- [auth-rh-rsa.c] user/958: check ~/.ssh/known_hosts for rhosts-rsa, too

- [ssh.1] user/958: check ~/.ssh/known_hosts for rhosts-rsa, too - [sshd.8] user/958: check ~/.ssh/known_hosts for rhosts-rsa, too
author: Damien Miller <djm@mindrot.org> 1999-11-11 11:43:13 +1100
committer: Damien Miller <djm@mindrot.org> 1999-11-11 11:43:13 +1100
commit: 33e511edb33a5c17e088b5475191c46650e1692d (patch)
tree: 11926d74316bdec411657af72312ff0d21859c09
parent: 9a018a89789cf80292c2114ae94d69fb593e8879 (diff)
4 files changed, 35 insertions, 10 deletions
diff --git a/ChangeLog b/ChangeLog
index 4fed0720f..8088670c9 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,7 +1,10 @@
 19991111
 - Added (untested) Entropy Gathering Daemon (EGD) support
 - Fixed fd leak
+ - Merged OpenBSD CVS changes:
+   - [auth-rh-rsa.c] user/958: check ~/.ssh/known_hosts for rhosts-rsa, too
+   - [ssh.1] user/958: check ~/.ssh/known_hosts for rhosts-rsa, too
+   - [sshd.8] user/958: check ~/.ssh/known_hosts for rhosts-rsa, too
 19991110
 - Merged several minor fixed:
   - ssh-agent commandline parsing
diff --git a/auth-rh-rsa.c b/auth-rh-rsa.c
index c433578bf..ee6af218c 100644
--- a/auth-rh-rsa.c
+++ b/auth-rh-rsa.c
@@ -15,7 +15,7 @@ authentication.
 */
 #include "includes.h"
-RCSID("$Id: auth-rh-rsa.c,v 1.1 1999/10/27 03:42:43 damien Exp $");
+RCSID("$Id: auth-rh-rsa.c,v 1.2 1999/11/11 00:43:13 damien Exp $");
 #include "packet.h"
 #include "ssh.h"
@@ -53,8 +53,31 @@ int auth_rhosts_rsa(struct passwd *pw, const char *client_user,
  host_status = check_host_in_hostfile(SSH_SYSTEM_HOSTFILE, canonical_hostname,
                                       client_host_key_bits, client_host_key_e,
                                       client_host_key_n, ke, kn);
+  /* Check user host file. */
+  if (host_status != HOST_OK) {
+    struct stat st;
+    char *user_hostfile = tilde_expand_filename(SSH_USER_HOSTFILE, pw->pw_uid);
+    /* Check file permissions of SSH_USER_HOSTFILE,
+       auth_rsa() did already check pw->pw_dir, but there is a race XXX */
+    if (strict_modes &&
+        (stat(user_hostfile, &st) == 0) &&
+        ((st.st_uid != 0 && st.st_uid != pw->pw_uid) ||
+        (st.st_mode & 022) != 0)) {
+       log("Rhosts RSA authentication refused for %.100s: bad owner or modes for %.200s",
+           pw->pw_name, user_hostfile);
+    } else {
+      /* XXX race between stat and the following open() */
+      temporarily_use_uid(pw->pw_uid);
+      host_status = check_host_in_hostfile(user_hostfile, canonical_hostname,
+                                           client_host_key_bits, client_host_key_e,
+                                           client_host_key_n, ke, kn);
+      restore_uid();
+    }
+    xfree(user_hostfile);
+  }
  BN_free(ke);
  BN_free(kn);
  if (host_status != HOST_OK) {
    /* The host key was not found. */
    debug("Rhosts with RSA host authentication denied: unknown or invalid host key");
diff --git a/ssh.1 b/ssh.1
index 10054445c..3ea1c27b6 100644
--- a/ssh.1
+++ b/ssh.1
@@ -9,7 +9,7 @@
 .\"
 .\" Created: Sat Apr 22 21:55:14 1995 ylo
 .\"
-.\" $Id: ssh.1,v 1.4 1999/10/28 23:17:36 damien Exp $
+.\" $Id: ssh.1,v 1.5 1999/11/11 00:43:13 damien Exp $
 .\"
 .Dd September 25, 1999
 .Dt SSH 1
@@ -93,6 +93,8 @@ or
 and if additionally the server can verify the client's
 host key (see 
 .Pa /etc/ssh/ssh_known_hosts
+and
+.Pa $HOME/.ssh/known_hosts
 in the
 .Sx FILES
 section), only then login is
diff --git a/sshd.8 b/sshd.8
index b19880f0e..fd1f7f02b 100644
--- a/sshd.8
+++ b/sshd.8
@@ -9,7 +9,7 @@
 .\"
 .\" Created: Sat Apr 22 21:55:14 1995 ylo
 .\"
-.\" $Id: sshd.8,v 1.4 1999/10/28 23:17:36 damien Exp $
+.\" $Id: sshd.8,v 1.5 1999/11/11 00:43:13 damien Exp $
 .\"
 .Dd September 25, 1999
 .Dt SSHD 8
@@ -622,14 +622,11 @@ This file must be readable by root (which may on some machines imply
 it being world-readable if the user's home directory resides on an NFS
 volume).  It is recommended that it not be accessible by others.  The
 format of this file is described above.
-.It Pa /etc/ssh/ssh_known_hosts
+.It Pa "/etc/ssh/ssh_known_hosts" and "$HOME/.ssh/known_hosts"
 This file is consulted when using rhosts with RSA host
 authentication to check the public key of the host.  The key must be
-listed in this file to be accepted.
+listed in one of these files to be accepted.
-.It Pa $HOME/.ssh/known_hosts
+The client uses the same files
-The client uses this file
-and
-.Pa /etc/ssh/ssh_known_hosts
 to verify that the remote host is the one we intended to
 connect. These files should be writable only by root/the owner.
 .Pa /etc/ssh/ssh_known_hosts
author	Damien Miller <djm@mindrot.org>	1999-11-11 11:43:13 +1100
committer	Damien Miller <djm@mindrot.org>	1999-11-11 11:43:13 +1100
commit	33e511edb33a5c17e088b5475191c46650e1692d (patch)
tree	11926d74316bdec411657af72312ff0d21859c09
parent	9a018a89789cf80292c2114ae94d69fb593e8879 (diff)

