summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authornaddy@openbsd.org <naddy@openbsd.org>2016-08-15 12:27:56 +0000
committerDamien Miller <djm@mindrot.org>2016-08-23 13:28:30 +1000
commitc38ea634893a1975dbbec798fb968c9488013f4a (patch)
tree29d9dcc51011ed7677e85b6ce2cabb25faedf74e
parent33ba55d9e358c07f069e579bfab80eccaaad52cb (diff)
upstream commit
Remove more SSH1 server code: * Drop sshd's -k option. * Retire configuration keywords that only apply to protocol 1, as well as the "protocol" keyword. * Remove some related vestiges of protocol 1 support. ok markus@ Upstream-ID: 9402f82886de917779db12f8ee3f03d4decc244d
-rw-r--r--servconf.c118
-rw-r--r--servconf.h8
-rw-r--r--sshd.c33
3 files changed, 33 insertions, 126 deletions
diff --git a/servconf.c b/servconf.c
index 873b0d02a..9bd659c41 100644
--- a/servconf.c
+++ b/servconf.c
@@ -1,5 +1,5 @@
1 1
2/* $OpenBSD: servconf.c,v 1.292 2016/06/23 05:17:51 djm Exp $ */ 2/* $OpenBSD: servconf.c,v 1.293 2016/08/15 12:27:56 naddy Exp $ */
3/* 3/*
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5 * All rights reserved 5 * All rights reserved
@@ -86,9 +86,7 @@ initialize_server_options(ServerOptions *options)
86 options->num_host_cert_files = 0; 86 options->num_host_cert_files = 0;
87 options->host_key_agent = NULL; 87 options->host_key_agent = NULL;
88 options->pid_file = NULL; 88 options->pid_file = NULL;
89 options->server_key_bits = -1;
90 options->login_grace_time = -1; 89 options->login_grace_time = -1;
91 options->key_regeneration_time = -1;
92 options->permit_root_login = PERMIT_NOT_SET; 90 options->permit_root_login = PERMIT_NOT_SET;
93 options->ignore_rhosts = -1; 91 options->ignore_rhosts = -1;
94 options->ignore_user_known_hosts = -1; 92 options->ignore_user_known_hosts = -1;
@@ -104,12 +102,10 @@ initialize_server_options(ServerOptions *options)
104 options->tcp_keep_alive = -1; 102 options->tcp_keep_alive = -1;
105 options->log_facility = SYSLOG_FACILITY_NOT_SET; 103 options->log_facility = SYSLOG_FACILITY_NOT_SET;
106 options->log_level = SYSLOG_LEVEL_NOT_SET; 104 options->log_level = SYSLOG_LEVEL_NOT_SET;
107 options->rhosts_rsa_authentication = -1;
108 options->hostbased_authentication = -1; 105 options->hostbased_authentication = -1;
109 options->hostbased_uses_name_from_packet_only = -1; 106 options->hostbased_uses_name_from_packet_only = -1;
110 options->hostbased_key_types = NULL; 107 options->hostbased_key_types = NULL;
111 options->hostkeyalgorithms = NULL; 108 options->hostkeyalgorithms = NULL;
112 options->rsa_authentication = -1;
113 options->pubkey_authentication = -1; 109 options->pubkey_authentication = -1;
114 options->pubkey_key_types = NULL; 110 options->pubkey_key_types = NULL;
115 options->kerberos_authentication = -1; 111 options->kerberos_authentication = -1;
@@ -138,7 +134,6 @@ initialize_server_options(ServerOptions *options)
138 options->ciphers = NULL; 134 options->ciphers = NULL;
139 options->macs = NULL; 135 options->macs = NULL;
140 options->kex_algorithms = NULL; 136 options->kex_algorithms = NULL;
141 options->protocol = SSH_PROTO_UNKNOWN;
142 options->fwd_opts.gateway_ports = -1; 137 options->fwd_opts.gateway_ports = -1;
143 options->fwd_opts.streamlocal_bind_mask = (mode_t)-1; 138 options->fwd_opts.streamlocal_bind_mask = (mode_t)-1;
144 options->fwd_opts.streamlocal_bind_unlink = -1; 139 options->fwd_opts.streamlocal_bind_unlink = -1;
@@ -202,25 +197,18 @@ fill_default_server_options(ServerOptions *options)
202 options->use_pam = 0; 197 options->use_pam = 0;
203 198
204 /* Standard Options */ 199 /* Standard Options */
205 if (options->protocol == SSH_PROTO_UNKNOWN)
206 options->protocol = SSH_PROTO_2;
207 if (options->num_host_key_files == 0) { 200 if (options->num_host_key_files == 0) {
