libssh  0.8.4
The SSH library
Data Structures | Enumerations | Functions
The SSH authentication functions.
Collaboration diagram for The SSH authentication functions.:

Data Structures

struct  ssh_agent_state_struct
 
struct  ssh_auth_auto_state_struct
 

Enumerations

enum  ssh_agent_state_e { SSH_AGENT_STATE_NONE = 0, SSH_AGENT_STATE_PUBKEY, SSH_AGENT_STATE_AUTH }
 
enum  ssh_auth_auto_state_e { SSH_AUTH_AUTO_STATE_NONE = 0, SSH_AUTH_AUTO_STATE_PUBKEY, SSH_AUTH_AUTO_STATE_KEY_IMPORTED, SSH_AUTH_AUTO_STATE_PUBKEY_ACCEPTED }
 

Functions

 SSH_PACKET_CALLBACK (ssh_packet_userauth_banner)
 
 SSH_PACKET_CALLBACK (ssh_packet_userauth_failure)
 
 SSH_PACKET_CALLBACK (ssh_packet_userauth_success)
 
 SSH_PACKET_CALLBACK (ssh_packet_userauth_pk_ok)
 
int ssh_userauth_list (ssh_session session, const char *username)
 Get available authentication methods from the server. More...
 
int ssh_userauth_none (ssh_session session, const char *username)
 Try to authenticate through the "none" method. More...
 
int ssh_userauth_try_publickey (ssh_session session, const char *username, const ssh_key pubkey)
 Try to authenticate with the given public key. More...
 
int ssh_userauth_publickey (ssh_session session, const char *username, const ssh_key privkey)
 Authenticate with public/private key or certificate. More...
 
void ssh_agent_state_free (void *data)
 
int ssh_userauth_agent (ssh_session session, const char *username)
 Try to do public key authentication with ssh agent. More...
 
int ssh_userauth_publickey_auto (ssh_session session, const char *username, const char *passphrase)
 Tries to automatically authenticate with public key and "none". More...
 
int ssh_userauth_password (ssh_session session, const char *username, const char *password)
 Try to authenticate by password. More...
 
int ssh_userauth_agent_pubkey (ssh_session session, const char *username, ssh_public_key publickey)
 
ssh_kbdint ssh_kbdint_new (void)
 
void ssh_kbdint_free (ssh_kbdint kbd)
 
void ssh_kbdint_clean (ssh_kbdint kbd)
 
 SSH_PACKET_CALLBACK (ssh_packet_userauth_info_request)
 
int ssh_userauth_kbdint (ssh_session session, const char *user, const char *submethods)
 Try to authenticate through the "keyboard-interactive" method. More...
 
int ssh_userauth_kbdint_getnprompts (ssh_session session)
 Get the number of prompts (questions) the server has given. More...
 
const char * ssh_userauth_kbdint_getname (ssh_session session)
 Get the "name" of the message block. More...
 
const char * ssh_userauth_kbdint_getinstruction (ssh_session session)
 Get the "instruction" of the message block. More...
 
const char * ssh_userauth_kbdint_getprompt (ssh_session session, unsigned int i, char *echo)
 Get a prompt from a message block. More...
 
int ssh_userauth_kbdint_setanswer (ssh_session session, unsigned int i, const char *answer)
 Set the answer for a question from a message block. More...
 
int ssh_userauth_gssapi (ssh_session session)
 Try to authenticate through the "gssapi-with-mic" method. More...
 

Detailed Description

Functions to authenticate with a server.

Function Documentation

◆ ssh_userauth_agent()

int ssh_userauth_agent ( ssh_session  session,
const char *  username 
)

Try to do public key authentication with ssh agent.

Parameters
[in]sessionThe ssh session to use.
[in]usernameThe username, this SHOULD be NULL.
Returns
SSH_AUTH_ERROR: A serious error happened.
SSH_AUTH_DENIED: The server doesn't accept that public key as an authentication token. Try another key or another method.
SSH_AUTH_PARTIAL: You've been partially authenticated, you still have to use another method.
SSH_AUTH_SUCCESS: The public key is accepted, you want now to use ssh_userauth_publickey().
SSH_AUTH_AGAIN: In nonblocking mode, you've got to call this again later.
Note
Most server implementations do not permit changing the username during authentication. The username should only be set with ssh_options_set() only before you connect to the server.

◆ ssh_userauth_gssapi()

int ssh_userauth_gssapi ( ssh_session  session)

Try to authenticate through the "gssapi-with-mic" method.

Parameters
[in]sessionThe ssh session to use.
Returns
SSH_AUTH_ERROR: A serious error happened
SSH_AUTH_DENIED: Authentication failed : use another method
SSH_AUTH_PARTIAL: You've been partially authenticated, you still have to use another method
SSH_AUTH_SUCCESS: Authentication success
SSH_AUTH_AGAIN: In nonblocking mode, you've got to call this again later.

