Annotation of src/usr.bin/ssh/sshconnect1.c, Revision 1.66
1.66 ! stevesk 1: /* $OpenBSD: sshconnect1.c,v 1.65 2006/04/25 08:02:27 dtucker Exp $ */
1.1 markus 2: /*
3: * Author: Tatu Ylonen <ylo@cs.hut.fi>
4: * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5: * All rights reserved
6: * Code to connect to a remote host, and to perform the client side of the
7: * login (authentication) dialog.
8: *
1.6 deraadt 9: * As far as I am concerned, the code I have written for this software
10: * can be used freely for any purpose. Any derived versions of this
11: * software must be clearly marked as such, and if the derived work is
12: * incompatible with the protocol description in the RFC file, it must be
13: * called by a name other than "ssh" or "Secure Shell".
1.1 markus 14: */
15:
16: #include "includes.h"
17:
18: #include <openssl/bn.h>
1.48 markus 19: #include <openssl/md5.h>
1.66 ! stevesk 20:
! 21: #include <string.h>
1.1 markus 22:
1.18 markus 23: #include "ssh.h"
24: #include "ssh1.h"
1.1 markus 25: #include "xmalloc.h"
26: #include "rsa.h"
27: #include "buffer.h"
28: #include "packet.h"
1.58 djm 29: #include "kex.h"
1.1 markus 30: #include "uidswap.h"
1.18 markus 31: #include "log.h"
1.1 markus 32: #include "readconf.h"
33: #include "key.h"
1.4 markus 34: #include "authfd.h"
1.1 markus 35: #include "sshconnect.h"
36: #include "authfile.h"
1.57 djm 37: #include "misc.h"
1.18 markus 38: #include "cipher.h"
39: #include "canohost.h"
1.37 dugsong 40: #include "auth.h"
1.1 markus 41:
42: /* Session id for the current session. */
1.13 markus 43: u_char session_id[16];
44: u_int supported_authentications = 0;
1.1 markus 45:
46: extern Options options;
47: extern char *__progname;
48:
49: /*
50: * Checks if the user has an authentication agent, and if so, tries to
51: * authenticate using the agent.
52: */
1.35 itojun 53: static int
1.24 itojun 54: try_agent_authentication(void)
1.1 markus 55: {
1.5 markus 56: int type;
1.1 markus 57: char *comment;
58: AuthenticationConnection *auth;
1.13 markus 59: u_char response[16];
60: u_int i;
1.5 markus 61: Key *key;
62: BIGNUM *challenge;
1.1 markus 63:
64: /* Get connection to the agent. */
65: auth = ssh_get_authentication_connection();
66: if (!auth)
67: return 0;
68:
1.43 markus 69: if ((challenge = BN_new()) == NULL)
70: fatal("try_agent_authentication: BN_new failed");
1.1 markus 71: /* Loop through identities served by the agent. */
1.5 markus 72: for (key = ssh_get_first_identity(auth, &comment, 1);
1.42 deraadt 73: key != NULL;
74: key = ssh_get_next_identity(auth, &comment, 1)) {
1.1 markus 75:
76: /* Try this identity. */
77: debug("Trying RSA authentication via agent with '%.100s'", comment);
78: xfree(comment);
79:
80: /* Tell the server that we are willing to authenticate using this key. */
81: packet_start(SSH_CMSG_AUTH_RSA);
1.5 markus 82: packet_put_bignum(key->rsa->n);
1.1 markus 83: packet_send();
84: packet_write_wait();
85:
86: /* Wait for server's response. */
1.47 markus 87: type = packet_read();
1.1 markus 88:
1.62 djm 89: /* The server sends failure if it doesn't like our key or
1.1 markus 90: does not support RSA authentication. */
91: if (type == SSH_SMSG_FAILURE) {
92: debug("Server refused our key.");
1.5 markus 93: key_free(key);
1.1 markus 94: continue;
95: }
96: /* Otherwise it should have sent a challenge. */
97: if (type != SSH_SMSG_AUTH_RSA_CHALLENGE)
98: packet_disconnect("Protocol error during RSA authentication: %d",
99: type);
100:
1.46 markus 101: packet_get_bignum(challenge);
1.45 markus 102: packet_check_eom();
1.1 markus 103:
104: debug("Received RSA challenge from server.");
105:
106: /* Ask the agent to decrypt the challenge. */
1.5 markus 107: if (!ssh_decrypt_challenge(auth, key, challenge, session_id, 1, response)) {
108: /*
109: * The agent failed to authenticate this identifier
110: * although it advertised it supports this. Just
111: * return a wrong value.
