diff options
Diffstat (limited to 'sshconnect.c')
-rw-r--r-- | sshconnect.c | 102 |
1 files changed, 51 insertions, 51 deletions
diff --git a/sshconnect.c b/sshconnect.c index a16e25a8d..80e4aff4a 100644 --- a/sshconnect.c +++ b/sshconnect.c | |||
@@ -16,7 +16,7 @@ login (authentication) dialog. | |||
16 | 16 | ||
17 | #include "config.h" | 17 | #include "config.h" |
18 | #include "includes.h" | 18 | #include "includes.h" |
19 | RCSID("$Id: sshconnect.c,v 1.5 1999/11/08 23:35:52 damien Exp $"); | 19 | RCSID("$Id: sshconnect.c,v 1.6 1999/11/12 04:19:27 damien Exp $"); |
20 | 20 | ||
21 | #ifdef HAVE_OPENSSL | 21 | #ifdef HAVE_OPENSSL |
22 | #include <openssl/bn.h> | 22 | #include <openssl/bn.h> |
@@ -36,7 +36,7 @@ RCSID("$Id: sshconnect.c,v 1.5 1999/11/08 23:35:52 damien Exp $"); | |||
36 | #include "mpaux.h" | 36 | #include "mpaux.h" |
37 | #include "uidswap.h" | 37 | #include "uidswap.h" |
38 | #include "compat.h" | 38 | #include "compat.h" |
39 | 39 | #include "readconf.h" | |
40 | 40 | ||
41 | /* Session id for the current session. */ | 41 | /* Session id for the current session. */ |
42 | unsigned char session_id[16]; | 42 | unsigned char session_id[16]; |
@@ -486,9 +486,9 @@ respond_to_rsa_challenge(BIGNUM *challenge, RSA *prv) | |||
486 | the user using it. */ | 486 | the user using it. */ |
487 | 487 | ||
488 | int | 488 | int |
489 | try_rsa_authentication(struct passwd *pw, const char *authfile, | 489 | try_rsa_authentication(struct passwd *pw, const char *authfile) |
490 | int may_ask_passphrase) | ||
491 | { | 490 | { |
491 | extern Options options; | ||
492 | BIGNUM *challenge; | 492 | BIGNUM *challenge; |
493 | RSA *private_key; | 493 | RSA *private_key; |
494 | RSA *public_key; | 494 | RSA *public_key; |
@@ -550,7 +550,7 @@ try_rsa_authentication(struct passwd *pw, const char *authfile, | |||
550 | return. */ | 550 | return. */ |
551 | snprintf(buf, sizeof buf, | 551 | snprintf(buf, sizeof buf, |
552 | "Enter passphrase for RSA key '%.100s': ", comment); | 552 | "Enter passphrase for RSA key '%.100s': ", comment); |
553 | if (may_ask_passphrase) | 553 | if (!options.batch_mode) |
554 | passphrase = read_passphrase(buf, 0); | 554 | passphrase = read_passphrase(buf, 0); |
555 | else | 555 | else |
556 | { | 556 | { |
@@ -1014,8 +1014,9 @@ void ssh_login(int host_key_valid, | |||
1014 | RSA *own_host_key, | 1014 | RSA *own_host_key, |
1015 | const char *orighost, | 1015 | const char *orighost, |
1016 | struct sockaddr_in *hostaddr, | 1016 | struct sockaddr_in *hostaddr, |
1017 | Options *options, uid_t original_real_uid) | 1017 | uid_t original_real_uid) |
1018 | { | 1018 | { |
1019 | extern Options options; | ||
1019 | int i, type; | 1020 | int i, type; |
1020 | char *password; | 1021 | char *password; |
1021 | struct passwd *pw; | 1022 | struct passwd *pw; |
@@ -1035,7 +1036,7 @@ void ssh_login(int host_key_valid, | |||
1035 | int payload_len, clen, sum_len = 0; | 1036 | int payload_len, clen, sum_len = 0; |
1036 | u_int32_t rand = 0; | 1037 | u_int32_t rand = 0; |
1037 | 1038 | ||
1038 | if (options->check_host_ip) | 1039 | if (options.check_host_ip) |
1039 | ip = xstrdup(inet_ntoa(hostaddr->sin_addr)); | 1040 | ip = xstrdup(inet_ntoa(hostaddr->sin_addr)); |
1040 | 1041 | ||
1041 | /* Convert the user-supplied hostname into all lowercase. */ | 1042 | /* Convert the user-supplied hostname into all lowercase. */ |
