Merge tag 'OTP-19.0' into sverker/19/binary_to_atom-utf8-crash/ERL-474/OTP-14590

1 files changed, 265 insertions, 220 deletions

diff --git a/lib/ssh/src/ssh_auth.erl b/lib/ssh/src/ssh_auth.erl
index cb0c7751f0..49eec8072f 100644
--- a/lib/ssh/src/ssh_auth.erl
+++ b/lib/ssh/src/ssh_auth.erl
@@ -1,18 +1,19 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2012. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2016. All Rights Reserved.
 %%
-%% The contents of this file are subject to the Erlang Public License,
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved online at http://www.erlang.org/.
+%% Licensed under the Apache License, Version 2.0 (the "License");
+%% you may not use this file except in compliance with the License.
+%% You may obtain a copy of the License at
 %%
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-%% the License for the specific language governing rights and limitations
-%% under the License.
+%%     http://www.apache.org/licenses/LICENSE-2.0
+%%
+%% Unless required by applicable law or agreed to in writing, software
+%% distributed under the License is distributed on an "AS IS" BASIS,
+%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+%% See the License for the specific language governing permissions and
+%% limitations under the License.
 %%
 %% %CopyrightEnd%
 %%
@@ -30,8 +31,7 @@
 -export([publickey_msg/1, password_msg/1, keyboard_interactive_msg/1,
 	 service_request_msg/1, init_userauth_request_msg/1,
 	 userauth_request_msg/1, handle_userauth_request/3,
-	 handle_userauth_info_request/3, handle_userauth_info_response/2,
-	 userauth_messages/0
+	 handle_userauth_info_request/3, handle_userauth_info_response/2
 	]).
 
 %%--------------------------------------------------------------------
@@ -41,35 +41,35 @@ publickey_msg([Alg, #ssh{user = User,
 		       session_id = SessionId,
 		       service = Service,
 		       opts = Opts} = Ssh]) ->
-
     Hash = sha, %% Maybe option?!
-    ssh_bits:install_messages(userauth_pk_messages()),
     KeyCb = proplists:get_value(key_cb, Opts, ssh_file),
-
     case KeyCb:user_key(Alg, Opts) of
-	{ok, Key} ->
-	    StrAlgo = algorithm_string(Alg),
-	    PubKeyBlob = encode_public_key(Key),
-	    SigData = build_sig_data(SessionId, 
-				     User, Service, PubKeyBlob, StrAlgo),
-	    Sig = ssh_transport:sign(SigData, Hash, Key),
-	    SigBlob = list_to_binary([?string(StrAlgo), ?binary(Sig)]),
-	    ssh_transport:ssh_packet(
-	      #ssh_msg_userauth_request{user = User,
-					service = Service,
-					method = "publickey",
-					data = [?TRUE,
-						?string(StrAlgo),
-						?binary(PubKeyBlob),
-						?binary(SigBlob)]},
-	      Ssh);
+	{ok, PrivKey} ->
+	    StrAlgo = atom_to_list(Alg),
+            case encode_public_key(StrAlgo, ssh_transport:extract_public_key(PrivKey)) of
+		not_ok ->
+		    not_ok;
+		PubKeyBlob ->
+		    SigData = build_sig_data(SessionId, 
+					     User, Service, PubKeyBlob, StrAlgo),
+		    Sig = ssh_transport:sign(SigData, Hash, PrivKey),
+		    SigBlob = list_to_binary([?string(StrAlgo), ?binary(Sig)]),
+		    ssh_transport:ssh_packet(
+		      #ssh_msg_userauth_request{user = User,
+						service = Service,
+						method = "publickey",
+						data = [?TRUE,
+							?string(StrAlgo),
+							?binary(PubKeyBlob),
+							?binary(SigBlob)]},
+		      Ssh)
+	    end;
      	_Error ->
 	    not_ok
     end.
 
 password_msg([#ssh{opts = Opts, io_cb = IoCb,
 		   user = User, service = Service} = Ssh]) ->
-    ssh_bits:install_messages(userauth_passwd_messages()),
     Password = case proplists:get_value(password, Opts) of
 		   undefined -> 
 		       user_interaction(IoCb, Ssh);
@@ -86,7 +86,7 @@ password_msg([#ssh{opts = Opts, io_cb = IoCb,
 					method = "password",
 					data =
 					    <<?BOOLEAN(?FALSE),
-					      ?STRING(list_to_binary(Password))>>},
+					      ?STRING(unicode:characters_to_binary(Password))>>},
 	      Ssh)
     end.
 
