Net-SSH-Perl
view release on metacpan or search on metacpan
of fingerprinting) and in pssh-keygen (-B option).
1.01 2001.05.02
- Added SSH2 support.
- Added Channel, ChannelMgr classes to manage open SSH2
channels.
- Added Key and subclasses Key::DSA, Key::RSA; managed
access to keys and keyfiles.
- Split Util functions into sub-modules that are loaded
on demand. Added more utility functions for SSH2 bigints,
etc. Deprecated _load_private_key, _save_private_key,
_load_public_key, in favor of usage of Net::SSH::Perl::Key
classes.
- Changed Constants implementation; don't use 'constant'
module, just keep constants in hash, then export them
in custom import method.
- Added eg/pssh-keygen, which has *almost* all of the
functionality in the OpenSSH ssh-keygen.
- Added Mac classes for MAC packet integrity.
- Added Cipher/RC4, an arcfour implementation (only for
SSH2).
SSH1 protocol.
- better error checking for getservbyname lookup of ssh
service (to get default port).
- added eg/remoteinteract.pl, which demonstrates how to interact
with a remote (interactive) command.
0.64 2001.03.13
- fixed bug in Net::SSH::Perl::Cipher::new_from_key_str;
empty key string (passphrase) was broken. This never
cropped up in regular usage, only in testing.
- added _save_private_key function to Net::SSH::Perl::Util,
used to save private key files.
- added cipher tests (05-cipher.t).
- PasswordPromptLogin and PasswordPromptHost config options
are now supported (on by default).
- added untainting code for all places where data is read
from external sources (ie. socket, key files, etc.),
which should fix the "Corrupted check bytes" errors when
using -T. It was breaking because substr replacement
doesn't work on tainted values. See this p5p thread:
http://www.xray.mpe.mpg.de/mailing-lists/perl5-porters/2000-09/msg00799.html
lib/Net/SSH/Perl/Auth/RSA.pm view on Meta::CPAN
}
$packet;
}
sub _authenticate {
my($auth, $auth_file) = @_;
my $ssh = $auth->{ssh};
my($packet);
my($public_key, $comment, $private_key);
eval {
($public_key, $comment) = _load_public_key($auth_file);
};
$ssh->debug("RSA authentication failed: Can't load public key."),
return 0 if $@;
$ssh->debug("Trying RSA authentication with key '$comment'");
$ssh->debug("Server refused our key."), return unless
$packet = $auth->_server_likes_key($public_key);
my $challenge = $packet->get_mp_int;
$ssh->debug("Received RSA challenge from server.");
eval {
$private_key = _load_private_key($auth_file, "");
};
if (!$private_key || $@) {
my $passphrase = "";
if ($ssh->config->get('interactive')) {
$passphrase = _read_passphrase("Enter passphrase for RSA key '$comment': ");
}
else {
$ssh->debug("Will not query passphrase for '$comment' in batch mode.");
}
eval {
$private_key = _load_private_key($auth_file, $passphrase);
};
if (!$private_key || $@) {
$ssh->debug("Loading private key failed: $@.");
$packet = $ssh->packet_start(SSH_CMSG_AUTH_RSA_RESPONSE);
$packet->put_char(0) for (1..16);
$packet->send;
Net::SSH::Perl::Packet->read_expect($ssh, SSH_SMSG_FAILURE);
return 0;
}
}
_respond_to_rsa_challenge($ssh, $challenge, $private_key);
$packet = Net::SSH::Perl::Packet->read($ssh);
my $type = $packet->type;
if ($type == SSH_SMSG_SUCCESS) {
$ssh->debug("RSA authentication accepted by server.");
return 1;
}
elsif ($type != SSH_SMSG_FAILURE) {
$ssh->fatal_disconnect("Protocol error waiting RSA auth response: $type");
}
lib/Net/SSH/Perl/Auth/Rhosts_RSA.pm view on Meta::CPAN
use strict;
use warnings;
use Net::SSH::Perl::Constants qw(
SSH_SMSG_FAILURE
SSH_SMSG_SUCCESS
SSH_CMSG_AUTH_RHOSTS_RSA
SSH_SMSG_AUTH_RSA_CHALLENGE
SSH_CMSG_AUTH_RSA_RESPONSE );
use Net::SSH::Perl::Util qw( :rsa _load_private_key );
use Net::SSH::Perl::Packet;
use Net::SSH::Perl::Auth;
use base qw( Net::SSH::Perl::Auth );
use Scalar::Util qw(weaken);
use File::Spec::Functions qw( catfile );
sub new {
my $class = shift;
my $ssh = shift;
lib/Net/SSH/Perl/Auth/Rhosts_RSA.pm view on Meta::CPAN
sub authenticate {
my $auth = shift;
my($packet);
my $ssh = $auth->{ssh};
$ssh->debug("Rhosts-RSA authentication is disabled by the client."), return
unless $ssh->config->get('auth_rhosts_rsa');
$ssh->debug("Trying rhosts or /etc/hosts.equiv with RSA host authentication.");
my $private_key;
eval {
my $ssh_host_key = $^O eq 'MSWin32'
