Net-SSH-Perl

 view release on metacpan or  search on metacpan

Changes  view on Meta::CPAN

      of fingerprinting) and in pssh-keygen (-B option).

1.01  2001.05.02
    - Added SSH2 support.
    - Added Channel, ChannelMgr classes to manage open SSH2
      channels.
    - Added Key and subclasses Key::DSA, Key::RSA; managed
      access to keys and keyfiles.
    - Split Util functions into sub-modules that are loaded
      on demand. Added more utility functions for SSH2 bigints,
      etc. Deprecated _load_private_key, _save_private_key,
      _load_public_key, in favor of usage of Net::SSH::Perl::Key
      classes.
    - Changed Constants implementation; don't use 'constant'
      module, just keep constants in hash, then export them
      in custom import method.
    - Added eg/pssh-keygen, which has *almost* all of the
      functionality in the OpenSSH ssh-keygen.
    - Added Mac classes for MAC packet integrity.
    - Added Cipher/RC4, an arcfour implementation (only for
      SSH2).

Changes  view on Meta::CPAN

      SSH1 protocol.
    - better error checking for getservbyname lookup of ssh
      service (to get default port).
    - added eg/remoteinteract.pl, which demonstrates how to interact
      with a remote (interactive) command.

0.64  2001.03.13
    - fixed bug in Net::SSH::Perl::Cipher::new_from_key_str;
      empty key string (passphrase) was broken. This never
      cropped up in regular usage, only in testing.
    - added _save_private_key function to Net::SSH::Perl::Util,
      used to save private key files.
    - added cipher tests (05-cipher.t).
    - PasswordPromptLogin and PasswordPromptHost config options
      are now supported (on by default).
    - added untainting code for all places where data is read
      from external sources (ie. socket, key files, etc.),
      which should fix the "Corrupted check bytes" errors when
      using -T. It was breaking because substr replacement
      doesn't work on tainted values. See this p5p thread:
      http://www.xray.mpe.mpg.de/mailing-lists/perl5-porters/2000-09/msg00799.html

lib/Net/SSH/Perl/Auth/RSA.pm  view on Meta::CPAN

    }

    $packet;
}

sub _authenticate {
    my($auth, $auth_file) = @_;
    my $ssh = $auth->{ssh};
    my($packet);

    my($public_key, $comment, $private_key);
    eval {
        ($public_key, $comment) = _load_public_key($auth_file);
    };
    $ssh->debug("RSA authentication failed: Can't load public key."),
        return 0 if $@;

    $ssh->debug("Trying RSA authentication with key '$comment'");

    $ssh->debug("Server refused our key."), return unless
        $packet = $auth->_server_likes_key($public_key);

    my $challenge = $packet->get_mp_int;
    $ssh->debug("Received RSA challenge from server.");

    eval {
        $private_key = _load_private_key($auth_file, "");
    };
    if (!$private_key || $@) {
        my $passphrase = "";
        if ($ssh->config->get('interactive')) {
            $passphrase = _read_passphrase("Enter passphrase for RSA key '$comment': ");
        }
        else {
            $ssh->debug("Will not query passphrase for '$comment' in batch mode.");
        }

        eval {
            $private_key = _load_private_key($auth_file, $passphrase);
        };
        if (!$private_key || $@) {
            $ssh->debug("Loading private key failed: $@.");
            $packet = $ssh->packet_start(SSH_CMSG_AUTH_RSA_RESPONSE);
            $packet->put_char(0) for (1..16);
            $packet->send;

            Net::SSH::Perl::Packet->read_expect($ssh, SSH_SMSG_FAILURE);
            return 0;
        }
    }

    _respond_to_rsa_challenge($ssh, $challenge, $private_key);

