rugged 1.7.2 → 1.9.0

data/vendor/libgit2/src/libgit2/transports/ssh.c

@@ -5,1090 +5,67 @@
  * a Linking Exception. For full terms see the included COPYING file.
  */
 
-#include "ssh.h"
+#include "ssh_exec.h"
+#include "ssh_libssh2.h"
 
-#ifdef GIT_SSH
-#include <libssh2.h>
-#endif
-
-#include "runtime.h"
-#include "net.h"
-#include "smart.h"
-#include "streams/socket.h"
-#include "sysdir.h"
-
-#include "git2/credential.h"
-#include "git2/sys/credential.h"
-
-#ifdef GIT_SSH
-
-#define OWNING_SUBTRANSPORT(s) ((ssh_subtransport *)(s)->parent.subtransport)
-
-static const char cmd_uploadpack[] = "git-upload-pack";
-static const char cmd_receivepack[] = "git-receive-pack";
-
-typedef struct {
-	git_smart_subtransport_stream parent;
-	git_stream *io;
-	LIBSSH2_SESSION *session;
-	LIBSSH2_CHANNEL *channel;
-	const char *cmd;
-	git_net_url url;
-	unsigned sent_command : 1;
-} ssh_stream;
-
-typedef struct {
-	git_smart_subtransport parent;
-	transport_smart *owner;
-	ssh_stream *current_stream;
-	git_credential *cred;
-	char *cmd_uploadpack;
-	char *cmd_receivepack;
-} ssh_subtransport;
-
-static int list_auth_methods(int *out, LIBSSH2_SESSION *session, const char *username);
-
-static void ssh_error(LIBSSH2_SESSION *session, const char *errmsg)
-{
-	char *ssherr;
-	libssh2_session_last_error(session, &ssherr, NULL, 0);
-
-	git_error_set(GIT_ERROR_SSH, "%s: %s", errmsg, ssherr);
-}
-
-/*
- * Create a git protocol request.
- *
- * For example: git-upload-pack '/libgit2/libgit2'
- */
-static int gen_proto(git_str *request, const char *cmd, git_net_url *url)
-{
-	const char *repo;
-
-	repo = url->path;
-
-	if (repo && repo[0] == '/' && repo[1] == '~')
-		repo++;
-
-	if (!repo || !repo[0]) {
-		git_error_set(GIT_ERROR_NET, "malformed git protocol URL");
-		return -1;
-	}
-
-	git_str_puts(request, cmd);
-	git_str_puts(request, " '");
-	git_str_puts(request, repo);
-	git_str_puts(request, "'");
-
-	if (git_str_oom(request))
-		return -1;
-
-	return 0;
-}
-
-static int send_command(ssh_stream *s)
-{
-	int error;
-	git_str request = GIT_STR_INIT;
-
-	error = gen_proto(&request, s->cmd, &s->url);
-	if (error < 0)
-		goto cleanup;
-
-	error = libssh2_channel_exec(s->channel, request.ptr);
-	if (error < LIBSSH2_ERROR_NONE) {
-		ssh_error(s->session, "SSH could not execute request");
-		goto cleanup;
-	}
-
-	s->sent_command = 1;
-
-cleanup:
-	git_str_dispose(&request);
-	return error;
-}
-
-static int ssh_stream_read(
-	git_smart_subtransport_stream *stream,
-	char *buffer,
-	size_t buf_size,
-	size_t *bytes_read)
-{
-	int rc;
-	ssh_stream *s = GIT_CONTAINER_OF(stream, ssh_stream, parent);
-
-	*bytes_read = 0;
-
-	if (!s->sent_command && send_command(s) < 0)
-		return -1;
-
-	if ((rc = libssh2_channel_read(s->channel, buffer, buf_size)) < LIBSSH2_ERROR_NONE) {
-		ssh_error(s->session, "SSH could not read data");
-		return -1;
-	}
-
-	/*
-	 * If we can't get anything out of stdout, it's typically a
-	 * not-found error, so read from stderr and signal EOF on
-	 * stderr.
