sshconnect1.c revision 264377
1/* $OpenBSD: sshconnect1.c,v 1.74 2014/02/02 03:44:32 djm Exp $ */ 2/* 3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 5 * All rights reserved 6 * Code to connect to a remote host, and to perform the client side of the 7 * login (authentication) dialog. 8 * 9 * As far as I am concerned, the code I have written for this software 10 * can be used freely for any purpose. Any derived versions of this 11 * software must be clearly marked as such, and if the derived work is 12 * incompatible with the protocol description in the RFC file, it must be 13 * called by a name other than "ssh" or "Secure Shell". 14 */ 15 16#include "includes.h" 17 18#include <sys/types.h> 19#include <sys/socket.h> 20 21#include <openssl/bn.h> 22 23#include <stdarg.h> 24#include <stdio.h> 25#include <stdlib.h> 26#include <string.h> 27#include <signal.h> 28#include <pwd.h> 29 30#include "xmalloc.h" 31#include "ssh.h" 32#include "ssh1.h" 33#include "rsa.h" 34#include "buffer.h" 35#include "packet.h" 36#include "key.h" 37#include "cipher.h" 38#include "kex.h" 39#include "uidswap.h" 40#include "log.h" 41#include "readconf.h" 42#include "authfd.h" 43#include "sshconnect.h" 44#include "authfile.h" 45#include "misc.h" 46#include "canohost.h" 47#include "hostfile.h" 48#include "auth.h" 49#include "digest.h" 50 51/* Session id for the current session. */ 52u_char session_id[16]; 53u_int supported_authentications = 0; 54 55extern Options options; 56extern char *__progname; 57 58/* 59 * Checks if the user has an authentication agent, and if so, tries to 60 * authenticate using the agent. 61 */ 62static int 63try_agent_authentication(void) 64{ 65 int type; 66 char *comment; 67 AuthenticationConnection *auth; 68 u_char response[16]; 69 u_int i; 70 Key *key; 71 BIGNUM *challenge; 72 73 /* Get connection to the agent. */ 74 auth = ssh_get_authentication_connection(); 75 if (!auth) 76 return 0; 77 78 if ((challenge = BN_new()) == NULL) 79 fatal("try_agent_authentication: BN_new failed"); 80 /* Loop through identities served by the agent. */ 81 for (key = ssh_get_first_identity(auth, &comment, 1); 82 key != NULL; 83 key = ssh_get_next_identity(auth, &comment, 1)) { 84 85 /* Try this identity. */ 86 debug("Trying RSA authentication via agent with '%.100s'", comment); 87 free(comment); 88 89 /* Tell the server that we are willing to authenticate using this key. */ 90 packet_start(SSH_CMSG_AUTH_RSA); 91 packet_put_bignum(key->rsa->n); 92 packet_send(); 93 packet_write_wait(); 94 95 /* Wait for server's response. */ 96 type = packet_read(); 97 98 /* The server sends failure if it doesn't like our key or 99 does not support RSA authentication. */ 100 if (type == SSH_SMSG_FAILURE) { 101 debug("Server refused our key."); 102 key_free(key); 103 continue; 104 } 105 /* Otherwise it should have sent a challenge. */ 106 if (type != SSH_SMSG_AUTH_RSA_CHALLENGE) 107 packet_disconnect("Protocol error during RSA authentication: %d", 108 type); 109 110 packet_get_bignum(challenge); 111 packet_check_eom(); 112 113 debug("Received RSA challenge from server."); 114 115 /* Ask the agent to decrypt the challenge. */ 116 if (!ssh_decrypt_challenge(auth, key, challenge, session_id, 1, response)) { 117 /* 118 * The agent failed to authenticate this identifier 119 * although it advertised it supports this. Just 120 * return a wrong value. 