@@ -99,7 +99,6 @@ user_interaction(IoCb, Ssh) ->
 %% See RFC 4256 for info on keyboard-interactive
 keyboard_interactive_msg([#ssh{user = User,
 			       service = Service} = Ssh]) ->
-    ssh_bits:install_messages(userauth_keyboard_interactive_messages()),
     ssh_transport:ssh_packet(
       #ssh_msg_userauth_request{user = User,
 				service = Service,
@@ -119,41 +118,26 @@ init_userauth_request_msg(#ssh{opts = Opts} = Ssh) ->
 					    service = "ssh-connection",
 					    method = "none",
 					    data = <<>>},
-	    case proplists:get_value(pref_public_key_algs, Opts, false) of
-		false ->
-		    FirstAlg = proplists:get_value(public_key_alg, Opts, ?PREFERRED_PK_ALG),
-		    SecondAlg = other_alg(FirstAlg),
-		    AllowUserInt =  proplists:get_value(user_interaction, Opts, true),
-		    Prefs = method_preference(FirstAlg, SecondAlg, AllowUserInt),
-		    ssh_transport:ssh_packet(Msg, Ssh#ssh{user = User,
-							  userauth_preference = Prefs,
-							  userauth_methods = none,
-							  service = "ssh-connection"});
-		Algs ->
-		    FirstAlg = lists:nth(1, Algs),
-		    case length(Algs) =:= 2 of
-			true ->
-			    SecondAlg = other_alg(FirstAlg),
-			    AllowUserInt =  proplists:get_value(user_interaction, Opts, true),
-			    Prefs = method_preference(FirstAlg, SecondAlg, AllowUserInt),
-			    ssh_transport:ssh_packet(Msg, Ssh#ssh{user = User,
-								  userauth_preference = Prefs,
-								  userauth_methods = none,
-								  service = "ssh-connection"});
-			_ ->
-			    AllowUserInt = proplists:get_value(user_interaction, Opts, true),
-			    Prefs = method_preference(FirstAlg, AllowUserInt),
-			    ssh_transport:ssh_packet(Msg, Ssh#ssh{user = User,
-								  userauth_preference = Prefs,
-								  userauth_methods = none,
-								  service = "ssh-connection"})
-		    end
-	    end;
+	    Algs0 = proplists:get_value(pref_public_key_algs, Opts, ?SUPPORTED_USER_KEYS),
+	    %% The following line is not strictly correct. The call returns the
+	    %% supported HOST key types while we are interested in USER keys. However,
+	    %% they "happens" to be the same (for now).  This could change....
+	    %% There is no danger as long as the set of user keys is a subset of the set
+	    %% of host keys.
+	    CryptoSupported = ssh_transport:supported_algorithms(public_key),
+	    Algs = [A || A <- Algs0,
+			 lists:member(A, CryptoSupported)],
+
+	    Prefs = method_preference(Algs),
+	    ssh_transport:ssh_packet(Msg, Ssh#ssh{user = User,
+						  userauth_preference = Prefs,
+						  userauth_methods = none,
+						  service = "ssh-connection"});
 	{error, no_user} ->
 	    ErrStr = "Could not determine the users name",
-	    throw(#ssh_msg_disconnect{code = ?SSH_DISCONNECT_ILLEGAL_USER_NAME,
-				      description = ErrStr,
-				      language = "en"})
+	    ssh_connection_handler:disconnect(
+	      #ssh_msg_disconnect{code = ?SSH_DISCONNECT_ILLEGAL_USER_NAME,
+				  description = ErrStr})
     end.
 
