sshconnect1.c revision 262566
1/* $OpenBSD: sshconnect1.c,v 1.72 2013/09/02 22:00:34 deraadt Exp $ */ 2/* 3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 5 * All rights reserved 6 * Code to connect to a remote host, and to perform the client side of the 7 * login (authentication) dialog. 8 * 9 * As far as I am concerned, the code I have written for this software 10 * can be used freely for any purpose. Any derived versions of this 11 * software must be clearly marked as such, and if the derived work is 12 * incompatible with the protocol description in the RFC file, it must be 13 * called by a name other than "ssh" or "Secure Shell". 14 */ 15 16#include "includes.h" 17 18#include <sys/types.h> 19#include <sys/socket.h> 20 21#include <openssl/bn.h> 22#include <openssl/md5.h> 23 24#include <stdarg.h> 25#include <stdio.h> 26#include <stdlib.h> 27#include <string.h> 28#include <signal.h> 29#include <pwd.h> 30 31#include "xmalloc.h" 32#include "ssh.h" 33#include "ssh1.h" 34#include "rsa.h" 35#include "buffer.h" 36#include "packet.h" 37#include "key.h" 38#include "cipher.h" 39#include "kex.h" 40#include "uidswap.h" 41#include "log.h" 42#include "readconf.h" 43#include "authfd.h" 44#include "sshconnect.h" 45#include "authfile.h" 46#include "misc.h" 47#include "canohost.h" 48#include "hostfile.h" 49#include "auth.h" 50 51/* Session id for the current session. */ 52u_char session_id[16]; 53u_int supported_authentications = 0; 54 55extern Options options; 56extern char *__progname; 57 58/* 59 * Checks if the user has an authentication agent, and if so, tries to 60 * authenticate using the agent. 61 */ 62static int 63try_agent_authentication(void) 64{ 65 int type; 66 char *comment; 67 AuthenticationConnection *auth; 68 u_char response[16]; 69 u_int i; 70 Key *key; 71 BIGNUM *challenge; 72 73 /* Get connection to the agent. */ 74 auth = ssh_get_authentication_connection(); 75 if (!auth) 76 return 0; 77 78 if ((challenge = BN_new()) == NULL) 79 fatal("try_agent_authentication: BN_new failed"); 80 /* Loop through identities served by the agent. */ 81 for (key = ssh_get_first_identity(auth, &comment, 1); 82 key != NULL; 83 key = ssh_get_next_identity(auth, &comment, 1)) { 84 85 /* Try this identity. */ 86 debug("Trying RSA authentication via agent with '%.100s'", comment); 87 free(comment); 88 89 /* Tell the server that we are willing to authenticate using this key. */ 90 packet_start(SSH_CMSG_AUTH_RSA); 91 packet_put_bignum(key->rsa->n); 92 packet_send(); 93 packet_write_wait(); 94 95 /* Wait for server's response. */ 96 type = packet_read(); 97 98 /* The server sends failure if it doesn't like our key or 99 does not support RSA authentication. */ 100 if (type == SSH_SMSG_FAILURE) { 101 debug("Server refused our key."); 102 key_free(key); 103 continue; 104 } 105 /* Otherwise it should have sent a challenge. */ 106 if (type != SSH_SMSG_AUTH_RSA_CHALLENGE) 107 packet_disconnect("Protocol error during RSA authentication: %d", 108 type); 109 110 packet_get_bignum(challenge); 111 packet_check_eom(); 112 113 debug("Received RSA challenge from server."); 114 115 /* Ask the agent to decrypt the challenge. */ 116 if (!ssh_decrypt_challenge(auth, key, challenge, session_id, 1, response)) { 117 /* 118 * The agent failed to authenticate this identifier 119 * although it advertised it supports this. Just 120 * return a wrong value. 