version 1.52, 2002/08/08 13:50:23 |
version 1.53, 2003/04/08 20:21:29 |
|
|
* although it advertised it supports this. Just |
* although it advertised it supports this. Just |
* return a wrong value. |
* return a wrong value. |
*/ |
*/ |
log("Authentication agent failed to decrypt challenge."); |
logit("Authentication agent failed to decrypt challenge."); |
memset(response, 0, sizeof(response)); |
memset(response, 0, sizeof(response)); |
} |
} |
key_free(key); |
key_free(key); |
|
|
if (i != 0) |
if (i != 0) |
error("Permission denied, please try again."); |
error("Permission denied, please try again."); |
if (options.cipher == SSH_CIPHER_NONE) |
if (options.cipher == SSH_CIPHER_NONE) |
log("WARNING: Encryption is disabled! " |
logit("WARNING: Encryption is disabled! " |
"Response will be transmitted in clear text."); |
"Response will be transmitted in clear text."); |
response = read_passphrase(prompt, 0); |
response = read_passphrase(prompt, 0); |
if (strcmp(response, "") == 0) { |
if (strcmp(response, "") == 0) { |
|
|
|
|
debug("Doing password authentication."); |
debug("Doing password authentication."); |
if (options.cipher == SSH_CIPHER_NONE) |
if (options.cipher == SSH_CIPHER_NONE) |
log("WARNING: Encryption is disabled! Password will be transmitted in clear text."); |
logit("WARNING: Encryption is disabled! Password will be transmitted in clear text."); |
for (i = 0; i < options.number_of_password_prompts; i++) { |
for (i = 0; i < options.number_of_password_prompts; i++) { |
if (i != 0) |
if (i != 0) |
error("Permission denied, please try again."); |
error("Permission denied, please try again."); |
|
|
|
|
rbits = BN_num_bits(server_key->rsa->n); |
rbits = BN_num_bits(server_key->rsa->n); |
if (bits != rbits) { |
if (bits != rbits) { |
log("Warning: Server lies about size of server public key: " |
logit("Warning: Server lies about size of server public key: " |
"actual size is %d bits vs. announced %d.", rbits, bits); |
"actual size is %d bits vs. announced %d.", rbits, bits); |
log("Warning: This may be due to an old implementation of ssh."); |
logit("Warning: This may be due to an old implementation of ssh."); |
} |
} |
/* Get the host key. */ |
/* Get the host key. */ |
host_key = key_new(KEY_RSA1); |
host_key = key_new(KEY_RSA1); |
|
|
|
|
rbits = BN_num_bits(host_key->rsa->n); |
rbits = BN_num_bits(host_key->rsa->n); |
if (bits != rbits) { |
if (bits != rbits) { |
log("Warning: Server lies about size of server host key: " |
logit("Warning: Server lies about size of server host key: " |
"actual size is %d bits vs. announced %d.", rbits, bits); |
"actual size is %d bits vs. announced %d.", rbits, bits); |
log("Warning: This may be due to an old implementation of ssh."); |
logit("Warning: This may be due to an old implementation of ssh."); |
} |
} |
|
|
/* Get protocol flags. */ |
/* Get protocol flags. */ |
|
|
options.cipher = ssh_cipher_default; |
options.cipher = ssh_cipher_default; |
} else if (options.cipher == SSH_CIPHER_ILLEGAL || |
} else if (options.cipher == SSH_CIPHER_ILLEGAL || |
!(cipher_mask_ssh1(1) & (1 << options.cipher))) { |
!(cipher_mask_ssh1(1) & (1 << options.cipher))) { |
log("No valid SSH1 cipher, using %.100s instead.", |
logit("No valid SSH1 cipher, using %.100s instead.", |
cipher_name(ssh_cipher_default)); |
cipher_name(ssh_cipher_default)); |
options.cipher = ssh_cipher_default; |
options.cipher = ssh_cipher_default; |
} |
} |
|
|
if ((supported_authentications & (1 << SSH_PASS_KERBEROS_TGT)) && |
if ((supported_authentications & (1 << SSH_PASS_KERBEROS_TGT)) && |
options.kerberos_tgt_passing && context && auth_context) { |
options.kerberos_tgt_passing && context && auth_context) { |
if (options.cipher == SSH_CIPHER_NONE) |
if (options.cipher == SSH_CIPHER_NONE) |
log("WARNING: Encryption is disabled! Ticket will be transmitted in the clear!"); |
logit("WARNING: Encryption is disabled! Ticket will be transmitted in the clear!"); |
send_krb5_tgt(context, auth_context); |
send_krb5_tgt(context, auth_context); |
} |
} |
if (auth_context) |
if (auth_context) |
|
|
if ((supported_authentications & (1 << SSH_PASS_KERBEROS_TGT)) && |
if ((supported_authentications & (1 << SSH_PASS_KERBEROS_TGT)) && |
options.kerberos_tgt_passing) { |
options.kerberos_tgt_passing) { |
if (options.cipher == SSH_CIPHER_NONE) |
if (options.cipher == SSH_CIPHER_NONE) |
log("WARNING: Encryption is disabled! Ticket will be transmitted in the clear!"); |
logit("WARNING: Encryption is disabled! Ticket will be transmitted in the clear!"); |
send_krb4_tgt(); |
send_krb4_tgt(); |
} |
} |
/* Try AFS token passing if the server supports it. */ |
/* Try AFS token passing if the server supports it. */ |
if ((supported_authentications & (1 << SSH_PASS_AFS_TOKEN)) && |
if ((supported_authentications & (1 << SSH_PASS_AFS_TOKEN)) && |
options.afs_token_passing && k_hasafs()) { |
options.afs_token_passing && k_hasafs()) { |
if (options.cipher == SSH_CIPHER_NONE) |
if (options.cipher == SSH_CIPHER_NONE) |
log("WARNING: Encryption is disabled! Token will be transmitted in the clear!"); |
logit("WARNING: Encryption is disabled! Token will be transmitted in the clear!"); |
send_afs_tokens(); |
send_afs_tokens(); |
} |
} |
#endif /* AFS */ |
#endif /* AFS */ |