]> andersk Git - openssh.git/blobdiff - sshconnect.c
- Merge big update to OpenSSH-2.0 from OpenBSD CVS
[openssh.git] / sshconnect.c
index 85a57d0aaca233484595418dd53863601dbb8140..5554c0643c6164d8b92038d46dcff5347ed0562b 100644 (file)
@@ -8,33 +8,29 @@
  */
 
 #include "includes.h"
-RCSID("$Id$");
+RCSID("$OpenBSD: sshconnect.c,v 1.71 2000/04/26 21:28:33 markus Exp $");
 
-#ifdef HAVE_OPENSSL
 #include <openssl/bn.h>
-#include <openssl/md5.h>
-#endif
-#ifdef HAVE_SSL
-#include <ssl/bn.h>
-#include <ssl/md5.h>
-#endif
+#include <openssl/dsa.h>
+#include <openssl/rsa.h>
 
 #include "xmalloc.h"
 #include "rsa.h"
 #include "ssh.h"
+#include "buffer.h"
 #include "packet.h"
-#include "authfd.h"
-#include "cipher.h"
-#include "mpaux.h"
 #include "uidswap.h"
 #include "compat.h"
 #include "readconf.h"
-#include "fingerprint.h"
+#include "key.h"
+#include "sshconnect.h"
+#include "hostfile.h"
 
-/* Session id for the current session. */
-unsigned char session_id[16];
+char *client_version_string = NULL;
+char *server_version_string = NULL;
 
 extern Options options;
+extern char *__progname;
 
 /*
  * Connect to the given ssh server using a proxy command.
@@ -47,11 +43,11 @@ ssh_proxy_connect(const char *host, u_short port, uid_t original_real_uid,
        const char *cp;
        char *command_string;
        int pin[2], pout[2];
-       int pid;
-       char portstring[100];
+       pid_t pid;
+       char strport[NI_MAXSERV];
 
        /* Convert the port number into a string. */
-       snprintf(portstring, sizeof portstring, "%hu", port);
+       snprintf(strport, sizeof strport, "%hu", port);
 
        /* Build the final command string in the buffer by making the
           appropriate substitutions to the given proxy command. */
@@ -68,7 +64,7 @@ ssh_proxy_connect(const char *host, u_short port, uid_t original_real_uid,
                        continue;
                }
                if (cp[0] == '%' && cp[1] == 'p') {
-                       buffer_append(&command, portstring, strlen(portstring));
+                       buffer_append(&command, strport, strlen(strport));
                        cp++;
                        continue;
                }
@@ -140,7 +136,7 @@ ssh_proxy_connect(const char *host, u_short port, uid_t original_real_uid,
  * Creates a (possibly privileged) socket for use as the ssh connection.
  */
 int
-ssh_create_socket(uid_t original_real_uid, int privileged)
+ssh_create_socket(uid_t original_real_uid, int privileged, int family)
 {
        int sock;
 
@@ -150,28 +146,29 @@ ssh_create_socket(uid_t original_real_uid, int privileged)
         */
        if (privileged) {
                int p = IPPORT_RESERVED - 1;
-
-               sock = rresvport(&p);
+               sock = rresvport_af(&p, family);
                if (sock < 0)
-                       fatal("rresvport: %.100s", strerror(errno));
-               debug("Allocated local port %d.", p);
+                       error("rresvport: af=%d %.100s", family, strerror(errno));
+               else
+                       debug("Allocated local port %d.", p);
        } else {
                /*
                 * Just create an ordinary socket on arbitrary port.  We use
                 * the user's uid to create the socket.
                 */
                temporarily_use_uid(original_real_uid);
-               sock = socket(AF_INET, SOCK_STREAM, 0);
+               sock = socket(family, SOCK_STREAM, 0);
                if (sock < 0)
-                       fatal("socket: %.100s", strerror(errno));
+                       error("socket: %.100s", strerror(errno));
                restore_uid();
        }
        return sock;
 }
 
 /*
- * Opens a TCP/IP connection to the remote server on the given host.  If
- * port is 0, the default port will be used.  If anonymous is zero,
+ * Opens a TCP/IP connection to the remote server on the given host.
+ * The address of the remote host will be returned in hostaddr.
+ * If port is 0, the default port will be used.  If anonymous is zero,
  * a privileged port will be allocated to make the connection.
  * This requires super-user privileges if anonymous is false.
  * Connection_attempts specifies the maximum number of tries (one per
@@ -180,15 +177,16 @@ ssh_create_socket(uid_t original_real_uid, int privileged)
  * the daemon.
  */
 int
-ssh_connect(const char *host, struct sockaddr_in * hostaddr,
+ssh_connect(const char *host, struct sockaddr_storage * hostaddr,
            u_short port, int connection_attempts,
            int anonymous, uid_t original_real_uid,
            const char *proxy_command)
 {
-       int sock = -1, attempt, i;
-       int on = 1;
+       int sock = -1, attempt;
        struct servent *sp;
-       struct hostent *hp;
+       struct addrinfo hints, *ai, *aitop;
+       char ntop[NI_MAXHOST], strport[NI_MAXSERV];
+       int gaierr;
        struct linger linger;
 
        debug("ssh_connect: getuid %d geteuid %d anon %d",
@@ -208,8 +206,13 @@ ssh_connect(const char *host, struct sockaddr_in * hostaddr,
 
        /* No proxy command. */
 
-       /* No host lookup made yet. */
-       hp = NULL;
+       memset(&hints, 0, sizeof(hints));
+       hints.ai_family = IPv4or6;
+       hints.ai_socktype = SOCK_STREAM;
+       snprintf(strport, sizeof strport, "%d", port);
+       if ((gaierr = getaddrinfo(host, strport, &hints, &aitop)) != 0)
+               fatal("%s: %.100s: %s", __progname, host,
+                   gai_strerror(gaierr));
 
        /*
         * Try to connect several times.  On some machines, the first time
@@ -220,82 +223,40 @@ ssh_connect(const char *host, struct sockaddr_in * hostaddr,
                if (attempt > 0)
                        debug("Trying again...");
 
-               /* Try to parse the host name as a numeric inet address. */
-               memset(hostaddr, 0, sizeof(hostaddr));
-               hostaddr->sin_family = AF_INET;
-               hostaddr->sin_port = htons(port);
-               hostaddr->sin_addr.s_addr = inet_addr(host);
-               if ((hostaddr->sin_addr.s_addr & 0xffffffff) != 0xffffffff) {
-                       /* Valid numeric IP address */
-                       debug("Connecting to %.100s port %d.",
-                             inet_ntoa(hostaddr->sin_addr), port);
-
-                       /* Create a socket. */
-                       sock = ssh_create_socket(original_real_uid,
-                                         !anonymous && geteuid() == 0 &&
-                                                port < IPPORT_RESERVED);
+               /* Loop through addresses for this host, and try each one in
+                  sequence until the connection succeeds. */
+               for (ai = aitop; ai; ai = ai->ai_next) {
+                       if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
+                               continue;
+                       if (getnameinfo(ai->ai_addr, ai->ai_addrlen,
+                           ntop, sizeof(ntop), strport, sizeof(strport),
+                           NI_NUMERICHOST|NI_NUMERICSERV) != 0) {
+                               error("ssh_connect: getnameinfo failed");
+                               continue;
+                       }
+                       debug("Connecting to %.200s [%.100s] port %s.",
+                               host, ntop, strport);
 
