static ssh_session create_ssh_connection(const char* hostname, const unsigned int port, const char* username,
const char* password, const char* sshkey_path, const char* sshkey_passphrase)
{
ssh_session sshs;
/* Open session and set options */
sshs = ssh_new();
if (sshs == NULL) {
errmsg_print("Can't create ssh session");
return NULL;
}
if (!hostname)
return NULL;
if (ssh_options_set(sshs, SSH_OPTIONS_HOST, hostname)) {
errmsg_print("Can't set the hostname: %s\n", hostname);
goto failure;
}
if (port != 0) {
if (ssh_options_set(sshs, SSH_OPTIONS_PORT, &port)) {
errmsg_print("Can't set the port: %d\n", port);
goto failure;
}
}
if (!username)
username = g_get_user_name();
if (ssh_options_set(sshs, SSH_OPTIONS_USER, username)) {
errmsg_print("Can't set the username: %s\n", username);
goto failure;
}
verbose_print("Opening ssh connection to %s@%s:%u\n", username, hostname, port);
/* Connect to server */
if (ssh_connect(sshs) != SSH_OK) {
errmsg_print("Error connecting to %s@%s:%u (%s)\n", username, hostname, port,
ssh_get_error(sshs));
goto failure;
}
#ifdef HAVE_LIBSSH_USERAUTH_AGENT
verbose_print("Connecting using ssh-agent...");
/* Try to authenticate using ssh agent */
if (ssh_userauth_agent(sshs, NULL) == SSH_AUTH_SUCCESS) {
verbose_print("done\n");
return sshs;
}
verbose_print("failed\n");
#endif
/* If a public key path has been provided, try to authenticate using it */
if (sshkey_path) {
ssh_key pkey = ssh_key_new();
int ret;
verbose_print("Connecting using public key in %s...", sshkey_path);
ret = ssh_pki_import_privkey_file(sshkey_path, sshkey_passphrase, NULL, NULL, &pkey);
if (ret == SSH_OK) {
if (ssh_userauth_publickey(sshs, NULL, pkey) == SSH_AUTH_SUCCESS) {
verbose_print("done\n");
ssh_key_free(pkey);
return sshs;
}
}
ssh_key_free(pkey);
verbose_print("failed (%s)\n", ssh_get_error(sshs));
}
/* Try to authenticate using standard public key */
verbose_print("Connecting using standard public key...");
if (ssh_userauth_publickey_auto(sshs, NULL, NULL) == SSH_AUTH_SUCCESS) {
verbose_print("done\n");
return sshs;
}
verbose_print("failed\n");
/* If a password has been provided and all previous attempts failed, try to use it */
if (password) {
verbose_print("Connecting using password...");
if (ssh_userauth_password(sshs, username, password) == SSH_AUTH_SUCCESS) {
verbose_print("done\n");
return sshs;
}
verbose_print("failed\n");
}
errmsg_print("Can't find a valid authentication. Disconnecting.\n");
/* All authentication failed. Disconnect and return */
ssh_disconnect(sshs);
failure:
ssh_free(sshs);
return NULL;
}
static void torture_auth_autopubkey_nonblocking(void **state) {
struct torture_state *s = *state;
ssh_session session = s->ssh.session;
int rc;
rc = ssh_options_set(session, SSH_OPTIONS_USER, TORTURE_SSH_USER_ALICE);
assert_int_equal(rc, SSH_OK);
rc = ssh_connect(session);
assert_int_equal(rc, SSH_OK);
ssh_set_blocking(session,0);
do {
rc = ssh_userauth_none(session, NULL);
} while (rc == SSH_AUTH_AGAIN);
/* This request should return a SSH_REQUEST_DENIED error */
if (rc == SSH_ERROR) {
assert_int_equal(ssh_get_error_code(session), SSH_REQUEST_DENIED);
}
rc = ssh_userauth_list(session, NULL);
assert_true(rc & SSH_AUTH_METHOD_PUBLICKEY);
do {
rc = ssh_userauth_publickey_auto(session, NULL, NULL);
} while (rc == SSH_AUTH_AGAIN);
assert_int_equal(rc, SSH_AUTH_SUCCESS);
}
static void torture_auth_autopubkey_nonblocking(void **state) {
ssh_session session = *state;
char *user = getenv("TORTURE_USER");
int rc;
if (user == NULL) {