121 */ 122 logit("Authentication agent failed to decrypt challenge."); 123 memset(response, 0, sizeof(response)); 124 } 125 key_free(key); 126 debug("Sending response to RSA challenge."); 127 128 /* Send the decrypted challenge back to the server. */ 129 packet_start(SSH_CMSG_AUTH_RSA_RESPONSE); 130 for (i = 0; i < 16; i++) 131 packet_put_char(response[i]); 132 packet_send(); 133 packet_write_wait(); 134 135 /* Wait for response from the server. */ 136 type = packet_read(); 137 138 /* The server returns success if it accepted the authentication. */ 139 if (type == SSH_SMSG_SUCCESS) { 140 ssh_close_authentication_connection(auth); 141 BN_clear_free(challenge); 142 debug("RSA authentication accepted by server."); 143 return 1; 144 } 145 /* Otherwise it should return failure. */ 146 if (type != SSH_SMSG_FAILURE) 147 packet_disconnect("Protocol error waiting RSA auth response: %d", 148 type); 149 } 150 ssh_close_authentication_connection(auth); 151 BN_clear_free(challenge); 152 debug("RSA authentication using agent refused."); 153 return 0; 154} 155 156/* 157 * Computes the proper response to a RSA challenge, and sends the response to 158 * the server. 159 */ 160static void 161respond_to_rsa_challenge(BIGNUM * challenge, RSA * prv) 162{ 163 u_char buf[32], response[16]; 164 MD5_CTX md; 165 int i, len; 166 167 /* Decrypt the challenge using the private key. */ 168 /* XXX think about Bleichenbacher, too */ 169 if (rsa_private_decrypt(challenge, challenge, prv) <= 0) 170 packet_disconnect( 171 "respond_to_rsa_challenge: rsa_private_decrypt failed"); 172 173 /* Compute the response. */ 174 /* The response is MD5 of decrypted challenge plus session id. */ 175 len = BN_num_bytes(challenge); 176 if (len <= 0 || (u_int)len > sizeof(buf)) 177 packet_disconnect( 178 "respond_to_rsa_challenge: bad challenge length %d", len); 179 180 memset(buf, 0, sizeof(buf)); 181 BN_bn2bin(challenge, buf + sizeof(buf) - len); 182 MD5_Init(&md); 183 MD5_Update(&md, buf, 32); 184 MD5_Update(&md, session_id, 16); 185 MD5_Final(response, &md); 186 187 debug("Sending response to host key RSA challenge."); 188 189 /* Send the response back to the server. */ 190 packet_start(SSH_CMSG_AUTH_RSA_RESPONSE); 191 for (i = 0; i < 16; i++) 192 packet_put_char(response[i]); 193 packet_send(); 194 packet_write_wait(); 195 196 memset(buf, 0, sizeof(buf)); 197 memset(response, 0, sizeof(response)); 198 memset(&md, 0, sizeof(md)); 199} 200 201/* 202 * Checks if the user has authentication file, and if so, tries to authenticate 203 * the user using it. 204 */ 205static int 206try_rsa_authentication(int idx) 207{ 208 BIGNUM *challenge; 209 Key *public, *private; 210 char buf[300], *passphrase, *comment, *authfile; 211 int i, perm_ok = 1, type, quit; 212 213 public = options.identity_keys[idx]; 214 authfile = options.identity_files[idx]; 215 comment = xstrdup(authfile); 216 217 debug("Trying RSA authentication with key '%.100s'", comment); 218 219 /* Tell the server that we are willing to authenticate using this key. */ 220 packet_start(SSH_CMSG_AUTH_RSA); 221 packet_put_bignum(public->rsa->n); 222 packet_send(); 223 packet_write_wait(); 224 225 /* Wait for server's response. */ 226 type = packet_read(); 227 228 /* 229 * The server responds with failure if it doesn't like our key or 230 * doesn't support RSA authentication. 