-                       /*
-                        * Connect to the host.  We use the user's uid in the
-                        * hope that it will help with the problems of
-                        * tcp_wrappers showing the remote uid as root.
+                       /* Create a socket for connecting. */
+                       sock = ssh_create_socket(original_real_uid,
+                           !anonymous && geteuid() == 0 && port < IPPORT_RESERVED,
+                           ai->ai_family);
+                       if (sock < 0)
+                               continue;
+
+                       /* Connect to the host.  We use the user's uid in the
+                        * hope that it will help with tcp_wrappers showing
+                        * the remote uid as root.
                         */
                        temporarily_use_uid(original_real_uid);
-                       if (connect(sock, (struct sockaddr *) hostaddr, sizeof(*hostaddr))
-                           >= 0) {
-                               /* Successful connect. */
+                       if (connect(sock, ai->ai_addr, ai->ai_addrlen) >= 0) {
+                               /* Successful connection. */
+                               memcpy(hostaddr, ai->ai_addr, sizeof(*(ai->ai_addr)));
                                restore_uid();
                                break;
-                       }
-                       debug("connect: %.100s", strerror(errno));
-                       restore_uid();
-
-                       /* Destroy the failed socket. */
-                       shutdown(sock, SHUT_RDWR);
-                       close(sock);
-               } else {
-                       /* Not a valid numeric inet address. */
-                       /* Map host name to an address. */
-                       if (!hp)
-                               hp = gethostbyname(host);
-                       if (!hp)
-                               fatal("Bad host name: %.100s", host);
-                       if (!hp->h_addr_list[0])
-                               fatal("Host does not have an IP address: %.100s", host);
-
-                       /* Loop through addresses for this host, and try
-                          each one in sequence until the connection
-                          succeeds. */
-                       for (i = 0; hp->h_addr_list[i]; i++) {
-                               /* Set the address to connect to. */
-                               hostaddr->sin_family = hp->h_addrtype;
-                               memcpy(&hostaddr->sin_addr, hp->h_addr_list[i],
-                                      sizeof(hostaddr->sin_addr));
-
-                               debug("Connecting to %.200s [%.100s] port %d.",
-                                     host, inet_ntoa(hostaddr->sin_addr), port);
-
-                               /* Create a socket for connecting. */
-                               sock = ssh_create_socket(original_real_uid,
-                                         !anonymous && geteuid() == 0 &&
-                                                port < IPPORT_RESERVED);
-
-                               /*
-                                * Connect to the host.  We use the user's
-                                * uid in the hope that it will help with
-                                * tcp_wrappers showing the remote uid as
-                                * root.
-                                */
-                               temporarily_use_uid(original_real_uid);
-                               if (connect(sock, (struct sockaddr *) hostaddr,
-                                           sizeof(*hostaddr)) >= 0) {
-                                       /* Successful connection. */
-                                       restore_uid();
-                                       break;
-                               }
+                       } else {
                                debug("connect: %.100s", strerror(errno));
                                restore_uid();
-
                                /*
                                 * Close the failed socket; there appear to
                                 * be some problems when reusing a socket for
@@ -305,13 +266,16 @@ ssh_connect(const char *host, struct sockaddr_in * hostaddr,
                                shutdown(sock, SHUT_RDWR);
                                close(sock);
                        }
-                       if (hp->h_addr_list[i])
-                               break;  /* Successful connection. */
                }
+               if (ai)
+                       break;  /* Successful connection. */
 
                /* Sleep a moment before retrying. */
                sleep(1);
        }
+
+       freeaddrinfo(aitop);
+
        /* Return failure if we didn't get a successful connection. */
        if (attempt >= connection_attempts)
                return 0;
@@ -323,7 +287,6 @@ ssh_connect(const char *host, struct sockaddr_in * hostaddr,
         * as it has been closed for whatever reason.
         */
        /* setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (void *)&on, sizeof(on)); */
-       setsockopt(sock, IPPROTO_TCP, TCP_NODELAY, (void *) &on, sizeof(on));
        linger.l_onoff = 1;
        linger.l_linger = 5;
        setsockopt(sock, SOL_SOCKET, SO_LINGER, (void *) &linger, sizeof(linger));
@@ -334,646 +297,19 @@ ssh_connect(const char *host, struct sockaddr_in * hostaddr,
        return 1;
 }
 