? catfile($ENV{WINDIR}, 'ssh_host_key')
: '/etc/ssh_host_key';
$private_key = _load_private_key($ssh_host_key);
};
$ssh->debug("Rhosts with RSA authentication failed: Can't load private host key."),
return 0 if $@;
my $user = $ssh->config->get('user');
$packet = $ssh->packet_start(SSH_CMSG_AUTH_RHOSTS_RSA);
$packet->put_str($user);
$packet->put_int32($private_key->{rsa}{bits});
$packet->put_mp_int($private_key->{rsa}{e});
$packet->put_mp_int($private_key->{rsa}{n});
$packet->send;
$packet = Net::SSH::Perl::Packet->read($ssh);
my $type = $packet->type;
if ($type == SSH_SMSG_FAILURE) {
$ssh->debug("Server refused our rhosts authentication or host key.");
return 0;
}
if ($type != SSH_SMSG_AUTH_RSA_CHALLENGE) {
$ssh->fatal_disconnect("Protocol error during RSA authentication: $type");
}
my $challenge = $packet->get_mp_int;
$ssh->debug("Received RSA challenge for host key from server.");
_respond_to_rsa_challenge($ssh, $challenge, $private_key);
$packet = Net::SSH::Perl::Packet->read($ssh);
$type = $packet->type;
if ($type == SSH_SMSG_SUCCESS) {
$ssh->debug("Rhosts or /etc/hosts.equiv with RSA host authentication accepted by server.");
return 1;
}
elsif ($type != SSH_SMSG_FAILURE) {
$ssh->fatal_disconnect("Protocol error waiting RSA auth response: $type");
}
lib/Net/SSH/Perl/Key/Ed25519.xs view on Meta::CPAN
RETVAL
void
ed25519_generate_keypair (secret)
SV *secret
PPCODE:
{
STRLEN secret_l; unsigned char *secret_p;
unsigned char public_key[32];
unsigned char private_key[64];
secret_p = (unsigned char *)SvPVbyte (secret, secret_l);
if (secret_l != 32)
croak ("secret has wrong length (!= 32)");
ed25519_create_keypair (public_key, private_key, (unsigned char *)secret_p);
EXTEND (SP, 2);
PUSHs (sv_2mortal (newSVpvn ((char *)public_key, sizeof public_key)));
PUSHs (sv_2mortal (newSVpvn ((char *)private_key, sizeof private_key)));
}
SV *
ed25519_sign_message (message, private_key)
SV *message;
SV *private_key;
CODE:
{
unsigned char signature[64];
STRLEN message_l ; char *message_p = SvPVbyte (message , message_l );
STRLEN private_key_l; char *private_key_p = SvPVbyte (private_key, private_key_l);
if (private_key_l != 64)
croak ("private key has wrong length (!= 64)");
ed25519_sign (signature, (unsigned char *)message_p, message_l, (unsigned char *)private_key_p);
RETVAL = newSVpvn ((char *)signature, sizeof signature);
}
OUTPUT:
RETVAL
bool
ed25519_verify_message (SV *message, SV *public_key, SV *signature)
CODE:
{
lib/Net/SSH/Perl/Key/RSA1.pm view on Meta::CPAN
$key->{rsa}{q} = $gmp->($priv->q);
$key;
}
sub read_private {
my $class = shift;
my($keyfile, $passphrase) = @_;
my($key, $comment);
eval {
($key, $comment) = _load_private_key($keyfile, $passphrase);
};
if (wantarray) {
return $key && !$@ ? ($key, $comment) : ();
}
else {
return $key && !$@ ? $key : undef;
}
}
sub write_private {
my $key = shift;
my($keyfile, $passphrase, $comment) = @_;
_save_private_key($keyfile, $key, $passphrase, $comment);
}
sub extract_public {
my $class = shift;
$class->new(@_);
}
sub dump_public { $_[0]->as_blob }
sub equal {
lib/Net/SSH/Perl/Util.pm view on Meta::CPAN
use vars qw( %FUNC_TO_MOD %EXPORT_TAGS );
%FUNC_TO_MOD = (
_crc32 => 'SSH1Misc',
_compute_session_id => 'SSH1MP',
_mp_linearize => 'SSH1MP',
_check_host_in_hostfile => 'Hosts',
_all_keys_for_host => 'Hosts',
_add_host_to_hostfile => 'Hosts',
_remove_host_from_hostfile=> 'Hosts',
_load_private_key => 'Authfile',
_load_public_key => 'Authfile',
_save_private_key => 'Authfile',
_respond_to_rsa_challenge => 'RSA',
_rsa_public_encrypt => 'RSA',
_rsa_private_decrypt => 'RSA',
_prompt => 'Term',
_read_passphrase => 'Term',
_read_yes_or_no => 'Term',
_current_user_win32 => 'Win32',
_socketpair => 'Win32',
);
%EXPORT_TAGS = (
hosts => [ qw( _check_host_in_hostfile _all_keys_for_host
_add_host_to_hostfile _remove_host_from_hostfile ) ],
rsa => [ qw( _rsa_public_encrypt _rsa_private_decrypt
_respond_to_rsa_challenge ) ],
ssh1mp => [ qw( _compute_session_id _mp_linearize ) ],
authfile => [ qw( _load_public_key _load_private_key _save_private_key ) ],
win32 => [ qw( _current_user_win32 _socketpair ) ],
all => [ keys %FUNC_TO_MOD ],
);
sub import {
my $class = shift;
my $callpack = caller;
my @to_export;
my @args = @_;
lib/Net/SSH/Perl/Util.pm view on Meta::CPAN
and C<_compute_session_id>.
