sshconnect1.c revision 124211
1/* 2 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * All rights reserved 5 * Code to connect to a remote host, and to perform the client side of the 6 * login (authentication) dialog. 7 * 8 * As far as I am concerned, the code I have written for this software 9 * can be used freely for any purpose. Any derived versions of this 10 * software must be clearly marked as such, and if the derived work is 11 * incompatible with the protocol description in the RFC file, it must be 12 * called by a name other than "ssh" or "Secure Shell". 13 */ 14 15#include "includes.h" 16RCSID("$OpenBSD: sshconnect1.c,v 1.56 2003/08/28 12:54:34 markus Exp $"); 17 18#include <openssl/bn.h> 19#include <openssl/md5.h> 20 21#include "ssh.h" 22#include "ssh1.h" 23#include "xmalloc.h" 24#include "rsa.h" 25#include "buffer.h" 26#include "packet.h" 27#include "mpaux.h" 28#include "uidswap.h" 29#include "log.h" 30#include "readconf.h" 31#include "key.h" 32#include "authfd.h" 33#include "sshconnect.h" 34#include "authfile.h" 35#include "readpass.h" 36#include "cipher.h" 37#include "canohost.h" 38#include "auth.h" 39 40/* Session id for the current session. */ 41u_char session_id[16]; 42u_int supported_authentications = 0; 43 44extern Options options; 45extern char *__progname; 46 47/* 48 * Checks if the user has an authentication agent, and if so, tries to 49 * authenticate using the agent. 50 */ 51static int 52try_agent_authentication(void) 53{ 54 int type; 55 char *comment; 56 AuthenticationConnection *auth; 57 u_char response[16]; 58 u_int i; 59 Key *key; 60 BIGNUM *challenge; 61 62 /* Get connection to the agent. */ 63 auth = ssh_get_authentication_connection(); 64 if (!auth) 65 return 0; 66 67 if ((challenge = BN_new()) == NULL) 68 fatal("try_agent_authentication: BN_new failed"); 69 /* Loop through identities served by the agent. */ 70 for (key = ssh_get_first_identity(auth, &comment, 1); 71 key != NULL; 72 key = ssh_get_next_identity(auth, &comment, 1)) { 73 74 /* Try this identity. */ 75 debug("Trying RSA authentication via agent with '%.100s'", comment); 76 xfree(comment); 77 78 /* Tell the server that we are willing to authenticate using this key. */ 79 packet_start(SSH_CMSG_AUTH_RSA); 80 packet_put_bignum(key->rsa->n); 81 packet_send(); 82 packet_write_wait(); 83 84 /* Wait for server's response. */ 85 type = packet_read(); 86 87 /* The server sends failure if it doesn\'t like our key or 88 does not support RSA authentication. */ 89 if (type == SSH_SMSG_FAILURE) { 90 debug("Server refused our key."); 91 key_free(key); 92 continue; 93 } 94 /* Otherwise it should have sent a challenge. */ 95 if (type != SSH_SMSG_AUTH_RSA_CHALLENGE) 96 packet_disconnect("Protocol error during RSA authentication: %d", 97 type); 98 99 packet_get_bignum(challenge); 100 packet_check_eom(); 101 102 debug("Received RSA challenge from server."); 103 104 /* Ask the agent to decrypt the challenge. */ 105 if (!ssh_decrypt_challenge(auth, key, challenge, session_id, 1, response)) { 106 /* 107 * The agent failed to authenticate this identifier 108 * although it advertised it supports this. Just 109 * return a wrong value. 110 */ 111 logit("Authentication agent failed to decrypt challenge."); 112 memset(response, 0, sizeof(response)); 113 } 114 key_free(key); 115 debug("Sending response to RSA challenge."); 116 117 /* Send the decrypted challenge back to the server. */ 118 packet_start(SSH_CMSG_AUTH_RSA_RESPONSE); 119 for (i = 0; i < 16; i++) 120 packet_put_char(response[i]); 121 packet_send(); 122 packet_write_wait(); 123 124 /* Wait for response from the server. */ 125 type = packet_read(); 126 127 /* The server returns success if it accepted the authentication. */ 128 if (type == SSH_SMSG_SUCCESS) { 129 ssh_close_authentication_connection(auth); 130 BN_clear_free(challenge); 131 debug("RSA authentication accepted by server."); 132 return 1; 133 } 134 /* Otherwise it should return failure. */ 135 if (type != SSH_SMSG_FAILURE) 136 packet_disconnect("Protocol error waiting RSA auth response: %d", 137 type); 138 } 139 ssh_close_authentication_connection(auth); 140 BN_clear_free(challenge); 141 debug("RSA authentication using agent refused."); 142 return 0; 143} 144 145/* 146 * Computes the proper response to a RSA challenge, and sends the response to 147 * the server. 