-/*
- * Checks if the user has an authentication agent, and if so, tries to
- * authenticate using the agent.
- */
-int
-try_agent_authentication()
-{
-       int status, type;
-       char *comment;
-       AuthenticationConnection *auth;
-       unsigned char response[16];
-       unsigned int i;
-       BIGNUM *e, *n, *challenge;
-
-       /* Get connection to the agent. */
-       auth = ssh_get_authentication_connection();
-       if (!auth)
-               return 0;
-
-       e = BN_new();
-       n = BN_new();
-       challenge = BN_new();
-
-       /* Loop through identities served by the agent. */
-       for (status = ssh_get_first_identity(auth, e, n, &comment);
-            status;
-            status = ssh_get_next_identity(auth, e, n, &comment)) {
-               int plen, clen;
-
-               /* Try this identity. */
-               debug("Trying RSA authentication via agent with '%.100s'", comment);
-               xfree(comment);
-
-               /* Tell the server that we are willing to authenticate using this key. */
-               packet_start(SSH_CMSG_AUTH_RSA);
-               packet_put_bignum(n);
-               packet_send();
-               packet_write_wait();
-
-               /* Wait for server's response. */
-               type = packet_read(&plen);
-
-               /* The server sends failure if it doesn\'t like our key or
-                  does not support RSA authentication. */
-               if (type == SSH_SMSG_FAILURE) {
-                       debug("Server refused our key.");
-                       continue;
-               }
-               /* Otherwise it should have sent a challenge. */
-               if (type != SSH_SMSG_AUTH_RSA_CHALLENGE)
-                       packet_disconnect("Protocol error during RSA authentication: %d",
-                                         type);
-
-               packet_get_bignum(challenge, &clen);
-
-               packet_integrity_check(plen, clen, type);
-
-               debug("Received RSA challenge from server.");
-
-               /* Ask the agent to decrypt the challenge. */
-               if (!ssh_decrypt_challenge(auth, e, n, challenge,
-                                          session_id, 1, response)) {
-                       /* The agent failed to authenticate this identifier although it
-                          advertised it supports this.  Just return a wrong value. */
-                       log("Authentication agent failed to decrypt challenge.");
-                       memset(response, 0, sizeof(response));
-               }
-               debug("Sending response to RSA challenge.");
-
-               /* Send the decrypted challenge back to the server. */
-               packet_start(SSH_CMSG_AUTH_RSA_RESPONSE);
-               for (i = 0; i < 16; i++)
-                       packet_put_char(response[i]);
-               packet_send();
-               packet_write_wait();
-
-               /* Wait for response from the server. */
-               type = packet_read(&plen);
-
-               /* The server returns success if it accepted the authentication. */
-               if (type == SSH_SMSG_SUCCESS) {
-                       debug("RSA authentication accepted by server.");
-                       BN_clear_free(e);
-                       BN_clear_free(n);
-                       BN_clear_free(challenge);
-                       return 1;
-               }
-               /* Otherwise it should return failure. */
-               if (type != SSH_SMSG_FAILURE)
-                       packet_disconnect("Protocol error waiting RSA auth response: %d",
-                                         type);
-       }
-
-       BN_clear_free(e);
-       BN_clear_free(n);
-       BN_clear_free(challenge);
-
-       debug("RSA authentication using agent refused.");
-       return 0;
-}
-
-/*
- * Computes the proper response to a RSA challenge, and sends the response to
- * the server.
- */
-void
-respond_to_rsa_challenge(BIGNUM * challenge, RSA * prv)
-{
-       unsigned char buf[32], response[16];
-       MD5_CTX md;
-       int i, len;
-
-       /* Decrypt the challenge using the private key. */
-       rsa_private_decrypt(challenge, challenge, prv);
-
-       /* Compute the response. */
-       /* The response is MD5 of decrypted challenge plus session id. */
-       len = BN_num_bytes(challenge);
-       if (len <= 0 || len > sizeof(buf))
-               packet_disconnect("respond_to_rsa_challenge: bad challenge length %d",
-                                 len);
-
-       memset(buf, 0, sizeof(buf));
-       BN_bn2bin(challenge, buf + sizeof(buf) - len);
-       MD5_Init(&md);
-       MD5_Update(&md, buf, 32);
-       MD5_Update(&md, session_id, 16);
-       MD5_Final(response, &md);
-
-       debug("Sending response to host key RSA challenge.");
-
-       /* Send the response back to the server. */
-       packet_start(SSH_CMSG_AUTH_RSA_RESPONSE);
-       for (i = 0; i < 16; i++)
-               packet_put_char(response[i]);
-       packet_send();
-       packet_write_wait();
-
-       memset(buf, 0, sizeof(buf));
-       memset(response, 0, sizeof(response));
-       memset(&md, 0, sizeof(md));
-}
-
-/*
- * Checks if the user has authentication file, and if so, tries to authenticate
- * the user using it.
- */
-int
-try_rsa_authentication(const char *authfile)
+char *
+chop(char *s)
 {
-       BIGNUM *challenge;
-       RSA *private_key;
-       RSA *public_key;
-       char *passphrase, *comment;
-       int type, i;
-       int plen, clen;
-
-       /* Try to load identification for the authentication key. */
-       public_key = RSA_new();
-       if (!load_public_key(authfile, public_key, &comment)) {
-               RSA_free(public_key);
-               /* Could not load it.  Fail. */
-               return 0;
-       }
-       debug("Trying RSA authentication with key '%.100s'", comment);
-
-       /* Tell the server that we are willing to authenticate using this key. */
-       packet_start(SSH_CMSG_AUTH_RSA);
-       packet_put_bignum(public_key->n);
-       packet_send();
-       packet_write_wait();
-
-       /* We no longer need the public key. */
-       RSA_free(public_key);
-
-       /* Wait for server's response. */
-       type = packet_read(&plen);
-
-       /*
-        * The server responds with failure if it doesn\'t like our key or
-        * doesn\'t support RSA authentication.
-        */
-       if (type == SSH_SMSG_FAILURE) {
-               debug("Server refused our key.");
-               xfree(comment);
-               return 0;
-       }
-       /* Otherwise, the server should respond with a challenge. */
-       if (type != SSH_SMSG_AUTH_RSA_CHALLENGE)
-               packet_disconnect("Protocol error during RSA authentication: %d", type);
-
-       /* Get the challenge from the packet. */
-       challenge = BN_new();
-       packet_get_bignum(challenge, &clen);
-
-       packet_integrity_check(plen, clen, type);
-
-       debug("Received RSA challenge from server.");
-
-       private_key = RSA_new();
-       /*
-        * Load the private key.  Try first with empty passphrase; if it
-        * fails, ask for a passphrase.
-        */
-       if (!load_private_key(authfile, "", private_key, NULL)) {
-               char buf[300];
-               snprintf(buf, sizeof buf, "Enter passphrase for RSA key '%.100s': ",
-                   comment);
-               if (!options.batch_mode)
-                       passphrase = read_passphrase(buf, 0);
-               else {
-                       debug("Will not query passphrase for %.100s in batch mode.",
-                             comment);
-                       passphrase = xstrdup("");
-               }
-
-               /* Load the authentication file using the pasphrase. */
-               if (!load_private_key(authfile, passphrase, private_key, NULL)) {
-                       memset(passphrase, 0, strlen(passphrase));
-                       xfree(passphrase);
-                       error("Bad passphrase.");
-
-                       /* Send a dummy response packet to avoid protocol error. */
-                       packet_start(SSH_CMSG_AUTH_RSA_RESPONSE);
-                       for (i = 0; i < 16; i++)
-                               packet_put_char(0);
-                       packet_send();
-                       packet_write_wait();
-
-                       /* Expect the server to reject it... */
-                       packet_read_expect(&plen, SSH_SMSG_FAILURE);
-                       xfree(comment);
-                       return 0;
+       char *t = s;
+       while (*t) {
+               if(*t == '\n' || *t == '\r') {
+                       *t = '\0';
+                       return s;
                }
-               /* Destroy the passphrase. */
-               memset(passphrase, 0, strlen(passphrase));
-               xfree(passphrase);
-       }
-       /* We no longer need the comment. */
-       xfree(comment);
-
-       /* Compute and send a response to the challenge. */
-       respond_to_rsa_challenge(challenge, private_key);
-
-       /* Destroy the private key. */
-       RSA_free(private_key);
-
-       /* We no longer need the challenge. */
-       BN_clear_free(challenge);
-
-       /* Wait for response from the server. */
-       type = packet_read(&plen);
-       if (type == SSH_SMSG_SUCCESS) {
-               debug("RSA authentication accepted by server.");
-               return 1;
-       }
-       if (type != SSH_SMSG_FAILURE)
-               packet_disconnect("Protocol error waiting RSA auth response: %d", type);
-       debug("RSA authentication refused.");
-       return 0;
-}
-
-/*
- * Tries to authenticate the user using combined rhosts or /etc/hosts.equiv
- * authentication and RSA host authentication.
- */
-int
-try_rhosts_rsa_authentication(const char *local_user, RSA * host_key)
-{
-       int type;
-       BIGNUM *challenge;
-       int plen, clen;
-
-       debug("Trying rhosts or /etc/hosts.equiv with RSA host authentication.");
-
-       /* Tell the server that we are willing to authenticate using this key. */
-       packet_start(SSH_CMSG_AUTH_RHOSTS_RSA);
-       packet_put_string(local_user, strlen(local_user));
-       packet_put_int(BN_num_bits(host_key->n));
-       packet_put_bignum(host_key->e);
-       packet_put_bignum(host_key->n);
-       packet_send();
-       packet_write_wait();
-
-       /* Wait for server's response. */
-       type = packet_read(&plen);
-
-       /* The server responds with failure if it doesn't admit our
-          .rhosts authentication or doesn't know our host key. */
-       if (type == SSH_SMSG_FAILURE) {
-               debug("Server refused our rhosts authentication or host key.");
-               return 0;
-       }
-       /* Otherwise, the server should respond with a challenge. */
-       if (type != SSH_SMSG_AUTH_RSA_CHALLENGE)
-               packet_disconnect("Protocol error during RSA authentication: %d", type);
-
-       /* Get the challenge from the packet. */
-       challenge = BN_new();
-       packet_get_bignum(challenge, &clen);
-
-       packet_integrity_check(plen, clen, type);
-
-       debug("Received RSA challenge for host key from server.");
-