121 */ 122 logit("Authentication agent failed to decrypt challenge."); 123 explicit_bzero(response, sizeof(response)); 124 } 125 key_free(key); 126 debug("Sending response to RSA challenge."); 127 128 /* Send the decrypted challenge back to the server. */ 129 packet_start(SSH_CMSG_AUTH_RSA_RESPONSE); 130 for (i = 0; i < 16; i++) 131 packet_put_char(response[i]); 132 packet_send(); 133 packet_write_wait(); 134 135 /* Wait for response from the server. */ 136 type = packet_read(); 137 138 /* The server returns success if it accepted the authentication. */ 139 if (type == SSH_SMSG_SUCCESS) { 140 ssh_close_authentication_connection(auth); 141 BN_clear_free(challenge); 142 debug("RSA authentication accepted by server."); 143 return 1; 144 } 145 /* Otherwise it should return failure. */ 146 if (type != SSH_SMSG_FAILURE) 147 packet_disconnect("Protocol error waiting RSA auth response: %d", 148 type); 149 } 150 ssh_close_authentication_connection(auth); 151 BN_clear_free(challenge); 152 debug("RSA authentication using agent refused."); 153 return 0; 154} 155 156/* 157 * Computes the proper response to a RSA challenge, and sends the response to 158 * the server. 159 */ 160static void 161respond_to_rsa_challenge(BIGNUM * challenge, RSA * prv) 162{ 163 u_char buf[32], response[16]; 164 struct ssh_digest_ctx *md; 165 int i, len; 166 167 /* Decrypt the challenge using the private key. */ 168 /* XXX think about Bleichenbacher, too */ 169 if (rsa_private_decrypt(challenge, challenge, prv) <= 0) 170 packet_disconnect( 171 "respond_to_rsa_challenge: rsa_private_decrypt failed"); 172 173 /* Compute the response. */ 174 /* The response is MD5 of decrypted challenge plus session id. */ 175 len = BN_num_bytes(challenge); 176 if (len <= 0 || (u_int)len > sizeof(buf)) 177 packet_disconnect( 178 "respond_to_rsa_challenge: bad challenge length %d", len); 179 180 memset(buf, 0, sizeof(buf)); 181 BN_bn2bin(challenge, buf + sizeof(buf) - len); 182 if ((md = ssh_digest_start(SSH_DIGEST_MD5)) == NULL || 183 ssh_digest_update(md, buf, 32) < 0 || 184 ssh_digest_update(md, session_id, 16) < 0 || 185 ssh_digest_final(md, response, sizeof(response)) < 0) 186 fatal("%s: md5 failed", __func__); 187 ssh_digest_free(md); 188 189 debug("Sending response to host key RSA challenge."); 190 191 /* Send the response back to the server. */ 192 packet_start(SSH_CMSG_AUTH_RSA_RESPONSE); 193 for (i = 0; i < 16; i++) 194 packet_put_char(response[i]); 195 packet_send(); 196 packet_write_wait(); 197 198 explicit_bzero(buf, sizeof(buf)); 199 explicit_bzero(response, sizeof(response)); 200 explicit_bzero(&md, sizeof(md)); 201} 202 203/* 204 * Checks if the user has authentication file, and if so, tries to authenticate 205 * the user using it. 206 */ 207static int 208try_rsa_authentication(int idx) 209{ 210 BIGNUM *challenge; 211 Key *public, *private; 212 char buf[300], *passphrase, *comment, *authfile; 213 int i, perm_ok = 1, type, quit; 214 215 public = options.identity_keys[idx]; 216 authfile = options.identity_files[idx]; 217 comment = xstrdup(authfile); 218 219 debug("Trying RSA authentication with key '%.100s'", comment); 220 221 /* Tell the server that we are willing to authenticate using this key. */ 222 packet_start(SSH_CMSG_AUTH_RSA); 223 packet_put_bignum(public->rsa->n); 224 packet_send(); 225 packet_write_wait(); 226 227 /* Wait for server's response. */ 228 type = packet_read(); 229 230 /* 231 * The server responds with failure if it doesn't like our key or 232 * doesn't support RSA authentication. 