- Merged OpenBSD CVS changes:

- [auth-krb4.c auth-passwd.c auth-skey.c ssh. move skey-auth from auth-passwd.c to auth-s - [auth-rsa.c] warn only about mismatch if key is _used_ warn about keysize-mismatch with log() not channels.c readconf.c readconf.h ssh.c ssh. ports are u_short - [hostfile.c] indent, shorter warning - [nchan.c] use error() for internal errors - [packet.c] set loglevel for SSH_MSG_DISCONNECT to log( serverloop.c indent - [ssh-add.1 ssh-add.c ssh.h] document , reasonable default - [ssh.1] CheckHostIP is not available for connects v - [sshconnect.c] typo easier to read client code for passwd and s turn of checkhostip for proxy connects, sin
author: Damien Miller <djm@mindrot.org> 1999-12-06 11:47:28 +1100
committer: Damien Miller <djm@mindrot.org> 1999-12-06 11:47:28 +1100
commit: aae6c614da614eb10ced16505f35410671c95d9d (patch)
tree: 441e578781d38e7de4c5f609a4f86695d937e640 /sshconnect.c
parent: dc33fc3910552c82518503b581efc1a51192fa76 (diff)
1 files changed, 110 insertions, 75 deletions
diff --git a/sshconnect.c b/sshconnect.c
index 0b1c0901f..593eade03 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -8,7 +8,7 @@
 */
 #include "includes.h"
-RCSID("$Id: sshconnect.c,v 1.15 1999/11/25 00:54:59 damien Exp $");
+RCSID("$Id: sshconnect.c,v 1.16 1999/12/06 00:47:29 damien Exp $");
 #ifdef HAVE_OPENSSL
 #include <openssl/bn.h>
@@ -34,11 +34,13 @@ RCSID("$Id: sshconnect.c,v 1.15 1999/11/25 00:54:59 damien Exp $");
 /* Session id for the current session. */
 unsigned char session_id[16];
+extern Options options;
 /*
 * Connect to the given ssh server using a proxy command.
 */
 int
-ssh_proxy_connect(const char *host, int port, uid_t original_real_uid,
+ssh_proxy_connect(const char *host, u_short port, uid_t original_real_uid,
                  const char *proxy_command)
 {
        Buffer command;
@@ -49,7 +51,7 @@ ssh_proxy_connect(const char *host, int port, uid_t original_real_uid,
        char portstring[100];
        /* Convert the port number into a string. */
-        snprintf(portstring, sizeof portstring, "%d", port);
+        snprintf(portstring, sizeof portstring, "%hu", port);
        /* Build the final command string in the buffer by making the
           appropriate substitutions to the given proxy command. */
@@ -177,7 +179,7 @@ ssh_create_socket(uid_t original_real_uid, int privileged)
 */
 int
 ssh_connect(const char *host, struct sockaddr_in * hostaddr,
-            int port, int connection_attempts,
+            u_short port, int connection_attempts,
            int anonymous, uid_t original_real_uid,
            const char *proxy_command)
 {
@@ -476,9 +478,8 @@ respond_to_rsa_challenge(BIGNUM * challenge, RSA * prv)
 * the user using it.
 */
 int
-try_rsa_authentication(struct passwd * pw, const char *authfile)
+try_rsa_authentication(const char *authfile)
 {
-        extern Options options;
        BIGNUM *challenge;
        RSA *private_key;
        RSA *public_key;
@@ -490,7 +491,8 @@ try_rsa_authentication(struct passwd * pw, const char *authfile)
        public_key = RSA_new();
        if (!load_public_key(authfile, public_key, &comment)) {
                RSA_free(public_key);
-                return 0;       /* Could not load it.  Fail. */
+                /* Could not load it.  Fail. */
+                return 0;
        }
        debug("Trying RSA authentication with key '%.100s'", comment);
@@ -513,8 +515,7 @@ try_rsa_authentication(struct passwd * pw, const char *authfile)
        if (type == SSH_SMSG_FAILURE) {
                debug("Server refused our key.");
                xfree(comment);
-                return 0;       /* Server refuses to authenticate with
+                return 0;
-                                   this key. */
        }
        /* Otherwise, the server should respond with a challenge. */
        if (type != SSH_SMSG_AUTH_RSA_CHALLENGE)
@@ -885,6 +886,93 @@ send_afs_tokens(void)
 #endif /* AFS */
 /*
+ * Tries to authenticate with any string-based challenge/response system.