208 /* fill default hostkeys for protocols */ 201 /* fill default hostkeys for protocols */
209 if (options->protocol & SSH_PROTO_1) 202 options->host_key_files[options->num_host_key_files++] =
210 options->host_key_files[options->num_host_key_files++] = 203 _PATH_HOST_RSA_KEY_FILE;
211 _PATH_HOST_KEY_FILE; 204 options->host_key_files[options->num_host_key_files++] =
212 if (options->protocol & SSH_PROTO_2) { 205 _PATH_HOST_DSA_KEY_FILE;
213 options->host_key_files[options->num_host_key_files++] =
214 _PATH_HOST_RSA_KEY_FILE;
215 options->host_key_files[options->num_host_key_files++] =
216 _PATH_HOST_DSA_KEY_FILE;
217#ifdef OPENSSL_HAS_ECC 206#ifdef OPENSSL_HAS_ECC
218 options->host_key_files[options->num_host_key_files++] = 207 options->host_key_files[options->num_host_key_files++] =
219 _PATH_HOST_ECDSA_KEY_FILE; 208 _PATH_HOST_ECDSA_KEY_FILE;
220#endif 209#endif
221 options->host_key_files[options->num_host_key_files++] = 210 options->host_key_files[options->num_host_key_files++] =
222 _PATH_HOST_ED25519_KEY_FILE; 211 _PATH_HOST_ED25519_KEY_FILE;
223 }
224 } 212 }
225 /* No certificates by default */ 213 /* No certificates by default */
226 if (options->num_ports == 0) 214 if (options->num_ports == 0)
@@ -231,12 +219,8 @@ fill_default_server_options(ServerOptions *options)
231 add_listen_addr(options, NULL, 0); 219 add_listen_addr(options, NULL, 0);
232 if (options->pid_file == NULL) 220 if (options->pid_file == NULL)
233 options->pid_file = xstrdup(_PATH_SSH_DAEMON_PID_FILE); 221 options->pid_file = xstrdup(_PATH_SSH_DAEMON_PID_FILE);
234 if (options->server_key_bits == -1)
235 options->server_key_bits = 1024;
236 if (options->login_grace_time == -1) 222 if (options->login_grace_time == -1)
237 options->login_grace_time = 120; 223 options->login_grace_time = 120;
238 if (options->key_regeneration_time == -1)
239 options->key_regeneration_time = 3600;
240 if (options->permit_root_login == PERMIT_NOT_SET) 224 if (options->permit_root_login == PERMIT_NOT_SET)
241 options->permit_root_login = PERMIT_NO_PASSWD; 225 options->permit_root_login = PERMIT_NO_PASSWD;
242 if (options->ignore_rhosts == -1) 226 if (options->ignore_rhosts == -1)
@@ -267,14 +251,10 @@ fill_default_server_options(ServerOptions *options)
267 options->log_facility = SYSLOG_FACILITY_AUTH; 251 options->log_facility = SYSLOG_FACILITY_AUTH;
268 if (options->log_level == SYSLOG_LEVEL_NOT_SET) 252 if (options->log_level == SYSLOG_LEVEL_NOT_SET)
269 options->log_level = SYSLOG_LEVEL_INFO; 253 options->log_level = SYSLOG_LEVEL_INFO;
270 if (options->rhosts_rsa_authentication == -1)
271 options->rhosts_rsa_authentication = 0;
272 if (options->hostbased_authentication == -1) 254 if (options->hostbased_authentication == -1)
273 options->hostbased_authentication = 0; 255 options->hostbased_authentication = 0;
274 if (options->hostbased_uses_name_from_packet_only == -1) 256 if (options->hostbased_uses_name_from_packet_only == -1)
275 options->hostbased_uses_name_from_packet_only = 0; 257 options->hostbased_uses_name_from_packet_only = 0;
276 if (options->rsa_authentication == -1)
277 options->rsa_authentication = 1;
278 if (options->pubkey_authentication == -1) 258 if (options->pubkey_authentication == -1)
279 options->pubkey_authentication = 1; 259 options->pubkey_authentication = 1;
280 if (options->kerberos_authentication == -1) 260 if (options->kerberos_authentication == -1)
@@ -406,8 +386,8 @@ typedef enum {
406 /* Portable-specific options */ 386 /* Portable-specific options */
407 sUsePAM, 387 sUsePAM,
408 /* Standard Options */ 388 /* Standard Options */
409 sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, 389 sPort, sHostKeyFile, sLoginGraceTime,
