1/* $OpenBSD: sshconnect1.c,v 1.70 2006/11/06 21:25:28 markus Exp $ */ 2/* 3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 5 * All rights reserved 6 * Code to connect to a remote host, and to perform the client side of the 7 * login (authentication) dialog. 8 * 9 * As far as I am concerned, the code I have written for this software 10 * can be used freely for any purpose. Any derived versions of this 11 * software must be clearly marked as such, and if the derived work is 12 * incompatible with the protocol description in the RFC file, it must be 13 * called by a name other than "ssh" or "Secure Shell". 14 */ 15 16#include "includes.h" 17 18#include <sys/types.h> 19#include <sys/socket.h> 20 21#ifdef __APPLE_CRYPTO__ 22#include "ossl-bn.h" 23#include "ossl-md5.h" 24#else 25#include <openssl/bn.h> 26#include <openssl/md5.h> 27#endif 28 29#include <stdarg.h> 30#include <stdio.h> 31#include <stdlib.h> 32#include <string.h> 33#include <signal.h> 34#include <pwd.h> 35 36#include "xmalloc.h" 37#include "ssh.h" 38#include "ssh1.h" 39#include "rsa.h" 40#include "buffer.h" 41#include "packet.h" 42#include "key.h" 43#include "cipher.h" 44#include "kex.h" 45#include "uidswap.h" 46#include "log.h" 47#include "readconf.h" 48#include "authfd.h" 49#include "sshconnect.h" 50#include "authfile.h" 51#include "misc.h" 52#include "canohost.h" 53#include "hostfile.h" 54#include "auth.h" 55#include "keychain.h" 56 57/* Session id for the current session. */ 58u_char session_id[16]; 59u_int supported_authentications = 0; 60 61extern Options options; 62extern char *__progname; 63 64/* 65 * Checks if the user has an authentication agent, and if so, tries to 66 * authenticate using the agent. 67 */ 68static int 69try_agent_authentication(void) 70{ 71 int type; 72 char *comment; 73 AuthenticationConnection *auth; 74 u_char response[16]; 75 u_int i; 76 Key *key; 77 BIGNUM *challenge; 78 79 /* Get connection to the agent. */ 80 auth = ssh_get_authentication_connection(); 81 if (!auth) 82 return 0; 83 84 if ((challenge = BN_new()) == NULL) 85 fatal("try_agent_authentication: BN_new failed"); 86 /* Loop through identities served by the agent. */ 87 for (key = ssh_get_first_identity(auth, &comment, 1); 88 key != NULL; 89 key = ssh_get_next_identity(auth, &comment, 1)) { 90 91 /* Try this identity. */ 92 debug("Trying RSA authentication via agent with '%.100s'", comment); 93 xfree(comment); 94 95 /* Tell the server that we are willing to authenticate using this key. */ 96 packet_start(SSH_CMSG_AUTH_RSA); 97 packet_put_bignum(key->rsa->n); 98 packet_send(); 99 packet_write_wait(); 100 101 /* Wait for server's response. */ 102 type = packet_read(); 103 104 /* The server sends failure if it doesn't like our key or 105 does not support RSA authentication. */ 106 if (type == SSH_SMSG_FAILURE) { 107 debug("Server refused our key."); 108 key_free(key); 109 continue; 110 } 111 /* Otherwise it should have sent a challenge. */ 112 if (type != SSH_SMSG_AUTH_RSA_CHALLENGE) 113 packet_disconnect("Protocol error during RSA authentication: %d", 114 type); 115 116 packet_get_bignum(challenge); 117 packet_check_eom(); 118 119 debug("Received RSA challenge from server."); 120 121 /* Ask the agent to decrypt the challenge. */ 122 if (!ssh_decrypt_challenge(auth, key, challenge, session_id, 1, response)) { 123 /* 124 * The agent failed to authenticate this identifier 125 * although it advertised it supports this. Just 126 * return a wrong value. 