diff --git a/ChangeLog b/ChangeLog index 4fed0720f..8088670c9 100644 --- a/ChangeLog +++ b/ChangeLog
@@ -1,7 +1,10 @@
1	19991111	1	19991111
2	- Added (untested) Entropy Gathering Daemon (EGD) support	2	- Added (untested) Entropy Gathering Daemon (EGD) support
3	- Fixed fd leak	3	- Fixed fd leak
4		4	- Merged OpenBSD CVS changes:
		5	- [auth-rh-rsa.c] user/958: check ~/.ssh/known_hosts for rhosts-rsa, too
		6	- [ssh.1] user/958: check ~/.ssh/known_hosts for rhosts-rsa, too
		7	- [sshd.8] user/958: check ~/.ssh/known_hosts for rhosts-rsa, too
5	19991110	8	19991110
6	- Merged several minor fixed:	9	- Merged several minor fixed:
7	- ssh-agent commandline parsing	10	- ssh-agent commandline parsing


diff --git a/auth-rh-rsa.c b/auth-rh-rsa.c index c433578bf..ee6af218c 100644 --- a/auth-rh-rsa.c +++ b/auth-rh-rsa.c
@@ -15,7 +15,7 @@ authentication.
15	*/	15	*/
16		16
17	#include "includes.h"	17	#include "includes.h"
18	RCSID("$Id: auth-rh-rsa.c,v 1.1 1999/10/27 03:42:43 damien Exp $");	18	RCSID("$Id: auth-rh-rsa.c,v 1.2 1999/11/11 00:43:13 damien Exp $");
19		19
20	#include "packet.h"	20	#include "packet.h"
21	#include "ssh.h"	21	#include "ssh.h"
@@ -53,8 +53,31 @@ int auth_rhosts_rsa(struct passwd pw, const char client_user,
53	host_status = check_host_in_hostfile(SSH_SYSTEM_HOSTFILE, canonical_hostname,	53	host_status = check_host_in_hostfile(SSH_SYSTEM_HOSTFILE, canonical_hostname,
54	client_host_key_bits, client_host_key_e,	54	client_host_key_bits, client_host_key_e,
55	client_host_key_n, ke, kn);	55	client_host_key_n, ke, kn);
		56	/* Check user host file. */
		57	if (host_status != HOST_OK) {
		58	struct stat st;
		59	char *user_hostfile = tilde_expand_filename(SSH_USER_HOSTFILE, pw->pw_uid);
		60	/* Check file permissions of SSH_USER_HOSTFILE,
		61	auth_rsa() did already check pw->pw_dir, but there is a race XXX */
		62	if (strict_modes &&
		63	(stat(user_hostfile, &st) == 0) &&
		64	((st.st_uid != 0 && st.st_uid != pw->pw_uid) \|\|
		65	(st.st_mode & 022) != 0)) {
		66	log("Rhosts RSA authentication refused for %.100s: bad owner or modes for %.200s",
		67	pw->pw_name, user_hostfile);
		68	} else {
		69	/* XXX race between stat and the following open() */
		70	temporarily_use_uid(pw->pw_uid);
		71	host_status = check_host_in_hostfile(user_hostfile, canonical_hostname,
		72	client_host_key_bits, client_host_key_e,
		73	client_host_key_n, ke, kn);
		74	restore_uid();
		75	}
		76	xfree(user_hostfile);
		77	}
56	BN_free(ke);	78	BN_free(ke);
57	BN_free(kn);	79	BN_free(kn);
		80
58	if (host_status != HOST_OK) {	81	if (host_status != HOST_OK) {
59	/* The host key was not found. */	82	/* The host key was not found. */
60	debug("Rhosts with RSA host authentication denied: unknown or invalid host key");	83	debug("Rhosts with RSA host authentication denied: unknown or invalid host key");