410 sKeyRegenerationTime, sPermitRootLogin, sLogFacility, sLogLevel, 390 sPermitRootLogin, sLogFacility, sLogLevel,
411 sRhostsRSAAuthentication, sRSAAuthentication, 391 sRhostsRSAAuthentication, sRSAAuthentication,
412 sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup, 392 sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
413 sKerberosGetAFSToken, 393 sKerberosGetAFSToken,
@@ -419,7 +399,7 @@ typedef enum {
419 sPermitTTY, sStrictModes, sEmptyPasswd, sTCPKeepAlive, 399 sPermitTTY, sStrictModes, sEmptyPasswd, sTCPKeepAlive,
420 sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression, 400 sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression,
421 sRekeyLimit, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, 401 sRekeyLimit, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
422 sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile, 402 sIgnoreUserKnownHosts, sCiphers, sMacs, sPidFile,
423 sGatewayPorts, sPubkeyAuthentication, sPubkeyAcceptedKeyTypes, 403 sGatewayPorts, sPubkeyAuthentication, sPubkeyAcceptedKeyTypes,
424 sXAuthLocation, sSubsystem, sMaxStartups, sMaxAuthTries, sMaxSessions, 404 sXAuthLocation, sSubsystem, sMaxStartups, sMaxAuthTries, sMaxSessions,
425 sBanner, sUseDNS, sHostbasedAuthentication, 405 sBanner, sUseDNS, sHostbasedAuthentication,
@@ -464,19 +444,19 @@ static struct {
464 { "hostdsakey", sHostKeyFile, SSHCFG_GLOBAL }, /* alias */ 444 { "hostdsakey", sHostKeyFile, SSHCFG_GLOBAL }, /* alias */
465 { "hostkeyagent", sHostKeyAgent, SSHCFG_GLOBAL }, 445 { "hostkeyagent", sHostKeyAgent, SSHCFG_GLOBAL },
466 { "pidfile", sPidFile, SSHCFG_GLOBAL }, 446 { "pidfile", sPidFile, SSHCFG_GLOBAL },
467 { "serverkeybits", sServerKeyBits, SSHCFG_GLOBAL }, 447 { "serverkeybits", sDeprecated, SSHCFG_GLOBAL },
468 { "logingracetime", sLoginGraceTime, SSHCFG_GLOBAL }, 448 { "logingracetime", sLoginGraceTime, SSHCFG_GLOBAL },
469 { "keyregenerationinterval", sKeyRegenerationTime, SSHCFG_GLOBAL }, 449 { "keyregenerationinterval", sDeprecated, SSHCFG_GLOBAL },
470 { "permitrootlogin", sPermitRootLogin, SSHCFG_ALL }, 450 { "permitrootlogin", sPermitRootLogin, SSHCFG_ALL },
471 { "syslogfacility", sLogFacility, SSHCFG_GLOBAL }, 451 { "syslogfacility", sLogFacility, SSHCFG_GLOBAL },
472 { "loglevel", sLogLevel, SSHCFG_GLOBAL }, 452 { "loglevel", sLogLevel, SSHCFG_GLOBAL },
473 { "rhostsauthentication", sDeprecated, SSHCFG_GLOBAL }, 453 { "rhostsauthentication", sDeprecated, SSHCFG_GLOBAL },
474 { "rhostsrsaauthentication", sRhostsRSAAuthentication, SSHCFG_ALL }, 454 { "rhostsrsaauthentication", sDeprecated, SSHCFG_ALL },
475 { "hostbasedauthentication", sHostbasedAuthentication, SSHCFG_ALL }, 455 { "hostbasedauthentication", sHostbasedAuthentication, SSHCFG_ALL },
476 { "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly, SSHCFG_ALL }, 456 { "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly, SSHCFG_ALL },
477 { "hostbasedacceptedkeytypes", sHostbasedAcceptedKeyTypes, SSHCFG_ALL }, 457 { "hostbasedacceptedkeytypes", sHostbasedAcceptedKeyTypes, SSHCFG_ALL },
478 { "hostkeyalgorithms", sHostKeyAlgorithms, SSHCFG_GLOBAL }, 458 { "hostkeyalgorithms", sHostKeyAlgorithms, SSHCFG_GLOBAL },
479 { "rsaauthentication", sRSAAuthentication, SSHCFG_ALL }, 459 { "rsaauthentication", sDeprecated, SSHCFG_ALL },
480 { "pubkeyauthentication", sPubkeyAuthentication, SSHCFG_ALL }, 460 { "pubkeyauthentication", sPubkeyAuthentication, SSHCFG_ALL },
481 { "pubkeyacceptedkeytypes", sPubkeyAcceptedKeyTypes, SSHCFG_ALL }, 461 { "pubkeyacceptedkeytypes", sPubkeyAcceptedKeyTypes, SSHCFG_ALL },
482 { "dsaauthentication", sPubkeyAuthentication, SSHCFG_GLOBAL }, /* alias */ 462 { "dsaauthentication", sPubkeyAuthentication, SSHCFG_GLOBAL }, /* alias */
@@ -541,7 +521,7 @@ static struct {
