diff options
author | Damien Miller <djm@mindrot.org> | 2000-05-09 11:02:59 +1000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2000-05-09 11:02:59 +1000 |
commit | 30c3d429306bb4afe71c18db92816b981f7b6d9d (patch) | |
tree | a65f45e0073cb55ad42957a36b4636ff21405108 | |
parent | 61e50f10c276009bf9472fdd797bf6be60fc2a83 (diff) |
- OpenBSD CVS update
- markus@cvs.openbsd.org
[cipher.h myproposal.h readconf.c readconf.h servconf.c ssh.1 ssh.c]
[ssh.h sshconnect1.c sshconnect2.c sshd.8]
- complain about invalid ciphers in SSH1 (e.g. arcfour is SSH2 only)
- hugh@cvs.openbsd.org
[ssh.1]
- zap typo
[ssh-keygen.1]
- One last nit fix. (markus approved)
[sshd.8]
- some markus certified spelling adjustments
- markus@cvs.openbsd.org
[auth2.c channels.c clientloop.c compat compat.h dsa.c kex.c]
[sshconnect2.c ]
- bug compat w/ ssh-2.0.13 x11, split out bugs
[nchan.c]
- no drain if ibuf_empty, fixes x11fwd problems; tests by fries@
[ssh-keygen.c]
- handle escapes in real and original key format, ok millert@
[version.h]
- OpenSSH-2.1
-rw-r--r-- | ChangeLog | 25 | ||||
-rw-r--r-- | auth2.c | 6 | ||||
-rw-r--r-- | channels.c | 13 | ||||
-rw-r--r-- | cipher.h | 3 | ||||
-rw-r--r-- | clientloop.c | 8 | ||||
-rw-r--r-- | compat.c | 21 | ||||
-rw-r--r-- | compat.h | 7 | ||||
-rw-r--r-- | contrib/redhat/openssh.spec | 2 | ||||
-rw-r--r-- | contrib/suse/openssh.spec | 2 | ||||
-rw-r--r-- | dsa.c | 20 | ||||
-rw-r--r-- | kex.c | 4 | ||||
-rw-r--r-- | myproposal.h | 2 | ||||
-rw-r--r-- | nchan.c | 6 | ||||
-rw-r--r-- | readconf.c | 5 | ||||
-rw-r--r-- | readconf.h | 4 | ||||
-rw-r--r-- | servconf.c | 4 | ||||
-rw-r--r-- | ssh-keygen.1 | 8 | ||||
-rw-r--r-- | ssh-keygen.c | 16 | ||||
-rw-r--r-- | ssh.1 | 17 | ||||
-rw-r--r-- | ssh.c | 3 | ||||
-rw-r--r-- | ssh.h | 3 | ||||
-rw-r--r-- | sshconnect1.c | 12 | ||||
-rw-r--r-- | sshconnect2.c | 34 | ||||
-rw-r--r-- | sshd.8 | 18 | ||||
-rw-r--r-- | version.h | 2 |
25 files changed, 168 insertions, 77 deletions
@@ -1,3 +1,28 @@ | |||
1 | 20000509 | ||
2 | - OpenBSD CVS update | ||
3 | - markus@cvs.openbsd.org | ||
4 | [cipher.h myproposal.h readconf.c readconf.h servconf.c ssh.1 ssh.c] | ||
5 | [ssh.h sshconnect1.c sshconnect2.c sshd.8] | ||
6 | - complain about invalid ciphers in SSH1 (e.g. arcfour is SSH2 only) | ||
7 | - hugh@cvs.openbsd.org | ||
8 | [ssh.1] | ||
9 | - zap typo | ||
10 | [ssh-keygen.1] | ||
11 | - One last nit fix. (markus approved) | ||
12 | [sshd.8] | ||
13 | - some markus certified spelling adjustments | ||
14 | - markus@cvs.openbsd.org | ||
15 | [auth2.c channels.c clientloop.c compat compat.h dsa.c kex.c] | ||
16 | [sshconnect2.c ] | ||
17 | - bug compat w/ ssh-2.0.13 x11, split out bugs | ||
18 | [nchan.c] | ||
19 | - no drain if ibuf_empty, fixes x11fwd problems; tests by fries@ | ||
20 | [ssh-keygen.c] | ||
21 | - handle escapes in real and original key format, ok millert@ | ||
22 | [version.h] | ||
23 | - OpenSSH-2.1 | ||
24 | |||
25 | |||
1 | 20000508 | 26 | 20000508 |
2 | - Makefile and RPM spec fixes | 27 | - Makefile and RPM spec fixes |
3 | - Generate DSA host keys during "make key" or RPM installs | 28 | - Generate DSA host keys during "make key" or RPM installs |
@@ -27,7 +27,7 @@ | |||
27 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 27 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
28 | */ | 28 | */ |
29 | #include "includes.h" | 29 | #include "includes.h" |
30 | RCSID("$OpenBSD: auth2.c,v 1.7 2000/05/06 17:45:36 markus Exp $"); | 30 | RCSID("$OpenBSD: auth2.c,v 1.8 2000/05/08 17:42:24 markus Exp $"); |
31 | 31 | ||
32 | #include <openssl/dsa.h> | 32 | #include <openssl/dsa.h> |
33 | #include <openssl/rsa.h> | 33 | #include <openssl/rsa.h> |
@@ -278,6 +278,10 @@ ssh2_auth_pubkey(struct passwd *pw, unsigned char *raw, unsigned int rlen) | |||
278 | debug("pubkey auth disabled"); | 278 | debug("pubkey auth disabled"); |
279 | return 0; | 279 | return 0; |
280 | } | 280 | } |
281 | if (datafellows & SSH_BUG_PUBKEYAUTH) { | ||
282 | log("bug compatibility with ssh-2.0.13 pubkey not implemented"); | ||
283 | return 0; | ||
284 | } | ||
281 | have_sig = packet_get_char(); | 285 | have_sig = packet_get_char(); |
282 | pkalg = packet_get_string(&alen); | 286 | pkalg = packet_get_string(&alen); |
283 | if (strcmp(pkalg, KEX_DSS) != 0) { | 287 | if (strcmp(pkalg, KEX_DSS) != 0) { |
diff --git a/channels.c b/channels.c index f833e1bb9..a18c7e300 100644 --- a/channels.c +++ b/channels.c | |||
@@ -17,7 +17,7 @@ | |||
17 | */ | 17 | */ |
18 | 18 | ||
19 | #include "includes.h" | 19 | #include "includes.h" |
20 | RCSID("$Id: channels.c,v 1.29 2000/05/07 02:03:15 damien Exp $"); | 20 | RCSID("$Id: channels.c,v 1.30 2000/05/09 01:02:59 damien Exp $"); |
21 | 21 | ||
22 | #include "ssh.h" | 22 | #include "ssh.h" |
23 | #include "packet.h" | 23 | #include "packet.h" |
@@ -505,7 +505,10 @@ channel_pre_x11_open(Channel *c, fd_set * readset, fd_set * writeset) | |||
505 | int ret = x11_open_helper(c); | 505 | int ret = x11_open_helper(c); |
506 | if (ret == 1) { | 506 | if (ret == 1) { |
507 | c->type = SSH_CHANNEL_OPEN; | 507 | c->type = SSH_CHANNEL_OPEN; |
508 | channel_pre_open_15(c, readset, writeset); | 508 | if (compat20) |
509 | channel_pre_open_20(c, readset, writeset); | ||
510 | else | ||