diff --git a/ssh.1 b/ssh.1 index 10054445c..3ea1c27b6 100644 --- a/ssh.1 +++ b/ssh.1
@@ -9,7 +9,7 @@
9	.\"	9	.\"
10	.\" Created: Sat Apr 22 21:55:14 1995 ylo	10	.\" Created: Sat Apr 22 21:55:14 1995 ylo
11	.\"	11	.\"
12	.\" $Id: ssh.1,v 1.4 1999/10/28 23:17:36 damien Exp $	12	.\" $Id: ssh.1,v 1.5 1999/11/11 00:43:13 damien Exp $
13	.\"	13	.\"
14	.Dd September 25, 1999	14	.Dd September 25, 1999
15	.Dt SSH 1	15	.Dt SSH 1
@@ -93,6 +93,8 @@ or
93	and if additionally the server can verify the client's	93	and if additionally the server can verify the client's
94	host key (see	94	host key (see
95	.Pa /etc/ssh/ssh_known_hosts	95	.Pa /etc/ssh/ssh_known_hosts
		96	and
		97	.Pa $HOME/.ssh/known_hosts
96	in the	98	in the
97	.Sx FILES	99	.Sx FILES
98	section), only then login is	100	section), only then login is


diff --git a/sshd.8 b/sshd.8 index b19880f0e..fd1f7f02b 100644 --- a/sshd.8 +++ b/sshd.8
@@ -9,7 +9,7 @@
9	.\"	9	.\"
10	.\" Created: Sat Apr 22 21:55:14 1995 ylo	10	.\" Created: Sat Apr 22 21:55:14 1995 ylo
11	.\"	11	.\"
12	.\" $Id: sshd.8,v 1.4 1999/10/28 23:17:36 damien Exp $	12	.\" $Id: sshd.8,v 1.5 1999/11/11 00:43:13 damien Exp $
13	.\"	13	.\"
14	.Dd September 25, 1999	14	.Dd September 25, 1999
15	.Dt SSHD 8	15	.Dt SSHD 8
@@ -622,14 +622,11 @@ This file must be readable by root (which may on some machines imply
622	it being world-readable if the user's home directory resides on an NFS	622	it being world-readable if the user's home directory resides on an NFS
623	volume). It is recommended that it not be accessible by others. The	623	volume). It is recommended that it not be accessible by others. The
624	format of this file is described above.	624	format of this file is described above.
625	.It Pa /etc/ssh/ssh_known_hosts	625	.It Pa "/etc/ssh/ssh_known_hosts" and "$HOME/.ssh/known_hosts"
626	This file is consulted when using rhosts with RSA host	626	This file is consulted when using rhosts with RSA host
627	authentication to check the public key of the host. The key must be	627	authentication to check the public key of the host. The key must be
628	listed in this file to be accepted.	628	listed in one of these files to be accepted.
629	.It Pa $HOME/.ssh/known_hosts	629	The client uses the same files
630	The client uses this file
631	and
632	.Pa /etc/ssh/ssh_known_hosts
633	to verify that the remote host is the one we intended to	630	to verify that the remote host is the one we intended to
634	connect. These files should be writable only by root/the owner.	631	connect. These files should be writable only by root/the owner.
635	.Pa /etc/ssh/ssh_known_hosts	632	.Pa /etc/ssh/ssh_known_hosts