@@ -1056,7 +1057,7 @@ void ssh_login(int host_key_valid, | |||
1056 | if (!pw) | 1057 | if (!pw) |
1057 | fatal("User id %d not found from user database.", original_real_uid); | 1058 | fatal("User id %d not found from user database.", original_real_uid); |
1058 | local_user = xstrdup(pw->pw_name); | 1059 | local_user = xstrdup(pw->pw_name); |
1059 | server_user = options->user ? options->user : local_user; | 1060 | server_user = options.user ? options.user : local_user; |
1060 | 1061 | ||
1061 | debug("Waiting for server public key."); | 1062 | debug("Waiting for server public key."); |
1062 | 1063 | ||
@@ -1132,12 +1133,12 @@ void ssh_login(int host_key_valid, | |||
1132 | 1133 | ||
1133 | /* Check if the host key is present in the user\'s list of known hosts | 1134 | /* Check if the host key is present in the user\'s list of known hosts |
1134 | or in the systemwide list. */ | 1135 | or in the systemwide list. */ |
1135 | host_status = check_host_in_hostfile(options->user_hostfile, | 1136 | host_status = check_host_in_hostfile(options.user_hostfile, |
1136 | host, BN_num_bits(host_key->n), | 1137 | host, BN_num_bits(host_key->n), |
1137 | host_key->e, host_key->n, | 1138 | host_key->e, host_key->n, |
1138 | file_key->e, file_key->n); | 1139 | file_key->e, file_key->n); |
1139 | if (host_status == HOST_NEW) | 1140 | if (host_status == HOST_NEW) |
1140 | host_status = check_host_in_hostfile(options->system_hostfile, host, | 1141 | host_status = check_host_in_hostfile(options.system_hostfile, host, |
1141 | BN_num_bits(host_key->n), | 1142 | BN_num_bits(host_key->n), |
1142 | host_key->e, host_key->n, | 1143 | host_key->e, host_key->n, |
1143 | file_key->e, file_key->n); | 1144 | file_key->e, file_key->n); |
@@ -1154,17 +1155,17 @@ void ssh_login(int host_key_valid, | |||
1154 | 1155 | ||
1155 | /* Also perform check for the ip address, skip the check if we are | 1156 | /* Also perform check for the ip address, skip the check if we are |
1156 | localhost or the hostname was an ip address to begin with */ | 1157 | localhost or the hostname was an ip address to begin with */ |
1157 | if (options->check_host_ip && !local && strcmp(host, ip)) { | 1158 | if (options.check_host_ip && !local && strcmp(host, ip)) { |
1158 | RSA *ip_key = RSA_new(); | 1159 | RSA *ip_key = RSA_new(); |
1159 | ip_key->n = BN_new(); | 1160 | ip_key->n = BN_new(); |
1160 | ip_key->e = BN_new(); | 1161 | ip_key->e = BN_new(); |
1161 | ip_status = check_host_in_hostfile(options->user_hostfile, ip, | 1162 | ip_status = check_host_in_hostfile(options.user_hostfile, ip, |
1162 | BN_num_bits(host_key->n), | 1163 | BN_num_bits(host_key->n), |
1163 | host_key->e, host_key->n, | 1164 | host_key->e, host_key->n, |
1164 | ip_key->e, ip_key->n); | 1165 | ip_key->e, ip_key->n); |
1165 | 1166 | ||
1166 | if (ip_status == HOST_NEW) | 1167 | if (ip_status == HOST_NEW) |
1167 | ip_status = check_host_in_hostfile(options->system_hostfile, ip, | 1168 | ip_status = check_host_in_hostfile(options.system_hostfile, ip, |
1168 | BN_num_bits(host_key->n), | 1169 | BN_num_bits(host_key->n), |
1169 | host_key->e, host_key->n, | 1170 | host_key->e, host_key->n, |
1170 | ip_key->e, ip_key->n); | 1171 | ip_key->e, ip_key->n); |
@@ -1183,13 +1184,13 @@ void ssh_login(int host_key_valid, | |||
1183 | case HOST_OK: | 1184 | case HOST_OK: |
