rugged 1.3.1 → 1.6.2

data/vendor/libgit2/src/{transports → libgit2/transports}/ssh.c

@@ -12,12 +12,11 @@
 #endif
 
 #include "runtime.h"
-#include "git2.h"
-#include "buffer.h"
 #include "net.h"
 #include "netops.h"
 #include "smart.h"
 #include "streams/socket.h"
+#include "sysdir.h"
 
 #include "git2/credential.h"
 #include "git2/sys/credential.h"
@@ -26,8 +25,6 @@
 
 #define OWNING_SUBTRANSPORT(s) ((ssh_subtransport *)(s)->parent.subtransport)
 
-static const char *ssh_prefixes[] = { "ssh://", "ssh+git://", "git+ssh://" };
-
 static const char cmd_uploadpack[] = "git-upload-pack";
 static const char cmd_receivepack[] = "git-receive-pack";
 
@@ -37,7 +34,7 @@ typedef struct {
 	LIBSSH2_SESSION *session;
 	LIBSSH2_CHANNEL *channel;
 	const char *cmd;
-	char *url;
+	git_net_url url;
 	unsigned sent_command : 1;
 } ssh_stream;
 
@@ -65,42 +62,26 @@ static void ssh_error(LIBSSH2_SESSION *session, const char *errmsg)
  *
  * For example: git-upload-pack '/libgit2/libgit2'
  */
-static int gen_proto(git_buf *request, const char *cmd, const char *url)
+static int gen_proto(git_str *request, const char *cmd, git_net_url *url)
 {
 	const char *repo;
-	int len;
-	size_t i;
-
-	for (i = 0; i < ARRAY_SIZE(ssh_prefixes); ++i) {
-		const char *p = ssh_prefixes[i];
 
-		if (!git__prefixcmp(url, p)) {
-			url = url + strlen(p);
-			repo = strchr(url, '/');
-			if (repo && repo[1] == '~')
-				++repo;
+	repo = url->path;
 
-			goto done;
-		}
-	}
-	repo = strchr(url, ':');
-	if (repo) repo++;
+	if (repo && repo[0] == '/' && repo[1] == '~')
+		repo++;
 
-done:
-	if (!repo) {
+	if (!repo || !repo[0]) {
 		git_error_set(GIT_ERROR_NET, "malformed git protocol URL");
 		return -1;
 	}
 
-	len = strlen(cmd) + 1 /* Space */ + 1 /* Quote */ + strlen(repo) + 1 /* Quote */ + 1;
+	git_str_puts(request, cmd);
+	git_str_puts(request, " '");
+	git_str_puts(request, repo);
+	git_str_puts(request, "'");
 
-	git_buf_grow(request, len);
-	git_buf_puts(request, cmd);
-	git_buf_puts(request, " '");
-	git_buf_decode_percent(request, repo, strlen(repo));
-	git_buf_puts(request, "'");
-
-	if (git_buf_oom(request))
+	if (git_str_oom(request))
 		return -1;
 
 	return 0;
@@ -109,9 +90,9 @@ done:
 static int send_command(ssh_stream *s)
 {
 	int error;
-	git_buf request = GIT_BUF_INIT;
+	git_str request = GIT_STR_INIT;
 
-	error = gen_proto(&request, s->cmd, s->url);
+	error = gen_proto(&request, s->cmd, &s->url);
 	if (error < 0)
 		goto cleanup;
 
@@ -124,7 +105,7 @@ static int send_command(ssh_stream *s)
 	s->sent_command = 1;
 
 cleanup:
-	git_buf_dispose(&request);
+	git_str_dispose(&request);
 	return error;
 }
 
@@ -226,13 +207,12 @@ static void ssh_stream_free(git_smart_subtransport_stream *stream)
 		s->io = NULL;
 	}
 