◆ ssh_userauth_kbdint()

int ssh_userauth_kbdint ( ssh_session  session,
const char *  user,
const char *  submethods 
)

Try to authenticate through the "keyboard-interactive" method.

Parameters
[in]sessionThe ssh session to use.
[in]userThe username to authenticate. You can specify NULL if ssh_option_set_username() has been used. You cannot try two different logins in a row.
[in]submethodsUndocumented. Set it to NULL.
Returns
SSH_AUTH_ERROR: A serious error happened
SSH_AUTH_DENIED: Authentication failed : use another method
SSH_AUTH_PARTIAL: You've been partially authenticated, you still have to use another method
SSH_AUTH_SUCCESS: Authentication success
SSH_AUTH_INFO: The server asked some questions. Use ssh_userauth_kbdint_getnprompts() and such.
SSH_AUTH_AGAIN: In nonblocking mode, you've got to call this again later.
See also
ssh_userauth_kbdint_getnprompts()
ssh_userauth_kbdint_getname()
ssh_userauth_kbdint_getinstruction()
ssh_userauth_kbdint_getprompt()
ssh_userauth_kbdint_setanswer()

◆ ssh_userauth_kbdint_getinstruction()

const char* ssh_userauth_kbdint_getinstruction ( ssh_session  session)

Get the "instruction" of the message block.

Once you have called ssh_userauth_kbdint() and received SSH_AUTH_INFO return code, this function can be used to retrieve information about the keyboard interactive authentication questions sent by the remote host.

Parameters
[in]sessionThe ssh session to use.
Returns
The instruction of the message block.

◆ ssh_userauth_kbdint_getname()

const char* ssh_userauth_kbdint_getname ( ssh_session  session)

Get the "name" of the message block.

Once you have called ssh_userauth_kbdint() and received SSH_AUTH_INFO return code, this function can be used to retrieve information about the keyboard interactive authentication questions sent by the remote host.

Parameters
[in]sessionThe ssh session to use.
Returns
The name of the message block. Do not free it.

◆ ssh_userauth_kbdint_getnprompts()

int ssh_userauth_kbdint_getnprompts ( ssh_session  session)

Get the number of prompts (questions) the server has given.

Once you have called ssh_userauth_kbdint() and received SSH_AUTH_INFO return code, this function can be used to retrieve information about the keyboard interactive authentication questions sent by the remote host.

Parameters
[in]sessionThe ssh session to use.
Returns
The number of prompts.

◆ ssh_userauth_kbdint_getprompt()

const char* ssh_userauth_kbdint_getprompt ( ssh_session  session,
unsigned int  i,
char *  echo 
)

Get a prompt from a message block.

Once you have called ssh_userauth_kbdint() and received SSH_AUTH_INFO return code, this function can be used to retrieve information about the keyboard interactive authentication questions sent by the remote host.

Parameters
[in]sessionThe ssh session to use.
[in]iThe index number of the i'th prompt.
[out]echoThis is an optional variable. You can obtain a boolean if the user input should be echoed or hidden. For passwords it is usually hidden.
Returns
A pointer to the prompt. Do not free it.
const char prompt;
char echo;
prompt = ssh_userauth_kbdint_getprompt(session, 0, &echo);
if (echo) ...

◆ ssh_userauth_kbdint_setanswer()

int ssh_userauth_kbdint_setanswer ( ssh_session  session,
unsigned int  i,
const char *  answer 
)

Set the answer for a question from a message block.

If you have called ssh_userauth_kbdint() and got SSH_AUTH_INFO, this function returns the questions from the server.

Parameters
[in]sessionThe ssh session to use.
[in]iindex The number of the ith prompt.
[in]answerThe answer to give to the server. The answer MUST be encoded UTF-8. It is up to the server how to interpret the value and validate it. However, if you read the answer in some other encoding, you MUST convert it to UTF-8.
Returns
0 on success, < 0 on error.

◆ ssh_userauth_list()

int ssh_userauth_list ( ssh_session  session,
const char *  username 
)

Get available authentication methods from the server.

This requires the function ssh_userauth_none() to be called before the methods are available. The server MAY return a list of methods that may continue.

Parameters
[in]sessionThe SSH session.
[in]usernameDeprecated, set to NULL.
Returns
A bitfield of the fllowing values:
  • SSH_AUTH_METHOD_PASSWORD
  • SSH_AUTH_METHOD_PUBLICKEY
  • SSH_AUTH_METHOD_HOSTBASED
  • SSH_AUTH_METHOD_INTERACTIVE
Warning
Other reserved flags may appear in future versions.
See also
ssh_userauth_none()

◆ ssh_userauth_none()

int ssh_userauth_none ( ssh_session  session,
const char *  username 
)

Try to authenticate through the "none" method.

