but you still have to
// provide an other mean of authentication (like a password).
std::cout << "SSH_AUTH_METHOD_PASSWORD - SSH_AUTH_PARTIAL!" << std::endl;
++failureCounter;
break;
default:
break;
}
}
}
}
banner = ssh_get_issue_banner(session);
if(banner)
{
std::cout << banner << std::endl;
ssh_string_free_char(banner);
}
std::cout << " *** SSH Authenticate Completed." << std::endl;
return rc;
}