233 */ 234 if (type == SSH_SMSG_FAILURE) { 235 debug("Server refused our key."); 236 free(comment); 237 return 0; 238 } 239 /* Otherwise, the server should respond with a challenge. */ 240 if (type != SSH_SMSG_AUTH_RSA_CHALLENGE) 241 packet_disconnect("Protocol error during RSA authentication: %d", type); 242 243 /* Get the challenge from the packet. */ 244 if ((challenge = BN_new()) == NULL) 245 fatal("try_rsa_authentication: BN_new failed"); 246 packet_get_bignum(challenge); 247 packet_check_eom(); 248 249 debug("Received RSA challenge from server."); 250 251 /* 252 * If the key is not stored in external hardware, we have to 253 * load the private key. Try first with empty passphrase; if it 254 * fails, ask for a passphrase. 255 */ 256 if (public->flags & KEY_FLAG_EXT) 257 private = public; 258 else 259 private = key_load_private_type(KEY_RSA1, authfile, "", NULL, 260 &perm_ok); 261 if (private == NULL && !options.batch_mode && perm_ok) { 262 snprintf(buf, sizeof(buf), 263 "Enter passphrase for RSA key '%.100s': ", comment); 264 for (i = 0; i < options.number_of_password_prompts; i++) { 265 passphrase = read_passphrase(buf, 0); 266 if (strcmp(passphrase, "") != 0) { 267 private = key_load_private_type(KEY_RSA1, 268 authfile, passphrase, NULL, NULL); 269 quit = 0; 270 } else { 271 debug2("no passphrase given, try next key"); 272 quit = 1; 273 } 274 explicit_bzero(passphrase, strlen(passphrase)); 275 free(passphrase); 276 if (private != NULL || quit) 277 break; 278 debug2("bad passphrase given, try again..."); 279 } 280 } 281 /* We no longer need the comment. */ 282 free(comment); 283 284 if (private == NULL) { 285 if (!options.batch_mode && perm_ok) 286 error("Bad passphrase."); 287 288 /* Send a dummy response packet to avoid protocol error. */ 289 packet_start(SSH_CMSG_AUTH_RSA_RESPONSE); 290 for (i = 0; i < 16; i++) 291 packet_put_char(0); 292 packet_send(); 293 packet_write_wait(); 294 295 /* Expect the server to reject it... */ 296 packet_read_expect(SSH_SMSG_FAILURE); 297 BN_clear_free(challenge); 298 return 0; 299 } 300 301 /* Compute and send a response to the challenge. */ 302 respond_to_rsa_challenge(challenge, private->rsa); 303 304 /* Destroy the private key unless it in external hardware. */ 305 if (!(private->flags & KEY_FLAG_EXT)) 306 key_free(private); 307 308 /* We no longer need the challenge. */ 309 BN_clear_free(challenge); 310 311 /* Wait for response from the server. */ 312 type = packet_read(); 313 if (type == SSH_SMSG_SUCCESS) { 314 debug("RSA authentication accepted by server."); 315 return 1; 316 } 317 if (type != SSH_SMSG_FAILURE) 318 packet_disconnect("Protocol error waiting RSA auth response: %d", type); 319 debug("RSA authentication refused."); 320 return 0; 321} 322 323/* 324 * Tries to authenticate the user using combined rhosts or /etc/hosts.equiv 325 * authentication and RSA host authentication. 