-	 */
-	if (rc == 0) {
-		if ((rc = libssh2_channel_read_stderr(s->channel, buffer, buf_size)) > 0) {
-			git_error_set(GIT_ERROR_SSH, "%*s", rc, buffer);
-			return GIT_EEOF;
-		} else if (rc < LIBSSH2_ERROR_NONE) {
-			ssh_error(s->session, "SSH could not read stderr");
-			return -1;
-		}
-	}
-
-
-	*bytes_read = rc;
-
-	return 0;
-}
-
-static int ssh_stream_write(
-	git_smart_subtransport_stream *stream,
-	const char *buffer,
-	size_t len)
-{
-	ssh_stream *s = GIT_CONTAINER_OF(stream, ssh_stream, parent);
-	size_t off = 0;
-	ssize_t ret = 0;
-
-	if (!s->sent_command && send_command(s) < 0)
-		return -1;
-
-	do {
-		ret = libssh2_channel_write(s->channel, buffer + off, len - off);
-		if (ret < 0)
-			break;
-
-		off += ret;
-
-	} while (off < len);
-
-	if (ret < 0) {
-		ssh_error(s->session, "SSH could not write data");
-		return -1;
-	}
-
-	return 0;
-}
-
-static void ssh_stream_free(git_smart_subtransport_stream *stream)
-{
-	ssh_stream *s = GIT_CONTAINER_OF(stream, ssh_stream, parent);
-	ssh_subtransport *t;
-
-	if (!stream)
-		return;
-
-	t = OWNING_SUBTRANSPORT(s);
-	t->current_stream = NULL;
-
-	if (s->channel) {
-		libssh2_channel_close(s->channel);
-		libssh2_channel_free(s->channel);
-		s->channel = NULL;
-	}
-
-	if (s->session) {
-		libssh2_session_disconnect(s->session, "closing transport");
-		libssh2_session_free(s->session);
-		s->session = NULL;
-	}
-
-	if (s->io) {
-		git_stream_close(s->io);
-		git_stream_free(s->io);
-		s->io = NULL;
-	}
-
-	git_net_url_dispose(&s->url);
-	git__free(s);
-}
-
-static int ssh_stream_alloc(
-	ssh_subtransport *t,
-	const char *cmd,
-	git_smart_subtransport_stream **stream)
-{
-	ssh_stream *s;
-
-	GIT_ASSERT_ARG(stream);
-
-	s = git__calloc(sizeof(ssh_stream), 1);
-	GIT_ERROR_CHECK_ALLOC(s);
-
-	s->parent.subtransport = &t->parent;
-	s->parent.read = ssh_stream_read;
-	s->parent.write = ssh_stream_write;
-	s->parent.free = ssh_stream_free;
-
-	s->cmd = cmd;
-
-	*stream = &s->parent;
-	return 0;
-}
-
-static int ssh_agent_auth(LIBSSH2_SESSION *session, git_credential_ssh_key *c) {
-	int rc = LIBSSH2_ERROR_NONE;
-
-	struct libssh2_agent_publickey *curr, *prev = NULL;
-
-	LIBSSH2_AGENT *agent = libssh2_agent_init(session);
-
-	if (agent == NULL)
-		return -1;
-
-	rc = libssh2_agent_connect(agent);
-
-	if (rc != LIBSSH2_ERROR_NONE) {
-		rc = LIBSSH2_ERROR_AUTHENTICATION_FAILED;
-		goto shutdown;
-	}
-
-	rc = libssh2_agent_list_identities(agent);
-
-	if (rc != LIBSSH2_ERROR_NONE)
-		goto shutdown;
-
-	while (1) {
-		rc = libssh2_agent_get_identity(agent, &curr, prev);
-
-		if (rc < 0)
-			goto shutdown;
+#include "transports/smart.h"
 
-		/* rc is set to 1 whenever the ssh agent ran out of keys to check.
-		 * Set the error code to authentication failure rather than erroring
-		 * out with an untranslatable error code.
-		 */
-		if (rc == 1) {
-			rc = LIBSSH2_ERROR_AUTHENTICATION_FAILED;
-			goto shutdown;
-		}
-
-		rc = libssh2_agent_userauth(agent, c->username, curr);
-
-		if (rc == 0)
-			break;
-
-		prev = curr;
-	}
-
-shutdown:
-
-	if (rc != LIBSSH2_ERROR_NONE)
-		ssh_error(session, "error authenticating");
-
-	libssh2_agent_disconnect(agent);
-	libssh2_agent_free(agent);
-
-	return rc;
-}
-
-static int _git_ssh_authenticate_session(
-	LIBSSH2_SESSION *session,
-	git_credential *cred)
-{
-	int rc;
-
-	do {
-		git_error_clear();
-		switch (cred->credtype) {
-		case GIT_CREDENTIAL_USERPASS_PLAINTEXT: {
-			git_credential_userpass_plaintext *c = (git_credential_userpass_plaintext *)cred;
-			rc = libssh2_userauth_password(session, c->username, c->password);
-			break;
-		}
-		case GIT_CREDENTIAL_SSH_KEY: {
-			git_credential_ssh_key *c = (git_credential_ssh_key *)cred;
-
-			if (c->privatekey)
-				rc = libssh2_userauth_publickey_fromfile(
-					session, c->username, c->publickey,
-					c->privatekey, c->passphrase);
-			else
-				rc = ssh_agent_auth(session, c);
-
-			break;
-		}
-		case GIT_CREDENTIAL_SSH_CUSTOM: {
-			git_credential_ssh_custom *c = (git_credential_ssh_custom *)cred;
-
-			rc = libssh2_userauth_publickey(
-				session, c->username, (const unsigned char *)c->publickey,
-				c->publickey_len, c->sign_callback, &c->payload);
-			break;
-		}
-		case GIT_CREDENTIAL_SSH_INTERACTIVE: {
-			void **abstract = libssh2_session_abstract(session);
-			git_credential_ssh_interactive *c = (git_credential_ssh_interactive *)cred;
-
-			/* ideally, we should be able to set this by calling
-			 * libssh2_session_init_ex() instead of libssh2_session_init().
-			 * libssh2's API is inconsistent here i.e. libssh2_userauth_publickey()
-			 * allows you to pass the `abstract` as part of the call, whereas
-			 * libssh2_userauth_keyboard_interactive() does not!
