sshconnect1.c revision 296781
1/* $OpenBSD: sshconnect1.c,v 1.78 2015/11/15 22:26:49 jcs Exp $ */ 2/* 3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 5 * All rights reserved 6 * Code to connect to a remote host, and to perform the client side of the 7 * login (authentication) dialog. 8 * 9 * As far as I am concerned, the code I have written for this software 10 * can be used freely for any purpose. Any derived versions of this 11 * software must be clearly marked as such, and if the derived work is 12 * incompatible with the protocol description in the RFC file, it must be 13 * called by a name other than "ssh" or "Secure Shell". 14 */ 15 16#include "includes.h" 17 18#ifdef WITH_SSH1 19 20#include <sys/types.h> 21#include <sys/socket.h> 22 23#include <openssl/bn.h> 24 25#include <errno.h> 26#include <stdarg.h> 27#include <stdio.h> 28#include <stdlib.h> 29#include <string.h> 30#include <signal.h> 31#include <pwd.h> 32 33#include "xmalloc.h" 34#include "ssh.h" 35#include "ssh1.h" 36#include "rsa.h" 37#include "buffer.h" 38#include "packet.h" 39#include "key.h" 40#include "cipher.h" 41#include "kex.h" 42#include "uidswap.h" 43#include "log.h" 44#include "misc.h" 45#include "readconf.h" 46#include "authfd.h" 47#include "sshconnect.h" 48#include "authfile.h" 49#include "canohost.h" 50#include "hostfile.h" 51#include "auth.h" 52#include "digest.h" 53#include "ssherr.h" 54 55/* Session id for the current session. */ 56u_char session_id[16]; 57u_int supported_authentications = 0; 58 59extern Options options; 60extern char *__progname; 61 62/* 63 * Checks if the user has an authentication agent, and if so, tries to 64 * authenticate using the agent. 65 */ 66static int 67try_agent_authentication(void) 68{ 69 int r, type, agent_fd, ret = 0; 70 u_char response[16]; 71 size_t i; 72 BIGNUM *challenge; 73 struct ssh_identitylist *idlist = NULL; 74 75 /* Get connection to the agent. */ 76 if ((r = ssh_get_authentication_socket(&agent_fd)) != 0) { 77 if (r != SSH_ERR_AGENT_NOT_PRESENT) 78 debug("%s: ssh_get_authentication_socket: %s", 79 __func__, ssh_err(r)); 80 return 0; 81 } 82 83 if ((challenge = BN_new()) == NULL) 84 fatal("try_agent_authentication: BN_new failed"); 85 86 /* Loop through identities served by the agent. */ 87 if ((r = ssh_fetch_identitylist(agent_fd, 1, &idlist)) != 0) { 88 if (r != SSH_ERR_AGENT_NO_IDENTITIES) 89 debug("%s: ssh_fetch_identitylist: %s", 90 __func__, ssh_err(r)); 91 goto out; 92 } 93 for (i = 0; i < idlist->nkeys; i++) { 94 /* Try this identity. */ 95 debug("Trying RSA authentication via agent with '%.100s'", 96 idlist->comments[i]); 97 98 /* Tell the server that we are willing to authenticate using this key. */ 99 packet_start(SSH_CMSG_AUTH_RSA); 100 packet_put_bignum(idlist->keys[i]->rsa->n); 101 packet_send(); 102 packet_write_wait(); 103 104 /* Wait for server's response. */ 105 type = packet_read(); 106 107 /* The server sends failure if it doesn't like our key or 108 does not support RSA authentication. */ 109 if (type == SSH_SMSG_FAILURE) { 110 debug("Server refused our key."); 111 continue; 112 } 113 /* Otherwise it should have sent a challenge. */ 114 if (type != SSH_SMSG_AUTH_RSA_CHALLENGE) 115 packet_disconnect("Protocol error during RSA authentication: %d", 116 type); 117 118 packet_get_bignum(challenge); 119 packet_check_eom(); 120 121 debug("Received RSA challenge from server."); 122 123 /* Ask the agent to decrypt the challenge. */ 124 if ((r = ssh_decrypt_challenge(agent_fd, idlist->keys[i], 125 challenge, session_id, response)) != 0) { 126 /* 127 * The agent failed to authenticate this identifier 128 * although it advertised it supports this. Just 129 * return a wrong value. 