 userauth_request_msg(#ssh{userauth_preference = []} = Ssh) ->    
@@ -175,7 +159,7 @@ userauth_request_msg(#ssh{userauth_methods = Methods,
 		not_ok ->
 		    userauth_request_msg(Ssh);
 		Result ->
-		    Result
+		    {Pref,Result}
 	    end;
 	false ->
 	    userauth_request_msg(Ssh)
@@ -191,24 +175,44 @@ handle_userauth_request(#ssh_msg_service_request{name =
 handle_userauth_request(#ssh_msg_userauth_request{user = User,
 						  service = "ssh-connection",
 						  method = "password",
-						  data = Data}, _, 
-			#ssh{opts = Opts} = Ssh) ->
-    <<_:8, ?UINT32(Sz), BinPwd:Sz/binary>> = Data,
-    Password = binary_to_list(BinPwd),
-    
-    case check_password(User, Password, Opts) of
-	true ->
+						  data = <<?FALSE, ?UINT32(Sz), BinPwd:Sz/binary>>}, _, 
+			#ssh{opts = Opts,
+			     userauth_supported_methods = Methods} = Ssh) ->
+    Password = unicode:characters_to_list(BinPwd),
+    case check_password(User, Password, Opts, Ssh) of
+	{true,Ssh1} ->
 	    {authorized, User,
-	     ssh_transport:ssh_packet(#ssh_msg_userauth_success{}, Ssh)};
-	false  ->
-	    {not_authorized, {User, {passwd, Password}}, 
+	     ssh_transport:ssh_packet(#ssh_msg_userauth_success{}, Ssh1)};
+	{false,Ssh1}  ->
+	    {not_authorized, {User, {error,"Bad user or password"}}, 
 	     ssh_transport:ssh_packet(#ssh_msg_userauth_failure{
-		     authentications = "",
-		     partial_success = false}, Ssh)}
+		     authentications = Methods,
+		     partial_success = false}, Ssh1)}
     end;
 
 handle_userauth_request(#ssh_msg_userauth_request{user = User,
 						  service = "ssh-connection",
+						  method = "password",
+						  data = <<?TRUE,
+							   _/binary
+							   %% ?UINT32(Sz1), OldBinPwd:Sz1/binary,
+							   %% ?UINT32(Sz2), NewBinPwd:Sz2/binary
+							 >>
+						 }, _, 
+			#ssh{userauth_supported_methods = Methods} = Ssh) ->
+    %% Password change without us having sent SSH_MSG_USERAUTH_PASSWD_CHANGEREQ (because we never do)
+    %% RFC 4252 says:
+    %%   SSH_MSG_USERAUTH_FAILURE without partial success - The password
+    %%   has not been changed.  Either password changing was not supported,
+    %%   or the old password was bad. 
+
+    {not_authorized, {User, {error,"Password change not supported"}}, 
+     ssh_transport:ssh_packet(#ssh_msg_userauth_failure{
+				 authentications = Methods,
+				 partial_success = false}, Ssh)};
+
+handle_userauth_request(#ssh_msg_userauth_request{user = User,
+						  service = "ssh-connection",
 						  method = "none"}, _,
 			#ssh{userauth_supported_methods = Methods} = Ssh) ->
     {not_authorized, {User, undefined},
@@ -220,7 +224,9 @@ handle_userauth_request(#ssh_msg_userauth_request{user = User,
 						  service = "ssh-connection",
 						  method = "publickey",
 						  data = Data}, 
-			SessionId, #ssh{opts = Opts} = Ssh) ->
+			SessionId, 
+			#ssh{opts = Opts,
+			     userauth_supported_methods = Methods} = Ssh) ->
     <<?BYTE(HaveSig), ?UINT32(ALen), BAlg:ALen/binary, 
      ?UINT32(KLen), KeyBlob:KLen/binary, SigWLen/binary>> = Data,
     Alg = binary_to_list(BAlg),
@@ -233,13 +239,12 @@ handle_userauth_request(#ssh_msg_userauth_request{user = User,
 		     ssh_transport:ssh_packet(
 		       #ssh_msg_userauth_success{}, Ssh)};
 		false ->
-		    {not_authorized, {User, {error, "Invalid signature"}}, 
+		    {not_authorized, {User, undefined}, 
 		     ssh_transport:ssh_packet(#ssh_msg_userauth_failure{
-			     authentications="publickey,password",
+			     authentications = Methods,
 			     partial_success = false}, Ssh)}
 	    end;
 	?FALSE ->
-	    ssh_bits:install_messages(userauth_pk_messages()),
 	    {not_authorized, {User, undefined},
 	     ssh_transport:ssh_packet(
 	       #ssh_msg_userauth_pk_ok{algorithm_name = Alg,
@@ -248,6 +253,64 @@ handle_userauth_request(#ssh_msg_userauth_request{user = User,
 