-			 *
-			 * The only way to set the `abstract` pointer is by calling
-			 * libssh2_session_abstract(), which will replace the existing
-			 * pointer as is done below. This is safe for now (at time of writing),
-			 * but may not be valid in future.
-			 */
-			*abstract = c->payload;
-
-			rc = libssh2_userauth_keyboard_interactive(
-				session, c->username, c->prompt_callback);
-			break;
-		}
-#ifdef GIT_SSH_MEMORY_CREDENTIALS
-		case GIT_CREDENTIAL_SSH_MEMORY: {
-			git_credential_ssh_key *c = (git_credential_ssh_key *)cred;
-
-			GIT_ASSERT(c->username);
-			GIT_ASSERT(c->privatekey);
-
-			rc = libssh2_userauth_publickey_frommemory(
-				session,
-				c->username,
-				strlen(c->username),
-				c->publickey,
-				c->publickey ? strlen(c->publickey) : 0,
-				c->privatekey,
-				strlen(c->privatekey),
-				c->passphrase);
-			break;
-		}
-#endif
-		default:
-			rc = LIBSSH2_ERROR_AUTHENTICATION_FAILED;
-		}
-	} while (LIBSSH2_ERROR_EAGAIN == rc || LIBSSH2_ERROR_TIMEOUT == rc);
-
-	if (rc == LIBSSH2_ERROR_PASSWORD_EXPIRED ||
-		rc == LIBSSH2_ERROR_AUTHENTICATION_FAILED ||
-		rc == LIBSSH2_ERROR_PUBLICKEY_UNVERIFIED)
-			return GIT_EAUTH;
-
-	if (rc != LIBSSH2_ERROR_NONE) {
-		if (!git_error_last())
-			ssh_error(session, "Failed to authenticate SSH session");
-		return -1;
-	}
-
-	return 0;
-}
-
-static int request_creds(git_credential **out, ssh_subtransport *t, const char *user, int auth_methods)
-{
-	int error, no_callback = 0;
-	git_credential *cred = NULL;
-
-	if (!t->owner->connect_opts.callbacks.credentials) {
-		no_callback = 1;
-	} else {
-		error = t->owner->connect_opts.callbacks.credentials(
-			&cred,
-			t->owner->url,
-			user,
-			auth_methods,
-			t->owner->connect_opts.callbacks.payload);
-
-		if (error == GIT_PASSTHROUGH) {
-			no_callback = 1;
-		} else if (error < 0) {
-			return error;
-		} else if (!cred) {
-			git_error_set(GIT_ERROR_SSH, "callback failed to initialize SSH credentials");
-			return -1;
-		}
-	}
-
-	if (no_callback) {
-		git_error_set(GIT_ERROR_SSH, "authentication required but no callback set");
-		return GIT_EAUTH;
-	}
-
-	if (!(cred->credtype & auth_methods)) {
-		cred->free(cred);
-		git_error_set(GIT_ERROR_SSH, "authentication callback returned unsupported credentials type");
-		return GIT_EAUTH;
-	}
-
-	*out = cred;
-
-	return 0;
-}
-
-#define SSH_DIR          ".ssh"
-#define KNOWN_HOSTS_FILE "known_hosts"
-
-/*
- * Load the known_hosts file.
- *
- * Returns success but leaves the output NULL if we couldn't find the file.
- */
-static int load_known_hosts(LIBSSH2_KNOWNHOSTS **hosts, LIBSSH2_SESSION *session)
-{
-	git_str path = GIT_STR_INIT, sshdir = GIT_STR_INIT;
-	LIBSSH2_KNOWNHOSTS *known_hosts = NULL;
-	int error;
-
-	GIT_ASSERT_ARG(hosts);
-
-	if ((error = git_sysdir_expand_homedir_file(&sshdir, SSH_DIR)) < 0 ||
-	    (error = git_str_joinpath(&path, git_str_cstr(&sshdir), KNOWN_HOSTS_FILE)) < 0)
-		goto out;
-
-	if ((known_hosts = libssh2_knownhost_init(session)) == NULL) {
-		ssh_error(session, "error initializing known hosts");
-		error = -1;
-		goto out;
-	}
-
-	/*
-	 * Try to read the file and consider not finding it as not trusting the
-	 * host rather than an error.
-	 */
-	error = libssh2_knownhost_readfile(known_hosts, git_str_cstr(&path), LIBSSH2_KNOWNHOST_FILE_OPENSSH);
-	if (error == LIBSSH2_ERROR_FILE)
-		error = 0;
-	if (error < 0)
-		ssh_error(session, "error reading known_hosts");
-
-out:
-	*hosts = known_hosts;
-
-	git_str_dispose(&sshdir);
-	git_str_dispose(&path);
-
-	return error;
-}
-
-static void add_hostkey_pref_if_avail(
-	LIBSSH2_KNOWNHOSTS *known_hosts,
-	const char *hostname,
-	int port,
-	git_str *prefs,
-	int type,
-	const char *type_name)
-{
-	struct libssh2_knownhost *host = NULL;
-	const char key = '\0';
-	int mask = LIBSSH2_KNOWNHOST_TYPE_PLAIN | LIBSSH2_KNOWNHOST_KEYENC_RAW | type;
-	int error;
-
-	error = libssh2_knownhost_checkp(known_hosts, hostname, port, &key, 1, mask, &host);
-	if (error == LIBSSH2_KNOWNHOST_CHECK_MISMATCH) {
-		if (git_str_len(prefs) > 0) {
-			git_str_putc(prefs, ',');
-		}
-		git_str_puts(prefs, type_name);
-	}
-}
-
-/*
- * We figure out what kind of key we want to ask the remote for by trying to
- * look it up with a nonsense key and using that mismatch to figure out what key
- * we do have stored for the host.
