Annotation of src/usr.bin/ssh/sshconnect1.c, Revision 1.63
1.1 markus 1: /*
2: * Author: Tatu Ylonen <ylo@cs.hut.fi>
3: * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
4: * All rights reserved
5: * Code to connect to a remote host, and to perform the client side of the
6: * login (authentication) dialog.
7: *
1.6 deraadt 8: * As far as I am concerned, the code I have written for this software
9: * can be used freely for any purpose. Any derived versions of this
10: * software must be clearly marked as such, and if the derived work is
11: * incompatible with the protocol description in the RFC file, it must be
12: * called by a name other than "ssh" or "Secure Shell".
1.1 markus 13: */
14:
15: #include "includes.h"
16:
17: #include <openssl/bn.h>
1.48 markus 18: #include <openssl/md5.h>
1.1 markus 19:
1.18 markus 20: #include "ssh.h"
21: #include "ssh1.h"
1.1 markus 22: #include "xmalloc.h"
23: #include "rsa.h"
24: #include "buffer.h"
25: #include "packet.h"
1.58 djm 26: #include "kex.h"
1.1 markus 27: #include "uidswap.h"
1.18 markus 28: #include "log.h"
1.1 markus 29: #include "readconf.h"
30: #include "key.h"
1.4 markus 31: #include "authfd.h"
1.1 markus 32: #include "sshconnect.h"
33: #include "authfile.h"
1.57 djm 34: #include "misc.h"
1.18 markus 35: #include "cipher.h"
36: #include "canohost.h"
1.37 dugsong 37: #include "auth.h"
1.1 markus 38:
39: /* Session id for the current session. */
1.13 markus 40: u_char session_id[16];
41: u_int supported_authentications = 0;
1.1 markus 42:
43: extern Options options;
44: extern char *__progname;
45:
46: /*
47: * Checks if the user has an authentication agent, and if so, tries to
48: * authenticate using the agent.
49: */
1.35 itojun 50: static int
1.24 itojun 51: try_agent_authentication(void)
1.1 markus 52: {
1.5 markus 53: int type;
1.1 markus 54: char *comment;
55: AuthenticationConnection *auth;
1.13 markus 56: u_char response[16];
57: u_int i;
1.5 markus 58: Key *key;
59: BIGNUM *challenge;
1.1 markus 60:
61: /* Get connection to the agent. */
62: auth = ssh_get_authentication_connection();
63: if (!auth)
64: return 0;
65:
1.43 markus 66: if ((challenge = BN_new()) == NULL)
67: fatal("try_agent_authentication: BN_new failed");
1.1 markus 68: /* Loop through identities served by the agent. */
1.5 markus 69: for (key = ssh_get_first_identity(auth, &comment, 1);
1.42 deraadt 70: key != NULL;
71: key = ssh_get_next_identity(auth, &comment, 1)) {
1.1 markus 72:
73: /* Try this identity. */
74: debug("Trying RSA authentication via agent with '%.100s'", comment);
75: xfree(comment);
76:
77: /* Tell the server that we are willing to authenticate using this key. */
78: packet_start(SSH_CMSG_AUTH_RSA);
1.5 markus 79: packet_put_bignum(key->rsa->n);
1.1 markus 80: packet_send();
81: packet_write_wait();
82:
83: /* Wait for server's response. */
1.47 markus 84: type = packet_read();
1.1 markus 85:
1.62 djm 86: /* The server sends failure if it doesn't like our key or
1.1 markus 87: does not support RSA authentication. */
88: if (type == SSH_SMSG_FAILURE) {
89: debug("Server refused our key.");
1.5 markus 90: key_free(key);
1.1 markus 91: continue;
92: }
93: /* Otherwise it should have sent a challenge. */
94: if (type != SSH_SMSG_AUTH_RSA_CHALLENGE)
95: packet_disconnect("Protocol error during RSA authentication: %d",
96: type);
97:
1.46 markus 98: packet_get_bignum(challenge);
1.45 markus 99: packet_check_eom();
1.1 markus 100:
101: debug("Received RSA challenge from server.");
102:
103: /* Ask the agent to decrypt the challenge. */
1.5 markus 104: if (!ssh_decrypt_challenge(auth, key, challenge, session_id, 1, response)) {
105: /*
106: * The agent failed to authenticate this identifier
107: * although it advertised it supports this. Just
108: * return a wrong value.
