<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
<meta http-equiv="X-UA-Compatible" content="IE=9"/>
<meta name="generator" content="Doxygen 1.8.3.1"/>
<title>libssh: Chapter 2: A deeper insight on authentication</title>
<link href="tabs.css" rel="stylesheet" type="text/css"/>
<script type="text/javascript" src="jquery.js"></script>
<script type="text/javascript" src="dynsections.js"></script>
<link href="doxygen.css" rel="stylesheet" type="text/css" />
</head>
<body>
<div id="top"><!-- do not remove this div, it is closed by doxygen! -->
<div id="titlearea">
<table cellspacing="0" cellpadding="0">
<tbody>
<tr style="height: 56px;">
<td style="padding-left: 0.5em;">
<div id="projectname">libssh
 <span id="projectnumber">0.5.5</span>
</div>
</td>
</tr>
</tbody>
</table>
</div>
<!-- end header part -->
<!-- Generated by Doxygen 1.8.3.1 -->
<div id="navrow1" class="tabs">
<ul class="tablist">
<li><a href="index.html"><span>Main Page</span></a></li>
<li class="current"><a href="pages.html"><span>Related Pages</span></a></li>
<li><a href="modules.html"><span>Modules</span></a></li>
<li><a href="annotated.html"><span>Data Structures</span></a></li>
<li><a href="files.html"><span>Files</span></a></li>
</ul>
</div>
<div id="nav-path" class="navpath">
<ul>
<li class="navelem"><a class="el" href="index.html">index</a></li><li class="navelem"><a class="el" href="libssh_tutorial.html">The Tutorial</a></li> </ul>
</div>
</div><!-- top -->
<div class="header">
<div class="headertitle">
<div class="title">Chapter 2: A deeper insight on authentication </div> </div>
</div><!--header-->
<div class="contents">
<div class="textblock"><h1><a class="anchor" id="authentication_details"></a>
A deeper insight on authentication</h1>
<p>In our guided tour, we merely mentioned that the user needed to authenticate. We didn't explain much in detail how that was supposed to happen. This chapter explains better the four authentication methods: with public keys, with a password, with challenges and responses (keyboard-interactive), and with no authentication at all.</p>
<p>If your software is supposed to connect to an arbitrary server, then you might need to support all authentication methods. If your software will connect only to a given server, then it might be enough for your software to support only the authentication methods used by that server. If you are the administrator of the server, it might be your call to choose those authentication methods.</p>
<p>It is not the purpose of this document to review in detail the advantages and drawbacks of each authentication method. You are therefore invited to read the abundant documentation on this topic to fully understand the advantages and security risks linked to each method.</p>
<h2><a class="anchor" id="pubkeys"></a>
Authenticating with public keys</h2>
<p>libssh is fully compatible with the openssh public and private keys. You can either use the automatic public key authentication method provided by libssh, or roll your own using the public key functions.</p>
<p>The process of authenticating by public key to a server is the following:</p>
<ul>
<li>you scan a list of files that contain public keys. each key is sent to the SSH server, until the server acknowledges a key (a key it knows can be used to authenticate the user).</li>
<li>then, you retrieve the private key for this key and send a message proving that you know that private key.</li>
</ul>
<p>The function <a class="el" href="group__libssh__auth.html#gad07655f2c742ce68271422197cf2acda" title="Tries to automatically authenticate with public key and "none".">ssh_userauth_autopubkey()</a> does this using the available keys in "~/.ssh/". The return values are the following:</p>
<ul>
<li>SSH_AUTH_ERROR: some serious error happened during authentication</li>
<li>SSH_AUTH_DENIED: no key matched</li>
<li>SSH_AUTH_SUCCESS: you are now authenticated</li>
<li>SSH_AUTH_PARTIAL: some key matched but you still have to provide an other mean of authentication (like a password).</li>
</ul>
