/** * @param string * @return bool */ public function authenticate(PacketProtocol $protocol, $packet) { if ($this->user) { $protocol->send('bnb', SSH_MSG_USERAUTH_FAILURE, array(), 0); return FALSE; } list($user, $service, $method) = parse('sss', $packet); if ($service !== 'ssh-connection' || $method !== 'publickey') { $protocol->send('bnb', SSH_MSG_USERAUTH_FAILURE, array('publickey'), 0); return FALSE; } list($signed, $publickey_algorithm, $publickey) = parse('bss', $packet); // FIXME: currently on ssh-rsa supported if ($publickey_algorithm !== 'ssh-rsa' || ($content = @file_get_contents($this->dir . '/' . $user)) === FALSE) { $protocol->send('bnb', SSH_MSG_USERAUTH_FAILURE, array('publickey'), 0); return FALSE; } if (!$signed) { $protocol->send('bss', SSH_MSG_USERAUTH_PK_OK, $publickey_algorithm, $publickey); return FALSE; } list($signature) = parse('s', $packet); list($known_publickey_algorithm, $known_publickey, ) = explode(' ', trim($content), 3); $known_publickey = base64_decode($known_publickey); if (!($known_publickey_algorithm === $publickey_algorithm && $known_publickey === $publickey)) { $protocol->send('bnb', SSH_MSG_USERAUTH_FAILURE, array('publickey'), 0); return FALSE; } $data = format('sbsssbss', $protocol->getSessionId(), SSH_MSG_USERAUTH_REQUEST, $user, $service, 'publickey', 1, $publickey_algorithm, $publickey); if (verify($publickey, $data, $signature)) { $protocol->send('b', SSH_MSG_USERAUTH_SUCCESS); $this->user = $user; $this->service = $service; return TRUE; } return FALSE; }