-       /* Compute a response to the challenge. */
-       respond_to_rsa_challenge(challenge, host_key);
-
-       /* We no longer need the challenge. */
-       BN_clear_free(challenge);
-
-       /* Wait for response from the server. */
-       type = packet_read(&plen);
-       if (type == SSH_SMSG_SUCCESS) {
-               debug("Rhosts or /etc/hosts.equiv with RSA host authentication accepted by server.");
-               return 1;
-       }
-       if (type != SSH_SMSG_FAILURE)
-               packet_disconnect("Protocol error waiting RSA auth response: %d", type);
-       debug("Rhosts or /etc/hosts.equiv with RSA host authentication refused.");
-       return 0;
-}
-
-#ifdef KRB4
-int
-try_kerberos_authentication()
-{
-       KTEXT_ST auth;          /* Kerberos data */
-       char *reply;
-       char inst[INST_SZ];
-       char *realm;
-       CREDENTIALS cred;
-       int r, type, plen;
-       Key_schedule schedule;
-       u_long checksum, cksum;
-       MSG_DAT msg_data;
-       struct sockaddr_in local, foreign;
-       struct stat st;
-
-       /* Don't do anything if we don't have any tickets. */
-       if (stat(tkt_string(), &st) < 0)
-               return 0;
-
-       strncpy(inst, (char *) krb_get_phost(get_canonical_hostname()), INST_SZ);
-
-       realm = (char *) krb_realmofhost(get_canonical_hostname());
-       if (!realm) {
-               debug("Kerberos V4: no realm for %s", get_canonical_hostname());
-               return 0;
-       }
-       /* This can really be anything. */
-       checksum = (u_long) getpid();
-
-       r = krb_mk_req(&auth, KRB4_SERVICE_NAME, inst, realm, checksum);
-       if (r != KSUCCESS) {
-               debug("Kerberos V4 krb_mk_req failed: %s", krb_err_txt[r]);
-               return 0;
-       }
-       /* Get session key to decrypt the server's reply with. */
-       r = krb_get_cred(KRB4_SERVICE_NAME, inst, realm, &cred);
-       if (r != KSUCCESS) {
-               debug("get_cred failed: %s", krb_err_txt[r]);
-               return 0;
-       }
-       des_key_sched((des_cblock *) cred.session, schedule);
-
-       /* Send authentication info to server. */
-       packet_start(SSH_CMSG_AUTH_KERBEROS);
-       packet_put_string((char *) auth.dat, auth.length);
-       packet_send();
-       packet_write_wait();
-
-       /* Zero the buffer. */
-       (void) memset(auth.dat, 0, MAX_KTXT_LEN);
-
-       r = sizeof(local);
-       memset(&local, 0, sizeof(local));
-       if (getsockname(packet_get_connection_in(),
-                       (struct sockaddr *) & local, &r) < 0)
-               debug("getsockname failed: %s", strerror(errno));
-
-       r = sizeof(foreign);
-       memset(&foreign, 0, sizeof(foreign));
-       if (getpeername(packet_get_connection_in(),
-                       (struct sockaddr *) & foreign, &r) < 0) {
-               debug("getpeername failed: %s", strerror(errno));
-               fatal_cleanup();
-       }
-       /* Get server reply. */
-       type = packet_read(&plen);
-       switch (type) {
-       case SSH_SMSG_FAILURE:
-               /* Should really be SSH_SMSG_AUTH_KERBEROS_FAILURE */
-               debug("Kerberos V4 authentication failed.");
-               return 0;
-               break;
-
-       case SSH_SMSG_AUTH_KERBEROS_RESPONSE:
-               /* SSH_SMSG_AUTH_KERBEROS_SUCCESS */
-               debug("Kerberos V4 authentication accepted.");
-
-               /* Get server's response. */
-               reply = packet_get_string((unsigned int *) &auth.length);
-               memcpy(auth.dat, reply, auth.length);
-               xfree(reply);
-
-               packet_integrity_check(plen, 4 + auth.length, type);
-
-               /*
-                * If his response isn't properly encrypted with the session
-                * key, and the decrypted checksum fails to match, he's
-                * bogus. Bail out.
-                */
-               r = krb_rd_priv(auth.dat, auth.length, schedule, &cred.session,
-                               &foreign, &local, &msg_data);
-               if (r != KSUCCESS) {
-                       debug("Kerberos V4 krb_rd_priv failed: %s", krb_err_txt[r]);
-                       packet_disconnect("Kerberos V4 challenge failed!");
-               }
-               /* Fetch the (incremented) checksum that we supplied in the request. */
-               (void) memcpy((char *) &cksum, (char *) msg_data.app_data, sizeof(cksum));
-               cksum = ntohl(cksum);
-
-               /* If it matches, we're golden. */
-               if (cksum == checksum + 1) {
-                       debug("Kerberos V4 challenge successful.");
-                       return 1;
-               } else
-                       packet_disconnect("Kerberos V4 challenge failed!");
-               break;
-
-       default:
-               packet_disconnect("Protocol error on Kerberos V4 response: %d", type);
-       }
-       return 0;
-}
-
-#endif /* KRB4 */
-
-#ifdef AFS
-int
-send_kerberos_tgt()
-{
-       CREDENTIALS *creds;
-       char pname[ANAME_SZ], pinst[INST_SZ], prealm[REALM_SZ];
-       int r, type, plen;
-       unsigned char buffer[8192];
-       struct stat st;
-
-       /* Don't do anything if we don't have any tickets. */
-       if (stat(tkt_string(), &st) < 0)
-               return 0;
-
-       creds = xmalloc(sizeof(*creds));
-
-       if ((r = krb_get_tf_fullname(TKT_FILE, pname, pinst, prealm)) != KSUCCESS) {
-               debug("Kerberos V4 tf_fullname failed: %s", krb_err_txt[r]);
-               return 0;
-       }
-       if ((r = krb_get_cred("krbtgt", prealm, prealm, creds)) != GC_OK) {
-               debug("Kerberos V4 get_cred failed: %s", krb_err_txt[r]);
-               return 0;
-       }
-       if (time(0) > krb_life_to_time(creds->issue_date, creds->lifetime)) {
-               debug("Kerberos V4 ticket expired: %s", TKT_FILE);
-               return 0;
-       }
-       creds_to_radix(creds, buffer);
-       xfree(creds);
-
-       packet_start(SSH_CMSG_HAVE_KERBEROS_TGT);
-       packet_put_string((char *) buffer, strlen(buffer));
-       packet_send();
-       packet_write_wait();
-
-       type = packet_read(&plen);
-
-       if (type == SSH_SMSG_FAILURE)
-               debug("Kerberos TGT for realm %s rejected.", prealm);
-       else if (type != SSH_SMSG_SUCCESS)
-               packet_disconnect("Protocol error on Kerberos TGT response: %d", type);
-
-       return 1;
-}
-
-void
-send_afs_tokens(void)
-{
-       CREDENTIALS creds;
-       struct ViceIoctl parms;
-       struct ClearToken ct;
-       int i, type, len, plen;
-       char buf[2048], *p, *server_cell;
-       unsigned char buffer[8192];
-
-       /* Move over ktc_GetToken, here's something leaner. */
-       for (i = 0; i < 100; i++) {     /* just in case */
-               parms.in = (char *) &i;
-               parms.in_size = sizeof(i);
-               parms.out = buf;
-               parms.out_size = sizeof(buf);
-               if (k_pioctl(0, VIOCGETTOK, &parms, 0) != 0)
-                       break;
-               p = buf;
-
-               /* Get secret token. */
-               memcpy(&creds.ticket_st.length, p, sizeof(unsigned int));
-               if (creds.ticket_st.length > MAX_KTXT_LEN)
-                       break;
-               p += sizeof(unsigned int);
-               memcpy(creds.ticket_st.dat, p, creds.ticket_st.length);
-               p += creds.ticket_st.length;
-
-               /* Get clear token. */
-               memcpy(&len, p, sizeof(len));
-               if (len != sizeof(struct ClearToken))
-                       break;
-               p += sizeof(len);
-               memcpy(&ct, p, len);
-               p += len;
-               p += sizeof(len);       /* primary flag */
-               server_cell = p;
-
-               /* Flesh out our credentials. */
-               strlcpy(creds.service, "afs", sizeof creds.service);
-               creds.instance[0] = '\0';
-               strlcpy(creds.realm, server_cell, REALM_SZ);
-               memcpy(creds.session, ct.HandShakeKey, DES_KEY_SZ);
-               creds.issue_date = ct.BeginTimestamp;
-               creds.lifetime = krb_time_to_life(creds.issue_date, ct.EndTimestamp);
-               creds.kvno = ct.AuthHandle;
-               snprintf(creds.pname, sizeof(creds.pname), "AFS ID %d", ct.ViceId);
-               creds.pinst[0] = '\0';
-
-               /* Encode token, ship it off. */
-               if (!creds_to_radix(&creds, buffer))
-                       break;
-               packet_start(SSH_CMSG_HAVE_AFS_TOKEN);
-               packet_put_string((char *) buffer, strlen(buffer));
-               packet_send();
-               packet_write_wait();
-
-               /* Roger, Roger. Clearance, Clarence. What's your vector,
-                  Victor? */
-               type = packet_read(&plen);
-
-               if (type == SSH_SMSG_FAILURE)
-                       debug("AFS token for cell %s rejected.", server_cell);
-               else if (type != SSH_SMSG_SUCCESS)
-                       packet_disconnect("Protocol error on AFS token response: %d", type);
-       }
-}
-
-#endif /* AFS */
-
-/*
- * Tries to authenticate with any string-based challenge/response system.
- * Note that the client code is not tied to s/key or TIS.
- */
-int
-try_skey_authentication()
-{
-       int type, i, payload_len;
-       char *challenge, *response;
-
-       debug("Doing skey authentication.");
-
-       /* request a challenge */
-       packet_start(SSH_CMSG_AUTH_TIS);
-       packet_send();
-       packet_write_wait();
-
-       type = packet_read(&payload_len);
-       if (type != SSH_SMSG_FAILURE &&
-           type != SSH_SMSG_AUTH_TIS_CHALLENGE) {
-               packet_disconnect("Protocol error: got %d in response "
-                                 "to skey-auth", type);
+               t++;
        }
-       if (type != SSH_SMSG_AUTH_TIS_CHALLENGE) {
-               debug("No challenge for skey authentication.");
-               return 0;
-       }
-       challenge = packet_get_string(&payload_len);
-       if (options.cipher == SSH_CIPHER_NONE)
-               log("WARNING: Encryption is disabled! "
-                   "Reponse will be transmitted in clear text.");
-       fprintf(stderr, "%s\n", challenge);
-       fflush(stderr);
-       for (i = 0; i < options.number_of_password_prompts; i++) {
-               if (i != 0)
-                       error("Permission denied, please try again.");
-               response = read_passphrase("Response: ", 0);
-               packet_start(SSH_CMSG_AUTH_TIS_RESPONSE);
-               packet_put_string(response, strlen(response));
-               memset(response, 0, strlen(response));
-               xfree(response);
-               packet_send();
-               packet_write_wait();
-               type = packet_read(&payload_len);
-               if (type == SSH_SMSG_SUCCESS)
-                       return 1;
-               if (type != SSH_SMSG_FAILURE)
-                       packet_disconnect("Protocol error: got %d in response "
-                                         "to skey-auth-reponse", type);
-       }
-       /* failure */
-       return 0;
-}
+       return s;
 
