src/syncterm/ssh.c - Historico da BBS TELESC.NET.BR

BBS:      TELESC.NET.BR
Assunto:  src/syncterm/ssh.c
De:       Deuc¨
Data:     Sat, 25 Apr 2026 04:38:43 -0700
-----------------------------------------------------------
https://gitlab.synchro.net/main/sbbs/-/commit/cc8f3254781763bddaef82b3
Modified Files:
	src/syncterm/ssh.c
Log Message:
syncterm: simplify SSH auth flow; PuTTY-style KBI password autofill

Replace the auth state machine in ssh_connect() with a flat,
strongest-to-weakest order driven by the RFC 4252 "none" probe:

  1. probe; if "none" was accepted we're done
  2. publickey   (if advertised)
  3. password    (if advertised  stored value first, then up to 3 prompts)
  4. keyboard-interactive  (if advertised)

Each method is gated on the server's advertised list, so users aren't
prompted for credentials the server would reject regardless (e.g. an
OpenSSH target with PasswordAuthentication=no no longer cycles three
dead password prompts before falling through to KBI).

Also fixes a latent bug in the SSHNA path that unconditionally set
auth_rc=0 on any non-error return from dssh_auth_get_methods, even
when the response was "methods available, none-auth not accepted".

In kbi_prompt_cb:

  - Auto-fill the saved password when the server sends exactly the
    literal prompt "Password: " (PuTTY-style: single prompt, echo off,
    literal text match).  This avoids burning credentials on 2FA
    "Passcode:" prompts, GPG-style "Passphrase:" prompts, password-
    change flows, or anything else dressed up to look password-like.
    The fire-once latch ensures a wrong saved password doesn't loop;
    subsequent prompts fall through to the user.

  - Strip a trailing ':' from the server's prompt before passing it
    to uifcinput(), since uifc.input always appends ':' itself and
    "Password:" would otherwise render as "Password::".

Drops the speculative "Cryptlib mishandles failed ssh-ed25519 publickey
probe" gate  the comment was likely a debugging artifact, not a
verified server behavior, and gating production logic on an
unreproducible claim made the flow harder to reason about than the
risk justified.

Co-Authored-By: Claude Opus 4.7 (1M context) 
n
---
  mSynchronetn  hgVertrauen n hHome of Synchronet n gh[vert/cvs/bbs].synchro.net

-----------------------------------------------------------
[Voltar]