130 */ 131 logit("Authentication agent failed to decrypt " 132 "challenge: %s", ssh_err(r)); 133 explicit_bzero(response, sizeof(response)); 134 } 135 debug("Sending response to RSA challenge."); 136 137 /* Send the decrypted challenge back to the server. */ 138 packet_start(SSH_CMSG_AUTH_RSA_RESPONSE); 139 for (i = 0; i < 16; i++) 140 packet_put_char(response[i]); 141 packet_send(); 142 packet_write_wait(); 143 144 /* Wait for response from the server. */ 145 type = packet_read(); 146 147 /* 148 * The server returns success if it accepted the 149 * authentication. 150 */ 151 if (type == SSH_SMSG_SUCCESS) { 152 debug("RSA authentication accepted by server."); 153 ret = 1; 154 break; 155 } else if (type != SSH_SMSG_FAILURE) 156 packet_disconnect("Protocol error waiting RSA auth " 157 "response: %d", type); 158 } 159 if (ret != 1) 160 debug("RSA authentication using agent refused."); 161 out: 162 ssh_free_identitylist(idlist); 163 ssh_close_authentication_socket(agent_fd); 164 BN_clear_free(challenge); 165 return ret; 166} 167 168/* 169 * Computes the proper response to a RSA challenge, and sends the response to 170 * the server. 171 */ 172static void 173respond_to_rsa_challenge(BIGNUM * challenge, RSA * prv) 174{ 175 u_char buf[32], response[16]; 176 struct ssh_digest_ctx *md; 177 int i, len; 178 179 /* Decrypt the challenge using the private key. */ 180 /* XXX think about Bleichenbacher, too */ 181 if (rsa_private_decrypt(challenge, challenge, prv) != 0) 182 packet_disconnect( 183 "respond_to_rsa_challenge: rsa_private_decrypt failed"); 184 185 /* Compute the response. */ 186 /* The response is MD5 of decrypted challenge plus session id. */ 187 len = BN_num_bytes(challenge); 188 if (len <= 0 || (u_int)len > sizeof(buf)) 189 packet_disconnect( 190 "respond_to_rsa_challenge: bad challenge length %d", len); 191 192 memset(buf, 0, sizeof(buf)); 193 BN_bn2bin(challenge, buf + sizeof(buf) - len); 194 if ((md = ssh_digest_start(SSH_DIGEST_MD5)) == NULL || 195 ssh_digest_update(md, buf, 32) < 0 || 196 ssh_digest_update(md, session_id, 16) < 0 || 197 ssh_digest_final(md, response, sizeof(response)) < 0) 198 fatal("%s: md5 failed", __func__); 199 ssh_digest_free(md); 200 201 debug("Sending response to host key RSA challenge."); 202 203 /* Send the response back to the server. */ 204 packet_start(SSH_CMSG_AUTH_RSA_RESPONSE); 205 for (i = 0; i < 16; i++) 206 packet_put_char(response[i]); 207 packet_send(); 208 packet_write_wait(); 209 210 explicit_bzero(buf, sizeof(buf)); 211 explicit_bzero(response, sizeof(response)); 212 explicit_bzero(&md, sizeof(md)); 213} 214 215/* 216 * Checks if the user has authentication file, and if so, tries to authenticate 217 * the user using it. 218 */ 219static int 220try_rsa_authentication(int idx) 221{ 222 BIGNUM *challenge; 223 Key *public, *private; 224 char buf[300], *passphrase = NULL, *comment, *authfile; 225 int i, perm_ok = 1, type, quit; 226 227 public = options.identity_keys[idx]; 228 authfile = options.identity_files[idx]; 229 comment = xstrdup(authfile); 230 231 debug("Trying RSA authentication with key '%.100s'", comment); 232 233 /* Tell the server that we are willing to authenticate using this key. */ 234 packet_start(SSH_CMSG_AUTH_RSA); 235 packet_put_bignum(public->rsa->n); 236 packet_send(); 237 packet_write_wait(); 238 239 /* Wait for server's response. */ 240 type = packet_read(); 241 242 /* 243 * The server responds with failure if it doesn't like our key or 244 * doesn't support RSA authentication. 