109: */
1.53 itojun 110: logit("Authentication agent failed to decrypt challenge.");
1.1 markus 111: memset(response, 0, sizeof(response));
112: }
1.5 markus 113: key_free(key);
1.1 markus 114: debug("Sending response to RSA challenge.");
115:
116: /* Send the decrypted challenge back to the server. */
117: packet_start(SSH_CMSG_AUTH_RSA_RESPONSE);
118: for (i = 0; i < 16; i++)
119: packet_put_char(response[i]);
120: packet_send();
121: packet_write_wait();
122:
123: /* Wait for response from the server. */
1.47 markus 124: type = packet_read();
1.1 markus 125:
126: /* The server returns success if it accepted the authentication. */
127: if (type == SSH_SMSG_SUCCESS) {
1.14 markus 128: ssh_close_authentication_connection(auth);
1.5 markus 129: BN_clear_free(challenge);
1.1 markus 130: debug("RSA authentication accepted by server.");
131: return 1;
132: }
133: /* Otherwise it should return failure. */
134: if (type != SSH_SMSG_FAILURE)
135: packet_disconnect("Protocol error waiting RSA auth response: %d",
136: type);
137: }
1.14 markus 138: ssh_close_authentication_connection(auth);
1.1 markus 139: BN_clear_free(challenge);
140: debug("RSA authentication using agent refused.");
141: return 0;
142: }
143:
144: /*
145: * Computes the proper response to a RSA challenge, and sends the response to
146: * the server.
147: */
1.35 itojun 148: static void
1.1 markus 149: respond_to_rsa_challenge(BIGNUM * challenge, RSA * prv)
150: {
1.13 markus 151: u_char buf[32], response[16];
1.1 markus 152: MD5_CTX md;
153: int i, len;
154:
155: /* Decrypt the challenge using the private key. */
1.21 markus 156: /* XXX think about Bleichenbacher, too */
157: if (rsa_private_decrypt(challenge, challenge, prv) <= 0)
158: packet_disconnect(
159: "respond_to_rsa_challenge: rsa_private_decrypt failed");
1.1 markus 160:
161: /* Compute the response. */
162: /* The response is MD5 of decrypted challenge plus session id. */
163: len = BN_num_bytes(challenge);
1.61 djm 164: if (len <= 0 || (u_int)len > sizeof(buf))
1.21 markus 165: packet_disconnect(
166: "respond_to_rsa_challenge: bad challenge length %d", len);
1.1 markus 167:
168: memset(buf, 0, sizeof(buf));
169: BN_bn2bin(challenge, buf + sizeof(buf) - len);
170: MD5_Init(&md);
171: MD5_Update(&md, buf, 32);
172: MD5_Update(&md, session_id, 16);
173: MD5_Final(response, &md);
174:
175: debug("Sending response to host key RSA challenge.");
176:
177: /* Send the response back to the server. */
178: packet_start(SSH_CMSG_AUTH_RSA_RESPONSE);
179: for (i = 0; i < 16; i++)
180: packet_put_char(response[i]);
181: packet_send();
182: packet_write_wait();
183:
184: memset(buf, 0, sizeof(buf));
185: memset(response, 0, sizeof(response));
186: memset(&md, 0, sizeof(md));
187: }
188:
189: /*
190: * Checks if the user has authentication file, and if so, tries to authenticate
191: * the user using it.
