2 files changed, 58 insertions, 0 deletions

diff --git a/src/transports/cred.c b/src/transports/cred.c
index 460ed04a2..528d6af73 100644
--- a/src/transports/cred.c
+++ b/src/transports/cred.c
@@ -87,6 +87,16 @@ static void ssh_key_free(struct git_cred *cred)
 	git__free(c);
 }
 
+static void ssh_interactive_free(struct git_cred *cred)
+{
+	git_cred_ssh_interactive *c = (git_cred_ssh_interactive *)cred;
+
+	git__free(c->username);
+
+	git__memzero(c, sizeof(*c));
+	git__free(c);
+}
+
 static void ssh_custom_free(struct git_cred *cred)
 {
 	git_cred_ssh_custom *c = (git_cred_ssh_custom *)cred;
@@ -142,6 +152,32 @@ int git_cred_ssh_key_new(
 	return 0;
 }
 
+int git_cred_ssh_interactive_new(
+	git_cred **out,
+	const char *username,
+	git_cred_ssh_interactive_callback prompt_callback,
+	void *payload)
+{
+	git_cred_ssh_interactive *c;
+
+	assert(out && username && prompt_callback);
+
+	c = git__calloc(1, sizeof(git_cred_ssh_interactive));
+	GITERR_CHECK_ALLOC(c);
+
+	c->parent.credtype = GIT_CREDTYPE_SSH_INTERACTIVE;
+	c->parent.free = ssh_interactive_free;
+
+	c->username = git__strdup(username);
+	GITERR_CHECK_ALLOC(c->username);
+
+	c->prompt_callback = prompt_callback;
+	c->payload = payload;
+
+	*out = &c->parent;
+	return 0;
+}
+
 int git_cred_ssh_key_from_agent(git_cred **cred, const char *username) {
 	git_cred_ssh_key *c;
 
diff --git a/src/transports/ssh.c b/src/transports/ssh.c
index 879af9059..48e51f2ae 100644
--- a/src/transports/ssh.c
+++ b/src/transports/ssh.c
@@ -313,6 +313,27 @@ static int _git_ssh_authenticate_session(
 				c->publickey_len, c->sign_callback, &c->sign_data);
 			break;
 		}
+		case GIT_CREDTYPE_SSH_INTERACTIVE: {
+			void **abstract = libssh2_session_abstract(session);
+			git_cred_ssh_interactive *c = (git_cred_ssh_interactive *)cred;
+
+			/* ideally, we should be able to set this by calling
+			 * libssh2_session_init_ex() instead of libssh2_session_init().
+			 * libssh2's API is inconsistent here i.e. libssh2_userauth_publickey()
+			 * allows you to pass the `abstract` as part of the call, whereas
+			 * libssh2_userauth_keyboard_interactive() does not!
+			 *
+			 * The only way to set the `abstract` pointer is by calling
+			 * libssh2_session_abstract(), which will replace the existing
+			 * pointer as is done below. This is safe for now (at time of writing),
+			 * but may not be valid in future.
+			 */
+			*abstract = c->payload;
+
+			rc = libssh2_userauth_keyboard_interactive(
+				session, c->username, c->prompt_callback);
+			break;
+		}
 		default:
 			rc = LIBSSH2_ERROR_AUTHENTICATION_FAILED;
 		}
@@ -397,6 +418,7 @@ static int _git_ssh_setup_conn(
 				&t->cred, t->owner->url, user,
 				GIT_CREDTYPE_USERPASS_PLAINTEXT |
 				GIT_CREDTYPE_SSH_KEY |
+				GIT_CREDTYPE_SSH_INTERACTIVE |
 				GIT_CREDTYPE_SSH_CUSTOM,
 				t->owner->cred_acquire_payload) < 0)
 			goto on_error;