- *
- * Populates prefs with the string to pass to libssh2_session_method_pref.
- */
-static void find_hostkey_preference(
-	LIBSSH2_KNOWNHOSTS *known_hosts,
-	const char *hostname,
-	int port,
-	git_str *prefs)
-{
-	/*
-	 * The order here is important as it indicates the priority of what will
-	 * be preferred.
-	 */
-#ifdef LIBSSH2_KNOWNHOST_KEY_ED25519
-	add_hostkey_pref_if_avail(known_hosts, hostname, port, prefs, LIBSSH2_KNOWNHOST_KEY_ED25519, "ssh-ed25519");
-#endif
-#ifdef LIBSSH2_KNOWNHOST_KEY_ECDSA_256
-	add_hostkey_pref_if_avail(known_hosts, hostname, port, prefs, LIBSSH2_KNOWNHOST_KEY_ECDSA_256, "ecdsa-sha2-nistp256");
-	add_hostkey_pref_if_avail(known_hosts, hostname, port, prefs, LIBSSH2_KNOWNHOST_KEY_ECDSA_384, "ecdsa-sha2-nistp384");
-	add_hostkey_pref_if_avail(known_hosts, hostname, port, prefs, LIBSSH2_KNOWNHOST_KEY_ECDSA_521, "ecdsa-sha2-nistp521");
-#endif
-	add_hostkey_pref_if_avail(known_hosts, hostname, port, prefs, LIBSSH2_KNOWNHOST_KEY_SSHRSA, "ssh-rsa");
-}
-
-static int _git_ssh_session_create(
-	LIBSSH2_SESSION **session,
-	LIBSSH2_KNOWNHOSTS **hosts,
-	const char *hostname,
-	int port,
-	git_stream *io)
-{
-	git_socket_stream *socket = GIT_CONTAINER_OF(io, git_socket_stream, parent);
-	LIBSSH2_SESSION *s;
-	LIBSSH2_KNOWNHOSTS *known_hosts;
-	git_str prefs = GIT_STR_INIT;
-	int rc = 0;
-
-	GIT_ASSERT_ARG(session);
-	GIT_ASSERT_ARG(hosts);
-
-	s = libssh2_session_init();
-	if (!s) {
-		git_error_set(GIT_ERROR_NET, "failed to initialize SSH session");
-		return -1;
-	}
-
-	if ((rc = load_known_hosts(&known_hosts, s)) < 0) {
-		ssh_error(s, "error loading known_hosts");
-		libssh2_session_free(s);
-		return -1;
-	}
-
-	find_hostkey_preference(known_hosts, hostname, port, &prefs);
-	if (git_str_len(&prefs) > 0) {
-		do {
-			rc = libssh2_session_method_pref(s, LIBSSH2_METHOD_HOSTKEY, git_str_cstr(&prefs));
-		} while (LIBSSH2_ERROR_EAGAIN == rc || LIBSSH2_ERROR_TIMEOUT == rc);
-		if (rc != LIBSSH2_ERROR_NONE) {
-			ssh_error(s, "failed to set hostkey preference");
-			goto on_error;
-		}
-	}
-	git_str_dispose(&prefs);
-
-	do {
-		rc = libssh2_session_handshake(s, socket->s);
-	} while (LIBSSH2_ERROR_EAGAIN == rc || LIBSSH2_ERROR_TIMEOUT == rc);
-
-	if (rc != LIBSSH2_ERROR_NONE) {
-		ssh_error(s, "failed to start SSH session");
-		goto on_error;
-	}
-
-	libssh2_session_set_blocking(s, 1);
-
-	*session = s;
-	*hosts = known_hosts;
-
-	return 0;
-
-on_error:
-	libssh2_knownhost_free(known_hosts);
-	libssh2_session_free(s);
-	return -1;
-}
-
-
-/*
- * Returns the typemask argument to pass to libssh2_knownhost_check{,p} based on
- * the type of key that libssh2_session_hostkey returns.
