/* * Sample showing how to do SSH2 connect. * * The sample code has default values for host name, user name, password * and path to copy, but you can specify them on the command line like: * * $ ./ssh2 hostip user password [[-p|-i|-k] [command]] * * -p authenticate using password * -i authenticate using keyboard-interactive * -k authenticate using public key (password argument decrypts keyfile) * command executes on the remote machine */ #include "libssh2_setup.h" #include #ifdef HAVE_SYS_SOCKET_H #include #endif #ifdef HAVE_UNISTD_H #include #endif #ifdef HAVE_NETINET_IN_H #include #endif #ifdef HAVE_ARPA_INET_H #include #endif #include #include #include static const char *pubkey = ".ssh/id_rsa.pub"; static const char *privkey = ".ssh/id_rsa"; static const char *username = "username"; static const char *password = "password"; static void kbd_callback(const char *name, int name_len, const char *instruction, int instruction_len, int num_prompts, const LIBSSH2_USERAUTH_KBDINT_PROMPT *prompts, LIBSSH2_USERAUTH_KBDINT_RESPONSE *responses, void **abstract) { (void)name; (void)name_len; (void)instruction; (void)instruction_len; if(num_prompts == 1) { responses[0].text = strdup(password); responses[0].length = (unsigned int)strlen(password); } (void)prompts; (void)abstract; } int main(int argc, char *argv[]) { uint32_t hostaddr; libssh2_socket_t sock; int i, auth_pw = 0; struct sockaddr_in sin; const char *fingerprint; char *userauthlist; int rc; LIBSSH2_SESSION *session = NULL; LIBSSH2_CHANNEL *channel; #ifdef WIN32 WSADATA wsadata; rc = WSAStartup(MAKEWORD(2, 0), &wsadata); if(rc) { fprintf(stderr, "WSAStartup failed with error: %d\n", rc); return 1; } #endif if(argc > 1) { hostaddr = inet_addr(argv[1]); } else { hostaddr = htonl(0x7F000001); } if(argc > 2) { username = argv[2]; } if(argc > 3) { password = argv[3]; } rc = libssh2_init(0); if(rc) { fprintf(stderr, "libssh2 initialization failed (%d)\n", rc); return 1; } /* Ultra basic "connect to port 22 on localhost". Your code is * responsible for creating the socket establishing the connection */ sock = socket(AF_INET, SOCK_STREAM, 0); if(sock == LIBSSH2_INVALID_SOCKET) { fprintf(stderr, "failed to create socket!\n"); rc = 1; goto shutdown; } sin.sin_family = AF_INET; sin.sin_port = htons(22); sin.sin_addr.s_addr = hostaddr; fprintf(stderr, "Connecting to %s:%d as user %s\n", inet_ntoa(sin.sin_addr), ntohs(sin.sin_port), username); if(connect(sock, (struct sockaddr*)(&sin), sizeof(struct sockaddr_in))) { fprintf(stderr, "failed to connect!\n"); goto shutdown; } /* Create a session instance and start it up. This will trade welcome * banners, exchange keys, and setup crypto, compression, and MAC layers */ session = libssh2_session_init(); if(!session) { fprintf(stderr, "Could not initialize SSH session!\n"); goto shutdown; } /* Enable all debugging when libssh2 was built with debugging enabled */ libssh2_trace(session, ~0); rc = libssh2_session_handshake(session, sock); if(rc) { fprintf(stderr, "Failure establishing SSH session: %d\n", rc); goto shutdown; } rc = 1; /* At this point we have not yet authenticated. The first thing to do * is check the hostkey's fingerprint against our known hosts Your app * may have it hard coded, may go to a file, may present it to the * user, that's your call */ fingerprint = libssh2_hostkey_hash(session, LIBSSH2_HOSTKEY_HASH_SHA1); fprintf(stderr, "Fingerprint: "); for(i = 0; i < 20; i++) { fprintf(stderr, "%02X ", (unsigned char)fingerprint[i]); } fprintf(stderr, "\n"); /* check what authentication methods are available */ userauthlist = libssh2_userauth_list(session, username, (unsigned int)strlen(username)); if(userauthlist) { fprintf(stderr, "Authentication methods: %s\n", userauthlist); if(strstr(userauthlist, "password")) { auth_pw |= 1; } if(strstr(userauthlist, "keyboard-interactive")) { auth_pw |= 2; } if(strstr(userauthlist, "publickey")) { auth_pw |= 4; } /* check for options */ if(argc > 4) { if((auth_pw & 1) && !strcmp(argv[4], "-p")) { auth_pw = 1; } if((auth_pw & 2) && !strcmp(argv[4], "-i")) { auth_pw = 2; } if((auth_pw & 4) && !strcmp(argv[4], "-k")) { auth_pw = 4; } } if(auth_pw & 1) { /* We could authenticate via password */ if(libssh2_userauth_password(session, username, password)) { fprintf(stderr, "Authentication by password failed!