245 */ 246 if (type == SSH_SMSG_FAILURE) { 247 debug("Server refused our key."); 248 free(comment); 249 return 0; 250 } 251 /* Otherwise, the server should respond with a challenge. */ 252 if (type != SSH_SMSG_AUTH_RSA_CHALLENGE) 253 packet_disconnect("Protocol error during RSA authentication: %d", type); 254 255 /* Get the challenge from the packet. */ 256 if ((challenge = BN_new()) == NULL) 257 fatal("try_rsa_authentication: BN_new failed"); 258 packet_get_bignum(challenge); 259 packet_check_eom(); 260 261 debug("Received RSA challenge from server."); 262 263 /* 264 * If the key is not stored in external hardware, we have to 265 * load the private key. Try first with empty passphrase; if it 266 * fails, ask for a passphrase. 267 */ 268 if (public->flags & SSHKEY_FLAG_EXT) 269 private = public; 270 else 271 private = key_load_private_type(KEY_RSA1, authfile, "", NULL, 272 &perm_ok); 273 if (private == NULL && !options.batch_mode && perm_ok) { 274 snprintf(buf, sizeof(buf), 275 "Enter passphrase for RSA key '%.100s': ", comment); 276 for (i = 0; i < options.number_of_password_prompts; i++) { 277 passphrase = read_passphrase(buf, 0); 278 if (strcmp(passphrase, "") != 0) { 279 private = key_load_private_type(KEY_RSA1, 280 authfile, passphrase, NULL, NULL); 281 quit = 0; 282 } else { 283 debug2("no passphrase given, try next key"); 284 quit = 1; 285 } 286 if (private != NULL || quit) 287 break; 288 debug2("bad passphrase given, try again..."); 289 } 290 } 291 292 if (private != NULL) 293 maybe_add_key_to_agent(authfile, private, comment, passphrase); 294 295 if (passphrase != NULL) { 296 explicit_bzero(passphrase, strlen(passphrase)); 297 free(passphrase); 298 } 299 300 /* We no longer need the comment. */ 301 free(comment); 302 303 if (private == NULL) { 304 if (!options.batch_mode && perm_ok) 305 error("Bad passphrase."); 306 307 /* Send a dummy response packet to avoid protocol error. */ 308 packet_start(SSH_CMSG_AUTH_RSA_RESPONSE); 309 for (i = 0; i < 16; i++) 310 packet_put_char(0); 311 packet_send(); 312 packet_write_wait(); 313 314 /* Expect the server to reject it... */ 315 packet_read_expect(SSH_SMSG_FAILURE); 316 BN_clear_free(challenge); 317 return 0; 318 } 319 320 /* Compute and send a response to the challenge. */ 321 respond_to_rsa_challenge(challenge, private->rsa); 322 323 /* Destroy the private key unless it in external hardware. */ 324 if (!(private->flags & SSHKEY_FLAG_EXT)) 325 key_free(private); 326 327 /* We no longer need the challenge. */ 328 BN_clear_free(challenge); 329 330 /* Wait for response from the server. */ 331 type = packet_read(); 332 if (type == SSH_SMSG_SUCCESS) { 333 debug("RSA authentication accepted by server."); 334 return 1; 335 } 336 if (type != SSH_SMSG_FAILURE) 337 packet_disconnect("Protocol error waiting RSA auth response: %d", type); 338 debug("RSA authentication refused."); 339 return 0; 340} 341 342/* 343 * Tries to authenticate the user using combined rhosts or /etc/hosts.equiv 344 * authentication and RSA host authentication. 