    $packet = Net::SSH::Perl::Packet->read($ssh);
    my $type = $packet->type;
    if ($type == SSH_SMSG_SUCCESS) {
        $ssh->debug("RSA authentication accepted by server.");
        return 1;
    }
    elsif ($type != SSH_SMSG_FAILURE) {
        $ssh->fatal_disconnect("Protocol error waiting RSA auth response: $type");
    }

lib/Net/SSH/Perl/Auth/Rhosts_RSA.pm  view on Meta::CPAN

use strict;
use warnings;

use Net::SSH::Perl::Constants qw(
    SSH_SMSG_FAILURE
    SSH_SMSG_SUCCESS
    SSH_CMSG_AUTH_RHOSTS_RSA
    SSH_SMSG_AUTH_RSA_CHALLENGE
    SSH_CMSG_AUTH_RSA_RESPONSE );

use Net::SSH::Perl::Util qw( :rsa _load_private_key );
use Net::SSH::Perl::Packet;
use Net::SSH::Perl::Auth;
use base qw( Net::SSH::Perl::Auth );

use Scalar::Util qw(weaken);
use File::Spec::Functions qw( catfile );

sub new {
    my $class = shift;
    my $ssh = shift;

lib/Net/SSH/Perl/Auth/Rhosts_RSA.pm  view on Meta::CPAN

sub authenticate {
    my $auth = shift;
    my($packet);
    my $ssh = $auth->{ssh};

    $ssh->debug("Rhosts-RSA authentication is disabled by the client."), return
        unless $ssh->config->get('auth_rhosts_rsa');

    $ssh->debug("Trying rhosts or /etc/hosts.equiv with RSA host authentication.");

    my $private_key;
    eval {
        my $ssh_host_key = $^O eq 'MSWin32'
          ? catfile($ENV{WINDIR}, 'ssh_host_key')
          : '/etc/ssh_host_key';
        $private_key = _load_private_key($ssh_host_key);
    };
    $ssh->debug("Rhosts with RSA authentication failed: Can't load private host key."),
        return 0 if $@;

    my $user = $ssh->config->get('user');
    $packet = $ssh->packet_start(SSH_CMSG_AUTH_RHOSTS_RSA);
    $packet->put_str($user);
    $packet->put_int32($private_key->{rsa}{bits});
    $packet->put_mp_int($private_key->{rsa}{e});
    $packet->put_mp_int($private_key->{rsa}{n});
    $packet->send;

    $packet = Net::SSH::Perl::Packet->read($ssh);
    my $type = $packet->type;
    if ($type == SSH_SMSG_FAILURE) {
        $ssh->debug("Server refused our rhosts authentication or host key.");
        return 0;
    }

    if ($type != SSH_SMSG_AUTH_RSA_CHALLENGE) {
        $ssh->fatal_disconnect("Protocol error during RSA authentication: $type");
    }
    my $challenge = $packet->get_mp_int;

    $ssh->debug("Received RSA challenge for host key from server.");

    _respond_to_rsa_challenge($ssh, $challenge, $private_key);

    $packet = Net::SSH::Perl::Packet->read($ssh);
    $type = $packet->type;
    if ($type == SSH_SMSG_SUCCESS) {
        $ssh->debug("Rhosts or /etc/hosts.equiv with RSA host authentication accepted by server.");
        return 1;
    }
    elsif ($type != SSH_SMSG_FAILURE) {
        $ssh->fatal_disconnect("Protocol error waiting RSA auth response: $type");
    }

lib/Net/SSH/Perl/Key/Ed25519.xs  view on Meta::CPAN

	RETVAL

void
ed25519_generate_keypair (secret)
	SV *secret
PPCODE:
	{
		STRLEN secret_l; unsigned char *secret_p;

		unsigned char public_key[32];
		unsigned char private_key[64];

		secret_p = (unsigned char *)SvPVbyte (secret, secret_l);

		if (secret_l != 32)
			croak ("secret has wrong length (!= 32)");

		ed25519_create_keypair (public_key, private_key, (unsigned char *)secret_p);

		EXTEND (SP, 2);
		PUSHs (sv_2mortal (newSVpvn ((char *)public_key, sizeof public_key)));
		PUSHs (sv_2mortal (newSVpvn ((char *)private_key, sizeof private_key)));
     }