 handle_userauth_request(#ssh_msg_userauth_request{user = User,
 						  service = "ssh-connection",
+						  method = "keyboard-interactive",
+						  data = _},
+			_, #ssh{opts = Opts,
+				kb_tries_left = KbTriesLeft,
+				userauth_supported_methods = Methods} = Ssh) ->
+    case KbTriesLeft of
+	N when N<1 ->
+	    {not_authorized, {User, {authmethod, "keyboard-interactive"}}, 
+	     ssh_transport:ssh_packet(
+	       #ssh_msg_userauth_failure{authentications = Methods,
+					 partial_success = false}, Ssh)};
+
+	_ ->
+	    %% RFC4256
+	    %% The data field contains:
+	    %%   - language tag (deprecated). If =/=[] SHOULD use it however. We skip
+	    %%                                it for simplicity.
+	    %%   - submethods. "... the user can give a hint of which actual methods
+	    %%                  he wants to use. ...".  It's a "MAY use" so we skip
+	    %%                  it. It also needs an understanding between the client
+	    %%                  and the server.
+	    %%                  
+	    %% "The server MUST reply with an SSH_MSG_USERAUTH_SUCCESS,
+	    %%  SSH_MSG_USERAUTH_FAILURE, or SSH_MSG_USERAUTH_INFO_REQUEST message."
+	    Default = {"SSH server",
+		       "Enter password for \""++User++"\"",
+		       "password: ",
+		       false},
+
+	    {Name, Instruction, Prompt, Echo} =
+		case proplists:get_value(auth_method_kb_interactive_data, Opts) of
+		    undefined -> 
+			Default;
+		    {_,_,_,_}=V -> 
+			V;
+		    F when is_function(F) ->
+			{_,PeerName} = Ssh#ssh.peer,
+			F(PeerName, User, "ssh-connection")
+		end,
+	    EchoEnc = case Echo of
+			  true -> <<?TRUE>>;
+			  false -> <<?FALSE>>
+		      end,
+	    Msg = #ssh_msg_userauth_info_request{name = unicode:characters_to_list(Name),
+						 instruction = unicode:characters_to_list(Instruction),
+						 language_tag = "",
+						 num_prompts = 1,
+						 data = <<?STRING(unicode:characters_to_binary(Prompt)),
+							  EchoEnc/binary
+							>>
+						},
+	    {not_authorized, {User, undefined}, 
+	     ssh_transport:ssh_packet(Msg, Ssh#ssh{user = User
+						  })}
+    end;
+
+handle_userauth_request(#ssh_msg_userauth_request{user = User,
+						  service = "ssh-connection",
 						  method = Other}, _,
 			#ssh{userauth_supported_methods = Methods} = Ssh) ->
     {not_authorized, {User, {authmethod, Other}}, 
@@ -255,6 +318,8 @@ handle_userauth_request(#ssh_msg_userauth_request{user = User,
        #ssh_msg_userauth_failure{authentications = Methods,
 				 partial_success = false}, Ssh)}.
 
+
+
 handle_userauth_info_request(
   #ssh_msg_userauth_info_request{name = Name,
 				 instruction = Instr,
@@ -262,62 +327,56 @@ handle_userauth_info_request(
 				 data  = Data}, IoCb, 
   #ssh{opts = Opts} = Ssh) ->
     PromptInfos = decode_keyboard_interactive_prompts(NumPrompts,Data),
-    Resps = keyboard_interact_get_responses(IoCb, Opts,
+    Responses = keyboard_interact_get_responses(IoCb, Opts,
 					    Name, Instr, PromptInfos),
-    RespBin = list_to_binary(
-		lists:map(fun(S) -> <<?STRING(list_to_binary(S))>> end,
-			  Resps)),
     {ok, 
      ssh_transport:ssh_packet(
        #ssh_msg_userauth_info_response{num_responses = NumPrompts,
-				       data = RespBin}, Ssh)}.
+				       data = Responses}, Ssh)}.
+
+handle_userauth_info_response(#ssh_msg_userauth_info_response{num_responses = 1,
+							      data = <<?UINT32(Sz), Password:Sz/binary>>},
+			      #ssh{opts = Opts,
+				   kb_tries_left = KbTriesLeft,
+				   user = User,
+				   userauth_supported_methods = Methods} = Ssh) ->
+    case check_password(User, unicode:characters_to_list(Password), Opts, Ssh) of
+	{true,Ssh1} ->
+	    {authorized, User,
+	     ssh_transport:ssh_packet(#ssh_msg_userauth_success{}, Ssh1)};
+	{false,Ssh1} ->
+	    {not_authorized, {User, {error,"Bad user or password"}}, 
+	     ssh_transport:ssh_packet(#ssh_msg_userauth_failure{
+					 authentications = Methods,
+					 partial_success = false}, 
+				      Ssh1#ssh{kb_tries_left = max(KbTriesLeft-1, 0)}
+				     )}
+    end;
 