192: */
1.35 itojun 193: static int
1.38 markus 194: try_rsa_authentication(int idx)
1.1 markus 195: {
196: BIGNUM *challenge;
1.36 markus 197: Key *public, *private;
1.38 markus 198: char buf[300], *passphrase, *comment, *authfile;
1.47 markus 199: int i, type, quit;
1.1 markus 200:
1.38 markus 201: public = options.identity_keys[idx];
202: authfile = options.identity_files[idx];
203: comment = xstrdup(authfile);
204:
1.1 markus 205: debug("Trying RSA authentication with key '%.100s'", comment);
206:
207: /* Tell the server that we are willing to authenticate using this key. */
208: packet_start(SSH_CMSG_AUTH_RSA);
209: packet_put_bignum(public->rsa->n);
210: packet_send();
211: packet_write_wait();
212:
213: /* Wait for server's response. */
1.47 markus 214: type = packet_read();
1.1 markus 215:
216: /*
1.62 djm 217: * The server responds with failure if it doesn't like our key or
218: * doesn't support RSA authentication.
1.1 markus 219: */
220: if (type == SSH_SMSG_FAILURE) {
221: debug("Server refused our key.");
222: xfree(comment);
223: return 0;
224: }
225: /* Otherwise, the server should respond with a challenge. */
226: if (type != SSH_SMSG_AUTH_RSA_CHALLENGE)
227: packet_disconnect("Protocol error during RSA authentication: %d", type);
228:
229: /* Get the challenge from the packet. */
1.43 markus 230: if ((challenge = BN_new()) == NULL)
231: fatal("try_rsa_authentication: BN_new failed");
1.46 markus 232: packet_get_bignum(challenge);
1.45 markus 233: packet_check_eom();
1.1 markus 234:
235: debug("Received RSA challenge from server.");
236:
237: /*
1.38 markus 238: * If the key is not stored in external hardware, we have to
239: * load the private key. Try first with empty passphrase; if it
1.1 markus 240: * fails, ask for a passphrase.
241: */
1.52 aaron 242: if (public->flags & KEY_FLAG_EXT)
1.38 markus 243: private = public;
244: else
245: private = key_load_private_type(KEY_RSA1, authfile, "", NULL);
1.36 markus 246: if (private == NULL && !options.batch_mode) {
247: snprintf(buf, sizeof(buf),
248: "Enter passphrase for RSA key '%.100s': ", comment);
249: for (i = 0; i < options.number_of_password_prompts; i++) {
1.1 markus 250: passphrase = read_passphrase(buf, 0);
1.36 markus 251: if (strcmp(passphrase, "") != 0) {
252: private = key_load_private_type(KEY_RSA1,
253: authfile, passphrase, NULL);
254: quit = 0;
255: } else {
256: debug2("no passphrase given, try next key");
257: quit = 1;
258: }
1.1 markus 259: memset(passphrase, 0, strlen(passphrase));
260: xfree(passphrase);
1.36 markus 261: if (private != NULL || quit)
262: break;
263: debug2("bad passphrase given, try again...");
1.1 markus 264: }
265: }
266: /* We no longer need the comment. */
267: xfree(comment);
1.36 markus 268:
269: if (private == NULL) {
270: if (!options.batch_mode)
271: error("Bad passphrase.");
272:
273: /* Send a dummy response packet to avoid protocol error. */
274: packet_start(SSH_CMSG_AUTH_RSA_RESPONSE);
275: for (i = 0; i < 16; i++)
276: packet_put_char(0);
277: packet_send();
278: packet_write_wait();
279:
280: /* Expect the server to reject it... */
1.47 markus 281: packet_read_expect(SSH_SMSG_FAILURE);
1.36 markus 282: BN_clear_free(challenge);
283: return 0;
284: }
1.1 markus 285:
286: /* Compute and send a response to the challenge. */
287: respond_to_rsa_challenge(challenge, private->rsa);
288:
1.38 markus 289: /* Destroy the private key unless it in external hardware. */
290: if (!(private->flags & KEY_FLAG_EXT))
291: key_free(private);
1.1 markus 292:
293: /* We no longer need the challenge. */
294: BN_clear_free(challenge);
295:
296: /* Wait for response from the server. */
1.47 markus 297: type = packet_read();
1.1 markus 298: if (type == SSH_SMSG_SUCCESS) {
299: debug("RSA authentication accepted by server.");
300: return 1;
301: }
302: if (type != SSH_SMSG_FAILURE)
303: packet_disconnect("Protocol error waiting RSA auth response: %d", type);
304: debug("RSA authentication refused.");
305: return 0;
306: }
307:
308: /*
309: * Tries to authenticate the user using combined rhosts or /etc/hosts.equiv
310: * authentication and RSA host authentication.