148 */ 149static void 150respond_to_rsa_challenge(BIGNUM * challenge, RSA * prv) 151{ 152 u_char buf[32], response[16]; 153 MD5_CTX md; 154 int i, len; 155 156 /* Decrypt the challenge using the private key. */ 157 /* XXX think about Bleichenbacher, too */ 158 if (rsa_private_decrypt(challenge, challenge, prv) <= 0) 159 packet_disconnect( 160 "respond_to_rsa_challenge: rsa_private_decrypt failed"); 161 162 /* Compute the response. */ 163 /* The response is MD5 of decrypted challenge plus session id. */ 164 len = BN_num_bytes(challenge); 165 if (len <= 0 || len > sizeof(buf)) 166 packet_disconnect( 167 "respond_to_rsa_challenge: bad challenge length %d", len); 168 169 memset(buf, 0, sizeof(buf)); 170 BN_bn2bin(challenge, buf + sizeof(buf) - len); 171 MD5_Init(&md); 172 MD5_Update(&md, buf, 32); 173 MD5_Update(&md, session_id, 16); 174 MD5_Final(response, &md); 175 176 debug("Sending response to host key RSA challenge."); 177 178 /* Send the response back to the server. */ 179 packet_start(SSH_CMSG_AUTH_RSA_RESPONSE); 180 for (i = 0; i < 16; i++) 181 packet_put_char(response[i]); 182 packet_send(); 183 packet_write_wait(); 184 185 memset(buf, 0, sizeof(buf)); 186 memset(response, 0, sizeof(response)); 187 memset(&md, 0, sizeof(md)); 188} 189 190/* 191 * Checks if the user has authentication file, and if so, tries to authenticate 192 * the user using it. 193 */ 194static int 195try_rsa_authentication(int idx) 196{ 197 BIGNUM *challenge; 198 Key *public, *private; 199 char buf[300], *passphrase, *comment, *authfile; 200 int i, type, quit; 201 202 public = options.identity_keys[idx]; 203 authfile = options.identity_files[idx]; 204 comment = xstrdup(authfile); 205 206 debug("Trying RSA authentication with key '%.100s'", comment); 207 208 /* Tell the server that we are willing to authenticate using this key. */ 209 packet_start(SSH_CMSG_AUTH_RSA); 210 packet_put_bignum(public->rsa->n); 211 packet_send(); 212 packet_write_wait(); 213 214 /* Wait for server's response. */ 215 type = packet_read(); 216 217 /* 218 * The server responds with failure if it doesn\'t like our key or 219 * doesn\'t support RSA authentication. 220 */ 221 if (type == SSH_SMSG_FAILURE) { 222 debug("Server refused our key."); 223 xfree(comment); 224 return 0; 225 } 226 /* Otherwise, the server should respond with a challenge. */ 227 if (type != SSH_SMSG_AUTH_RSA_CHALLENGE) 228 packet_disconnect("Protocol error during RSA authentication: %d", type); 229 230 /* Get the challenge from the packet. */ 231 if ((challenge = BN_new()) == NULL) 232 fatal("try_rsa_authentication: BN_new failed"); 233 packet_get_bignum(challenge); 234 packet_check_eom(); 235 236 debug("Received RSA challenge from server."); 237 238 /* 239 * If the key is not stored in external hardware, we have to 240 * load the private key. Try first with empty passphrase; if it 241 * fails, ask for a passphrase. 