+ * Note that the client code is not tied to s/key or TIS.
+ */
+int
+try_skey_authentication()
+{
+        int type, i, payload_len;
+        char *challenge, *response;
+        debug("Doing skey authentication.");
+        /* request a challenge */
+        packet_start(SSH_CMSG_AUTH_TIS);
+        packet_send();
+        packet_write_wait();
+        type = packet_read(&payload_len);
+        if (type != SSH_SMSG_FAILURE &&
+            type != SSH_SMSG_AUTH_TIS_CHALLENGE) {
+                packet_disconnect("Protocol error: got %d in response "
+                                  "to skey-auth", type);
+        }
+        if (type != SSH_SMSG_AUTH_TIS_CHALLENGE) {
+                debug("No challenge for skey authentication.");
+                return 0;
+        }
+        challenge = packet_get_string(&payload_len);
+        if (options.cipher == SSH_CIPHER_NONE)
+                log("WARNING: Encryption is disabled! "
+                    "Reponse will be transmitted in clear text.");
+        fprintf(stderr, "%s\n", challenge);
+        fflush(stderr);
+        for (i = 0; i < options.number_of_password_prompts; i++) {
+                if (i != 0)
+                        error("Permission denied, please try again.");
+                response = read_passphrase("Response: ", 0);
+                packet_start(SSH_CMSG_AUTH_TIS_RESPONSE);
+                packet_put_string(response, strlen(response));
+                memset(response, 0, strlen(response));
+                xfree(response);
+                packet_send();
+                packet_write_wait();
+                type = packet_read(&payload_len);
+                if (type == SSH_SMSG_SUCCESS)
+                        return 1;
+                if (type != SSH_SMSG_FAILURE)
+                        packet_disconnect("Protocol error: got %d in response "
+                                          "to skey-auth-reponse", type);
+        }
+        /* failure */
+        return 0;
+}
+/*
+ * Tries to authenticate with plain passwd authentication.
+ */
+int
+try_password_authentication(char *prompt)
+{
+        int type, i, payload_len;
+        char *password;
+        debug("Doing password authentication.");
+        if (options.cipher == SSH_CIPHER_NONE)
+                log("WARNING: Encryption is disabled! Password will be transmitted in clear text.");
+        for (i = 0; i < options.number_of_password_prompts; i++) {
+                if (i != 0)
+                        error("Permission denied, please try again.");
+                password = read_passphrase(prompt, 0);
+                packet_start(SSH_CMSG_AUTH_PASSWORD);
+                packet_put_string(password, strlen(password));
+                memset(password, 0, strlen(password));
+                xfree(password);
+                packet_send();
+                packet_write_wait();
+                type = packet_read(&payload_len);
+                if (type == SSH_SMSG_SUCCESS)
+                        return 1;
+                if (type != SSH_SMSG_FAILURE)
+                        packet_disconnect("Protocol error: got %d in response to passwd auth", type);
+        }
+        /* failure */
+        return 0;
+}
+/*
 * Waits for the server identification string, and sends our own
 * identification string.