<p>The <a class="el" href="group__libssh__auth.html#gad07655f2c742ce68271422197cf2acda" title="Tries to automatically authenticate with public key and "none".">ssh_userauth_autopubkey()</a> function also tries to authenticate using the SSH agent, if you have one running, or the "none" method otherwise.</p>
<p>If you wish to authenticate with public key by your own, follow these steps:</p>
<ul>
<li>Retrieve the public key in a ssh_string using <a class="el" href="group__libssh__auth.html#ga40c8ac05358aa941496fd1243ac9ee00" title="Retrieve a public key from a file.">publickey_from_file()</a>.</li>
<li>Offer the public key to the SSH server using <a class="el" href="group__libssh__auth.html#ga78b485bf5c4e68ddfbc25f17de8b6521" title="Try to authenticate through public key.">ssh_userauth_offer_pubkey()</a>. If the return value is SSH_AUTH_SUCCESS, the SSH server accepts to authenticate using the public key and you can go to the next step.</li>
<li>Retrieve the private key, using the <a class="el" href="group__libssh__auth.html#ga9c8517fd342dd68a94045b1e00e15a9d" title="Reads a SSH private key from a file.">privatekey_from_file()</a> function. If a passphrase is needed, either the passphrase specified as argument or a callback (see callbacks section) will be used.</li>
<li>Authenticate using <a class="el" href="group__libssh__auth.html#ga18f0c63c75b9af6c28c032e93628a7c5" title="Try to authenticate through public key.">ssh_userauth_pubkey()</a> with your public key string and private key.</li>
<li>Do not forget cleaning up memory using string_free() and <a class="el" href="group__libssh__auth.html#ga083af6f8d42a71fab6185137bf155de2" title="Deallocate a private key object.">privatekey_free()</a>.</li>
</ul>
<p>Here is a minimalistic example of public key authentication:</p>
<div class="fragment"><div class="line"><span class="keywordtype">int</span> authenticate_pubkey(ssh_session session)</div>
<div class="line">{</div>
<div class="line"> <span class="keywordtype">int</span> rc;</div>
<div class="line"></div>
<div class="line"> rc = <a class="code" href="group__libssh__auth.html#gad07655f2c742ce68271422197cf2acda" title="Tries to automatically authenticate with public key and "none".">ssh_userauth_autopubkey</a>(session, NULL);</div>
<div class="line"></div>
<div class="line"> <span class="keywordflow">if</span> (rc == SSH_AUTH_ERROR)</div>
<div class="line"> {</div>
<div class="line"> fprintf(stderr, <span class="stringliteral">"Authentication failed: %s\n"</span>,</div>
<div class="line"> <a class="code" href="group__libssh__error.html#ga9241586665bf21f823806473fc386258" title="Retrieve the error text message from the last error.">ssh_get_error</a>(session));</div>
<div class="line"> <span class="keywordflow">return</span> SSH_AUTH_ERROR;</div>
<div class="line"> }</div>
<div class="line"></div>
<div class="line"> <span class="keywordflow">return</span> rc;</div>
<div class="line">}</div>
</div><!-- fragment --><dl class="section see"><dt>See Also</dt><dd><a class="el" href="group__libssh__auth.html#gad07655f2c742ce68271422197cf2acda" title="Tries to automatically authenticate with public key and "none".">ssh_userauth_autopubkey</a> </dd>
<dd>
<a class="el" href="group__libssh__auth.html#ga78b485bf5c4e68ddfbc25f17de8b6521" title="Try to authenticate through public key.">ssh_userauth_offer_pubkey</a> </dd>
<dd>
<a class="el" href="group__libssh__auth.html#ga18f0c63c75b9af6c28c032e93628a7c5" title="Try to authenticate through public key.">ssh_userauth_pubkey</a> </dd>
<dd>
<a class="el" href="group__libssh__auth.html#ga40c8ac05358aa941496fd1243ac9ee00" title="Retrieve a public key from a file.">publickey_from_file</a> </dd>
<dd>
<a class="el" href="group__libssh__auth.html#gae11c083974e8bfb0ebeb7c6fb9a06baf" title="Make a public_key object out of a private_key object.">publickey_from_privatekey</a> </dd>
<dd>
string_free </dd>
<dd>
<a class="el" href="group__libssh__auth.html#ga9c8517fd342dd68a94045b1e00e15a9d" title="Reads a SSH private key from a file.">privatekey_from_file</a> </dd>
<dd>
