sshconnect1.c revision 124211 
1/*
2 * Author: Tatu Ylonen <ylo@cs.hut.fi>
3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
4 *                    All rights reserved
5 * Code to connect to a remote host, and to perform the client side of the
6 * login (authentication) dialog.
7 *
8 * As far as I am concerned, the code I have written for this software
9 * can be used freely for any purpose.  Any derived versions of this
10 * software must be clearly marked as such, and if the derived work is
11 * incompatible with the protocol description in the RFC file, it must be
12 * called by a name other than "ssh" or "Secure Shell".
13 */
14
15#include "includes.h"
16RCSID("$OpenBSD: sshconnect1.c,v 1.56 2003/08/28 12:54:34 markus Exp $");
17
18#include <openssl/bn.h>
19#include <openssl/md5.h>
20
21#include "ssh.h"
22#include "ssh1.h"
23#include "xmalloc.h"
24#include "rsa.h"
25#include "buffer.h"
26#include "packet.h"
27#include "mpaux.h"
28#include "uidswap.h"
29#include "log.h"
30#include "readconf.h"
31#include "key.h"
32#include "authfd.h"
33#include "sshconnect.h"
34#include "authfile.h"
35#include "readpass.h"
36#include "cipher.h"
37#include "canohost.h"
38#include "auth.h"
39
40/* Session id for the current session. */
41u_char session_id[16];
42u_int supported_authentications = 0;
43
44extern Options options;
45extern char *__progname;
46
47/*
48 * Checks if the user has an authentication agent, and if so, tries to
49 * authenticate using the agent.
50 */
51static int
52try_agent_authentication(void)
53{
54	int type;
55	char *comment;
56	AuthenticationConnection *auth;
57	u_char response[16];
58	u_int i;
59	Key *key;
60	BIGNUM *challenge;
61
62	/* Get connection to the agent. */
63	auth = ssh_get_authentication_connection();
64	if (!auth)
65		return 0;
66
67	if ((challenge = BN_new()) == NULL)
68		fatal("try_agent_authentication: BN_new failed");
69	/* Loop through identities served by the agent. */
70	for (key = ssh_get_first_identity(auth, &comment, 1);
71	    key != NULL;
72	    key = ssh_get_next_identity(auth, &comment, 1)) {
73
74		/* Try this identity. */
75		debug("Trying RSA authentication via agent with '%.100s'", comment);
76		xfree(comment);
77
78		/* Tell the server that we are willing to authenticate using this key. */
79		packet_start(SSH_CMSG_AUTH_RSA);
80		packet_put_bignum(key->rsa->n);
81		packet_send();
82		packet_write_wait();
83
84		/* Wait for server's response. */
85		type = packet_read();
86
87		/* The server sends failure if it doesn\'t like our key or
88		   does not support RSA authentication. */
89		if (type == SSH_SMSG_FAILURE) {
90			debug("Server refused our key.");
91			key_free(key);
92			continue;
93		}
94		/* Otherwise it should have sent a challenge. */
95		if (type != SSH_SMSG_AUTH_RSA_CHALLENGE)
96			packet_disconnect("Protocol error during RSA authentication: %d",
97					  type);
98
99		packet_get_bignum(challenge);
100		packet_check_eom();
101
102		debug("Received RSA challenge from server.");
103
104		/* Ask the agent to decrypt the challenge. */
105		if (!ssh_decrypt_challenge(auth, key, challenge, session_id, 1, response)) {
106			/*
107			 * The agent failed to authenticate this identifier
108			 * although it advertised it supports this.  Just
109			 * return a wrong value.
110			 */
111			logit("Authentication agent failed to decrypt challenge.");
112			memset(response, 0, sizeof(response));
113		}
114		key_free(key);
115		debug("Sending response to RSA challenge.");
116
117		/* Send the decrypted challenge back to the server. */
118		packet_start(SSH_CMSG_AUTH_RSA_RESPONSE);
119		for (i = 0; i < 16; i++)
120			packet_put_char(response[i]);
121		packet_send();
122		packet_write_wait();
123
124		/* Wait for response from the server. */
125		type = packet_read();
126
127		/* The server returns success if it accepted the authentication. */
128		if (type == SSH_SMSG_SUCCESS) {
129			ssh_close_authentication_connection(auth);
130			BN_clear_free(challenge);
131			debug("RSA authentication accepted by server.");
132			return 1;
133		}
134		/* Otherwise it should return failure. */
135		if (type != SSH_SMSG_FAILURE)
136			packet_disconnect("Protocol error waiting RSA auth response: %d",
137					  type);
138	}
139	ssh_close_authentication_connection(auth);
140	BN_clear_free(challenge);
141	debug("RSA authentication using agent refused.");
142	return 0;
143}
144
145/*
146 * Computes the proper response to a RSA challenge, and sends the response to
147 * the server.