- */
-static int fingerprint_type_mask(int keytype)
-{
-	int mask = LIBSSH2_KNOWNHOST_TYPE_PLAIN | LIBSSH2_KNOWNHOST_KEYENC_RAW;
-	return mask;
-
-	switch (keytype) {
-	case LIBSSH2_HOSTKEY_TYPE_RSA:
-		mask |= LIBSSH2_KNOWNHOST_KEY_SSHRSA;
-		break;
-	case LIBSSH2_HOSTKEY_TYPE_DSS:
-		mask |= LIBSSH2_KNOWNHOST_KEY_SSHDSS;
-		break;
-#ifdef LIBSSH2_HOSTKEY_TYPE_ECDSA_256
-	case LIBSSH2_HOSTKEY_TYPE_ECDSA_256:
-		mask |= LIBSSH2_KNOWNHOST_KEY_ECDSA_256;
-		break;
-	case LIBSSH2_HOSTKEY_TYPE_ECDSA_384:
-		mask |= LIBSSH2_KNOWNHOST_KEY_ECDSA_384;
-		break;
-	case LIBSSH2_HOSTKEY_TYPE_ECDSA_521:
-		mask |= LIBSSH2_KNOWNHOST_KEY_ECDSA_521;
-		break;
-#endif
-#ifdef LIBSSH2_HOSTKEY_TYPE_ED25519
-	case LIBSSH2_HOSTKEY_TYPE_ED25519:
-		mask |= LIBSSH2_KNOWNHOST_KEY_ED25519;
-		break;
-#endif
-	}
-
-	return mask;
-}
-
-/*
- * Check the host against the user's known_hosts file.
- *
- * Returns 1/0 for valid/''not-valid or <0 for an error
- */
-static int check_against_known_hosts(
-	LIBSSH2_SESSION *session,
-	LIBSSH2_KNOWNHOSTS *known_hosts,
-	const char *hostname,
-	int port,
-	const char *key,
-	size_t key_len,
-	int key_type)
-{
-	int check, typemask, ret = 0;
-	struct libssh2_knownhost *host = NULL;
-
-	if (known_hosts == NULL)
-		return 0;
-
-	typemask = fingerprint_type_mask(key_type);
-	check = libssh2_knownhost_checkp(known_hosts, hostname, port, key, key_len, typemask, &host);
-	if (check == LIBSSH2_KNOWNHOST_CHECK_FAILURE) {
-		ssh_error(session, "error checking for known host");
-		return -1;
-	}
-
-	ret = check == LIBSSH2_KNOWNHOST_CHECK_MATCH ? 1 : 0;
-
-	return ret;
-}
-
-/*
- * Perform the check for the session's certificate against known hosts if
- * possible and then ask the user if they have a callback.
- *
- * Returns 1/0 for valid/not-valid or <0 for an error
- */
-static int check_certificate(
-	LIBSSH2_SESSION *session,
-	LIBSSH2_KNOWNHOSTS *known_hosts,
-	git_transport_certificate_check_cb check_cb,
-	void *check_cb_payload,
-	const char *host,
-	int port)
-{
-	git_cert_hostkey cert = {{ 0 }};
-	const char *key;
-	size_t cert_len;
-	int cert_type, cert_valid = 0, error = 0;
-
-	if ((key = libssh2_session_hostkey(session, &cert_len, &cert_type)) == NULL) {
-		ssh_error(session, "failed to retrieve hostkey");
-		return -1;
-	}
-
-	if ((cert_valid = check_against_known_hosts(session, known_hosts, host, port, key, cert_len, cert_type)) < 0)
-		return -1;
-
-	cert.parent.cert_type = GIT_CERT_HOSTKEY_LIBSSH2;
-	if (key != NULL) {
-		cert.type |= GIT_CERT_SSH_RAW;
-		cert.hostkey = key;
-		cert.hostkey_len = cert_len;
-		switch (cert_type) {
-		case LIBSSH2_HOSTKEY_TYPE_RSA:
-			cert.raw_type = GIT_CERT_SSH_RAW_TYPE_RSA;
-			break;
-		case LIBSSH2_HOSTKEY_TYPE_DSS:
-			cert.raw_type = GIT_CERT_SSH_RAW_TYPE_DSS;
-			break;
-
-#ifdef LIBSSH2_HOSTKEY_TYPE_ECDSA_256
-		case LIBSSH2_HOSTKEY_TYPE_ECDSA_256:
-			cert.raw_type = GIT_CERT_SSH_RAW_TYPE_KEY_ECDSA_256;
-			break;
-		case LIBSSH2_HOSTKEY_TYPE_ECDSA_384:
-			cert.raw_type = GIT_CERT_SSH_RAW_TYPE_KEY_ECDSA_384;
-			break;
-		case LIBSSH2_KNOWNHOST_KEY_ECDSA_521:
-			cert.raw_type = GIT_CERT_SSH_RAW_TYPE_KEY_ECDSA_521;
-			break;
-#endif
-
-#ifdef LIBSSH2_HOSTKEY_TYPE_ED25519
-		case LIBSSH2_HOSTKEY_TYPE_ED25519:
-			cert.raw_type = GIT_CERT_SSH_RAW_TYPE_KEY_ED25519;
-			break;
-#endif
-		default:
-			cert.raw_type = GIT_CERT_SSH_RAW_TYPE_UNKNOWN;
-		}
-	}
-
-#ifdef LIBSSH2_HOSTKEY_HASH_SHA256
-	key = libssh2_hostkey_hash(session, LIBSSH2_HOSTKEY_HASH_SHA256);
-	if (key != NULL) {
-		cert.type |= GIT_CERT_SSH_SHA256;
-		memcpy(&cert.hash_sha256, key, 32);
-	}
-#endif
-
-	key = libssh2_hostkey_hash(session, LIBSSH2_HOSTKEY_HASH_SHA1);
-	if (key != NULL) {
-		cert.type |= GIT_CERT_SSH_SHA1;
-		memcpy(&cert.hash_sha1, key, 20);
-	}
-