-/*
- * Tries to authenticate with plain passwd authentication.
- */
-int
-try_password_authentication(char *prompt)
-{
-       int type, i, payload_len;
-       char *password;
-
-       debug("Doing password authentication.");
-       if (options.cipher == SSH_CIPHER_NONE)
-               log("WARNING: Encryption is disabled! Password will be transmitted in clear text.");
-       for (i = 0; i < options.number_of_password_prompts; i++) {
-               if (i != 0)
-                       error("Permission denied, please try again.");
-               password = read_passphrase(prompt, 0);
-               packet_start(SSH_CMSG_AUTH_PASSWORD);
-               packet_put_string(password, strlen(password));
-               memset(password, 0, strlen(password));
-               xfree(password);
-               packet_send();
-               packet_write_wait();
-
-               type = packet_read(&payload_len);
-               if (type == SSH_SMSG_SUCCESS)
-                       return 1;
-               if (type != SSH_SMSG_FAILURE)
-                       packet_disconnect("Protocol error: got %d in response to passwd auth", type);
-       }
-       /* failure */
-       return 0;
 }
 
 /*
@@ -984,18 +320,21 @@ void
 ssh_exchange_identification()
 {
        char buf[256], remote_version[256];     /* must be same size! */
-       int remote_major, remote_minor, i;
+       int remote_major, remote_minor, i, mismatch;
        int connection_in = packet_get_connection_in();
        int connection_out = packet_get_connection_out();
 
        /* Read other side\'s version identification. */
        for (i = 0; i < sizeof(buf) - 1; i++) {
-               if (read(connection_in, &buf[i], 1) != 1)
+               int len = read(connection_in, &buf[i], 1);
+               if (len < 0)
                        fatal("ssh_exchange_identification: read: %.100s", strerror(errno));
+               if (len != 1)
+                       fatal("ssh_exchange_identification: Connection closed by remote host");
                if (buf[i] == '\r') {
                        buf[i] = '\n';
                        buf[i + 1] = 0;
-                       break;
+                       continue;               /**XXX wait for \n */
                }
                if (buf[i] == '\n') {
                        buf[i + 1] = 0;
@@ -1003,50 +342,73 @@ ssh_exchange_identification()
                }
        }
        buf[sizeof(buf) - 1] = 0;
+       server_version_string = xstrdup(buf);
 
        /*
         * Check that the versions match.  In future this might accept
         * several versions and set appropriate flags to handle them.
         */
-       if (sscanf(buf, "SSH-%d.%d-%[^\n]\n", &remote_major, &remote_minor,
-                  remote_version) != 3)
+       if (sscanf(server_version_string, "SSH-%d.%d-%[^\n]\n",
+           &remote_major, &remote_minor, remote_version) != 3)
                fatal("Bad remote protocol version identification: '%.100s'", buf);
        debug("Remote protocol version %d.%d, remote software version %.100s",
              remote_major, remote_minor, remote_version);
 
-       /* Check if the remote protocol version is too old. */
-       if (remote_major == 1 && remote_minor < 3)
-               fatal("Remote machine has too old SSH software version.");
+       compat_datafellows(remote_version);
+       mismatch = 0;
 
-       /* We speak 1.3, too. */
-       if (remote_major == 1 && remote_minor == 3) {
-               enable_compat13();
-               if (options.forward_agent && strcmp(remote_version, SSH_VERSION) != 0) {
-                       log("Agent forwarding disabled, remote version '%s' is not compatible.",
-                           remote_version);
-                       options.forward_agent = 0;
+       switch(remote_major) {
+       case 1:
+               if (remote_minor == 99 &&
+                   (options.protocol & SSH_PROTO_2) &&
+                   !(options.protocol & SSH_PROTO_1_PREFERRED)) {
+                       enable_compat20();
+                       break;
+               }
+               if (!(options.protocol & SSH_PROTO_1)) {
+                       mismatch = 1;
+                       break;
                }
+               if (remote_minor < 3) {
+                       fatal("Remote machine has too old SSH software version.");
+               } else if (remote_minor == 3) {
+                       /* We speak 1.3, too. */
+                       enable_compat13();
+                       if (options.forward_agent) {
+                               log("Agent forwarding disabled for protocol 1.3");
+                               options.forward_agent = 0;
+                       }
+               }
+               break;
+       case 2:
+               if (options.protocol & SSH_PROTO_2) {
+                       enable_compat20();
+                       break;
+               }
+               /* FALLTHROUGH */
+       default:
+               mismatch = 1;
+               break;
        }
-#if 0
-       /*
-        * Removed for now, to permit compatibility with latter versions. The
-        * server will reject our version and disconnect if it doesn't
-        * support it.
-        */
-       if (remote_major != PROTOCOL_MAJOR)
+       if (mismatch)
                fatal("Protocol major versions differ: %d vs. %d",
-                     PROTOCOL_MAJOR, remote_major);
-#endif
-
+                   (options.protocol & SSH_PROTO_2) ? PROTOCOL_MAJOR_2 : PROTOCOL_MAJOR_1,
+                   remote_major);
+       if (compat20)
+               packet_set_ssh2_format();
        /* Send our own protocol version identification. */
        snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s\n",
-           PROTOCOL_MAJOR, PROTOCOL_MINOR, SSH_VERSION);
+           compat20 ? PROTOCOL_MAJOR_2 : PROTOCOL_MAJOR_1,
+           compat20 ? PROTOCOL_MINOR_2 : PROTOCOL_MINOR_1,
+           SSH_VERSION);
        if (atomicio(write, connection_out, buf, strlen(buf)) != strlen(buf))
                fatal("write: %.100s", strerror(errno));
+       client_version_string = xstrdup(buf);
+       chop(client_version_string);
+       chop(server_version_string);
+       debug("Local version string %.100s", client_version_string);
 }
 