345 */ 346static int 347try_rhosts_rsa_authentication(const char *local_user, Key * host_key) 348{ 349 int type; 350 BIGNUM *challenge; 351 352 debug("Trying rhosts or /etc/hosts.equiv with RSA host authentication."); 353 354 /* Tell the server that we are willing to authenticate using this key. */ 355 packet_start(SSH_CMSG_AUTH_RHOSTS_RSA); 356 packet_put_cstring(local_user); 357 packet_put_int(BN_num_bits(host_key->rsa->n)); 358 packet_put_bignum(host_key->rsa->e); 359 packet_put_bignum(host_key->rsa->n); 360 packet_send(); 361 packet_write_wait(); 362 363 /* Wait for server's response. */ 364 type = packet_read(); 365 366 /* The server responds with failure if it doesn't admit our 367 .rhosts authentication or doesn't know our host key. */ 368 if (type == SSH_SMSG_FAILURE) { 369 debug("Server refused our rhosts authentication or host key."); 370 return 0; 371 } 372 /* Otherwise, the server should respond with a challenge. */ 373 if (type != SSH_SMSG_AUTH_RSA_CHALLENGE) 374 packet_disconnect("Protocol error during RSA authentication: %d", type); 375 376 /* Get the challenge from the packet. */ 377 if ((challenge = BN_new()) == NULL) 378 fatal("try_rhosts_rsa_authentication: BN_new failed"); 379 packet_get_bignum(challenge); 380 packet_check_eom(); 381 382 debug("Received RSA challenge for host key from server."); 383 384 /* Compute a response to the challenge. */ 385 respond_to_rsa_challenge(challenge, host_key->rsa); 386 387 /* We no longer need the challenge. */ 388 BN_clear_free(challenge); 389 390 /* Wait for response from the server. */ 391 type = packet_read(); 392 if (type == SSH_SMSG_SUCCESS) { 393 debug("Rhosts or /etc/hosts.equiv with RSA host authentication accepted by server."); 394 return 1; 395 } 396 if (type != SSH_SMSG_FAILURE) 397 packet_disconnect("Protocol error waiting RSA auth response: %d", type); 398 debug("Rhosts or /etc/hosts.equiv with RSA host authentication refused."); 399 return 0; 400} 401 402/* 403 * Tries to authenticate with any string-based challenge/response system. 404 * Note that the client code is not tied to s/key or TIS. 405 */ 406static int 407try_challenge_response_authentication(void) 408{ 409 int type, i; 410 u_int clen; 411 char prompt[1024]; 412 char *challenge, *response; 413 414 debug("Doing challenge response authentication."); 415 416 for (i = 0; i < options.number_of_password_prompts; i++) { 417 /* request a challenge */ 418 packet_start(SSH_CMSG_AUTH_TIS); 419 packet_send(); 420 packet_write_wait(); 421 422 type = packet_read(); 423 if (type != SSH_SMSG_FAILURE && 424 type != SSH_SMSG_AUTH_TIS_CHALLENGE) { 425 packet_disconnect("Protocol error: got %d in response " 426 "to SSH_CMSG_AUTH_TIS", type); 427 } 428 if (type != SSH_SMSG_AUTH_TIS_CHALLENGE) { 429 debug("No challenge."); 430 return 0; 431 } 432 challenge = packet_get_string(&clen); 433 packet_check_eom(); 434 snprintf(prompt, sizeof prompt, "%s%s", challenge, 435 strchr(challenge, '\n') ? "" : "\nResponse: "); 436 free(challenge); 437 if (i != 0) 438 error("Permission denied, please try again."); 439 if (options.cipher == SSH_CIPHER_NONE) 440 logit("WARNING: Encryption is disabled! " 441 "Response will be transmitted in clear text."); 442 response = read_passphrase(prompt, 0); 443 if (strcmp(response, "") == 0) { 444 free(response); 445 break; 446 } 447 packet_start(SSH_CMSG_AUTH_TIS_RESPONSE); 448 ssh_put_password(response); 449 explicit_bzero(response, strlen(response)); 450 free(response); 451 packet_send(); 452 packet_write_wait(); 453 type = packet_read(); 454 if (type == SSH_SMSG_SUCCESS) 455 return 1; 456 if (type != SSH_SMSG_FAILURE) 457 packet_disconnect("Protocol error: got %d in response " 458 "to SSH_CMSG_AUTH_TIS_RESPONSE", type); 459 } 460 /* failure */ 461 return 0; 462} 463 464/* 465 * Tries to authenticate with plain passwd authentication. 