326 */ 327static int 328try_rhosts_rsa_authentication(const char *local_user, Key * host_key) 329{ 330 int type; 331 BIGNUM *challenge; 332 333 debug("Trying rhosts or /etc/hosts.equiv with RSA host authentication."); 334 335 /* Tell the server that we are willing to authenticate using this key. */ 336 packet_start(SSH_CMSG_AUTH_RHOSTS_RSA); 337 packet_put_cstring(local_user); 338 packet_put_int(BN_num_bits(host_key->rsa->n)); 339 packet_put_bignum(host_key->rsa->e); 340 packet_put_bignum(host_key->rsa->n); 341 packet_send(); 342 packet_write_wait(); 343 344 /* Wait for server's response. */ 345 type = packet_read(); 346 347 /* The server responds with failure if it doesn't admit our 348 .rhosts authentication or doesn't know our host key. */ 349 if (type == SSH_SMSG_FAILURE) { 350 debug("Server refused our rhosts authentication or host key."); 351 return 0; 352 } 353 /* Otherwise, the server should respond with a challenge. */ 354 if (type != SSH_SMSG_AUTH_RSA_CHALLENGE) 355 packet_disconnect("Protocol error during RSA authentication: %d", type); 356 357 /* Get the challenge from the packet. */ 358 if ((challenge = BN_new()) == NULL) 359 fatal("try_rhosts_rsa_authentication: BN_new failed"); 360 packet_get_bignum(challenge); 361 packet_check_eom(); 362 363 debug("Received RSA challenge for host key from server."); 364 365 /* Compute a response to the challenge. */ 366 respond_to_rsa_challenge(challenge, host_key->rsa); 367 368 /* We no longer need the challenge. */ 369 BN_clear_free(challenge); 370 371 /* Wait for response from the server. */ 372 type = packet_read(); 373 if (type == SSH_SMSG_SUCCESS) { 374 debug("Rhosts or /etc/hosts.equiv with RSA host authentication accepted by server."); 375 return 1; 376 } 377 if (type != SSH_SMSG_FAILURE) 378 packet_disconnect("Protocol error waiting RSA auth response: %d", type); 379 debug("Rhosts or /etc/hosts.equiv with RSA host authentication refused."); 380 return 0; 381} 382 383/* 384 * Tries to authenticate with any string-based challenge/response system. 385 * Note that the client code is not tied to s/key or TIS. 386 */ 387static int 388try_challenge_response_authentication(void) 389{ 390 int type, i; 391 u_int clen; 392 char prompt[1024]; 393 char *challenge, *response; 394 395 debug("Doing challenge response authentication."); 396 397 for (i = 0; i < options.number_of_password_prompts; i++) { 398 /* request a challenge */ 399 packet_start(SSH_CMSG_AUTH_TIS); 400 packet_send(); 401 packet_write_wait(); 402 403 type = packet_read(); 404 if (type != SSH_SMSG_FAILURE && 405 type != SSH_SMSG_AUTH_TIS_CHALLENGE) { 406 packet_disconnect("Protocol error: got %d in response " 407 "to SSH_CMSG_AUTH_TIS", type); 408 } 409 if (type != SSH_SMSG_AUTH_TIS_CHALLENGE) { 410 debug("No challenge."); 411 return 0; 412 } 413 challenge = packet_get_string(&clen); 414 packet_check_eom(); 415 snprintf(prompt, sizeof prompt, "%s%s", challenge, 416 strchr(challenge, '\n') ? "" : "\nResponse: "); 417 free(challenge); 418 if (i != 0) 419 error("Permission denied, please try again."); 420 if (options.cipher == SSH_CIPHER_NONE) 421 logit("WARNING: Encryption is disabled! " 422 "Response will be transmitted in clear text."); 423 response = read_passphrase(prompt, 0); 424 if (strcmp(response, "") == 0) { 425 free(response); 426 break; 427 } 428 packet_start(SSH_CMSG_AUTH_TIS_RESPONSE); 429 ssh_put_password(response); 430 explicit_bzero(response, strlen(response)); 431 free(response); 432 packet_send(); 433 packet_write_wait(); 434 type = packet_read(); 435 if (type == SSH_SMSG_SUCCESS) 436 return 1; 437 if (type != SSH_SMSG_FAILURE) 438 packet_disconnect("Protocol error: got %d in response " 439 "to SSH_CMSG_AUTH_TIS_RESPONSE", type); 440 } 441 /* failure */ 442 return 0; 443} 444 445/* 446 * Tries to authenticate with plain passwd authentication. 