112: */
1.53 itojun 113: logit("Authentication agent failed to decrypt challenge.");
1.1 markus 114: memset(response, 0, sizeof(response));
115: }
1.5 markus 116: key_free(key);
1.1 markus 117: debug("Sending response to RSA challenge.");
118:
119: /* Send the decrypted challenge back to the server. */
120: packet_start(SSH_CMSG_AUTH_RSA_RESPONSE);
121: for (i = 0; i < 16; i++)
122: packet_put_char(response[i]);
123: packet_send();
124: packet_write_wait();
125:
126: /* Wait for response from the server. */
1.47 markus 127: type = packet_read();
1.1 markus 128:
129: /* The server returns success if it accepted the authentication. */
130: if (type == SSH_SMSG_SUCCESS) {
1.14 markus 131: ssh_close_authentication_connection(auth);
1.5 markus 132: BN_clear_free(challenge);
1.1 markus 133: debug("RSA authentication accepted by server.");
134: return 1;
135: }
136: /* Otherwise it should return failure. */
137: if (type != SSH_SMSG_FAILURE)
138: packet_disconnect("Protocol error waiting RSA auth response: %d",
139: type);
140: }
1.14 markus 141: ssh_close_authentication_connection(auth);
1.1 markus 142: BN_clear_free(challenge);
143: debug("RSA authentication using agent refused.");
144: return 0;
145: }
146:
147: /*
148: * Computes the proper response to a RSA challenge, and sends the response to
149: * the server.
150: */
1.35 itojun 151: static void
1.1 markus 152: respond_to_rsa_challenge(BIGNUM * challenge, RSA * prv)
153: {
1.13 markus 154: u_char buf[32], response[16];
1.1 markus 155: MD5_CTX md;
156: int i, len;
157:
158: /* Decrypt the challenge using the private key. */
1.21 markus 159: /* XXX think about Bleichenbacher, too */
160: if (rsa_private_decrypt(challenge, challenge, prv) <= 0)
161: packet_disconnect(
162: "respond_to_rsa_challenge: rsa_private_decrypt failed");
1.1 markus 163:
164: /* Compute the response. */
165: /* The response is MD5 of decrypted challenge plus session id. */
166: len = BN_num_bytes(challenge);
1.61 djm 167: if (len <= 0 || (u_int)len > sizeof(buf))
1.21 markus 168: packet_disconnect(
169: "respond_to_rsa_challenge: bad challenge length %d", len);
1.1 markus 170:
171: memset(buf, 0, sizeof(buf));
172: BN_bn2bin(challenge, buf + sizeof(buf) - len);
173: MD5_Init(&md);
174: MD5_Update(&md, buf, 32);
175: MD5_Update(&md, session_id, 16);
176: MD5_Final(response, &md);
177:
178: debug("Sending response to host key RSA challenge.");
179:
180: /* Send the response back to the server. */
181: packet_start(SSH_CMSG_AUTH_RSA_RESPONSE);
182: for (i = 0; i < 16; i++)
183: packet_put_char(response[i]);
184: packet_send();
185: packet_write_wait();
186:
187: memset(buf, 0, sizeof(buf));
188: memset(response, 0, sizeof(response));
189: memset(&md, 0, sizeof(md));
190: }
191:
192: /*
193: * Checks if the user has authentication file, and if so, tries to authenticate
194: * the user using it.
