Noratrieb/cluelessh
1
0
Fork 0
mirror of https://github.com/Noratrieb/cluelessh.git synced 2026-01-14 16:35:06 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix pubkey auth

Browse source
This commit is contained in:
nora 2024-08-23 15:57:52 +02:00
parent 85f1def4b5
commit a092cfd494
2 changed files with 37 additions and 15 deletions
Download patch file Download diff file Expand all files Collapse all files

23
bin/ssh/src/main.rs
View file

@ -4,7 +4,7 @@ use clap::Parser;
use eyre::{bail, Context, ContextCompat, OptionExt}; use eyre::{bail, Context, ContextCompat, OptionExt};
use rand::RngCore; use rand::RngCore;
use ssh_transport::{key::PublicKey, parse::Writer}; use ssh_transport::{key::PublicKey, numbers, parse::Writer};
use tokio::{ use tokio::{
io::{AsyncReadExt, AsyncWriteExt}, io::{AsyncReadExt, AsyncWriteExt},
net::TcpStream, net::TcpStream,
@ -122,21 +122,22 @@ async fn main() -> eyre::Result<()> {
todo!("try identities"); todo!("try identities");
} }
let identity = &identities[0]; let identity = &identities[0];
if attempted_public_keys.insert(identity.key_blob.clone()) { if !attempted_public_keys.insert(identity.key_blob.clone()) {
bail!("authentication denied (publickey)"); bail!("authentication denied (publickey)");
} }
let pubkey = PublicKey::from_wire_encoding(&identity.key_blob)?; let pubkey = PublicKey::from_wire_encoding(&identity.key_blob)?;
let mut sig = Writer::new(); let mut sign_data = Writer::new();
sig.string(session_identifier); sign_data.string(session_identifier);
sig.string(&username); sign_data.u8(numbers::SSH_MSG_USERAUTH_REQUEST);
sig.string("ssh-connection"); sign_data.string(&username);
sig.string("publickey"); sign_data.string("ssh-connection");
sig.bool(true); sign_data.string("publickey");
sig.string(pubkey.algorithm_name()); sign_data.bool(true);
sig.string(&identity.key_blob); sign_data.string(pubkey.algorithm_name());
sign_data.string(&identity.key_blob);
let data = sig.finish(); let data = sign_data.finish();
let signature = agent let signature = agent
.sign(&identity.key_blob, &data, 0) .sign(&identity.key_blob, &data, 0)
.await .await

29
lib/ssh-transport/src/client.rs
View file

@ -101,14 +101,15 @@ impl ClientConnection {
trace!(%packet_type, %packet_type_string, packet_len = %packet.payload.len(), "Received packet"); trace!(%packet_type, %packet_type_string, packet_len = %packet.payload.len(), "Received packet");
// TODO: deduplicate with server
// Handle some packets ignoring the state. // Handle some packets ignoring the state.
match packet.payload.first().copied() { match packet.payload.first().copied() {
Some(numbers::SSH_MSG_DISCONNECT) => { Some(numbers::SSH_MSG_DISCONNECT) => {
// <https://datatracker.ietf.org/doc/html/rfc4253#section-11.1> // <https://datatracker.ietf.org/doc/html/rfc4253#section-11.1>
let mut disconnect = Parser::new(&packet.payload[1..]); let mut p = Parser::new(&packet.payload[1..]);
let reason = disconnect.u32()?; let reason = p.u32()?;
let description = disconnect.utf8_string()?; let description = p.utf8_string()?;
let _language_tag = disconnect.utf8_string()?; let _language_tag = p.utf8_string()?;
let reason_string = let reason_string =
numbers::disconnect_reason_to_string(reason).unwrap_or("<unknown>"); numbers::disconnect_reason_to_string(reason).unwrap_or("<unknown>");
@ -117,6 +118,26 @@ impl ClientConnection {
return Err(SshStatus::Disconnect); return Err(SshStatus::Disconnect);
} }
Some(numbers::SSH_MSG_IGNORE) => {
// <https://datatracker.ietf.org/doc/html/rfc4253#section-11.2>
let mut p = Parser::new(&packet.payload[1..]);
let _ = p.string()?;
continue;
}
Some(numbers::SSH_MSG_DEBUG) => {
// <https://datatracker.ietf.org/doc/html/rfc4253#section-11.3>
let mut p = Parser::new(&packet.payload[1..]);
let always_display = p.bool()?;
let msg = p.utf8_string()?;
let _language_tag = p.utf8_string()?;
if always_display {
info!(%msg, "Received debug message (SSH_MSG_DEBUG)");
} else {
debug!(%msg, "Received debug message (SSH_MSG_DEBUG)")
}
continue;
}
_ => {} _ => {}
} }