diff options
author | Colin Watson <cjwatson@debian.org> | 2010-01-16 00:07:00 +0000 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2010-01-16 00:07:00 +0000 |
commit | 730e12063b532f59292af38f584d84127a77ebdd (patch) | |
tree | 0fe553bd04207ffde728f350a1f21dfb5966bf14 | |
parent | 5df50c6ed93365589bbcfb6a1925828b1273c7a9 (diff) |
Implement DebianBanner server configuration flag that can be set to "no"
to allow sshd to run without the Debian-specific extra version in the
initial protocol handshake (closes: #562048).
-rw-r--r-- | debian/changelog | 6 | ||||
-rw-r--r-- | servconf.c | 9 | ||||
-rw-r--r-- | servconf.h | 2 | ||||
-rw-r--r-- | sshd.c | 3 | ||||
-rw-r--r-- | sshd_config.5 | 5 | ||||
-rw-r--r-- | version.h | 5 |
6 files changed, 27 insertions, 3 deletions
diff --git a/debian/changelog b/debian/changelog index 4207281e8..2793110f0 100644 --- a/debian/changelog +++ b/debian/changelog | |||
@@ -1,5 +1,6 @@ | |||
1 | openssh (1:5.2p1-2) UNRELEASED; urgency=low | 1 | openssh (1:5.2p1-2) UNRELEASED; urgency=low |
2 | 2 | ||
3 | [ Colin Watson ] | ||
3 | * Backport from upstream: | 4 | * Backport from upstream: |
4 | - After sshd receives a SIGHUP, ignore subsequent HUPs while sshd | 5 | - After sshd receives a SIGHUP, ignore subsequent HUPs while sshd |
5 | re-execs itself. Prevents two HUPs in quick succession from resulting | 6 | re-execs itself. Prevents two HUPs in quick succession from resulting |
@@ -11,6 +12,11 @@ openssh (1:5.2p1-2) UNRELEASED; urgency=low | |||
11 | release of Debian dropped support for Linux 2.4, let alone 2.0, so this | 12 | release of Debian dropped support for Linux 2.4, let alone 2.0, so this |
12 | very likely has no remaining users depending on it. | 13 | very likely has no remaining users depending on it. |
13 | 14 | ||
15 | [ Kees Cook ] | ||
16 | * Implement DebianBanner server configuration flag that can be set to "no" | ||
17 | to allow sshd to run without the Debian-specific extra version in the | ||
18 | initial protocol handshake (closes: #562048). | ||
19 | |||
14 | -- Colin Watson <cjwatson@debian.org> Sun, 10 Jan 2010 22:06:28 +0000 | 20 | -- Colin Watson <cjwatson@debian.org> Sun, 10 Jan 2010 22:06:28 +0000 |
15 | 21 | ||
16 | openssh (1:5.2p1-1) unstable; urgency=low | 22 | openssh (1:5.2p1-1) unstable; urgency=low |
diff --git a/servconf.c b/servconf.c index c1f2bc2af..dd5161ecd 100644 --- a/servconf.c +++ b/servconf.c | |||
@@ -132,6 +132,7 @@ initialize_server_options(ServerOptions *options) | |||
132 | options->adm_forced_command = NULL; | 132 | options->adm_forced_command = NULL; |
133 | options->chroot_directory = NULL; | 133 | options->chroot_directory = NULL; |
134 | options->zero_knowledge_password_authentication = -1; | 134 | options->zero_knowledge_password_authentication = -1; |
135 | options->debian_banner = -1; | ||
135 | } | 136 | } |
136 | 137 | ||
137 | void | 138 | void |
@@ -273,6 +274,8 @@ fill_default_server_options(ServerOptions *options) | |||
273 | options->permit_tun = SSH_TUNMODE_NO; | 274 | options->permit_tun = SSH_TUNMODE_NO; |
274 | if (options->zero_knowledge_password_authentication == -1) | 275 | if (options->zero_knowledge_password_authentication == -1) |
275 | options->zero_knowledge_password_authentication = 0; | 276 | options->zero_knowledge_password_authentication = 0; |
277 | if (options->debian_banner == -1) | ||
278 | options->debian_banner = 1; | ||
276 | 279 | ||
277 | /* Turn privilege separation on by default */ | 280 | /* Turn privilege separation on by default */ |
278 | if (use_privsep == -1) | 281 | if (use_privsep == -1) |
@@ -320,6 +323,7 @@ typedef enum { | |||
320 | sMatch, sPermitOpen, sForceCommand, sChrootDirectory, | 323 | sMatch, sPermitOpen, sForceCommand, sChrootDirectory, |
321 | sUsePrivilegeSeparation, sAllowAgentForwarding, | 324 | sUsePrivilegeSeparation, sAllowAgentForwarding, |