<a class="el" href="group__libssh__auth.html#ga083af6f8d42a71fab6185137bf155de2" title="Deallocate a private key object.">privatekey_free</a></dd></dl>
<h2><a class="anchor" id="password"></a>
Authenticating with a password</h2>
<p>The function <a class="el" href="group__libssh__auth.html#ga50c0c150f8c4703e7ee49b3e3e3ca215" title="Try to authenticate by password.">ssh_userauth_password()</a> serves the purpose of authenticating using a password. It will return SSH_AUTH_SUCCESS if the password worked, or one of other constants otherwise. It's your work to ask the password and to deallocate it in a secure manner.</p>
<p>If your server complains that the password is wrong, but you can still authenticate using openssh's client (issuing password), it's probably because openssh only accept keyboard-interactive. Switch to keyboard-interactive authentication, or try to configure plain text passwords on the SSH server.</p>
<p>Here is a small example of password authentication:</p>
<div class="fragment"><div class="line"><span class="keywordtype">int</span> authenticate_password(ssh_session session)</div>
<div class="line">{</div>
<div class="line"> <span class="keywordtype">char</span> *password;</div>
<div class="line"> <span class="keywordtype">int</span> rc;</div>
<div class="line"></div>
<div class="line"> password = getpass(<span class="stringliteral">"Enter your password: "</span>);</div>
<div class="line"> rc = <a class="code" href="group__libssh__auth.html#ga50c0c150f8c4703e7ee49b3e3e3ca215" title="Try to authenticate by password.">ssh_userauth_password</a>(session, NULL, password);</div>
<div class="line"> <span class="keywordflow">if</span> (rc == SSH_AUTH_ERROR)</div>
<div class="line"> {</div>
<div class="line"> fprintf(stderr, <span class="stringliteral">"Authentication failed: %s\n"</span>,</div>
<div class="line"> <a class="code" href="group__libssh__error.html#ga9241586665bf21f823806473fc386258" title="Retrieve the error text message from the last error.">ssh_get_error</a>(session));</div>
<div class="line"> <span class="keywordflow">return</span> SSH_AUTH_ERROR;</div>
<div class="line"> }</div>
<div class="line"></div>
<div class="line"> <span class="keywordflow">return</span> rc;</div>
<div class="line">}</div>
</div><!-- fragment --><dl class="section see"><dt>See Also</dt><dd><a class="el" href="group__libssh__auth.html#ga50c0c150f8c4703e7ee49b3e3e3ca215" title="Try to authenticate by password.">ssh_userauth_password</a></dd></dl>
<h2><a class="anchor" id="keyb_int"></a>
The keyboard-interactive authentication method</h2>
<p>The keyboard-interactive method is, as its name tells, interactive. The server will issue one or more challenges that the user has to answer, until the server takes an authentication decision.</p>
<p><a class="el" href="group__libssh__auth.html#ga6b3b1c2a045286d9476b0252791a07d2" title="Try to authenticate through the "keyboard-interactive" method.">ssh_userauth_kbdint()</a> is the the main keyboard-interactive function. It will return SSH_AUTH_SUCCESS,SSH_AUTH_DENIED, SSH_AUTH_PARTIAL, SSH_AUTH_ERROR, or SSH_AUTH_INFO, depending on the result of the request.</p>
<p>The keyboard-interactive authentication method of SSH2 is a feature that permits the server to ask a certain number of questions in an interactive manner to the client, until it decides to accept or deny the login.</p>
<p>To begin, you call <a class="el" href="group__libssh__auth.html#ga6b3b1c2a045286d9476b0252791a07d2" title="Try to authenticate through the "keyboard-interactive" method.">ssh_userauth_kbdint()</a> (just set user and submethods to NULL) and store the answer.</p>
<p>If the answer is SSH_AUTH_INFO, it means that the server has sent a few questions that you should ask the user. You can retrieve these questions with the following functions: <a class="el" href="group__libssh__auth.html#gacb996ff4979670db009a71a90172ece9" title="Get the number of prompts (questions) the server has given.">ssh_userauth_kbdint_getnprompts()</a>, <a class="el" href="group__libssh__auth.html#gaf920b6f8ed1e3c53cc2a683230098657" title="Get the "name" of the message block.">ssh_userauth_kbdint_getname()</a>, <a class="el" href="group__libssh__auth.html#gaa757fbdbd4f95261bbbbc12b1ec33078" title="Get the "instruction" of the message block.">ssh_userauth_kbdint_getinstruction()</a>, and <a class="el" href="group__libssh__auth.html#ga4e7466c30852a3339003af7046fab396" title="Get a prompt from a message block.">ssh_userauth_kbdint_getprompt()</a>.</p>
