void *publickey_blob;
int publickey_bloblen;
char *publickey_comment;
- int publickey_encrypted;
+ int privatekey_available, privatekey_encrypted;
prompts_t *cur_prompt;
char c;
int pwpkt_type;
s->keyfile = conf_get_filename(ssh->conf, CONF_keyfile);
if (!filename_is_null(s->keyfile)) {
int keytype;
- logeventf(ssh, "Reading private key file \"%.150s\"",
+ logeventf(ssh, "Reading key file \"%.150s\"",
filename_to_str(s->keyfile));
keytype = key_type(s->keyfile);
- if (keytype == SSH_KEYTYPE_SSH1) {
+ if (keytype == SSH_KEYTYPE_SSH1 ||
+ keytype == SSH_KEYTYPE_SSH1_PUBLIC) {
const char *error;
if (rsakey_pubblob(s->keyfile,
&s->publickey_blob, &s->publickey_bloblen,
&s->publickey_comment, &error)) {
- s->publickey_encrypted = rsakey_encrypted(s->keyfile,
- NULL);
+ s->privatekey_available = (keytype == SSH_KEYTYPE_SSH1);
+ if (!s->privatekey_available)
+ logeventf(ssh, "Key file contains public key only");
+ s->privatekey_encrypted = rsakey_encrypted(s->keyfile,
+ NULL);
} else {
char *msgbuf;
- logeventf(ssh, "Unable to load private key (%s)", error);
- msgbuf = dupprintf("Unable to load private key file "
+ logeventf(ssh, "Unable to load key (%s)", error);
+ msgbuf = dupprintf("Unable to load key file "
"\"%.150s\" (%s)\r\n",
filename_to_str(s->keyfile),
error);
if (s->authed)
break;
}
- if (s->publickey_blob && !s->tried_publickey) {
+ if (s->publickey_blob && s->privatekey_available &&
+ !s->tried_publickey) {
/*
* Try public key authentication with the specified
* key file.
*/
char *passphrase = NULL; /* only written after crReturn */
const char *error;
- if (!s->publickey_encrypted) {
+ if (!s->privatekey_encrypted) {
if (flags & FLAG_VERBOSE)
c_write_str(ssh, "No passphrase required.\r\n");
passphrase = NULL;
* If we're doing Diffie-Hellman group exchange, start by
* requesting a group.
*/
- if (!ssh->kex->pdata) {
+ if (dh_is_gex(ssh->kex)) {
logevent("Doing Diffie-Hellman group exchange");
ssh->pkt_kctx = SSH2_PKTCTX_DHGEX;
/*
}
set_busy_status(ssh->frontend, BUSY_CPU); /* cogitate */
ssh_pkt_getstring(pktin, &s->hostkeydata, &s->hostkeylen);
- s->hkey = ssh->hostkey->newkey(s->hostkeydata, s->hostkeylen);
+ s->hkey = ssh->hostkey->newkey(ssh->hostkey,
+ s->hostkeydata, s->hostkeylen);
s->f = ssh2_pkt_getmp(pktin);
if (!s->f) {
bombout(("unable to parse key exchange reply packet"));
set_busy_status(ssh->frontend, BUSY_NOT);
hash_string(ssh->kex->hash, ssh->exhash, s->hostkeydata, s->hostkeylen);
- if (!ssh->kex->pdata) {
+ if (dh_is_gex(ssh->kex)) {
if (!(ssh->remote_bugs & BUG_SSH2_OLDGEX))
hash_uint32(ssh->kex->hash, ssh->exhash, DH_MIN_SIZE);
hash_uint32(ssh->kex->hash, ssh->exhash, s->pbits);
dh_cleanup(ssh->kex_ctx);
freebn(s->f);
- if (!ssh->kex->pdata) {
+ if (dh_is_gex(ssh->kex)) {
freebn(s->g);
freebn(s->p);
}
ssh->kex->hash->text_name);
ssh->pkt_kctx = SSH2_PKTCTX_ECDHKEX;
- s->eckey = ssh_ecdhkex_newkey(ssh->kex->name);
+ s->eckey = ssh_ecdhkex_newkey(ssh->kex);
if (!s->eckey) {
