/// <summary> /// Generate an SSH key fingerprint as defined in draft-ietf-secsh-fingerprint-00.txt. /// </summary> /// <param name="key"></param> /// <returns>the key fingerprint, for example "c1:b1:30:29:d7:b8:de:6c:97:77:10:d7:46:41:63:87" /// </returns> public static System.String GenerateFingerprint(SSHPublicKey key) { Hash md5 = new Hash(new MD5CryptoServiceProvider()); byte[] encoded = key.GetEncoded(); md5.WriteBytes(encoded); byte[] digest = md5.DoFinal(); System.Text.StringBuilder buf = new System.Text.StringBuilder(); int ch; for (int i = 0; i < digest.Length; i++) { ch = digest[i]; if (i > 0) { buf.Append(':'); } buf.Append(HEX[(SupportClass.URShift(ch, 4)) & 0x0F]); buf.Append(HEX[ch & 0x0F]); } return(buf.ToString()); }
internal void PerformKeyExchange(SSHPacket packet) { lock (kexlock) { if (localkex == null) { SendKeyExchangeInit(); } SSH2Context context = (SSH2Context)client.Context; currentState = TransportProtocolState.PERFORMING_KEYEXCHANGE; remotekex = packet.Payload; // Ignore the cookie packet.Skip(16); String remoteKeyExchanges = packet.ReadString(); String remotePublicKeys = packet.ReadString(); String remoteCiphersCS = packet.ReadString(); String remoteCiphersSC = packet.ReadString(); String remoteHMacCS = packet.ReadString(); String remoteHMacSC = packet.ReadString(); String cipherCS = SelectNegotiatedComponent(context.SupportedCiphers.List( context.PreferredCipherCS), remoteCiphersCS); String cipherSC = SelectNegotiatedComponent(context.SupportedCiphers.List( context.PreferredCipherSC), remoteCiphersSC); Cipher encryption = (Cipher)context.SupportedCiphers.GetInstance(cipherCS); Cipher decryption = (Cipher)context.SupportedCiphers.GetInstance(cipherSC); String macCS = SelectNegotiatedComponent(context.SupportedMACs.List( context.PreferredMacCS), remoteHMacCS); String macSC = SelectNegotiatedComponent(context.SupportedMACs.List( context.PreferredMacSC), remoteHMacSC); SSH2Hmac outgoingMac = (SSH2Hmac)context.SupportedMACs.GetInstance(macCS); SSH2Hmac incomingMac = (SSH2Hmac)context.SupportedMACs.GetInstance(macSC); // Ignore compression and languages as were not interested in that atm // Create a Key Exchange instance String kex = SelectNegotiatedComponent(context.SupportedKeyExchanges.List( context.PreferredKeyExchange), remoteKeyExchanges); String publickey = SelectNegotiatedComponent(context.SupportedPublicKeys.List( context.PreferredPublicKey), remotePublicKeys); #if DEBUG // Output the local settings System.Diagnostics.Trace.WriteLine("Local Key exchange settings follow:"); System.Diagnostics.Trace.WriteLine("Key exchange: " + context.SupportedKeyExchanges.List( context.PreferredKeyExchange)); System.Diagnostics.Trace.WriteLine("Public keys : " + context.SupportedPublicKeys.List( context.PreferredPublicKey)); System.Diagnostics.Trace.WriteLine("Ciphers client->server: " + context.SupportedCiphers.List( context.PreferredCipherCS)); System.Diagnostics.Trace.WriteLine("Ciphers server->client: " + context.SupportedCiphers.List( context.PreferredCipherSC)); System.Diagnostics.Trace.WriteLine("HMAC client->server: " + context.SupportedMACs.List( context.PreferredMacCS)); System.Diagnostics.Trace.WriteLine("HMAC server->client: " + context.SupportedMACs.List( context.PreferredMacSC)); // Output the remote settings System.Diagnostics.Trace.WriteLine("Remote Key exchange settings follow:"); System.Diagnostics.Trace.WriteLine("Key exchange: " + remoteKeyExchanges); System.Diagnostics.Trace.WriteLine("Public keys : " + remotePublicKeys); System.Diagnostics.Trace.WriteLine("Ciphers