<p>Set the answer for each question in the challenge using <a class="el" href="group__libssh__auth.html#ga75e44b1f27059a00080f80fac0107a20" title="Set the answer for a question from a message block.">ssh_userauth_kbdint_setanswer()</a>.</p>
<p>Then, call again <a class="el" href="group__libssh__auth.html#ga6b3b1c2a045286d9476b0252791a07d2" title="Try to authenticate through the "keyboard-interactive" method.">ssh_userauth_kbdint()</a> and start the process again until these functions returns something else than SSH_AUTH_INFO.</p>
<p>Here are a few remarks:</p>
<ul>
<li>Even the first call can return SSH_AUTH_DENIED or SSH_AUTH_SUCCESS.</li>
<li>The server can send an empty question set (this is the default behavior on my system) after you have sent the answers to the first questions. You must still parse the answer, it might contain some message from the server saying hello or such things. Just call <a class="el" href="group__libssh__auth.html#ga6b3b1c2a045286d9476b0252791a07d2" title="Try to authenticate through the "keyboard-interactive" method.">ssh_userauth_kbdint()</a> until needed.</li>
<li>The meaning of "name", "prompt", "instruction" may be a little confusing. An explanation is given in the RFC section that follows.</li>
</ul>
<p>Here is a little note about how to use the information from keyboard-interactive authentication, coming from the RFC itself (rfc4256):</p>
<pre class="fragment"> 3.3 User Interface Upon receiving a request message, the client SHOULD
prompt the user as follows: A command line interface (CLI) client SHOULD
print the name and instruction (if non-empty), adding newlines. Then for
each prompt in turn, the client SHOULD display the prompt and read the
user input.
A graphical user interface (GUI) client has many choices on how to prompt
the user. One possibility is to use the name field (possibly prefixed
with the application's name) as the title of a dialog window in which
the prompt(s) are presented. In that dialog window, the instruction field
would be a text message, and the prompts would be labels for text entry
fields. All fields SHOULD be presented to the user, for example an
implementation SHOULD NOT discard the name field because its windows lack
titles; it SHOULD instead find another way to display this information. If
prompts are presented in a dialog window, then the client SHOULD NOT
present each prompt in a separate window.
All clients MUST properly handle an instruction field with embedded
newlines. They SHOULD also be able to display at least 30 characters for
the name and prompts. If the server presents names or prompts longer than 30
characters, the client MAY truncate these fields to the length it can
display. If the client does truncate any fields, there MUST be an obvious
indication that such truncation has occured.
The instruction field SHOULD NOT be truncated. Clients SHOULD use control
character filtering as discussed in [SSH-ARCH] to avoid attacks by
including terminal control characters in the fields to be displayed.
For each prompt, the corresponding echo field indicates whether or not
the user input should be echoed as characters are typed. Clients SHOULD
correctly echo/mask user input for each prompt independently of other
prompts in the request message. If a client does not honor the echo field
for whatever reason, then the client MUST err on the side of
masking input. A GUI client might like to have a checkbox toggling
echo/mask. Clients SHOULD NOT add any additional characters to the prompt
such as ": " (colon-space); the server is responsible for supplying all
text to be displayed to the user. Clients MUST also accept empty responses
from the user and pass them on as empty strings.