-	git__free(s->url);
+	git_net_url_dispose(&s->url);
 	git__free(s);
 }
 
 static int ssh_stream_alloc(
 	ssh_subtransport *t,
-	const char *url,
 	const char *cmd,
 	git_smart_subtransport_stream **stream)
 {
@@ -250,47 +230,10 @@ static int ssh_stream_alloc(
 
 	s->cmd = cmd;
 
-	s->url = git__strdup(url);
-	if (!s->url) {
-		git__free(s);
-		return -1;
-	}
-
 	*stream = &s->parent;
 	return 0;
 }
 
-static int git_ssh_extract_url_parts(
-	git_net_url *urldata,
-	const char *url)
-{
-	char *colon, *at;
-	const char *start;
-
-	colon = strchr(url, ':');
-
-
-	at = strchr(url, '@');
-	if (at) {
-		start = at + 1;
-		urldata->username = git__substrdup(url, at - url);
-		GIT_ERROR_CHECK_ALLOC(urldata->username);
-	} else {
-		start = url;
-		urldata->username = NULL;
-	}
-
-	if (colon == NULL || (colon < start)) {
-		git_error_set(GIT_ERROR_NET, "malformed URL");
-		return -1;
-	}
-
-	urldata->host = git__substrdup(start, colon - start);
-	GIT_ERROR_CHECK_ALLOC(urldata->host);
-
-	return 0;
-}
-
 static int ssh_agent_auth(LIBSSH2_SESSION *session, git_credential_ssh_key *c) {
 	int rc = LIBSSH2_ERROR_NONE;
 
@@ -303,8 +246,10 @@ static int ssh_agent_auth(LIBSSH2_SESSION *session, git_credential_ssh_key *c) {
 
 	rc = libssh2_agent_connect(agent);
 
-	if (rc != LIBSSH2_ERROR_NONE)
+	if (rc != LIBSSH2_ERROR_NONE) {
+		rc = LIBSSH2_ERROR_AUTHENTICATION_FAILED;
 		goto shutdown;
+	}
 
 	rc = libssh2_agent_list_identities(agent);
 
@@ -443,11 +388,15 @@ static int request_creds(git_credential **out, ssh_subtransport *t, const char *
 	int error, no_callback = 0;
 	git_credential *cred = NULL;
 
-	if (!t->owner->cred_acquire_cb) {
+	if (!t->owner->connect_opts.callbacks.credentials) {
 		no_callback = 1;
 	} else {
-		error = t->owner->cred_acquire_cb(&cred, t->owner->url, user, auth_methods,
-						  t->owner->cred_acquire_payload);
+		error = t->owner->connect_opts.callbacks.credentials(
+			&cred,
+			t->owner->url,
+			user,
+			auth_methods,
+			t->owner->connect_opts.callbacks.payload);
 
 		if (error == GIT_PASSTHROUGH) {
 			no_callback = 1;
@@ -475,15 +424,116 @@ static int request_creds(git_credential **out, ssh_subtransport *t, const char *
 	return 0;
 }
 