1184 | /* The host is known and the key matches. */ | 1185 | /* The host is known and the key matches. */ |
1185 | debug("Host '%.200s' is known and matches the host key.", host); | 1186 | debug("Host '%.200s' is known and matches the host key.", host); |
1186 | if (options->check_host_ip) { | 1187 | if (options.check_host_ip) { |
1187 | if (ip_status == HOST_NEW) { | 1188 | if (ip_status == HOST_NEW) { |
1188 | if (!add_host_to_hostfile(options->user_hostfile, ip, | 1189 | if (!add_host_to_hostfile(options.user_hostfile, ip, |
1189 | BN_num_bits(host_key->n), | 1190 | BN_num_bits(host_key->n), |
1190 | host_key->e, host_key->n)) | 1191 | host_key->e, host_key->n)) |
1191 | log("Failed to add the host ip to the list of known hosts (%.30s).", | 1192 | log("Failed to add the host ip to the list of known hosts (%.30s).", |
1192 | options->user_hostfile); | 1193 | options.user_hostfile); |
1193 | else | 1194 | else |
1194 | log("Warning: Permanently added host ip '%.30s' to the list of known hosts.", ip); | 1195 | log("Warning: Permanently added host ip '%.30s' to the list of known hosts.", ip); |
1195 | } else if (ip_status != HOST_OK) | 1196 | } else if (ip_status != HOST_OK) |
@@ -1201,12 +1202,12 @@ void ssh_login(int host_key_valid, | |||
1201 | { | 1202 | { |
1202 | char hostline[1000], *hostp = hostline; | 1203 | char hostline[1000], *hostp = hostline; |
1203 | /* The host is new. */ | 1204 | /* The host is new. */ |
1204 | if (options->strict_host_key_checking == 1) { | 1205 | if (options.strict_host_key_checking == 1) { |
1205 | /* User has requested strict host key checking. We will not | 1206 | /* User has requested strict host key checking. We will not |
1206 | add the host key automatically. The only alternative left | 1207 | add the host key automatically. The only alternative left |
1207 | is to abort. */ | 1208 | is to abort. */ |
1208 | fatal("No host key is known for %.200s and you have requested strict checking.", host); | 1209 | fatal("No host key is known for %.200s and you have requested strict checking.", host); |
1209 | } else if (options->strict_host_key_checking == 2) { /* The default */ | 1210 | } else if (options.strict_host_key_checking == 2) { /* The default */ |
1210 | char prompt[1024]; | 1211 | char prompt[1024]; |
1211 | snprintf(prompt, sizeof(prompt), | 1212 | snprintf(prompt, sizeof(prompt), |
1212 | "The authenticity of host '%.200s' can't be established.\n" | 1213 | "The authenticity of host '%.200s' can't be established.\n" |
@@ -1216,25 +1217,25 @@ void ssh_login(int host_key_valid, | |||
1216 | fatal("Aborted by user!\n"); | 1217 | fatal("Aborted by user!\n"); |
1217 | } | 1218 | } |
1218 | 1219 | ||
1219 | if (options->check_host_ip && ip_status == HOST_NEW && strcmp(host, ip)) | 1220 | if (options.check_host_ip && ip_status == HOST_NEW && strcmp(host, ip)) |
1220 | snprintf(hostline, sizeof(hostline), "%s,%s", host, ip); | 1221 | snprintf(hostline, sizeof(hostline), "%s,%s", host, ip); |
1221 | else | 1222 | else |
1222 | hostp = host; | 1223 | hostp = host; |
1223 | 1224 | ||
1224 | /* If not in strict mode, add the key automatically to the local | 1225 | /* If not in strict mode, add the key automatically to the local |
1225 | known_hosts file. */ | 1226 | known_hosts file. */ |
1226 | if (!add_host_to_hostfile(options->user_hostfile, hostp, | 1227 | if (!add_host_to_hostfile(options.user_hostfile, hostp, |