 */
@@ -895,7 +983,6 @@ ssh_exchange_identification()
        int remote_major, remote_minor, i;
        int connection_in = packet_get_connection_in();
        int connection_out = packet_get_connection_out();
-        extern Options options;
        /* Read other side\'s version identification. */
        for (i = 0; i < sizeof(buf) - 1; i++) {
@@ -1015,9 +1102,7 @@ ssh_login(int host_key_valid,
          struct sockaddr_in *hostaddr,
          uid_t original_real_uid)
 {
-        extern Options options;
        int i, type;
-        char *password;
        struct passwd *pw;
        BIGNUM *key;
        RSA *host_key, *file_key;
@@ -1036,6 +1121,13 @@ ssh_login(int host_key_valid,
        int payload_len, clen, sum_len = 0;
        u_int32_t rand = 0;
+        /*
+         * Turn off check_host_ip for proxy connects, since
+         * we don't have the remote ip-address
+         */
+        if (options.proxy_command != NULL && options.check_host_ip)
+                options.check_host_ip = 0;
        if (options.check_host_ip)
                ip = xstrdup(inet_ntoa(hostaddr->sin_addr));
@@ -1494,80 +1586,23 @@ ssh_login(int host_key_valid,
                /* Try RSA authentication for each identity. */
                for (i = 0; i < options.num_identity_files; i++)
-                        if (try_rsa_authentication(pw, options.identity_files[i]))
+                        if (try_rsa_authentication(options.identity_files[i]))
                                return;
        }
        /* Try skey authentication if the server supports it. */
        if ((supported_authentications & (1 << SSH_AUTH_TIS)) &&
            options.skey_authentication && !options.batch_mode) {
-                debug("Doing skey authentication.");
+                if (try_skey_authentication())
+                        return;
-                /* request a challenge */
-                packet_start(SSH_CMSG_AUTH_TIS);
-                packet_send();
-                packet_write_wait();
-                type = packet_read(&payload_len);
-                if (type != SSH_SMSG_FAILURE &&
-                    type != SSH_SMSG_AUTH_TIS_CHALLENGE) {
-                        packet_disconnect("Protocol error: got %d in response "
-                                          "to skey auth", type);
-                }
-                if (type != SSH_SMSG_AUTH_TIS_CHALLENGE) {
-                        debug("No challenge for skey authentication.");
-                } else {
-                        char *challenge, *response;
-                        challenge = packet_get_string(&payload_len);
-                        if (options.cipher == SSH_CIPHER_NONE)
-                                log("WARNING: Encryption is disabled! "
-                                    "Reponse will be transmitted in clear text.");
-                        fprintf(stderr, "%s\n", challenge);
-                        fflush(stderr);
-                        for (i = 0; i < options.number_of_password_prompts; i++) {
-                                if (i != 0)
-                                        error("Permission denied, please try again.");
-                                response = read_passphrase("Response: ", 0);
-                                packet_start(SSH_CMSG_AUTH_TIS_RESPONSE);
-                                packet_put_string(response, strlen(response));
-                                memset(response, 0, strlen(response));
-                                xfree(response);
-                                packet_send();
-                                packet_write_wait();
-                                type = packet_read(&payload_len);
-                                if (type == SSH_SMSG_SUCCESS)
-                                        return;
-                                if (type != SSH_SMSG_FAILURE)
-                                        packet_disconnect("Protocol error: got %d in response "
-                                                          "to skey auth", type);
-                        }
-                }
        }
        /* Try password authentication if the server supports it. */
        if ((supported_authentications & (1 << SSH_AUTH_PASSWORD)) &&
            options.password_authentication && !options.batch_mode) {