+#define SSH_DIR          ".ssh"
+#define KNOWN_HOSTS_FILE "known_hosts"
+
+/*
+ * Load the known_hosts file.
+ *
+ * Returns success but leaves the output NULL if we couldn't find the file.
+ */
+static int load_known_hosts(LIBSSH2_KNOWNHOSTS **hosts, LIBSSH2_SESSION *session)
+{
+	git_str path = GIT_STR_INIT, sshdir = GIT_STR_INIT;
+	LIBSSH2_KNOWNHOSTS *known_hosts = NULL;
+	int error;
+
+	GIT_ASSERT_ARG(hosts);
+
+	if ((error = git_sysdir_expand_homedir_file(&sshdir, SSH_DIR)) < 0 ||
+	    (error = git_str_joinpath(&path, git_str_cstr(&sshdir), KNOWN_HOSTS_FILE)) < 0)
+		goto out;
+
+	if ((known_hosts = libssh2_knownhost_init(session)) == NULL) {
+		ssh_error(session, "error initializing known hosts");
+		error = -1;
+		goto out;
+	}
+
+	/*
+	 * Try to read the file and consider not finding it as not trusting the
+	 * host rather than an error.
+	 */
+	error = libssh2_knownhost_readfile(known_hosts, git_str_cstr(&path), LIBSSH2_KNOWNHOST_FILE_OPENSSH);
+	if (error == LIBSSH2_ERROR_FILE)
+		error = 0;
+	if (error < 0)
+		ssh_error(session, "error reading known_hosts");
+
+out:
+	*hosts = known_hosts;
+
+	git_str_dispose(&sshdir);
+	git_str_dispose(&path);
+
+	return error;
+}
+
+static void add_hostkey_pref_if_avail(
+	LIBSSH2_KNOWNHOSTS *known_hosts,
+	const char *hostname,
+	int port,
+	git_str *prefs,
+	int type,
+	const char *type_name)
+{
+	struct libssh2_knownhost *host = NULL;
+	const char key = '\0';
+	int mask = LIBSSH2_KNOWNHOST_TYPE_PLAIN | LIBSSH2_KNOWNHOST_KEYENC_RAW | type;
+	int error;
+
+	error = libssh2_knownhost_checkp(known_hosts, hostname, port, &key, 1, mask, &host);
+	if (error == LIBSSH2_KNOWNHOST_CHECK_MISMATCH) {
+		if (git_str_len(prefs) > 0) {
+			git_str_putc(prefs, ',');
+		}
+		git_str_puts(prefs, type_name);
+	}
+}
+
+/*
+ * We figure out what kind of key we want to ask the remote for by trying to
+ * look it up with a nonsense key and using that mismatch to figure out what key
+ * we do have stored for the host.
+ *
+ * Populates prefs with the string to pass to libssh2_session_method_pref.
+ */
+static void find_hostkey_preference(
+	LIBSSH2_KNOWNHOSTS *known_hosts,
+	const char *hostname,
+	int port,
+	git_str *prefs)
+{
+	/*
+	 * The order here is important as it indicates the priority of what will
+	 * be preferred.
+	 */
+#ifdef LIBSSH2_KNOWNHOST_KEY_ED25519
+	add_hostkey_pref_if_avail(known_hosts, hostname, port, prefs, LIBSSH2_KNOWNHOST_KEY_ED25519, "ssh-ed25519");
+#endif
+#ifdef LIBSSH2_KNOWNHOST_KEY_ECDSA_256
+	add_hostkey_pref_if_avail(known_hosts, hostname, port, prefs, LIBSSH2_KNOWNHOST_KEY_ECDSA_256, "ecdsa-sha2-nistp256");
+	add_hostkey_pref_if_avail(known_hosts, hostname, port, prefs, LIBSSH2_KNOWNHOST_KEY_ECDSA_384, "ecdsa-sha2-nistp384");
+	add_hostkey_pref_if_avail(known_hosts, hostname, port, prefs, LIBSSH2_KNOWNHOST_KEY_ECDSA_521, "ecdsa-sha2-nistp521");
+#endif
+	add_hostkey_pref_if_avail(known_hosts, hostname, port, prefs, LIBSSH2_KNOWNHOST_KEY_SSHRSA, "ssh-rsa");
+}
+
 static int _git_ssh_session_create(
 	LIBSSH2_SESSION **session,
+	LIBSSH2_KNOWNHOSTS **hosts,
+	const char *hostname,
+	int port,
 	git_stream *io)
 {
-	int rc = 0;
-	LIBSSH2_SESSION *s;
 	git_socket_stream *socket = GIT_CONTAINER_OF(io, git_socket_stream, parent);
+	LIBSSH2_SESSION *s;
+	LIBSSH2_KNOWNHOSTS *known_hosts;
+	git_str prefs = GIT_STR_INIT;
+	int rc = 0;
 