195: */
1.35 itojun 196: static int
1.38 markus 197: try_rsa_authentication(int idx)
1.1 markus 198: {
199: BIGNUM *challenge;
1.36 markus 200: Key *public, *private;
1.38 markus 201: char buf[300], *passphrase, *comment, *authfile;
1.65 dtucker 202: int i, perm_ok = 1, type, quit;
1.1 markus 203:
1.38 markus 204: public = options.identity_keys[idx];
205: authfile = options.identity_files[idx];
206: comment = xstrdup(authfile);
207:
1.1 markus 208: debug("Trying RSA authentication with key '%.100s'", comment);
209:
210: /* Tell the server that we are willing to authenticate using this key. */
211: packet_start(SSH_CMSG_AUTH_RSA);
212: packet_put_bignum(public->rsa->n);
213: packet_send();
214: packet_write_wait();
215:
216: /* Wait for server's response. */
1.47 markus 217: type = packet_read();
1.1 markus 218:
219: /*
1.62 djm 220: * The server responds with failure if it doesn't like our key or
221: * doesn't support RSA authentication.
1.1 markus 222: */
223: if (type == SSH_SMSG_FAILURE) {
224: debug("Server refused our key.");
225: xfree(comment);
226: return 0;
227: }
228: /* Otherwise, the server should respond with a challenge. */
229: if (type != SSH_SMSG_AUTH_RSA_CHALLENGE)
230: packet_disconnect("Protocol error during RSA authentication: %d", type);
231:
232: /* Get the challenge from the packet. */
1.43 markus 233: if ((challenge = BN_new()) == NULL)
234: fatal("try_rsa_authentication: BN_new failed");
1.46 markus 235: packet_get_bignum(challenge);
1.45 markus 236: packet_check_eom();
1.1 markus 237:
238: debug("Received RSA challenge from server.");
239:
240: /*
1.38 markus 241: * If the key is not stored in external hardware, we have to
242: * load the private key. Try first with empty passphrase; if it
1.1 markus 243: * fails, ask for a passphrase.
244: */
1.52 aaron 245: if (public->flags & KEY_FLAG_EXT)
1.38 markus 246: private = public;
247: else
1.65 dtucker 248: private = key_load_private_type(KEY_RSA1, authfile, "", NULL,
249: &perm_ok);
250: if (private == NULL && !options.batch_mode && perm_ok) {
1.36 markus 251: snprintf(buf, sizeof(buf),
252: "Enter passphrase for RSA key '%.100s': ", comment);
253: for (i = 0; i < options.number_of_password_prompts; i++) {
1.1 markus 254: passphrase = read_passphrase(buf, 0);
1.36 markus 255: if (strcmp(passphrase, "") != 0) {
256: private = key_load_private_type(KEY_RSA1,
1.65 dtucker 257: authfile, passphrase, NULL, NULL);
1.36 markus 258: quit = 0;
259: } else {
260: debug2("no passphrase given, try next key");
261: quit = 1;
262: }
1.1 markus 263: memset(passphrase, 0, strlen(passphrase));
264: xfree(passphrase);
1.36 markus 265: if (private != NULL || quit)
266: break;
267: debug2("bad passphrase given, try again...");
1.1 markus 268: }
269: }
270: /* We no longer need the comment. */
271: xfree(comment);
1.36 markus 272:
273: if (private == NULL) {
1.65 dtucker 274: if (!options.batch_mode && perm_ok)
1.36 markus 275: error("Bad passphrase.");
276:
277: /* Send a dummy response packet to avoid protocol error. */
278: packet_start(SSH_CMSG_AUTH_RSA_RESPONSE);
279: for (i = 0; i < 16; i++)
280: packet_put_char(0);
281: packet_send();
282: packet_write_wait();
283:
284: /* Expect the server to reject it... */
1.47 markus 285: packet_read_expect(SSH_SMSG_FAILURE);
1.36 markus 286: BN_clear_free(challenge);
287: return 0;
288: }
1.1 markus 289:
290: /* Compute and send a response to the challenge. */
291: respond_to_rsa_challenge(challenge, private->rsa);
292:
1.38 markus 293: /* Destroy the private key unless it in external hardware. */
294: if (!(private->flags & KEY_FLAG_EXT))
295: key_free(private);
1.1 markus 296:
297: /* We no longer need the challenge. */
298: BN_clear_free(challenge);
299:
300: /* Wait for response from the server. */
1.47 markus 301: type = packet_read();
1.1 markus 302: if (type == SSH_SMSG_SUCCESS) {
303: debug("RSA authentication accepted by server.");
304: return 1;
305: }
306: if (type != SSH_SMSG_FAILURE)
307: packet_disconnect("Protocol error waiting RSA auth response: %d", type);
308: debug("RSA authentication refused.");
309: return 0;
310: }
311:
312: /*
313: * Tries to authenticate the user using combined rhosts or /etc/hosts.equiv
314: * authentication and RSA host authentication.