print_message("*** Please set the environment variable TORTURE_USER"
" to enable this test!!\n");
return;
}
rc = ssh_options_set(session, SSH_OPTIONS_USER, user);
assert_true(rc == SSH_OK);
rc = ssh_connect(session);
assert_true(rc == SSH_OK);
ssh_set_blocking(session,0);
do {
rc = ssh_userauth_none(session, NULL);
} while (rc == SSH_AUTH_AGAIN);
/* This request should return a SSH_REQUEST_DENIED error */
if (rc == SSH_ERROR) {
assert_true(ssh_get_error_code(session) == SSH_REQUEST_DENIED);
}
rc = ssh_userauth_list(session, NULL);
assert_true(rc & SSH_AUTH_METHOD_PUBLICKEY);
do {
rc = ssh_userauth_publickey_auto(session, NULL, NULL);
} while (rc == SSH_AUTH_AGAIN);
assert_true(rc == SSH_AUTH_SUCCESS);
}
static void torture_auth_pubkey_types_ed25519_nonblocking(void **state)
{
struct torture_state *s = *state;
ssh_session session = s->ssh.session;
int rc;
rc = ssh_options_set(session, SSH_OPTIONS_USER, TORTURE_SSH_USER_ALICE);
assert_ssh_return_code(session, rc);
rc = ssh_connect(session);
assert_ssh_return_code(session, rc);
ssh_set_blocking(session, 0);
do {
rc = ssh_userauth_none(session, NULL);
} while (rc == SSH_AUTH_AGAIN);
/* This request should return a SSH_REQUEST_DENIED error */
if (rc == SSH_ERROR) {
assert_int_equal(ssh_get_error_code(session), SSH_REQUEST_DENIED);
}
rc = ssh_userauth_list(session, NULL);
assert_true(rc & SSH_AUTH_METHOD_PUBLICKEY);
/* Enable only DSA keys -- authentication should fail */
rc = ssh_options_set(session, SSH_OPTIONS_PUBLICKEY_ACCEPTED_TYPES,
"ssh-dss");
assert_ssh_return_code(session, rc);
do {
rc = ssh_userauth_publickey_auto(session, NULL, NULL);
} while (rc == SSH_AUTH_AGAIN);
assert_int_equal(rc, SSH_AUTH_DENIED);
/* Verify we can use also ED25519 key to authenticate */
rc = ssh_options_set(session, SSH_OPTIONS_PUBLICKEY_ACCEPTED_TYPES,
"ssh-ed25519");
assert_ssh_return_code(session, rc);
do {
rc = ssh_userauth_publickey_auto(session, NULL, NULL);
} while (rc == SSH_AUTH_AGAIN);
assert_int_equal(rc, SSH_AUTH_SUCCESS);
}
static void torture_auth_pubkey_types_nonblocking(void **state)
{
struct torture_state *s = *state;
ssh_session session = s->ssh.session;
int rc;
rc = ssh_options_set(session, SSH_OPTIONS_USER, TORTURE_SSH_USER_ALICE);
assert_ssh_return_code(session, rc);
rc = ssh_connect(session);
assert_ssh_return_code(session, rc);
ssh_set_blocking(session, 0);
do {
rc = ssh_userauth_none(session, NULL);
} while (rc == SSH_AUTH_AGAIN);
/* This request should return a SSH_REQUEST_DENIED error */
if (rc == SSH_ERROR) {
assert_int_equal(ssh_get_error_code(session), SSH_REQUEST_DENIED);
}
rc = ssh_userauth_list(session, NULL);
assert_true(rc & SSH_AUTH_METHOD_PUBLICKEY);
/* Disable RSA key types for authentication */
rc = ssh_options_set(session, SSH_OPTIONS_PUBLICKEY_ACCEPTED_TYPES,
"ssh-dss");
assert_ssh_return_code(session, rc);
do {
rc = ssh_userauth_publickey_auto(session, NULL, NULL);
} while (rc == SSH_AUTH_AGAIN);
assert_int_equal(rc, SSH_AUTH_DENIED);
/* Now enable it and retry */
rc = ssh_options_set(session, SSH_OPTIONS_PUBLICKEY_ACCEPTED_TYPES,
"rsa-sha2-512,ssh-rsa");
assert_ssh_return_code(session, rc);
do {
rc = ssh_userauth_publickey_auto(session, NULL, NULL);
} while (rc == SSH_AUTH_AGAIN);
assert_int_equal(rc, SSH_AUTH_SUCCESS);
}
int authenticate_ssh_session() {
int ret = ssh_userauth_publickey_auto(my_ssh_session, NULL, NULL);
if (ret == SSH_AUTH_ERROR) {
fprintf(stderr, "Authentication failed: %s\n",
ssh_get_error(my_ssh_session));
}
return ret;
}
static void torture_auth_pubkey_types_ecdsa(void **state)
{
struct torture_state *s = *state;