447 */ 448static int 449try_password_authentication(char *prompt) 450{ 451 int type, i; 452 char *password; 453 454 debug("Doing password authentication."); 455 if (options.cipher == SSH_CIPHER_NONE) 456 logit("WARNING: Encryption is disabled! Password will be transmitted in clear text."); 457 for (i = 0; i < options.number_of_password_prompts; i++) { 458 if (i != 0) 459 error("Permission denied, please try again."); 460 password = read_passphrase(prompt, 0); 461 packet_start(SSH_CMSG_AUTH_PASSWORD); 462 ssh_put_password(password); 463 explicit_bzero(password, strlen(password)); 464 free(password); 465 packet_send(); 466 packet_write_wait(); 467 468 type = packet_read(); 469 if (type == SSH_SMSG_SUCCESS) 470 return 1; 471 if (type != SSH_SMSG_FAILURE) 472 packet_disconnect("Protocol error: got %d in response to passwd auth", type); 473 } 474 /* failure */ 475 return 0; 476} 477 478/* 479 * SSH1 key exchange 480 */ 481void 482ssh_kex(char *host, struct sockaddr *hostaddr) 483{ 484 int i; 485 BIGNUM *key; 486 Key *host_key, *server_key; 487 int bits, rbits; 488 int ssh_cipher_default = SSH_CIPHER_3DES; 489 u_char session_key[SSH_SESSION_KEY_LENGTH]; 490 u_char cookie[8]; 491 u_int supported_ciphers; 492 u_int server_flags, client_flags; 493 u_int32_t rnd = 0; 494 495 debug("Waiting for server public key."); 496 497 /* Wait for a public key packet from the server. */ 498 packet_read_expect(SSH_SMSG_PUBLIC_KEY); 499 500 /* Get cookie from the packet. */ 501 for (i = 0; i < 8; i++) 502 cookie[i] = packet_get_char(); 503 504 /* Get the public key. */ 505 server_key = key_new(KEY_RSA1); 506 bits = packet_get_int(); 507 packet_get_bignum(server_key->rsa->e); 508 packet_get_bignum(server_key->rsa->n); 509 510 rbits = BN_num_bits(server_key->rsa->n); 511 if (bits != rbits) { 512 logit("Warning: Server lies about size of server public key: " 513 "actual size is %d bits vs. announced %d.", rbits, bits); 514 logit("Warning: This may be due to an old implementation of ssh."); 515 } 516 /* Get the host key. */ 517 host_key = key_new(KEY_RSA1); 518 bits = packet_get_int(); 519 packet_get_bignum(host_key->rsa->e); 520 packet_get_bignum(host_key->rsa->n); 521 522 rbits = BN_num_bits(host_key->rsa->n); 523 if (bits != rbits) { 524 logit("Warning: Server lies about size of server host key: " 525 "actual size is %d bits vs. announced %d.", rbits, bits); 526 logit("Warning: This may be due to an old implementation of ssh."); 527 } 528 529 /* Get protocol flags. */ 530 server_flags = packet_get_int(); 531 packet_set_protocol_flags(server_flags); 532 533 supported_ciphers = packet_get_int(); 534 supported_authentications = packet_get_int(); 535 packet_check_eom(); 536 537 debug("Received server public key (%d bits) and host key (%d bits).", 538 BN_num_bits(server_key->rsa->n), BN_num_bits(host_key->rsa->n)); 539 540 if (verify_host_key(host, hostaddr, host_key) == -1) 541 fatal("Host key verification failed."); 542 543 client_flags = SSH_PROTOFLAG_SCREEN_NUMBER | SSH_PROTOFLAG_HOST_IN_FWD_OPEN; 544 545 derive_ssh1_session_id(host_key->rsa->n, server_key->rsa->n, cookie, session_id); 546 547 /* 548 * Generate an encryption key for the session. The key is a 256 bit 549 * random number, interpreted as a 32-byte key, with the least 550 * significant 8 bits being the first byte of the