Because the SSH1 implementation uses I<Math::GMP> for its
big integers, the functions in I<ssh1mp> all deal with
I<Math::GMP> objects.
=item * authfile
Routines associated with loading of RSA SSH1 keys (both public
and private) from keyfiles. Contains C<_load_public_key>,
C<_load_private_key>, and C<_save_private_key>.
Note that this interface is deprecated in favor of the
I<Net::SSH::Perl::Key> interface to loading keys.
=item * all
All routines. Contains all of the routines listed below.
=back
lib/Net/SSH/Perl/Util.pm view on Meta::CPAN
If called in list context, returns the key and the comment
associated with the key. If called in scalar context,
returns only the key.
Dies if: the key file I<$key_file> can't be opened for
reading; or the key file is "bad" (the ID string in the
file doesn't match the PRIVATE_KEY_ID_STRING constant).
Returns the RSA key (a I<Net::SSH::Perl::Key::RSA1> object).
=head2 _load_private_key($key_file [, $passphrase ])
Given the location of a private key file I<$key_file>,
and an optional passphrase to decrypt the key, reads the
private key from that file. If I<$passphrase> is not
supplied, an empty passphrase (the empty string) is tried
instead.
If called in list context, returns the key and the comment
associated with the key. If called in scalar context,
returns only the key.
Dies if: the key file I<$key_file> can't be opened for
reading; the key file is "bad" (the ID string in the file
doesn't match the PRIVATE_KEY_ID_STRING constant); the
file is encrypted using an unsupported encryption cipher;
or the passphrase I<$passphrase> is incorrect.
Returns the RSA key (a I<Net::SSH::Perl::Key::RSA1> object).
=head2 _save_private_key($key_file, $key, [ $passphrase [, $comment ]])
Given a private key I<$key>, and the location of the private
key file I<$key_file>, writes out an SSH1 RSA key file to
I<$key_file>.
If I<$passphrase> is supplied, the private key portion of
the file is encrypted with I<3DES> encryption, using the
passphrase I<$passphrase>. If the passphrase is not supplied,
an empty passphrase will be used instead. This is useful
when using RSA authentication in a non-interactive process,
lib/Net/SSH/Perl/Util/Authfile.pm view on Meta::CPAN
use warnings;
use Net::SSH::Perl::Buffer;
use Net::SSH::Perl::Constants qw( PRIVATE_KEY_ID_STRING );
use Net::SSH::Perl::Cipher;
use Net::SSH::Perl::Key;
use Carp qw( croak );
sub _load_public_key {
_load_private_key($_[0], '', 1);
}
sub _load_private_key {
my($key_file, $passphrase, $want_public) = @_;
$passphrase ||= '';
open my $fh, '<', $key_file or croak "Can't open $key_file: $!";
my $c = do { local $/; <$fh> };
close $fh or die "Can't close $key_file: $!";
($c) = $c =~ /(.*)/s; ## Untaint data. Anything is allowed.