311: */
1.35 itojun 312: static int
1.29 markus 313: try_rhosts_rsa_authentication(const char *local_user, Key * host_key)
1.1 markus 314: {
315: int type;
316: BIGNUM *challenge;
317:
318: debug("Trying rhosts or /etc/hosts.equiv with RSA host authentication.");
319:
320: /* Tell the server that we are willing to authenticate using this key. */
321: packet_start(SSH_CMSG_AUTH_RHOSTS_RSA);
1.33 markus 322: packet_put_cstring(local_user);
1.29 markus 323: packet_put_int(BN_num_bits(host_key->rsa->n));
324: packet_put_bignum(host_key->rsa->e);
325: packet_put_bignum(host_key->rsa->n);
1.1 markus 326: packet_send();
327: packet_write_wait();
328:
329: /* Wait for server's response. */
1.47 markus 330: type = packet_read();
1.1 markus 331:
332: /* The server responds with failure if it doesn't admit our
333: .rhosts authentication or doesn't know our host key. */
334: if (type == SSH_SMSG_FAILURE) {
335: debug("Server refused our rhosts authentication or host key.");
336: return 0;
337: }
338: /* Otherwise, the server should respond with a challenge. */
339: if (type != SSH_SMSG_AUTH_RSA_CHALLENGE)
340: packet_disconnect("Protocol error during RSA authentication: %d", type);
341:
342: /* Get the challenge from the packet. */
1.43 markus 343: if ((challenge = BN_new()) == NULL)
344: fatal("try_rhosts_rsa_authentication: BN_new failed");
1.46 markus 345: packet_get_bignum(challenge);
1.45 markus 346: packet_check_eom();
1.1 markus 347:
348: debug("Received RSA challenge for host key from server.");
349:
350: /* Compute a response to the challenge. */
1.29 markus 351: respond_to_rsa_challenge(challenge, host_key->rsa);
1.1 markus 352:
353: /* We no longer need the challenge. */
354: BN_clear_free(challenge);
355:
356: /* Wait for response from the server. */
1.47 markus 357: type = packet_read();
1.1 markus 358: if (type == SSH_SMSG_SUCCESS) {
359: debug("Rhosts or /etc/hosts.equiv with RSA host authentication accepted by server.");
360: return 1;
361: }
362: if (type != SSH_SMSG_FAILURE)
363: packet_disconnect("Protocol error waiting RSA auth response: %d", type);
364: debug("Rhosts or /etc/hosts.equiv with RSA host authentication refused.");
365: return 0;
366: }
367:
368: /*
369: * Tries to authenticate with any string-based challenge/response system.
370: * Note that the client code is not tied to s/key or TIS.
