/** * this method is called if a user attempts password authentication * it determines whether password authentication is possible. * if it isnt, but keyboard interactive is possible, it authenticates using that instead */ private SSHAuthentication checkForPasswordOverKBI(SSHAuthentication auth) { bool kbiAuthenticationPossible = false; for (int i = 0; i < authenticationMethods.Length; i++) { if (authenticationMethods[i].Equals("password")) { //password authentication is possible so return auth unchanged return(auth); } else { if ((authenticationMethods[i].Equals("keyboard-interactive"))) { //if none of the subsequent methods are password then have option to use kbi instead kbiAuthenticationPossible = true; } } } //password is not possible, so attempt kbi if (kbiAuthenticationPossible) { //create KBIAuthentication instance KBIAuthentication kbi = new KBIAuthentication(); //set the username that the user entered kbi.Username = ((PasswordAuthentication)auth).Username; //set request handler, that sets the password the user entered as response to any prompts KBIRequestHandlerWhenUserUsingPasswordAuthentication handler = new KBIRequestHandlerWhenUserUsingPasswordAuthentication((PasswordAuthentication)auth); kbi.InteractivePrompt += new ShowAuthenticationPrompts(handler.showPrompts); return(kbi); } //neither password nor kbi is possible so return auth unchanged so that the normal error message is returned return(auth); }
/// <summary> /// Authenticate the user. Once connected call to authenticate the user. When a connection is made /// no other operations can be performed until the user has been authenticated. /// </summary> /// <param name="auth"></param> /// <returns></returns> public AuthenticationResult Authenticate(SSHAuthentication auth) { VerifyConnection(false); if (auth.Username == null) { auth.Username = username; } //if authentication method is Password authentication then check if password is available else attempt kbi if its available if (auth is PasswordAuthentication || auth is SSH2PasswordAuthentication) { auth = checkForPasswordOverKBI(auth); } AuthenticationResult result = AuthenticationResult.FAILED; if ((auth is PasswordAuthentication) && !(auth is SSH2PasswordAuthentication)) { SSH2PasswordAuthentication pwd = new SSH2PasswordAuthentication(); pwd.Username = auth.Username; pwd.Password = ((PasswordAuthentication)auth).Password; result = authentication.Authenticate(pwd, ConnectionProtocol.SERVICE_NAME); } else if (auth is SSH2AuthenticationClient) { result = authentication.Authenticate((SSH2AuthenticationClient)auth, ConnectionProtocol.SERVICE_NAME); } else if (auth is PublicKeyAuthentication && !(auth is SSH2PublicKeyAuthentication)) { SSH2PublicKeyAuthentication pk = new SSH2PublicKeyAuthentication(((PublicKeyAuthentication)auth).KeyPair); pk.Username = ((PublicKeyAuthentication)auth).Username; pk.VerifyOnly = ((PublicKeyAuthentication)auth).VerifyOnly; result = authentication.Authenticate(pk, ConnectionProtocol.SERVICE_NAME); } else if (auth is SSH2PublicKeyAuthentication) { result = authentication.Authenticate((SSH2AuthenticationClient)auth, ConnectionProtocol.SERVICE_NAME); } else { throw new SSHException("Invalid authentication client", SSHException.BAD_API_USAGE); } if (result == AuthenticationResult.COMPLETE) { FireEvent(SSHState.AUTHENTICATED); this.auth = auth; } return(result); }