148 */
149static void
150respond_to_rsa_challenge(BIGNUM * challenge, RSA * prv)
151{
152	u_char buf[32], response[16];
153	MD5_CTX md;
154	int i, len;
155
156	/* Decrypt the challenge using the private key. */
157	/* XXX think about Bleichenbacher, too */
158	if (rsa_private_decrypt(challenge, challenge, prv) <= 0)
159		packet_disconnect(
160		    "respond_to_rsa_challenge: rsa_private_decrypt failed");
161
162	/* Compute the response. */
163	/* The response is MD5 of decrypted challenge plus session id. */
164	len = BN_num_bytes(challenge);
165	if (len <= 0 || len > sizeof(buf))
166		packet_disconnect(
167		    "respond_to_rsa_challenge: bad challenge length %d", len);
168
169	memset(buf, 0, sizeof(buf));
170	BN_bn2bin(challenge, buf + sizeof(buf) - len);
171	MD5_Init(&md);
172	MD5_Update(&md, buf, 32);
173	MD5_Update(&md, session_id, 16);
174	MD5_Final(response, &md);
175
176	debug("Sending response to host key RSA challenge.");
177
178	/* Send the response back to the server. */
179	packet_start(SSH_CMSG_AUTH_RSA_RESPONSE);
180	for (i = 0; i < 16; i++)
181		packet_put_char(response[i]);
182	packet_send();
183	packet_write_wait();
184
185	memset(buf, 0, sizeof(buf));
186	memset(response, 0, sizeof(response));
187	memset(&md, 0, sizeof(md));
188}
189
190/*
191 * Checks if the user has authentication file, and if so, tries to authenticate
192 * the user using it.
193 */
194static int
195try_rsa_authentication(int idx)
196{
197	BIGNUM *challenge;
198	Key *public, *private;
199	char buf[300], *passphrase, *comment, *authfile;
200	int i, type, quit;
201
202	public = options.identity_keys[idx];
203	authfile = options.identity_files[idx];
204	comment = xstrdup(authfile);
205
206	debug("Trying RSA authentication with key '%.100s'", comment);
207
208	/* Tell the server that we are willing to authenticate using this key. */
209	packet_start(SSH_CMSG_AUTH_RSA);
210	packet_put_bignum(public->rsa->n);
211	packet_send();
212	packet_write_wait();
213
214	/* Wait for server's response. */
215	type = packet_read();
216
217	/*
218	 * The server responds with failure if it doesn\'t like our key or
219	 * doesn\'t support RSA authentication.
220	 */
221	if (type == SSH_SMSG_FAILURE) {
222		debug("Server refused our key.");
223		xfree(comment);
224		return 0;
225	}
226	/* Otherwise, the server should respond with a challenge. */
227	if (type != SSH_SMSG_AUTH_RSA_CHALLENGE)
228		packet_disconnect("Protocol error during RSA authentication: %d", type);
229
230	/* Get the challenge from the packet. */
231	if ((challenge = BN_new()) == NULL)
232		fatal("try_rsa_authentication: BN_new failed");
233	packet_get_bignum(challenge);
234	packet_check_eom();
235
236	debug("Received RSA challenge from server.");
237
238	/*
239	 * If the key is not stored in external hardware, we have to
240	 * load the private key.  Try first with empty passphrase; if it
241	 * fails, ask for a passphrase.