371: */
1.35 itojun 372: static int
1.32 markus 373: try_challenge_response_authentication(void)
1.1 markus 374: {
375: int type, i;
1.13 markus 376: u_int clen;
1.12 markus 377: char prompt[1024];
1.1 markus 378: char *challenge, *response;
1.40 markus 379:
380: debug("Doing challenge response authentication.");
381:
1.12 markus 382: for (i = 0; i < options.number_of_password_prompts; i++) {
383: /* request a challenge */
384: packet_start(SSH_CMSG_AUTH_TIS);
385: packet_send();
386: packet_write_wait();
1.1 markus 387:
1.47 markus 388: type = packet_read();
1.12 markus 389: if (type != SSH_SMSG_FAILURE &&
390: type != SSH_SMSG_AUTH_TIS_CHALLENGE) {
391: packet_disconnect("Protocol error: got %d in response "
1.20 markus 392: "to SSH_CMSG_AUTH_TIS", type);
1.12 markus 393: }
394: if (type != SSH_SMSG_AUTH_TIS_CHALLENGE) {
1.20 markus 395: debug("No challenge.");
1.12 markus 396: return 0;
397: }
398: challenge = packet_get_string(&clen);
1.45 markus 399: packet_check_eom();
1.16 markus 400: snprintf(prompt, sizeof prompt, "%s%s", challenge,
1.42 deraadt 401: strchr(challenge, '\n') ? "" : "\nResponse: ");
1.12 markus 402: xfree(challenge);
1.1 markus 403: if (i != 0)
404: error("Permission denied, please try again.");
1.12 markus 405: if (options.cipher == SSH_CIPHER_NONE)
1.53 itojun 406: logit("WARNING: Encryption is disabled! "
1.50 stevesk 407: "Response will be transmitted in clear text.");
1.12 markus 408: response = read_passphrase(prompt, 0);
409: if (strcmp(response, "") == 0) {
410: xfree(response);
411: break;
412: }
1.1 markus 413: packet_start(SSH_CMSG_AUTH_TIS_RESPONSE);
1.27 markus 414: ssh_put_password(response);
1.1 markus 415: memset(response, 0, strlen(response));
416: xfree(response);
417: packet_send();
418: packet_write_wait();
1.47 markus 419: type = packet_read();
1.1 markus 420: if (type == SSH_SMSG_SUCCESS)
421: return 1;
422: if (type != SSH_SMSG_FAILURE)
423: packet_disconnect("Protocol error: got %d in response "
1.20 markus 424: "to SSH_CMSG_AUTH_TIS_RESPONSE", type);
1.1 markus 425: }
426: /* failure */
427: return 0;
428: }
429:
430: /*
431: * Tries to authenticate with plain passwd authentication.
432: */
1.35 itojun 433: static int
1.1 markus 434: try_password_authentication(char *prompt)
435: {
1.47 markus 436: int type, i;
1.1 markus 437: char *password;
438:
439: debug("Doing password authentication.");
440: if (options.cipher == SSH_CIPHER_NONE)
1.53 itojun 441: logit("WARNING: Encryption is disabled! Password will be transmitted in clear text.");
1.1 markus 442: for (i = 0; i < options.number_of_password_prompts; i++) {
443: if (i != 0)
444: error("Permission denied, please try again.");
445: password = read_passphrase(prompt, 0);
446: packet_start(SSH_CMSG_AUTH_PASSWORD);
1.27 markus 447: ssh_put_password(password);
1.1 markus 448: memset(password, 0, strlen(password));
449: xfree(password);
450: packet_send();
451: packet_write_wait();
452:
1.47 markus 453: type = packet_read();
1.1 markus 454: if (type == SSH_SMSG_SUCCESS)
455: return 1;
456: if (type != SSH_SMSG_FAILURE)
457: packet_disconnect("Protocol error: got %d in response to passwd auth", type);
458: }
459: /* failure */
460: return 0;
461: }
462:
463: /*
464: * SSH1 key exchange
465: */
466: void
467: ssh_kex(char *host, struct sockaddr *hostaddr)
468: {
469: int i;
470: BIGNUM *key;
1.43 markus 471: Key *host_key, *server_key;
1.1 markus 472: int bits, rbits;
473: int ssh_cipher_default = SSH_CIPHER_3DES;
1.13 markus 474: u_char session_key[SSH_SESSION_KEY_LENGTH];
