1
0
mirror of https://github.com/tmate-io/tmate-ssh-server.git synced 2020-11-18 19:53:51 -08:00

Authenticating the server

This commit is contained in:
Nicolas Viennot 2013-06-12 01:28:01 -04:00
parent 141428691e
commit bf4edb4056
2 changed files with 61 additions and 6 deletions

View File

@ -71,6 +71,13 @@ static void consume_channel(struct tmate_ssh_client *client)
static void on_session_event(struct tmate_ssh_client *client) static void on_session_event(struct tmate_ssh_client *client)
{ {
ssh_key pubkey;
int key_type;
unsigned char *hash;
ssize_t hash_len;
char *hash_str;
int match;
int verbosity = SSH_LOG_RARE; int verbosity = SSH_LOG_RARE;
int port = TMATE_PORT; int port = TMATE_PORT;
@ -94,10 +101,10 @@ static void on_session_event(struct tmate_ssh_client *client)
} }
ssh_set_blocking(session, 0); ssh_set_blocking(session, 0);
ssh_options_set(session, SSH_OPTIONS_HOST, "localhost"); ssh_options_set(session, SSH_OPTIONS_HOST, TMATE_HOST);
ssh_options_set(session, SSH_OPTIONS_LOG_VERBOSITY, &verbosity); ssh_options_set(session, SSH_OPTIONS_LOG_VERBOSITY, &verbosity);
ssh_options_set(session, SSH_OPTIONS_PORT, &port); ssh_options_set(session, SSH_OPTIONS_PORT, &port);
ssh_options_set(session, SSH_OPTIONS_USER, TMATE_HOST); ssh_options_set(session, SSH_OPTIONS_USER, "tmate");
ssh_options_set(session, SSH_OPTIONS_COMPRESSION, "yes"); ssh_options_set(session, SSH_OPTIONS_COMPRESSION, "yes");
tmate_debug("Connecting..."); tmate_debug("Connecting...");
@ -116,13 +123,57 @@ static void on_session_event(struct tmate_ssh_client *client)
case SSH_OK: case SSH_OK:
register_session_fd_event(client); register_session_fd_event(client);
tmate_debug("Connected"); tmate_debug("Connected");
client->state = SSH_AUTH; client->state = SSH_AUTH_SERVER;
/* fall through */ /* fall through */
} }
/* TODO Authenticate server */ case SSH_AUTH_SERVER:
if ((hash_len = ssh_get_pubkey_hash(session, &hash)) < 0) {
tmate_debug("Cannnot authenticate server");
disconnect_session(client);
return;
}
case SSH_AUTH: hash_str = ssh_get_hexa(hash, hash_len);
if (!hash_str)
tmate_fatal("malloc failed");
if (ssh_get_publickey(session, &pubkey) < 0)
tmate_fatal("ssh_get_publickey");
#ifdef DEVENV
match = 1;
#else
key_type = ssh_key_type(pubkey);
switch (key_type) {
case SSH_KEYTYPE_DSS:
match = !strcmp(hash_str, TMATE_HOST_DSA_KEY);
break;
case SSH_KEYTYPE_RSA:
match = !strcmp(hash_str, TMATE_HOST_RSA_KEY);
break;
case SSH_KEYTYPE_ECDSA:
match = !strcmp(hash_str, TMATE_HOST_ECDSA_KEY);
break;
default:
match = 0;
}
#endif
ssh_key_free(pubkey);
ssh_clean_pubkey_hash(&hash);
free(hash_str);
if (!match) {
tmate_debug("Cannnot authenticate server");
disconnect_session(client);
return;
}
client->state = SSH_AUTH_CLIENT;
/* fall through */
case SSH_AUTH_CLIENT:
switch (ssh_userauth_autopubkey(session, NULL)) { switch (ssh_userauth_autopubkey(session, NULL)) {
case SSH_AUTH_AGAIN: case SSH_AUTH_AGAIN:
return; return;

View File

@ -69,6 +69,9 @@ extern void tmate_decoder_commit(struct tmate_decoder *decoder, size_t len);
#else #else
#define TMATE_HOST "tmate.io" #define TMATE_HOST "tmate.io"
#define TMATE_PORT 22 #define TMATE_PORT 22
#define TMATE_HOST_DSA_KEY "f5:26:31:c3:8a:78:6e:5c:77:74:0f:41:5b:5f:21:88"
#define TMATE_HOST_RSA_KEY "af:2d:81:c1:fe:49:70:2d:7f:09:a9:d7:4b:32:e3:be"
#define TMATE_HOST_ECDSA_KEY "c7:a1:51:36:d2:bb:35:4b:0a:1a:c0:43:97:74:ea:42"
#endif #endif
typedef struct ssh_session_struct* ssh_session; typedef struct ssh_session_struct* ssh_session;
@ -78,7 +81,8 @@ enum tmate_ssh_client_state_types {
SSH_NONE, SSH_NONE,
SSH_INIT, SSH_INIT,
SSH_CONNECT, SSH_CONNECT,
SSH_AUTH, SSH_AUTH_SERVER,
SSH_AUTH_CLIENT,
SSH_OPEN_CHANNEL, SSH_OPEN_CHANNEL,
SSH_BOOTSTRAP, SSH_BOOTSTRAP,
SSH_READY, SSH_READY,