-int ssh_cipher_default = SSH_CIPHER_3DES;
-
 int
 read_yes_or_no(const char *prompt, int defval)
 {
@@ -1095,17 +457,45 @@ read_yes_or_no(const char *prompt, int defval)
  */
 
 void
-check_host_key(char *host,
-    struct sockaddr_in *hostaddr,
-    RSA *host_key)
+check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
+       const char *user_hostfile, const char *system_hostfile)
 {
-       RSA *file_key;
+       Key *file_key;
        char *ip = NULL;
        char hostline[1000], *hostp;
        HostStatus host_status;
        HostStatus ip_status;
-       int host_ip_differ = 0;
-       int local = (ntohl(hostaddr->sin_addr.s_addr) >> 24) == IN_LOOPBACKNET;
+       int local = 0, host_ip_differ = 0;
+       int salen;
+       char ntop[NI_MAXHOST];
+
+       /*
+        * Force accepting of the host key for loopback/localhost. The
+        * problem is that if the home directory is NFS-mounted to multiple
+        * machines, localhost will refer to a different machine in each of
+        * them, and the user will get bogus HOST_CHANGED warnings.  This
+        * essentially disables host authentication for localhost; however,
+        * this is probably not a real problem.
+        */
+       /**  hostaddr == 0! */
+       switch (hostaddr->sa_family) {
+       case AF_INET:
+               local = (ntohl(((struct sockaddr_in *)hostaddr)->sin_addr.s_addr) >> 24) == IN_LOOPBACKNET;
+               salen = sizeof(struct sockaddr_in);
+               break;
+       case AF_INET6:
+               local = IN6_IS_ADDR_LOOPBACK(&(((struct sockaddr_in6 *)hostaddr)->sin6_addr));
+               salen = sizeof(struct sockaddr_in6);
+               break;
+       default:
+               local = 0;
+               salen = sizeof(struct sockaddr_storage);
+               break;
+       }
+       if (local) {
+               debug("Forcing accepting of host key for loopback/localhost.");
+               return;
+       }
 
        /*
         * Turn off check_host_ip for proxy connects, since
@@ -1114,66 +504,45 @@ check_host_key(char *host,
        if (options.proxy_command != NULL && options.check_host_ip)
                options.check_host_ip = 0;
 
-       if (options.check_host_ip)
-               ip = xstrdup(inet_ntoa(hostaddr->sin_addr));
+       if (options.check_host_ip) {
+               if (getnameinfo(hostaddr, salen, ntop, sizeof(ntop),
+                   NULL, 0, NI_NUMERICHOST) != 0)
+                       fatal("check_host_key: getnameinfo failed");
+               ip = xstrdup(ntop);
+       }
 
        /*
         * Store the host key from the known host file in here so that we can
         * compare it with the key for the IP address.
         */
-       file_key = RSA_new();
-       file_key->n = BN_new();
-       file_key->e = BN_new();
+       file_key = key_new(host_key->type);
 
        /*
         * Check if the host key is present in the user\'s list of known
         * hosts or in the systemwide list.
         */
-       host_status = check_host_in_hostfile(options.user_hostfile, host,
-                                            host_key->e, host_key->n,
-                                            file_key->e, file_key->n);
+       host_status = check_host_in_hostfile(user_hostfile, host, host_key, file_key);
        if (host_status == HOST_NEW)
-               host_status = check_host_in_hostfile(options.system_hostfile, host,
-                                               host_key->e, host_key->n,
-                                              file_key->e, file_key->n);
-       /*
-        * Force accepting of the host key for localhost and 127.0.0.1. The
-        * problem is that if the home directory is NFS-mounted to multiple
-        * machines, localhost will refer to a different machine in each of
-        * them, and the user will get bogus HOST_CHANGED warnings.  This
-        * essentially disables host authentication for localhost; however,
-        * this is probably not a real problem.
-        */
-       if (local) {
-               debug("Forcing accepting of host key for localhost.");
-               host_status = HOST_OK;
-       }
+               host_status = check_host_in_hostfile(system_hostfile, host, host_key, file_key);
        /*
         * Also perform check for the ip address, skip the check if we are
         * localhost or the hostname was an ip address to begin with
         */
        if (options.check_host_ip && !local && strcmp(host, ip)) {
-               RSA *ip_key = RSA_new();
-               ip_key->n = BN_new();
-               ip_key->e = BN_new();
-               ip_status = check_host_in_hostfile(options.user_hostfile, ip,
-                                               host_key->e, host_key->n,
-                                                  ip_key->e, ip_key->n);
+               Key *ip_key = key_new(host_key->type);
+               ip_status = check_host_in_hostfile(user_hostfile, ip, host_key, ip_key);
 
                if (ip_status == HOST_NEW)
-                       ip_status = check_host_in_hostfile(options.system_hostfile, ip,
-                                               host_key->e, host_key->n,
-                                                  ip_key->e, ip_key->n);
+                       ip_status = check_host_in_hostfile(system_hostfile, ip, host_key, ip_key);
                if (host_status == HOST_CHANGED &&
-                   (ip_status != HOST_CHANGED ||
-                    (BN_cmp(ip_key->e, file_key->e) || BN_cmp(ip_key->n, file_key->n))))
+                   (ip_status != HOST_CHANGED || !key_equal(ip_key, file_key)))
                        host_ip_differ = 1;
 
-               RSA_free(ip_key);
+               key_free(ip_key);
        } else
                ip_status = host_status;
 
-       RSA_free(file_key);
+       key_free(file_key);
 
        switch (host_status) {
        case HOST_OK:
@@ -1181,10 +550,9 @@ check_host_key(char *host,
                debug("Host '%.200s' is known and matches the host key.", host);
                if (options.check_host_ip) {
                        if (ip_status == HOST_NEW) {
-                               if (!add_host_to_hostfile(options.user_hostfile, ip,
-                                              host_key->e, host_key->n))
+                               if (!add_host_to_hostfile(user_hostfile, ip, host_key))
                                        log("Failed to add the host key for IP address '%.30s' to the list of known hosts (%.30s).",
-                                           ip, options.user_hostfile);
+                                           ip, user_hostfile);
                                else
                                        log("Warning: Permanently added host key for IP address '%.30s' to the list of known hosts.",
                                            ip);
@@ -1202,12 +570,12 @@ check_host_key(char *host,
                } else if (options.strict_host_key_checking == 2) {
                        /* The default */
                        char prompt[1024];
-                       char *fp = fingerprint(host_key->e, host_key->n);
+                       char *fp = key_fingerprint(host_key);
                        snprintf(prompt, sizeof(prompt),
                            "The authenticity of host '%.200s' can't be established.\n"
-                           "Key fingerprint is %d %s.\n"
+                           "Key fingerprint is %s.\n"
                            "Are you sure you want to continue connecting (yes/no)? ",
-                           host, BN_num_bits(host_key->n), fp);
+                           host, fp);
                        if (!read_yes_or_no(prompt, -1))
                                fatal("Aborted by user!\n");
                }
@@ -1218,10 +586,9 @@ check_host_key(char *host,
                        hostp = host;
 