475: u_char cookie[8];
476: u_int supported_ciphers;
477: u_int server_flags, client_flags;
1.59 avsm 478: u_int32_t rnd = 0;
1.1 markus 479:
480: debug("Waiting for server public key.");
481:
482: /* Wait for a public key packet from the server. */
1.47 markus 483: packet_read_expect(SSH_SMSG_PUBLIC_KEY);
1.1 markus 484:
485: /* Get cookie from the packet. */
486: for (i = 0; i < 8; i++)
487: cookie[i] = packet_get_char();
488:
489: /* Get the public key. */
1.43 markus 490: server_key = key_new(KEY_RSA1);
491: bits = packet_get_int();
1.46 markus 492: packet_get_bignum(server_key->rsa->e);
493: packet_get_bignum(server_key->rsa->n);
1.1 markus 494:
1.43 markus 495: rbits = BN_num_bits(server_key->rsa->n);
1.1 markus 496: if (bits != rbits) {
1.53 itojun 497: logit("Warning: Server lies about size of server public key: "
1.1 markus 498: "actual size is %d bits vs. announced %d.", rbits, bits);
1.53 itojun 499: logit("Warning: This may be due to an old implementation of ssh.");
1.1 markus 500: }
501: /* Get the host key. */
1.43 markus 502: host_key = key_new(KEY_RSA1);
503: bits = packet_get_int();
1.46 markus 504: packet_get_bignum(host_key->rsa->e);
505: packet_get_bignum(host_key->rsa->n);
1.1 markus 506:
1.43 markus 507: rbits = BN_num_bits(host_key->rsa->n);
1.1 markus 508: if (bits != rbits) {
1.53 itojun 509: logit("Warning: Server lies about size of server host key: "
1.1 markus 510: "actual size is %d bits vs. announced %d.", rbits, bits);
1.53 itojun 511: logit("Warning: This may be due to an old implementation of ssh.");
1.1 markus 512: }
513:
514: /* Get protocol flags. */
515: server_flags = packet_get_int();
516: packet_set_protocol_flags(server_flags);
517:
518: supported_ciphers = packet_get_int();
519: supported_authentications = packet_get_int();
1.45 markus 520: packet_check_eom();
1.1 markus 521:
522: debug("Received server public key (%d bits) and host key (%d bits).",
1.43 markus 523: BN_num_bits(server_key->rsa->n), BN_num_bits(host_key->rsa->n));
1.1 markus 524:
1.43 markus 525: if (verify_host_key(host, hostaddr, host_key) == -1)
1.41 markus 526: fatal("Host key verification failed.");
1.1 markus 527:
528: client_flags = SSH_PROTOFLAG_SCREEN_NUMBER | SSH_PROTOFLAG_HOST_IN_FWD_OPEN;
529:
1.58 djm 530: derive_ssh1_session_id(host_key->rsa->n, server_key->rsa->n, cookie, session_id);
1.1 markus 531:
532: /* Generate a session key. */
533: arc4random_stir();
534:
535: /*
536: * Generate an encryption key for the session. The key is a 256 bit
537: * random number, interpreted as a 32-byte key, with the least
538: * significant 8 bits being the first byte of the key.
539: */
540: for (i = 0; i < 32; i++) {
541: if (i % 4 == 0)
1.59 avsm 542: rnd = arc4random();
543: session_key[i] = rnd & 0xff;
544: rnd >>= 8;
1.1 markus 545: }
546:
547: /*
548: * According to the protocol spec, the first byte of the session key
549: * is the highest byte of the integer. The session key is xored with
550: * the first 16 bytes of the session id.
551: */
1.43 markus 552: if ((key = BN_new()) == NULL)
553: fatal("respond_to_rsa_challenge: BN_new failed");
1.1 markus 554: BN_set_word(key, 0);
555: for (i = 0; i < SSH_SESSION_KEY_LENGTH; i++) {
556: BN_lshift(key, key, 8);
557: if (i < 16)
558: BN_add_word(key, session_key[i] ^ session_id[i]);
559: else
560: BN_add_word(key, session_key[i]);
561: }
562:
563: /*
564: * Encrypt the integer using the public key and host key of the
565: * server (key with smaller modulus first).
