diff options
| author | Darren Tucker <dtucker@zip.com.au> | 2008-01-01 20:33:09 +1100 |
|---|---|---|
| committer | Darren Tucker <dtucker@zip.com.au> | 2008-01-01 20:33:09 +1100 |
| commit | 5891116cb328acbca829be47d3cd36a3bddaa85b (patch) | |
| tree | 8ab749ec4ac65345a1db388028bc6872876c2fa7 | |
| parent | 1e44c5ded38b59ab6bdb8d5c5e85583628b9971c (diff) | |
- dtucker@cvs.openbsd.org 2007/12/31 15:27:04
[sshd.c]
When in inetd mode, have sshd generate a Protocol 1 ephemeral server
key only for connections where the client chooses Protocol 1 as opposed
to when it's enabled in the server's config. Speeds up Protocol 2
connections to inetd-mode servers that also allow Protocol 1. bz #440,
based on a patch from bruno at wolff.to, ok markus@
| -rw-r--r-- | ChangeLog | 9 | ||||
| -rw-r--r-- | sshd.c | 10 |
2 files changed, 13 insertions, 6 deletions
| @@ -4,6 +4,13 @@ | |||
| 4 | [readconf.c servconf.c] | 4 | [readconf.c servconf.c] |
| 5 | Prevent strict-aliasing warnings on newer gcc versions. bz #1355, patch | 5 | Prevent strict-aliasing warnings on newer gcc versions. bz #1355, patch |
| 6 | from Dmitry V. Levin, ok djm@ | 6 | from Dmitry V. Levin, ok djm@ |
| 7 | - dtucker@cvs.openbsd.org 2007/12/31 15:27:04 | ||
| 8 | [sshd.c] | ||
| 9 | When in inetd mode, have sshd generate a Protocol 1 ephemeral server | ||
| 10 | key only for connections where the client chooses Protocol 1 as opposed | ||
| 11 | to when it's enabled in the server's config. Speeds up Protocol 2 | ||
| 12 | connections to inetd-mode servers that also allow Protocol 1. bz #440, | ||
| 13 | based on a patch from bruno at wolff.to, ok markus@ | ||
| 7 | 14 | ||
| 8 | 20071231 | 15 | 20071231 |
| 9 | - (dtucker) [configure.ac openbsd-compat/glob.{c,h}] Bug #1407: force use of | 16 | - (dtucker) [configure.ac openbsd-compat/glob.{c,h}] Bug #1407: force use of |
| @@ -3494,4 +3501,4 @@ | |||
| 3494 | OpenServer 6 and add osr5bigcrypt support so when someone migrates | 3501 | OpenServer 6 and add osr5bigcrypt support so when someone migrates |
| 3495 | passwords between UnixWare and OpenServer they will still work. OK dtucker@ | 3502 | passwords between UnixWare and OpenServer they will still work. OK dtucker@ |
| 3496 | 3503 | ||
| 3497 | $Id: ChangeLog,v 1.4812 2008/01/01 09:32:26 dtucker Exp $ | 3504 | $Id: ChangeLog,v 1.4813 2008/01/01 09:33:09 dtucker Exp $ |
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: sshd.c,v 1.352 2007/12/27 14:22:08 dtucker Exp $ */ | 1 | /* $OpenBSD: sshd.c,v 1.353 2007/12/31 15:27:04 dtucker Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -1599,10 +1599,6 @@ main(int ac, char **av) | |||
| 1599 | /* Get a connection, either from inetd or a listening TCP socket */ | 1599 | /* Get a connection, either from inetd or a listening TCP socket */ |
| 1600 | if (inetd_flag) { | 1600 | if (inetd_flag) { |
| 1601 | server_accept_inetd(&sock_in, &sock_out); | 1601 | server_accept_inetd(&sock_in, &sock_out); |
| 1602 | |||
| 1603 | if ((options.protocol & SSH_PROTO_1) && | ||
| 1604 | sensitive_data.server_key == NULL) | ||
| 1605 | generate_ephemeral_server_key(); | ||
| 1606 | } else { | 1602 | } else { |
| 1607 | server_listen(); | 1603 | server_listen(); |
| 1608 | 1604 | ||
| @@ -1772,6 +1768,10 @@ main(int ac, char **av) | |||
| 1772 | 1768 | ||
| 1773 | sshd_exchange_identification(sock_in, sock_out); | 1769 | sshd_exchange_identification(sock_in, sock_out); |
| 1774 | 1770 | ||
| 1771 | /* In inetd mode, generate ephemeral key only for proto 1 connections */ | ||
| 1772 | if (!compat20 && inetd_flag && sensitive_data.server_key == NULL) | ||
| 1773 | generate_ephemeral_server_key(); | ||
| 1774 | |||
| 1775 | packet_set_nonblocking(); | 1775 | packet_set_nonblocking(); |
| 1776 | 1776 | ||
| 1777 | /* allocate authentication context */ | 1777 | /* allocate authentication context */ |