511 | channel_pre_open_15(c, readset, writeset); | ||
509 | } else if (ret == -1) { | 512 | } else if (ret == -1) { |
510 | debug("X11 rejected %d i%d/o%d", c->self, c->istate, c->ostate); | 513 | debug("X11 rejected %d i%d/o%d", c->self, c->istate, c->ostate); |
511 | chan_read_failed(c); /** force close? */ | 514 | chan_read_failed(c); /** force close? */ |
@@ -549,7 +552,11 @@ channel_post_x11_listener(Channel *c, fd_set * readset, fd_set * writeset) | |||
549 | packet_put_int(c->local_maxpacket); | 552 | packet_put_int(c->local_maxpacket); |
550 | /* originator host and port */ | 553 | /* originator host and port */ |
551 | packet_put_cstring(remote_hostname); | 554 | packet_put_cstring(remote_hostname); |
552 | packet_put_int(remote_port); | 555 | if (datafellows & SSH_BUG_X11FWD) { |
556 | debug("ssh2 x11 bug compat mode"); | ||
557 | } else { | ||
558 | packet_put_int(remote_port); | ||
559 | } | ||
553 | packet_send(); | 560 | packet_send(); |
554 | } else { | 561 | } else { |
555 | packet_start(SSH_SMSG_X11_OPEN); | 562 | packet_start(SSH_SMSG_X11_OPEN); |
@@ -11,7 +11,7 @@ | |||
11 | * | 11 | * |
12 | */ | 12 | */ |
13 | 13 | ||
14 | /* RCSID("$Id: cipher.h,v 1.12 2000/04/16 02:31:50 damien Exp $"); */ | 14 | /* RCSID("$Id: cipher.h,v 1.13 2000/05/09 01:03:00 damien Exp $"); */ |
15 | 15 | ||
16 | #ifndef CIPHER_H | 16 | #ifndef CIPHER_H |
17 | #define CIPHER_H | 17 | #define CIPHER_H |
@@ -23,6 +23,7 @@ | |||
23 | 23 | ||
24 | /* Cipher types. New types can be added, but old types should not be removed | 24 | /* Cipher types. New types can be added, but old types should not be removed |
25 | for compatibility. The maximum allowed value is 31. */ | 25 | for compatibility. The maximum allowed value is 31. */ |
26 | #define SSH_CIPHER_ILLEGAL -2 /* No valid cipher selected. */ | ||
26 | #define SSH_CIPHER_NOT_SET -1 /* None selected (invalid number). */ | 27 | #define SSH_CIPHER_NOT_SET -1 /* None selected (invalid number). */ |
27 | #define SSH_CIPHER_NONE 0 /* no encryption */ | 28 | #define SSH_CIPHER_NONE 0 /* no encryption */ |
28 | #define SSH_CIPHER_IDEA 1 /* IDEA CFB */ | 29 | #define SSH_CIPHER_IDEA 1 /* IDEA CFB */ |
diff --git a/clientloop.c b/clientloop.c index e34f5cdaa..82d1d27d6 100644 --- a/clientloop.c +++ b/clientloop.c | |||
@@ -16,7 +16,7 @@ | |||
16 | */ | 16 | */ |
17 | 17 | ||
18 | #include "includes.h" | 18 | #include "includes.h" |
19 | RCSID("$Id: clientloop.c,v 1.15 2000/05/08 03:44:53 damien Exp $"); | 19 | RCSID("$Id: clientloop.c,v 1.16 2000/05/09 01:03:00 damien Exp $"); |
20 | 20 | ||
21 | #include "xmalloc.h" | 21 | #include "xmalloc.h" |
22 | #include "ssh.h" | 22 | #include "ssh.h" |
@@ -979,11 +979,11 @@ client_input_channel_open(int type, int plen) | |||
979 | char *originator; | 979 | char *originator; |
980 | int originator_port; | 980 | int originator_port; |
981 | originator = packet_get_string(NULL); | 981 | originator = packet_get_string(NULL); |
982 | if (packet_remaining() > 0) { | 982 | if (datafellows & SSH_BUG_X11FWD) { |
983 | originator_port = packet_get_int(); | ||
984 | } else { | ||
985 | debug("buggy server: x11 request w/o originator_port"); | 983 | debug("buggy server: x11 request w/o originator_port"); |
986 | originator_port = 0; | 984 | originator_port = 0; |
985 | } else { | ||
986 | originator_port = packet_get_int(); | ||
987 | } | 987 | } |
988 | packet_done(); | 988 | packet_done(); |
989 | /* XXX check permission */ | 989 | /* XXX check permission */ |
@@ -28,7 +28,7 @@ | |||
28 | */ | 28 | */ |
29 | 29 | ||
30 | #include "includes.h" | 30 | #include "includes.h" |
31 | RCSID("$Id: compat.c,v 1.9 2000/04/29 13:57:10 damien Exp $"); | 31 | RCSID("$Id: compat.c,v 1.10 2000/05/09 01:03:00 damien Exp $"); |
32 | 32 | ||
33 | #include "ssh.h" | 33 | #include "ssh.h" |
34 | #include "packet.h" | 34 | #include "packet.h" |
@@ -57,17 +57,20 @@ compat_datafellows(const char *version) | |||
57 | { | 57 | { |
58 | int i; | 58 | int i; |
59 | size_t len; | 59 | size_t len; |
60 | static const char *check[] = { | 60 | struct { |
61 | "2.0.1", | 61 | char *version; |
62 | "2.1.0", | 62 | int bugs; |
63 | NULL | 63 | } check[] = { |
64 | {"2.1.0", SSH_BUG_SIGBLOB|SSH_BUG_HMAC}, | ||
65 | {"2.0.1", SSH_BUG_SIGBLOB|SSH_BUG_HMAC|SSH_BUG_PUBKEYAUTH|SSH_BUG_X11FWD}, | ||
66 | {NULL, 0} | ||
64 | }; | 67 | }; |
65 | for (i = 0; check[i]; i++) { | 68 | for (i = 0; check[i].version; i++) { |
66 | len = strlen(check[i]); | 69 | len = strlen(check[i].version); |
67 | if (strlen(version) >= len && | 70 | if (strlen(version) >= len && |
68 | (strncmp(version, check[i], len) == 0)) { | 71 | (strncmp(version, check[i].version, len) == 0)) { |
69 | verbose("datafellows: %.200s", version); | 72 | verbose("datafellows: %.200s", version); |
70 | datafellows = 1; | 73 | datafellows = check[i].bugs; |
71 | return; | 74 | return; |
72 | } | 75 | } |
73 | } | 76 | } |
@@ -26,7 +26,7 @@ | |||
26 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 26 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
27 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 27 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
28 | */ | 28 | */ |
29 | /* RCSID("$Id: compat.h,v 1.5 2000/04/12 10:17:39 damien Exp $"); */ | 29 | /* RCSID("$Id: compat.h,v 1.6 2000/05/09 01:03:00 damien Exp $"); */ |