566: */
1.43 markus 567: if (BN_cmp(server_key->rsa->n, host_key->rsa->n) < 0) {
1.1 markus 568: /* Public key has smaller modulus. */
1.43 markus 569: if (BN_num_bits(host_key->rsa->n) <
570: BN_num_bits(server_key->rsa->n) + SSH_KEY_BITS_RESERVED) {
571: fatal("respond_to_rsa_challenge: host_key %d < server_key %d + "
1.42 deraadt 572: "SSH_KEY_BITS_RESERVED %d",
1.43 markus 573: BN_num_bits(host_key->rsa->n),
574: BN_num_bits(server_key->rsa->n),
1.42 deraadt 575: SSH_KEY_BITS_RESERVED);
1.1 markus 576: }
1.43 markus 577: rsa_public_encrypt(key, key, server_key->rsa);
578: rsa_public_encrypt(key, key, host_key->rsa);
1.1 markus 579: } else {
580: /* Host key has smaller modulus (or they are equal). */
1.43 markus 581: if (BN_num_bits(server_key->rsa->n) <
582: BN_num_bits(host_key->rsa->n) + SSH_KEY_BITS_RESERVED) {
583: fatal("respond_to_rsa_challenge: server_key %d < host_key %d + "
1.42 deraadt 584: "SSH_KEY_BITS_RESERVED %d",
1.43 markus 585: BN_num_bits(server_key->rsa->n),
586: BN_num_bits(host_key->rsa->n),
1.42 deraadt 587: SSH_KEY_BITS_RESERVED);
1.1 markus 588: }
1.43 markus 589: rsa_public_encrypt(key, key, host_key->rsa);
590: rsa_public_encrypt(key, key, server_key->rsa);
1.1 markus 591: }
592:
593: /* Destroy the public keys since we no longer need them. */
1.43 markus 594: key_free(server_key);
595: key_free(host_key);
1.1 markus 596:
1.11 markus 597: if (options.cipher == SSH_CIPHER_NOT_SET) {
598: if (cipher_mask_ssh1(1) & supported_ciphers & (1 << ssh_cipher_default))
599: options.cipher = ssh_cipher_default;
1.60 markus 600: } else if (options.cipher == SSH_CIPHER_INVALID ||
1.10 markus 601: !(cipher_mask_ssh1(1) & (1 << options.cipher))) {
1.53 itojun 602: logit("No valid SSH1 cipher, using %.100s instead.",
1.7 markus 603: cipher_name(ssh_cipher_default));
604: options.cipher = ssh_cipher_default;
1.1 markus 605: }
606: /* Check that the selected cipher is supported. */
607: if (!(supported_ciphers & (1 << options.cipher)))
608: fatal("Selected cipher type %.100s not supported by server.",
1.42 deraadt 609: cipher_name(options.cipher));
1.1 markus 610:
611: debug("Encryption type: %.100s", cipher_name(options.cipher));
612:
613: /* Send the encrypted session key to the server. */
614: packet_start(SSH_CMSG_SESSION_KEY);
615: packet_put_char(options.cipher);
616:
617: /* Send the cookie back to the server. */
618: for (i = 0; i < 8; i++)
619: packet_put_char(cookie[i]);
620:
621: /* Send and destroy the encrypted encryption key integer. */
622: packet_put_bignum(key);
623: BN_clear_free(key);
624:
625: /* Send protocol flags. */
626: packet_put_int(client_flags);
627:
628: /* Send the packet now. */
629: packet_send();
630: packet_write_wait();
631:
632: debug("Sent encrypted session key.");
633:
634: /* Set the encryption key. */
635: packet_set_encryption_key(session_key, SSH_SESSION_KEY_LENGTH, options.cipher);
636:
637: /* We will no longer need the session key here. Destroy any extra copies. */
638: memset(session_key, 0, sizeof(session_key));
639:
640: /*
641: * Expect a success message from the server. Note that this message
642: * will be received in encrypted form.