 	GIT_ASSERT_ARG(session);
+	GIT_ASSERT_ARG(hosts);
 
 	s = libssh2_session_init();
 	if (!s) {
@@ -491,175 +541,292 @@ static int _git_ssh_session_create(
 		return -1;
 	}
 
+	if ((rc = load_known_hosts(&known_hosts, s)) < 0) {
+		ssh_error(s, "error loading known_hosts");
+		libssh2_session_free(s);
+		return -1;
+	}
+
+	find_hostkey_preference(known_hosts, hostname, port, &prefs);
+	if (git_str_len(&prefs) > 0) {
+		do {
+			rc = libssh2_session_method_pref(s, LIBSSH2_METHOD_HOSTKEY, git_str_cstr(&prefs));
+		} while (LIBSSH2_ERROR_EAGAIN == rc || LIBSSH2_ERROR_TIMEOUT == rc);
+		if (rc != LIBSSH2_ERROR_NONE) {
+			ssh_error(s, "failed to set hostkey preference");
+			goto on_error;
+		}
+	}
+	git_str_dispose(&prefs);
+
 	do {
 		rc = libssh2_session_handshake(s, socket->s);
 	} while (LIBSSH2_ERROR_EAGAIN == rc || LIBSSH2_ERROR_TIMEOUT == rc);
 
 	if (rc != LIBSSH2_ERROR_NONE) {
 		ssh_error(s, "failed to start SSH session");
-		libssh2_session_free(s);
-		return -1;
+		goto on_error;
 	}
 
 	libssh2_session_set_blocking(s, 1);
 
 	*session = s;
+	*hosts = known_hosts;
 
 	return 0;
+
+on_error:
+	libssh2_knownhost_free(known_hosts);
+	libssh2_session_free(s);
+	return -1;
 }
 
-#define SSH_DEFAULT_PORT "22"
 
-static int _git_ssh_setup_conn(
-	ssh_subtransport *t,
-	const char *url,
-	const char *cmd,
-	git_smart_subtransport_stream **stream)
+/*
+ * Returns the typemask argument to pass to libssh2_knownhost_check{,p} based on
+ * the type of key that libssh2_session_hostkey returns.
+ */
+static int fingerprint_type_mask(int keytype)
 {
-	git_net_url urldata = GIT_NET_URL_INIT;
-	int auth_methods, error = 0;
-	size_t i;
-	ssh_stream *s;
-	git_credential *cred = NULL;
-	LIBSSH2_SESSION *session=NULL;
-	LIBSSH2_CHANNEL *channel=NULL;
+	int mask = LIBSSH2_KNOWNHOST_TYPE_PLAIN | LIBSSH2_KNOWNHOST_KEYENC_RAW;
+	return mask;
+
+	switch (keytype) {
+	case LIBSSH2_HOSTKEY_TYPE_RSA:
+		mask |= LIBSSH2_KNOWNHOST_KEY_SSHRSA;
+		break;
+	case LIBSSH2_HOSTKEY_TYPE_DSS:
+		mask |= LIBSSH2_KNOWNHOST_KEY_SSHDSS;
+		break;
+#ifdef LIBSSH2_HOSTKEY_TYPE_ECDSA_256
+	case LIBSSH2_HOSTKEY_TYPE_ECDSA_256:
+		mask |= LIBSSH2_KNOWNHOST_KEY_ECDSA_256;
+		break;
+	case LIBSSH2_HOSTKEY_TYPE_ECDSA_384:
+		mask |= LIBSSH2_KNOWNHOST_KEY_ECDSA_384;
+		break;
+	case LIBSSH2_HOSTKEY_TYPE_ECDSA_521:
+		mask |= LIBSSH2_KNOWNHOST_KEY_ECDSA_521;
+		break;
+#endif
+#ifdef LIBSSH2_HOSTKEY_TYPE_ED25519
+	case LIBSSH2_HOSTKEY_TYPE_ED25519:
+		mask |= LIBSSH2_KNOWNHOST_KEY_ED25519;
+		break;
+#endif
+	}
 