242 */ 243 if (public->flags & KEY_FLAG_EXT) 244 private = public; 245 else 246 private = key_load_private_type(KEY_RSA1, authfile, "", NULL); 247 if (private == NULL && !options.batch_mode) { 248 snprintf(buf, sizeof(buf), 249 "Enter passphrase for RSA key '%.100s': ", comment); 250 for (i = 0; i < options.number_of_password_prompts; i++) { 251 passphrase = read_passphrase(buf, 0); 252 if (strcmp(passphrase, "") != 0) { 253 private = key_load_private_type(KEY_RSA1, 254 authfile, passphrase, NULL); 255 quit = 0; 256 } else { 257 debug2("no passphrase given, try next key"); 258 quit = 1; 259 } 260 memset(passphrase, 0, strlen(passphrase)); 261 xfree(passphrase); 262 if (private != NULL || quit) 263 break; 264 debug2("bad passphrase given, try again..."); 265 } 266 } 267 /* We no longer need the comment. */ 268 xfree(comment); 269 270 if (private == NULL) { 271 if (!options.batch_mode) 272 error("Bad passphrase."); 273 274 /* Send a dummy response packet to avoid protocol error. */ 275 packet_start(SSH_CMSG_AUTH_RSA_RESPONSE); 276 for (i = 0; i < 16; i++) 277 packet_put_char(0); 278 packet_send(); 279 packet_write_wait(); 280 281 /* Expect the server to reject it... */ 282 packet_read_expect(SSH_SMSG_FAILURE); 283 BN_clear_free(challenge); 284 return 0; 285 } 286 287 /* Compute and send a response to the challenge. */ 288 respond_to_rsa_challenge(challenge, private->rsa); 289 290 /* Destroy the private key unless it in external hardware. */ 291 if (!(private->flags & KEY_FLAG_EXT)) 292 key_free(private); 293 294 /* We no longer need the challenge. */ 295 BN_clear_free(challenge); 296 297 /* Wait for response from the server. */ 298 type = packet_read(); 299 if (type == SSH_SMSG_SUCCESS) { 300 debug("RSA authentication accepted by server."); 301 return 1; 302 } 303 if (type != SSH_SMSG_FAILURE) 304 packet_disconnect("Protocol error waiting RSA auth response: %d", type); 305 debug("RSA authentication refused."); 306 return 0; 307} 308 309/* 310 * Tries to authenticate the user using combined rhosts or /etc/hosts.equiv 311 * authentication and RSA host authentication. 312 */ 313static int 314try_rhosts_rsa_authentication(const char *local_user, Key * host_key) 315{ 316 int type; 317 BIGNUM *challenge; 318 319 debug("Trying rhosts or /etc/hosts.equiv with RSA host authentication."); 320 321 /* Tell the server that we are willing to authenticate using this key. */ 322 packet_start(SSH_CMSG_AUTH_RHOSTS_RSA); 323 packet_put_cstring(local_user); 324 packet_put_int(BN_num_bits(host_key->rsa->n)); 325 packet_put_bignum(host_key->rsa->e); 326 packet_put_bignum(host_key->rsa->n); 327 packet_send(); 328 packet_write_wait(); 329 330 /* Wait for server's response. */ 331 type = packet_read(); 332 333 /* The server responds with failure if it doesn't admit our 334 .rhosts authentication or doesn't know our host key. */ 335 if (type == SSH_SMSG_FAILURE) { 336 debug("Server refused our rhosts authentication or host key."); 337 return 0; 338 } 339 /* Otherwise, the server should respond with a challenge. */ 340 if (type != SSH_SMSG_AUTH_RSA_CHALLENGE) 341 packet_disconnect("Protocol error during RSA authentication: %d", type); 342 343 /* Get the challenge from the packet. */ 344 if ((challenge = BN_new()) == NULL) 345 fatal("try_rhosts_rsa_authentication: BN_new failed"); 346 packet_get_bignum(challenge); 347 packet_check_eom(); 348 349 debug("Received RSA challenge for host key from server."); 350 351 /* Compute a response to the challenge. */ 352 respond_to_rsa_challenge(challenge, host_key->rsa); 353 354 /* We no longer need the challenge. */ 355 BN_clear_free(challenge); 356 357 /* Wait for response from the server. */ 358 type = packet_read(); 359 if (type == SSH_SMSG_SUCCESS) { 360 debug("Rhosts or /etc/hosts.equiv with RSA host authentication accepted by server."); 361 return 1; 362 } 363 if (type != SSH_SMSG_FAILURE) 364 packet_disconnect("Protocol error waiting RSA auth response: %d", type); 365 debug("Rhosts or /etc/hosts.equiv with RSA host authentication refused."); 366 return 0; 367} 368 369/* 370 * Tries to authenticate with any string-based challenge/response system. 