643: */
1.47 markus 644: packet_read_expect(SSH_SMSG_SUCCESS);
1.1 markus 645:
646: debug("Received encrypted confirmation.");
647: }
648:
649: /*
650: * Authenticate user
651: */
652: void
1.30 markus 653: ssh_userauth1(const char *local_user, const char *server_user, char *host,
1.51 markus 654: Sensitive *sensitive)
1.1 markus 655: {
656: int i, type;
1.42 deraadt 657:
1.1 markus 658: if (supported_authentications == 0)
1.30 markus 659: fatal("ssh_userauth1: server supports no auth methods");
1.1 markus 660:
661: /* Send the name of the user to log in as on the server. */
662: packet_start(SSH_CMSG_USER);
1.33 markus 663: packet_put_cstring(server_user);
1.1 markus 664: packet_send();
665: packet_write_wait();
666:
667: /*
668: * The server should respond with success if no authentication is
669: * needed (the user has no password). Otherwise the server responds
670: * with failure.
671: */
1.47 markus 672: type = packet_read();
1.1 markus 673:
674: /* check whether the connection was accepted without authentication. */
675: if (type == SSH_SMSG_SUCCESS)
1.37 dugsong 676: goto success;
1.1 markus 677: if (type != SSH_SMSG_FAILURE)
1.37 dugsong 678: packet_disconnect("Protocol error: got %d in response to SSH_CMSG_USER", type);
1.42 deraadt 679:
1.1 markus 680: /*
681: * Try .rhosts or /etc/hosts.equiv authentication with RSA host
682: * authentication.
683: */
684: if ((supported_authentications & (1 << SSH_AUTH_RHOSTS_RSA)) &&
1.30 markus 685: options.rhosts_rsa_authentication) {
1.51 markus 686: for (i = 0; i < sensitive->nkeys; i++) {
687: if (sensitive->keys[i] != NULL &&
688: sensitive->keys[i]->type == KEY_RSA1 &&
689: try_rhosts_rsa_authentication(local_user,
690: sensitive->keys[i]))
1.37 dugsong 691: goto success;
1.30 markus 692: }
1.1 markus 693: }
694: /* Try RSA authentication if the server supports it. */
695: if ((supported_authentications & (1 << SSH_AUTH_RSA)) &&
696: options.rsa_authentication) {
697: /*
698: * Try RSA authentication using the authentication agent. The
699: * agent is tried first because no passphrase is needed for
700: * it, whereas identity files may require passphrases.
701: */
702: if (try_agent_authentication())
1.37 dugsong 703: goto success;
1.1 markus 704:
705: /* Try RSA authentication for each identity. */
706: for (i = 0; i < options.num_identity_files; i++)
1.28 markus 707: if (options.identity_keys[i] != NULL &&
708: options.identity_keys[i]->type == KEY_RSA1 &&
1.38 markus 709: try_rsa_authentication(i))
1.37 dugsong 710: goto success;
1.1 markus 711: }
1.20 markus 712: /* Try challenge response authentication if the server supports it. */
1.1 markus 713: if ((supported_authentications & (1 << SSH_AUTH_TIS)) &&
1.32 markus 714: options.challenge_response_authentication && !options.batch_mode) {
715: if (try_challenge_response_authentication())
1.37 dugsong 716: goto success;
1.1 markus 717: }
718: /* Try password authentication if the server supports it. */
719: if ((supported_authentications & (1 << SSH_AUTH_PASSWORD)) &&
720: options.password_authentication && !options.batch_mode) {
721: char prompt[80];
722:
1.23 itojun 723: snprintf(prompt, sizeof(prompt), "%.30s@%.128s's password: ",
1.1 markus 724: server_user, host);
725: if (try_password_authentication(prompt))
1.37 dugsong 726: goto success;
1.1 markus 727: }
728: /* All authentication methods have failed. Exit with an error message. */
729: fatal("Permission denied.");
730: /* NOTREACHED */
1.37 dugsong 731:
732: success:
1.39 stevesk 733: return; /* need statement after label */
1.1 markus 734: }