127 */ 128 logit("Authentication agent failed to decrypt challenge."); 129 memset(response, 0, sizeof(response)); 130 } 131 key_free(key); 132 debug("Sending response to RSA challenge."); 133 134 /* Send the decrypted challenge back to the server. */ 135 packet_start(SSH_CMSG_AUTH_RSA_RESPONSE); 136 for (i = 0; i < 16; i++) 137 packet_put_char(response[i]); 138 packet_send(); 139 packet_write_wait(); 140 141 /* Wait for response from the server. */ 142 type = packet_read(); 143 144 /* The server returns success if it accepted the authentication. */ 145 if (type == SSH_SMSG_SUCCESS) { 146 ssh_close_authentication_connection(auth); 147 BN_clear_free(challenge); 148 debug("RSA authentication accepted by server."); 149 return 1; 150 } 151 /* Otherwise it should return failure. */ 152 if (type != SSH_SMSG_FAILURE) 153 packet_disconnect("Protocol error waiting RSA auth response: %d", 154 type); 155 } 156 ssh_close_authentication_connection(auth); 157 BN_clear_free(challenge); 158 debug("RSA authentication using agent refused."); 159 return 0; 160} 161 162/* 163 * Computes the proper response to a RSA challenge, and sends the response to 164 * the server. 165 */ 166static void 167respond_to_rsa_challenge(BIGNUM * challenge, RSA * prv) 168{ 169 u_char buf[32], response[16]; 170 MD5_CTX md; 171 int i, len; 172 173 /* Decrypt the challenge using the private key. */ 174 /* XXX think about Bleichenbacher, too */ 175 if (rsa_private_decrypt(challenge, challenge, prv) <= 0) 176 packet_disconnect( 177 "respond_to_rsa_challenge: rsa_private_decrypt failed"); 178 179 /* Compute the response. */ 180 /* The response is MD5 of decrypted challenge plus session id. */ 181 len = BN_num_bytes(challenge); 182 if (len <= 0 || (u_int)len > sizeof(buf)) 183 packet_disconnect( 184 "respond_to_rsa_challenge: bad challenge length %d", len); 185 186 memset(buf, 0, sizeof(buf)); 187 BN_bn2bin(challenge, buf + sizeof(buf) - len); 188 MD5_Init(&md); 189 MD5_Update(&md, buf, 32); 190 MD5_Update(&md, session_id, 16); 191 MD5_Final(response, &md); 192 193 debug("Sending response to host key RSA challenge."); 194 195 /* Send the response back to the server. */ 196 packet_start(SSH_CMSG_AUTH_RSA_RESPONSE); 197 for (i = 0; i < 16; i++) 198 packet_put_char(response[i]); 199 packet_send(); 200 packet_write_wait(); 201 202 memset(buf, 0, sizeof(buf)); 203 memset(response, 0, sizeof(response)); 204 memset(&md, 0, sizeof(md)); 205} 206 207/* 208 * Checks if the user has authentication file, and if so, tries to authenticate 209 * the user using it. 210 */ 211static int 212try_rsa_authentication(int idx) 213{ 214 BIGNUM *challenge; 215 Key *public, *private; 216 char buf[300], *passphrase, *comment, *authfile; 217 int i, perm_ok = 1, type, quit; 218 219 public = options.identity_keys[idx]; 220 authfile = options.identity_files[idx]; 221 comment = xstrdup(authfile); 222 223 debug("Trying RSA authentication with key '%.100s'", comment); 224 225 /* Tell the server that we are willing to authenticate using this key. */ 226 packet_start(SSH_CMSG_AUTH_RSA); 227 packet_put_bignum(public->rsa->n); 228 packet_send(); 229 packet_write_wait(); 230 231 /* Wait for server's response. */ 232 type = packet_read(); 233 234 /* 235 * The server responds with failure if it doesn't like our key or 236 * doesn't support RSA authentication. 237 */ 238 if (type == SSH_SMSG_FAILURE) { 239 debug("Server refused our key."); 240 xfree(comment); 241 return 0; 242 } 243 /* Otherwise, the server should respond with a challenge. */ 244 if (type != SSH_SMSG_AUTH_RSA_CHALLENGE) 245 packet_disconnect("Protocol error during RSA authentication: %d", type); 246 247 /* Get the challenge from the packet. */ 248 if ((challenge = BN_new()) == NULL) 249 fatal("try_rsa_authentication: BN_new failed"); 250 packet_get_bignum(challenge); 251 packet_check_eom(); 252 253 debug("Received RSA challenge from server."); 254 255 /* 256 * If the key is not stored in external hardware, we have to 257 * load the private key. Try first with empty passphrase; if it 258 * fails, ask for a passphrase. 259 */ 260 if (public->flags & KEY_FLAG_EXT) 261 private = public; 262 else 263 private = key_load_private_type(KEY_RSA1, authfile, "", NULL, 264 &perm_ok); 265 if (private == NULL && !options.batch_mode && perm_ok) { 266 snprintf(buf, sizeof(buf), 267 "Enter passphrase for RSA key '%.100s': ", comment); 268 for (i = 0; i < options.number_of_password_prompts; i++) { 269#ifdef __APPLE_KEYCHAIN__ 270 passphrase = keychain_read_passphrase(comment, options.ask_pass_gui); 271 if (passphrase == NULL) 272#endif 273 passphrase = read_passphrase(buf, 0); 274 if (strcmp(passphrase, "") != 0) { 275 private = key_load_private_type(KEY_RSA1, 276 authfile, passphrase, NULL, NULL); 277 quit = 0; 278 } else { 279 debug2("no passphrase given, try next key"); 280 quit = 1; 281 } 282 memset(passphrase, 0, strlen(passphrase)); 283 xfree(passphrase); 284 if (private != NULL || quit) 285 break; 286 debug2("bad passphrase given, try again..."); 287 } 288 } 289 /* We no longer need the comment. */ 290 xfree(comment); 291 292 if (private == NULL) { 293 if (!options.batch_mode && perm_ok) 294 error("Bad passphrase."); 295 296 /* Send a dummy response packet to avoid protocol error. */ 297 packet_start(SSH_CMSG_AUTH_RSA_RESPONSE); 298 for (i = 0; i < 16; i++) 299 packet_put_char(0); 300 packet_send(); 301 packet_write_wait(); 302 303 /* Expect the server to reject it... */ 304 packet_read_expect(SSH_SMSG_FAILURE); 305 BN_clear_free(challenge); 306 return 0; 307 } 308 309 /* Compute and send a response to the challenge. */ 310 respond_to_rsa_challenge(challenge, private->rsa); 311 312 /* Destroy the private key unless it in external hardware. */ 313 if (!(private->flags & KEY_FLAG_EXT)) 314 key_free(private); 315 316 /* We no longer need the challenge. */ 317 BN_clear_free(challenge); 318 319 /* Wait for response from the server. */ 320 type = packet_read(); 321 if (type == SSH_SMSG_SUCCESS) { 322 debug("RSA authentication accepted by server."); 323 return 1; 324 } 325 if (type != SSH_SMSG_FAILURE) 326 packet_disconnect("Protocol error waiting RSA auth response: %d", type); 327 debug("RSA authentication refused."); 328 return 0; 329} 330 331/* 332 * Tries to authenticate the user using combined rhosts or /etc/hosts.equiv 333 * authentication and RSA host authentication. 