371 * Note that the client code is not tied to s/key or TIS. 372 */ 373static int 374try_challenge_response_authentication(void) 375{ 376 int type, i; 377 u_int clen; 378 char prompt[1024]; 379 char *challenge, *response; 380 381 debug("Doing challenge response authentication."); 382 383 for (i = 0; i < options.number_of_password_prompts; i++) { 384 /* request a challenge */ 385 packet_start(SSH_CMSG_AUTH_TIS); 386 packet_send(); 387 packet_write_wait(); 388 389 type = packet_read(); 390 if (type != SSH_SMSG_FAILURE && 391 type != SSH_SMSG_AUTH_TIS_CHALLENGE) { 392 packet_disconnect("Protocol error: got %d in response " 393 "to SSH_CMSG_AUTH_TIS", type); 394 } 395 if (type != SSH_SMSG_AUTH_TIS_CHALLENGE) { 396 debug("No challenge."); 397 return 0; 398 } 399 challenge = packet_get_string(&clen); 400 packet_check_eom(); 401 snprintf(prompt, sizeof prompt, "%s%s", challenge, 402 strchr(challenge, '\n') ? "" : "\nResponse: "); 403 xfree(challenge); 404 if (i != 0) 405 error("Permission denied, please try again."); 406 if (options.cipher == SSH_CIPHER_NONE) 407 logit("WARNING: Encryption is disabled! " 408 "Response will be transmitted in clear text."); 409 response = read_passphrase(prompt, 0); 410 if (strcmp(response, "") == 0) { 411 xfree(response); 412 break; 413 } 414 packet_start(SSH_CMSG_AUTH_TIS_RESPONSE); 415 ssh_put_password(response); 416 memset(response, 0, strlen(response)); 417 xfree(response); 418 packet_send(); 419 packet_write_wait(); 420 type = packet_read(); 421 if (type == SSH_SMSG_SUCCESS) 422 return 1; 423 if (type != SSH_SMSG_FAILURE) 424 packet_disconnect("Protocol error: got %d in response " 425 "to SSH_CMSG_AUTH_TIS_RESPONSE", type); 426 } 427 /* failure */ 428 return 0; 429} 430 431/* 432 * Tries to authenticate with plain passwd authentication. 433 */ 434static int 435try_password_authentication(char *prompt) 436{ 437 int type, i; 438 char *password; 439 440 debug("Doing password authentication."); 441 if (options.cipher == SSH_CIPHER_NONE) 442 logit("WARNING: Encryption is disabled! Password will be transmitted in clear text."); 443 for (i = 0; i < options.number_of_password_prompts; i++) { 444 if (i != 0) 445 error("Permission denied, please try again."); 446 password = read_passphrase(prompt, 0); 447 packet_start(SSH_CMSG_AUTH_PASSWORD); 448 ssh_put_password(password); 449 memset(password, 0, strlen(password)); 450 xfree(password); 451 packet_send(); 452 packet_write_wait(); 453 454 type = packet_read(); 455 if (type == SSH_SMSG_SUCCESS) 456 return 1; 457 if (type != SSH_SMSG_FAILURE) 458 packet_disconnect("Protocol error: got %d in response to passwd auth", type); 459 } 460 /* failure */ 461 return 0; 462} 463 464/* 465 * SSH1 key exchange 466 */ 467void 468ssh_kex(char *host, struct sockaddr *hostaddr) 469{ 470 int i; 471 BIGNUM *key; 472 Key *host_key, *server_key; 473 int bits, rbits; 474 int ssh_cipher_default = SSH_CIPHER_3DES; 475 u_char session_key[SSH_SESSION_KEY_LENGTH]; 476 u_char cookie[8]; 477 u_int supported_ciphers; 478 u_int server_flags, client_flags; 479 u_int32_t rand = 0; 480 481 debug("Waiting for server public key."); 482 483 /* Wait for a public key packet from the server. */ 484 packet_read_expect(SSH_SMSG_PUBLIC_KEY); 485 486 /* Get cookie from the packet. */ 487 for (i = 0; i < 8; i++) 488 cookie[i] = packet_get_char(); 489 490 /* Get the public key. */ 491 server_key = key_new(KEY_RSA1); 492 bits = packet_get_int(); 493 packet_get_bignum(server_key->rsa->e); 494 packet_get_bignum(server_key->rsa->n); 495 496 rbits = BN_num_bits(server_key->rsa->n); 497 if (bits != rbits) { 498 logit("Warning: Server lies about size of server public key: " 499 "actual size is %d bits vs. announced %d.", rbits, bits); 500 logit("Warning: This may be due to an old implementation of ssh."); 501 } 502 /* Get the host key. */ 503 host_key = key_new(KEY_RSA1); 504 bits = packet_get_int(); 505 packet_get_bignum(host_key->rsa->e); 506 packet_get_bignum(host_key->rsa->n); 507 508 rbits = BN_num_bits(host_key->rsa->n); 509 if (bits != rbits) { 510 logit("Warning: Server lies about size of server host key: " 511 "actual size is %d bits vs. announced %d.", rbits, bits); 512 logit("Warning: This may be due to an old implementation of ssh."); 513 } 514 515 /* Get protocol flags. */ 516 server_flags = packet_get_int(); 517 packet_set_protocol_flags(server_flags); 518 519 supported_ciphers = packet_get_int(); 520 supported_authentications = packet_get_int(); 521 packet_check_eom(); 522 523 debug("Received server public key (%d bits) and host key (%d bits).", 524 BN_num_bits(server_key->rsa->n), BN_num_bits(host_key->rsa->n)); 525 526 if (verify_host_key(host, hostaddr, host_key) == -1) 527 fatal("Host key verification failed."); 528 529 client_flags = SSH_PROTOFLAG_SCREEN_NUMBER | SSH_PROTOFLAG_HOST_IN_FWD_OPEN; 530 531 compute_session_id(session_id, cookie, host_key->rsa->n, server_key->rsa->n); 532 533 /* Generate a session key. */ 534 arc4random_stir(); 535 536 /* 537 * Generate an encryption key for the session. The key is a 256 bit 538 * random number, interpreted as a 32-byte key, with the least 539 * significant 8 bits being the first byte of the key. 540 */ 541 for (i = 0; i < 32; i++) { 542 if (i % 4 == 0) 543 rand = arc4random(); 544 session_key[i] = rand & 0xff; 545 rand >>= 8; 546 } 547 548 /* 549 * According to the protocol spec, the first byte of the session key 550 * is the highest byte of the integer. The session key is xored with 551 * the first 16 bytes of the session id. 552 */ 553 if ((key = BN_new()) == NULL) 554 fatal("respond_to_rsa_challenge: BN_new failed"); 555 BN_set_word(key, 0); 556 for (i = 0; i < SSH_SESSION_KEY_LENGTH; i++) { 557 BN_lshift(key, key, 8); 558 if (i < 16) 559 BN_add_word(key, session_key[i] ^ session_id[i]); 560 else 561 BN_add_word(key, session_key[i]); 562 } 563 564 /* 565 * Encrypt the integer using the public key and host key of the 566 * server (key with smaller modulus first). 567 */ 568 if (BN_cmp(server_key->rsa->n, host_key->rsa->n) < 0) { 569 /* Public key has smaller modulus. */ 570 if (BN_num_bits(host_key->rsa->n) < 571 BN_num_bits(server_key->rsa->n) + SSH_KEY_BITS_RESERVED) { 572 fatal("respond_to_rsa_challenge: host_key %d < server_key %d + " 573 "SSH_KEY_BITS_RESERVED %d", 574 BN_num_bits(host_key->rsa->n), 575 BN_num_bits(server_key->rsa->n), 576 SSH_KEY_BITS_RESERVED); 577 } 578 rsa_public_encrypt(key, key, server_key->rsa); 579 rsa_public_encrypt(key, key, host_key->rsa); 580 } else { 581 /* Host key has smaller modulus (or they are equal). */ 582 if (BN_num_bits(server_key->rsa->n) < 583 BN_num_bits(host_key->rsa->n) + SSH_KEY_BITS_RESERVED) { 584 fatal("respond_to_rsa_challenge: server_key %d < host_key %d + " 585 "SSH_KEY_BITS_RESERVED %d", 586 BN_num_bits(server_key->rsa->n), 587 BN_num_bits(host_key->rsa->n), 588 SSH_KEY_BITS_RESERVED); 589 } 590 rsa_public_encrypt(key, key, host_key->rsa); 591 rsa_public_encrypt(key, key, server_key->rsa); 592 } 593 594 /* Destroy the public keys since we no longer need them. */ 595 key_free(server_key); 596 key_free(host_key); 597 598 if (options.cipher == SSH_CIPHER_NOT_SET) { 599 if (cipher_mask_ssh1(1) & supported_ciphers & (1 << ssh_cipher_default)) 600 options.cipher = ssh_cipher_default; 601 } else if (options.cipher == SSH_CIPHER_ILLEGAL || 602 !(cipher_mask_ssh1(1) & (1 << options.cipher))) { 603 logit("No valid SSH1 cipher, using %.100s instead.", 604 cipher_name(ssh_cipher_default)); 605 options.cipher = ssh_cipher_default; 606 } 607 /* Check that the selected cipher is supported. */ 608 if (!