#define BUG_CHOKES_ON_SSH1_IGNORE 1
#define BUG_SSH2_HMAC 2
#define BUG_NEEDS_SSH1_PLAIN_PASSWORD 4
+#define BUG_CHOKES_ON_RSA 8
static int ssh_pkt_ctx = 0;
logevent("We believe remote version needs a plain SSH1 password");
}
+ if (!strcmp(imp, "Cisco-1.25")) {
+ /*
+ * These versions apparently have no clue whatever about
+ * RSA authentication and will panic and die if they see
+ * an AUTH_RSA message.
+ */
+ ssh_remote_bugs |= BUG_CHOKES_ON_RSA;
+ logevent("We believe remote version can't handle RSA authentication");
+ }
+
if (!strncmp(imp, "2.1.0", 5) || !strncmp(imp, "2.0.", 4) ||
!strncmp(imp, "2.2.0", 5) || !strncmp(imp, "2.3.0", 5) ||
!strncmp(imp, "2.1 ", 4)) {
sprintf(buf, "Connecting to %.100s port %d", addrbuf, port);
logevent(buf);
}
- s = sk_new(addr, port, 0, 1, nodelay, &fn_table_ptr);
- if ((err = sk_socket_error(s)))
+ s = new_connection(addr, *realhost, port, 0, 1, nodelay, &fn_table_ptr);
+ if ((err = sk_socket_error(s))) {
+ s = NULL;
return err;
+ }
#ifdef FWHACK
sk_write(s, "connect ", 8);
break;
case 3:
case 4:
- random_save_seed();
- exit(0);
+ cleanup_exit(0);
break;
default:
if (((c >= ' ' && c <= '~') ||
crWaitUntil(ispkt);
- tried_publickey = tried_agent = 0;
+ if ((ssh_remote_bugs & BUG_CHOKES_ON_RSA)) {
+ /* We must not attempt PK auth. Pretend we've already tried it. */
+ tried_publickey = tried_agent = 1;
+ } else {
+ tried_publickey = tried_agent = 0;
+ }
tis_auth_refused = ccard_auth_refused = 0;
/* Load the public half of cfg.keyfile so we notice if it's in Pageant */
if (*cfg.keyfile) {
break;
case 3:
case 4:
- random_save_seed();
- exit(0);
+ cleanup_exit(0);
break;
default:
if (pos < sizeof(password)-1)
static int we_are_in;
static int num_prompts, echo;
static char username[100];
+ static int got_username;
static char pwprompt[200];
static char password[100];
static void *publickey_blob;
* retype it!
*/
username[0] = '\0';
+ got_username = FALSE;
do {
static int pos;
static char c;
* Get a username.
*/
pos = 0;
- if (*username && !cfg.change_username) {
+ if (got_username && !cfg.change_username) {
/*
* We got a username last time round this loop, and
* with change_username turned off we don't try to get
break;
case 3:
case 4:
- random_save_seed();
- exit(0);
+ cleanup_exit(0);
break;
default:
if (((c >= ' ' && c <= '~') ||
c_write_str(stuff);
}
}
+ got_username = TRUE;
/*
* Send an authentication request using method "none": (a)
break;
case 3:
case 4:
- random_save_seed();
- exit(0);
+ cleanup_exit(0);
break;
default:
if (pos < sizeof(password)-1)