315: */
1.35 itojun 316: static int
1.29 markus 317: try_rhosts_rsa_authentication(const char *local_user, Key * host_key)
1.1 markus 318: {
319: int type;
320: BIGNUM *challenge;
321:
322: debug("Trying rhosts or /etc/hosts.equiv with RSA host authentication.");
323:
324: /* Tell the server that we are willing to authenticate using this key. */
325: packet_start(SSH_CMSG_AUTH_RHOSTS_RSA);
1.33 markus 326: packet_put_cstring(local_user);
1.29 markus 327: packet_put_int(BN_num_bits(host_key->rsa->n));
328: packet_put_bignum(host_key->rsa->e);
329: packet_put_bignum(host_key->rsa->n);
1.1 markus 330: packet_send();
331: packet_write_wait();
332:
333: /* Wait for server's response. */
1.47 markus 334: type = packet_read();
1.1 markus 335:
336: /* The server responds with failure if it doesn't admit our
337: .rhosts authentication or doesn't know our host key. */
338: if (type == SSH_SMSG_FAILURE) {
339: debug("Server refused our rhosts authentication or host key.");
340: return 0;
341: }
342: /* Otherwise, the server should respond with a challenge. */
343: if (type != SSH_SMSG_AUTH_RSA_CHALLENGE)
344: packet_disconnect("Protocol error during RSA authentication: %d", type);
345:
346: /* Get the challenge from the packet. */
1.43 markus 347: if ((challenge = BN_new()) == NULL)
348: fatal("try_rhosts_rsa_authentication: BN_new failed");
1.46 markus 349: packet_get_bignum(challenge);
1.45 markus 350: packet_check_eom();
1.1 markus 351:
352: debug("Received RSA challenge for host key from server.");
353:
354: /* Compute a response to the challenge. */
1.29 markus 355: respond_to_rsa_challenge(challenge, host_key->rsa);
1.1 markus 356:
357: /* We no longer need the challenge. */
358: BN_clear_free(challenge);
359:
360: /* Wait for response from the server. */
1.47 markus 361: type = packet_read();
1.1 markus 362: if (type == SSH_SMSG_SUCCESS) {
363: debug("Rhosts or /etc/hosts.equiv with RSA host authentication accepted by server.");
364: return 1;
365: }
366: if (type != SSH_SMSG_FAILURE)
367: packet_disconnect("Protocol error waiting RSA auth response: %d", type);
368: debug("Rhosts or /etc/hosts.equiv with RSA host authentication refused.");
369: return 0;
370: }
371:
372: /*
373: * Tries to authenticate with any string-based challenge/response system.
374: * Note that the client code is not tied to s/key or TIS.
