diff options
author | Darren Tucker <dtucker@zip.com.au> | 2008-01-01 20:33:09 +1100 |
---|---|---|
committer | Darren Tucker <dtucker@zip.com.au> | 2008-01-01 20:33:09 +1100 |
commit | 5891116cb328acbca829be47d3cd36a3bddaa85b (patch) | |
tree | 8ab749ec4ac65345a1db388028bc6872876c2fa7 | |
parent | 1e44c5ded38b59ab6bdb8d5c5e85583628b9971c (diff) |
- dtucker@cvs.openbsd.org 2007/12/31 15:27:04
[sshd.c]
When in inetd mode, have sshd generate a Protocol 1 ephemeral server
key only for connections where the client chooses Protocol 1 as opposed
to when it's enabled in the server's config. Speeds up Protocol 2
connections to inetd-mode servers that also allow Protocol 1. bz #440,
based on a patch from bruno at wolff.to, ok markus@
-rw-r--r-- | ChangeLog | 9 | ||||
-rw-r--r-- | sshd.c | 10 |
2 files changed, 13 insertions, 6 deletions
@@ -4,6 +4,13 @@ | |||
4 | [readconf.c servconf.c] | 4 | [readconf.c servconf.c] |
5 | Prevent strict-aliasing warnings on newer gcc versions. bz #1355, patch | 5 | Prevent strict-aliasing warnings on newer gcc versions. bz #1355, patch |
6 | from Dmitry V. Levin, ok djm@ | 6 | from Dmitry V. Levin, ok djm@ |
7 | - dtucker@cvs.openbsd.org 2007/12/31 15:27:04 | ||
8 | [sshd.c] | ||
9 | When in inetd mode, have sshd generate a Protocol 1 ephemeral server | ||
10 | key only for connections where the client chooses Protocol 1 as opposed | ||
11 | to when it's enabled in the server's config. Speeds up Protocol 2 | ||
12 | connections to inetd-mode servers that also allow Protocol 1. bz #440, | ||
13 | based on a patch from bruno at wolff.to, ok markus@ | ||
7 | 14 | ||
8 | 20071231 | 15 | 20071231 |
9 | - (dtucker) [configure.ac openbsd-compat/glob.{c,h}] Bug #1407: force use of | 16 | - (dtucker) [configure.ac openbsd-compat/glob.{c,h}] Bug #1407: force use of |
@@ -3494,4 +3501,4 @@ | |||
3494 | OpenServer 6 and add osr5bigcrypt support so when someone migrates | 3501 | OpenServer 6 and add osr5bigcrypt support so when someone migrates |
3495 | passwords between UnixWare and OpenServer they will still work. OK dtucker@ | 3502 | passwords between UnixWare and OpenServer they will still work. OK dtucker@ |
3496 | 3503 | ||
3497 | $Id: ChangeLog,v 1.4812 2008/01/01 09:32:26 dtucker Exp $ | 3504 | $Id: ChangeLog,v 1.4813 2008/01/01 09:33:09 dtucker Exp $ |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sshd.c,v 1.352 2007/12/27 14:22:08 dtucker Exp $ */ | 1 | /* $OpenBSD: sshd.c,v 1.353 2007/12/31 15:27:04 dtucker Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -1599,10 +1599,6 @@ main(int ac, char **av) | |||
1599 | /* Get a connection, either from inetd or a listening TCP socket */ | 1599 | /* Get a connection, either from inetd or a listening TCP socket */ |
1600 | if (inetd_flag) { | 1600 | if (inetd_flag) { |
1601 | server_accept_inetd(&sock_in, &sock_out); | 1601 | server_accept_inetd(&sock_in, &sock_out); |
1602 | |||
1603 | if ((options.protocol & SSH_PROTO_1) && | ||
1604 | sensitive_data.server_key == NULL) | ||
1605 | generate_ephemeral_server_key(); | ||
1606 | } else { | 1602 | } else { |
1607 | server_listen(); | 1603 | server_listen(); |
1608 | 1604 | ||
@@ -1772,6 +1768,10 @@ main(int ac, char **av) | |||
1772 | 1768 | ||
1773 | sshd_exchange_identification(sock_in, sock_out); | 1769 | sshd_exchange_identification(sock_in, sock_out); |
1774 | 1770 | ||
1771 | /* In inetd mode, generate ephemeral key only for proto 1 connections */ | ||
1772 | if (!compat20 && inetd_flag && sensitive_data.server_key == NULL) | ||
1773 | generate_ephemeral_server_key(); | ||
1774 | |||
1775 | packet_set_nonblocking(); | 1775 | packet_set_nonblocking(); |
1776 | 1776 | ||
1777 | /* allocate authentication context */ | 1777 | /* allocate authentication context */ |