30 | 30 | ||
31 | #ifndef COMPAT_H | 31 | #ifndef COMPAT_H |
32 | #define COMPAT_H | 32 | #define COMPAT_H |
@@ -36,6 +36,11 @@ | |||
36 | #define SSH_PROTO_1_PREFERRED 0x02 | 36 | #define SSH_PROTO_1_PREFERRED 0x02 |
37 | #define SSH_PROTO_2 0x04 | 37 | #define SSH_PROTO_2 0x04 |
38 | 38 | ||
39 | #define SSH_BUG_SIGBLOB 0x01 | ||
40 | #define SSH_BUG_PUBKEYAUTH 0x02 | ||
41 | #define SSH_BUG_HMAC 0x04 | ||
42 | #define SSH_BUG_X11FWD 0x08 | ||
43 | |||
39 | void enable_compat13(void); | 44 | void enable_compat13(void); |
40 | void enable_compat20(void); | 45 | void enable_compat20(void); |
41 | void compat_datafellows(const char *s); | 46 | void compat_datafellows(const char *s); |
diff --git a/contrib/redhat/openssh.spec b/contrib/redhat/openssh.spec index 96e972cf1..3b1cd7060 100644 --- a/contrib/redhat/openssh.spec +++ b/contrib/redhat/openssh.spec | |||
@@ -1,5 +1,5 @@ | |||
1 | # Version of OpenSSH | 1 | # Version of OpenSSH |
2 | %define oversion 2.0.0beta2 | 2 | %define oversion 2.1.0beta1 |
3 | 3 | ||
4 | # Version of ssh-askpass | 4 | # Version of ssh-askpass |
5 | %define aversion 1.0 | 5 | %define aversion 1.0 |
diff --git a/contrib/suse/openssh.spec b/contrib/suse/openssh.spec index 0f63ef658..f9afea418 100644 --- a/contrib/suse/openssh.spec +++ b/contrib/suse/openssh.spec | |||
@@ -1,6 +1,6 @@ | |||
1 | Summary: OpenSSH, a free Secure Shell (SSH) implementation | 1 | Summary: OpenSSH, a free Secure Shell (SSH) implementation |
2 | Name: openssh | 2 | Name: openssh |
3 | Version: 2.0.0beta2 | 3 | Version: 2.1.0beta1 |
4 | URL: http://www.openssh.com/ | 4 | URL: http://www.openssh.com/ |
5 | Release: 1 | 5 | Release: 1 |
6 | Source0: openssh-%{version}.tar.gz | 6 | Source0: openssh-%{version}.tar.gz |
@@ -28,7 +28,7 @@ | |||
28 | */ | 28 | */ |
29 | 29 | ||
30 | #include "includes.h" | 30 | #include "includes.h" |
31 | RCSID("$Id: dsa.c,v 1.6 2000/05/04 22:37:59 markus Exp $"); | 31 | RCSID("$Id: dsa.c,v 1.7 2000/05/08 17:42:24 markus Exp $"); |
32 | 32 | ||
33 | #include "ssh.h" | 33 | #include "ssh.h" |
34 | #include "xmalloc.h" | 34 | #include "xmalloc.h" |
@@ -162,7 +162,7 @@ dsa_sign( | |||
162 | BN_bn2bin(sig->s, sigblob+ SIGBLOB_LEN - slen); | 162 | BN_bn2bin(sig->s, sigblob+ SIGBLOB_LEN - slen); |
163 | DSA_SIG_free(sig); | 163 | DSA_SIG_free(sig); |
164 | 164 | ||
165 | if (datafellows) { | 165 | if (datafellows & SSH_BUG_SIGBLOB) { |
166 | debug("datafellows"); | 166 | debug("datafellows"); |
167 | ret = xmalloc(SIGBLOB_LEN); | 167 | ret = xmalloc(SIGBLOB_LEN); |
168 | memcpy(ret, sigblob, SIGBLOB_LEN); | 168 | memcpy(ret, sigblob, SIGBLOB_LEN); |
@@ -209,15 +209,20 @@ dsa_verify( | |||
209 | return -1; | 209 | return -1; |
210 | } | 210 | } |
211 | 211 | ||
212 | if (datafellows && signaturelen != SIGBLOB_LEN) { | 212 | if (!(datafellows & SSH_BUG_SIGBLOB) && |
213 | log("heh? datafellows ssh2 complies with ietf-drafts????"); | 213 | signaturelen == SIGBLOB_LEN) { |
214 | datafellows = 0; | 214 | datafellows |= ~SSH_BUG_SIGBLOB; |
215 | log("autodetect SSH_BUG_SIGBLOB"); | ||
216 | } else if ((datafellows & SSH_BUG_SIGBLOB) && | ||
217 | signaturelen != SIGBLOB_LEN) { | ||
218 | log("autoremove SSH_BUG_SIGBLOB"); | ||
219 | datafellows &= ~SSH_BUG_SIGBLOB; | ||
215 | } | 220 | } |
216 | 221 | ||
217 | debug("len %d datafellows %d", signaturelen, datafellows); | 222 | debug("len %d datafellows %d", signaturelen, datafellows); |
218 | 223 | ||
219 | /* fetch signature */ | 224 | /* fetch signature */ |
220 | if (datafellows) { | 225 | if (datafellows & SSH_BUG_SIGBLOB) { |
221 | sigblob = signature; | 226 | sigblob = signature; |
222 | len = signaturelen; | 227 | len = signaturelen; |
223 | } else { | 228 | } else { |
@@ -242,7 +247,8 @@ dsa_verify( | |||
242 | sig->s = BN_new(); | 247 | sig->s = BN_new(); |
243 | BN_bin2bn(sigblob, INTBLOB_LEN, sig->r); | 248 | BN_bin2bn(sigblob, INTBLOB_LEN, sig->r); |
244 | BN_bin2bn(sigblob+ INTBLOB_LEN, INTBLOB_LEN, sig->s); | 249 | BN_bin2bn(sigblob+ INTBLOB_LEN, INTBLOB_LEN, sig->s); |
245 | if (!datafellows) { | 250 | |
251 | if (!(datafellows & SSH_BUG_SIGBLOB)) { | ||
246 | memset(sigblob, 0, len); | 252 | memset(sigblob, 0, len); |
247 | xfree(sigblob); | 253 | xfree(sigblob); |
248 | } | 254 | } |
@@ -28,7 +28,7 @@ | |||
28 | */ | 28 | */ |
29 | 29 | ||
30 | #include "includes.h" | 30 | #include "includes.h" |
31 | RCSID("$Id: kex.c,v 1.7 2000/04/16 01:52:47 damien Exp $"); | 31 | RCSID("$Id: kex.c,v 1.8 2000/05/09 01:03:01 damien Exp $"); |
32 | 32 | ||
33 | #include "ssh.h" | 33 | #include "ssh.h" |
34 | #include "ssh2.h" | 34 | #include "ssh2.h" |
@@ -314,7 +314,7 @@ choose_mac(Mac *mac, char *client, char *server) | |||
314 | } | 314 | } |
315 | mac->name = name; | 315 | mac->name = name; |
316 | mac->mac_len = mac->md->md_size; | 316 | mac->mac_len = mac->md->md_size; |
317 | mac->key_len = datafellows ? 16 : mac->mac_len; | 317 | mac->key_len = (datafellows & SSH_BUG_HMAC) ? 16 : mac->mac_len; |
318 | mac->key = NULL; | 318 | mac->key = NULL; |
319 | mac->enabled = 0; | 319 | mac->enabled = 0; |
320 | } | 320 | } |
diff --git a/myproposal.h b/myproposal.h index 7e4baff9d..8b2417972 100644 --- a/myproposal.h +++ b/myproposal.h | |||