375: */
1.35 itojun 376: static int
1.32 markus 377: try_challenge_response_authentication(void)
1.1 markus 378: {
379: int type, i;
1.13 markus 380: u_int clen;
1.12 markus 381: char prompt[1024];
1.1 markus 382: char *challenge, *response;
1.40 markus 383:
384: debug("Doing challenge response authentication.");
385:
1.12 markus 386: for (i = 0; i < options.number_of_password_prompts; i++) {
387: /* request a challenge */
388: packet_start(SSH_CMSG_AUTH_TIS);
389: packet_send();
390: packet_write_wait();
1.1 markus 391:
1.47 markus 392: type = packet_read();
1.12 markus 393: if (type != SSH_SMSG_FAILURE &&
394: type != SSH_SMSG_AUTH_TIS_CHALLENGE) {
395: packet_disconnect("Protocol error: got %d in response "
1.20 markus 396: "to SSH_CMSG_AUTH_TIS", type);
1.12 markus 397: }
398: if (type != SSH_SMSG_AUTH_TIS_CHALLENGE) {
1.20 markus 399: debug("No challenge.");
1.12 markus 400: return 0;
401: }
402: challenge = packet_get_string(&clen);
1.45 markus 403: packet_check_eom();
1.16 markus 404: snprintf(prompt, sizeof prompt, "%s%s", challenge,
1.42 deraadt 405: strchr(challenge, '\n') ? "" : "\nResponse: ");
1.12 markus 406: xfree(challenge);
1.1 markus 407: if (i != 0)
408: error("Permission denied, please try again.");
1.12 markus 409: if (options.cipher == SSH_CIPHER_NONE)
1.53 itojun 410: logit("WARNING: Encryption is disabled! "
1.50 stevesk 411: "Response will be transmitted in clear text.");
1.12 markus 412: response = read_passphrase(prompt, 0);
413: if (strcmp(response, "") == 0) {
414: xfree(response);
415: break;
416: }
1.1 markus 417: packet_start(SSH_CMSG_AUTH_TIS_RESPONSE);
1.27 markus 418: ssh_put_password(response);
1.1 markus 419: memset(response, 0, strlen(response));
420: xfree(response);
421: packet_send();
422: packet_write_wait();
1.47 markus 423: type = packet_read();
1.1 markus 424: if (type == SSH_SMSG_SUCCESS)
425: return 1;
426: if (type != SSH_SMSG_FAILURE)
427: packet_disconnect("Protocol error: got %d in response "
1.20 markus 428: "to SSH_CMSG_AUTH_TIS_RESPONSE", type);
1.1 markus 429: }
430: /* failure */
431: return 0;
432: }
433:
434: /*
435: * Tries to authenticate with plain passwd authentication.
436: */
1.35 itojun 437: static int
1.1 markus 438: try_password_authentication(char *prompt)
439: {
1.47 markus 440: int type, i;
1.1 markus 441: char *password;
442:
443: debug("Doing password authentication.");
444: if (options.cipher == SSH_CIPHER_NONE)
1.53 itojun 445: logit("WARNING: Encryption is disabled! Password will be transmitted in clear text.");
1.1 markus 446: for (i = 0; i < options.number_of_password_prompts; i++) {
447: if (i != 0)
448: error("Permission denied, please try again.");
449: password = read_passphrase(prompt, 0);
450: packet_start(SSH_CMSG_AUTH_PASSWORD);
1.27 markus 451: ssh_put_password(password);
1.1 markus 452: memset(password, 0, strlen(password));
453: xfree(password);
454: packet_send();
455: packet_write_wait();
456:
1.47 markus 457: type = packet_read();
1.1 markus 458: if (type == SSH_SMSG_SUCCESS)
459: return 1;
460: if (type != SSH_SMSG_FAILURE)
461: packet_disconnect("Protocol error: got %d in response to passwd auth", type);
462: }
463: /* failure */
464: return 0;
465: }
466:
467: /*
468: * SSH1 key exchange
469: */
470: void
471: ssh_kex(char *host, struct sockaddr *hostaddr)
472: {
473: int i;
474: BIGNUM *key;
1.43 markus 475: Key *host_key, *server_key;
1.1 markus 476: int bits, rbits;
477: int ssh_cipher_default = SSH_CIPHER_3DES;
1.13 markus 478: u_char session_key[SSH_SESSION_KEY_LENGTH];