242	 */
243	if (public->flags & KEY_FLAG_EXT)
244		private = public;
245	else
246		private = key_load_private_type(KEY_RSA1, authfile, "", NULL);
247	if (private == NULL && !options.batch_mode) {
248		snprintf(buf, sizeof(buf),
249		    "Enter passphrase for RSA key '%.100s': ", comment);
250		for (i = 0; i < options.number_of_password_prompts; i++) {
251			passphrase = read_passphrase(buf, 0);
252			if (strcmp(passphrase, "") != 0) {
253				private = key_load_private_type(KEY_RSA1,
254				    authfile, passphrase, NULL);
255				quit = 0;
256			} else {
257				debug2("no passphrase given, try next key");
258				quit = 1;
259			}
260			memset(passphrase, 0, strlen(passphrase));
261			xfree(passphrase);
262			if (private != NULL || quit)
263				break;
264			debug2("bad passphrase given, try again...");
265		}
266	}
267	/* We no longer need the comment. */
268	xfree(comment);
269
270	if (private == NULL) {
271		if (!options.batch_mode)
272			error("Bad passphrase.");
273
274		/* Send a dummy response packet to avoid protocol error. */
275		packet_start(SSH_CMSG_AUTH_RSA_RESPONSE);
276		for (i = 0; i < 16; i++)
277			packet_put_char(0);
278		packet_send();
279		packet_write_wait();
280
281		/* Expect the server to reject it... */
282		packet_read_expect(SSH_SMSG_FAILURE);
283		BN_clear_free(challenge);
284		return 0;
285	}
286
287	/* Compute and send a response to the challenge. */
288	respond_to_rsa_challenge(challenge, private->rsa);
289
290	/* Destroy the private key unless it in external hardware. */
291	if (!(private->flags & KEY_FLAG_EXT))
292		key_free(private);
293
294	/* We no longer need the challenge. */
295	BN_clear_free(challenge);
296
297	/* Wait for response from the server. */
298	type = packet_read();
299	if (type == SSH_SMSG_SUCCESS) {
300		debug("RSA authentication accepted by server.");
301		return 1;
302	}
303	if (type != SSH_SMSG_FAILURE)
304		packet_disconnect("Protocol error waiting RSA auth response: %d", type);
305	debug("RSA authentication refused.");
306	return 0;
307}
308
309/*
310 * Tries to authenticate the user using combined rhosts or /etc/hosts.equiv
311 * authentication and RSA host authentication.
312 */
313static int
314try_rhosts_rsa_authentication(const char *local_user, Key * host_key)
315{
316	int type;
317	BIGNUM *challenge;
318
319	debug("Trying rhosts or /etc/hosts.equiv with RSA host authentication.");
320
321	/* Tell the server that we are willing to authenticate using this key. */
322	packet_start(SSH_CMSG_AUTH_RHOSTS_RSA);
323	packet_put_cstring(local_user);
324	packet_put_int(BN_num_bits(host_key->rsa->n));
325	packet_put_bignum(host_key->rsa->e);
326	packet_put_bignum(host_key->rsa->n);
327	packet_send();
328	packet_write_wait();
329
330	/* Wait for server's response. */
331	type = packet_read();
332
333	/* The server responds with failure if it doesn't admit our
334	   .rhosts authentication or doesn't know our host key. */
335	if (type == SSH_SMSG_FAILURE) {
336		debug("Server refused our rhosts authentication or host key.");
337		return 0;
338	}
339	/* Otherwise, the server should respond with a challenge. */
340	if (type != SSH_SMSG_AUTH_RSA_CHALLENGE)
341		packet_disconnect("Protocol error during RSA authentication: %d", type);
342
343	/* Get the challenge from the packet. */
344	if ((challenge = BN_new()) == NULL)
345		fatal("try_rhosts_rsa_authentication: BN_new failed");
346	packet_get_bignum(challenge);
347	packet_check_eom();
348
349	debug("Received RSA challenge for host key from server.");
350
351	/* Compute a response to the challenge. */
352	respond_to_rsa_challenge(challenge, host_key->rsa);
353
354	/* We no longer need the challenge. */
355	BN_clear_free(challenge);
356
357	/* Wait for response from the server. */
358	type = packet_read();
359	if (type == SSH_SMSG_SUCCESS) {
360		debug("Rhosts or /etc/hosts.equiv with RSA host authentication accepted by server.");
361		return 1;
362	}
363	if (type != SSH_SMSG_FAILURE)
364		packet_disconnect("Protocol error waiting RSA auth response: %d", type);
365	debug("Rhosts or /etc/hosts.equiv with RSA host authentication refused.");
366	return 0;
367}
368
369/*
370 * Tries to authenticate with any string-based challenge/response system.
371 * Note that the client code is not tied to s/key or TIS.