231 */ 232 if (type == SSH_SMSG_FAILURE) { 233 debug("Server refused our key."); 234 free(comment); 235 return 0; 236 } 237 /* Otherwise, the server should respond with a challenge. */ 238 if (type != SSH_SMSG_AUTH_RSA_CHALLENGE) 239 packet_disconnect("Protocol error during RSA authentication: %d", type); 240 241 /* Get the challenge from the packet. */ 242 if ((challenge = BN_new()) == NULL) 243 fatal("try_rsa_authentication: BN_new failed"); 244 packet_get_bignum(challenge); 245 packet_check_eom(); 246 247 debug("Received RSA challenge from server."); 248 249 /* 250 * If the key is not stored in external hardware, we have to 251 * load the private key. Try first with empty passphrase; if it 252 * fails, ask for a passphrase. 253 */ 254 if (public->flags & KEY_FLAG_EXT) 255 private = public; 256 else 257 private = key_load_private_type(KEY_RSA1, authfile, "", NULL, 258 &perm_ok); 259 if (private == NULL && !options.batch_mode && perm_ok) { 260 snprintf(buf, sizeof(buf), 261 "Enter passphrase for RSA key '%.100s': ", comment); 262 for (i = 0; i < options.number_of_password_prompts; i++) { 263 passphrase = read_passphrase(buf, 0); 264 if (strcmp(passphrase, "") != 0) { 265 private = key_load_private_type(KEY_RSA1, 266 authfile, passphrase, NULL, NULL); 267 quit = 0; 268 } else { 269 debug2("no passphrase given, try next key"); 270 quit = 1; 271 } 272 memset(passphrase, 0, strlen(passphrase)); 273 free(passphrase); 274 if (private != NULL || quit) 275 break; 276 debug2("bad passphrase given, try again..."); 277 } 278 } 279 /* We no longer need the comment. */ 280 free(comment); 281 282 if (private == NULL) { 283 if (!options.batch_mode && perm_ok) 284 error("Bad passphrase."); 285 286 /* Send a dummy response packet to avoid protocol error. */ 287 packet_start(SSH_CMSG_AUTH_RSA_RESPONSE); 288 for (i = 0; i < 16; i++) 289 packet_put_char(0); 290 packet_send(); 291 packet_write_wait(); 292 293 /* Expect the server to reject it... */ 294 packet_read_expect(SSH_SMSG_FAILURE); 295 BN_clear_free(challenge); 296 return 0; 297 } 298 299 /* Compute and send a response to the challenge. */ 300 respond_to_rsa_challenge(challenge, private->rsa); 301 302 /* Destroy the private key unless it in external hardware. */ 303 if (!(private->flags & KEY_FLAG_EXT)) 304 key_free(private); 305 306 /* We no longer need the challenge. */ 307 BN_clear_free(challenge); 308 309 /* Wait for response from the server. */ 310 type = packet_read(); 311 if (type == SSH_SMSG_SUCCESS) { 312 debug("RSA authentication accepted by server."); 313 return 1; 314 } 315 if (type != SSH_SMSG_FAILURE) 316 packet_disconnect("Protocol error waiting RSA auth response: %d", type); 317 debug("RSA authentication refused."); 318 return 0; 319} 320 321/* 322 * Tries to authenticate the user using combined rhosts or /etc/hosts.equiv 323 * authentication and RSA host authentication. 