479: u_char cookie[8];
480: u_int supported_ciphers;
481: u_int server_flags, client_flags;
1.59 avsm 482: u_int32_t rnd = 0;
1.1 markus 483:
484: debug("Waiting for server public key.");
485:
486: /* Wait for a public key packet from the server. */
1.47 markus 487: packet_read_expect(SSH_SMSG_PUBLIC_KEY);
1.1 markus 488:
489: /* Get cookie from the packet. */
490: for (i = 0; i < 8; i++)
491: cookie[i] = packet_get_char();
492:
493: /* Get the public key. */
1.43 markus 494: server_key = key_new(KEY_RSA1);
495: bits = packet_get_int();
1.46 markus 496: packet_get_bignum(server_key->rsa->e);
497: packet_get_bignum(server_key->rsa->n);
1.1 markus 498:
1.43 markus 499: rbits = BN_num_bits(server_key->rsa->n);
1.1 markus 500: if (bits != rbits) {
1.53 itojun 501: logit("Warning: Server lies about size of server public key: "
1.1 markus 502: "actual size is %d bits vs. announced %d.", rbits, bits);
1.53 itojun 503: logit("Warning: This may be due to an old implementation of ssh.");
1.1 markus 504: }
505: /* Get the host key. */
1.43 markus 506: host_key = key_new(KEY_RSA1);
507: bits = packet_get_int();
1.46 markus 508: packet_get_bignum(host_key->rsa->e);
509: packet_get_bignum(host_key->rsa->n);
1.1 markus 510:
1.43 markus 511: rbits = BN_num_bits(host_key->rsa->n);
1.1 markus 512: if (bits != rbits) {
1.53 itojun 513: logit("Warning: Server lies about size of server host key: "
1.1 markus 514: "actual size is %d bits vs. announced %d.", rbits, bits);
1.53 itojun 515: logit("Warning: This may be due to an old implementation of ssh.");
1.1 markus 516: }
517:
518: /* Get protocol flags. */
519: server_flags = packet_get_int();
520: packet_set_protocol_flags(server_flags);
521:
522: supported_ciphers = packet_get_int();
523: supported_authentications = packet_get_int();
1.45 markus 524: packet_check_eom();
1.1 markus 525:
526: debug("Received server public key (%d bits) and host key (%d bits).",
1.43 markus 527: BN_num_bits(server_key->rsa->n), BN_num_bits(host_key->rsa->n));
1.1 markus 528:
1.43 markus 529: if (verify_host_key(host, hostaddr, host_key) == -1)
1.41 markus 530: fatal("Host key verification failed.");
1.1 markus 531:
532: client_flags = SSH_PROTOFLAG_SCREEN_NUMBER | SSH_PROTOFLAG_HOST_IN_FWD_OPEN;
533:
1.58 djm 534: derive_ssh1_session_id(host_key->rsa->n, server_key->rsa->n, cookie, session_id);
1.1 markus 535:
536: /* Generate a session key. */
537: arc4random_stir();
538:
539: /*
540: * Generate an encryption key for the session. The key is a 256 bit
541: * random number, interpreted as a 32-byte key, with the least
542: * significant 8 bits being the first byte of the key.
543: */
544: for (i = 0; i < 32; i++) {
545: if (i % 4 == 0)
1.59 avsm 546: rnd = arc4random();
547: session_key[i] = rnd & 0xff;
548: rnd >>= 8;
1.1 markus 549: }
550:
551: /*
552: * According to the protocol spec, the first byte of the session key
553: * is the highest byte of the integer. The session key is xored with
554: * the first 16 bytes of the session id.
555: */
1.43 markus 556: if ((key = BN_new()) == NULL)
557: fatal("respond_to_rsa_challenge: BN_new failed");
1.1 markus 558: BN_set_word(key, 0);
559: for (i = 0; i < SSH_SESSION_KEY_LENGTH; i++) {
560: BN_lshift(key, key, 8);
561: if (i < 16)
562: BN_add_word(key, session_key[i] ^ session_id[i]);
563: else
564: BN_add_word(key, session_key[i]);
565: }
566:
567: /*
568: * Encrypt the integer using the public key and host key of the
569: * server (key with smaller modulus first).