</pre><p>The following example shows how to perform keyboard-interactive authentication:</p>
<div class="fragment"><div class="line"><span class="keywordtype">int</span> authenticate_kbdint(ssh_session session)</div>
<div class="line">{</div>
<div class="line"> <span class="keywordtype">int</span> rc;</div>
<div class="line"></div>
<div class="line"> rc = <a class="code" href="group__libssh__auth.html#ga6b3b1c2a045286d9476b0252791a07d2" title="Try to authenticate through the "keyboard-interactive" method.">ssh_userauth_kbdint</a>(session, NULL, NULL);</div>
<div class="line"> <span class="keywordflow">while</span> (rc == SSH_AUTH_INFO)</div>
<div class="line"> {</div>
<div class="line"> <span class="keyword">const</span> <span class="keywordtype">char</span> *name, *instruction;</div>
<div class="line"> <span class="keywordtype">int</span> nprompts, iprompt;</div>
<div class="line"></div>
<div class="line"> name = <a class="code" href="group__libssh__auth.html#gaf920b6f8ed1e3c53cc2a683230098657" title="Get the "name" of the message block.">ssh_userauth_kbdint_getname</a>(session);</div>
<div class="line"> instruction = <a class="code" href="group__libssh__auth.html#gaa757fbdbd4f95261bbbbc12b1ec33078" title="Get the "instruction" of the message block.">ssh_userauth_kbdint_getinstruction</a>(session);</div>
<div class="line"> nprompts = <a class="code" href="group__libssh__auth.html#gacb996ff4979670db009a71a90172ece9" title="Get the number of prompts (questions) the server has given.">ssh_userauth_kbdint_getnprompts</a>(session);</div>
<div class="line"></div>
<div class="line"> <span class="keywordflow">if</span> (strlen(name) > 0)</div>
<div class="line"> printf(<span class="stringliteral">"%s\n"</span>, name);</div>
<div class="line"> <span class="keywordflow">if</span> (strlen(instruction) > 0)</div>
<div class="line"> printf(<span class="stringliteral">"%s\n"</span>, instruction);</div>
<div class="line"> <span class="keywordflow">for</span> (iprompt = 0; iprompt < nprompts; iprompt++)</div>
<div class="line"> {</div>
<div class="line"> <span class="keyword">const</span> <span class="keywordtype">char</span> *prompt;</div>
<div class="line"> <span class="keywordtype">char</span> echo;</div>
<div class="line"></div>
<div class="line"> prompt = <a class="code" href="group__libssh__auth.html#ga4e7466c30852a3339003af7046fab396" title="Get a prompt from a message block.">ssh_userauth_kbdint_getprompt</a>(session, iprompt, &echo);</div>
<div class="line"> <span class="keywordflow">if</span> (echo)</div>
<div class="line"> {</div>
<div class="line"> <span class="keywordtype">char</span> buffer[128], *ptr;</div>
<div class="line"></div>
<div class="line"> printf(<span class="stringliteral">"%s"</span>, prompt);</div>
<div class="line"> <span class="keywordflow">if</span> (fgets(buffer, <span class="keyword">sizeof</span>(buffer), stdin) == NULL)</div>
<div class="line"> <span class="keywordflow">return</span> SSH_AUTH_ERROR;</div>
<div class="line"> buffer[<span class="keyword">sizeof</span>(buffer) - 1] = <span class="charliteral">'\0'</span>;</div>
<div class="line"> <span class="keywordflow">if</span> ((ptr = strchr(buffer, <span class="charliteral">'\n'</span>)) != NULL)</div>
<div class="line"> *ptr = <span class="charliteral">'\0'</span>;</div>
<div class="line"> <span class="keywordflow">if</span> (<a class="code" href="group__libssh__auth.html#ga75e44b1f27059a00080f80fac0107a20" title="Set the answer for a question from a message block.">ssh_userauth_kbdint_setanswer</a>(session, iprompt, buffer) < 0)</div>
<div class="line"> <span class="keywordflow">return</span> SSH_AUTH_ERROR;</div>
<div class="line"> memset(buffer, 0, strlen(buffer));</div>
<div class="line"> }</div>
<div class="line"> <span class="keywordflow">else</span></div>
<div class="line"> {</div>
<div class="line"> <span class="keywordtype">char</span> *ptr;</div>
<div class="line"></div>
<div class="line"> ptr = getpass(prompt);</div>
<div class="line"> <span class="keywordflow">if</span> (<a class="code" href="group__libssh__auth.html#ga75e44b1f27059a00080f80fac0107a20" title="Set the answer for a question from a message block.">ssh_userauth_kbdint_setanswer</a>(session, iprompt, ptr) < 0)</div>
