diff options
| author | Damien Miller <djm@mindrot.org> | 2010-06-26 10:02:03 +1000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2010-06-26 10:02:03 +1000 |
| commit | 383ffe6c5f31d3ecd89caadc8aef1bc2b821d63a (patch) | |
| tree | e7750eda2d74570aaf7ef5bd3360a6a1a04ea53c | |
| parent | bda3ecafcafd85856c6ffd0ba54b85afe6d71a84 (diff) | |
- djm@cvs.openbsd.org 2010/06/25 23:10:30
[ssh.c]
log the hostname and address that we connected to at LogLevel=verbose
after authentication is successful to mitigate "phishing" attacks by
servers with trusted keys that accept authentication silently and
automatically before presenting fake password/passphrase prompts;
"nice!" markus@
| -rw-r--r-- | ChangeLog | 7 | ||||
| -rw-r--r-- | ssh.c | 9 |
2 files changed, 15 insertions, 1 deletions
| @@ -67,6 +67,13 @@ | |||
| 67 | [auth1.c auth2-none.c] | 67 | [auth1.c auth2-none.c] |
| 68 | skip the initial check for access with an empty password when | 68 | skip the initial check for access with an empty password when |
| 69 | PermitEmptyPasswords=no; bz#1638; ok markus@ | 69 | PermitEmptyPasswords=no; bz#1638; ok markus@ |
| 70 | - djm@cvs.openbsd.org 2010/06/25 23:10:30 | ||
| 71 | [ssh.c] | ||
| 72 | log the hostname and address that we connected to at LogLevel=verbose | ||
| 73 | after authentication is successful to mitigate "phishing" attacks by | ||
| 74 | servers with trusted keys that accept authentication silently and | ||
| 75 | automatically before presenting fake password/passphrase prompts; | ||
| 76 | "nice!" markus@ | ||
| 70 | 77 | ||
| 71 | 20100622 | 78 | 20100622 |
| 72 | - (djm) [loginrec.c] crank LINFO_NAMESIZE (username length) to 512 | 79 | - (djm) [loginrec.c] crank LINFO_NAMESIZE (username length) to 512 |
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssh.c,v 1.338 2010/05/16 12:55:51 markus Exp $ */ | 1 | /* $OpenBSD: ssh.c,v 1.339 2010/06/25 23:10:30 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -829,6 +829,13 @@ main(int ac, char **av) | |||
| 829 | ssh_login(&sensitive_data, host, (struct sockaddr *)&hostaddr, | 829 | ssh_login(&sensitive_data, host, (struct sockaddr *)&hostaddr, |
| 830 | pw, timeout_ms); | 830 | pw, timeout_ms); |
| 831 | 831 | ||
| 832 | if (packet_connection_is_on_socket()) { | ||
| 833 | verbose("Authenticated to %s ([%s]:%d).", host, | ||
| 834 | get_remote_ipaddr(), get_remote_port()); | ||
| 835 | } else { | ||
| 836 | verbose("Authenticated to %s (via proxy).", host); | ||
| 837 | } | ||
| 838 | |||
| 832 | /* We no longer need the private host keys. Clear them now. */ | 839 | /* We no longer need the private host keys. Clear them now. */ |
| 833 | if (sensitive_data.nkeys != 0) { | 840 | if (sensitive_data.nkeys != 0) { |
| 834 | for (i = 0; i < sensitive_data.nkeys; i++) { | 841 | for (i = 0; i < sensitive_data.nkeys; i++) { |