From bbb3f2d28d17e7b6b34ac8b9bfa28298aa8898e1 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@cryptomilk.org>
Date: Wed, 6 Nov 2019 16:06:19 +0100
Subject: [PATCH] ssh-client: Always try to do none auth first!

Per spec a SSH client needs to try the 'none' auth first. This is also
the case with libssh as a client and we exchange important messages with
a server that way. For example SSH2_MSG_EXT_INFO for rsa-sha2-512.
---
 tmate-ssh-client.c | 20 +++++++++++++++++---
 tmate.h            |  3 ++-
 2 files changed, 19 insertions(+), 4 deletions(-)

diff --git a/tmate-ssh-client.c b/tmate-ssh-client.c
index c5fb4243..c554d5ca 100644
--- a/tmate-ssh-client.c
+++ b/tmate-ssh-client.c
@@ -344,11 +344,24 @@ static void on_ssh_client_event(struct tmate_ssh_client *client)
 		 */
 		tmate_debug("Connected to %s", client->server_ip);
 		on_ssh_auth_server_complete(client);
-		client->state = SSH_AUTH_CLIENT;
+		client->state = SSH_AUTH_CLIENT_NONE;
 
 		/* fall through */
+	case SSH_AUTH_CLIENT_NONE:
+		switch(ssh_userauth_none(session, NULL)) {
+		case SSH_AUTH_ERROR:
+			kill_ssh_client(client, "Auth error: %s", ssh_get_error(session));
+			return;
+		case SSH_AUTH_AGAIN:
+			return;
+		case SSH_AUTH_SUCCESS:
+			goto auth_success;
+		default:
+			client->state = SSH_AUTH_CLIENT_PUBKEY;
+		}
 
-	case SSH_AUTH_CLIENT:
+		/* fall through */
+	case SSH_AUTH_CLIENT_PUBKEY:
 		client->tried_passphrase = client->tmate_session->passphrase;
 		switch (ssh_userauth_autopubkey(session, client->tried_passphrase)) {
 		case SSH_AUTH_AGAIN:
@@ -372,7 +385,8 @@ static void on_ssh_client_event(struct tmate_ssh_client *client)
 			kill_ssh_client(client, "Auth error: %s", ssh_get_error(session));
 			return;
 		case SSH_AUTH_SUCCESS:
-			tmate_debug("Auth successful");
+auth_success:
+			tmate_debug("Auth successful with 'publickey'");
 			client->state = SSH_OPEN_CHANNEL;
 
 			client->channel = channel = ssh_channel_new(session);
diff --git a/tmate.h b/tmate.h
index f096a35c..9deb3e8c 100644
--- a/tmate.h
+++ b/tmate.h
@@ -106,7 +106,8 @@ enum tmate_ssh_client_state_types {
 	SSH_INIT,
 	SSH_CONNECT,
 	SSH_AUTH_SERVER,
-	SSH_AUTH_CLIENT,
+	SSH_AUTH_CLIENT_NONE,
+	SSH_AUTH_CLIENT_PUBKEY,
 	SSH_OPEN_CHANNEL,
 	SSH_BOOTSTRAP,
 	SSH_READY,