324 */ 325static int 326try_rhosts_rsa_authentication(const char *local_user, Key * host_key) 327{ 328 int type; 329 BIGNUM *challenge; 330 331 debug("Trying rhosts or /etc/hosts.equiv with RSA host authentication."); 332 333 /* Tell the server that we are willing to authenticate using this key. */ 334 packet_start(SSH_CMSG_AUTH_RHOSTS_RSA); 335 packet_put_cstring(local_user); 336 packet_put_int(BN_num_bits(host_key->rsa->n)); 337 packet_put_bignum(host_key->rsa->e); 338 packet_put_bignum(host_key->rsa->n); 339 packet_send(); 340 packet_write_wait(); 341 342 /* Wait for server's response. */ 343 type = packet_read(); 344 345 /* The server responds with failure if it doesn't admit our 346 .rhosts authentication or doesn't know our host key. */ 347 if (type == SSH_SMSG_FAILURE) { 348 debug("Server refused our rhosts authentication or host key."); 349 return 0; 350 } 351 /* Otherwise, the server should respond with a challenge. */ 352 if (type != SSH_SMSG_AUTH_RSA_CHALLENGE) 353 packet_disconnect("Protocol error during RSA authentication: %d", type); 354 355 /* Get the challenge from the packet. */ 356 if ((challenge = BN_new()) == NULL) 357 fatal("try_rhosts_rsa_authentication: BN_new failed"); 358 packet_get_bignum(challenge); 359 packet_check_eom(); 360 361 debug("Received RSA challenge for host key from server."); 362 363 /* Compute a response to the challenge. */ 364 respond_to_rsa_challenge(challenge, host_key->rsa); 365 366 /* We no longer need the challenge. */ 367 BN_clear_free(challenge); 368 369 /* Wait for response from the server. */ 370 type = packet_read(); 371 if (type == SSH_SMSG_SUCCESS) { 372 debug("Rhosts or /etc/hosts.equiv with RSA host authentication accepted by server."); 373 return 1; 374 } 375 if (type != SSH_SMSG_FAILURE) 376 packet_disconnect("Protocol error waiting RSA auth response: %d", type); 377 debug("Rhosts or /etc/hosts.equiv with RSA host authentication refused."); 378 return 0; 379} 380 381/* 382 * Tries to authenticate with any string-based challenge/response system. 383 * Note that the client code is not tied to s/key or TIS. 384 */ 385static int 386try_challenge_response_authentication(void) 387{ 388 int type, i; 389 u_int clen; 390 char prompt[1024]; 391 char *challenge, *response; 392 393 debug("Doing challenge response authentication."); 394 395 for (i = 0; i < options.number_of_password_prompts; i++) { 396 /* request a challenge */ 397 packet_start(SSH_CMSG_AUTH_TIS); 398 packet_send(); 399 packet_write_wait(); 400 401 type = packet_read(); 402 if (type != SSH_SMSG_FAILURE && 403 type != SSH_SMSG_AUTH_TIS_CHALLENGE) { 404 packet_disconnect("Protocol error: got %d in response " 405 "to SSH_CMSG_AUTH_TIS", type); 406 } 407 if (type != SSH_SMSG_AUTH_TIS_CHALLENGE) { 408 debug("No challenge."); 409 return 0; 410 } 411 challenge = packet_get_string(&clen); 412 packet_check_eom(); 413 snprintf(prompt, sizeof prompt, "%s%s", challenge, 414 strchr(challenge, '\n') ? "" : "\nResponse: "); 415 free(challenge); 416 if (i != 0) 417 error("Permission denied, please try again."); 418 if (options.cipher == SSH_CIPHER_NONE) 419 logit("WARNING: Encryption is disabled! " 420 "Response will be transmitted in clear text."); 421 response = read_passphrase(prompt, 0); 422 if (strcmp(response, "") == 0) { 423 free(response); 424 break; 425 } 426 packet_start(SSH_CMSG_AUTH_TIS_RESPONSE); 427 ssh_put_password(response); 428 memset(response, 0, strlen(response)); 429 free(response); 430 packet_send(); 431 packet_write_wait(); 432 type = packet_read(); 433 if (type == SSH_SMSG_SUCCESS) 434 return 1; 435 if (type != SSH_SMSG_FAILURE) 436 packet_disconnect("Protocol error: got %d in response " 437 "to SSH_CMSG_AUTH_TIS_RESPONSE", type); 438 } 439 /* failure */ 440 return 0; 441} 442 443/* 444 * Tries to authenticate with plain passwd authentication. 