570: */
1.43 markus 571: if (BN_cmp(server_key->rsa->n, host_key->rsa->n) < 0) {
1.1 markus 572: /* Public key has smaller modulus. */
1.43 markus 573: if (BN_num_bits(host_key->rsa->n) <
574: BN_num_bits(server_key->rsa->n) + SSH_KEY_BITS_RESERVED) {
575: fatal("respond_to_rsa_challenge: host_key %d < server_key %d + "
1.42 deraadt 576: "SSH_KEY_BITS_RESERVED %d",
1.43 markus 577: BN_num_bits(host_key->rsa->n),
578: BN_num_bits(server_key->rsa->n),
1.42 deraadt 579: SSH_KEY_BITS_RESERVED);
1.1 markus 580: }
1.43 markus 581: rsa_public_encrypt(key, key, server_key->rsa);
582: rsa_public_encrypt(key, key, host_key->rsa);
1.1 markus 583: } else {
584: /* Host key has smaller modulus (or they are equal). */
1.43 markus 585: if (BN_num_bits(server_key->rsa->n) <
586: BN_num_bits(host_key->rsa->n) + SSH_KEY_BITS_RESERVED) {
587: fatal("respond_to_rsa_challenge: server_key %d < host_key %d + "
1.42 deraadt 588: "SSH_KEY_BITS_RESERVED %d",
1.43 markus 589: BN_num_bits(server_key->rsa->n),
590: BN_num_bits(host_key->rsa->n),
1.42 deraadt 591: SSH_KEY_BITS_RESERVED);
1.1 markus 592: }
1.43 markus 593: rsa_public_encrypt(key, key, host_key->rsa);
594: rsa_public_encrypt(key, key, server_key->rsa);
1.1 markus 595: }
596:
597: /* Destroy the public keys since we no longer need them. */
1.43 markus 598: key_free(server_key);
599: key_free(host_key);
1.1 markus 600:
1.11 markus 601: if (options.cipher == SSH_CIPHER_NOT_SET) {
602: if (cipher_mask_ssh1(1) & supported_ciphers & (1 << ssh_cipher_default))
603: options.cipher = ssh_cipher_default;
1.60 markus 604: } else if (options.cipher == SSH_CIPHER_INVALID ||
1.10 markus 605: !(cipher_mask_ssh1(1) & (1 << options.cipher))) {
1.53 itojun 606: logit("No valid SSH1 cipher, using %.100s instead.",
1.7 markus 607: cipher_name(ssh_cipher_default));
608: options.cipher = ssh_cipher_default;
1.1 markus 609: }
610: /* Check that the selected cipher is supported. */
611: if (!(supported_ciphers & (1 << options.cipher)))
612: fatal("Selected cipher type %.100s not supported by server.",
1.42 deraadt 613: cipher_name(options.cipher));
1.1 markus 614:
615: debug("Encryption type: %.100s", cipher_name(options.cipher));
616:
617: /* Send the encrypted session key to the server. */
618: packet_start(SSH_CMSG_SESSION_KEY);
619: packet_put_char(options.cipher);
620:
621: /* Send the cookie back to the server. */
622: for (i = 0; i < 8; i++)
623: packet_put_char(cookie[i]);
624:
625: /* Send and destroy the encrypted encryption key integer. */
626: packet_put_bignum(key);
627: BN_clear_free(key);
628:
629: /* Send protocol flags. */
630: packet_put_int(client_flags);
631:
632: /* Send the packet now. */
633: packet_send();
634: packet_write_wait();
635:
636: debug("Sent encrypted session key.");
637:
638: /* Set the encryption key. */
639: packet_set_encryption_key(session_key, SSH_SESSION_KEY_LENGTH, options.cipher);
640:
641: /* We will no longer need the session key here. Destroy any extra copies. */
642: memset(session_key, 0, sizeof(session_key));
643:
644: /*
645: * Expect a success message from the server. Note that this message
646: * will be received in encrypted form.