 handle_userauth_info_response(#ssh_msg_userauth_info_response{},
 			      _Auth) ->
-    throw(#ssh_msg_disconnect{code = ?SSH_DISCONNECT_SERVICE_NOT_AVAILABLE,
-			      description = "Server does not support" 
-			      "keyboard-interactive", 
-			      language = "en"}).
-userauth_messages() ->
-    [ {ssh_msg_userauth_request, ?SSH_MSG_USERAUTH_REQUEST,
-       [string, 
-	string, 
-	string, 
-	'...']},
-
-      {ssh_msg_userauth_failure, ?SSH_MSG_USERAUTH_FAILURE,
-       [string, 
-	boolean]},
-
-      {ssh_msg_userauth_success, ?SSH_MSG_USERAUTH_SUCCESS,
-       []},
-
-      {ssh_msg_userauth_banner, ?SSH_MSG_USERAUTH_BANNER,
-       [string, 
-	string]}].
+    ssh_connection_handler:disconnect(
+      #ssh_msg_disconnect{code = ?SSH_DISCONNECT_SERVICE_NOT_AVAILABLE,
+			  description = "Server does not support keyboard-interactive"
+			 }).
+
+
 %%--------------------------------------------------------------------
 %%% Internal functions
 %%--------------------------------------------------------------------
-method_preference(Alg1, Alg2, true) ->
-    [{"publickey", ?MODULE, publickey_msg, [Alg1]},
-     {"publickey", ?MODULE, publickey_msg,[Alg2]},
-     {"password", ?MODULE, password_msg, []},
-     {"keyboard-interactive", ?MODULE, keyboard_interactive_msg, []}
-    ];
-method_preference(Alg1, Alg2, false) ->
-    [{"publickey", ?MODULE, publickey_msg, [Alg1]},
-     {"publickey", ?MODULE, publickey_msg,[Alg2]},
-     {"password", ?MODULE, password_msg, []}
-    ].
-method_preference(Alg1, true) ->
-    [{"publickey", ?MODULE, publickey_msg, [Alg1]},
-     {"password", ?MODULE, password_msg, []},
-     {"keyboard-interactive", ?MODULE, keyboard_interactive_msg, []}
-    ];
-method_preference(Alg1, false) ->
-    [{"publickey", ?MODULE, publickey_msg, [Alg1]},
-     {"password", ?MODULE, password_msg, []}
-    ].
+method_preference(Algs) ->
+    lists:foldr(fun(A, Acc) ->
+		       [{"publickey", ?MODULE, publickey_msg, [A]} | Acc]
+	       end, 
+	       [{"password", ?MODULE, password_msg, []},
+		{"keyboard-interactive", ?MODULE, keyboard_interactive_msg, []},
+		{"keyboard-interactive", ?MODULE, keyboard_interactive_msg, []},
+		{"keyboard-interactive", ?MODULE, keyboard_interactive_msg, []},
+		{"keyboard-interactive", ?MODULE, keyboard_interactive_msg, []},
+		{"keyboard-interactive", ?MODULE, keyboard_interactive_msg, []},
+		{"keyboard-interactive", ?MODULE, keyboard_interactive_msg, []}
+	       ],
+	       Algs).
 
 user_name(Opts) ->
     Env = case os:type() of
@@ -338,13 +397,34 @@ user_name(Opts) ->
 	    {ok, User}
     end.
 