@@ -1,6 +1,6 @@ | |||
1 | #define KEX_DEFAULT_KEX "diffie-hellman-group1-sha1" | 1 | #define KEX_DEFAULT_KEX "diffie-hellman-group1-sha1" |
2 | #define KEX_DEFAULT_PK_ALG "ssh-dss" | 2 | #define KEX_DEFAULT_PK_ALG "ssh-dss" |
3 | #define KEX_DEFAULT_ENCRYPT "blowfish-cbc,3des-cbc,arcfour,cast128-cbc" | 3 | #define KEX_DEFAULT_ENCRYPT "3des-cbc,blowfish-cbc,arcfour,cast128-cbc" |
4 | #define KEX_DEFAULT_MAC "hmac-sha1,hmac-md5,hmac-ripemd160@openssh.com" | 4 | #define KEX_DEFAULT_MAC "hmac-sha1,hmac-md5,hmac-ripemd160@openssh.com" |
5 | #define KEX_DEFAULT_COMP "zlib,none" | 5 | #define KEX_DEFAULT_COMP "zlib,none" |
6 | #define KEX_DEFAULT_LANG "" | 6 | #define KEX_DEFAULT_LANG "" |
@@ -28,7 +28,7 @@ | |||
28 | */ | 28 | */ |
29 | 29 | ||
30 | #include "includes.h" | 30 | #include "includes.h" |
31 | RCSID("$Id: nchan.c,v 1.9 2000/05/07 02:03:16 damien Exp $"); | 31 | RCSID("$Id: nchan.c,v 1.10 2000/05/09 01:03:01 damien Exp $"); |
32 | 32 | ||
33 | #include "ssh.h" | 33 | #include "ssh.h" |
34 | 34 | ||
@@ -107,6 +107,10 @@ chan_read_failed_12(Channel *c) | |||
107 | debug("channel %d: input open -> drain", c->self); | 107 | debug("channel %d: input open -> drain", c->self); |
108 | chan_shutdown_read(c); | 108 | chan_shutdown_read(c); |
109 | c->istate = CHAN_INPUT_WAIT_DRAIN; | 109 | c->istate = CHAN_INPUT_WAIT_DRAIN; |
110 | if (buffer_len(&c->input) == 0) { | ||
111 | debug("channel %d: input: no drain shortcut", c->self); | ||
112 | chan_ibuf_empty(c); | ||
113 | } | ||
110 | break; | 114 | break; |
111 | default: | 115 | default: |
112 | error("channel %d: internal error: we do not read, but chan_read_failed for istate %d", | 116 | error("channel %d: internal error: we do not read, but chan_read_failed for istate %d", |
diff --git a/readconf.c b/readconf.c index c69e10dda..9c5638b07 100644 --- a/readconf.c +++ b/readconf.c | |||
@@ -14,7 +14,7 @@ | |||
14 | */ | 14 | */ |
15 | 15 | ||
16 | #include "includes.h" | 16 | #include "includes.h" |
17 | RCSID("$Id: readconf.c,v 1.13 2000/05/07 02:03:17 damien Exp $"); | 17 | RCSID("$Id: readconf.c,v 1.14 2000/05/09 01:03:01 damien Exp $"); |
18 | 18 | ||
19 | #include "ssh.h" | 19 | #include "ssh.h" |
20 | #include "cipher.h" | 20 | #include "cipher.h" |
@@ -475,7 +475,7 @@ parse_int: | |||
475 | case oCiphers: | 475 | case oCiphers: |
476 | cp = strtok(NULL, WHITESPACE); | 476 | cp = strtok(NULL, WHITESPACE); |
477 | if (!ciphers_valid(cp)) | 477 | if (!ciphers_valid(cp)) |
478 | fatal("%.200s line %d: Bad cipher spec '%s'.", | 478 | fatal("%.200s line %d: Bad SSH2 cipher spec '%s'.", |
479 | filename, linenum, cp ? cp : "<NONE>"); | 479 | filename, linenum, cp ? cp : "<NONE>"); |
480 | if (*activep && options->ciphers == NULL) | 480 | if (*activep && options->ciphers == NULL) |
481 | options->ciphers = xstrdup(cp); | 481 | options->ciphers = xstrdup(cp); |
@@ -745,6 +745,7 @@ fill_default_options(Options * options) | |||
745 | /* Selected in ssh_login(). */ | 745 | /* Selected in ssh_login(). */ |
746 | if (options->cipher == -1) | 746 | if (options->cipher == -1) |
747 | options->cipher = SSH_CIPHER_NOT_SET; | 747 | options->cipher = SSH_CIPHER_NOT_SET; |
748 | /* options->ciphers, default set in myproposals.h */ | ||
748 | if (options->protocol == SSH_PROTO_UNKNOWN) | 749 | if (options->protocol == SSH_PROTO_UNKNOWN) |
749 | options->protocol = SSH_PROTO_1|SSH_PROTO_2|SSH_PROTO_1_PREFERRED; | 750 | options->protocol = SSH_PROTO_1|SSH_PROTO_2|SSH_PROTO_1_PREFERRED; |
750 | if (options->num_identity_files == 0) { | 751 | if (options->num_identity_files == 0) { |
diff --git a/readconf.h b/readconf.h index ba53542d9..3f0e44254 100644 --- a/readconf.h +++ b/readconf.h | |||
@@ -13,7 +13,7 @@ | |||
13 | * | 13 | * |
14 | */ | 14 | */ |
15 | 15 | ||
16 | /* RCSID("$Id: readconf.h,v 1.10 2000/05/07 02:03:17 damien Exp $"); */ | 16 | /* RCSID("$Id: readconf.h,v 1.11 2000/05/09 01:03:01 damien Exp $"); */ |
17 | 17 | ||
18 | #ifndef READCONF_H | 18 | #ifndef READCONF_H |
19 | #define READCONF_H | 19 | #define READCONF_H |
@@ -65,7 +65,7 @@ typedef struct { | |||
65 | int number_of_password_prompts; /* Max number of password | 65 | int number_of_password_prompts; /* Max number of password |
66 | * prompts. */ | 66 | * prompts. */ |
67 | int cipher; /* Cipher to use. */ | 67 | int cipher; /* Cipher to use. */ |
68 | char *ciphers; /* Ciphers in order of preference. */ | 68 | char *ciphers; /* SSH2 ciphers in order of preference. */ |
69 | int protocol; /* Protocol in order of preference. */ | 69 | int protocol; /* Protocol in order of preference. */ |
70 | char *hostname; /* Real host to connect. */ | 70 | char *hostname; /* Real host to connect. */ |
71 | char *proxy_command; /* Proxy command for connecting the host. */ | 71 | char *proxy_command; /* Proxy command for connecting the host. */ |
diff --git a/servconf.c b/servconf.c index ada4f487c..05630c766 100644 --- a/servconf.c +++ b/servconf.c | |||
@@ -12,7 +12,7 @@ | |||
12 | */ | 12 | */ |
13 | 13 | ||
14 | #include "includes.h" | 14 | #include "includes.h" |
15 | RCSID("$Id: servconf.c,v 1.15 2000/05/07 02:03:18 damien Exp $"); | 15 | RCSID("$Id: servconf.c,v 1.16 2000/05/09 01:03:01 damien Exp $"); |
16 | 16 | ||