647: */
1.47 markus 648: packet_read_expect(SSH_SMSG_SUCCESS);
1.1 markus 649:
650: debug("Received encrypted confirmation.");
651: }
652:
653: /*
654: * Authenticate user
655: */
656: void
1.30 markus 657: ssh_userauth1(const char *local_user, const char *server_user, char *host,
1.51 markus 658: Sensitive *sensitive)
1.1 markus 659: {
660: int i, type;
1.42 deraadt 661:
1.1 markus 662: if (supported_authentications == 0)
1.30 markus 663: fatal("ssh_userauth1: server supports no auth methods");
1.1 markus 664:
665: /* Send the name of the user to log in as on the server. */
666: packet_start(SSH_CMSG_USER);
1.33 markus 667: packet_put_cstring(server_user);
1.1 markus 668: packet_send();
669: packet_write_wait();
670:
671: /*
672: * The server should respond with success if no authentication is
673: * needed (the user has no password). Otherwise the server responds
674: * with failure.
675: */
1.47 markus 676: type = packet_read();
1.1 markus 677:
678: /* check whether the connection was accepted without authentication. */
679: if (type == SSH_SMSG_SUCCESS)
1.37 dugsong 680: goto success;
1.1 markus 681: if (type != SSH_SMSG_FAILURE)
1.37 dugsong 682: packet_disconnect("Protocol error: got %d in response to SSH_CMSG_USER", type);
1.42 deraadt 683:
1.1 markus 684: /*
685: * Try .rhosts or /etc/hosts.equiv authentication with RSA host
686: * authentication.
687: */
688: if ((supported_authentications & (1 << SSH_AUTH_RHOSTS_RSA)) &&
1.30 markus 689: options.rhosts_rsa_authentication) {
1.51 markus 690: for (i = 0; i < sensitive->nkeys; i++) {
691: if (sensitive->keys[i] != NULL &&
692: sensitive->keys[i]->type == KEY_RSA1 &&
693: try_rhosts_rsa_authentication(local_user,
694: sensitive->keys[i]))
1.37 dugsong 695: goto success;
1.30 markus 696: }
1.1 markus 697: }
698: /* Try RSA authentication if the server supports it. */
699: if ((supported_authentications & (1 << SSH_AUTH_RSA)) &&
700: options.rsa_authentication) {
701: /*
702: * Try RSA authentication using the authentication agent. The
703: * agent is tried first because no passphrase is needed for
704: * it, whereas identity files may require passphrases.
705: */
706: if (try_agent_authentication())
1.37 dugsong 707: goto success;
1.1 markus 708:
709: /* Try RSA authentication for each identity. */
710: for (i = 0; i < options.num_identity_files; i++)
1.28 markus 711: if (options.identity_keys[i] != NULL &&
712: options.identity_keys[i]->type == KEY_RSA1 &&
1.38 markus 713: try_rsa_authentication(i))
1.37 dugsong 714: goto success;
1.1 markus 715: }
1.20 markus 716: /* Try challenge response authentication if the server supports it. */
1.1 markus 717: if ((supported_authentications & (1 << SSH_AUTH_TIS)) &&
1.32 markus 718: options.challenge_response_authentication && !options.batch_mode) {
719: if (try_challenge_response_authentication())
1.37 dugsong 720: goto success;
1.1 markus 721: }
722: /* Try password authentication if the server supports it. */
723: if ((supported_authentications & (1 << SSH_AUTH_PASSWORD)) &&
724: options.password_authentication && !options.batch_mode) {
725: char prompt[80];
726:
1.23 itojun 727: snprintf(prompt, sizeof(prompt), "%.30s@%.128s's password: ",
1.1 markus 728: server_user, host);
729: if (try_password_authentication(prompt))
1.37 dugsong 730: goto success;
1.1 markus 731: }
732: /* All authentication methods have failed. Exit with an error message. */
733: fatal("Permission denied.");
734: /* NOTREACHED */
1.37 dugsong 735:
736: success:
1.39 stevesk 737: return; /* need statement after label */
1.1 markus 738: }