ssh_session session = s->ssh.session;
int rc;
rc = ssh_options_set(session, SSH_OPTIONS_USER, TORTURE_SSH_USER_ALICE);
assert_ssh_return_code(session, rc);
rc = ssh_connect(session);
assert_ssh_return_code(session, rc);
rc = ssh_userauth_none(session, NULL);
/* This request should return a SSH_REQUEST_DENIED error */
if (rc == SSH_ERROR) {
assert_int_equal(ssh_get_error_code(session), SSH_REQUEST_DENIED);
}
rc = ssh_userauth_list(session, NULL);
assert_true(rc & SSH_AUTH_METHOD_PUBLICKEY);
/* We have only the 256b key -- whitelisting only larger should fail */
rc = ssh_options_set(session, SSH_OPTIONS_PUBLICKEY_ACCEPTED_TYPES,
"ecdsa-sha2-nistp384");
assert_ssh_return_code(session, rc);
rc = ssh_userauth_publickey_auto(session, NULL, NULL);
assert_int_equal(rc, SSH_AUTH_DENIED);
/* Verify we can use also ECDSA keys with their various names */
rc = ssh_options_set(session, SSH_OPTIONS_PUBLICKEY_ACCEPTED_TYPES,
"ecdsa-sha2-nistp256");
assert_ssh_return_code(session, rc);
rc = ssh_userauth_publickey_auto(session, NULL, NULL);
assert_int_equal(rc, SSH_AUTH_SUCCESS);
}
int sn_authenticate_pubkey(ssh_session session) {
int rc;
rc = ssh_userauth_publickey_auto(session, NULL, NULL);
if (rc == SSH_AUTH_ERROR) {
std::cerr << "[ssh\tfail] Authentication failed: " << ssh_get_error(session) << std::endl;
return SSH_AUTH_ERROR;
}
if (rc == SSH_AUTH_DENIED) {
std::cerr << "[ssh\tfail] Access denied (publickey)" << std::endl;
return SSH_AUTH_DENIED;
}
return rc;
}
int main(int argc, char *argv[])
{
int fuse_stat;
ggnfs_data.remoteHost =argv[1];
ggnfs_data.rootdir = realpath(argv[2], NULL);
printf("hostname -> %s\n", ggnfs_data.remoteHost);
printf("rootdir -> %s\n", ggnfs_data.rootdir);
/* start new ssh session */
int rc;
ggnfs_data.session = ssh_new();
if (ggnfs_data.session == NULL)
exit(-1);
ssh_options_set(ggnfs_data.session, SSH_OPTIONS_HOST, ggnfs_data.remoteHost);
rc = ssh_connect(ggnfs_data.session);
if (rc != SSH_OK)
{
fprintf(stderr, "Error connecting to remoteHost: %s\n",
ssh_get_error(ggnfs_data.session));
ssh_free(ggnfs_data.session);
exit(-1);
}
// Verify the server's identity
// For the source code of verify_knowhost(), check previous example
if (verify_knownhost(ggnfs_data.session) < 0)
{
ssh_disconnect(ggnfs_data.session);
ssh_free(ggnfs_data.session);
exit(-1);
}
// Authenticate ourselves
//char * password = "******";// getpass("Password: "******"Error authenticating with password: %s\n",
ssh_get_error(ggnfs_data.session));
ssh_disconnect(ggnfs_data.session);
ssh_free(ggnfs_data.session);
exit(-1);
}
/** making sftp session **/
int rc_sftp;
ggnfs_data.sftp = sftp_new(ggnfs_data.session);
if (ggnfs_data.sftp == NULL)
{
fprintf(stderr, "Error allocating SFTP session: %s\n",
ssh_get_error(ggnfs_data.session));
// return SSH_ERROR;
}
rc_sftp = sftp_init(ggnfs_data.sftp);
if (rc_sftp != SSH_OK)
{
fprintf(stderr, "Error initializing SFTP session: %s.\n",
sftp_get_error(ggnfs_data.sftp));
sftp_free(ggnfs_data.sftp);
// return rc;
}
/* Adjusting agruments to pass to FUSE mount function*/
int i = 1;
for(; i < argc; ++i) {
argv[i] = argv[i+1];
}
argv[argc-1] = NULL;
argc--;
/*** TESTING: status working ***/
//printf("show_remote_ls\n");
//show_remote_ls(ggnfs_data->session);
sftp_list_dir(ggnfs_data.session, ggnfs_data.sftp);
printf("about to call fuse_main\n");
fuse_stat = fuse_main(argc, argv, &ggnfs_oper, NULL);
printf("fuse_main returned %d\n", fuse_stat);
ssh_disconnect(ggnfs_data.session);
ssh_free(ggnfs_data.session);
sftp_free(ggnfs_data.sftp);
return fuse_stat;
}
