summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authordtucker@openbsd.org <dtucker@openbsd.org>2018-07-16 11:05:41 +0000
committerDamien Miller <djm@mindrot.org>2018-07-19 20:17:33 +1000
commit26efc2f5df0e3bcf6a6bbdd0506fd682d60c2145 (patch)
tree9cd4755df1683a1c861fb380f47b1d141ba25c44
parent3eb7f1038d17af7aea3c2c62d1e30cd545607640 (diff)
upstream: Remove support for loading HostBasedAuthentication keys
directly in ssh(1) and always use ssh-keysign. This removes one of the few remaining reasons why ssh(1) might be setuid. ok markus@ OpenBSD-Commit-ID: 97f01e1448707129a20d75f86bad5d27c3cf0b7d
-rw-r--r--ssh.c35
-rw-r--r--sshconnect.h3
-rw-r--r--sshconnect2.c10
3 files changed, 9 insertions, 39 deletions
diff --git a/ssh.c b/ssh.c
index 3367e9137..33d7ea2ba 100644
--- a/ssh.c
+++ b/ssh.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh.c,v 1.484 2018/07/16 07:06:50 djm Exp $ */ 1/* $OpenBSD: ssh.c,v 1.485 2018/07/16 11:05:41 dtucker Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1411,16 +1411,12 @@ main(int ac, char **av)
1411 debug3("timeout: %d ms remain after connect", timeout_ms); 1411 debug3("timeout: %d ms remain after connect", timeout_ms);
1412 1412
1413 /* 1413 /*
1414 * If we successfully made the connection, load the host private key 1414 * If we successfully made the connection and we have hostbased auth
1415 * in case we will need it later for hostbased 1415 * enabled, load the public keys so we can later use the ssh-keysign
1416 * authentication. This must be done before releasing extra 1416 * helper to sign challenges.
1417 * privileges, because the file is only readable by root.
1418 * If we cannot access the private keys, load the public keys
1419 * instead and try to execute the ssh-keysign helper instead.
1420 */ 1417 */
1421 sensitive_data.nkeys = 0; 1418 sensitive_data.nkeys = 0;
1422 sensitive_data.keys = NULL; 1419 sensitive_data.keys = NULL;
1423 sensitive_data.external_keysign = 0;
1424 if (options.hostbased_authentication) { 1420 if (options.hostbased_authentication) {
1425 sensitive_data.nkeys = 11; 1421 sensitive_data.nkeys = 11;
1426 sensitive_data.keys = xcalloc(sensitive_data.nkeys, 1422 sensitive_data.keys = xcalloc(sensitive_data.nkeys,
@@ -1439,27 +1435,7 @@ main(int ac, char **av)
1439#define L_CERT(p,o) \ 1435#define L_CERT(p,o) \
1440 check_load(sshkey_load_cert(p, &(sensitive_data.keys[o])), p, "cert") 1436 check_load(sshkey_load_cert(p, &(sensitive_data.keys[o])), p, "cert")
1441 1437
1442 PRIV_START; 1438 if (options.hostbased_authentication == 1) {
1443 L_KEYCERT(KEY_ECDSA, _PATH_HOST_ECDSA_KEY_FILE, 1);
1444 L_KEYCERT(KEY_ED25519, _PATH_HOST_ED25519_KEY_FILE, 2);
1445 L_KEYCERT(KEY_RSA, _PATH_HOST_RSA_KEY_FILE, 3);
1446 L_KEYCERT(KEY_DSA, _PATH_HOST_DSA_KEY_FILE, 4);
1447 L_KEY(KEY_ECDSA, _PATH_HOST_ECDSA_KEY_FILE, 5);
1448 L_KEY(KEY_ED25519, _PATH_HOST_ED25519_KEY_FILE, 6);
1449 L_KEY(KEY_RSA, _PATH_HOST_RSA_KEY_FILE, 7);
1450 L_KEY(KEY_DSA, _PATH_HOST_DSA_KEY_FILE, 8);