466 */ 467static int 468try_password_authentication(char *prompt) 469{ 470 int type, i; 471 char *password; 472 473 debug("Doing password authentication."); 474 if (options.cipher == SSH_CIPHER_NONE) 475 logit("WARNING: Encryption is disabled! Password will be transmitted in clear text."); 476 for (i = 0; i < options.number_of_password_prompts; i++) { 477 if (i != 0) 478 error("Permission denied, please try again."); 479 password = read_passphrase(prompt, 0); 480 packet_start(SSH_CMSG_AUTH_PASSWORD); 481 ssh_put_password(password); 482 explicit_bzero(password, strlen(password)); 483 free(password); 484 packet_send(); 485 packet_write_wait(); 486 487 type = packet_read(); 488 if (type == SSH_SMSG_SUCCESS) 489 return 1; 490 if (type != SSH_SMSG_FAILURE) 491 packet_disconnect("Protocol error: got %d in response to passwd auth", type); 492 } 493 /* failure */ 494 return 0; 495} 496 497/* 498 * SSH1 key exchange 499 */ 500void 501ssh_kex(char *host, struct sockaddr *hostaddr) 502{ 503 int i; 504 BIGNUM *key; 505 Key *host_key, *server_key; 506 int bits, rbits; 507 int ssh_cipher_default = SSH_CIPHER_3DES; 508 u_char session_key[SSH_SESSION_KEY_LENGTH]; 509 u_char cookie[8]; 510 u_int supported_ciphers; 511 u_int server_flags, client_flags; 512 u_int32_t rnd = 0; 513 514 debug("Waiting for server public key."); 515 516 /* Wait for a public key packet from the server. */ 517 packet_read_expect(SSH_SMSG_PUBLIC_KEY); 518 519 /* Get cookie from the packet. */ 520 for (i = 0; i < 8; i++) 521 cookie[i] = packet_get_char(); 522 523 /* Get the public key. */ 524 server_key = key_new(KEY_RSA1); 525 bits = packet_get_int(); 526 packet_get_bignum(server_key->rsa->e); 527 packet_get_bignum(server_key->rsa->n); 528 529 rbits = BN_num_bits(server_key->rsa->n); 530 if (bits != rbits) { 531 logit("Warning: Server lies about size of server public key: " 532 "actual size is %d bits vs. announced %d.", rbits, bits); 533 logit("Warning: This may be due to an old implementation of ssh."); 534 } 535 /* Get the host key. */ 536 host_key = key_new(KEY_RSA1); 537 bits = packet_get_int(); 538 packet_get_bignum(host_key->rsa->e); 539 packet_get_bignum(host_key->rsa->n); 540 541 rbits = BN_num_bits(host_key->rsa->n); 542 if (bits != rbits) { 543 logit("Warning: Server lies about size of server host key: " 544 "actual size is %d bits vs. announced %d.", rbits, bits); 545 logit("Warning: This may be due to an old implementation of ssh."); 546 } 547 548 /* Get protocol flags. */ 549 server_flags = packet_get_int(); 550 packet_set_protocol_flags(server_flags); 551 552 supported_ciphers = packet_get_int(); 553 supported_authentications = packet_get_int(); 554 packet_check_eom(); 555 556 debug("Received server public key (%d bits) and host key (%d bits).", 557 BN_num_bits(server_key->rsa->n), BN_num_bits(host_key->rsa->n)); 558 559 if (verify_host_key(host, hostaddr, host_key) == -1) 560 fatal("Host key verification failed."); 561 562 client_flags = SSH_PROTOFLAG_SCREEN_NUMBER | SSH_PROTOFLAG_HOST_IN_FWD_OPEN; 563 564 derive_ssh1_session_id(host_key->rsa->n, server_key->rsa->n, cookie, session_id); 565 566 /* 567 * Generate an encryption key for the session. The key is a 256 bit 568 * random number, interpreted as a 32-byte key, with the least 569 * significant 8 bits being the first byte