-	t->current_stream = NULL;
+	return mask;
+}
 
-	*stream = NULL;
-	if (ssh_stream_alloc(t, url, cmd, stream) < 0)
-		return -1;
+/*
+ * Check the host against the user's known_hosts file.
+ *
+ * Returns 1/0 for valid/''not-valid or <0 for an error
+ */
+static int check_against_known_hosts(
+	LIBSSH2_SESSION *session,
+	LIBSSH2_KNOWNHOSTS *known_hosts,
+	const char *hostname,
+	int port,
+	const char *key,
+	size_t key_len,
+	int key_type)
+{
+	int check, typemask, ret = 0;
+	struct libssh2_knownhost *host = NULL;
 
-	s = (ssh_stream *)*stream;
-	s->session = NULL;
-	s->channel = NULL;
+	if (known_hosts == NULL)
+		return 0;
 
-	for (i = 0; i < ARRAY_SIZE(ssh_prefixes); ++i) {
-		const char *p = ssh_prefixes[i];
+	typemask = fingerprint_type_mask(key_type);
+	check = libssh2_knownhost_checkp(known_hosts, hostname, port, key, key_len, typemask, &host);
+	if (check == LIBSSH2_KNOWNHOST_CHECK_FAILURE) {
+		ssh_error(session, "error checking for known host");
+		return -1;
+	}
 
-		if (!git__prefixcmp(url, p)) {
-			if ((error = git_net_url_parse(&urldata, url)) < 0)
-				goto done;
+	ret = check == LIBSSH2_KNOWNHOST_CHECK_MATCH ? 1 : 0;
 
-			goto post_extract;
-		}
-	}
-	if ((error = git_ssh_extract_url_parts(&urldata, url)) < 0)
-		goto done;
+	return ret;
+}
 
-	if (urldata.port == NULL)
-		urldata.port = git__strdup(SSH_DEFAULT_PORT);
+/*
+ * Perform the check for the session's certificate against known hosts if
+ * possible and then ask the user if they have a callback.
+ *
+ * Returns 1/0 for valid/not-valid or <0 for an error
+ */
+static int check_certificate(
+	LIBSSH2_SESSION *session,
+	LIBSSH2_KNOWNHOSTS *known_hosts,
+	git_transport_certificate_check_cb check_cb,
+	void *check_cb_payload,
+	const char *host,
+	int port)
+{
+	git_cert_hostkey cert = {{ 0 }};
+	const char *key;
+	size_t cert_len;
+	int cert_type, cert_valid = 0, error = 0;
 
-	GIT_ERROR_CHECK_ALLOC(urldata.port);
+	if ((key = libssh2_session_hostkey(session, &cert_len, &cert_type)) == NULL) {
+		ssh_error(session, "failed to retrieve hostkey");
+		return -1;
+	}
 
-post_extract:
-	if ((error = git_socket_stream_new(&s->io, urldata.host, urldata.port)) < 0 ||
-	    (error = git_stream_connect(s->io)) < 0)
-		goto done;
+	if ((cert_valid = check_against_known_hosts(session, known_hosts, host, port, key, cert_len, cert_type)) < 0)
+		return -1;
 
-	if ((error = _git_ssh_session_create(&session, s->io)) < 0)
-		goto done;
+	cert.parent.cert_type = GIT_CERT_HOSTKEY_LIBSSH2;
+	if (key != NULL) {
+		cert.type |= GIT_CERT_SSH_RAW;
+		cert.hostkey = key;
+		cert.hostkey_len = cert_len;
+		switch (cert_type) {
+		case LIBSSH2_HOSTKEY_TYPE_RSA:
+			cert.raw_type = GIT_CERT_SSH_RAW_TYPE_RSA;
+			break;
+		case LIBSSH2_HOSTKEY_TYPE_DSS:
+			cert.raw_type = GIT_CERT_SSH_RAW_TYPE_DSS;
+			break;
 