(supported_ciphers & (1 << options.cipher))) 609 fatal("Selected cipher type %.100s not supported by server.", 610 cipher_name(options.cipher)); 611 612 debug("Encryption type: %.100s", cipher_name(options.cipher)); 613 614 /* Send the encrypted session key to the server. */ 615 packet_start(SSH_CMSG_SESSION_KEY); 616 packet_put_char(options.cipher); 617 618 /* Send the cookie back to the server. */ 619 for (i = 0; i < 8; i++) 620 packet_put_char(cookie[i]); 621 622 /* Send and destroy the encrypted encryption key integer. */ 623 packet_put_bignum(key); 624 BN_clear_free(key); 625 626 /* Send protocol flags. */ 627 packet_put_int(client_flags); 628 629 /* Send the packet now. */ 630 packet_send(); 631 packet_write_wait(); 632 633 debug("Sent encrypted session key."); 634 635 /* Set the encryption key. */ 636 packet_set_encryption_key(session_key, SSH_SESSION_KEY_LENGTH, options.cipher); 637 638 /* We will no longer need the session key here. Destroy any extra copies. */ 639 memset(session_key, 0, sizeof(session_key)); 640 641 /* 642 * Expect a success message from the server. Note that this message 643 * will be received in encrypted form. 644 */ 645 packet_read_expect(SSH_SMSG_SUCCESS); 646 647 debug("Received encrypted confirmation."); 648} 649 650/* 651 * Authenticate user 652 */ 653void 654ssh_userauth1(const char *local_user, const char *server_user, char *host, 655 Sensitive *sensitive) 656{ 657 int i, type; 658 659 if (supported_authentications == 0) 660 fatal("ssh_userauth1: server supports no auth methods"); 661 662 /* Send the name of the user to log in as on the server. */ 663 packet_start(SSH_CMSG_USER); 664 packet_put_cstring(server_user); 665 packet_send(); 666 packet_write_wait(); 667 668 /* 669 * The server should respond with success if no authentication is 670 * needed (the user has no password). Otherwise the server responds 671 * with failure. 672 */ 673 type = packet_read(); 674 675 /* check whether the connection was accepted without authentication. */ 676 if (type == SSH_SMSG_SUCCESS) 677 goto success; 678 if (type != SSH_SMSG_FAILURE) 679 packet_disconnect("Protocol error: got %d in response to SSH_CMSG_USER", type); 680 681 /* 682 * Try .rhosts or /etc/hosts.equiv authentication with RSA host 683 * authentication. 684 */ 685 if ((supported_authentications & (1 << SSH_AUTH_RHOSTS_RSA)) && 686 options.rhosts_rsa_authentication) { 687 for (i = 0; i < sensitive->nkeys; i++) { 688 if (sensitive->keys[i] != NULL && 689 sensitive->keys[i]->type == KEY_RSA1 && 690 try_rhosts_rsa_authentication(local_user, 691 sensitive->keys[i])) 692 goto success; 693 } 694 } 695 /* Try RSA authentication if the server supports it. */ 696 if ((supported_authentications & (1 << SSH_AUTH_RSA)) && 697 options.rsa_authentication) { 698 /* 699 * Try RSA authentication using the authentication agent. The 700 * agent is tried first because no passphrase is needed for 701 * it, whereas identity files may require passphrases. 702 */ 703 if (try_agent_authentication()) 704 goto success; 705 706 /* Try RSA authentication for each identity. */ 707 for (i = 0; i < options.num_identity_files; i++) 708 if (options.identity_keys[i] != NULL && 709 options.identity_keys[i]->type == KEY_RSA1 && 710 try_rsa_authentication(i)) 711 goto success; 712 } 713 /* Try challenge response authentication if the server supports it. */ 714 if ((supported_authentications & (1 << SSH_AUTH_TIS)) && 715 options.challenge_response_authentication && !options.batch_mode) { 716 if (try_challenge_response_authentication()) 717 goto success; 718 } 719 /* Try password authentication if the server supports it. */ 720 if ((supported_authentications & (1 << SSH_AUTH_PASSWORD)) && 721 options.password_authentication && !options.batch_mode) { 722 char prompt[80]; 723 724 snprintf(prompt, sizeof(prompt), "%.30s@%.128s's password: ", 725 server_user, host); 726 if (try_password_authentication(prompt)) 727 goto success; 728 } 729 /* All authentication methods have failed. Exit with an error message. */ 730 fatal("Permission denied."); 731 /* NOTREACHED */ 732 733 success: 734 return; /* need statement after label */ 735} 736