                char prompt[80];
-                snprintf(prompt, sizeof(prompt), "%.30s@%.30s's password: ",
+                snprintf(prompt, sizeof(prompt), "%.30s@%.40s's password: ",
                         server_user, host);
-                debug("Doing password authentication.");
+                if (try_password_authentication(prompt))
-                if (options.cipher == SSH_CIPHER_NONE)
+                        return;
-                        log("WARNING: Encryption is disabled! Password will be transmitted in clear text.");
-                for (i = 0; i < options.number_of_password_prompts; i++) {
-                        if (i != 0)
-                                error("Permission denied, please try again.");
-                        password = read_passphrase(prompt, 0);
-                        packet_start(SSH_CMSG_AUTH_PASSWORD);
-                        packet_put_string(password, strlen(password));
-                        memset(password, 0, strlen(password));
-                        xfree(password);
-                        packet_send();
-                        packet_write_wait();
-                        type = packet_read(&payload_len);
-                        if (type == SSH_SMSG_SUCCESS)
-                                return;
-                        if (type != SSH_SMSG_FAILURE)
-                                packet_disconnect("Protocol error: got %d in response to passwd auth", type);
-                }
        }
        /* All authentication methods have failed.  Exit with an error message. */
        fatal("Permission denied.");
author	Damien Miller <djm@mindrot.org>	1999-12-06 11:47:28 +1100
committer	Damien Miller <djm@mindrot.org>	1999-12-06 11:47:28 +1100
commit	aae6c614da614eb10ced16505f35410671c95d9d (patch)
tree	441e578781d38e7de4c5f609a4f86695d937e640 /sshconnect.c
parent	dc33fc3910552c82518503b581efc1a51192fa76 (diff)

diff --git a/sshconnect.c b/sshconnect.c index 0b1c0901f..593eade03 100644 --- a/sshconnect.c +++ b/sshconnect.c
@@ -8,7 +8,7 @@
8	*/	8	*/
9		9
10	#include "includes.h"	10	#include "includes.h"
11	RCSID("$Id: sshconnect.c,v 1.15 1999/11/25 00:54:59 damien Exp $");	11	RCSID("$Id: sshconnect.c,v 1.16 1999/12/06 00:47:29 damien Exp $");
12		12
13	#ifdef HAVE_OPENSSL	13	#ifdef HAVE_OPENSSL
14	#include <openssl/bn.h>	14	#include <openssl/bn.h>
@@ -34,11 +34,13 @@ RCSID("$Id: sshconnect.c,v 1.15 1999/11/25 00:54:59 damien Exp $");
34	/* Session id for the current session. */	34	/* Session id for the current session. */
35	unsigned char session_id[16];	35	unsigned char session_id[16];
36		36
		37	extern Options options;
		38
37	/*	39	/*
38	* Connect to the given ssh server using a proxy command.	40	* Connect to the given ssh server using a proxy command.
39	*/	41	*/
40	int	42	int
41	ssh_proxy_connect(const char *host, int port, uid_t original_real_uid,	43	ssh_proxy_connect(const char *host, u_short port, uid_t original_real_uid,
42	const char *proxy_command)	44	const char *proxy_command)
43	{	45	{
44	Buffer command;	46	Buffer command;
@@ -49,7 +51,7 @@ ssh_proxy_connect(const char *host, int port, uid_t original_real_uid,
49	char portstring[100];	51	char portstring[100];
50		52
51	/* Convert the port number into a string. */	53	/* Convert the port number into a string. */
52	snprintf(portstring, sizeof portstring, "%d", port);	54	snprintf(portstring, sizeof portstring, "%hu", port);
53		55
54	/* Build the final command string in the buffer by making the	56	/* Build the final command string in the buffer by making the
55	appropriate substitutions to the given proxy command. */	57	appropriate substitutions to the given proxy command. */
@@ -177,7 +179,7 @@ ssh_create_socket(uid_t original_real_uid, int privileged)
177	*/	179	*/
178	int	180	int
179	ssh_connect(const char host, struct sockaddr_in hostaddr,	181	ssh_connect(const char host, struct sockaddr_in hostaddr,
180	int port, int connection_attempts,	182	u_short port, int connection_attempts,
181	int anonymous, uid_t original_real_uid,	183	int anonymous, uid_t original_real_uid,
182	const char *proxy_command)	184	const char *proxy_command)
183	{	185	{
@@ -476,9 +478,8 @@ respond_to_rsa_challenge(BIGNUM * challenge, RSA * prv)
476	* the user using it.	478	* the user using it.