17 | #include "ssh.h" | 17 | #include "ssh.h" |
18 | #include "servconf.h" | 18 | #include "servconf.h" |
@@ -589,7 +589,7 @@ parse_flag: | |||
589 | case sCiphers: | 589 | case sCiphers: |
590 | cp = strtok(NULL, WHITESPACE); | 590 | cp = strtok(NULL, WHITESPACE); |
591 | if (!ciphers_valid(cp)) | 591 | if (!ciphers_valid(cp)) |
592 | fatal("%s line %d: Bad cipher spec '%s'.", | 592 | fatal("%s line %d: Bad SSH2 cipher spec '%s'.", |
593 | filename, linenum, cp ? cp : "<NONE>"); | 593 | filename, linenum, cp ? cp : "<NONE>"); |
594 | if (options->ciphers == NULL) | 594 | if (options->ciphers == NULL) |
595 | options->ciphers = xstrdup(cp); | 595 | options->ciphers = xstrdup(cp); |
diff --git a/ssh-keygen.1 b/ssh-keygen.1 index 50e74e110..9a32ad859 100644 --- a/ssh-keygen.1 +++ b/ssh-keygen.1 | |||
@@ -9,7 +9,7 @@ | |||
9 | .\" | 9 | .\" |
10 | .\" Created: Sat Apr 22 23:55:14 1995 ylo | 10 | .\" Created: Sat Apr 22 23:55:14 1995 ylo |
11 | .\" | 11 | .\" |
12 | .\" $Id: ssh-keygen.1,v 1.14 2000/05/07 02:03:18 damien Exp $ | 12 | .\" $Id: ssh-keygen.1,v 1.15 2000/05/09 01:03:02 damien Exp $ |
13 | .\" | 13 | .\" |
14 | .Dd September 25, 1999 | 14 | .Dd September 25, 1999 |
15 | .Dt SSH-KEYGEN 1 | 15 | .Dt SSH-KEYGEN 1 |
@@ -142,13 +142,13 @@ support is not functional, exits with code 1. This flag will be | |||
142 | removed once the RSA patent expires. | 142 | removed once the RSA patent expires. |
143 | .It Fl x | 143 | .It Fl x |
144 | This option will read a private | 144 | This option will read a private |
145 | OpenSSH DSA format file and prints to stdout a SSH2-compatible public key. | 145 | OpenSSH DSA format file and print a SSH2-compatible public key to stdout. |
146 | .It Fl X | 146 | .It Fl X |
147 | This option will read a | 147 | This option will read a |
148 | SSH2-compatible public key file and print to stdout an OpenSSH DSA compatible public key. | 148 | SSH2-compatible public key file and print an OpenSSH DSA compatible public key to stdout. |
149 | .It Fl y | 149 | .It Fl y |
150 | This option will read a private | 150 | This option will read a private |
151 | OpenSSH DSA format file and prints to stdout an OpenSSH DSA public key. | 151 | OpenSSH DSA format file and print an OpenSSH DSA public key to stdout. |
152 | .El | 152 | .El |
153 | .Sh FILES | 153 | .Sh FILES |
154 | .Bl -tag -width Ds | 154 | .Bl -tag -width Ds |
diff --git a/ssh-keygen.c b/ssh-keygen.c index a2599dab9..351036dd4 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c | |||
@@ -7,7 +7,7 @@ | |||
7 | */ | 7 | */ |
8 | 8 | ||
9 | #include "includes.h" | 9 | #include "includes.h" |
10 | RCSID("$Id: ssh-keygen.c,v 1.17 2000/05/07 02:03:19 damien Exp $"); | 10 | RCSID("$Id: ssh-keygen.c,v 1.18 2000/05/09 01:03:02 damien Exp $"); |
11 | 11 | ||
12 | #include <openssl/evp.h> | 12 | #include <openssl/evp.h> |
13 | #include <openssl/pem.h> | 13 | #include <openssl/pem.h> |
@@ -148,6 +148,7 @@ do_convert_from_ssh2(struct passwd *pw) | |||
148 | char blob[8096]; | 148 | char blob[8096]; |
149 | char encoded[8096]; | 149 | char encoded[8096]; |
150 | struct stat st; | 150 | struct stat st; |
151 | int escaped = 0; | ||
151 | FILE *fp; | 152 | FILE *fp; |
152 | 153 | ||
153 | if (!have_identity) | 154 | if (!have_identity) |
@@ -163,14 +164,21 @@ do_convert_from_ssh2(struct passwd *pw) | |||
163 | } | 164 | } |
164 | encoded[0] = '\0'; | 165 | encoded[0] = '\0'; |
165 | while (fgets(line, sizeof(line), fp)) { | 166 | while (fgets(line, sizeof(line), fp)) { |
167 | if (!(p = strchr(line, '\n'))) { | ||
168 | fprintf(stderr, "input line too long.\n"); | ||
169 | exit(1); | ||
170 | } | ||
171 | if (p > line && p[-1] == '\\') | ||
172 | escaped++; | ||
166 | if (strncmp(line, "----", 4) == 0 || | 173 | if (strncmp(line, "----", 4) == 0 || |
167 | strstr(line, ": ") != NULL) { | 174 | strstr(line, ": ") != NULL) { |
168 | fprintf(stderr, "ignore: %s", line); | 175 | fprintf(stderr, "ignore: %s", line); |
169 | continue; | 176 | continue; |
170 | } | 177 | } |
171 | if (!(p = strchr(line, '\n'))) { | 178 | if (escaped) { |
172 | fprintf(stderr, "input line too long.\n"); | 179 | escaped--; |
173 | exit(1); | 180 | fprintf(stderr, "escaped: %s", line); |
181 | continue; | ||
174 | } | 182 | } |
175 | *p = '\0'; | 183 | *p = '\0'; |
176 | strlcat(encoded, line, sizeof(encoded)); | 184 | strlcat(encoded, line, sizeof(encoded)); |
@@ -9,7 +9,7 @@ | |||
9 | .\" | 9 | .\" |
10 | .\" Created: Sat Apr 22 21:55:14 1995 ylo | 10 | .\" Created: Sat Apr 22 21:55:14 1995 ylo |
11 | .\" | 11 | .\" |
12 | .\" $Id: ssh.1,v 1.24 2000/05/07 02:03:19 damien Exp $ | 12 | .\" $Id: ssh.1,v 1.25 2000/05/09 01:03:02 damien Exp $ |
13 | .\" | 13 | .\" |
14 | .Dd September 25, 1999 | 14 | .Dd September 25, 1999 |
15 | .Dt SSH 1 | 15 | .Dt SSH 1 |
@@ -25,7 +25,7 @@ | |||
25 | .Pp | 25 | .Pp |
26 | .Nm ssh | 26 | .Nm ssh |
27 | .Op Fl afgknqtvxCPX246 | 27 | .Op Fl afgknqtvxCPX246 |
28 | .Op Fl c Ar blowfish | 3des | 28 | .Op Fl c Ar cipher_spec |
29 | .Op Fl e Ar escape_char | 29 | .Op Fl e Ar escape_char |
30 | .Op Fl i Ar identity_file | 30 | .Op Fl i Ar identity_file |
31 | .Op Fl l Ar login_name | 31 | .Op Fl l Ar login_name |
@@ -202,7 +202,7 @@ This protocol 2 implementation does not yet support Kerberos or | |||