1227 | BN_num_bits(host_key->n), | 1228 | BN_num_bits(host_key->n), |
1228 | host_key->e, host_key->n)) | 1229 | host_key->e, host_key->n)) |
1229 | log("Failed to add the host to the list of known hosts (%.500s).", | 1230 | log("Failed to add the host to the list of known hosts (%.500s).", |
1230 | options->user_hostfile); | 1231 | options.user_hostfile); |
1231 | else | 1232 | else |
1232 | log("Warning: Permanently added '%.200s' to the list of known hosts.", | 1233 | log("Warning: Permanently added '%.200s' to the list of known hosts.", |
1233 | hostp); | 1234 | hostp); |
1234 | break; | 1235 | break; |
1235 | } | 1236 | } |
1236 | case HOST_CHANGED: | 1237 | case HOST_CHANGED: |
1237 | if (options->check_host_ip) { | 1238 | if (options.check_host_ip) { |
1238 | if (host_ip_differ) { | 1239 | if (host_ip_differ) { |
1239 | error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); | 1240 | error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); |
1240 | error("@ WARNING: POSSIBLE DNS SPOOFING DETECTED! @"); | 1241 | error("@ WARNING: POSSIBLE DNS SPOOFING DETECTED! @"); |
@@ -1256,23 +1257,23 @@ void ssh_login(int host_key_valid, | |||
1256 | error("It is also possible that the host key has just been changed."); | 1257 | error("It is also possible that the host key has just been changed."); |
1257 | error("Please contact your system administrator."); | 1258 | error("Please contact your system administrator."); |
1258 | error("Add correct host key in %.100s to get rid of this message.", | 1259 | error("Add correct host key in %.100s to get rid of this message.", |
1259 | options->user_hostfile); | 1260 | options.user_hostfile); |
1260 | 1261 | ||
1261 | /* If strict host key checking is in use, the user will have to edit | 1262 | /* If strict host key checking is in use, the user will have to edit |
1262 | the key manually and we can only abort. */ | 1263 | the key manually and we can only abort. */ |
1263 | if (options->strict_host_key_checking) | 1264 | if (options.strict_host_key_checking) |
1264 | fatal("Host key for %.200s has changed and you have requested strict checking.", host); | 1265 | fatal("Host key for %.200s has changed and you have requested strict checking.", host); |
1265 | 1266 | ||
1266 | /* If strict host key checking has not been requested, allow the | 1267 | /* If strict host key checking has not been requested, allow the |
1267 | connection but without password authentication or | 1268 | connection but without password authentication or |
1268 | agent forwarding. */ | 1269 | agent forwarding. */ |
1269 | if (options->password_authentication) { | 1270 | if (options.password_authentication) { |
1270 | error("Password authentication is disabled to avoid trojan horses."); | 1271 | error("Password authentication is disabled to avoid trojan horses."); |
1271 | options->password_authentication = 0; | 1272 | options.password_authentication = 0; |
1272 | } | 1273 | } |
1273 | if (options->forward_agent) { | 1274 | if (options.forward_agent) { |
1274 | error("Agent forwarding is disabled to avoid trojan horses."); | 1275 | error("Agent forwarding is disabled to avoid trojan horses."); |
1275 | options->forward_agent = 0; | 1276 | options.forward_agent = 0; |
1276 | } | 1277 | } |