477	*/	479	*/
478	int	480	int
479	try_rsa_authentication(struct passwd * pw, const char *authfile)	481	try_rsa_authentication(const char *authfile)
480	{	482	{
481	extern Options options;
482	BIGNUM *challenge;	483	BIGNUM *challenge;
483	RSA *private_key;	484	RSA *private_key;
484	RSA *public_key;	485	RSA *public_key;
@@ -490,7 +491,8 @@ try_rsa_authentication(struct passwd * pw, const char *authfile)
490	public_key = RSA_new();	491	public_key = RSA_new();
491	if (!load_public_key(authfile, public_key, &comment)) {	492	if (!load_public_key(authfile, public_key, &comment)) {
492	RSA_free(public_key);	493	RSA_free(public_key);
493	return 0; /* Could not load it. Fail. */	494	/* Could not load it. Fail. */
		495	return 0;
494	}	496	}
495	debug("Trying RSA authentication with key '%.100s'", comment);	497	debug("Trying RSA authentication with key '%.100s'", comment);
496		498
@@ -513,8 +515,7 @@ try_rsa_authentication(struct passwd * pw, const char *authfile)
513	if (type == SSH_SMSG_FAILURE) {	515	if (type == SSH_SMSG_FAILURE) {
514	debug("Server refused our key.");	516	debug("Server refused our key.");
515	xfree(comment);	517	xfree(comment);
516	return 0; /* Server refuses to authenticate with	518	return 0;
517	this key. */
518	}	519	}
519	/* Otherwise, the server should respond with a challenge. */	520	/* Otherwise, the server should respond with a challenge. */
520	if (type != SSH_SMSG_AUTH_RSA_CHALLENGE)	521	if (type != SSH_SMSG_AUTH_RSA_CHALLENGE)
@@ -885,6 +886,93 @@ send_afs_tokens(void)
885	#endif /* AFS */	886	#endif /* AFS */
886		887
887	/*	888	/*
		889	* Tries to authenticate with any string-based challenge/response system.
		890	* Note that the client code is not tied to s/key or TIS.
		891	*/
		892	int
		893	try_skey_authentication()
		894	{
		895	int type, i, payload_len;
		896	char challenge, response;
		897
		898	debug("Doing skey authentication.");
		899
		900	/* request a challenge */
		901	packet_start(SSH_CMSG_AUTH_TIS);
		902	packet_send();
		903	packet_write_wait();
		904
		905	type = packet_read(&payload_len);
		906	if (type != SSH_SMSG_FAILURE &&
		907	type != SSH_SMSG_AUTH_TIS_CHALLENGE) {
		908	packet_disconnect("Protocol error: got %d in response "
		909	"to skey-auth", type);
		910	}
		911	if (type != SSH_SMSG_AUTH_TIS_CHALLENGE) {
		912	debug("No challenge for skey authentication.");
		913	return 0;
		914	}
		915	challenge = packet_get_string(&payload_len);
		916	if (options.cipher == SSH_CIPHER_NONE)
		917	log("WARNING: Encryption is disabled! "
		918	"Reponse will be transmitted in clear text.");
		919	fprintf(stderr, "%s\n", challenge);
		920	fflush(stderr);
		921	for (i = 0; i < options.number_of_password_prompts; i++) {
		922	if (i != 0)
		923	error("Permission denied, please try again.");
		924	response = read_passphrase("Response: ", 0);
		925	packet_start(SSH_CMSG_AUTH_TIS_RESPONSE);
		926	packet_put_string(response, strlen(response));
		927	memset(response, 0, strlen(response));
		928	xfree(response);
		929	packet_send();
		930	packet_write_wait();
		931	type = packet_read(&payload_len);
		932	if (type == SSH_SMSG_SUCCESS)
		933	return 1;
		934	if (type != SSH_SMSG_FAILURE)
		935	packet_disconnect("Protocol error: got %d in response "
		936	"to skey-auth-reponse", type);
		937	}
		938	/* failure */
		939	return 0;
		940	}
		941
		942	/*
		943	* Tries to authenticate with plain passwd authentication.