my $buffer = Net::SSH::Perl::Buffer->new( MP => 'SSH1' );
$buffer->append($c);
lib/Net/SSH/Perl/Util/Authfile.pm view on Meta::CPAN
}
$key->{rsa}{d} = $buffer->get_mp_int;
$key->{rsa}{u} = $buffer->get_mp_int;
$key->{rsa}{p} = $buffer->get_mp_int;
$key->{rsa}{q} = $buffer->get_mp_int;
wantarray ? ($key, $comment) : $key;
}
sub _save_private_key {
my($key_file, $key, $passphrase, $comment) = @_;
$passphrase ||= '';
my $cipher_type = $passphrase eq '' ? 'None' : 'DES3';
my $buffer = Net::SSH::Perl::Buffer->new( MP => 'SSH1' );
my($check1, $check2);
$buffer->put_int8($check1 = int rand 255);
$buffer->put_int8($check2 = int rand 255);
$buffer->put_int8($check1);
src/ed25519/ed25519.h view on Meta::CPAN
#ifdef __cplusplus
extern "C" {
#endif
#ifndef ED25519_NO_SEED
int ED25519_DECLSPEC ed25519_create_seed(unsigned char *seed);
#endif
void ED25519_DECLSPEC ed25519_create_keypair(unsigned char *public_key, unsigned char *private_key, const unsigned char *seed);
void ED25519_DECLSPEC ed25519_sign(unsigned char *signature, const unsigned char *message, size_t message_len, const unsigned char *private_key);
int ED25519_DECLSPEC ed25519_verify(const unsigned char *signature, const unsigned char *message, size_t message_len, const unsigned char *public_key);
void ED25519_DECLSPEC ed25519_add_scalar(unsigned char *public_key, unsigned char *private_key, const unsigned char *scalar);
void ED25519_DECLSPEC ed25519_key_exchange(unsigned char *shared_secret, const unsigned char *public_key, const unsigned char *private_key);
#ifdef __cplusplus
}
#endif
#endif
src/ed25519/keypair.c view on Meta::CPAN
#include <string.h>
#include "ed25519.h"
#include "sha512.h"
#include "ge.h"
void ed25519_create_keypair(unsigned char *public_key, unsigned char *private_key, const unsigned char *seed) {
ge_p3 A;
sha512(seed, 32, private_key);
private_key[0] &= 248;
private_key[31] &= 63;
private_key[31] |= 64;
ge_scalarmult_base(&A, private_key);
ge_p3_tobytes(public_key, &A);
memmove(private_key, seed, 32);
memmove(private_key + 32, public_key, 32);
}
src/ed25519/sign.c view on Meta::CPAN
#include <string.h>
#include "ed25519.h"
#include "sha512.h"
#include "ge.h"
#include "sc.h"
void ed25519_sign(unsigned char *signature, const unsigned char *message, size_t message_len, const unsigned char *private_key) {
sha512_context hash;
unsigned char hram[64];
unsigned char nonce[64];
unsigned char az[64];
ge_p3 R;
sha512(private_key, 32, az);
az[0] &= 248;
az[31] &= 63;
az[31] |= 64;
sha512_init(&hash);
sha512_update(&hash, az + 32, 32);
sha512_update(&hash, message, message_len);
sha512_final(&hash, nonce);
memmove(signature + 32, private_key + 32, 32);
sc_reduce(nonce);
ge_scalarmult_base(&R, nonce);
ge_p3_tobytes(signature, &R);
sha512_init(&hash);
sha512_update(&hash, signature, 64);
sha512_update(&hash, message, message_len);
sha512_final(&hash, hram);
use strict;
use Getopt::Long;
use Carp qw/croak/;
use Digest::MD5 qw/md5/;
use Net::SSH::Perl;
use Net::SSH::Perl::Packet;
use Net::SSH::Perl::Cipher;
use Net::SSH::Perl::Auth;
use Net::SSH::Perl::Util qw( :ssh1mp :rsa :hosts _load_private_key );
use Net::SSH::Perl::Constants qw( :msg :hosts PROTOCOL_MAJOR PROTOCOL_MINOR );
use IO::Socket;
use Math::GMP;
use vars qw( $VERSION );
$VERSION = "0.01";
use vars qw( $DEBUG );
GetOptions("port|p=i", \my $port, "debug|d", \$DEBUG,
$ssh->debug("Host key generation complete.");
$keys{host} = $hprv;
if (-e $KNOWN_HOSTS) {
unlink $KNOWN_HOSTS or die "Can't unlink $KNOWN_HOSTS: $!";
}
_add_host_to_hostfile("localhost", $KNOWN_HOSTS, $hpub);
}
else {
$keys{host} = _load_private_key("/etc/ssh_host_key");
}
$keys{server} = $public;
$keys{private} = $private;
$ssh->debug("Writing pid file with pid $PID.");
{
local *FH;
open FH, ">$PID_FILE" or die "Can't open $PID_FILE: $!";
print FH $PID;
( run in 0.726 second using v1.01-cache-2.11-cpan-4d50c553e7e )