-	if (t->owner->certificate_check_cb != NULL) {
-		git_cert_hostkey cert = {{ 0 }}, *cert_ptr;
-		const char *key;
-		size_t cert_len;
-		int cert_type;
-
-		cert.parent.cert_type = GIT_CERT_HOSTKEY_LIBSSH2;
-
-		key = libssh2_session_hostkey(session, &cert_len, &cert_type);
-		if (key != NULL) {
-			cert.type |= GIT_CERT_SSH_RAW;
-			cert.hostkey = key;
-			cert.hostkey_len = cert_len;
-			switch (cert_type) {
-				case LIBSSH2_HOSTKEY_TYPE_RSA:
-					cert.raw_type = GIT_CERT_SSH_RAW_TYPE_RSA;
-					break;
-				case LIBSSH2_HOSTKEY_TYPE_DSS:
-					cert.raw_type = GIT_CERT_SSH_RAW_TYPE_DSS;
-					break;
-					
 #ifdef LIBSSH2_HOSTKEY_TYPE_ECDSA_256
-				case LIBSSH2_HOSTKEY_TYPE_ECDSA_256:
-					cert.raw_type = GIT_CERT_SSH_RAW_TYPE_KEY_ECDSA_256;
-					break;
-				case LIBSSH2_HOSTKEY_TYPE_ECDSA_384:
-					cert.raw_type = GIT_CERT_SSH_RAW_TYPE_KEY_ECDSA_384;
-					break;
-				case LIBSSH2_KNOWNHOST_KEY_ECDSA_521:
-					cert.raw_type = GIT_CERT_SSH_RAW_TYPE_KEY_ECDSA_521;
-					break;
+		case LIBSSH2_HOSTKEY_TYPE_ECDSA_256:
+			cert.raw_type = GIT_CERT_SSH_RAW_TYPE_KEY_ECDSA_256;
+			break;
+		case LIBSSH2_HOSTKEY_TYPE_ECDSA_384:
+			cert.raw_type = GIT_CERT_SSH_RAW_TYPE_KEY_ECDSA_384;
+			break;
+		case LIBSSH2_KNOWNHOST_KEY_ECDSA_521:
+			cert.raw_type = GIT_CERT_SSH_RAW_TYPE_KEY_ECDSA_521;
+			break;
 #endif
-					
+
 #ifdef LIBSSH2_HOSTKEY_TYPE_ED25519
-				case LIBSSH2_HOSTKEY_TYPE_ED25519:
-					cert.raw_type = GIT_CERT_SSH_RAW_TYPE_KEY_ED25519;
-					break;
+		case LIBSSH2_HOSTKEY_TYPE_ED25519:
+			cert.raw_type = GIT_CERT_SSH_RAW_TYPE_KEY_ED25519;
+			break;
 #endif
-				default:
-					cert.raw_type = GIT_CERT_SSH_RAW_TYPE_UNKNOWN;
-			}
+		default:
+			cert.raw_type = GIT_CERT_SSH_RAW_TYPE_UNKNOWN;
 		}
+	}
 
 #ifdef LIBSSH2_HOSTKEY_HASH_SHA256
-		key = libssh2_hostkey_hash(session, LIBSSH2_HOSTKEY_HASH_SHA256);
-		if (key != NULL) {
-			cert.type |= GIT_CERT_SSH_SHA256;
-			memcpy(&cert.hash_sha256, key, 32);
-		}
+	key = libssh2_hostkey_hash(session, LIBSSH2_HOSTKEY_HASH_SHA256);
+	if (key != NULL) {
+		cert.type |= GIT_CERT_SSH_SHA256;
+		memcpy(&cert.hash_sha256, key, 32);
+	}
 #endif
 