		944	*/
		945	int
		946	try_password_authentication(char *prompt)
		947	{
		948	int type, i, payload_len;
		949	char *password;
		950
		951	debug("Doing password authentication.");
		952	if (options.cipher == SSH_CIPHER_NONE)
		953	log("WARNING: Encryption is disabled! Password will be transmitted in clear text.");
		954	for (i = 0; i < options.number_of_password_prompts; i++) {
		955	if (i != 0)
		956	error("Permission denied, please try again.");
		957	password = read_passphrase(prompt, 0);
		958	packet_start(SSH_CMSG_AUTH_PASSWORD);
		959	packet_put_string(password, strlen(password));
		960	memset(password, 0, strlen(password));
		961	xfree(password);
		962	packet_send();
		963	packet_write_wait();
		964
		965	type = packet_read(&payload_len);
		966	if (type == SSH_SMSG_SUCCESS)
		967	return 1;
		968	if (type != SSH_SMSG_FAILURE)
		969	packet_disconnect("Protocol error: got %d in response to passwd auth", type);
		970	}
		971	/* failure */
		972	return 0;
		973	}
		974
		975	/*
888	* Waits for the server identification string, and sends our own	976	* Waits for the server identification string, and sends our own
889	* identification string.	977	* identification string.
890	*/	978	*/
@@ -895,7 +983,6 @@ ssh_exchange_identification()
895	int remote_major, remote_minor, i;	983	int remote_major, remote_minor, i;
896	int connection_in = packet_get_connection_in();	984	int connection_in = packet_get_connection_in();
897	int connection_out = packet_get_connection_out();	985	int connection_out = packet_get_connection_out();
898	extern Options options;
899		986
900	/* Read other side\'s version identification. */	987	/* Read other side\'s version identification. */
901	for (i = 0; i < sizeof(buf) - 1; i++) {	988	for (i = 0; i < sizeof(buf) - 1; i++) {
@@ -1015,9 +1102,7 @@ ssh_login(int host_key_valid,
1015	struct sockaddr_in *hostaddr,	1102	struct sockaddr_in *hostaddr,
1016	uid_t original_real_uid)	1103	uid_t original_real_uid)
1017	{	1104	{
1018	extern Options options;
1019	int i, type;	1105	int i, type;
1020	char *password;
1021	struct passwd *pw;	1106	struct passwd *pw;
1022	BIGNUM *key;	1107	BIGNUM *key;
1023	RSA host_key, file_key;	1108	RSA host_key, file_key;
@@ -1036,6 +1121,13 @@ ssh_login(int host_key_valid,
1036	int payload_len, clen, sum_len = 0;	1121	int payload_len, clen, sum_len = 0;
1037	u_int32_t rand = 0;	1122	u_int32_t rand = 0;
1038		1123
		1124	/*
		1125	* Turn off check_host_ip for proxy connects, since
		1126	* we don't have the remote ip-address
		1127	*/
		1128	if (options.proxy_command != NULL && options.check_host_ip)
		1129	options.check_host_ip = 0;
		1130
1039	if (options.check_host_ip)	1131	if (options.check_host_ip)
1040	ip = xstrdup(inet_ntoa(hostaddr->sin_addr));	1132	ip = xstrdup(inet_ntoa(hostaddr->sin_addr));
1041		1133
@@ -1494,80 +1586,23 @@ ssh_login(int host_key_valid,
1494		1586
1495	/* Try RSA authentication for each identity. */	1587	/* Try RSA authentication for each identity. */
1496	for (i = 0; i < options.num_identity_files; i++)	1588	for (i = 0; i < options.num_identity_files; i++)
1497	if (try_rsa_authentication(pw, options.identity_files[i]))	1589	if (try_rsa_authentication(options.identity_files[i]))
1498	return;	1590	return;
1499	}	1591	}
1500	/* Try skey authentication if the server supports it. */	1592	/* Try skey authentication if the server supports it. */