-	key = libssh2_hostkey_hash(session, LIBSSH2_HOSTKEY_HASH_MD5);
-	if (key != NULL) {
-		cert.type |= GIT_CERT_SSH_MD5;
-		memcpy(&cert.hash_md5, key, 16);
-	}
-
-	if (cert.type == 0) {
-		git_error_set(GIT_ERROR_SSH, "unable to get the host key");
-		return -1;
-	}
-
-	git_error_clear();
-	error = 0;
-	if (!cert_valid) {
-		git_error_set(GIT_ERROR_SSH, "invalid or unknown remote ssh hostkey");
-		error = GIT_ECERTIFICATE;
-	}
-
-	if (check_cb != NULL) {
-		git_cert_hostkey *cert_ptr = &cert;
-		git_error_state previous_error = {0};
-
-		git_error_state_capture(&previous_error, error);
-		error = check_cb((git_cert *) cert_ptr, cert_valid, host, check_cb_payload);
-		if (error == GIT_PASSTHROUGH) {
-			error = git_error_state_restore(&previous_error);
-		} else if (error < 0 && !git_error_last()) {
-			git_error_set(GIT_ERROR_NET, "unknown remote host key");
-		}
-
-		git_error_state_free(&previous_error);
-	}
-
-	return error;
-}
-
-#define SSH_DEFAULT_PORT "22"
-
-static int _git_ssh_setup_conn(
-	ssh_subtransport *t,
-	const char *url,
-	const char *cmd,
-	git_smart_subtransport_stream **stream)
-{
-	int auth_methods, error = 0, port;
-	ssh_stream *s;
-	git_credential *cred = NULL;
-	LIBSSH2_SESSION *session=NULL;
-	LIBSSH2_CHANNEL *channel=NULL;
-	LIBSSH2_KNOWNHOSTS *known_hosts = NULL;
-
-	t->current_stream = NULL;
-
-	*stream = NULL;
-	if (ssh_stream_alloc(t, cmd, stream) < 0)
-		return -1;
-
-	s = (ssh_stream *)*stream;
-	s->session = NULL;
-	s->channel = NULL;
-
-	if ((error = git_net_url_parse_standard_or_scp(&s->url, url)) < 0 ||
-	    (error = git_socket_stream_new(&s->io, s->url.host, s->url.port)) < 0 ||
-	    (error = git_stream_connect(s->io)) < 0)
-		goto done;
-
-	/*
-	 * Try to parse the port as a number, if we can't then fall back to
-	 * default. It would be nice if we could get the port that was resolved
-	 * as part of the stream connection, but that's not something that's
-	 * exposed.
-	 */
-	if (git__strntol32(&port, s->url.port, strlen(s->url.port), NULL, 10) < 0) {
-		git_error_set(GIT_ERROR_NET, "invalid port to ssh: %s", s->url.port);
-		error = -1;
-		goto done;
-	}
-
-	if ((error = _git_ssh_session_create(&session, &known_hosts, s->url.host, port, s->io)) < 0)
-		goto done;
-
-	if ((error = check_certificate(session, known_hosts, t->owner->connect_opts.callbacks.certificate_check, t->owner->connect_opts.callbacks.payload, s->url.host, port)) < 0)
-		goto done;
-
-	/* we need the username to ask for auth methods */
-	if (!s->url.username) {
-		if ((error = request_creds(&cred, t, NULL, GIT_CREDENTIAL_USERNAME)) < 0)
-			goto done;
-
-		s->url.username = git__strdup(((git_credential_username *) cred)->username);
-		cred->free(cred);
-		cred = NULL;
-		if (!s->url.username)
-			goto done;
-	} else if (s->url.username && s->url.password) {
-		if ((error = git_credential_userpass_plaintext_new(&cred, s->url.username, s->url.password)) < 0)
-			goto done;
-	}
-
-	if ((error = list_auth_methods(&auth_methods, session, s->url.username)) < 0)
-		goto done;
-
-	error = GIT_EAUTH;
-	/* if we already have something to try */
-	if (cred && auth_methods & cred->credtype)
-		error = _git_ssh_authenticate_session(session, cred);
-
-	while (error == GIT_EAUTH) {
-		if (cred) {
-			cred->free(cred);
-			cred = NULL;
-		}
-
-		if ((error = request_creds(&cred, t, s->url.username, auth_methods)) < 0)
-			goto done;
-
-		if (strcmp(s->url.username, git_credential_get_username(cred))) {
-			git_error_set(GIT_ERROR_SSH, "username does not match previous request");
-			error = -1;
-			goto done;
-		}
-
-		error = _git_ssh_authenticate_session(session, cred);
-
-		if (error == GIT_EAUTH) {
-			/* refresh auth methods */
-			if ((error = list_auth_methods(&auth_methods, session, s->url.username)) < 0)
-				goto done;
-			else
