Authenticating the server

2020-11-18 19:53:51 -08:00 · 2013-06-12 01:28:01 -04:00 · 2013-06-12 01:28:01 -04:00 · bf4edb4056
commit bf4edb4056
parent 141428691e
2 changed files with 61 additions and 6 deletions
--- a/tmate-ssh-client.c
+++ b/tmate-ssh-client.c
@ -71,6 +71,13 @@ static void consume_channel(struct tmate_ssh_client *client)

 static void on_session_event(struct tmate_ssh_client *client)
 {
+	ssh_key pubkey;
+	int key_type;
+	unsigned char *hash;
+	ssize_t hash_len;
+	char *hash_str;
+	int match;
+
 	int verbosity = SSH_LOG_RARE;
 	int port = TMATE_PORT;

@ -94,10 +101,10 @@ static void on_session_event(struct tmate_ssh_client *client)
 		}

 		ssh_set_blocking(session, 0);
-		ssh_options_set(session, SSH_OPTIONS_HOST, "localhost");
+		ssh_options_set(session, SSH_OPTIONS_HOST, TMATE_HOST);
 		ssh_options_set(session, SSH_OPTIONS_LOG_VERBOSITY, &verbosity);
 		ssh_options_set(session, SSH_OPTIONS_PORT, &port);
-		ssh_options_set(session, SSH_OPTIONS_USER, TMATE_HOST);
+		ssh_options_set(session, SSH_OPTIONS_USER, "tmate");
 		ssh_options_set(session, SSH_OPTIONS_COMPRESSION, "yes");

 		tmate_debug("Connecting...");
@ -116,13 +123,57 @@ static void on_session_event(struct tmate_ssh_client *client)
 		case SSH_OK:
 			register_session_fd_event(client);
 			tmate_debug("Connected");
-			client->state = SSH_AUTH;
+			client->state = SSH_AUTH_SERVER;
 			/* fall through */
 		}

-	/* TODO Authenticate server */
+	case SSH_AUTH_SERVER:
+		if ((hash_len = ssh_get_pubkey_hash(session, &hash)) < 0) {
+			tmate_debug("Cannnot authenticate server");
+			disconnect_session(client);
+			return;
+		}

-	case SSH_AUTH:
+		hash_str = ssh_get_hexa(hash, hash_len);
+		if (!hash_str)
+			tmate_fatal("malloc failed");
+
+		if (ssh_get_publickey(session, &pubkey) < 0)
+			tmate_fatal("ssh_get_publickey");
+
+#ifdef DEVENV
+		match = 1;
+#else
+		key_type = ssh_key_type(pubkey);
+		switch (key_type) {
+		case SSH_KEYTYPE_DSS:
+			match = !strcmp(hash_str, TMATE_HOST_DSA_KEY);
+			break;
+		case SSH_KEYTYPE_RSA:
+			match = !strcmp(hash_str, TMATE_HOST_RSA_KEY);
+			break;
+		case SSH_KEYTYPE_ECDSA:
+			match = !strcmp(hash_str, TMATE_HOST_ECDSA_KEY);
+			break;
+		default:
+			match = 0;
+		}
+#endif
+
+		ssh_key_free(pubkey);
+		ssh_clean_pubkey_hash(&hash);
+		free(hash_str);
+
+		if (!match) {
+			tmate_debug("Cannnot authenticate server");
+			disconnect_session(client);
+			return;
+		}
+
+		client->state = SSH_AUTH_CLIENT;
+		/* fall through */
+
+	case SSH_AUTH_CLIENT:
 		switch (ssh_userauth_autopubkey(session, NULL)) {
 		case SSH_AUTH_AGAIN:
 			return;
--- a/tmate.h
+++ b/tmate.h
@ -69,6 +69,9 @@ extern void tmate_decoder_commit(struct tmate_decoder *decoder, size_t len);
 #else
 #define TMATE_HOST "tmate.io"
 #define TMATE_PORT 22
+#define TMATE_HOST_DSA_KEY   "f5:26:31:c3:8a:78:6e:5c:77:74:0f:41:5b:5f:21:88"
+#define TMATE_HOST_RSA_KEY   "af:2d:81:c1:fe:49:70:2d:7f:09:a9:d7:4b:32:e3:be"
+#define TMATE_HOST_ECDSA_KEY "c7:a1:51:36:d2:bb:35:4b:0a:1a:c0:43:97:74:ea:42"
 #endif

 typedef struct ssh_session_struct* ssh_session;
@ -78,7 +81,8 @@ enum tmate_ssh_client_state_types {
 	SSH_NONE,
 	SSH_INIT,
 	SSH_CONNECT,
-	SSH_AUTH,
+	SSH_AUTH_SERVER,
+	SSH_AUTH_CLIENT,
 	SSH_OPEN_CHANNEL,
 	SSH_BOOTSTRAP,
 	SSH_READY,