                /* If not in strict mode, add the key automatically to the local known_hosts file. */
-               if (!add_host_to_hostfile(options.user_hostfile, hostp,
-                                         host_key->e, host_key->n))
+               if (!add_host_to_hostfile(user_hostfile, hostp, host_key))
                        log("Failed to add the host to the list of known hosts (%.500s).",
-                           options.user_hostfile);
+                           user_hostfile);
                else
                        log("Warning: Permanently added '%.200s' to the list of known hosts.",
                            hostp);
@@ -1246,14 +613,14 @@ check_host_key(char *host,
                }
                /* The host key has changed. */
                error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
-               error("@       WARNING: HOST IDENTIFICATION HAS CHANGED!         @");
+               error("@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @");
                error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
                error("IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!");
                error("Someone could be eavesdropping on you right now (man-in-the-middle attack)!");
                error("It is also possible that the host key has just been changed.");
                error("Please contact your system administrator.");
                error("Add correct host key in %.100s to get rid of this message.",
-                     options.user_hostfile);
+                     user_hostfile);
 
                /*
                 * If strict host key checking is in use, the user will have
@@ -1292,32 +659,23 @@ check_host_key(char *host,
  * Starts a dialog with the server, and authenticates the current user on the
  * server.  This does not need any extra privileges.  The basic connection
  * to the server must already have been established before this is called.
- * User is the remote user; if it is NULL, the current local user name will
- * be used.  Anonymous indicates that no rhosts authentication will be used.
  * If login fails, this function prints an error and never returns.
  * This function does not require super-user privileges.
  */
 void
-ssh_login(int host_key_valid,
-         RSA *own_host_key,
-         const char *orighost,
-         struct sockaddr_in *hostaddr,
-         uid_t original_real_uid)
+ssh_login(int host_key_valid, RSA *own_host_key, const char *orighost,
+    struct sockaddr *hostaddr, uid_t original_real_uid)
 {
-       int i, type;
        struct passwd *pw;
-       BIGNUM *key;
-       RSA *host_key;
-       RSA *public_key;
-       int bits, rbits;
-       unsigned char session_key[SSH_SESSION_KEY_LENGTH];
-       const char *server_user, *local_user;
        char *host, *cp;
-       unsigned char check_bytes[8];
-       unsigned int supported_ciphers, supported_authentications;
-       unsigned int server_flags, client_flags;
-       int payload_len, clen, sum_len = 0;
-       u_int32_t rand = 0;
+       char *server_user, *local_user;
+
+       /* Get local user name.  Use it as server user if no user name was given. */
+       pw = getpwuid(original_real_uid);
+       if (!pw)
+               fatal("User id %d not found from user database.", original_real_uid);
+       local_user = xstrdup(pw->pw_name);
+       server_user = options.user ? options.user : local_user;
 
        /* Convert the user-supplied hostname into all lowercase. */
        host = xstrdup(orighost);
@@ -1331,305 +689,13 @@ ssh_login(int host_key_valid,
        /* Put the connection into non-blocking mode. */
        packet_set_nonblocking();
 