372 */
373static int
374try_challenge_response_authentication(void)
375{
376	int type, i;
377	u_int clen;
378	char prompt[1024];
379	char *challenge, *response;
380
381	debug("Doing challenge response authentication.");
382
383	for (i = 0; i < options.number_of_password_prompts; i++) {
384		/* request a challenge */
385		packet_start(SSH_CMSG_AUTH_TIS);
386		packet_send();
387		packet_write_wait();
388
389		type = packet_read();
390		if (type != SSH_SMSG_FAILURE &&
391		    type != SSH_SMSG_AUTH_TIS_CHALLENGE) {
392			packet_disconnect("Protocol error: got %d in response "
393			    "to SSH_CMSG_AUTH_TIS", type);
394		}
395		if (type != SSH_SMSG_AUTH_TIS_CHALLENGE) {
396			debug("No challenge.");
397			return 0;
398		}
399		challenge = packet_get_string(&clen);
400		packet_check_eom();
401		snprintf(prompt, sizeof prompt, "%s%s", challenge,
402		    strchr(challenge, '\n') ? "" : "\nResponse: ");
403		xfree(challenge);
404		if (i != 0)
405			error("Permission denied, please try again.");
406		if (options.cipher == SSH_CIPHER_NONE)
407			logit("WARNING: Encryption is disabled! "
408			    "Response will be transmitted in clear text.");
409		response = read_passphrase(prompt, 0);
410		if (strcmp(response, "") == 0) {
411			xfree(response);
412			break;
413		}
414		packet_start(SSH_CMSG_AUTH_TIS_RESPONSE);
415		ssh_put_password(response);
416		memset(response, 0, strlen(response));
417		xfree(response);
418		packet_send();
419		packet_write_wait();
420		type = packet_read();
421		if (type == SSH_SMSG_SUCCESS)
422			return 1;
423		if (type != SSH_SMSG_FAILURE)
424			packet_disconnect("Protocol error: got %d in response "
425			    "to SSH_CMSG_AUTH_TIS_RESPONSE", type);
426	}
427	/* failure */
428	return 0;
429}
430
431/*
432 * Tries to authenticate with plain passwd authentication.
433 */
434static int
435try_password_authentication(char *prompt)
436{
437	int type, i;
438	char *password;
439
440	debug("Doing password authentication.");
441	if (options.cipher == SSH_CIPHER_NONE)
442		logit("WARNING: Encryption is disabled! Password will be transmitted in clear text.");
443	for (i = 0; i < options.number_of_password_prompts; i++) {
444		if (i != 0)
445			error("Permission denied, please try again.");
446		password = read_passphrase(prompt, 0);
447		packet_start(SSH_CMSG_AUTH_PASSWORD);
448		ssh_put_password(password);
449		memset(password, 0, strlen(password));
450		xfree(password);
451		packet_send();
452		packet_write_wait();
453
454		type = packet_read();
455		if (type == SSH_SMSG_SUCCESS)
456			return 1;
457		if (type != SSH_SMSG_FAILURE)
458			packet_disconnect("Protocol error: got %d in response to passwd auth", type);
459	}
460	/* failure */
461	return 0;
462}
463
464/*
465 * SSH1 key exchange
466 */
467void
468ssh_kex(char *host, struct sockaddr *hostaddr)
469{
470	int i;
471	BIGNUM *key;
472	Key *host_key, *server_key;
473	int bits, rbits;
474	int ssh_cipher_default = SSH_CIPHER_3DES;
475	u_char session_key[SSH_SESSION_KEY_LENGTH];
476	u_char cookie[8];
477	u_int supported_ciphers;
478	u_int server_flags, client_flags;
479	u_int32_t rand = 0;
480
481	debug("Waiting for server public key.");
482
483	/* Wait for a public key packet from the server. */
484	packet_read_expect(SSH_SMSG_PUBLIC_KEY);
485
486	/* Get cookie from the packet. */
487	for (i = 0; i < 8; i++)
488		cookie[i] = packet_get_char();
489
490	/* Get the public key. */
491	server_key = key_new(KEY_RSA1);
492	bits = packet_get_int();
493	packet_get_bignum(server_key->rsa->e);
494	packet_get_bignum(server_key->rsa->n);
495
496	rbits = BN_num_bits(server_key->rsa->n);
497	if (bits != rbits) {
498		logit("Warning: Server lies about size of server public key: "
499		    "actual size is %d bits vs. announced %d.", rbits, bits);
500		logit("Warning: This may be due to an old implementation of ssh.");
501	}
502	/* Get the host key. */
503	host_key = key_new(KEY_RSA1);
504	bits = packet_get_int();
505	packet_get_bignum(host_key->rsa->e);
506	packet_get_bignum(host_key->rsa->n);
507
508	rbits = BN_num_bits(host_key->rsa->n);
509	if (bits != rbits) {
510		logit("Warning: Server lies about size of server host key: "
511		    "actual size is %d bits vs. announced %d.", rbits, bits);
512		logit("Warning: This may be due to an old implementation of ssh.");
513	}
514
515	/* Get protocol flags. */
516	server_flags = packet_get_int();
517	packet_set_protocol_flags(server_flags);
518
519	supported_ciphers = packet_get_int();
520	supported_authentications = packet_get_int();
521	packet_check_eom();
522
523	debug("Received server public key (%d bits) and host key (%d bits).",
524	    BN_num_bits(server_key->rsa->n), BN_num_bits(host_key->rsa->n));
525
526	if (verify_host_key(host, hostaddr, host_key) == -1)
527		fatal("Host key verification failed.");
528
529	client_flags = SSH_PROTOFLAG_SCREEN_NUMBER | SSH_PROTOFLAG_HOST_IN_FWD_OPEN;
530
531	compute_session_id(session_id, cookie, host_key->rsa->n, server_key->rsa->n);
532
533	/* Generate a session key. */
534	arc4random_stir();
535
536	/*
537	 * Generate an encryption key for the session.   The key is a 256 bit
538	 * random number, interpreted as a 32-byte key, with the least
539	 * significant 8 bits being the first byte of the key.