SV *
ed25519_sign_message (message, private_key)
	SV *message;
	SV *private_key;
CODE:
	{
		unsigned char signature[64];

		STRLEN message_l    ; char *message_p     = SvPVbyte (message    , message_l    );
		STRLEN private_key_l; char *private_key_p = SvPVbyte (private_key, private_key_l);

		if (private_key_l != 64)
			croak ("private key has wrong length (!= 64)");

		ed25519_sign (signature, (unsigned char *)message_p, message_l, (unsigned char *)private_key_p);

		RETVAL = newSVpvn ((char *)signature, sizeof signature);
	}
OUTPUT:
	RETVAL

bool
ed25519_verify_message (SV *message, SV *public_key, SV *signature)
CODE:
	{

lib/Net/SSH/Perl/Key/RSA1.pm  view on Meta::CPAN

    $key->{rsa}{q} = $gmp->($priv->q);

    $key;
}

sub read_private {
    my $class = shift;
    my($keyfile, $passphrase) = @_;
    my($key, $comment);
    eval {
        ($key, $comment) = _load_private_key($keyfile, $passphrase);
    };
    if (wantarray) {
        return $key && !$@ ? ($key, $comment) : ();
    }
    else {
        return $key && !$@ ? $key : undef;
    }
}

sub write_private {
    my $key = shift;
    my($keyfile, $passphrase, $comment) = @_;
    _save_private_key($keyfile, $key, $passphrase, $comment);
}

sub extract_public {
    my $class = shift;
    $class->new(@_);
}

sub dump_public { $_[0]->as_blob }

sub equal {

lib/Net/SSH/Perl/Util.pm  view on Meta::CPAN

use vars qw( %FUNC_TO_MOD %EXPORT_TAGS );

%FUNC_TO_MOD = (
    _crc32                    => 'SSH1Misc',
    _compute_session_id       => 'SSH1MP',
    _mp_linearize             => 'SSH1MP',
    _check_host_in_hostfile   => 'Hosts',
    _all_keys_for_host        => 'Hosts',
    _add_host_to_hostfile     => 'Hosts',
    _remove_host_from_hostfile=> 'Hosts',
    _load_private_key         => 'Authfile',
    _load_public_key          => 'Authfile',
    _save_private_key         => 'Authfile',
    _respond_to_rsa_challenge => 'RSA',
    _rsa_public_encrypt       => 'RSA',
    _rsa_private_decrypt      => 'RSA',
    _prompt                   => 'Term',
    _read_passphrase          => 'Term',
    _read_yes_or_no           => 'Term',
    _current_user_win32       => 'Win32',
    _socketpair               => 'Win32',
);

%EXPORT_TAGS = (
    hosts    => [ qw( _check_host_in_hostfile _all_keys_for_host
                      _add_host_to_hostfile _remove_host_from_hostfile ) ],
    rsa      => [ qw( _rsa_public_encrypt _rsa_private_decrypt
                      _respond_to_rsa_challenge ) ],
    ssh1mp   => [ qw( _compute_session_id _mp_linearize ) ],
    authfile => [ qw( _load_public_key _load_private_key _save_private_key ) ],
    win32    => [ qw( _current_user_win32 _socketpair ) ],
    all      => [ keys %FUNC_TO_MOD ],
);

sub import {
    my $class = shift;
    my $callpack = caller;

    my @to_export;
    my @args = @_;

lib/Net/SSH/Perl/Util.pm  view on Meta::CPAN

and C<_compute_session_id>.

Because the SSH1 implementation uses I<Math::GMP> for its
big integers, the functions in I<ssh1mp> all deal with
I<Math::GMP> objects.

=item * authfile

Routines associated with loading of RSA SSH1 keys (both public
and private) from keyfiles. Contains C<_load_public_key>,
C<_load_private_key>, and C<_save_private_key>.