client->server: " + remoteCiphersCS); System.Diagnostics.Trace.WriteLine("Ciphers server->client: " + remoteCiphersSC); System.Diagnostics.Trace.WriteLine("HMAC client->server: " + remoteHMacCS); System.Diagnostics.Trace.WriteLine("HMAC server->client: " + remoteHMacSC); // Output the selected settigns System.Diagnostics.Trace.WriteLine("Selected kex exchange: " + kex); System.Diagnostics.Trace.WriteLine("Selected public key: " + publickey); System.Diagnostics.Trace.WriteLine("Selected cipher client->server: " + cipherCS); System.Diagnostics.Trace.WriteLine("Selected cipher server->client: " + cipherSC); System.Diagnostics.Trace.WriteLine("Selected HMAC client->server: " + macCS); System.Diagnostics.Trace.WriteLine("Selected HMAC server->client: " + macSC); #endif keyexchange = (SSH2KeyExchange)context.SupportedKeyExchanges.GetInstance(kex); keyexchange.Init(this); // Perform the key exchange keyexchange.PerformClientExchange(client.LocalIdentification, client.RemoteIdentification, localkex, remotekex); SSHPublicKey hostkey = (SSHPublicKey)context.SupportedPublicKeys.GetInstance(publickey); hostkey.Init(keyexchange.HostKey, 0, keyexchange.HostKey.Length); if (context.KnownHosts != null) { if (!context.KnownHosts.VerifyHost(transport.Hostname, hostkey)) { Disconnect("Host key not accepted", DisconnectionReason.HOST_KEY_NOT_VERIFIABLE); throw new SSHException("The host key was not accepted", SSHException.CANCELLED_CONNECTION); } } if (!hostkey.VerifySignature(keyexchange.Signature, keyexchange.ExchangeHash)) { Disconnect("The host key signature is invalid", DisconnectionReason.HOST_KEY_NOT_VERIFIABLE); throw new SSHException("The host key signature is invalid", SSHException.PROTOCOL_VIOLATION); } if (sessionIdentifier == null) { sessionIdentifier = keyexchange.ExchangeHash; } packet = GetSSHPacket(true); packet.WriteByte(SSH_MSG_NEWKEYS); #if DEBUG System.Diagnostics.Trace.WriteLine("Sending SSH_MSG_NEWKEYS"); #endif SendMessage(packet); encryption.Init(Cipher.ENCRYPT_MODE, MakeSSHKey('A'), MakeSSHKey('C')); outgoingCipherLength = encryption.BlockSize; outgoingMac.Init(MakeSSHKey('E')); outgoingMacLength = outgoingMac.MacLength; this.encryption = encryption; this.outgoingMac = outgoingMac; do { packet = ReadMessage(); // Process the transport protocol message, must only be // SSH_MSH_INGORE, SSH_MSG_DEBUG, SSH_MSG_DISCONNECT or SSH_MSG_NEWKEYS if (!ProcessMessage(packet)) { Disconnect("Invalid message received during key exchange", DisconnectionReason.PROTOCOL_ERROR); throw new SSHException( "Invalid message received during key exchange", SSHException.PROTOCOL_VIOLATION); } }while(packet.MessageID != SSH_MSG_NEWKEYS); // Put the incoming components into use decryption.Init(Cipher.DECRYPT_MODE, MakeSSHKey('B'), MakeSSHKey('D')); incomingCipherLength = decryption.BlockSize; incomingMac.Init(MakeSSHKey('F')); incomingMacLength = incomingMac.MacLength; this.decryption = decryption; this.incomingMac = incomingMac; //this.incomingCompression = incomingCompression; currentState = TransportProtocolState.CONNECTED; FireStateChange(TransportProtocolState.CONNECTED); lock (kexqueue) { #if DEBUG System.Diagnostics.Trace.WriteLine("Sending queued messages"); #endif for (System.Collections.IEnumerator e = kexqueue.GetEnumerator(); e.MoveNext();) { SendMessage((SSHPacket)e.Current); } kexqueue.Clear(); } // Clean up and reset any parameters localkex = null; remotekex = null; } }
internal SSHKeyPair(SSHPublicKey publickey, SSHPrivateKey privatekey) { this.publickey = publickey; this.privatekey = privatekey; }