using Renci.SshNet.Common; using Renci.SshNet.Compression; using Renci.SshNet.Messages.Authentication; using Renci.SshNet.Messages.Connection; using Renci.SshNet.Security; using Renci.SshNet.Security.Cryptography; using Renci.SshNet.Security.Cryptography.Ciphers; using Renci.SshNet.Security.Cryptography.Ciphers.Modes; using System; using System.Collections.Generic; using System.Linq; using System.Security.Cryptography; using System.Text; namespace Renci.SshNet { public class ConnectionInfo : IConnectionInfoInternal, IConnectionInfo { internal const int DefaultPort = 22; private static readonly TimeSpan DefaultTimeout = TimeSpan.FromSeconds(30); private static readonly TimeSpan DefaultChannelCloseTimeout = TimeSpan.FromSeconds(1); private TimeSpan _timeout; private TimeSpan _channelCloseTimeout; public IDictionary<string, Func<IKeyExchange>> KeyExchangeAlgorithms { get; set; } public IDictionary<string, CipherInfo> Encryptions { get; set; } public IDictionary<string, HashInfo> HmacAlgorithms { get; set; } public IDictionary<string, Func<byte[], KeyHostAlgorithm>> HostKeyAlgorithms { get; set; } public IList<AuthenticationMethod> AuthenticationMethods { get; set; } public IDictionary<string, Func<Compressor>> CompressionAlgorithms { get; set; } public IDictionary<string, RequestInfo> ChannelRequests { get; set; } public bool IsAuthenticated { get; set; } public string Host { get; set; } public int Port { get; set; } public string Username { get; set; } public ProxyTypes ProxyType { get; set; } public string ProxyHost { get; set; } public int ProxyPort { get; set; } public string ProxyUsername { get; set; } public string ProxyPassword { get; set; } public TimeSpan Timeout { get { return _timeout; } set { value.EnsureValidTimeout("Timeout"); _timeout = value; } } public TimeSpan ChannelCloseTimeout { get { return _channelCloseTimeout; } set { value.EnsureValidTimeout("ChannelCloseTimeout"); _channelCloseTimeout = value; } } public Encoding Encoding { get; set; } public int RetryAttempts { get; set; } public int MaxSessions { get; set; } public string CurrentKeyExchangeAlgorithm { get; set; } public string CurrentServerEncryption { get; set; } public string CurrentClientEncryption { get; set; } public string CurrentServerHmacAlgorithm { get; set; } public string CurrentClientHmacAlgorithm { get; set; } public string CurrentHostKeyAlgorithm { get; set; } public string CurrentServerCompressionAlgorithm { get; set; } public string ServerVersion { get; set; } public string ClientVersion { get; set; } public string CurrentClientCompressionAlgorithm { get; set; } IList<IAuthenticationMethod> IConnectionInfoInternal.AuthenticationMethods { get { return AuthenticationMethods.Cast<IAuthenticationMethod>().ToList(); } } public event EventHandler<AuthenticationBannerEventArgs> AuthenticationBanner; public ConnectionInfo(string host, string username, params AuthenticationMethod[] authenticationMethods) : this(host, 22, username, ProxyTypes.None, null, 0, null, null, authenticationMethods) { } public ConnectionInfo(string host, int port, string username, params AuthenticationMethod[] authenticationMethods) : this(host, port, username, ProxyTypes.None, null, 0, null, null, authenticationMethods) { } public ConnectionInfo(string host, int port, string username, ProxyTypes proxyType, string proxyHost, int proxyPort, string proxyUsername, string proxyPassword, params AuthenticationMethod[] authenticationMethods) { ThrowHelper.ThrowIfNull(host, "host"); port.ValidatePort("port"); ThrowHelper.ThrowIfNullOrWhiteSpace(username, "username"); if (proxyType != 0) { ThrowHelper.ThrowIfNull(proxyHost, "proxyHost"); proxyPort.ValidatePort("proxyPort"); } ThrowHelper.ThrowIfNull(authenticationMethods, "authenticationMethods"); if (authenticationMethods.Length == 0) throw new ArgumentException("At least one authentication method should be specified.", "authenticationMethods"); Timeout = DefaultTimeout; ChannelCloseTimeout = DefaultChannelCloseTimeout; RetryAttempts = 10; MaxSessions = 10; Encoding = Encoding.UTF8; KeyExchangeAlgorithms = new Dictionary<string, Func<IKeyExchange>> { { "curve25519-sha256", () => new KeyExchangeECCurve25519() }, { "curve25519-sha256@libssh.org", () => new KeyExchangeECCurve25519() }, { "ecdh-sha2-nistp256", () => new KeyExchangeECDH256() }, { "ecdh-sha2-nistp384", () => new KeyExchangeECDH384() }, { "ecdh-sha2-nistp521", () => new KeyExchangeECDH521() }, { "diffie-hellman-group-exchange-sha256", () => new KeyExchangeDiffieHellmanGroupExchangeSha256() }, { "diffie-hellman-group-exchange-sha1", () => new KeyExchangeDiffieHellmanGroupExchangeSha1() }, { "diffie-hellman-group16-sha512", () => new KeyExchangeDiffieHellmanGroup16Sha512() }, { "diffie-hellman-group14-sha256", () => new KeyExchangeDiffieHellmanGroup14Sha256() }, { "diffie-hellman-group14-sha1", () => new KeyExchangeDiffieHellmanGroup14Sha1() }, { "diffie-hellman-group1-sha1", () => new KeyExchangeDiffieHellmanGroup1Sha1() } }; Encryptions = new Dictionary<string, CipherInfo> { { "aes128-ctr", new CipherInfo(128, (byte[] key, byte[] iv) => new AesCipher(key, iv, AesCipherMode.CTR, false), false) }, { "aes192-ctr", new CipherInfo(192, (byte[] key, byte[] iv) => new AesCipher(key, iv, AesCipherMode.CTR, false), false) }, { "aes256-ctr", new CipherInfo(256, (byte[] key, byte[] iv) => new AesCipher(key, iv, AesCipherMode.CTR, false), false) }, { "aes128-gcm@openssh.com", new CipherInfo(128, (byte[] key, byte[] iv) => new AesGcmCipher(key, iv, 4), true) }, { "aes256-gcm@openssh.com", new CipherInfo(256, (byte[] key, byte[] iv) => new AesGcmCipher(key, iv, 4), true) }, { "chacha20-poly1305@openssh.com", new CipherInfo(512, (byte[] key, byte[] iv) => new ChaCha20Poly1305Cipher(key, 4), true) }, { "aes128-cbc", new CipherInfo(128, (byte[] key, byte[] iv) => new AesCipher(key, iv, AesCipherMode.CBC, false), false) }, { "aes192-cbc", new CipherInfo(192, (byte[] key, byte[] iv) => new AesCipher(key, iv, AesCipherMode.CBC, false), false) }, { "aes256-cbc", new CipherInfo(256, (byte[] key, byte[] iv) => new AesCipher(key, iv, AesCipherMode.CBC, false), false) }, { "3des-cbc", new CipherInfo(192, (byte[] key, byte[] iv) => new TripleDesCipher(key, new CbcCipherMode(iv), null), false) } }; HmacAlgorithms = new Dictionary<string, HashInfo> { { "hmac-sha2-256", new HashInfo(256, (byte[] key) => new HMACSHA256(key), false) }, { "hmac-sha2-512", new HashInfo(512, (byte[] key) => new HMACSHA512(key), false) }, { "hmac-sha1", new HashInfo(160, (byte[] key) => new HMACSHA1(key), false) }, { "hmac-sha2-256-etm@openssh.com", new HashInfo(256, (byte[] key) => new HMACSHA256(key), true) }, { "hmac-sha2-512-etm@openssh.com", new HashInfo(512, (byte[] key) => new HMACSHA512(key), true) }, { "hmac-sha1-etm@openssh.com", new HashInfo(160, (byte[] key) => new HMACSHA1(key), true) } }; Dictionary<string, Func<byte[], KeyHostAlgorithm>> hostAlgs = new Dictionary<string, Func<byte[], KeyHostAlgorithm>>(); hostAlgs.Add("ssh-ed25519-cert-v01@openssh.com", delegate(byte[] data) { Certificate certificate8 = new Certificate(data); return new CertificateHostAlgorithm("ssh-ed25519-cert-v01@openssh.com", certificate8, hostAlgs); }); hostAlgs.Add("ecdsa-sha2-nistp256-cert-v01@openssh.com", delegate(byte[] data) { Certificate certificate7 = new Certificate(data); return new CertificateHostAlgorithm("ecdsa-sha2-nistp256-cert-v01@openssh.com", certificate7, hostAlgs); }); hostAlgs.Add("ecdsa-sha2-nistp384-cert-v01@openssh.com", delegate(byte[] data) { Certificate certificate6 = new Certificate(data); return new CertificateHostAlgorithm("ecdsa-sha2-nistp384-cert-v01@openssh.com", certificate6, hostAlgs); }); hostAlgs.Add("ecdsa-sha2-nistp521-cert-v01@openssh.com", delegate(byte[] data) { Certificate certificate5 = new Certificate(data); return new