1277 | /* XXX Should permit the user to change to use the new id. This could | 1278 | /* XXX Should permit the user to change to use the new id. This could |
1278 | be done by converting the host key to an identifying sentence, tell | 1279 | be done by converting the host key to an identifying sentence, tell |
@@ -1281,7 +1282,7 @@ void ssh_login(int host_key_valid, | |||
1281 | break; | 1282 | break; |
1282 | } | 1283 | } |
1283 | 1284 | ||
1284 | if (options->check_host_ip) | 1285 | if (options.check_host_ip) |
1285 | xfree(ip); | 1286 | xfree(ip); |
1286 | 1287 | ||
1287 | /* Generate a session key. */ | 1288 | /* Generate a session key. */ |
@@ -1344,27 +1345,27 @@ void ssh_login(int host_key_valid, | |||
1344 | rsa_public_encrypt(key, key, public_key); | 1345 | rsa_public_encrypt(key, key, public_key); |
1345 | } | 1346 | } |
1346 | 1347 | ||
1347 | if (options->cipher == SSH_CIPHER_NOT_SET) { | 1348 | if (options.cipher == SSH_CIPHER_NOT_SET) { |
1348 | if (cipher_mask() & supported_ciphers & (1 << ssh_cipher_default)) | 1349 | if (cipher_mask() & supported_ciphers & (1 << ssh_cipher_default)) |
1349 | options->cipher = ssh_cipher_default; | 1350 | options.cipher = ssh_cipher_default; |
1350 | else { | 1351 | else { |
1351 | debug("Cipher %d not supported, using %.100s instead.", | 1352 | debug("Cipher %d not supported, using %.100s instead.", |
1352 | cipher_name(ssh_cipher_default), | 1353 | cipher_name(ssh_cipher_default), |
1353 | cipher_name(SSH_FALLBACK_CIPHER)); | 1354 | cipher_name(SSH_FALLBACK_CIPHER)); |
1354 | options->cipher = SSH_FALLBACK_CIPHER; | 1355 | options.cipher = SSH_FALLBACK_CIPHER; |
1355 | } | 1356 | } |
1356 | } | 1357 | } |
1357 | 1358 | ||
1358 | /* Check that the selected cipher is supported. */ | 1359 | /* Check that the selected cipher is supported. */ |
1359 | if (!(supported_ciphers & (1 << options->cipher))) | 1360 | if (!(supported_ciphers & (1 << options.cipher))) |
1360 | fatal("Selected cipher type %.100s not supported by server.", | 1361 | fatal("Selected cipher type %.100s not supported by server.", |
1361 | cipher_name(options->cipher)); | 1362 | cipher_name(options.cipher)); |
1362 | 1363 | ||
1363 | debug("Encryption type: %.100s", cipher_name(options->cipher)); | 1364 | debug("Encryption type: %.100s", cipher_name(options.cipher)); |
1364 | 1365 | ||
1365 | /* Send the encrypted session key to the server. */ | 1366 | /* Send the encrypted session key to the server. */ |
1366 | packet_start(SSH_CMSG_SESSION_KEY); | 1367 | packet_start(SSH_CMSG_SESSION_KEY); |
1367 | packet_put_char(options->cipher); | 1368 | packet_put_char(options.cipher); |
1368 | 1369 | ||
1369 | /* Send the check bytes back to the server. */ | 1370 | /* Send the check bytes back to the server. */ |
1370 | for (i = 0; i < 8; i++) | 1371 | for (i = 0; i < 8; i++) |
@@ -1390,7 +1391,7 @@ void ssh_login(int host_key_valid, | |||
1390 | 1391 | ||
1391 | /* Set the encryption key. */ | 1392 | /* Set the encryption key. */ |
1392 | packet_set_encryption_key(session_key, SSH_SESSION_KEY_LENGTH, | 1393 | packet_set_encryption_key(session_key, SSH_SESSION_KEY_LENGTH, |
1393 | options->cipher, 1); | 1394 | options.cipher, 1); |
1394 | 1395 | ||
1395 | /* We will no longer need the session key here. Destroy any extra copies. */ | 1396 | /* We will no longer need the session key here. Destroy any extra copies. */ |