445 */ 446static int 447try_password_authentication(char *prompt) 448{ 449 int type, i; 450 char *password; 451 452 debug("Doing password authentication."); 453 if (options.cipher == SSH_CIPHER_NONE) 454 logit("WARNING: Encryption is disabled! Password will be transmitted in clear text."); 455 for (i = 0; i < options.number_of_password_prompts; i++) { 456 if (i != 0) 457 error("Permission denied, please try again."); 458 password = read_passphrase(prompt, 0); 459 packet_start(SSH_CMSG_AUTH_PASSWORD); 460 ssh_put_password(password); 461 memset(password, 0, strlen(password)); 462 free(password); 463 packet_send(); 464 packet_write_wait(); 465 466 type = packet_read(); 467 if (type == SSH_SMSG_SUCCESS) 468 return 1; 469 if (type != SSH_SMSG_FAILURE) 470 packet_disconnect("Protocol error: got %d in response to passwd auth", type); 471 } 472 /* failure */ 473 return 0; 474} 475 476/* 477 * SSH1 key exchange 478 */ 479void 480ssh_kex(char *host, struct sockaddr *hostaddr) 481{ 482 int i; 483 BIGNUM *key; 484 Key *host_key, *server_key; 485 int bits, rbits; 486 int ssh_cipher_default = SSH_CIPHER_3DES; 487 u_char session_key[SSH_SESSION_KEY_LENGTH]; 488 u_char cookie[8]; 489 u_int supported_ciphers; 490 u_int server_flags, client_flags; 491 u_int32_t rnd = 0; 492 493 debug("Waiting for server public key."); 494 495 /* Wait for a public key packet from the server. */ 496 packet_read_expect(SSH_SMSG_PUBLIC_KEY); 497 498 /* Get cookie from the packet. */ 499 for (i = 0; i < 8; i++) 500 cookie[i] = packet_get_char(); 501 502 /* Get the public key. */ 503 server_key = key_new(KEY_RSA1); 504 bits = packet_get_int(); 505 packet_get_bignum(server_key->rsa->e); 506 packet_get_bignum(server_key->rsa->n); 507 508 rbits = BN_num_bits(server_key->rsa->n); 509 if (bits != rbits) { 510 logit("Warning: Server lies about size of server public key: " 511 "actual size is %d bits vs. announced %d.", rbits, bits); 512 logit("Warning: This may be due to an old implementation of ssh."); 513 } 514 /* Get the host key. */ 515 host_key = key_new(KEY_RSA1); 516 bits = packet_get_int(); 517 packet_get_bignum(host_key->rsa->e); 518 packet_get_bignum(host_key->rsa->n); 519 520 rbits = BN_num_bits(host_key->rsa->n); 521 if (bits != rbits) { 522 logit("Warning: Server lies about size of server host key: " 523 "actual size is %d bits vs. announced %d.", rbits, bits); 524 logit("Warning: This may be due to an old implementation of ssh."); 525 } 526 527 /* Get protocol flags. */ 528 server_flags = packet_get_int(); 529 packet_set_protocol_flags(server_flags); 530 531 supported_ciphers = packet_get_int(); 532 supported_authentications = packet_get_int(); 533 packet_check_eom(); 534 535 debug("Received server public key (%d bits) and host key (%d bits).", 536 BN_num_bits(server_key->rsa->n), BN_num_bits(host_key->rsa->n)); 537 538 if (verify_host_key(host, hostaddr, host_key) == -1) 539 fatal("Host key verification failed."); 540 541 client_flags = SSH_PROTOFLAG_SCREEN_NUMBER | SSH_PROTOFLAG_HOST_IN_FWD_OPEN; 542 543 derive_ssh1_session_id(host_key->rsa->n, server_key->rsa->n, cookie, session_id); 544 545 /* 546 * Generate an encryption key for the session. The key is a 256 bit 547 * random number, interpreted as a 32-byte key, with the least 548 * significant 8 bits being the first byte of the key. 549 */ 550 for (i = 0; i < 32; i++) { 