-		key = libssh2_hostkey_hash(session, LIBSSH2_HOSTKEY_HASH_SHA1);
-		if (key != NULL) {
-			cert.type |= GIT_CERT_SSH_SHA1;
-			memcpy(&cert.hash_sha1, key, 20);
-		}
+	key = libssh2_hostkey_hash(session, LIBSSH2_HOSTKEY_HASH_SHA1);
+	if (key != NULL) {
+		cert.type |= GIT_CERT_SSH_SHA1;
+		memcpy(&cert.hash_sha1, key, 20);
+	}
 
-		key = libssh2_hostkey_hash(session, LIBSSH2_HOSTKEY_HASH_MD5);
-		if (key != NULL) {
-			cert.type |= GIT_CERT_SSH_MD5;
-			memcpy(&cert.hash_md5, key, 16);
-		}
+	key = libssh2_hostkey_hash(session, LIBSSH2_HOSTKEY_HASH_MD5);
+	if (key != NULL) {
+		cert.type |= GIT_CERT_SSH_MD5;
+		memcpy(&cert.hash_md5, key, 16);
+	}
 
-		if (cert.type == 0) {
-			git_error_set(GIT_ERROR_SSH, "unable to get the host key");
-			error = -1;
-			goto done;
+	if (cert.type == 0) {
+		git_error_set(GIT_ERROR_SSH, "unable to get the host key");
+		return -1;
+	}
+
+	git_error_clear();
+	error = 0;
+	if (!cert_valid) {
+		git_error_set(GIT_ERROR_SSH, "invalid or unknown remote ssh hostkey");
+		error = GIT_ECERTIFICATE;
+	}
+
+	if (check_cb != NULL) {
+		git_cert_hostkey *cert_ptr = &cert;
+		git_error_state previous_error = {0};
+
+		git_error_state_capture(&previous_error, error);
+		error = check_cb((git_cert *) cert_ptr, cert_valid, host, check_cb_payload);
+		if (error == GIT_PASSTHROUGH) {
+			error = git_error_state_restore(&previous_error);
+		} else if (error < 0 && !git_error_last()) {
+			git_error_set(GIT_ERROR_NET, "unknown remote host key");
 		}
 
-		/* We don't currently trust any hostkeys */
-		git_error_clear();
+		git_error_state_free(&previous_error);
+	}
 
-		cert_ptr = &cert;
+	return error;
+}
 
-		error = t->owner->certificate_check_cb((git_cert *) cert_ptr, 0, urldata.host, t->owner->message_cb_payload);
+#define SSH_DEFAULT_PORT "22"
 
-		if (error < 0 && error != GIT_PASSTHROUGH) {
-			if (!git_error_last())
-				git_error_set(GIT_ERROR_NET, "user cancelled hostkey check");
+static int _git_ssh_setup_conn(
+	ssh_subtransport *t,
+	const char *url,
+	const char *cmd,
+	git_smart_subtransport_stream **stream)
+{
+	int auth_methods, error = 0, port;
+	ssh_stream *s;
+	git_credential *cred = NULL;
+	LIBSSH2_SESSION *session=NULL;
+	LIBSSH2_CHANNEL *channel=NULL;
+	LIBSSH2_KNOWNHOSTS *known_hosts = NULL;
 
-			goto done;
-		}
+	t->current_stream = NULL;
+
+	*stream = NULL;
+	if (ssh_stream_alloc(t, cmd, stream) < 0)
+		return -1;
+
+	s = (ssh_stream *)*stream;
+	s->session = NULL;
+	s->channel = NULL;
+
+	if ((error = git_net_url_parse_standard_or_scp(&s->url, url)) < 0 ||
+	    (error = git_socket_stream_new(&s->io, s->url.host, s->url.port)) < 0 ||
+	    (error = git_stream_connect(s->io)) < 0)
+		goto done;
+
+	/*
+	 * Try to parse the port as a number, if we can't then fall back to
+	 * default. It would be nice if we could get the port that was resolved
+	 * as part of the stream connection, but that's not something that's
+	 * exposed.
+	 */
+	if (git__strntol32(&port, s->url.port, strlen(s->url.port), NULL, 10) < 0) {
+		git_error_set(GIT_ERROR_NET, "invalid port to ssh: %s", s->url.port);
+		error = -1;
+		goto done;
 	}
 