1396 | memset(session_key, 0, sizeof(session_key)); | 1397 | memset(session_key, 0, sizeof(session_key)); |
@@ -1420,17 +1421,17 @@ void ssh_login(int host_key_valid, | |||
1420 | #ifdef AFS | 1421 | #ifdef AFS |
1421 | /* Try Kerberos tgt passing if the server supports it. */ | 1422 | /* Try Kerberos tgt passing if the server supports it. */ |
1422 | if ((supported_authentications & (1 << SSH_PASS_KERBEROS_TGT)) && | 1423 | if ((supported_authentications & (1 << SSH_PASS_KERBEROS_TGT)) && |
1423 | options->kerberos_tgt_passing) | 1424 | options.kerberos_tgt_passing) |
1424 | { | 1425 | { |
1425 | if (options->cipher == SSH_CIPHER_NONE) | 1426 | if (options.cipher == SSH_CIPHER_NONE) |
1426 | log("WARNING: Encryption is disabled! Ticket will be transmitted in the clear!"); | 1427 | log("WARNING: Encryption is disabled! Ticket will be transmitted in the clear!"); |
1427 | (void)send_kerberos_tgt(); | 1428 | (void)send_kerberos_tgt(); |
1428 | } | 1429 | } |
1429 | 1430 | ||
1430 | /* Try AFS token passing if the server supports it. */ | 1431 | /* Try AFS token passing if the server supports it. */ |
1431 | if ((supported_authentications & (1 << SSH_PASS_AFS_TOKEN)) && | 1432 | if ((supported_authentications & (1 << SSH_PASS_AFS_TOKEN)) && |
1432 | options->afs_token_passing && k_hasafs()) { | 1433 | options.afs_token_passing && k_hasafs()) { |
1433 | if (options->cipher == SSH_CIPHER_NONE) | 1434 | if (options.cipher == SSH_CIPHER_NONE) |
1434 | log("WARNING: Encryption is disabled! Token will be transmitted in the clear!"); | 1435 | log("WARNING: Encryption is disabled! Token will be transmitted in the clear!"); |
1435 | send_afs_tokens(); | 1436 | send_afs_tokens(); |
1436 | } | 1437 | } |
@@ -1438,7 +1439,7 @@ void ssh_login(int host_key_valid, | |||
1438 | 1439 | ||
1439 | #ifdef KRB4 | 1440 | #ifdef KRB4 |
1440 | if ((supported_authentications & (1 << SSH_AUTH_KERBEROS)) && | 1441 | if ((supported_authentications & (1 << SSH_AUTH_KERBEROS)) && |
1441 | options->kerberos_authentication) | 1442 | options.kerberos_authentication) |
1442 | { | 1443 | { |
1443 | debug("Trying Kerberos authentication."); | 1444 | debug("Trying Kerberos authentication."); |
1444 | if (try_kerberos_authentication()) { | 1445 | if (try_kerberos_authentication()) { |
@@ -1455,7 +1456,7 @@ void ssh_login(int host_key_valid, | |||
1455 | /* Use rhosts authentication if running in privileged socket and we do not | 1456 | /* Use rhosts authentication if running in privileged socket and we do not |
1456 | wish to remain anonymous. */ | 1457 | wish to remain anonymous. */ |
1457 | if ((supported_authentications & (1 << SSH_AUTH_RHOSTS)) && | 1458 | if ((supported_authentications & (1 << SSH_AUTH_RHOSTS)) && |
1458 | options->rhosts_authentication) | 1459 | options.rhosts_authentication) |
1459 | { | 1460 | { |
1460 | debug("Trying rhosts authentication."); | 1461 | debug("Trying rhosts authentication."); |
1461 | packet_start(SSH_CMSG_AUTH_RHOSTS); | 1462 | packet_start(SSH_CMSG_AUTH_RHOSTS); |
@@ -1475,7 +1476,7 @@ void ssh_login(int host_key_valid, | |||
1475 | /* Try .rhosts or /etc/hosts.equiv authentication with RSA host | 1476 | /* Try .rhosts or /etc/hosts.equiv authentication with RSA host |
1476 | authentication. */ | 1477 | authentication. */ |
1477 | if ((supported_authentications & (1 << SSH_AUTH_RHOSTS_RSA)) && | 1478 | if ((supported_authentications & (1 << SSH_AUTH_RHOSTS_RSA)) && |