-       /* Get local user name.  Use it as server user if no user name was given. */
-       pw = getpwuid(original_real_uid);
-       if (!pw)
-               fatal("User id %d not found from user database.", original_real_uid);
-       local_user = xstrdup(pw->pw_name);
-       server_user = options.user ? options.user : local_user;
-
-       debug("Waiting for server public key.");
-
-       /* Wait for a public key packet from the server. */
-       packet_read_expect(&payload_len, SSH_SMSG_PUBLIC_KEY);
-
-       /* Get check bytes from the packet. */
-       for (i = 0; i < 8; i++)
-               check_bytes[i] = packet_get_char();
-
-       /* Get the public key. */
-       public_key = RSA_new();
-       bits = packet_get_int();/* bits */
-       public_key->e = BN_new();
-       packet_get_bignum(public_key->e, &clen);
-       sum_len += clen;
-       public_key->n = BN_new();
-       packet_get_bignum(public_key->n, &clen);
-       sum_len += clen;
-
-       rbits = BN_num_bits(public_key->n);
-       if (bits != rbits) {
-               log("Warning: Server lies about size of server public key: "
-                   "actual size is %d bits vs. announced %d.", rbits, bits);
-               log("Warning: This may be due to an old implementation of ssh.");
-       }
-       /* Get the host key. */
-       host_key = RSA_new();
-       bits = packet_get_int();/* bits */
-       host_key->e = BN_new();
-       packet_get_bignum(host_key->e, &clen);
-       sum_len += clen;
-       host_key->n = BN_new();
-       packet_get_bignum(host_key->n, &clen);
-       sum_len += clen;
-
-       rbits = BN_num_bits(host_key->n);
-       if (bits != rbits) {
-               log("Warning: Server lies about size of server host key: "
-                   "actual size is %d bits vs. announced %d.", rbits, bits);
-               log("Warning: This may be due to an old implementation of ssh.");
-       }
-
-       /* Get protocol flags. */
-       server_flags = packet_get_int();
-       packet_set_protocol_flags(server_flags);
-
-       supported_ciphers = packet_get_int();
-       supported_authentications = packet_get_int();
-
-       debug("Received server public key (%d bits) and host key (%d bits).",
-             BN_num_bits(public_key->n), BN_num_bits(host_key->n));
-
-       packet_integrity_check(payload_len,
-                              8 + 4 + sum_len + 0 + 4 + 0 + 0 + 4 + 4 + 4,
-                              SSH_SMSG_PUBLIC_KEY);
-
-       check_host_key(host, hostaddr, host_key);
-
-       client_flags = SSH_PROTOFLAG_SCREEN_NUMBER | SSH_PROTOFLAG_HOST_IN_FWD_OPEN;
-
-       compute_session_id(session_id, check_bytes, host_key->n, public_key->n);
-
-       /* Generate a session key. */
-       arc4random_stir();
-
-       /*
-        * Generate an encryption key for the session.   The key is a 256 bit
-        * random number, interpreted as a 32-byte key, with the least
-        * significant 8 bits being the first byte of the key.
-        */
-       for (i = 0; i < 32; i++) {
-               if (i % 4 == 0)
-                       rand = arc4random();
-               session_key[i] = rand & 0xff;
-               rand >>= 8;
-       }
-
-       /*
-        * According to the protocol spec, the first byte of the session key
-        * is the highest byte of the integer.  The session key is xored with
-        * the first 16 bytes of the session id.
-        */
-       key = BN_new();
-       BN_set_word(key, 0);
-       for (i = 0; i < SSH_SESSION_KEY_LENGTH; i++) {
-               BN_lshift(key, key, 8);
-               if (i < 16)
-                       BN_add_word(key, session_key[i] ^ session_id[i]);
-               else
-                       BN_add_word(key, session_key[i]);
-       }
-
-       /*
-        * Encrypt the integer using the public key and host key of the
-        * server (key with smaller modulus first).
-        */
-       if (BN_cmp(public_key->n, host_key->n) < 0) {
-               /* Public key has smaller modulus. */
-               if (BN_num_bits(host_key->n) <
-                   BN_num_bits(public_key->n) + SSH_KEY_BITS_RESERVED) {
-                       fatal("respond_to_rsa_challenge: host_key %d < public_key %d + "
-                             "SSH_KEY_BITS_RESERVED %d",
-                             BN_num_bits(host_key->n),
-                             BN_num_bits(public_key->n),
-                             SSH_KEY_BITS_RESERVED);
-               }
-               rsa_public_encrypt(key, key, public_key);
-               rsa_public_encrypt(key, key, host_key);
+       /* key exchange */
+       /* authenticate user */
+       if (compat20) {
+               ssh_kex2(host, hostaddr);
+               ssh_userauth2(server_user, host);
        } else {
-               /* Host key has smaller modulus (or they are equal). */
-               if (BN_num_bits(public_key->n) <
-                   BN_num_bits(host_key->n) + SSH_KEY_BITS_RESERVED) {
-                       fatal("respond_to_rsa_challenge: public_key %d < host_key %d + "
-                             "SSH_KEY_BITS_RESERVED %d",
-                             BN_num_bits(public_key->n),
-                             BN_num_bits(host_key->n),
-                             SSH_KEY_BITS_RESERVED);
-               }
-               rsa_public_encrypt(key, key, host_key);
-               rsa_public_encrypt(key, key, public_key);
-       }
-
-       if (options.cipher == SSH_CIPHER_NOT_SET) {
-               if (cipher_mask() & supported_ciphers & (1 << ssh_cipher_default))
-                       options.cipher = ssh_cipher_default;
-               else {
-                       debug("Cipher %s not supported, using %.100s instead.",
-                             cipher_name(ssh_cipher_default),
-                             cipher_name(SSH_FALLBACK_CIPHER));
-                       options.cipher = SSH_FALLBACK_CIPHER;
-               }
-       }
-       /* Check that the selected cipher is supported. */
-       if (!(supported_ciphers & (1 << options.cipher)))
-               fatal("Selected cipher type %.100s not supported by server.",
-                     cipher_name(options.cipher));
-
-       debug("Encryption type: %.100s", cipher_name(options.cipher));
-
-       /* Send the encrypted session key to the server. */
-       packet_start(SSH_CMSG_SESSION_KEY);
-       packet_put_char(options.cipher);
-
-       /* Send the check bytes back to the server. */
-       for (i = 0; i < 8; i++)
-               packet_put_char(check_bytes[i]);
-
-       /* Send the encrypted encryption key. */
-       packet_put_bignum(key);
-
-       /* Send protocol flags. */
-       packet_put_int(client_flags);
-
-       /* Send the packet now. */
-       packet_send();
-       packet_write_wait();
-
-       /* Destroy the session key integer and the public keys since we no longer need them. */
-       BN_clear_free(key);
-       RSA_free(public_key);
-       RSA_free(host_key);
-
-       debug("Sent encrypted session key.");
-
-       /* Set the encryption key. */
-       packet_set_encryption_key(session_key, SSH_SESSION_KEY_LENGTH, options.cipher);
-
-       /* We will no longer need the session key here.  Destroy any extra copies. */
-       memset(session_key, 0, sizeof(session_key));
-
-       /*
-        * Expect a success message from the server.  Note that this message
-        * will be received in encrypted form.
-        */
-       packet_read_expect(&payload_len, SSH_SMSG_SUCCESS);
-
-       debug("Received encrypted confirmation.");
-
-       /* Send the name of the user to log in as on the server. */
-       packet_start(SSH_CMSG_USER);
-       packet_put_string(server_user, strlen(server_user));
-       packet_send();
-       packet_write_wait();
-
-       /*
-        * The server should respond with success if no authentication is
-        * needed (the user has no password).  Otherwise the server responds
-        * with failure.
-        */
-       type = packet_read(&payload_len);
-
-       /* check whether the connection was accepted without authentication. */
-       if (type == SSH_SMSG_SUCCESS)
-               return;
-       if (type != SSH_SMSG_FAILURE)
-               packet_disconnect("Protocol error: got %d in response to SSH_CMSG_USER",
-                                 type);
-
-#ifdef AFS
-       /* Try Kerberos tgt passing if the server supports it. */
-       if ((supported_authentications & (1 << SSH_PASS_KERBEROS_TGT)) &&
-           options.kerberos_tgt_passing) {
-               if (options.cipher == SSH_CIPHER_NONE)
-                       log("WARNING: Encryption is disabled! Ticket will be transmitted in the clear!");
-               (void) send_kerberos_tgt();
-       }
-       /* Try AFS token passing if the server supports it. */
-       if ((supported_authentications & (1 << SSH_PASS_AFS_TOKEN)) &&
-           options.afs_token_passing && k_hasafs()) {
-               if (options.cipher == SSH_CIPHER_NONE)
-                       log("WARNING: Encryption is disabled! Token will be transmitted in the clear!");
-               send_afs_tokens();
-       }
-#endif /* AFS */
-
-#ifdef KRB4
-       if ((supported_authentications & (1 << SSH_AUTH_KERBEROS)) &&
-           options.kerberos_authentication) {
-               debug("Trying Kerberos authentication.");
-               if (try_kerberos_authentication()) {
-                       /* The server should respond with success or failure. */
-                       type = packet_read(&payload_len);
-                       if (type == SSH_SMSG_SUCCESS)
-                               return;
-                       if (type != SSH_SMSG_FAILURE)
-                               packet_disconnect("Protocol error: got %d in response to Kerberos auth", type);
-               }
-       }
-#endif /* KRB4 */
-
-       /*
-        * Use rhosts authentication if running in privileged socket and we
-        * do not wish to remain anonymous.
-        */
-       if ((supported_authentications & (1 << SSH_AUTH_RHOSTS)) &&
-           options.rhosts_authentication) {
-               debug("Trying rhosts authentication.");
-               packet_start(SSH_CMSG_AUTH_RHOSTS);
-               packet_put_string(local_user, strlen(local_user));
-               packet_send();
-               packet_write_wait();
-
-               /* The server should respond with success or failure. */
-               type = packet_read(&payload_len);
-               if (type == SSH_SMSG_SUCCESS)
-                       return;
-               if (type != SSH_SMSG_FAILURE)
-                       packet_disconnect("Protocol error: got %d in response to rhosts auth",
-                                         type);
-       }
-       /*
-        * Try .rhosts or /etc/hosts.equiv authentication with RSA host
-        * authentication.
-        */
-       if ((supported_authentications & (1 << SSH_AUTH_RHOSTS_RSA)) &&
-           options.rhosts_rsa_authentication && host_key_valid) {
-               if (try_rhosts_rsa_authentication(local_user, own_host_key))
-                       return;
-       }
-       /* Try RSA authentication if the server supports it. */
-       if ((supported_authentications & (1 << SSH_AUTH_RSA)) &&
-           options.rsa_authentication) {
-               /*
-                * Try RSA authentication using the authentication agent. The
-                * agent is tried first because no passphrase is needed for
-                * it, whereas identity files may require passphrases.
-                */
-               if (try_agent_authentication())
-                       return;
-
-               /* Try RSA authentication for each identity. */
-               for (i = 0; i < options.num_identity_files; i++)
-                       if (try_rsa_authentication(options.identity_files[i]))
-                               return;
-       }
-       /* Try skey authentication if the server supports it. */
-       if ((supported_authentications & (1 << SSH_AUTH_TIS)) &&
-           options.skey_authentication && !options.batch_mode) {
-               if (try_skey_authentication())
-                       return;
-       }
-       /* Try password authentication if the server supports it. */
-       if ((supported_authentications & (1 << SSH_AUTH_PASSWORD)) &&
-           options.password_authentication && !options.batch_mode) {
-               char prompt[80];
-
-               snprintf(prompt, sizeof(prompt), "%.30s@%.40s's password: ",
-                   server_user, host);
-               if (try_password_authentication(prompt))
-                       return;
+               ssh_kex(host, hostaddr);
+               ssh_userauth(local_user, server_user, host, host_key_valid, own_host_key);
        }
-       /* All authentication methods have failed.  Exit with an error message. */
-       fatal("Permission denied.");
-       /* NOTREACHED */
 }
This page took 0.627785 seconds and 4 git commands to generate.