<div class="line"> <span class="keywordflow">return</span> SSH_AUTH_ERROR;</div>
<div class="line"> }</div>
<div class="line"> }</div>
<div class="line"> rc = <a class="code" href="group__libssh__auth.html#ga6b3b1c2a045286d9476b0252791a07d2" title="Try to authenticate through the "keyboard-interactive" method.">ssh_userauth_kbdint</a>(session, NULL, NULL);</div>
<div class="line"> }</div>
<div class="line"> <span class="keywordflow">return</span> rc;</div>
<div class="line">}</div>
</div><!-- fragment --><dl class="section see"><dt>See Also</dt><dd><a class="el" href="group__libssh__auth.html#ga6b3b1c2a045286d9476b0252791a07d2" title="Try to authenticate through the "keyboard-interactive" method.">ssh_userauth_kbdint()</a> </dd>
<dd>
<a class="el" href="group__libssh__auth.html#gacb996ff4979670db009a71a90172ece9" title="Get the number of prompts (questions) the server has given.">ssh_userauth_kbdint_getnprompts</a> </dd>
<dd>
<a class="el" href="group__libssh__auth.html#gaf920b6f8ed1e3c53cc2a683230098657" title="Get the "name" of the message block.">ssh_userauth_kbdint_getname</a> </dd>
<dd>
<a class="el" href="group__libssh__auth.html#gaa757fbdbd4f95261bbbbc12b1ec33078" title="Get the "instruction" of the message block.">ssh_userauth_kbdint_getinstruction</a> </dd>
<dd>
<a class="el" href="group__libssh__auth.html#ga4e7466c30852a3339003af7046fab396" title="Get a prompt from a message block.">ssh_userauth_kbdint_getprompt</a> </dd>
<dd>
<a class="el" href="group__libssh__auth.html#ga75e44b1f27059a00080f80fac0107a20" title="Set the answer for a question from a message block.">ssh_userauth_kbdint_setanswer()</a></dd></dl>
<h2><a class="anchor" id="none"></a>
Authenticating with "none" method</h2>
<p>The primary purpose of the "none" method is to get authenticated <b>without</b> any credential. Don't do that, use one of the other authentication methods, unless you really want to grant anonymous access.</p>
<p>If the account has no password, and if the server is configured to let you pass, <a class="el" href="group__libssh__auth.html#ga58e7c265236edbc97a2f117d3f23b4dd" title="Try to authenticate through the "none" method.">ssh_userauth_none()</a> might answer SSH_AUTH_SUCCESS.</p>
<p>The following example shows how to perform "none" authentication:</p>
<div class="fragment"><div class="line"><span class="keywordtype">int</span> authenticate_kbdint(ssh_session session)</div>
<div class="line">{</div>
<div class="line"> <span class="keywordtype">int</span> rc;</div>
<div class="line"></div>
<div class="line"> rc = <a class="code" href="group__libssh__auth.html#ga58e7c265236edbc97a2f117d3f23b4dd" title="Try to authenticate through the "none" method.">ssh_userauth_none</a>(session, NULL, NULL);</div>
<div class="line"> <span class="keywordflow">return</span> rc;</div>
<div class="line">}</div>
</div><!-- fragment --><h2><a class="anchor" id="auth_list"></a>
Getting the list of supported authentications</h2>
<p>You are not meant to choose a given authentication method, you can let the server tell you which methods are available. Once you know them, you try them one after the other.</p>
<p>The following example shows how to get the list of available authentication methods with <a class="el" href="group__libssh__auth.html#ga35d44897a44b4bb3b7c01108c1812a37" title="retrieves available authentication methods for this session">ssh_userauth_list()</a> and how to use the result:</p>
<div class="fragment"><div class="line"><span class="keywordtype">int</span> test_several_auth_methods(ssh_session session)</div>
<div class="line">{</div>
<div class="line"> <span class="keywordtype">int</span> method, rc;</div>
<div class="line"></div>
<div class="line"> method = <a class="code" href="group__libssh__auth.html#ga35d44897a44b4bb3b7c01108c1812a37" title="retrieves available authentication methods for this session">ssh_userauth_list</a>(session, NULL);</div>
<div class="line"></div>
<div class="line"> <span class="keywordflow">if</span> (method & SSH_AUTH_METHOD_NONE)</div>
<div class="line"> { <span class="comment">// For the source code of function authenticate_none(),</span></div>