\n"); goto shutdown; } else { fprintf(stderr, "Authentication by password succeeded.\n"); } } else if(auth_pw & 2) { /* Or via keyboard-interactive */ if(libssh2_userauth_keyboard_interactive(session, username, &kbd_callback) ) { fprintf(stderr, "Authentication by keyboard-interactive failed!\n"); goto shutdown; } else { fprintf(stderr, "Authentication by keyboard-interactive succeeded.\n"); } } else if(auth_pw & 4) { /* Or by public key */ size_t fn1sz, fn2sz; char *fn1, *fn2; char const *h = getenv("HOME"); if(!h || !*h) h = "."; fn1sz = strlen(h) + strlen(pubkey) + 2; fn2sz = strlen(h) + strlen(privkey) + 2; fn1 = malloc(fn1sz); fn2 = malloc(fn2sz); if(!fn1 || !fn2) { free(fn2); free(fn1); fprintf(stderr, "out of memory\n"); goto shutdown; } /* Using asprintf() here would be much cleaner, but less portable */ snprintf(fn1, fn1sz, "%s/%s", h, pubkey); snprintf(fn2, fn2sz, "%s/%s", h, privkey); if(libssh2_userauth_publickey_fromfile(session, username, fn1, fn2, password)) { fprintf(stderr, "Authentication by public key failed!\n"); free(fn2); free(fn1); goto shutdown; } else { fprintf(stderr, "Authentication by public key succeeded.\n"); } free(fn2); free(fn1); } else { fprintf(stderr, "No supported authentication methods found!\n"); goto shutdown; } } /* Request a session channel on which to run a shell */ channel = libssh2_channel_open_session(session); if(!channel) { fprintf(stderr, "Unable to open a session\n"); goto shutdown; } /* Some environment variables may be set, * It's up to the server which ones it'll allow though */ libssh2_channel_setenv(channel, "FOO", "bar"); /* Request a terminal with 'vanilla' terminal emulation * See /etc/termcap for more options. This is useful when opening * an interactive shell. */ #if 0 if(libssh2_channel_request_pty(channel, "vanilla")) { fprintf(stderr, "Failed requesting pty\n"); } #endif if(argc > 5) { if(libssh2_channel_exec(channel, argv[5])) { fprintf(stderr, "Unable to request command on channel\n"); goto shutdown; } /* Instead of just running a single command with libssh2_channel_exec, * a shell can be opened on the channel instead, for interactive use. * You usually want a pty allocated first in that case (see above). */ #if 0 if(libssh2_channel_shell(channel)) { fprintf(stderr, "Unable to request shell on allocated pty\n"); goto shutdown; } #endif /* At this point the shell can be interacted with using * libssh2_channel_read() * libssh2_channel_read_stderr() * libssh2_channel_write() * libssh2_channel_write_stderr() * * Blocking mode may be (en|dis)abled with: * libssh2_channel_set_blocking() * If the server send EOF, libssh2_channel_eof() will return non-0 * To send EOF to the server use: libssh2_channel_send_eof() * A channel can be closed with: libssh2_channel_close() * A channel can be freed with: libssh2_channel_free() */ /* Read and display all the data received on stdout (ignoring stderr) * until the channel closes. This will eventually block if the command * produces too much data on stderr; the loop must be rewritten to use * non-blocking mode and include interspersed calls to * libssh2_channel_read_stderr() to avoid this. See ssh2_echo.c for * an idea of how such a loop might look. */ while(!libssh2_channel_eof(channel)) { char buf[1024]; ssize_t err = libssh2_channel_read(channel, buf, sizeof(buf)); if(err < 0) fprintf(stderr, "Unable to read response: %d\n", (int)err); else { fwrite(buf, 1, err, stdout); } } } rc = libssh2_channel_get_exit_status(channel); if(libssh2_channel_close(channel)) fprintf(stderr, "Unable to close channel\n"); if(channel) { libssh2_channel_free(channel); channel = NULL; } /* Other channel types are supported via: * libssh2_scp_send() * libssh2_scp_recv2() * libssh2_channel_direct_tcpip() */ shutdown: if(session) { libssh2_session_disconnect(session, "Normal Shutdown"); libssh2_session_free(session); } if(sock != LIBSSH2_INVALID_SOCKET) { shutdown(sock, 2); #ifdef WIN32 closesocket(sock); #else close(sock); #endif } fprintf(stderr, "all done\n"); libssh2_exit(); return rc; }