key. 551 */ 552 for (i = 0; i < 32; i++) { 553 if (i % 4 == 0) 554 rnd = arc4random(); 555 session_key[i] = rnd & 0xff; 556 rnd >>= 8; 557 } 558 559 /* 560 * According to the protocol spec, the first byte of the session key 561 * is the highest byte of the integer. The session key is xored with 562 * the first 16 bytes of the session id. 563 */ 564 if ((key = BN_new()) == NULL) 565 fatal("ssh_kex: BN_new failed"); 566 if (BN_set_word(key, 0) == 0) 567 fatal("ssh_kex: BN_set_word failed"); 568 for (i = 0; i < SSH_SESSION_KEY_LENGTH; i++) { 569 if (BN_lshift(key, key, 8) == 0) 570 fatal("ssh_kex: BN_lshift failed"); 571 if (i < 16) { 572 if (BN_add_word(key, session_key[i] ^ session_id[i]) 573 == 0) 574 fatal("ssh_kex: BN_add_word failed"); 575 } else { 576 if (BN_add_word(key, session_key[i]) == 0) 577 fatal("ssh_kex: BN_add_word failed"); 578 } 579 } 580 581 /* 582 * Encrypt the integer using the public key and host key of the 583 * server (key with smaller modulus first). 584 */ 585 if (BN_cmp(server_key->rsa->n, host_key->rsa->n) < 0) { 586 /* Public key has smaller modulus. */ 587 if (BN_num_bits(host_key->rsa->n) < 588 BN_num_bits(server_key->rsa->n) + SSH_KEY_BITS_RESERVED) { 589 fatal("respond_to_rsa_challenge: host_key %d < server_key %d + " 590 "SSH_KEY_BITS_RESERVED %d", 591 BN_num_bits(host_key->rsa->n), 592 BN_num_bits(server_key->rsa->n), 593 SSH_KEY_BITS_RESERVED); 594 } 595 rsa_public_encrypt(key, key, server_key->rsa); 596 rsa_public_encrypt(key, key, host_key->rsa); 597 } else { 598 /* Host key has smaller modulus (or they are equal). */ 599 if (BN_num_bits(server_key->rsa->n) < 600 BN_num_bits(host_key->rsa->n) + SSH_KEY_BITS_RESERVED) { 601 fatal("respond_to_rsa_challenge: server_key %d < host_key %d + " 602 "SSH_KEY_BITS_RESERVED %d", 603 BN_num_bits(server_key->rsa->n), 604 BN_num_bits(host_key->rsa->n), 605 SSH_KEY_BITS_RESERVED); 606 } 607 rsa_public_encrypt(key, key, host_key->rsa); 608 rsa_public_encrypt(key, key, server_key->rsa); 609 } 610 611 /* Destroy the public keys since we no longer need them. */ 612 key_free(server_key); 613 key_free(host_key); 614 615 if (options.cipher == SSH_CIPHER_NOT_SET) { 616 if (cipher_mask_ssh1(1) & supported_ciphers & (1 << ssh_cipher_default)) 617 options.cipher = ssh_cipher_default; 618 } else if (options.cipher == SSH_CIPHER_INVALID || 619 !(cipher_mask_ssh1(1) & (1 << options.cipher))) { 620 logit("No valid SSH1 cipher, using %.100s instead.", 621 cipher_name(ssh_cipher_default)); 622 options.cipher = ssh_cipher_default; 623 } 624 /* Check that the selected cipher is supported. */ 625 if (!(supported_ciphers & (1 << options.cipher))) 626 fatal("Selected cipher type %.100s not supported by server.", 627 cipher_name(options.cipher)); 628 629 debug("Encryption type: %.100s", cipher_name(options.cipher)); 630 631 /* Send the encrypted session key to the server. */ 632 packet_start(SSH_CMSG_SESSION_KEY); 633 packet_put_char(options.cipher); 634 635 /* Send the cookie back to the server. */ 636 for (i = 0; i < 8; i++) 637 packet_put_char(cookie[i]); 638 639 /* Send and destroy the encrypted encryption key integer. */ 640 packet_put_bignum(key); 641 BN_clear_free(key); 642 643 /* Send protocol flags. */ 644 packet_put_int(client_flags); 645 646 /* Send the packet now. */ 647 packet_send(); 648 packet_write_wait(); 649 650 debug("Sent encrypted session key."); 651 652 /* Set the encryption key. */ 653 packet_set_encryption_key(session_key, SSH_SESSION_KEY_LENGTH, options.cipher); 654 655 /* 656 * We will no longer need the session key here. 657 * Destroy any extra copies. 