540	 */
541	for (i = 0; i < 32; i++) {
542		if (i % 4 == 0)
543			rand = arc4random();
544		session_key[i] = rand & 0xff;
545		rand >>= 8;
546	}
547
548	/*
549	 * According to the protocol spec, the first byte of the session key
550	 * is the highest byte of the integer.  The session key is xored with
551	 * the first 16 bytes of the session id.
552	 */
553	if ((key = BN_new()) == NULL)
554		fatal("respond_to_rsa_challenge: BN_new failed");
555	BN_set_word(key, 0);
556	for (i = 0; i < SSH_SESSION_KEY_LENGTH; i++) {
557		BN_lshift(key, key, 8);
558		if (i < 16)
559			BN_add_word(key, session_key[i] ^ session_id[i]);
560		else
561			BN_add_word(key, session_key[i]);
562	}
563
564	/*
565	 * Encrypt the integer using the public key and host key of the
566	 * server (key with smaller modulus first).
567	 */
568	if (BN_cmp(server_key->rsa->n, host_key->rsa->n) < 0) {
569		/* Public key has smaller modulus. */
570		if (BN_num_bits(host_key->rsa->n) <
571		    BN_num_bits(server_key->rsa->n) + SSH_KEY_BITS_RESERVED) {
572			fatal("respond_to_rsa_challenge: host_key %d < server_key %d + "
573			    "SSH_KEY_BITS_RESERVED %d",
574			    BN_num_bits(host_key->rsa->n),
575			    BN_num_bits(server_key->rsa->n),
576			    SSH_KEY_BITS_RESERVED);
577		}
578		rsa_public_encrypt(key, key, server_key->rsa);
579		rsa_public_encrypt(key, key, host_key->rsa);
580	} else {
581		/* Host key has smaller modulus (or they are equal). */
582		if (BN_num_bits(server_key->rsa->n) <
583		    BN_num_bits(host_key->rsa->n) + SSH_KEY_BITS_RESERVED) {
584			fatal("respond_to_rsa_challenge: server_key %d < host_key %d + "
585			    "SSH_KEY_BITS_RESERVED %d",
586			    BN_num_bits(server_key->rsa->n),
587			    BN_num_bits(host_key->rsa->n),
588			    SSH_KEY_BITS_RESERVED);
589		}
590		rsa_public_encrypt(key, key, host_key->rsa);
591		rsa_public_encrypt(key, key, server_key->rsa);
592	}
593
594	/* Destroy the public keys since we no longer need them. */
595	key_free(server_key);
596	key_free(host_key);
597
598	if (options.cipher == SSH_CIPHER_NOT_SET) {
599		if (cipher_mask_ssh1(1) & supported_ciphers & (1 << ssh_cipher_default))
600			options.cipher = ssh_cipher_default;
601	} else if (options.cipher == SSH_CIPHER_ILLEGAL ||
602	    !(cipher_mask_ssh1(1) & (1 << options.cipher))) {
603		logit("No valid SSH1 cipher, using %.100s instead.",
604		    cipher_name(ssh_cipher_default));
605		options.cipher = ssh_cipher_default;
606	}
607	/* Check that the selected cipher is supported. */
608	if (!(supported_ciphers & (1 << options.cipher)))
609		fatal("Selected cipher type %.100s not supported by server.",
610		    cipher_name(options.cipher));
611
612	debug("Encryption type: %.100s", cipher_name(options.cipher));
613
614	/* Send the encrypted session key to the server. */
615	packet_start(SSH_CMSG_SESSION_KEY);
616	packet_put_char(options.cipher);
617
618	/* Send the cookie back to the server. */
619	for (i = 0; i < 8; i++)
620		packet_put_char(cookie[i]);
621
622	/* Send and destroy the encrypted encryption key integer. */
623	packet_put_bignum(key);
624	BN_clear_free(key);
625
626	/* Send protocol flags. */
627	packet_put_int(client_flags);
628
629	/* Send the packet now. */
630	packet_send();
631	packet_write_wait();
632
633	debug("Sent encrypted session key.");
634
635	/* Set the encryption key. */
636	packet_set_encryption_key(session_key, SSH_SESSION_KEY_LENGTH, options.cipher);
637
638	/* We will no longer need the session key here.  Destroy any extra copies. */
639	memset(session_key, 0, sizeof(session_key));
640
641	/*
642	 * Expect a success message from the server.  Note that this message
643	 * will be received in encrypted form.