202 | S/Key authentication. | 202 | S/Key authentication. |
203 | .Pp | 203 | .Pp |
204 | Protocol 2 provides additional mechanisms for confidentiality | 204 | Protocol 2 provides additional mechanisms for confidentiality |
205 | (the traffic is encrypted using 3DES, blowfish, cast128 or arcfour) | 205 | (the traffic is encrypted using 3DES, Blowfish, CAST128 or Arcfour) |
206 | and integrity (hmac-sha1, hmac-md5). | 206 | and integrity (hmac-sha1, hmac-md5). |
207 | Note that protocol 1 lacks a strong mechanism for ensuring the | 207 | Note that protocol 1 lacks a strong mechanism for ensuring the |
208 | integrity of the connection. | 208 | integrity of the connection. |
@@ -342,10 +342,15 @@ It is believed to be secure. | |||
342 | (triple-des) is an encrypt-decrypt-encrypt triple with three different keys. | 342 | (triple-des) is an encrypt-decrypt-encrypt triple with three different keys. |
343 | It is presumably more secure than the | 343 | It is presumably more secure than the |
344 | .Ar des | 344 | .Ar des |
345 | cipher which is no longer supported in ssh. | 345 | cipher which is no longer supported in |
346 | .Nm ssh . | ||
346 | .Ar blowfish | 347 | .Ar blowfish |
347 | is a fast block cipher, it appears very secure and is much faster than | 348 | is a fast block cipher, it appears very secure and is much faster than |
348 | .Ar 3des . | 349 | .Ar 3des . |
350 | .It Fl c Ar "3des-cbc,blowfish-cbc,arcfour,cast128-cbc" | ||
351 | Additionally, for protocol version 2 a comma-separated list of ciphers can | ||
352 | be specified in order of preference. Protocol version 2 supports | ||
353 | 3DES, Blowfish and CAST128 in CBC mode and Arcfour. | ||
349 | .It Fl e Ar ch|^ch|none | 354 | .It Fl e Ar ch|^ch|none |
350 | Sets the escape character for sessions with a pty (default: | 355 | Sets the escape character for sessions with a pty (default: |
351 | .Ql ~ ) . | 356 | .Ql ~ ) . |
@@ -601,7 +606,7 @@ Specifies the ciphers allowed for protocol version 2 | |||
601 | in order of preference. | 606 | in order of preference. |
602 | Multiple ciphers must be comma-separated. | 607 | Multiple ciphers must be comma-separated. |
603 | The default is | 608 | The default is |
604 | .Dq blowfish-cbc,3des-cbc,arcfour,cast128-cbc . | 609 | .Dq 3des-cbc,blowfish-cbc,arcfour,cast128-cbc . |
605 | .It Cm Compression | 610 | .It Cm Compression |
606 | Specifies whether to use compression. | 611 | Specifies whether to use compression. |
607 | The argument must be | 612 | The argument must be |
@@ -785,7 +790,7 @@ The default is | |||
785 | This means that | 790 | This means that |
786 | .Nm | 791 | .Nm |
787 | tries version 1 and falls back to version 2 | 792 | tries version 1 and falls back to version 2 |
788 | if version 1 is no available. | 793 | if version 1 is not available. |
789 | .It Cm ProxyCommand | 794 | .It Cm ProxyCommand |
790 | Specifies the command to use to connect to the server. | 795 | Specifies the command to use to connect to the server. |
791 | The command | 796 | The command |
@@ -11,7 +11,7 @@ | |||
11 | */ | 11 | */ |
12 | 12 | ||
13 | #include "includes.h" | 13 | #include "includes.h" |
14 | RCSID("$Id: ssh.c,v 1.29 2000/05/01 10:59:51 damien Exp $"); | 14 | RCSID("$Id: ssh.c,v 1.30 2000/05/09 01:03:02 damien Exp $"); |
15 | 15 | ||
16 | #include <openssl/evp.h> | 16 | #include <openssl/evp.h> |
17 | #include <openssl/dsa.h> | 17 | #include <openssl/dsa.h> |
@@ -367,6 +367,7 @@ main(int ac, char **av) | |||
367 | if (ciphers_valid(optarg)) { | 367 | if (ciphers_valid(optarg)) { |
368 | /* SSH2 only */ | 368 | /* SSH2 only */ |
369 | options.ciphers = xstrdup(optarg); | 369 | options.ciphers = xstrdup(optarg); |
370 | options.cipher = SSH_CIPHER_ILLEGAL; | ||
370 | } else { | 371 | } else { |
371 | /* SSH1 only */ | 372 | /* SSH1 only */ |
372 | options.cipher = cipher_number(optarg); | 373 | options.cipher = cipher_number(optarg); |
@@ -13,7 +13,7 @@ | |||
13 | * | 13 | * |
14 | */ | 14 | */ |
15 | 15 | ||
16 | /* RCSID("$Id: ssh.h,v 1.38 2000/05/07 02:03:19 damien Exp $"); */ | 16 | /* RCSID("$Id: ssh.h,v 1.39 2000/05/09 01:03:02 damien Exp $"); */ |
17 | 17 | ||
18 | #ifndef SSH_H | 18 | #ifndef SSH_H |
19 | #define SSH_H | 19 | #define SSH_H |
@@ -30,6 +30,7 @@ | |||
30 | #include "cipher.h" | 30 | #include "cipher.h" |
31 | 31 | ||
32 | /* | 32 | /* |
33 | * XXX | ||
33 | * The default cipher used if IDEA is not supported by the remote host. It is | 34 | * The default cipher used if IDEA is not supported by the remote host. It is |
34 | * recommended that this be one of the mandatory ciphers (DES, 3DES), though | 35 | * recommended that this be one of the mandatory ciphers (DES, 3DES), though |
35 | * that is not required. | 36 | * that is not required. |
diff --git a/sshconnect1.c b/sshconnect1.c index 31ee9843c..4360d7283 100644 --- a/sshconnect1.c +++ b/sshconnect1.c | |||
@@ -9,7 +9,7 @@ | |||
9 | */ | 9 | */ |
10 | 10 | ||
11 | #include "includes.h" | 11 | #include "includes.h" |
12 | RCSID("$OpenBSD: sshconnect1.c,v 1.2 2000/05/04 22:38:00 markus Exp $"); | 12 | RCSID("$OpenBSD: sshconnect1.c,v 1.3 2000/05/08 17:12:16 markus Exp $"); |
13 | 13 | ||
14 | #include <openssl/bn.h> | 14 | #include <openssl/bn.h> |