-check_password(User, Password, Opts) ->
+check_password(User, Password, Opts, Ssh) ->
     case proplists:get_value(pwdfun, Opts) of
 	undefined ->
 	    Static = get_password_option(Opts, User),
-	    Password == Static;
-	Cheker ->
-	    Cheker(User, Password)
+	    {Password == Static, Ssh};
+
+	Checker when is_function(Checker,2) ->
+	    {Checker(User, Password), Ssh};
+
+	Checker when is_function(Checker,4) ->
+	    #ssh{pwdfun_user_state = PrivateState,
+		 peer = {_,PeerAddr={_,_}}
+		} = Ssh,
+	    case Checker(User, Password, PeerAddr, PrivateState) of
+		true ->
+		    {true,Ssh};
+		false ->
+		    {false,Ssh};
+		{true,NewState} ->
+		    {true, Ssh#ssh{pwdfun_user_state=NewState}};
+		{false,NewState} ->
+		    {false, Ssh#ssh{pwdfun_user_state=NewState}};
+		disconnect ->
+		    ssh_connection_handler:disconnect(
+		      #ssh_msg_disconnect{code = ?SSH_DISCONNECT_SERVICE_NOT_AVAILABLE,
+					  description = "Unable to connect using the available authentication methods"
+					 })
+	    end
     end.
 
 get_password_option(Opts, User) ->
@@ -373,7 +453,7 @@ verify_sig(SessionId, User, Service, Alg, KeyBlob, SigWLen, Opts) ->
 build_sig_data(SessionId, User, Service, KeyBlob, Alg) ->
     Sig = [?binary(SessionId),
 	   ?SSH_MSG_USERAUTH_REQUEST,
-	   ?string(User),
+	   ?string_utf8(User),
 	   ?string(Service),
 	   ?binary(<<"publickey">>),
 	   ?TRUE,
@@ -381,49 +461,35 @@ build_sig_data(SessionId, User, Service, KeyBlob, Alg) ->
 	   ?binary(KeyBlob)],
     list_to_binary(Sig).
 
-algorithm_string('ssh-rsa') ->
-    "ssh-rsa";
-algorithm_string('ssh-dss') ->
-     "ssh-dss".
 
-decode_keyboard_interactive_prompts(NumPrompts, Data) ->
-    Types = lists:append(lists:duplicate(NumPrompts, [string, boolean])),
-    pairwise_tuplify(ssh_bits:decode(Data, Types)).
 
-pairwise_tuplify([E1, E2 | Rest]) -> [{E1, E2} | pairwise_tuplify(Rest)];
-pairwise_tuplify([])              -> [].
-    
+decode_keyboard_interactive_prompts(_NumPrompts, Data) ->
+    ssh_message:decode_keyboard_interactive_prompts(Data, []).
 
 keyboard_interact_get_responses(IoCb, Opts, Name, Instr, PromptInfos) ->
     NumPrompts = length(PromptInfos),
-    case proplists:get_value(keyboard_interact_fun, Opts) of
-	undefined when NumPrompts == 1 ->
-	    %% Special case/fallback for just one prompt
-	    %% (assumed to be the password prompt)
-	    case proplists:get_value(password, Opts) of
-		undefined -> keyboard_interact(IoCb, Name, Instr, PromptInfos, Opts);
-		PW        -> [PW]
-	    end;
-	undefined ->
-	    keyboard_interact(IoCb, Name, Instr, PromptInfos, Opts);
-	KbdInteractFun ->
-	    Prompts = lists:map(fun({Prompt, _Echo}) -> Prompt end,
-				PromptInfos),
-	    case KbdInteractFun(Name, Instr, Prompts) of
-		Rs when length(Rs) == NumPrompts ->
-		    Rs;
-		Rs ->
-		    erlang:error({mismatching_number_of_responses,
-				  {got,Rs},
-				  {expected,NumPrompts}})
-	    end
-    end.
+    keyboard_interact_get_responses(proplists:get_value(user_interaction, Opts, true),
+				    proplists:get_value(keyboard_interact_fun, Opts),
+				    proplists:get_value(password, Opts, undefined), IoCb, Name,
+				    Instr, PromptInfos, Opts, NumPrompts).
+
+keyboard_interact_get_responses(_, undefined, Password, _, _, _, _, _,
+				1) when Password =/= undefined ->
+    [Password]; %% Password auth implemented with keyboard-interaction and passwd is known
+keyboard_interact_get_responses(_, _, _, _, _, _, _, _, 0)  ->
+    [];
+keyboard_interact_get_responses(false, undefined, undefined, _, _, _, [Prompt|_], Opts, _) ->
+    ssh_no_io:read_line(Prompt, Opts); %% Throws error as keyboard interaction is not allowed
+keyboard_interact_get_responses(true, undefined, _,IoCb, Name, Instr, PromptInfos, Opts, _) ->
+    keyboard_interact(IoCb, Name, Instr, PromptInfos, Opts);
+keyboard_interact_get_responses(true, Fun, _Pwd, _IoCb, Name, Instr, PromptInfos, _Opts, NumPrompts) ->
+    keyboard_interact_fun(Fun, Name, Instr, PromptInfos, NumPrompts).
 
