| version 1.52, 2002/08/08 13:50:23 |
version 1.53, 2003/04/08 20:21:29 |
|
|
| * although it advertised it supports this. Just |
* although it advertised it supports this. Just |
| * return a wrong value. |
* return a wrong value. |
| */ |
*/ |
| log("Authentication agent failed to decrypt challenge."); |
logit("Authentication agent failed to decrypt challenge."); |
| memset(response, 0, sizeof(response)); |
memset(response, 0, sizeof(response)); |
| } |
} |
| key_free(key); |
key_free(key); |
|
|
| if (i != 0) |
if (i != 0) |
| error("Permission denied, please try again."); |
error("Permission denied, please try again."); |
| if (options.cipher == SSH_CIPHER_NONE) |
if (options.cipher == SSH_CIPHER_NONE) |
| log("WARNING: Encryption is disabled! " |
logit("WARNING: Encryption is disabled! " |
| "Response will be transmitted in clear text."); |
"Response will be transmitted in clear text."); |
| response = read_passphrase(prompt, 0); |
response = read_passphrase(prompt, 0); |
| if (strcmp(response, "") == 0) { |
if (strcmp(response, "") == 0) { |
|
|
| |
|
| debug("Doing password authentication."); |
debug("Doing password authentication."); |
| if (options.cipher == SSH_CIPHER_NONE) |
if (options.cipher == SSH_CIPHER_NONE) |
| log("WARNING: Encryption is disabled! Password will be transmitted in clear text."); |
logit("WARNING: Encryption is disabled! Password will be transmitted in clear text."); |
| for (i = 0; i < options.number_of_password_prompts; i++) { |
for (i = 0; i < options.number_of_password_prompts; i++) { |
| if (i != 0) |
if (i != 0) |
| error("Permission denied, please try again."); |
error("Permission denied, please try again."); |
|
|
| |
|
| rbits = BN_num_bits(server_key->rsa->n); |
rbits = BN_num_bits(server_key->rsa->n); |
| if (bits != rbits) { |
if (bits != rbits) { |
| log("Warning: Server lies about size of server public key: " |
logit("Warning: Server lies about size of server public key: " |
| "actual size is %d bits vs. announced %d.", rbits, bits); |
"actual size is %d bits vs. announced %d.", rbits, bits); |
| log("Warning: This may be due to an old implementation of ssh."); |
logit("Warning: This may be due to an old implementation of ssh."); |
| } |
} |
| /* Get the host key. */ |
/* Get the host key. */ |
| host_key = key_new(KEY_RSA1); |
host_key = key_new(KEY_RSA1); |
|
|
| |
|
| rbits = BN_num_bits(host_key->rsa->n); |
rbits = BN_num_bits(host_key->rsa->n); |
| if (bits != rbits) { |
if (bits != rbits) { |
| log("Warning: Server lies about size of server host key: " |
logit("Warning: Server lies about size of server host key: " |
| "actual size is %d bits vs. announced %d.", rbits, bits); |
"actual size is %d bits vs. announced %d.", rbits, bits); |
| log("Warning: This may be due to an old implementation of ssh."); |
logit("Warning: This may be due to an old implementation of ssh."); |
| } |
} |
| |
|
| /* Get protocol flags. */ |
/* Get protocol flags. */ |
|
|
| options.cipher = ssh_cipher_default; |
options.cipher = ssh_cipher_default; |
| } else if (options.cipher == SSH_CIPHER_ILLEGAL || |
} else if (options.cipher == SSH_CIPHER_ILLEGAL || |
| !(cipher_mask_ssh1(1) & (1 << options.cipher))) { |
!(cipher_mask_ssh1(1) & (1 << options.cipher))) { |
| log("No valid SSH1 cipher, using %.100s instead.", |
logit("No valid SSH1 cipher, using %.100s instead.", |
| cipher_name(ssh_cipher_default)); |
cipher_name(ssh_cipher_default)); |
| options.cipher = ssh_cipher_default; |
options.cipher = ssh_cipher_default; |
| } |
} |
|
|
| if ((supported_authentications & (1 << SSH_PASS_KERBEROS_TGT)) && |
if ((supported_authentications & (1 << SSH_PASS_KERBEROS_TGT)) && |
| options.kerberos_tgt_passing && context && auth_context) { |
options.kerberos_tgt_passing && context && auth_context) { |
| if (options.cipher == SSH_CIPHER_NONE) |
if (options.cipher == SSH_CIPHER_NONE) |
| log("WARNING: Encryption is disabled! Ticket will be transmitted in the clear!"); |
logit("WARNING: Encryption is disabled! Ticket will be transmitted in the clear!"); |
| send_krb5_tgt(context, auth_context); |
send_krb5_tgt(context, auth_context); |
| } |
} |
| if (auth_context) |
if (auth_context) |
|
|
| if ((supported_authentications & (1 << SSH_PASS_KERBEROS_TGT)) && |
if ((supported_authentications & (1 << SSH_PASS_KERBEROS_TGT)) && |
| options.kerberos_tgt_passing) { |
options.kerberos_tgt_passing) { |
| if (options.cipher == SSH_CIPHER_NONE) |
if (options.cipher == SSH_CIPHER_NONE) |
| log("WARNING: Encryption is disabled! Ticket will be transmitted in the clear!"); |
logit("WARNING: Encryption is disabled! Ticket will be transmitted in the clear!"); |
| send_krb4_tgt(); |
send_krb4_tgt(); |
| } |
} |
| /* Try AFS token passing if the server supports it. */ |
/* Try AFS token passing if the server supports it. */ |
| if ((supported_authentications & (1 << SSH_PASS_AFS_TOKEN)) && |
if ((supported_authentications & (1 << SSH_PASS_AFS_TOKEN)) && |
| options.afs_token_passing && k_hasafs()) { |
options.afs_token_passing && k_hasafs()) { |
| if (options.cipher == SSH_CIPHER_NONE) |
if (options.cipher == SSH_CIPHER_NONE) |
| log("WARNING: Encryption is disabled! Token will be transmitted in the clear!"); |
logit("WARNING: Encryption is disabled! Token will be transmitted in the clear!"); |
| send_afs_tokens(); |
send_afs_tokens(); |
| } |
} |
| #endif /* AFS */ |
#endif /* AFS */ |
![[BACK]](/icons/back.gif){kind=icon}
Return to sshconnect1.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh