WinPackets = 8, // (1<<15) * 8 = 256K
};
+int MaxPwTries = 3; // retry this often for keyboard-interactive
+
typedef struct
{
u32int seq;
int nsid;
uchar sid[256];
-char thumb[2*SHA2_256dlen+1];
+char thumb[2*SHA2_256dlen+1], *thumbfile;
int fd, intr, raw, debug;
char *user, *service, *status, *host, *cmd;
void
catch(void*, char *msg)
{
- if(strstr(msg, "interrupt") != nil){
+ if(strcmp(msg, "interrupt") == 0){
intr = 1;
noted(NCONT);
}
return 1;
memset(err, 0, sizeof(err));
errstr(err, sizeof(err));
- r = strstr(err, "interrupt") != nil;
+ r = strcmp(err, "interrupted") == 0;
errstr(err, sizeof(err));
return r;
}
return m;
}
-/* libsec */
-extern mpint* pkcs1padbuf(uchar *buf, int len, mpint *modulus, int blocktype);
-extern int asn1encodedigest(DigestState* (*fun)(uchar*, ulong, uchar*, DigestState*),
- uchar *digest, uchar *buf, int len);
-
mpint*
pkcs1digest(uchar *data, int len, RSApub *pub)
{
kex(int gotkexinit)
{
static char kexalgs[] = "curve25519-sha256,curve25519-sha256@libssh.org";
- static char hostkeyalgs[] = "ssh-rsa";
static char cipheralgs[] = "chacha20-poly1305@openssh.com";
static char zipalgs[] = "none";
static char macalgs[] = "";
sendpkt("b[ssssssssssbu", MSG_KEXINIT,
cookie, sizeof(cookie),
kexalgs, sizeof(kexalgs)-1,
- hostkeyalgs, sizeof(hostkeyalgs)-1,
+ sshrsa, sizeof(sshrsa)-1,
cipheralgs, sizeof(cipheralgs)-1,
cipheralgs, sizeof(cipheralgs)-1,
macalgs, sizeof(macalgs)-1,
ds = hashstr(yc, 32, ds);
ds = hashstr(ys, 32, ds);
- sha2_256(ks, nks, h, nil);
- i = snprint(thumb, sizeof(thumb), "%.*[", sizeof(h), h);
- while(i > 0 && thumb[i-1] == '=')
- thumb[--i] = '\0';
-
-if(debug)
- fprint(2, "host fingerprint: %s\n", thumb);
+ if(thumb[0] == 0){
+ Thumbprint *ok;
+
+ sha2_256(ks, nks, h, nil);
+ i = enc64(thumb, sizeof(thumb), h, sizeof(h));
+ while(i > 0 && thumb[i-1] == '=')
+ i--;
+ thumb[i] = '\0';
+
+ if(debug)
+ fprint(2, "host fingerprint: %s\n", thumb);
+
+ ok = initThumbprints(thumbfile, nil, "ssh");
+ if(ok == nil || !okThumbprint(h, sizeof(h), ok)){
+ if(ok != nil) werrstr("unknown host");
+ fprint(2, "%s: %r\n", argv0);
+ fprint(2, "verify hostkey: %s %.*[\n", sshrsa, nks, ks);
+ fprint(2, "add thumbprint after verification:\n");
+ fprint(2, "\techo 'ssh sha256=%s server=%s' >> %q\n", thumb, host, thumbfile);
+ sysfatal("checking hostkey failed: %r");
+ }
+ freeThumbprints(ok);
+ }
if((pub = ssh2rsapub(ks, nks)) == nil)
sysfatal("bad server public key");
return partial != 0 || !authok(meth);
}
+int
+noneauth(void)
+{
+ static char authmeth[] = "none";
+
+ if(!authok(authmeth))
+ return -1;
+
+ sendpkt("bsss", MSG_USERAUTH_REQUEST,
+ user, strlen(user),
+ service, strlen(service),
+ authmeth, sizeof(authmeth)-1);
+
+Next0: switch(recvpkt()){
+ default:
+ dispatch();
+ goto Next0;
+ case MSG_USERAUTH_FAILURE:
+ werrstr("authentication needed");
+ authfailure(authmeth);
+ return -1;
+ case MSG_USERAUTH_SUCCESS:
+ return 0;
+ }
+}
+
int
pubkeyauth(void)
{
if(!authok(authmeth))
return -1;
- up = auth_getuserpasswd(auth_getkey, "proto=pass servive=ssh user=%q server=%q thumb=%q",
+ up = auth_getuserpasswd(auth_getkey, "proto=pass service=ssh user=%q server=%q thumb=%q",
user, host, thumb);
if(up == nil)
return -1;
kbintauth(void)
{
static char authmeth[] = "keyboard-interactive";
+ int tries;
char *name, *inst, *s, *a;
int fd, i, n, m;
int nquest, echo;
uchar *ans, *answ;
+ tries = 0;
if(!authok(authmeth))
return -1;
+Loop:
+ if(++tries > MaxPwTries)
+ return -1;
+
sendpkt("bsssss", MSG_USERAUTH_REQUEST,
user, strlen(user),
service, strlen(service),
dispatch();
goto Next0;
case MSG_USERAUTH_FAILURE:
- authfailure(authmeth);
- return -1;
+ werrstr("keyboard-interactive failed");
+ if(authfailure(authmeth))
+ return -1;
+ goto Loop;
case MSG_USERAUTH_SUCCESS:
return 0;
case MSG_USERAUTH_INFO_REQUEST:
case MSG_USERAUTH_INFO_REQUEST:
goto Retry;
case MSG_USERAUTH_FAILURE:
- authfailure(authmeth);
- return -1;
+ werrstr("keyboard-interactive failed");
+ if(authfailure(authmeth))
+ return -1;
+ goto Loop;
case MSG_USERAUTH_SUCCESS:
return 0;
}
int ypixels;
int lines;
int cols;
-} tty = {
- "dumb",
- 0,
- 0,
- 0,
- 0,
-};
+} tty;
+
+void
+getdim(void)
+{
+ char *s;
+
+ if(s = getenv("XPIXELS")){
+ tty.xpixels = atoi(s);
+ free(s);
+ }
+ if(s = getenv("YPIXELS")){
+ tty.ypixels = atoi(s);
+ free(s);
+ }
+ if(s = getenv("LINES")){
+ tty.lines = atoi(s);
+ free(s);
+ }
+ if(s = getenv("COLS")){
+ tty.cols = atoi(s);
+ free(s);
+ }
+}
void
rawon(void)
{
int ctl;
- char *s;
close(0);
if(open("/dev/cons", OREAD) != 0)
if(open("/dev/cons", OWRITE) != 1)
sysfatal("open: %r");
dup(1, 2);
- if((ctl = open("/dev/consctl", OWRITE)) >= 0)
+ if((ctl = open("/dev/consctl", OWRITE)) >= 0){
write(ctl, "rawon", 5);
- if(s = getenv("TERM")){
- tty.term = s;
- if(s = getenv("XPIXELS")){
- tty.xpixels = atoi(s);
- free(s);
- }
- if(s = getenv("YPIXELS")){
- tty.ypixels = atoi(s);
- free(s);
- }
- if(s = getenv("LINES")){
- tty.lines = atoi(s);
- free(s);
- }
- if(s = getenv("COLS")){
- tty.cols = atoi(s);
- free(s);
- }
+ write(ctl, "winchon", 7); /* vt(1): interrupt note on window change */
+ }
+ getdim();
+}
+
+#pragma varargck type "k" char*
+
+kfmt(Fmt *f)
+{
+ char *s, *p;
+ int n;
+
+ s = va_arg(f->args, char*);
+ n = fmtstrcpy(f, "'");
+ while((p = strchr(s, '\'')) != nil){
+ *p = '\0';
+ n += fmtstrcpy(f, s);
+ *p = '\'';
+ n += fmtstrcpy(f, "'\\''");
+ s = p+1;
}
+ n += fmtstrcpy(f, s);
+ n += fmtstrcpy(f, "'");
+ return n;
}
void
usage(void)
{
- fprint(2, "usage: %s [-dR] [-u user] [user@]host [cmd]\n", argv0);
+ fprint(2, "usage: %s [-dR] [-t thumbfile] [-T tries] [-u user] [-h] [user@]host [cmd args...]\n", argv0);
exits("usage");
}
fmtinstall('B', mpfmt);
fmtinstall('H', encodefmt);
fmtinstall('[', encodefmt);
+ fmtinstall('k', kfmt);
- s = getenv("TERM");
- raw = s != nil && strcmp(s, "dumb") != 0;
- free(s);
+ tty.term = getenv("TERM");
+ raw = tty.term != nil && *tty.term != 0;
ARGBEGIN {
case 'd':
case 'u':
user = EARGF(usage());
break;
+ case 'h':
+ host = EARGF(usage());
+ break;
+ case 't':
+ thumbfile = EARGF(usage());
+ break;
+ case 'T':
+ MaxPwTries = strtol(EARGF(usage()), &s, 0);
+ if(*s != 0) usage();
+ break;
} ARGEND;
- if(argc == 0)
- usage();
+ if(host == nil){
+ if(argc == 0)
+ usage();
+ host = *argv++;
+ }
- host = *argv++;
if(user == nil){
s = strchr(host, '@');
if(s != nil){
host = s;
}
}
+
for(cmd = nil; *argv != nil; argv++){
- if(cmd == nil)
+ if(cmd == nil){
cmd = strdup(*argv);
- else {
- s = smprint("%s %q", cmd, *argv);
+ raw = 0;
+ }else {
+ s = smprint("%s %k", cmd, *argv);
free(cmd);
cmd = s;
}
}
- if(cmd != nil)
- raw = 0;
if((fd = dial(netmkaddr(host, nil, "ssh"), nil, nil, nil)) < 0)
sysfatal("dial: %r");
send.l = recv.l = &sl;
- kex(0);
-
if(user == nil)
user = getuser();
- service = "ssh-connection";
+ if(thumbfile == nil)
+ thumbfile = smprint("%s/lib/sshthumbs", getenv("home"));
+
+ kex(0);
sendpkt("bs", MSG_SERVICE_REQUEST, "ssh-userauth", 12);
Next0: switch(recvpkt()){
break;
}
- if(pubkeyauth() < 0 && passauth() < 0 && kbintauth() < 0)
+ service = "ssh-connection";
+ if(noneauth() < 0 && pubkeyauth() < 0 && passauth() < 0 && kbintauth() < 0)
sysfatal("auth: %r");
recv.pkt = MaxPacket;
send.chan,
"shell", 5,
0);
+ } else if(*cmd == '#') {
+ sendpkt("busbs", MSG_CHANNEL_REQUEST,
+ send.chan,
+ "subsystem", 9,
+ 0,
+ cmd+1, strlen(cmd)-1);
} else {
sendpkt("busbs", MSG_CHANNEL_REQUEST,
send.chan,
break;
if(n < 0 && wasintr()){
if(!raw) break;
- sendpkt("busbs", MSG_CHANNEL_REQUEST,
- send.chan,
- "signal", 6,
- 0,
- "INT", 3);
- intr = 0;
+ if(intr){
+ getdim();
+ sendpkt("busbuuuu", MSG_CHANNEL_REQUEST,
+ send.chan,
+ "window-change", 13,
+ 0,
+ tty.cols,
+ tty.lines,
+ tty.xpixels,
+ tty.ypixels);
+ sendpkt("busbs", MSG_CHANNEL_REQUEST,
+ send.chan,
+ "signal", 6,
+ 0,
+ "INT", 3);
+ intr = 0;
+ }
continue;
}
if(n <= 0)