sshping 0.2.4

SSH-based ping that measures interactive character echo latency and file transfer throughput. Pronounced "shipping".
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129

use std::{
    io::{self, IsTerminal},
    path::PathBuf,
    sync::Arc,
    time::{Duration, Instant},
};

use log::{info, warn};
use russh::{
    client,
    keys::{decode_secret_key, PrivateKeyWithHashAlg},
};

async fn authenticate_publickey<H: client::Handler>(
    session: &mut client::Handle<H>,
    user: &str,
    identity: &PathBuf,
    password: Option<&str>,
    timeout: f64,
) -> Result<(), String> {
    let key_content = std::fs::read_to_string(identity)
        .map_err(|e| format!("Failed to read identity file: {e}"))?;

    // Try to decode the key with the provided password first
    let mut key_result = decode_secret_key(&key_content, password);

    // If decoding fails and we're in an interactive terminal, prompt for passphrase
    if key_result.is_err() && password.is_none() && io::stdin().is_terminal() {
        eprint!("Enter passphrase for key '{}': ", identity.display());
        if let Ok(passphrase) = rpassword::read_password()
            && !passphrase.is_empty()
        {
            key_result = decode_secret_key(&key_content, Some(&passphrase));
        }
    }

    let key = key_result.map_err(|e| format!("Failed to decode secret key: {e}"))?;

    // Get the best supported RSA hash algorithm for the connection
    let rsa_hash = session
        .best_supported_rsa_hash()
        .await
        .map_err(|e| format!("Failed to get RSA hash algorithm: {e}"))?
        .flatten();

    let timeout_result = tokio::time::timeout(
        Duration::from_secs_f64(timeout),
        session.authenticate_publickey(user, PrivateKeyWithHashAlg::new(Arc::new(key), rsa_hash)),
    )
    .await
    .map_err(|_| format!("Public key authentication timed out after {timeout} seconds"))?;
    let auth_result =
        timeout_result.map_err(|e| format!("Public key authentication failed: {e}"))?;
    if !auth_result.success() {
        return Err("Public key authentication returned false".to_string());
    }

    info!("Public key authentication succeeded");
    Ok(())
}

async fn authenticate_password<H: client::Handler>(
    session: &mut client::Handle<H>,
    user: &str,
    password: &str,
    timeout: f64,
) -> Result<(), String> {
    let timeout_result = tokio::time::timeout(
        Duration::from_secs_f64(timeout),
        session.authenticate_password(user, password),
    )
    .await
    .map_err(|_| format!("Password authentication timed out after {timeout} seconds"))?;
    let auth_result = timeout_result.map_err(|e| format!("Password authentication failed: {e}"))?;
    if !auth_result.success() {
        return Err("Password authentication returned false".to_string());
    }

    info!("Password authentication succeeded");
    Ok(())
}

pub async fn authenticate_all<H: client::Handler>(
    session: &mut client::Handle<H>,
    user: &str,
    password: Option<&str>,
    identity: Option<&PathBuf>,
    timeout: f64,
) -> Result<Duration, &'static str> {
    let start = Instant::now();

    // Try public key authentication if identity file is provided
    if let Some(identity_path) = identity
        && authenticate_publickey(session, user, identity_path, password, timeout)
            .await
            .inspect_err(|e| warn!("{e}"))
            .is_ok()
    {
        return Ok(start.elapsed());
    }

    // Try password authentication with provided password
    if let Some(pwd) = password
        && authenticate_password(session, user, pwd, timeout)
            .await
            .inspect_err(|e| warn!("{e}"))
            .is_ok()
    {
        return Ok(start.elapsed());
    }

    // If no password was provided and we're in an interactive terminal,
    // prompt for one
    if password.is_none() && io::stdin().is_terminal() {
        eprint!("{}'s password: ", user);
        if let Ok(pwd) = rpassword::read_password()
            && !pwd.is_empty()
            && authenticate_password(session, user, &pwd, timeout)
                .await
                .inspect_err(|e| warn!("{e}"))
                .is_ok()
        {
            return Ok(start.elapsed());
        }
    }

    // Fails if all authentication methods fail
    Err("All authentication methods failed")
}