of the key. 570 */ 571 for (i = 0; i < 32; i++) { 572 if (i % 4 == 0) 573 rnd = arc4random(); 574 session_key[i] = rnd & 0xff; 575 rnd >>= 8; 576 } 577 578 /* 579 * According to the protocol spec, the first byte of the session key 580 * is the highest byte of the integer. The session key is xored with 581 * the first 16 bytes of the session id. 582 */ 583 if ((key = BN_new()) == NULL) 584 fatal("ssh_kex: BN_new failed"); 585 if (BN_set_word(key, 0) == 0) 586 fatal("ssh_kex: BN_set_word failed"); 587 for (i = 0; i < SSH_SESSION_KEY_LENGTH; i++) { 588 if (BN_lshift(key, key, 8) == 0) 589 fatal("ssh_kex: BN_lshift failed"); 590 if (i < 16) { 591 if (BN_add_word(key, session_key[i] ^ session_id[i]) 592 == 0) 593 fatal("ssh_kex: BN_add_word failed"); 594 } else { 595 if (BN_add_word(key, session_key[i]) == 0) 596 fatal("ssh_kex: BN_add_word failed"); 597 } 598 } 599 600 /* 601 * Encrypt the integer using the public key and host key of the 602 * server (key with smaller modulus first). 603 */ 604 if (BN_cmp(server_key->rsa->n, host_key->rsa->n) < 0) { 605 /* Public key has smaller modulus. */ 606 if (BN_num_bits(host_key->rsa->n) < 607 BN_num_bits(server_key->rsa->n) + SSH_KEY_BITS_RESERVED) { 608 fatal("respond_to_rsa_challenge: host_key %d < server_key %d + " 609 "SSH_KEY_BITS_RESERVED %d", 610 BN_num_bits(host_key->rsa->n), 611 BN_num_bits(server_key->rsa->n), 612 SSH_KEY_BITS_RESERVED); 613 } 614 if (rsa_public_encrypt(key, key, server_key->rsa) != 0 || 615 rsa_public_encrypt(key, key, host_key->rsa) != 0) 616 fatal("%s: rsa_public_encrypt failed", __func__); 617 } else { 618 /* Host key has smaller modulus (or they are equal). */ 619 if (BN_num_bits(server_key->rsa->n) < 620 BN_num_bits(host_key->rsa->n) + SSH_KEY_BITS_RESERVED) { 621 fatal("respond_to_rsa_challenge: server_key %d < host_key %d + " 622 "SSH_KEY_BITS_RESERVED %d", 623 BN_num_bits(server_key->rsa->n), 624 BN_num_bits(host_key->rsa->n), 625 SSH_KEY_BITS_RESERVED); 626 } 627 if (rsa_public_encrypt(key, key, host_key->rsa) != 0 || 628 rsa_public_encrypt(key, key, server_key->rsa) != 0) 629 fatal("%s: rsa_public_encrypt failed", __func__); 630 } 631 632 /* Destroy the public keys since we no longer need them. */ 633 key_free(server_key); 634 key_free(host_key); 635 636 if (options.cipher == SSH_CIPHER_NOT_SET) { 637 if (cipher_mask_ssh1(1) & supported_ciphers & (1 << ssh_cipher_default)) 638 options.cipher = ssh_cipher_default; 639 } else if (options.cipher == SSH_CIPHER_INVALID || 640 !(cipher_mask_ssh1(1) & (1 << options.cipher))) { 641 logit("No valid SSH1 cipher, using %.100s instead.", 642 cipher_name(ssh_cipher_default)); 643 options.cipher = ssh_cipher_default; 644 } 645 /* Check that the selected cipher is supported. */ 646 if (!(supported_ciphers & (1 << options.cipher))) 647 fatal("Selected cipher type %.100s not supported by server.", 648 cipher_name(options.cipher)); 649 650 debug("Encryption type: %.100s", cipher_name(options.cipher)); 651 652 /* Send the encrypted session key to the server. */ 653 packet_start(SSH_CMSG_SESSION_KEY); 654 packet_put_char(options.cipher); 655 656 /* Send the cookie back to the server. */ 657 for (i = 0; i < 8; i++) 658 packet_put_char(cookie[i]); 659 660 /* Send and destroy the encrypted encryption key integer. */ 661 packet_put_bignum(key); 662 BN_clear_free(key); 663 664 /* Send protocol flags. */ 665 packet_put_int(client_flags); 666 667 /* Send the packet now. */ 668 packet_send(); 669 packet_write_wait(); 670 671 debug("Sent encrypted session key."); 672 673 /* Set the encryption key. */ 674 packet_set_encryption_key(session_key, SSH_SESSION_KEY_LENGTH, options.cipher); 675 676 /* 677 * We will no longer need the session key here. 678 * Destroy any extra copies. 