-				error = GIT_EAUTH;
-		}
-	}
-
-	if (error < 0)
-		goto done;
-
-	channel = libssh2_channel_open_session(session);
-	if (!channel) {
-		error = -1;
-		ssh_error(session, "Failed to open SSH channel");
-		goto done;
-	}
-
-	libssh2_channel_set_blocking(channel, 1);
-
-	s->session = session;
-	s->channel = channel;
-
-	t->current_stream = s;
-
-done:
-	if (known_hosts)
-		libssh2_knownhost_free(known_hosts);
-
-	if (error < 0) {
-		ssh_stream_free(*stream);
-
-		if (session)
-			libssh2_session_free(session);
-	}
-
-	if (cred)
-		cred->free(cred);
-
-	return error;
-}
-
-static int ssh_uploadpack_ls(
-	ssh_subtransport *t,
-	const char *url,
-	git_smart_subtransport_stream **stream)
-{
-	const char *cmd = t->cmd_uploadpack ? t->cmd_uploadpack : cmd_uploadpack;
-
-	return _git_ssh_setup_conn(t, url, cmd, stream);
-}
-
-static int ssh_uploadpack(
-	ssh_subtransport *t,
-	const char *url,
-	git_smart_subtransport_stream **stream)
-{
-	GIT_UNUSED(url);
-
-	if (t->current_stream) {
-		*stream = &t->current_stream->parent;
-		return 0;
-	}
-
-	git_error_set(GIT_ERROR_NET, "must call UPLOADPACK_LS before UPLOADPACK");
-	return -1;
-}
-
-static int ssh_receivepack_ls(
-	ssh_subtransport *t,
-	const char *url,
-	git_smart_subtransport_stream **stream)
-{
-	const char *cmd = t->cmd_receivepack ? t->cmd_receivepack : cmd_receivepack;
-
-
-	return _git_ssh_setup_conn(t, url, cmd, stream);
-}
-
-static int ssh_receivepack(
-	ssh_subtransport *t,
-	const char *url,
-	git_smart_subtransport_stream **stream)
-{
-	GIT_UNUSED(url);
-
-	if (t->current_stream) {
-		*stream = &t->current_stream->parent;
-		return 0;
-	}
-
-	git_error_set(GIT_ERROR_NET, "must call RECEIVEPACK_LS before RECEIVEPACK");
-	return -1;
-}
-
-static int _ssh_action(
-	git_smart_subtransport_stream **stream,
-	git_smart_subtransport *subtransport,
-	const char *url,
-	git_smart_service_t action)
-{
-	ssh_subtransport *t = GIT_CONTAINER_OF(subtransport, ssh_subtransport, parent);
-
-	switch (action) {
-		case GIT_SERVICE_UPLOADPACK_LS:
-			return ssh_uploadpack_ls(t, url, stream);
-
-		case GIT_SERVICE_UPLOADPACK:
-			return ssh_uploadpack(t, url, stream);
-
-		case GIT_SERVICE_RECEIVEPACK_LS:
-			return ssh_receivepack_ls(t, url, stream);
-
-		case GIT_SERVICE_RECEIVEPACK:
-			return ssh_receivepack(t, url, stream);
-	}
+int git_smart_subtransport_ssh(
+	git_smart_subtransport **out,
+	git_transport *owner,
+	void *param)
+{
+#ifdef GIT_SSH_LIBSSH2
+	return git_smart_subtransport_ssh_libssh2(out, owner, param);
+#elif GIT_SSH_EXEC
+	return git_smart_subtransport_ssh_exec(out, owner, param);
+#else
+	GIT_UNUSED(out);
+	GIT_UNUSED(owner);
+	GIT_UNUSED(param);
 
-	*stream = NULL;
+	git_error_set(GIT_ERROR_INVALID, "cannot create SSH transport; library was built without SSH support");
 	return -1;
-}
-
-static int _ssh_close(git_smart_subtransport *subtransport)
-{
-	ssh_subtransport *t = GIT_CONTAINER_OF(subtransport, ssh_subtransport, parent);
-
-	GIT_ASSERT(!t->current_stream);
-
-	GIT_UNUSED(t);
-
-	return 0;
-}
-
-static void _ssh_free(git_smart_subtransport *subtransport)
-{
-	ssh_subtransport *t = GIT_CONTAINER_OF(subtransport, ssh_subtransport, parent);
-
-	git__free(t->cmd_uploadpack);
-	git__free(t->cmd_receivepack);
-	git__free(t);
-}
-
-#define SSH_AUTH_PUBLICKEY "publickey"
-#define SSH_AUTH_PASSWORD "password"
-#define SSH_AUTH_KEYBOARD_INTERACTIVE "keyboard-interactive"
-
-static int list_auth_methods(int *out, LIBSSH2_SESSION *session, const char *username)
-{
-	const char *list, *ptr;
-
-	*out = 0;
-
-	list = libssh2_userauth_list(session, username, strlen(username));
-
-	/* either error, or the remote accepts NONE auth, which is bizarre, let's punt */
-	if (list == NULL && !libssh2_userauth_authenticated(session)) {
-		ssh_error(session, "remote rejected authentication");