1451 L_KEYCERT(KEY_XMSS, _PATH_HOST_XMSS_KEY_FILE, 9);
1452 L_KEY(KEY_XMSS, _PATH_HOST_XMSS_KEY_FILE, 10);
1453 PRIV_END;
1454
1455 if (options.hostbased_authentication == 1 &&
1456 sensitive_data.keys[0] == NULL &&
1457 sensitive_data.keys[5] == NULL &&
1458 sensitive_data.keys[6] == NULL &&
1459 sensitive_data.keys[7] == NULL &&
1460 sensitive_data.keys[8] == NULL &&
1461 sensitive_data.keys[9] == NULL &&
1462 sensitive_data.keys[10] == NULL) {
1463 L_CERT(_PATH_HOST_ECDSA_KEY_FILE, 1); 1439 L_CERT(_PATH_HOST_ECDSA_KEY_FILE, 1);
1464 L_CERT(_PATH_HOST_ED25519_KEY_FILE, 2); 1440 L_CERT(_PATH_HOST_ED25519_KEY_FILE, 2);
1465 L_CERT(_PATH_HOST_RSA_KEY_FILE, 3); 1441 L_CERT(_PATH_HOST_RSA_KEY_FILE, 3);
@@ -1470,7 +1446,6 @@ main(int ac, char **av)
1470 L_PUBKEY(_PATH_HOST_DSA_KEY_FILE, 8); 1446 L_PUBKEY(_PATH_HOST_DSA_KEY_FILE, 8);
1471 L_CERT(_PATH_HOST_XMSS_KEY_FILE, 9); 1447 L_CERT(_PATH_HOST_XMSS_KEY_FILE, 9);
1472 L_PUBKEY(_PATH_HOST_XMSS_KEY_FILE, 10); 1448 L_PUBKEY(_PATH_HOST_XMSS_KEY_FILE, 10);
1473 sensitive_data.external_keysign = 1;
1474 } 1449 }
1475 } 1450 }
1476 /* 1451 /*
diff --git a/sshconnect.h b/sshconnect.h
index dd648b096..6bba62ad0 100644
--- a/sshconnect.h
+++ b/sshconnect.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshconnect.h,v 1.32 2018/02/10 09:25:35 djm Exp $ */ 1/* $OpenBSD: sshconnect.h,v 1.33 2018/07/16 11:05:41 dtucker Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2000 Markus Friedl. All rights reserved. 4 * Copyright (c) 2000 Markus Friedl. All rights reserved.
@@ -28,7 +28,6 @@ typedef struct Sensitive Sensitive;
28struct Sensitive { 28struct Sensitive {
29 struct sshkey **keys; 29 struct sshkey **keys;
30 int nkeys; 30 int nkeys;
31 int external_keysign;
32}; 31};
33 32
34struct addrinfo; 33struct addrinfo;
diff --git a/sshconnect2.c b/sshconnect2.c
index fb90e8afc..7b0e18f28 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshconnect2.c,v 1.280 2018/07/11 18:55:11 markus Exp $ */ 1/* $OpenBSD: sshconnect2.c,v 1.281 2018/07/16 11:05:41 dtucker Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000 Markus Friedl. All rights reserved.
4 * Copyright (c) 2008 Damien Miller. All rights reserved. 4 * Copyright (c) 2008 Damien Miller. All rights reserved.
@@ -1990,12 +1990,8 @@ userauth_hostbased(Authctxt *authctxt)
1990#ifdef DEBUG_PK 1990#ifdef DEBUG_PK
1991 sshbuf_dump(b, stderr); 1991 sshbuf_dump(b, stderr);
1992#endif 1992#endif
1993 if (authctxt->sensitive->external_keysign) 1993 r = ssh_keysign(private, &sig, &siglen,
1994 r = ssh_keysign(private, &sig, &siglen, 1994 sshbuf_ptr(b), sshbuf_len(b));
1995 sshbuf_ptr(b), sshbuf_len(b));
1996 else if ((r = sshkey_sign(private, &sig, &siglen,
1997 sshbuf_ptr(b), sshbuf_len(b), NULL, datafellows)) != 0)
1998 debug("%s: sshkey_sign: %s", __func__, ssh_err(r));
1999 if (r != 0) { 1995 if (r != 0) {
2000 error("sign using hostkey %s %s failed", 1996 error("sign using hostkey %s %s failed",
2001 sshkey_ssh_name(private), fp); 1997 sshkey_ssh_name(private), fp);