Parameters
[in]sessionThe ssh session to use.
[in]usernameThe username, this SHOULD be NULL.
Returns
SSH_AUTH_ERROR: A serious error happened.
SSH_AUTH_DENIED: Authentication failed: use another method
SSH_AUTH_PARTIAL: You've been partially authenticated, you still have to use another method
SSH_AUTH_SUCCESS: Authentication success
SSH_AUTH_AGAIN: In nonblocking mode, you've got to call this again later.
Note
Most server implementations do not permit changing the username during authentication. The username should only be set with ssh_options_set() only before you connect to the server.

◆ ssh_userauth_password()

int ssh_userauth_password ( ssh_session  session,
const char *  username,
const char *  password 
)

Try to authenticate by password.

This authentication method is normally disabled on SSHv2 server. You should use keyboard-interactive mode.

The 'password' value MUST be encoded UTF-8. It is up to the server how to interpret the password and validate it against the password database. However, if you read the password in some other encoding, you MUST convert the password to UTF-8.

Parameters
[in]sessionThe ssh session to use.
[in]usernameThe username, this SHOULD be NULL.
[in]passwordThe password to authenticate in UTF-8.
Returns
SSH_AUTH_ERROR: A serious error happened.
SSH_AUTH_DENIED: Authentication failed: use another method
SSH_AUTH_PARTIAL: You've been partially authenticated, you still have to use another method
SSH_AUTH_SUCCESS: Authentication success
SSH_AUTH_AGAIN: In nonblocking mode, you've got to call this again later.
Note
Most server implementations do not permit changing the username during authentication. The username should only be set with ssh_options_set() only before you connect to the server.
See also
ssh_userauth_none()
ssh_userauth_kbdint()

◆ ssh_userauth_publickey()

int ssh_userauth_publickey ( ssh_session  session,
const char *  username,
const ssh_key  privkey 
)

Authenticate with public/private key or certificate.

Parameters
[in]sessionThe SSH session.
[in]usernameThe username, this SHOULD be NULL.
[in]privkeyThe private key for authentication.
Returns
SSH_AUTH_ERROR: A serious error happened.
SSH_AUTH_DENIED: The server doesn't accept that public key as an authentication token. Try another key or another method.
SSH_AUTH_PARTIAL: You've been partially authenticated, you still have to use another method.
SSH_AUTH_SUCCESS: The public key is accepted.
SSH_AUTH_AGAIN: In nonblocking mode, you've got to call this again later.
Note
Most server implementations do not permit changing the username during authentication. The username should only be set with ssh_options_set() only before you connect to the server.

◆ ssh_userauth_publickey_auto()

int ssh_userauth_publickey_auto ( ssh_session  session,
const char *  username,
const char *  passphrase 
)

Tries to automatically authenticate with public key and "none".

It may fail, for instance it doesn't ask for a password and uses a default asker for passphrases (in case the private key is encrypted).

Parameters
[in]sessionThe SSH session.
[in]usernameThe username, this SHOULD be NULL.
[in]passphraseUse this passphrase to unlock the privatekey. Use NULL if you don't want to use a passphrase or the user should be asked.
Returns
SSH_AUTH_ERROR: A serious error happened.
SSH_AUTH_DENIED: The server doesn't accept that public key as an authentication token. Try another key or another method.
SSH_AUTH_PARTIAL: You've been partially authenticated, you still have to use another method.
SSH_AUTH_SUCCESS: The public key is accepted, you want now to use ssh_userauth_publickey().
SSH_AUTH_AGAIN: In nonblocking mode, you've got to call this again later.
Note
Most server implementations do not permit changing the username during authentication. The username should only be set with ssh_options_set() only before you connect to the server.

◆ ssh_userauth_try_publickey()

int ssh_userauth_try_publickey ( ssh_session  session,
const char *  username,
const ssh_key  pubkey 
)

Try to authenticate with the given public key.

To avoid unnecessary processing and user interaction, the following method is provided for querying whether authentication using the 'pubkey' would be possible.

Parameters
[in]sessionThe SSH session.
[in]usernameThe username, this SHOULD be NULL.
[in]pubkeyThe public key to try.
Returns
SSH_AUTH_ERROR: A serious error happened.
SSH_AUTH_DENIED: The server doesn't accept that public key as an authentication token. Try another key or another method.
SSH_AUTH_PARTIAL: You've been partially authenticated, you still have to use another method.
SSH_AUTH_SUCCESS: The public key is accepted, you want now to use ssh_userauth_publickey().
SSH_AUTH_AGAIN: In nonblocking mode, you've got to call this again later.
Note
Most server implementations do not permit changing the username during authentication. The username should only be set with ssh_options_set() only before you connect to the server.