-		return GIT_EAUTH;
-	}
-
-	ptr = list;
-	while (ptr) {
-		if (*ptr == ',')
-			ptr++;
-
-		if (!git__prefixcmp(ptr, SSH_AUTH_PUBLICKEY)) {
-			*out |= GIT_CREDENTIAL_SSH_KEY;
-			*out |= GIT_CREDENTIAL_SSH_CUSTOM;
-#ifdef GIT_SSH_MEMORY_CREDENTIALS
-			*out |= GIT_CREDENTIAL_SSH_MEMORY;
 #endif
-			ptr += strlen(SSH_AUTH_PUBLICKEY);
-			continue;
-		}
-
-		if (!git__prefixcmp(ptr, SSH_AUTH_PASSWORD)) {
-			*out |= GIT_CREDENTIAL_USERPASS_PLAINTEXT;
-			ptr += strlen(SSH_AUTH_PASSWORD);
-			continue;
-		}
-
-		if (!git__prefixcmp(ptr, SSH_AUTH_KEYBOARD_INTERACTIVE)) {
-			*out |= GIT_CREDENTIAL_SSH_INTERACTIVE;
-			ptr += strlen(SSH_AUTH_KEYBOARD_INTERACTIVE);
-			continue;
-		}
-
-		/* Skip it if we don't know it */
-		ptr = strchr(ptr, ',');
-	}
-
-	return 0;
 }
-#endif
 
-int git_smart_subtransport_ssh(
-	git_smart_subtransport **out, git_transport *owner, void *param)
+static int transport_set_paths(git_transport *t, git_strarray *paths)
 {
-#ifdef GIT_SSH
-	ssh_subtransport *t;
+	transport_smart *smart = (transport_smart *)t;
 
-	GIT_ASSERT_ARG(out);
-
-	GIT_UNUSED(param);
-
-	t = git__calloc(sizeof(ssh_subtransport), 1);
-	GIT_ERROR_CHECK_ALLOC(t);
-
-	t->owner = (transport_smart *)owner;
-	t->parent.action = _ssh_action;
-	t->parent.close = _ssh_close;
-	t->parent.free = _ssh_free;
-
-	*out = (git_smart_subtransport *) t;
-	return 0;
+#ifdef GIT_SSH_LIBSSH2
+	return git_smart_subtransport_ssh_libssh2_set_paths(
+		(git_smart_subtransport *)smart->wrapped,
+		paths->strings[0],
+		paths->strings[1]);
+#elif GIT_SSH_EXEC
+	return git_smart_subtransport_ssh_exec_set_paths(
+		(git_smart_subtransport *)smart->wrapped,
+		paths->strings[0],
+		paths->strings[1]);
 #else
-	GIT_UNUSED(owner);
-	GIT_UNUSED(param);
-
-	GIT_ASSERT_ARG(out);
-	*out = NULL;
+	GIT_UNUSED(t);
+	GIT_UNUSED(smart);
+	GIT_UNUSED(paths);
 
-	git_error_set(GIT_ERROR_INVALID, "cannot create SSH transport. Library was built without SSH support");
+	GIT_ASSERT(!"cannot create SSH library; library was built without SSH support");
 	return -1;
 #endif
 }
 
-int git_transport_ssh_with_paths(git_transport **out, git_remote *owner, void *payload)
+int git_transport_ssh_with_paths(
+	git_transport **out,
+	git_remote *owner,
+	void *payload)
 {
-#ifdef GIT_SSH
 	git_strarray *paths = (git_strarray *) payload;
 	git_transport *transport;
-	transport_smart *smart;
-	ssh_subtransport *t;
 	int error;
+
 	git_smart_subtransport_definition ssh_definition = {
 		git_smart_subtransport_ssh,
 		0, /* no RPC */
-		NULL,
+		NULL
 	};
 
 	if (paths->count != 2) {
@@ -1099,49 +76,10 @@ int git_transport_ssh_with_paths(git_transport **out, git_remote *owner, void *p
 	if ((error = git_transport_smart(&transport, owner, &ssh_definition)) < 0)
 		return error;
 
-	smart = (transport_smart *) transport;
-	t = (ssh_subtransport *) smart->wrapped;
-
-	t->cmd_uploadpack = git__strdup(paths->strings[0]);
-	GIT_ERROR_CHECK_ALLOC(t->cmd_uploadpack);
-	t->cmd_receivepack = git__strdup(paths->strings[1]);
-	GIT_ERROR_CHECK_ALLOC(t->cmd_receivepack);
+	if ((error = transport_set_paths(transport, paths)) < 0)
+		return error;
 
 	*out = transport;
 	return 0;
-#else
-	GIT_UNUSED(owner);
-	GIT_UNUSED(payload);
-
-	GIT_ASSERT_ARG(out);
-	*out = NULL;
-
-	git_error_set(GIT_ERROR_INVALID, "cannot create SSH transport. Library was built without SSH support");
-	return -1;
-#endif
-}
-
-#ifdef GIT_SSH
-static void shutdown_ssh(void)
-{
-    libssh2_exit();
 }
-#endif
-
-int git_transport_ssh_global_init(void)
-{
-#ifdef GIT_SSH
-	if (libssh2_init(0) < 0) {
-		git_error_set(GIT_ERROR_SSH, "unable to initialize libssh2");
-		return -1;
-	}
-
-	return git_runtime_shutdown_register(shutdown_ssh);
 
-#else
-
-	/* Nothing to initialize */
-	return 0;
-
-#endif
-}