322 | sZeroKnowledgePasswordAuthentication, | 325 | sZeroKnowledgePasswordAuthentication, |
326 | sDebianBanner, | ||
323 | sDeprecated, sUnsupported | 327 | sDeprecated, sUnsupported |
324 | } ServerOpCodes; | 328 | } ServerOpCodes; |
325 | 329 | ||
@@ -449,6 +453,7 @@ static struct { | |||
449 | { "permitopen", sPermitOpen, SSHCFG_ALL }, | 453 | { "permitopen", sPermitOpen, SSHCFG_ALL }, |
450 | { "forcecommand", sForceCommand, SSHCFG_ALL }, | 454 | { "forcecommand", sForceCommand, SSHCFG_ALL }, |
451 | { "chrootdirectory", sChrootDirectory, SSHCFG_ALL }, | 455 | { "chrootdirectory", sChrootDirectory, SSHCFG_ALL }, |
456 | { "debianbanner", sDebianBanner, SSHCFG_GLOBAL }, | ||
452 | { NULL, sBadOption, 0 } | 457 | { NULL, sBadOption, 0 } |
453 | }; | 458 | }; |
454 | 459 | ||
@@ -1335,6 +1340,10 @@ process_server_config_line(ServerOptions *options, char *line, | |||
1335 | *charptr = xstrdup(arg); | 1340 | *charptr = xstrdup(arg); |
1336 | break; | 1341 | break; |
1337 | 1342 | ||
1343 | case sDebianBanner: | ||
1344 | intptr = &options->debian_banner; | ||
1345 | goto parse_int; | ||
1346 | |||
1338 | case sDeprecated: | 1347 | case sDeprecated: |
1339 | logit("%s line %d: Deprecated option %s", | 1348 | logit("%s line %d: Deprecated option %s", |
1340 | filename, linenum, arg); | 1349 | filename, linenum, arg); |
diff --git a/servconf.h b/servconf.h index 3852b1bae..0cd78bc22 100644 --- a/servconf.h +++ b/servconf.h | |||
@@ -154,6 +154,8 @@ typedef struct { | |||
154 | 154 | ||
155 | int num_permitted_opens; | 155 | int num_permitted_opens; |
156 | 156 | ||
157 | int debian_banner; | ||
158 | |||
157 | char *chroot_directory; | 159 | char *chroot_directory; |
158 | } ServerOptions; | 160 | } ServerOptions; |
159 | 161 | ||
@@ -425,7 +425,8 @@ sshd_exchange_identification(int sock_in, int sock_out) | |||
425 | minor = PROTOCOL_MINOR_1; | 425 | minor = PROTOCOL_MINOR_1; |
426 | } | 426 | } |
427 | snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s%s", major, minor, | 427 | snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s%s", major, minor, |
428 | SSH_RELEASE, newline); | 428 | options.debian_banner ? SSH_RELEASE : SSH_RELEASE_MINIMUM, |
429 | newline); | ||
429 | server_version_string = xstrdup(buf); | 430 | server_version_string = xstrdup(buf); |
430 | 431 | ||
431 | /* Send our protocol version identification. */ | 432 | /* Send our protocol version identification. */ |
diff --git a/sshd_config.5 b/sshd_config.5 index d30ad2ed1..0d2e0c3da 100644 --- a/sshd_config.5 +++ b/sshd_config.5 | |||
@@ -314,6 +314,11 @@ or | |||
314 | .Dq no . | 314 | .Dq no . |
315 | The default is | 315 | The default is |
316 | .Dq delayed . | 316 | .Dq delayed . |
317 | .It Cm DebianBanner | ||
318 | Specifies whether the distribution-specified extra version suffix is | ||
319 | included during initial protocol handshake. | ||
320 | The default is | ||
321 | .Dq yes . | ||
317 | .It Cm DenyGroups | 322 | .It Cm DenyGroups |
318 | This keyword can be followed by a list of group name patterns, separated | 323 | This keyword can be followed by a list of group name patterns, separated |
319 | by spaces. | 324 | by spaces. |
@@ -3,8 +3,9 @@ | |||
3 | #define SSH_VERSION "OpenSSH_5.2" | 3 | #define SSH_VERSION "OpenSSH_5.2" |
4 | 4 | ||
5 | #define SSH_PORTABLE "p1" | 5 | #define SSH_PORTABLE "p1" |
6 | #define SSH_RELEASE_MINIMUM SSH_VERSION SSH_PORTABLE | ||
6 | #ifdef SSH_EXTRAVERSION | 7 | #ifdef SSH_EXTRAVERSION |
7 | #define SSH_RELEASE SSH_VERSION SSH_PORTABLE " " SSH_EXTRAVERSION | 8 | #define SSH_RELEASE SSH_RELEASE_MINIMUM " " SSH_EXTRAVERSION |
8 | #else | 9 | #else |
9 | #define SSH_RELEASE SSH_VERSION SSH_PORTABLE | 10 | #define SSH_RELEASE SSH_RELEASE_MINIMUM |
10 | #endif | 11 | #endif |