551 if (i % 4 == 0) 552 rnd = arc4random(); 553 session_key[i] = rnd & 0xff; 554 rnd >>= 8; 555 } 556 557 /* 558 * According to the protocol spec, the first byte of the session key 559 * is the highest byte of the integer. The session key is xored with 560 * the first 16 bytes of the session id. 561 */ 562 if ((key = BN_new()) == NULL) 563 fatal("ssh_kex: BN_new failed"); 564 if (BN_set_word(key, 0) == 0) 565 fatal("ssh_kex: BN_set_word failed"); 566 for (i = 0; i < SSH_SESSION_KEY_LENGTH; i++) { 567 if (BN_lshift(key, key, 8) == 0) 568 fatal("ssh_kex: BN_lshift failed"); 569 if (i < 16) { 570 if (BN_add_word(key, session_key[i] ^ session_id[i]) 571 == 0) 572 fatal("ssh_kex: BN_add_word failed"); 573 } else { 574 if (BN_add_word(key, session_key[i]) == 0) 575 fatal("ssh_kex: BN_add_word failed"); 576 } 577 } 578 579 /* 580 * Encrypt the integer using the public key and host key of the 581 * server (key with smaller modulus first). 582 */ 583 if (BN_cmp(server_key->rsa->n, host_key->rsa->n) < 0) { 584 /* Public key has smaller modulus. */ 585 if (BN_num_bits(host_key->rsa->n) < 586 BN_num_bits(server_key->rsa->n) + SSH_KEY_BITS_RESERVED) { 587 fatal("respond_to_rsa_challenge: host_key %d < server_key %d + " 588 "SSH_KEY_BITS_RESERVED %d", 589 BN_num_bits(host_key->rsa->n), 590 BN_num_bits(server_key->rsa->n), 591 SSH_KEY_BITS_RESERVED); 592 } 593 rsa_public_encrypt(key, key, server_key->rsa); 594 rsa_public_encrypt(key, key, host_key->rsa); 595 } else { 596 /* Host key has smaller modulus (or they are equal). */ 597 if (BN_num_bits(server_key->rsa->n) < 598 BN_num_bits(host_key->rsa->n) + SSH_KEY_BITS_RESERVED) { 599 fatal("respond_to_rsa_challenge: server_key %d < host_key %d + " 600 "SSH_KEY_BITS_RESERVED %d", 601 BN_num_bits(server_key->rsa->n), 602 BN_num_bits(host_key->rsa->n), 603 SSH_KEY_BITS_RESERVED); 604 } 605 rsa_public_encrypt(key, key, host_key->rsa); 606 rsa_public_encrypt(key, key, server_key->rsa); 607 } 608 609 /* Destroy the public keys since we no longer need them. */ 610 key_free(server_key); 611 key_free(host_key); 612 613 if (options.cipher == SSH_CIPHER_NOT_SET) { 614 if (cipher_mask_ssh1(1) & supported_ciphers & (1 << ssh_cipher_default)) 615 options.cipher = ssh_cipher_default; 616 } else if (options.cipher == SSH_CIPHER_INVALID || 617 !(cipher_mask_ssh1(1) & (1 << options.cipher))) { 618 logit("No valid SSH1 cipher, using %.100s instead.", 619 cipher_name(ssh_cipher_default)); 620 options.cipher = ssh_cipher_default; 621 } 622 /* Check that the selected cipher is supported. */ 623 if (!(supported_ciphers & (1 << options.cipher))) 624 fatal("Selected cipher type %.100s not supported by server.", 625 cipher_name(options.cipher)); 626 627 debug("Encryption type: %.100s", cipher_name(options.cipher)); 628 629 /* Send the encrypted session key to the server. */ 630 packet_start(SSH_CMSG_SESSION_KEY); 631 packet_put_char(options.cipher); 632 633 /* Send the cookie back to the server. */ 634 for (i = 0; i < 8; i++) 635 packet_put_char(cookie[i]); 636 637 /* Send and destroy the encrypted encryption key integer. */ 638 packet_put_bignum(key); 639 BN_clear_free(key); 640 641 /* Send protocol flags. */ 642 packet_put_int(client_flags); 643 644 /* Send the packet now. */ 645 packet_send(); 646 packet_write_wait(); 647 648 debug("Sent encrypted session key."); 649 650 /* Set the