Note that this interface is deprecated in favor of the
I<Net::SSH::Perl::Key> interface to loading keys.

=item * all

All routines. Contains all of the routines listed below.

=back

lib/Net/SSH/Perl/Util.pm  view on Meta::CPAN

If called in list context, returns the key and the comment
associated with the key. If called in scalar context,
returns only the key.

Dies if: the key file I<$key_file> can't be opened for
reading; or the key file is "bad" (the ID string in the
file doesn't match the PRIVATE_KEY_ID_STRING constant).

Returns the RSA key (a I<Net::SSH::Perl::Key::RSA1> object).

=head2 _load_private_key($key_file [, $passphrase ])

Given the location of a private key file I<$key_file>,
and an optional passphrase to decrypt the key, reads the
private key from that file. If I<$passphrase> is not
supplied, an empty passphrase (the empty string) is tried
instead.

If called in list context, returns the key and the comment
associated with the key. If called in scalar context,
returns only the key.

Dies if: the key file I<$key_file> can't be opened for
reading; the key file is "bad" (the ID string in the file
doesn't match the PRIVATE_KEY_ID_STRING constant); the
file is encrypted using an unsupported encryption cipher;
or the passphrase I<$passphrase> is incorrect.

Returns the RSA key (a I<Net::SSH::Perl::Key::RSA1> object).

=head2 _save_private_key($key_file, $key, [ $passphrase [, $comment ]])

Given a private key I<$key>, and the location of the private
key file I<$key_file>, writes out an SSH1 RSA key file to
I<$key_file>.

If I<$passphrase> is supplied, the private key portion of
the file is encrypted with I<3DES> encryption, using the
passphrase I<$passphrase>. If the passphrase is not supplied,
an empty passphrase will be used instead. This is useful
when using RSA authentication in a non-interactive process,

lib/Net/SSH/Perl/Util/Authfile.pm  view on Meta::CPAN

use warnings;

use Net::SSH::Perl::Buffer;
use Net::SSH::Perl::Constants qw( PRIVATE_KEY_ID_STRING );
use Net::SSH::Perl::Cipher;
use Net::SSH::Perl::Key;

use Carp qw( croak );

sub _load_public_key {
    _load_private_key($_[0], '', 1);
}

sub _load_private_key {
    my($key_file, $passphrase, $want_public) = @_;
    $passphrase ||= '';

    open my $fh, '<', $key_file or croak "Can't open $key_file: $!";
    my $c = do { local $/; <$fh> };
    close $fh or die "Can't close $key_file: $!";
    ($c) = $c =~ /(.*)/s;  ## Untaint data. Anything is allowed.

    my $buffer = Net::SSH::Perl::Buffer->new( MP => 'SSH1' );
    $buffer->append($c);

lib/Net/SSH/Perl/Util/Authfile.pm  view on Meta::CPAN

    }

    $key->{rsa}{d} = $buffer->get_mp_int;
    $key->{rsa}{u} = $buffer->get_mp_int;
    $key->{rsa}{p} = $buffer->get_mp_int;
    $key->{rsa}{q} = $buffer->get_mp_int;

    wantarray ? ($key, $comment) : $key;
}

sub _save_private_key {
    my($key_file, $key, $passphrase, $comment) = @_;
    $passphrase ||= '';

    my $cipher_type = $passphrase eq '' ? 'None' : 'DES3';

    my $buffer = Net::SSH::Perl::Buffer->new( MP => 'SSH1' );
    my($check1, $check2);
    $buffer->put_int8($check1 = int rand 255);
    $buffer->put_int8($check2 = int rand 255);
    $buffer->put_int8($check1);

src/ed25519/ed25519.h  view on Meta::CPAN



#ifdef __cplusplus
extern "C" {
#endif

#ifndef ED25519_NO_SEED
int ED25519_DECLSPEC ed25519_create_seed(unsigned char *seed);
#endif

