From 9c827abcb728ced6d3ed8861c2a682b8b9156cae Mon Sep 17 00:00:00 2001
From: HD Moore <hd_moore@rapid7.com>
Date: Thu, 5 Jan 2012 14:09:56 -0600
Subject: [PATCH] net-ssh hackery to disable agent support, disable private key
 support, and add a callback

---
 lib/net/ssh.rb                                  |  6 +++---
 lib/net/ssh/authentication/key_manager.rb       | 15 +++++++++++----
 lib/net/ssh/authentication/methods/publickey.rb |  9 +++++++++
 lib/net/ssh/authentication/session.rb           | 12 ++++++++++--
 4 files changed, 33 insertions(+), 9 deletions(-)

diff --git a/lib/net/ssh.rb b/lib/net/ssh.rb
index 35ade51ab5..21fe13f0d2 100644
--- a/lib/net/ssh.rb
+++ b/lib/net/ssh.rb
@@ -71,7 +71,7 @@ module Net
       :rekey_limit, :rekey_packet_limit, :timeout, :verbose,
       :global_known_hosts_file, :user_known_hosts_file, :host_key_alias,
       :host_name, :user, :properties, :passphrase, :msframework, :msfmodule,
-      :record_auth_info
+      :record_auth_info, :skip_private_keys, :accepted_key_callback, :disable_agent
     ]
 
     # The standard means of starting a new SSH connection. When used with a
@@ -196,7 +196,7 @@ module Net
         # Tell MSF not to auto-close this socket anymore...
         # This allows the transport socket to surive with the session.
         if options[:msfmodule]
-                options[:msfmodule].remove_socket(transport.socket)
+          options[:msfmodule].remove_socket(transport.socket)
         end
 
         if block_given?
@@ -206,7 +206,7 @@ module Net
           return connection
         end
       else
-                 transport.close
+        transport.close
         raise AuthenticationFailed, user
       end
     end
diff --git a/lib/net/ssh/authentication/key_manager.rb b/lib/net/ssh/authentication/key_manager.rb
index 1a2f386e35..eba17cfc76 100644
--- a/lib/net/ssh/authentication/key_manager.rb
+++ b/lib/net/ssh/authentication/key_manager.rb
@@ -121,10 +121,16 @@ module Net
           end
 
           key_data.each do |data|
-            private_key = KeyFactory.load_data_private_key(data)
-            key = private_key.send(:public_key)
-            known_identities[key] = { :from => :key_data, :data => data, :key => private_key }
-            yield key
+            if @options[:skip_private_keys]
+              key = KeyFactory.load_data_public_key(data)
+              known_identities[key] = { :from => :key_data, :data => data }
+	          yield key
+            else
+              private_key = KeyFactory.load_data_private_key(data)
+              key = private_key.send(:public_key)
+              known_identities[key] = { :from => :key_data, :data => data, :key => private_key }
+              yield key
+            end
           end
 
           self
@@ -165,6 +171,7 @@ module Net
 
         # Identifies whether the ssh-agent will be used or not.
         def use_agent?
+          return false if @options[:disable_agent]
           @use_agent
         end
 
diff --git a/lib/net/ssh/authentication/methods/publickey.rb b/lib/net/ssh/authentication/methods/publickey.rb
index 2d95d22e59..c529361b6f 100644
--- a/lib/net/ssh/authentication/methods/publickey.rb
+++ b/lib/net/ssh/authentication/methods/publickey.rb
@@ -54,6 +54,15 @@ module Net
 
               case message.type
                 when USERAUTH_PK_OK
+                  debug { "publickey will be accepted (#{identity.fingerprint})" }
+
+                  # The key is accepted by the server, trigger a callback if set
+                  if session.accepted_key_callback
+                    session.accepted_key_callback.call({ :user => username, :fingerprint => identity.fingerprint, :key => identity.dup })
+                  end 
+
+                  return false if session.skip_private_keys
+                  
                   buffer = build_request(identity, username, next_service, true)
                   sig_data = Net::SSH::Buffer.new
                   sig_data.write_string(session_id)
diff --git a/lib/net/ssh/authentication/session.rb b/lib/net/ssh/authentication/session.rb
index cb12d90011..b471b54377 100644
--- a/lib/net/ssh/authentication/session.rb
+++ b/lib/net/ssh/authentication/session.rb
@@ -33,6 +33,12 @@ module Net; module SSH; module Authentication
 
     # when a successful auth is made, note the auth info if session.options[:record_auth_info]
     attr_accessor :auth_info
+    
+    # when a public key is accepted (even if not used), trigger a callback
+    attr_accessor :accepted_key_callback
+    
+    # when we only want to test a key and not login
+    attr_accessor :skip_private_keys
 
     # Instantiates a new Authentication::Session object over the given
     # transport layer abstraction.
@@ -43,8 +49,10 @@ module Net; module SSH; module Authentication
       @auth_methods = options[:auth_methods] || %w(publickey hostbased password keyboard-interactive)
       @options = options
 
-      @allowed_auth_methods = @auth_methods
-      @auth_info = {}
+      @allowed_auth_methods  = @auth_methods
+      @skip_private_keys     = options[:skip_private_keys] || false
+      @accepted_key_callback = options[:accepted_key_callback]     
+      @auth_info = {}      
     end
 
     # Attempts to authenticate the given user, in preparation for the next