1478 | options->rhosts_rsa_authentication && host_key_valid) | 1479 | options.rhosts_rsa_authentication && host_key_valid) |
1479 | { | 1480 | { |
1480 | if (try_rhosts_rsa_authentication(local_user, own_host_key)) | 1481 | if (try_rhosts_rsa_authentication(local_user, own_host_key)) |
1481 | return; /* Successful authentication. */ | 1482 | return; /* Successful authentication. */ |
@@ -1483,7 +1484,7 @@ void ssh_login(int host_key_valid, | |||
1483 | 1484 | ||
1484 | /* Try RSA authentication if the server supports it. */ | 1485 | /* Try RSA authentication if the server supports it. */ |
1485 | if ((supported_authentications & (1 << SSH_AUTH_RSA)) && | 1486 | if ((supported_authentications & (1 << SSH_AUTH_RSA)) && |
1486 | options->rsa_authentication) | 1487 | options.rsa_authentication) |
1487 | { | 1488 | { |
1488 | /* Try RSA authentication using the authentication agent. The agent | 1489 | /* Try RSA authentication using the authentication agent. The agent |
1489 | is tried first because no passphrase is needed for it, whereas | 1490 | is tried first because no passphrase is needed for it, whereas |
@@ -1492,23 +1493,22 @@ void ssh_login(int host_key_valid, | |||
1492 | return; /* Successful connection. */ | 1493 | return; /* Successful connection. */ |
1493 | 1494 | ||
1494 | /* Try RSA authentication for each identity. */ | 1495 | /* Try RSA authentication for each identity. */ |
1495 | for (i = 0; i < options->num_identity_files; i++) | 1496 | for (i = 0; i < options.num_identity_files; i++) |
1496 | if (try_rsa_authentication(pw, options->identity_files[i], | 1497 | if (try_rsa_authentication(pw, options.identity_files[i])) |
1497 | !options->batch_mode)) | ||
1498 | return; /* Successful connection. */ | 1498 | return; /* Successful connection. */ |
1499 | } | 1499 | } |
1500 | 1500 | ||
1501 | /* Try password authentication if the server supports it. */ | 1501 | /* Try password authentication if the server supports it. */ |
1502 | if ((supported_authentications & (1 << SSH_AUTH_PASSWORD)) && | 1502 | if ((supported_authentications & (1 << SSH_AUTH_PASSWORD)) && |
1503 | options->password_authentication && !options->batch_mode) | 1503 | options.password_authentication && !options.batch_mode) |
1504 | { | 1504 | { |
1505 | char prompt[80]; | 1505 | char prompt[80]; |
1506 | snprintf(prompt, sizeof(prompt), "%.30s@%.30s's password: ", | 1506 | snprintf(prompt, sizeof(prompt), "%.30s@%.30s's password: ", |
1507 | server_user, host); | 1507 | server_user, host); |
1508 | debug("Doing password authentication."); | 1508 | debug("Doing password authentication."); |
1509 | if (options->cipher == SSH_CIPHER_NONE) | 1509 | if (options.cipher == SSH_CIPHER_NONE) |
1510 | log("WARNING: Encryption is disabled! Password will be transmitted in clear text."); | 1510 | log("WARNING: Encryption is disabled! Password will be transmitted in clear text."); |
1511 | for (i = 0; i < options->number_of_password_prompts; i++) { | 1511 | for (i = 0; i < options.number_of_password_prompts; i++) { |
1512 | if (i != 0) | 1512 | if (i != 0) |
1513 | error("Permission denied, please try again."); | 1513 | error("Permission denied, please try again."); |
1514 | password = read_passphrase(prompt, 0); | 1514 | password = read_passphrase(prompt, 0); |