 keyboard_interact(IoCb, Name, Instr, Prompts, Opts) ->
-    if Name /= "" -> IoCb:format("~s", [Name]);
+    if Name /= "" -> IoCb:format("~s~n", [Name]);
        true       -> ok
     end,
-    if Instr /= "" -> IoCb:format("~s", [Instr]);
+    if Instr /= "" -> IoCb:format("~s~n", [Instr]);
        true        -> ok
     end,
     lists:map(fun({Prompt, true})  -> IoCb:read_line(Prompt, Opts);
@@ -431,54 +497,33 @@ keyboard_interact(IoCb, Name, Instr, Prompts, Opts) ->
 	      end,
 	      Prompts).
 
-userauth_passwd_messages() ->
-    [ 
-      {ssh_msg_userauth_passwd_changereq, ?SSH_MSG_USERAUTH_PASSWD_CHANGEREQ,
-       [string, 
-	string]}
-     ].
-
-userauth_keyboard_interactive_messages() ->
-    [ {ssh_msg_userauth_info_request, ?SSH_MSG_USERAUTH_INFO_REQUEST,
-       [string, 
-	string,
-	string,
-	uint32,
-	'...']},
-
-      {ssh_msg_userauth_info_response, ?SSH_MSG_USERAUTH_INFO_RESPONSE,
-       [uint32, 
-	'...']}
-     ].
-
-userauth_pk_messages() ->
-    [ {ssh_msg_userauth_pk_ok, ?SSH_MSG_USERAUTH_PK_OK,
-       [string, % algorithm name
-	binary]} % key blob
-     ].
-
-other_alg('ssh-rsa') ->
-    'ssh-dss';
-other_alg('ssh-dss') ->
-    'ssh-rsa'.
-decode_public_key_v2(K_S, "ssh-rsa") ->
-    case ssh_bits:decode(K_S,[string,mpint,mpint]) of
-	["ssh-rsa", E, N] ->
-	    {ok, #'RSAPublicKey'{publicExponent = E, modulus = N}};
-	_ ->
-	    {error, bad_format}
-    end;
-decode_public_key_v2(K_S, "ssh-dss") ->
-     case ssh_bits:decode(K_S,[string,mpint,mpint,mpint,mpint]) of
-	 ["ssh-dss",P,Q,G,Y] ->
-	     {ok, {Y, #'Dss-Parms'{p = P, q = Q, g = G}}};
-	 _ ->
-	     {error, bad_format}
-     end;
-decode_public_key_v2(_, _) ->
-    {error, bad_format}.
-
-encode_public_key(#'RSAPrivateKey'{publicExponent = E, modulus = N}) ->
-    ssh_bits:encode(["ssh-rsa",E,N], [string,mpint,mpint]);
-encode_public_key(#'DSAPrivateKey'{p = P, q = Q, g = G, y = Y}) ->
-    ssh_bits:encode(["ssh-dss",P,Q,G,Y], [string,mpint,mpint,mpint,mpint]).
+keyboard_interact_fun(KbdInteractFun, Name, Instr,  PromptInfos, NumPrompts) ->
+    Prompts = lists:map(fun({Prompt, _Echo}) -> Prompt end,
+			PromptInfos),
+    case KbdInteractFun(Name, Instr, Prompts) of
+	Rs when length(Rs) == NumPrompts ->
+	    Rs;
+	Rs ->
+	    throw({mismatching_number_of_responses,
+		   {got,Rs},
+		   {expected, NumPrompts},
+		   #ssh_msg_disconnect{code = ?SSH_DISCONNECT_SERVICE_NOT_AVAILABLE,
+				       description = "User interaction failed",
+				       language = "en"}})
+    end.
+
+decode_public_key_v2(Bin, _Type) ->
+    try 
+	public_key:ssh_decode(Bin, ssh2_pubkey)
+    of
+	Key -> {ok, Key}
+    catch
+	_:_ -> {error, bad_format}
+    end.
+
+encode_public_key(_Alg, Key) ->
+    try
+	public_key:ssh_encode(Key, ssh2_pubkey)
+    catch
+	_:_ -> not_ok
+    end.