void ED25519_DECLSPEC ed25519_create_keypair(unsigned char *public_key, unsigned char *private_key, const unsigned char *seed);
void ED25519_DECLSPEC ed25519_sign(unsigned char *signature, const unsigned char *message, size_t message_len, const unsigned char *private_key);
int ED25519_DECLSPEC ed25519_verify(const unsigned char *signature, const unsigned char *message, size_t message_len, const unsigned char *public_key);
void ED25519_DECLSPEC ed25519_add_scalar(unsigned char *public_key, unsigned char *private_key, const unsigned char *scalar);
void ED25519_DECLSPEC ed25519_key_exchange(unsigned char *shared_secret, const unsigned char *public_key, const unsigned char *private_key);


#ifdef __cplusplus
}
#endif

#endif

src/ed25519/keypair.c  view on Meta::CPAN

#include <string.h>
#include "ed25519.h"
#include "sha512.h"
#include "ge.h"


void ed25519_create_keypair(unsigned char *public_key, unsigned char *private_key, const unsigned char *seed) {
    ge_p3 A;

    sha512(seed, 32, private_key);
    private_key[0] &= 248;
    private_key[31] &= 63;
    private_key[31] |= 64;

    ge_scalarmult_base(&A, private_key);
    ge_p3_tobytes(public_key, &A);

    memmove(private_key, seed, 32);
    memmove(private_key + 32, public_key, 32);
}

src/ed25519/sign.c  view on Meta::CPAN

#include <string.h>
#include "ed25519.h"
#include "sha512.h"
#include "ge.h"
#include "sc.h"


void ed25519_sign(unsigned char *signature, const unsigned char *message, size_t message_len, const unsigned char *private_key) {
    sha512_context hash;
    unsigned char hram[64];
    unsigned char nonce[64];
    unsigned char az[64];
    ge_p3 R;

    sha512(private_key, 32, az);
    az[0] &= 248;
    az[31] &= 63;
    az[31] |= 64;

    sha512_init(&hash);
    sha512_update(&hash, az + 32, 32);
    sha512_update(&hash, message, message_len);
    sha512_final(&hash, nonce);

    memmove(signature + 32, private_key + 32, 32);

    sc_reduce(nonce);
    ge_scalarmult_base(&R, nonce);
    ge_p3_tobytes(signature, &R);

    sha512_init(&hash);
    sha512_update(&hash, signature, 64);
    sha512_update(&hash, message, message_len);
    sha512_final(&hash, hram);

t/psshd  view on Meta::CPAN

use strict;

use Getopt::Long;
use Carp qw/croak/;
use Digest::MD5 qw/md5/;

use Net::SSH::Perl;
use Net::SSH::Perl::Packet;
use Net::SSH::Perl::Cipher;
use Net::SSH::Perl::Auth;
use Net::SSH::Perl::Util qw( :ssh1mp :rsa :hosts _load_private_key );
use Net::SSH::Perl::Constants qw( :msg :hosts PROTOCOL_MAJOR PROTOCOL_MINOR );
use IO::Socket;
use Math::GMP;

use vars qw( $VERSION );
$VERSION = "0.01";

use vars qw( $DEBUG );

GetOptions("port|p=i", \my $port, "debug|d", \$DEBUG,

t/psshd  view on Meta::CPAN

    $ssh->debug("Host key generation complete.");

    $keys{host} = $hprv;

    if (-e $KNOWN_HOSTS) {
        unlink $KNOWN_HOSTS or die "Can't unlink $KNOWN_HOSTS: $!";
    }
    _add_host_to_hostfile("localhost", $KNOWN_HOSTS, $hpub);
}
else {
    $keys{host} = _load_private_key("/etc/ssh_host_key");
}

$keys{server} = $public;
$keys{private} = $private;

$ssh->debug("Writing pid file with pid $PID.");
{
    local *FH;
    open FH, ">$PID_FILE" or die "Can't open $PID_FILE: $!";
    print FH $PID;



( run in 0.457 second using v1.01-cache-2.11-cpan-a5abf4f5562 )