334 */ 335static int 336try_rhosts_rsa_authentication(const char *local_user, Key * host_key) 337{ 338 int type; 339 BIGNUM *challenge; 340 341 debug("Trying rhosts or /etc/hosts.equiv with RSA host authentication."); 342 343 /* Tell the server that we are willing to authenticate using this key. */ 344 packet_start(SSH_CMSG_AUTH_RHOSTS_RSA); 345 packet_put_cstring(local_user); 346 packet_put_int(BN_num_bits(host_key->rsa->n)); 347 packet_put_bignum(host_key->rsa->e); 348 packet_put_bignum(host_key->rsa->n); 349 packet_send(); 350 packet_write_wait(); 351 352 /* Wait for server's response. */ 353 type = packet_read(); 354 355 /* The server responds with failure if it doesn't admit our 356 .rhosts authentication or doesn't know our host key. */ 357 if (type == SSH_SMSG_FAILURE) { 358 debug("Server refused our rhosts authentication or host key."); 359 return 0; 360 } 361 /* Otherwise, the server should respond with a challenge. */ 362 if (type != SSH_SMSG_AUTH_RSA_CHALLENGE) 363 packet_disconnect("Protocol error during RSA authentication: %d", type); 364 365 /* Get the challenge from the packet. */ 366 if ((challenge = BN_new()) == NULL) 367 fatal("try_rhosts_rsa_authentication: BN_new failed"); 368 packet_get_bignum(challenge); 369 packet_check_eom(); 370 371 debug("Received RSA challenge for host key from server."); 372 373 /* Compute a response to the challenge. */ 374 respond_to_rsa_challenge(challenge, host_key->rsa); 375 376 /* We no longer need the challenge. */ 377 BN_clear_free(challenge); 378 379 /* Wait for response from the server. */ 380 type = packet_read(); 381 if (type == SSH_SMSG_SUCCESS) { 382 debug("Rhosts or /etc/hosts.equiv with RSA host authentication accepted by server."); 383 return 1; 384 } 385 if (type != SSH_SMSG_FAILURE) 386 packet_disconnect("Protocol error waiting RSA auth response: %d", type); 387 debug("Rhosts or /etc/hosts.equiv with RSA host authentication refused."); 388 return 0; 389} 390 391/* 392 * Tries to authenticate with any string-based challenge/response system. 393 * Note that the client code is not tied to s/key or TIS. 394 */ 395static int 396try_challenge_response_authentication(void) 397{ 398 int type, i; 399 u_int clen; 400 char prompt[1024]; 401 char *challenge, *response; 402 403 debug("Doing challenge response authentication."); 404 405 for (i = 0; i < options.number_of_password_prompts; i++) { 406 /* request a challenge */ 407 packet_start(SSH_CMSG_AUTH_TIS); 408 packet_send(); 409 packet_write_wait(); 410 411 type = packet_read(); 412 if (type != SSH_SMSG_FAILURE && 413 type != SSH_SMSG_AUTH_TIS_CHALLENGE) { 414 packet_disconnect("Protocol error: got %d in response " 415 "to SSH_CMSG_AUTH_TIS", type); 416 } 417 if (type != SSH_SMSG_AUTH_TIS_CHALLENGE) { 418 debug("No challenge."); 419 return 0; 420 } 421 challenge = packet_get_string(&clen); 422 packet_check_eom(); 423 snprintf(prompt, sizeof prompt, "%s%s", challenge, 424 strchr(challenge, '\n') ? "" : "\nResponse: "); 425 xfree(challenge); 426 if (i != 0) 427 error("Permission denied, please try again."); 428 if (options.cipher == SSH_CIPHER_NONE) 429 logit("WARNING: Encryption is disabled! " 430 "Response will be transmitted in clear text."); 431 response = read_passphrase(prompt, 0); 432 if (strcmp(response, "") == 0) { 433 xfree(response); 434 break; 435 } 436 packet_start(SSH_CMSG_AUTH_TIS_RESPONSE); 437 ssh_put_password(response); 438 memset(response, 0, strlen(response)); 439 xfree(response); 440 packet_send(); 441 packet_write_wait(); 442 type = packet_read(); 443 if (type == SSH_SMSG_SUCCESS) 444 return 1; 445 if (type != SSH_SMSG_FAILURE) 446 packet_disconnect("Protocol error: got %d in response " 447 "to SSH_CMSG_AUTH_TIS_RESPONSE", type); 448 } 449 /* failure */ 450 return 0; 451} 452 453/* 454 * Tries to authenticate with plain passwd authentication. 455 */ 456static int 457try_password_authentication(char *prompt) 458{ 459 int type, i; 460 char *password; 461 462 debug("Doing password authentication."); 463 if (options.cipher == SSH_CIPHER_NONE) 464 logit("WARNING: Encryption is disabled! Password will be transmitted in clear text."); 465 for (i = 0; i < options.number_of_password_prompts; i++) { 466 if (i != 0) 467 error("Permission denied, please try again."); 468 password = read_passphrase(prompt, 0); 469 packet_start(SSH_CMSG_AUTH_PASSWORD); 470 ssh_put_password(password); 471 memset(password, 0, strlen(password)); 472 xfree(password); 473 packet_send(); 474 packet_write_wait(); 475 476 type = packet_read(); 477 if (type == SSH_SMSG_SUCCESS) 478 return 1; 479 if (type != SSH_SMSG_FAILURE) 480 packet_disconnect("Protocol error: got %d in response to passwd auth", type); 481 } 482 /* failure */ 483 return 0; 484} 485 486/* 487 * SSH1 key exchange 488 */ 489void 490ssh_kex(char *host, struct sockaddr *hostaddr) 491{ 492 int i; 493 BIGNUM *key; 494 Key *host_key, *server_key; 495 int bits, rbits; 496 int ssh_cipher_default = SSH_CIPHER_3DES; 497 u_char session_key[SSH_SESSION_KEY_LENGTH]; 498 u_char cookie[8]; 499 u_int supported_ciphers; 500 u_int server_flags, client_flags; 501 u_int32_t rnd = 0; 502 503 debug("Waiting for server public key."); 504 505 /* Wait for a public key packet from the server. */ 506 packet_read_expect(SSH_SMSG_PUBLIC_KEY); 507 508 /* Get cookie from the packet. */ 509 for (i = 0; i < 8; i++) 510 cookie[i] = packet_get_char(); 511 512 /* Get the public key. */ 513 server_key = key_new(KEY_RSA1); 514 bits = packet_get_int(); 515 packet_get_bignum(server_key->rsa->e); 516 packet_get_bignum(server_key->rsa->n); 517 518 rbits = BN_num_bits(server_key->rsa->n); 519 if (bits != rbits) { 520 logit("Warning: Server lies about size of server public key: " 521 "actual size is %d bits vs. announced %d.", rbits, bits); 522 logit("Warning: This may be due to an old implementation of ssh."); 523 } 524 /* Get the host key. */ 525 host_key = key_new(KEY_RSA1); 526 bits = packet_get_int(); 527 packet_get_bignum(host_key->rsa->e); 528 packet_get_bignum(host_key->rsa->n); 529 530 rbits = BN_num_bits(host_key->rsa->n); 531 if (bits != rbits) { 532 logit("Warning: Server lies about size of server host key: " 533 "actual size is %d bits vs. announced %d.", rbits, bits); 534 logit("Warning: This may be due to an old implementation of ssh."); 535 } 536 537 /* Get protocol flags. */ 538 server_flags = packet_get_int(); 539 packet_set_protocol_flags(server_flags); 540 541 supported_ciphers = packet_get_int(); 542 supported_authentications = packet_get_int(); 543 packet_check_eom(); 544 545 debug("Received server public key (%d bits) and host key (%d bits).", 546 BN_num_bits(server_key->rsa->n), BN_num_bits(host_key->rsa->n)); 547 548 if (verify_host_key(host, hostaddr, host_key) == -1) 549 fatal("Host key verification failed."); 550 551 client_flags = SSH_PROTOFLAG_SCREEN_NUMBER | SSH_PROTOFLAG_HOST_IN_FWD_OPEN; 552 553 derive_ssh1_session_id(host_key->rsa->n, server_key->rsa->n, cookie, session_id); 554 555 /* Generate a session key. */ 556 arc4random_stir(); 557 558 /* 559 * Generate an encryption key for the session. The key is a 256 bit 560 * random number, interpreted as a 32-byte key, with the least 561 * significant 8 bits being the first byte of the key. 562 */ 563 for (i = 0; i < 32; i++) { 564 if (i % 4 == 0) 565 rnd = arc4random(); 566 session_key[i] = rnd & 0xff; 567 rnd >>= 8; 568 } 569 570 /* 571 * According to the protocol spec, the first byte of the session key 572 * is the highest byte of the integer. The session key is xored with 573 * the first 16 bytes of the session id. 574 */ 575 if ((key = BN_new()) == NULL) 576 fatal("ssh_kex: BN_new failed"); 577 if (BN_set_word(key, 0) == 0) 578 fatal("ssh_kex: BN_set_word failed"); 579 for (i = 0; i < SSH_SESSION_KEY_LENGTH; i++) { 580 if (BN_lshift(key, key, 8) == 0) 581 fatal("ssh_kex: BN_lshift failed"); 582 if (i < 16) { 583 if (BN_add_word(key, session_key[i] ^ session_id[i]) 584 == 0) 585 fatal("ssh_kex: BN_add_word failed"); 586 } else { 587 if (BN_add_word(key, session_key[i]) == 0) 588 fatal("ssh_kex: BN_add_word failed"); 589 } 590 } 591 592 /* 593 * Encrypt the integer using the public key and host key of the 594 * server (key with smaller modulus first). 595 */ 596 if (BN_cmp(server_key->rsa->n, host_key->rsa->n) < 0) { 597 /* Public key has smaller modulus. */ 598 if (BN_num_bits(host_key->rsa->n) < 599 BN_num_bits(server_key->rsa->n) + SSH_KEY_BITS_RESERVED) { 600 fatal("respond_to_rsa_challenge: host_key %d < server_key %d + " 601 "SSH_KEY_BITS_RESERVED %d", 602 BN_num_bits(host_key->rsa->n), 603 BN_num_bits(server_key->rsa->n), 604 SSH_KEY_BITS_RESERVED); 605 } 606 rsa_public_encrypt(key, key, server_key->rsa); 607 rsa_public_encrypt(key, key, host_key->rsa); 608 } else { 609 /* Host key has smaller modulus (or they are equal). */ 610 if (BN_num_bits(server_key->rsa->n) < 611 BN_num_bits(host_key->rsa->n) + SSH_KEY_BITS_RESERVED) { 612 fatal("respond_to_rsa_challenge: server_key %d < host_key %d + " 613 "SSH_KEY_BITS_RESERVED %d", 614 BN_num_bits(server_key->rsa->n), 615 BN_num_bits(host_key->rsa->n), 616 SSH_KEY_BITS_RESERVED); 617 } 618 rsa_public_encrypt(key, key, host_key->rsa); 619 rsa_public_encrypt(key, key, server_key->rsa); 620 } 621 622 /* Destroy the public keys since we no longer need them. */ 623 key_free(server_key); 624 key_free(host_key); 625 626 if (options.cipher == SSH_CIPHER_NOT_SET) { 627 if (cipher_mask_ssh1(1) & supported_ciphers & (1 << ssh_cipher_default)) 628 options.cipher = ssh_cipher_default; 629 } else if (options.cipher == SSH_CIPHER_INVALID || 630 !(cipher_mask_ssh1(1) & (1 << options.cipher))) { 631 logit("No valid SSH1 cipher, using %.100s instead.", 632 cipher_name(ssh_cipher_default)); 633 options.cipher = ssh_cipher_default; 634 } 635 /* Check that the selected cipher is supported. */ 636 if (!(supported_ciphers & (1 << options.cipher))) 637 fatal("Selected cipher type %.100s not supported by server.", 638 cipher_name(options.cipher)); 639 640 debug("Encryption type: %.100s", cipher_name(options.cipher)); 641 642 /* Send the encrypted session key to the server. */ 643 packet_start(SSH_CMSG_SESSION_KEY); 644 packet_put_char(options.cipher); 645 646 /* Send the cookie back to the server. */ 647 for (i = 0; i < 8; i++) 648 packet_put_char(cookie[i]); 649 650 /* Send and destroy the encrypted encryption key integer. */ 651 packet_put_bignum(key); 652 BN_clear_free(key); 653 654 /* Send protocol flags. */ 655 packet_put_int(client_flags); 656 657 /* Send the packet now. */ 658 packet_send(); 659 packet_write_wait(); 660 661 debug("Sent