644	 */
645	packet_read_expect(SSH_SMSG_SUCCESS);
646
647	debug("Received encrypted confirmation.");
648}
649
650/*
651 * Authenticate user
652 */
653void
654ssh_userauth1(const char *local_user, const char *server_user, char *host,
655    Sensitive *sensitive)
656{
657	int i, type;
658
659	if (supported_authentications == 0)
660		fatal("ssh_userauth1: server supports no auth methods");
661
662	/* Send the name of the user to log in as on the server. */
663	packet_start(SSH_CMSG_USER);
664	packet_put_cstring(server_user);
665	packet_send();
666	packet_write_wait();
667
668	/*
669	 * The server should respond with success if no authentication is
670	 * needed (the user has no password).  Otherwise the server responds
671	 * with failure.
672	 */
673	type = packet_read();
674
675	/* check whether the connection was accepted without authentication. */
676	if (type == SSH_SMSG_SUCCESS)
677		goto success;
678	if (type != SSH_SMSG_FAILURE)
679		packet_disconnect("Protocol error: got %d in response to SSH_CMSG_USER", type);
680
681	/*
682	 * Try .rhosts or /etc/hosts.equiv authentication with RSA host
683	 * authentication.
684	 */
685	if ((supported_authentications & (1 << SSH_AUTH_RHOSTS_RSA)) &&
686	    options.rhosts_rsa_authentication) {
687		for (i = 0; i < sensitive->nkeys; i++) {
688			if (sensitive->keys[i] != NULL &&
689			    sensitive->keys[i]->type == KEY_RSA1 &&
690			    try_rhosts_rsa_authentication(local_user,
691			    sensitive->keys[i]))
692				goto success;
693		}
694	}
695	/* Try RSA authentication if the server supports it. */
696	if ((supported_authentications & (1 << SSH_AUTH_RSA)) &&
697	    options.rsa_authentication) {
698		/*
699		 * Try RSA authentication using the authentication agent. The
700		 * agent is tried first because no passphrase is needed for
701		 * it, whereas identity files may require passphrases.
702		 */
703		if (try_agent_authentication())
704			goto success;
705
706		/* Try RSA authentication for each identity. */
707		for (i = 0; i < options.num_identity_files; i++)
708			if (options.identity_keys[i] != NULL &&
709			    options.identity_keys[i]->type == KEY_RSA1 &&
710			    try_rsa_authentication(i))
711				goto success;
712	}
713	/* Try challenge response authentication if the server supports it. */
714	if ((supported_authentications & (1 << SSH_AUTH_TIS)) &&
715	    options.challenge_response_authentication && !options.batch_mode) {
716		if (try_challenge_response_authentication())
717			goto success;
718	}
719	/* Try password authentication if the server supports it. */
720	if ((supported_authentications & (1 << SSH_AUTH_PASSWORD)) &&
721	    options.password_authentication && !options.batch_mode) {
722		char prompt[80];
723
724		snprintf(prompt, sizeof(prompt), "%.30s@%.128s's password: ",
725		    server_user, host);
726		if (try_password_authentication(prompt))
727			goto success;
728	}
729	/* All authentication methods have failed.  Exit with an error message. */
730	fatal("Permission denied.");
731	/* NOTREACHED */
732
733 success:
734	return;	/* need statement after label */
735}
736