bombout(("Unable to generate key for ECDH"));
crStopV;
ssh_pkt_getstring(pktin, &s->hostkeydata, &s->hostkeylen);
hash_string(ssh->kex->hash, ssh->exhash, s->hostkeydata, s->hostkeylen);
- s->hkey = ssh->hostkey->newkey(s->hostkeydata, s->hostkeylen);
+ s->hkey = ssh->hostkey->newkey(ssh->hostkey,
+ s->hostkeydata, s->hostkeylen);
{
char *publicPoint;
ssh_pkt_getstring(pktin, &s->hostkeydata, &s->hostkeylen);
hash_string(ssh->kex->hash, ssh->exhash,
s->hostkeydata, s->hostkeylen);
- s->hkey = ssh->hostkey->newkey(s->hostkeydata, s->hostkeylen);
+ s->hkey = ssh->hostkey->newkey(ssh->hostkey,
+ s->hostkeydata, s->hostkeylen);
{
char *keydata;
* Authenticate remote host: verify host key. (We've already
* checked the signature of the exchange hash.)
*/
- s->fingerprint = ssh->hostkey->fingerprint(s->hkey);
+ s->fingerprint = ssh2_fingerprint(ssh->hostkey, s->hkey);
logevent("Host key fingerprint is:");
logevent(s->fingerprint);
/* First check against manually configured host keys. */
int got_username;
void *publickey_blob;
int publickey_bloblen;
- int publickey_encrypted;
+ int privatekey_available, privatekey_encrypted;
char *publickey_algorithm;
char *publickey_comment;
unsigned char agent_request[5], *agent_response, *agentp;
s->keyfile = conf_get_filename(ssh->conf, CONF_keyfile);
if (!filename_is_null(s->keyfile)) {
int keytype;
- logeventf(ssh, "Reading private key file \"%.150s\"",
+ logeventf(ssh, "Reading key file \"%.150s\"",
filename_to_str(s->keyfile));
keytype = key_type(s->keyfile);
- if (keytype == SSH_KEYTYPE_SSH2) {
+ if (keytype == SSH_KEYTYPE_SSH2 ||
+ keytype == SSH_KEYTYPE_SSH2_PUBLIC_RFC4716 ||
+ keytype == SSH_KEYTYPE_SSH2_PUBLIC_OPENSSH) {
const char *error;
s->publickey_blob =
ssh2_userkey_loadpub(s->keyfile,
&s->publickey_bloblen,
&s->publickey_comment, &error);
if (s->publickey_blob) {
- s->publickey_encrypted =
+ s->privatekey_available = (keytype == SSH_KEYTYPE_SSH2);
+ if (!s->privatekey_available)
+ logeventf(ssh, "Key file contains public key only");
+ s->privatekey_encrypted =
ssh2_userkey_encrypted(s->keyfile, NULL);
} else {
char *msgbuf;
- logeventf(ssh, "Unable to load private key (%s)",
+ logeventf(ssh, "Unable to load key (%s)",
error);
- msgbuf = dupprintf("Unable to load private key file "
+ msgbuf = dupprintf("Unable to load key file "
"\"%.150s\" (%s)\r\n",
filename_to_str(s->keyfile),
error);
}
} else if (s->can_pubkey && s->publickey_blob &&
- !s->tried_pubkey_config) {
+ s->privatekey_available && !s->tried_pubkey_config) {
struct ssh2_userkey *key; /* not live over crReturn */
char *passphrase; /* not live over crReturn */
key = NULL;
while (!key) {
const char *error; /* not live over crReturn */
- if (s->publickey_encrypted) {
+ if (s->privatekey_encrypted) {
/*
* Get a passphrase from the user.
*/
/* Clear up various bits and pieces from authentication. */
if (s->publickey_blob) {
+ sfree(s->publickey_algorithm);
sfree(s->publickey_blob);
sfree(s->publickey_comment);
}