679 */ 680 explicit_bzero(session_key, sizeof(session_key)); 681 682 /* 683 * Expect a success message from the server. Note that this message 684 * will be received in encrypted form. 685 */ 686 packet_read_expect(SSH_SMSG_SUCCESS); 687 688 debug("Received encrypted confirmation."); 689} 690 691/* 692 * Authenticate user 693 */ 694void 695ssh_userauth1(const char *local_user, const char *server_user, char *host, 696 Sensitive *sensitive) 697{ 698 int i, type; 699 700 if (supported_authentications == 0) 701 fatal("ssh_userauth1: server supports no auth methods"); 702 703 /* Send the name of the user to log in as on the server. */ 704 packet_start(SSH_CMSG_USER); 705 packet_put_cstring(server_user); 706 packet_send(); 707 packet_write_wait(); 708 709 /* 710 * The server should respond with success if no authentication is 711 * needed (the user has no password). Otherwise the server responds 712 * with failure. 713 */ 714 type = packet_read(); 715 716 /* check whether the connection was accepted without authentication. */ 717 if (type == SSH_SMSG_SUCCESS) 718 goto success; 719 if (type != SSH_SMSG_FAILURE) 720 packet_disconnect("Protocol error: got %d in response to SSH_CMSG_USER", type); 721 722 /* 723 * Try .rhosts or /etc/hosts.equiv authentication with RSA host 724 * authentication. 725 */ 726 if ((supported_authentications & (1 << SSH_AUTH_RHOSTS_RSA)) && 727 options.rhosts_rsa_authentication) { 728 for (i = 0; i < sensitive->nkeys; i++) { 729 if (sensitive->keys[i] != NULL && 730 sensitive->keys[i]->type == KEY_RSA1 && 731 try_rhosts_rsa_authentication(local_user, 732 sensitive->keys[i])) 733 goto success; 734 } 735 } 736 /* Try RSA authentication if the server supports it. */ 737 if ((supported_authentications & (1 << SSH_AUTH_RSA)) && 738 options.rsa_authentication) { 739 /* 740 * Try RSA authentication using the authentication agent. The 741 * agent is tried first because no passphrase is needed for 742 * it, whereas identity files may require passphrases. 743 */ 744 if (try_agent_authentication()) 745 goto success; 746 747 /* Try RSA authentication for each identity. */ 748 for (i = 0; i < options.num_identity_files; i++) 749 if (options.identity_keys[i] != NULL && 750 options.identity_keys[i]->type == KEY_RSA1 && 751 try_rsa_authentication(i)) 752 goto success; 753 } 754 /* Try challenge response authentication if the server supports it. */ 755 if ((supported_authentications & (1 << SSH_AUTH_TIS)) && 756 options.challenge_response_authentication && !options.batch_mode) { 757 if (try_challenge_response_authentication()) 758 goto success; 759 } 760 /* Try password authentication if the server supports it. */ 761 if ((supported_authentications & (1 << SSH_AUTH_PASSWORD)) && 762 options.password_authentication && !options.batch_mode) { 763 char prompt[80]; 764 765 snprintf(prompt, sizeof(prompt), "%.30s@%.128s's password: ", 766 server_user, host); 767 if (try_password_authentication(prompt)) 768 goto success; 769 } 770 /* All authentication methods have failed. Exit with an error message. */ 771 fatal("Permission denied."); 772 /* NOTREACHED */ 773 774 success: 775 return; /* need statement after label */ 776} 777 778#endif /* WITH_SSH1 */ 779