15 | #include <openssl/dsa.h> | 15 | #include <openssl/dsa.h> |
@@ -832,13 +832,17 @@ ssh_kex(char *host, struct sockaddr *hostaddr) | |||
832 | RSA_free(public_key); | 832 | RSA_free(public_key); |
833 | RSA_free(host_key); | 833 | RSA_free(host_key); |
834 | 834 | ||
835 | if (options.cipher == SSH_CIPHER_NOT_SET) { | 835 | if (options.cipher == SSH_CIPHER_ILLEGAL) { |
836 | log("No valid SSH1 cipher, using %.100s instead.", | ||
837 | cipher_name(SSH_FALLBACK_CIPHER)); | ||
838 | options.cipher = SSH_FALLBACK_CIPHER; | ||
839 | } else if (options.cipher == SSH_CIPHER_NOT_SET) { | ||
836 | if (cipher_mask1() & supported_ciphers & (1 << ssh_cipher_default)) | 840 | if (cipher_mask1() & supported_ciphers & (1 << ssh_cipher_default)) |
837 | options.cipher = ssh_cipher_default; | 841 | options.cipher = ssh_cipher_default; |
838 | else { | 842 | else { |
839 | debug("Cipher %s not supported, using %.100s instead.", | 843 | debug("Cipher %s not supported, using %.100s instead.", |
840 | cipher_name(ssh_cipher_default), | 844 | cipher_name(ssh_cipher_default), |
841 | cipher_name(SSH_FALLBACK_CIPHER)); | 845 | cipher_name(SSH_FALLBACK_CIPHER)); |
842 | options.cipher = SSH_FALLBACK_CIPHER; | 846 | options.cipher = SSH_FALLBACK_CIPHER; |
843 | } | 847 | } |
844 | } | 848 | } |
diff --git a/sshconnect2.c b/sshconnect2.c index 3bddd7cc8..99ffb2c47 100644 --- a/sshconnect2.c +++ b/sshconnect2.c | |||
@@ -28,7 +28,7 @@ | |||
28 | */ | 28 | */ |
29 | 29 | ||
30 | #include "includes.h" | 30 | #include "includes.h" |
31 | RCSID("$OpenBSD: sshconnect2.c,v 1.8 2000/05/07 18:23:32 markus Exp $"); | 31 | RCSID("$OpenBSD: sshconnect2.c,v 1.10 2000/05/08 17:42:25 markus Exp $"); |
32 | 32 | ||
33 | #include <openssl/bn.h> | 33 | #include <openssl/bn.h> |
34 | #include <openssl/rsa.h> | 34 | #include <openssl/rsa.h> |
@@ -96,13 +96,14 @@ ssh_kex2(char *host, struct sockaddr *hostaddr) | |||
96 | if (options.ciphers != NULL) { | 96 | if (options.ciphers != NULL) { |
97 | myproposal[PROPOSAL_ENC_ALGS_CTOS] = | 97 | myproposal[PROPOSAL_ENC_ALGS_CTOS] = |
98 | myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers; | 98 | myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers; |
99 | } else if ( | 99 | } else if (options.cipher == SSH_CIPHER_3DES) { |
100 | options.cipher == SSH_CIPHER_ARCFOUR || | ||
101 | options.cipher == SSH_CIPHER_3DES_CBC || | ||
102 | options.cipher == SSH_CIPHER_CAST128_CBC || | ||
103 | options.cipher == SSH_CIPHER_BLOWFISH_CBC) { | ||
104 | myproposal[PROPOSAL_ENC_ALGS_CTOS] = | 100 | myproposal[PROPOSAL_ENC_ALGS_CTOS] = |
105 | myproposal[PROPOSAL_ENC_ALGS_STOC] = cipher_name(options.cipher); | 101 | myproposal[PROPOSAL_ENC_ALGS_STOC] = |
102 | cipher_name(SSH_CIPHER_3DES_CBC); | ||
103 | } else if (options.cipher == SSH_CIPHER_BLOWFISH) { | ||
104 | myproposal[PROPOSAL_ENC_ALGS_CTOS] = | ||
105 | myproposal[PROPOSAL_ENC_ALGS_STOC] = | ||
106 | cipher_name(SSH_CIPHER_BLOWFISH_CBC); | ||
106 | } | 107 | } |
107 | if (options.compression) { | 108 | if (options.compression) { |
108 | myproposal[PROPOSAL_COMP_ALGS_CTOS] = "zlib"; | 109 | myproposal[PROPOSAL_COMP_ALGS_CTOS] = "zlib"; |
@@ -344,12 +345,14 @@ ssh2_try_pubkey(char *filename, | |||
344 | buffer_append(&b, session_id2, session_id2_len); | 345 | buffer_append(&b, session_id2, session_id2_len); |
345 | buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST); | 346 | buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST); |
346 | buffer_put_cstring(&b, server_user); | 347 | buffer_put_cstring(&b, server_user); |
347 | buffer_put_cstring(&b, service); | 348 | buffer_put_cstring(&b, |
349 | datafellows & SSH_BUG_PUBKEYAUTH ? | ||
350 | "ssh-userauth" : | ||
351 | service); | ||
348 | buffer_put_cstring(&b, "publickey"); | 352 | buffer_put_cstring(&b, "publickey"); |
349 | buffer_put_char(&b, 1); | 353 | buffer_put_char(&b, 1); |
350 | buffer_put_cstring(&b, KEX_DSS); | 354 | buffer_put_cstring(&b, KEX_DSS); |
351 | buffer_put_string(&b, blob, bloblen); | 355 | buffer_put_string(&b, blob, bloblen); |
352 | xfree(blob); | ||
353 | 356 | ||
354 | /* generate signature */ | 357 | /* generate signature */ |
355 | dsa_sign(k, &signature, &slen, buffer_ptr(&b), buffer_len(&b)); | 358 | dsa_sign(k, &signature, &slen, buffer_ptr(&b), buffer_len(&b)); |
@@ -357,6 +360,19 @@ ssh2_try_pubkey(char *filename, | |||
357 | #ifdef DEBUG_DSS | 360 | #ifdef DEBUG_DSS |
358 | buffer_dump(&b); | 361 | buffer_dump(&b); |
359 | #endif | 362 | #endif |
363 | if (datafellows & SSH_BUG_PUBKEYAUTH) { | ||
364 | /* e.g. ssh-2.0.13: data-to-be-signed != data-on-the-wire */ | ||
365 | buffer_clear(&b); | ||
366 | buffer_append(&b, session_id2, session_id2_len); | ||
367 | buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST); | ||
368 | buffer_put_cstring(&b, server_user); | ||
369 | buffer_put_cstring(&b, service); | ||
370 | buffer_put_cstring(&b, "publickey"); | ||
371 | buffer_put_char(&b, 1); | ||
372 | buffer_put_cstring(&b, KEX_DSS); | ||
373 | buffer_put_string(&b, blob, bloblen); | ||
374 | } | ||
375 | xfree(blob); | ||
360 | /* append signature */ | 376 | /* append signature */ |
361 | buffer_put_string(&b, signature, slen); | 377 | buffer_put_string(&b, signature, slen); |
362 | xfree(signature); | 378 | xfree(signature); |