encrypted session key."); 662 663 /* Set the encryption key. */ 664 packet_set_encryption_key(session_key, SSH_SESSION_KEY_LENGTH, options.cipher); 665 666 /* We will no longer need the session key here. Destroy any extra copies. */ 667 memset(session_key, 0, sizeof(session_key)); 668 669 /* 670 * Expect a success message from the server. Note that this message 671 * will be received in encrypted form. 672 */ 673 packet_read_expect(SSH_SMSG_SUCCESS); 674 675 debug("Received encrypted confirmation."); 676} 677 678/* 679 * Authenticate user 680 */ 681void 682ssh_userauth1(const char *local_user, const char *server_user, char *host, 683 Sensitive *sensitive) 684{ 685 int i, type; 686 687 if (supported_authentications == 0) 688 fatal("ssh_userauth1: server supports no auth methods"); 689 690 /* Send the name of the user to log in as on the server. */ 691 packet_start(SSH_CMSG_USER); 692 packet_put_cstring(server_user); 693 packet_send(); 694 packet_write_wait(); 695 696 /* 697 * The server should respond with success if no authentication is 698 * needed (the user has no password). Otherwise the server responds 699 * with failure. 700 */ 701 type = packet_read(); 702 703 /* check whether the connection was accepted without authentication. */ 704 if (type == SSH_SMSG_SUCCESS) 705 goto success; 706 if (type != SSH_SMSG_FAILURE) 707 packet_disconnect("Protocol error: got %d in response to SSH_CMSG_USER", type); 708 709 /* 710 * Try .rhosts or /etc/hosts.equiv authentication with RSA host 711 * authentication. 712 */ 713 if ((supported_authentications & (1 << SSH_AUTH_RHOSTS_RSA)) && 714 options.rhosts_rsa_authentication) { 715 for (i = 0; i < sensitive->nkeys; i++) { 716 if (sensitive->keys[i] != NULL && 717 sensitive->keys[i]->type == KEY_RSA1 && 718 try_rhosts_rsa_authentication(local_user, 719 sensitive->keys[i])) 720 goto success; 721 } 722 } 723 /* Try RSA authentication if the server supports it. */ 724 if ((supported_authentications & (1 << SSH_AUTH_RSA)) && 725 options.rsa_authentication) { 726 /* 727 * Try RSA authentication using the authentication agent. The 728 * agent is tried first because no passphrase is needed for 729 * it, whereas identity files may require passphrases. 730 */ 731 if (try_agent_authentication()) 732 goto success; 733 734 /* Try RSA authentication for each identity. */ 735 for (i = 0; i < options.num_identity_files; i++) 736 if (options.identity_keys[i] != NULL && 737 options.identity_keys[i]->type == KEY_RSA1 && 738 try_rsa_authentication(i)) 739 goto success; 740 } 741 /* Try challenge response authentication if the server supports it. */ 742 if ((supported_authentications & (1 << SSH_AUTH_TIS)) && 743 options.challenge_response_authentication && !options.batch_mode) { 744 if (try_challenge_response_authentication()) 745 goto success; 746 } 747 /* Try password authentication if the server supports it. */ 748 if ((supported_authentications & (1 << SSH_AUTH_PASSWORD)) && 749 options.password_authentication && !options.batch_mode) { 750 char prompt[80]; 751 752 snprintf(prompt, sizeof(prompt), "%.30s@%.128s's password: ", 753 server_user, host); 754 if (try_password_authentication(prompt)) 755 goto success; 756 } 757 /* All authentication methods have failed. Exit with an error message. */ 758 fatal("Permission denied."); 759 /* NOTREACHED */ 760 761 success: 762 return; /* need statement after label */ 763} 764