CertificateHostAlgorithm("ecdsa-sha2-nistp521-cert-v01@openssh.com", certificate5, hostAlgs); }); hostAlgs.Add("rsa-sha2-512-cert-v01@openssh.com", delegate(byte[] data) { Certificate certificate4 = new Certificate(data); return new CertificateHostAlgorithm("rsa-sha2-512-cert-v01@openssh.com", certificate4, new RsaDigitalSignature((RsaKey)certificate4.Key, HashAlgorithmName.SHA512), hostAlgs); }); hostAlgs.Add("rsa-sha2-256-cert-v01@openssh.com", delegate(byte[] data) { Certificate certificate3 = new Certificate(data); return new CertificateHostAlgorithm("rsa-sha2-256-cert-v01@openssh.com", certificate3, new RsaDigitalSignature((RsaKey)certificate3.Key, HashAlgorithmName.SHA256), hostAlgs); }); hostAlgs.Add("ssh-rsa-cert-v01@openssh.com", delegate(byte[] data) { Certificate certificate2 = new Certificate(data); return new CertificateHostAlgorithm("ssh-rsa-cert-v01@openssh.com", certificate2, hostAlgs); }); hostAlgs.Add("ssh-dss-cert-v01@openssh.com", delegate(byte[] data) { Certificate certificate = new Certificate(data); return new CertificateHostAlgorithm("ssh-dss-cert-v01@openssh.com", certificate, hostAlgs); }); hostAlgs.Add("ssh-ed25519", (byte[] data) => new KeyHostAlgorithm("ssh-ed25519", new ED25519Key(new SshKeyData(data)))); hostAlgs.Add("ecdsa-sha2-nistp256", (byte[] data) => new KeyHostAlgorithm("ecdsa-sha2-nistp256", new EcdsaKey(new SshKeyData(data)))); hostAlgs.Add("ecdsa-sha2-nistp384", (byte[] data) => new KeyHostAlgorithm("ecdsa-sha2-nistp384", new EcdsaKey(new SshKeyData(data)))); hostAlgs.Add("ecdsa-sha2-nistp521", (byte[] data) => new KeyHostAlgorithm("ecdsa-sha2-nistp521", new EcdsaKey(new SshKeyData(data)))); hostAlgs.Add("rsa-sha2-512", delegate(byte[] data) { RsaKey rsaKey2 = new RsaKey(new SshKeyData(data)); return new KeyHostAlgorithm("rsa-sha2-512", rsaKey2, new RsaDigitalSignature(rsaKey2, HashAlgorithmName.SHA512)); }); hostAlgs.Add("rsa-sha2-256", delegate(byte[] data) { RsaKey rsaKey = new RsaKey(new SshKeyData(data)); return new KeyHostAlgorithm("rsa-sha2-256", rsaKey, new RsaDigitalSignature(rsaKey, HashAlgorithmName.SHA256)); }); hostAlgs.Add("ssh-rsa", (byte[] data) => new KeyHostAlgorithm("ssh-rsa", new RsaKey(new SshKeyData(data)))); hostAlgs.Add("ssh-dss", (byte[] data) => new KeyHostAlgorithm("ssh-dss", new DsaKey(new SshKeyData(data)))); HostKeyAlgorithms = hostAlgs; CompressionAlgorithms = new Dictionary<string, Func<Compressor>> { { "none", null }, { "zlib@openssh.com", () => new ZlibOpenSsh() } }; ChannelRequests = new Dictionary<string, RequestInfo> { { "env", new EnvironmentVariableRequestInfo() }, { "exec", new ExecRequestInfo() }, { "exit-signal", new ExitSignalRequestInfo() }, { "exit-status", new ExitStatusRequestInfo() }, { "pty-req", new PseudoTerminalRequestInfo() }, { "shell", new ShellRequestInfo() }, { "signal", new SignalRequestInfo() }, { "subsystem", new SubsystemRequestInfo() }, { "window-change", new WindowChangeRequestInfo() }, { "x11-req", new X11ForwardingRequestInfo() }, { "xon-xoff", new XonXoffRequestInfo() }, { "eow@openssh.com", new EndOfWriteRequestInfo() }, { "keepalive@openssh.com", new KeepAliveRequestInfo() } }; Host = host; Port = port; Username = username; ProxyType = proxyType; ProxyHost = proxyHost; ProxyPort = proxyPort; ProxyUsername = proxyUsername; ProxyPassword = proxyPassword; AuthenticationMethods = authenticationMethods; } internal void Authenticate(ISession session, IServiceFactory serviceFactory) { ThrowHelper.ThrowIfNull(serviceFactory, "serviceFactory"); IsAuthenticated = false; serviceFactory.CreateClientAuthentication().Authenticate(this, session); IsAuthenticated = true; } void IConnectionInfoInternal.UserAuthenticationBannerReceived(object sender, MessageEventArgs<BannerMessage> e) { this.AuthenticationBanner?.Invoke(this, new AuthenticationBannerEventArgs(Username, e.Message.Message, e.Message.Language)); } IAuthenticationMethod IConnectionInfoInternal.CreateNoneAuthenticationMethod() { return new NoneAuthenticationMethod(Username); } } }