@@ -9,7 +9,7 @@ | |||
9 | .\" | 9 | .\" |
10 | .\" Created: Sat Apr 22 21:55:14 1995 ylo | 10 | .\" Created: Sat Apr 22 21:55:14 1995 ylo |
11 | .\" | 11 | .\" |
12 | .\" $Id: sshd.8,v 1.21 2000/05/07 02:03:20 damien Exp $ | 12 | .\" $Id: sshd.8,v 1.22 2000/05/09 01:03:03 damien Exp $ |
13 | .\" | 13 | .\" |
14 | .Dd September 25, 1999 | 14 | .Dd September 25, 1999 |
15 | .Dt SSHD 8 | 15 | .Dt SSHD 8 |
@@ -115,7 +115,7 @@ Blowfish, 3DES or CAST128 in CBC mode or Arcfour. | |||
115 | The client selects the encryption algorithm | 115 | The client selects the encryption algorithm |
116 | to use from those offered by the server. | 116 | to use from those offered by the server. |
117 | Additionally, session integrity is provided | 117 | Additionally, session integrity is provided |
118 | through a crytographic message authentication code | 118 | through a cryptographic message authentication code |
119 | (hmac-sha1 or hmac-md5). | 119 | (hmac-sha1 or hmac-md5). |
120 | .Pp | 120 | .Pp |
121 | Protocol version 2 provides a public key based | 121 | Protocol version 2 provides a public key based |
@@ -277,7 +277,7 @@ By default login is allowed regardless of the user name. | |||
277 | Specifies the ciphers allowed for protocol version 2. | 277 | Specifies the ciphers allowed for protocol version 2. |
278 | Multiple ciphers must be comma-separated. | 278 | Multiple ciphers must be comma-separated. |
279 | The default is | 279 | The default is |
280 | .Dq blowfish-cbc,3des-cbc,arcfour,cast128-cbc . | 280 | .Dq 3des-cbc,blowfish-cbc,arcfour,cast128-cbc . |
281 | .It Cm CheckMail | 281 | .It Cm CheckMail |
282 | Specifies whether | 282 | Specifies whether |
283 | .Nm | 283 | .Nm |
@@ -327,14 +327,14 @@ Specifies the file containing the private DSA host key (default | |||
327 | used by SSH protocol 2.0. | 327 | used by SSH protocol 2.0. |
328 | Note that | 328 | Note that |
329 | .Nm | 329 | .Nm |
330 | disables protcol 2.0 if this file is group/world-accessible. | 330 | disables protocol 2.0 if this file is group/world-accessible. |
331 | .It Cm HostKey | 331 | .It Cm HostKey |
332 | Specifies the file containing the private RSA host key (default | 332 | Specifies the file containing the private RSA host key (default |
333 | .Pa /etc/ssh_host_key ) | 333 | .Pa /etc/ssh_host_key ) |
334 | used by SSH protocols 1.3 and 1.5. | 334 | used by SSH protocols 1.3 and 1.5. |
335 | Note that | 335 | Note that |
336 | .Nm | 336 | .Nm |
337 | disables protcols 1.3 and 1.5 if this file is group/world-accessible. | 337 | disables protocols 1.3 and 1.5 if this file is group/world-accessible. |
338 | .It Cm IgnoreRhosts | 338 | .It Cm IgnoreRhosts |
339 | Specifies that | 339 | Specifies that |
340 | .Pa .rhosts | 340 | .Pa .rhosts |
@@ -364,7 +364,7 @@ of the machines will be properly noticed. | |||
364 | However, this means that | 364 | However, this means that |
365 | connections will die if the route is down temporarily, and some people | 365 | connections will die if the route is down temporarily, and some people |
366 | find it annoying. | 366 | find it annoying. |
367 | On the other hand, if keepalives are not send, | 367 | On the other hand, if keepalives are not sent, |
368 | sessions may hang indefinitely on the server, leaving | 368 | sessions may hang indefinitely on the server, leaving |
369 | .Dq ghost | 369 | .Dq ghost |
370 | users and consuming server resources. | 370 | users and consuming server resources. |
@@ -620,7 +620,7 @@ The | |||
620 | .Pa $HOME/.ssh/authorized_keys | 620 | .Pa $HOME/.ssh/authorized_keys |
621 | file lists the RSA keys that are | 621 | file lists the RSA keys that are |
622 | permitted for RSA authentication in SSH protocols 1.3 and 1.5 | 622 | permitted for RSA authentication in SSH protocols 1.3 and 1.5 |
623 | Similarily, the | 623 | Similarly, the |
624 | .Pa $HOME/.ssh/authorized_keys2 | 624 | .Pa $HOME/.ssh/authorized_keys2 |
625 | file lists the DSA keys that are | 625 | file lists the DSA keys that are |
626 | permitted for DSA authentication in SSH protocol 2.0. | 626 | permitted for DSA authentication in SSH protocol 2.0. |
@@ -679,8 +679,8 @@ A quote may be included in the command by quoting it with a backslash. | |||
679 | This option might be useful | 679 | This option might be useful |
680 | to restrict certain RSA keys to perform just a specific operation. | 680 | to restrict certain RSA keys to perform just a specific operation. |
681 | An example might be a key that permits remote backups but nothing else. | 681 | An example might be a key that permits remote backups but nothing else. |
682 | Notice that the client may specify TCP/IP and/or X11 | 682 | Note that the client may specify TCP/IP and/or X11 |
683 | forwardings unless they are explicitly prohibited. | 683 | forwarding unless they are explicitly prohibited. |
684 | .It Cm environment="NAME=value" | 684 | .It Cm environment="NAME=value" |
685 | Specifies that the string is to be added to the environment when | 685 | Specifies that the string is to be added to the environment when |
686 | logging in using this key. | 686 | logging in using this key. |
@@ -1 +1 @@ | |||
#define SSH_VERSION "OpenSSH-2.0" | #define SSH_VERSION "OpenSSH-2.1" | ||