+	if ((error = _git_ssh_session_create(&session, &known_hosts, s->url.host, port, s->io)) < 0)
+		goto done;
+
+	if ((error = check_certificate(session, known_hosts, t->owner->connect_opts.callbacks.certificate_check, t->owner->connect_opts.callbacks.payload, s->url.host, port)) < 0)
+		goto done;
+
 	/* we need the username to ask for auth methods */
-	if (!urldata.username) {
+	if (!s->url.username) {
 		if ((error = request_creds(&cred, t, NULL, GIT_CREDENTIAL_USERNAME)) < 0)
 			goto done;
 
-		urldata.username = git__strdup(((git_credential_username *) cred)->username);
+		s->url.username = git__strdup(((git_credential_username *) cred)->username);
 		cred->free(cred);
 		cred = NULL;
-		if (!urldata.username)
+		if (!s->url.username)
 			goto done;
-	} else if (urldata.username && urldata.password) {
-		if ((error = git_credential_userpass_plaintext_new(&cred, urldata.username, urldata.password)) < 0)
+	} else if (s->url.username && s->url.password) {
+		if ((error = git_credential_userpass_plaintext_new(&cred, s->url.username, s->url.password)) < 0)
 			goto done;
 	}
 
-	if ((error = list_auth_methods(&auth_methods, session, urldata.username)) < 0)
+	if ((error = list_auth_methods(&auth_methods, session, s->url.username)) < 0)
 		goto done;
 
 	error = GIT_EAUTH;
@@ -673,10 +840,10 @@ post_extract:
 			cred = NULL;
 		}
 
-		if ((error = request_creds(&cred, t, urldata.username, auth_methods)) < 0)
+		if ((error = request_creds(&cred, t, s->url.username, auth_methods)) < 0)
 			goto done;
 
-		if (strcmp(urldata.username, git_credential_get_username(cred))) {
+		if (strcmp(s->url.username, git_credential_get_username(cred))) {
 			git_error_set(GIT_ERROR_SSH, "username does not match previous request");
 			error = -1;
 			goto done;
@@ -686,7 +853,7 @@ post_extract:
 
 		if (error == GIT_EAUTH) {
 			/* refresh auth methods */
-			if ((error = list_auth_methods(&auth_methods, session, urldata.username)) < 0)
+			if ((error = list_auth_methods(&auth_methods, session, s->url.username)) < 0)
 				goto done;
 			else
 				error = GIT_EAUTH;
@@ -714,6 +881,8 @@ done:
 	if (error < 0) {
 		ssh_stream_free(*stream);
 
+		if (known_hosts)
+			libssh2_knownhost_free(known_hosts);
 		if (session)
 			libssh2_session_free(session);
 	}
@@ -721,8 +890,6 @@ done:
 	if (cred)
 		cred->free(cred);
 
-	git_net_url_dispose(&urldata);
-
 	return error;
 }
 
@@ -839,7 +1006,7 @@ static int list_auth_methods(int *out, LIBSSH2_SESSION *session, const char *use
 
 	/* either error, or the remote accepts NONE auth, which is bizarre, let's punt */
 	if (list == NULL && !libssh2_userauth_authenticated(session)) {
-		ssh_error(session, "Failed to retrieve list of SSH authentication methods");
+		ssh_error(session, "remote rejected authentication");
 		return GIT_EAUTH;
 	}
 
@@ -870,7 +1037,7 @@ static int list_auth_methods(int *out, LIBSSH2_SESSION *session, const char *use
 			continue;
 		}
 
-		/* Skipt it if we don't know it */
+		/* Skip it if we don't know it */
 		ptr = strchr(ptr, ',');
 	}