1501	if ((supported_authentications & (1 << SSH_AUTH_TIS)) &&	1593	if ((supported_authentications & (1 << SSH_AUTH_TIS)) &&
1502	options.skey_authentication && !options.batch_mode) {	1594	options.skey_authentication && !options.batch_mode) {
1503	debug("Doing skey authentication.");	1595	if (try_skey_authentication())
1504		1596	return;
1505	/* request a challenge */
1506	packet_start(SSH_CMSG_AUTH_TIS);
1507	packet_send();
1508	packet_write_wait();
1509
1510	type = packet_read(&payload_len);
1511	if (type != SSH_SMSG_FAILURE &&
1512	type != SSH_SMSG_AUTH_TIS_CHALLENGE) {
1513	packet_disconnect("Protocol error: got %d in response "
1514	"to skey auth", type);
1515	}
1516	if (type != SSH_SMSG_AUTH_TIS_CHALLENGE) {
1517	debug("No challenge for skey authentication.");
1518	} else {
1519	char challenge, response;
1520	challenge = packet_get_string(&payload_len);
1521	if (options.cipher == SSH_CIPHER_NONE)
1522	log("WARNING: Encryption is disabled! "
1523	"Reponse will be transmitted in clear text.");
1524	fprintf(stderr, "%s\n", challenge);
1525	fflush(stderr);
1526	for (i = 0; i < options.number_of_password_prompts; i++) {
1527	if (i != 0)
1528	error("Permission denied, please try again.");
1529	response = read_passphrase("Response: ", 0);
1530	packet_start(SSH_CMSG_AUTH_TIS_RESPONSE);
1531	packet_put_string(response, strlen(response));
1532	memset(response, 0, strlen(response));
1533	xfree(response);
1534	packet_send();
1535	packet_write_wait();
1536	type = packet_read(&payload_len);
1537	if (type == SSH_SMSG_SUCCESS)
1538	return;
1539	if (type != SSH_SMSG_FAILURE)
1540	packet_disconnect("Protocol error: got %d in response "
1541	"to skey auth", type);
1542	}
1543	}
1544	}	1597	}
1545	/* Try password authentication if the server supports it. */	1598	/* Try password authentication if the server supports it. */
1546	if ((supported_authentications & (1 << SSH_AUTH_PASSWORD)) &&	1599	if ((supported_authentications & (1 << SSH_AUTH_PASSWORD)) &&
1547	options.password_authentication && !options.batch_mode) {	1600	options.password_authentication && !options.batch_mode) {
1548	char prompt[80];	1601	char prompt[80];
1549	snprintf(prompt, sizeof(prompt), "%.30s@%.30s's password: ",	1602	snprintf(prompt, sizeof(prompt), "%.30s@%.40s's password: ",
1550	server_user, host);	1603	server_user, host);
1551	debug("Doing password authentication.");	1604	if (try_password_authentication(prompt))
1552	if (options.cipher == SSH_CIPHER_NONE)	1605	return;
1553	log("WARNING: Encryption is disabled! Password will be transmitted in clear text.");
1554	for (i = 0; i < options.number_of_password_prompts; i++) {
1555	if (i != 0)
1556	error("Permission denied, please try again.");
1557	password = read_passphrase(prompt, 0);
1558	packet_start(SSH_CMSG_AUTH_PASSWORD);
1559	packet_put_string(password, strlen(password));
1560	memset(password, 0, strlen(password));
1561	xfree(password);
1562	packet_send();
1563	packet_write_wait();
1564
1565	type = packet_read(&payload_len);
1566	if (type == SSH_SMSG_SUCCESS)
1567	return;
1568	if (type != SSH_SMSG_FAILURE)
1569	packet_disconnect("Protocol error: got %d in response to passwd auth", type);
1570	}
1571	}	1606	}
1572	/* All authentication methods have failed. Exit with an error message. */	1607	/* All authentication methods have failed. Exit with an error message. */
1573	fatal("Permission denied.");	1608	fatal("Permission denied.");