<div class="line"> <span class="comment">// refer to the corresponding example</span></div>
<div class="line"> rc = authenticate_none(session);</div>
<div class="line"> <span class="keywordflow">if</span> (rc == SSH_AUTH_SUCCESS) <span class="keywordflow">return</span> rc;</div>
<div class="line"> }</div>
<div class="line"> <span class="keywordflow">if</span> (method & SSH_AUTH_METHOD_PUBLICKEY)</div>
<div class="line"> { <span class="comment">// For the source code of function authenticate_pubkey(),</span></div>
<div class="line"> <span class="comment">// refer to the corresponding example</span></div>
<div class="line"> rc = authenticate_pubkey(session);</div>
<div class="line"> <span class="keywordflow">if</span> (rc == SSH_AUTH_SUCCESS) <span class="keywordflow">return</span> rc;</div>
<div class="line"> }</div>
<div class="line"> <span class="keywordflow">if</span> (method & SSH_AUTH_METHOD_INTERACTIVE)</div>
<div class="line"> { <span class="comment">// For the source code of function authenticate_kbdint(),</span></div>
<div class="line"> <span class="comment">// refer to the corresponding example</span></div>
<div class="line"> rc = authenticate_kbdint(session);</div>
<div class="line"> <span class="keywordflow">if</span> (rc == SSH_AUTH_SUCCESS) <span class="keywordflow">return</span> rc;</div>
<div class="line"> }</div>
<div class="line"> <span class="keywordflow">if</span> (method & SSH_AUTH_METHOD_PASSWORD)</div>
<div class="line"> { <span class="comment">// For the source code of function authenticate_password(),</span></div>
<div class="line"> <span class="comment">// refer to the corresponding example</span></div>
<div class="line"> rc = authenticate_password(session);</div>
<div class="line"> <span class="keywordflow">if</span> (rc == SSH_AUTH_SUCCESS) <span class="keywordflow">return</span> rc;</div>
<div class="line"> }</div>
<div class="line"> <span class="keywordflow">return</span> SSH_AUTH_ERROR;</div>
<div class="line">}</div>
</div><!-- fragment --><h2><a class="anchor" id="banner"></a>
Getting the banner</h2>
<p>The SSH server might send a banner, which you can retrieve with <a class="el" href="group__libssh__session.html#ga89864d4d5cc6d3d6ef1c39652f2a688f" title="Get the issue banner from the server.">ssh_get_issue_banner()</a>, then display to the user.</p>
<p>The following example shows how to retrieve and dispose the issue banner:</p>
<div class="fragment"><div class="line"><span class="keywordtype">int</span> display_banner(ssh_session session)</div>
<div class="line">{</div>
<div class="line"> <span class="keywordtype">int</span> rc;</div>
<div class="line"> <span class="keywordtype">char</span> *banner;</div>
<div class="line"></div>
<div class="line"><span class="comment">/*</span></div>
<div class="line"><span class="comment"> Does not work without calling ssh_userauth_none() first ***</span></div>
<div class="line"><span class="comment"> That will be fixed ***</span></div>
<div class="line"><span class="comment">*/</span></div>
<div class="line"> rc = <a class="code" href="group__libssh__auth.html#ga58e7c265236edbc97a2f117d3f23b4dd" title="Try to authenticate through the "none" method.">ssh_userauth_none</a>(session, NULL);</div>
<div class="line"> <span class="keywordflow">if</span> (rc == SSH_AUTH_ERROR)</div>
<div class="line"> <span class="keywordflow">return</span> rc;</div>
<div class="line"></div>
<div class="line"> banner = <a class="code" href="group__libssh__session.html#ga89864d4d5cc6d3d6ef1c39652f2a688f" title="Get the issue banner from the server.">ssh_get_issue_banner</a>(session);</div>
<div class="line"> <span class="keywordflow">if</span> (banner)</div>
<div class="line"> {</div>
<div class="line"> printf(<span class="stringliteral">"%s\n"</span>, banner);</div>
<div class="line"> free(banner);</div>
<div class="line"> }</div>
<div class="line"></div>
<div class="line"> <span class="keywordflow">return</span> rc;</div>
<div class="line">}</div>
</div><!-- fragment --> </div></div><!-- contents -->
<!-- start footer part -->
<hr class="footer"/><address class="footer"><small>
Generated by  <a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/>
</a> 1.8.3.1
</small></address>
</body>
</html>