encryption key. */ 651 packet_set_encryption_key(session_key, SSH_SESSION_KEY_LENGTH, options.cipher); 652 653 /* We will no longer need the session key here. Destroy any extra copies. */ 654 memset(session_key, 0, sizeof(session_key)); 655 656 /* 657 * Expect a success message from the server. Note that this message 658 * will be received in encrypted form. 659 */ 660 packet_read_expect(SSH_SMSG_SUCCESS); 661 662 debug("Received encrypted confirmation."); 663} 664 665/* 666 * Authenticate user 667 */ 668void 669ssh_userauth1(const char *local_user, const char *server_user, char *host, 670 Sensitive *sensitive) 671{ 672 int i, type; 673 674 if (supported_authentications == 0) 675 fatal("ssh_userauth1: server supports no auth methods"); 676 677 /* Send the name of the user to log in as on the server. */ 678 packet_start(SSH_CMSG_USER); 679 packet_put_cstring(server_user); 680 packet_send(); 681 packet_write_wait(); 682 683 /* 684 * The server should respond with success if no authentication is 685 * needed (the user has no password). Otherwise the server responds 686 * with failure. 687 */ 688 type = packet_read(); 689 690 /* check whether the connection was accepted without authentication. */ 691 if (type == SSH_SMSG_SUCCESS) 692 goto success; 693 if (type != SSH_SMSG_FAILURE) 694 packet_disconnect("Protocol error: got %d in response to SSH_CMSG_USER", type); 695 696 /* 697 * Try .rhosts or /etc/hosts.equiv authentication with RSA host 698 * authentication. 699 */ 700 if ((supported_authentications & (1 << SSH_AUTH_RHOSTS_RSA)) && 701 options.rhosts_rsa_authentication) { 702 for (i = 0; i < sensitive->nkeys; i++) { 703 if (sensitive->keys[i] != NULL && 704 sensitive->keys[i]->type == KEY_RSA1 && 705 try_rhosts_rsa_authentication(local_user, 706 sensitive->keys[i])) 707 goto success; 708 } 709 } 710 /* Try RSA authentication if the server supports it. */ 711 if ((supported_authentications & (1 << SSH_AUTH_RSA)) && 712 options.rsa_authentication) { 713 /* 714 * Try RSA authentication using the authentication agent. The 715 * agent is tried first because no passphrase is needed for 716 * it, whereas identity files may require passphrases. 717 */ 718 if (try_agent_authentication()) 719 goto success; 720 721 /* Try RSA authentication for each identity. */ 722 for (i = 0; i < options.num_identity_files; i++) 723 if (options.identity_keys[i] != NULL && 724 options.identity_keys[i]->type == KEY_RSA1 && 725 try_rsa_authentication(i)) 726 goto success; 727 } 728 /* Try challenge response authentication if the server supports it. */ 729 if ((supported_authentications & (1 << SSH_AUTH_TIS)) && 730 options.challenge_response_authentication && !options.batch_mode) { 731 if (try_challenge_response_authentication()) 732 goto success; 733 } 734 /* Try password authentication if the server supports it. */ 735 if ((supported_authentications & (1 << SSH_AUTH_PASSWORD)) && 736 options.password_authentication && !options.batch_mode) { 737 char prompt[80]; 738 739 snprintf(prompt, sizeof(prompt), "%.30s@%.128s's password: ", 740 server_user, host); 741 if (try_password_authentication(prompt)) 742 goto success; 743 } 744 /* All authentication methods have failed. Exit with an error message. */ 745 fatal("Permission denied."); 746 /* NOTREACHED */ 747 748 success: 749 return; /* need statement after label */ 750} 751