658 */ 659 explicit_bzero(session_key, sizeof(session_key)); 660 661 /* 662 * Expect a success message from the server. Note that this message 663 * will be received in encrypted form. 664 */ 665 packet_read_expect(SSH_SMSG_SUCCESS); 666 667 debug("Received encrypted confirmation."); 668} 669 670/* 671 * Authenticate user 672 */ 673void 674ssh_userauth1(const char *local_user, const char *server_user, char *host, 675 Sensitive *sensitive) 676{ 677 int i, type; 678 679 if (supported_authentications == 0) 680 fatal("ssh_userauth1: server supports no auth methods"); 681 682 /* Send the name of the user to log in as on the server. */ 683 packet_start(SSH_CMSG_USER); 684 packet_put_cstring(server_user); 685 packet_send(); 686 packet_write_wait(); 687 688 /* 689 * The server should respond with success if no authentication is 690 * needed (the user has no password). Otherwise the server responds 691 * with failure. 692 */ 693 type = packet_read(); 694 695 /* check whether the connection was accepted without authentication. */ 696 if (type == SSH_SMSG_SUCCESS) 697 goto success; 698 if (type != SSH_SMSG_FAILURE) 699 packet_disconnect("Protocol error: got %d in response to SSH_CMSG_USER", type); 700 701 /* 702 * Try .rhosts or /etc/hosts.equiv authentication with RSA host 703 * authentication. 704 */ 705 if ((supported_authentications & (1 << SSH_AUTH_RHOSTS_RSA)) && 706 options.rhosts_rsa_authentication) { 707 for (i = 0; i < sensitive->nkeys; i++) { 708 if (sensitive->keys[i] != NULL && 709 sensitive->keys[i]->type == KEY_RSA1 && 710 try_rhosts_rsa_authentication(local_user, 711 sensitive->keys[i])) 712 goto success; 713 } 714 } 715 /* Try RSA authentication if the server supports it. */ 716 if ((supported_authentications & (1 << SSH_AUTH_RSA)) && 717 options.rsa_authentication) { 718 /* 719 * Try RSA authentication using the authentication agent. The 720 * agent is tried first because no passphrase is needed for 721 * it, whereas identity files may require passphrases. 722 */ 723 if (try_agent_authentication()) 724 goto success; 725 726 /* Try RSA authentication for each identity. */ 727 for (i = 0; i < options.num_identity_files; i++) 728 if (options.identity_keys[i] != NULL && 729 options.identity_keys[i]->type == KEY_RSA1 && 730 try_rsa_authentication(i)) 731 goto success; 732 } 733 /* Try challenge response authentication if the server supports it. */ 734 if ((supported_authentications & (1 << SSH_AUTH_TIS)) && 735 options.challenge_response_authentication && !options.batch_mode) { 736 if (try_challenge_response_authentication()) 737 goto success; 738 } 739 /* Try password authentication if the server supports it. */ 740 if ((supported_authentications & (1 << SSH_AUTH_PASSWORD)) && 741 options.password_authentication && !options.batch_mode) { 742 char prompt[80]; 743 744 snprintf(prompt, sizeof(prompt), "%.30s@%.128s's password: ", 745 server_user, host); 746 if (try_password_authentication(prompt)) 747 goto success; 748 } 749 /* All authentication methods have failed. Exit with an error message. */ 750 fatal("Permission denied."); 751 /* NOTREACHED */ 752 753 success: 754 return; /* need statement after label */ 755} 756