eliott/serenity
1
0
Fork 0
mirror of https://github.com/SerenityOS/serenity synced 2026-04-25 17:15:42 +02:00
Code Issues Packages Projects Releases Wiki Activity

SSHServer: Only accept authentication with publickey

Browse Source 
As we don't check the public key itself, we still allow anyone to log
in. We now do require the client to try a key based authentication,
which is done if you have at least one private key your .ssh
configuration folder.
This commit is contained in:
Lucas Chollet
2026-03-31 13:45:56 +02:00
parent 384af7857d
commit 891dd64e97
2 changed files with 23 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
Userland/Services/SSHServer/SSHClient.cpp
View File

@@ -313,9 +313,7 @@ ErrorOr<void> SSHClient::handle_user_authentication(GenericMessage message)
if (service_name != "ssh-connection"sv.bytes())
return Error::from_string_literal("Unknown service name.");
if (method_name == "none"sv.bytes()) {
// FIXME: Implement proper authentication!!!
if (method_name == "publickey"sv.bytes()) {
m_state = State::Authentified;
TRY(send_user_authentication_success());
@@ -324,7 +322,27 @@ ErrorOr<void> SSHClient::handle_user_authentication(GenericMessage message)
return {};
}
return Error::from_string_literal("Unsupported userauth method");
TRY(send_available_authentication_methods());
// FIXME: Disconnect the client after too many attempts.
return {};
}
// 5.1. Responses to Authentication Requests
// https://datatracker.ietf.org/doc/html/rfc4252#section-5.1
ErrorOr<void> SSHClient::send_available_authentication_methods()
{
AllocatingMemoryStream stream;
TRY(stream.write_value(MessageID::USERAUTH_FAILURE));
static constexpr auto available_methods = to_array({ "publickey"sv });
TRY(encode_name_list(stream, available_methods));
// "The value of 'partial success' MUST be TRUE if the authentication
// request to which this is a response was successful."
TRY(stream.write_value(false));
TRY(write_packet(TRY(stream.read_until_eof())));
return {};
}
// 5.1. Responses to Authentication Requests

1
Userland/Services/SSHServer/SSHClient.h
View File

@@ -79,6 +79,7 @@ private:
ErrorOr<void> send_service_accept(StringView);
ErrorOr<void> handle_user_authentication(GenericMessage data);
ErrorOr<void> send_available_authentication_methods();
ErrorOr<void> send_user_authentication_success();
ErrorOr<ShouldDisconnect> handle_generic_packet(GenericMessage&&);