541 { "denygroups", sDenyGroups, SSHCFG_ALL }, 521 { "denygroups", sDenyGroups, SSHCFG_ALL },
542 { "ciphers", sCiphers, SSHCFG_GLOBAL }, 522 { "ciphers", sCiphers, SSHCFG_GLOBAL },
543 { "macs", sMacs, SSHCFG_GLOBAL }, 523 { "macs", sMacs, SSHCFG_GLOBAL },
544 { "protocol", sProtocol, SSHCFG_GLOBAL }, 524 { "protocol", sDeprecated, SSHCFG_GLOBAL },
545 { "gatewayports", sGatewayPorts, SSHCFG_ALL }, 525 { "gatewayports", sGatewayPorts, SSHCFG_ALL },
546 { "subsystem", sSubsystem, SSHCFG_GLOBAL }, 526 { "subsystem", sSubsystem, SSHCFG_GLOBAL },
547 { "maxstartups", sMaxStartups, SSHCFG_GLOBAL }, 527 { "maxstartups", sMaxStartups, SSHCFG_GLOBAL },
@@ -1040,18 +1020,6 @@ process_server_config_line(ServerOptions *options, char *line,
1040 filename, linenum); 1020 filename, linenum);
1041 break; 1021 break;
1042 1022
1043 case sServerKeyBits:
1044 intptr = &options->server_key_bits;
1045 parse_int:
1046 arg = strdelim(&cp);
1047 if (!arg || *arg == '\0')
1048 fatal("%s line %d: missing integer value.",
1049 filename, linenum);
1050 value = atoi(arg);
1051 if (*activep && *intptr == -1)
1052 *intptr = value;
1053 break;
1054
1055 case sLoginGraceTime: 1023 case sLoginGraceTime:
1056 intptr = &options->login_grace_time; 1024 intptr = &options->login_grace_time;
1057 parse_time: 1025 parse_time:
@@ -1066,10 +1034,6 @@ process_server_config_line(ServerOptions *options, char *line,
1066 *intptr = value; 1034 *intptr = value;
1067 break; 1035 break;
1068 1036
1069 case sKeyRegenerationTime:
1070 intptr = &options->key_regeneration_time;
1071 goto parse_time;
1072
1073 case sListenAddress: 1037 case sListenAddress:
1074 arg = strdelim(&cp); 1038 arg = strdelim(&cp);
1075 if (arg == NULL || *arg == '\0') 1039 if (arg == NULL || *arg == '\0')
@@ -1189,10 +1153,6 @@ process_server_config_line(ServerOptions *options, char *line,
1189 intptr = &options->ignore_user_known_hosts; 1153 intptr = &options->ignore_user_known_hosts;
1190 goto parse_flag; 1154 goto parse_flag;
1191 1155
1192 case sRhostsRSAAuthentication:
1193 intptr = &options->rhosts_rsa_authentication;
1194 goto parse_flag;
1195
1196 case sHostbasedAuthentication: 1156 case sHostbasedAuthentication:
1197 intptr = &options->hostbased_authentication; 1157 intptr = &options->hostbased_authentication;
1198 goto parse_flag; 1158 goto parse_flag;
@@ -1219,10 +1179,6 @@ process_server_config_line(ServerOptions *options, char *line,
1219 charptr = &options->hostkeyalgorithms; 1179 charptr = &options->hostkeyalgorithms;
1220 goto parse_keytypes; 1180 goto parse_keytypes;
1221 1181
1222 case sRSAAuthentication:
1223 intptr = &options->rsa_authentication;
1224 goto parse_flag;
1225
1226 case sPubkeyAuthentication: 1182 case sPubkeyAuthentication:
1227 intptr = &options->pubkey_authentication; 1183 intptr = &options->pubkey_authentication;
1228 goto parse_flag; 1184 goto parse_flag;
@@ -1285,7 +1241,15 @@ process_server_config_line(ServerOptions *options, char *line,
1285 1241
1286 case sX11DisplayOffset: 1242 case sX11DisplayOffset:
1287 intptr = &options->x11_display_offset; 1243 intptr = &options->x11_display_offset;
1288 goto parse_int; 1244 parse_int:
1245 arg = strdelim(&cp);
1246 if (!arg || *arg == '\0')
1247 fatal("%s line %d: missing integer value.",
1248 filename, linenum);
1249 value = atoi(arg);
1250 if (*activep && *intptr == -1)
1251 *intptr = value;
1252 break;
1289 1253
1290 case sX11UseLocalhost: 1254 case sX11UseLocalhost:
1291 intptr = &options->x11_use_localhost; 1255 intptr = &options->x11_use_localhost;
@@ -1487,19 +1451,6 @@ process_server_config_line(ServerOptions *options, char *line,
1487 options->kex_algorithms = xstrdup(arg); 1451 options->kex_algorithms = xstrdup(arg);
1488 break; 1452 break;
1489 1453
1490 case sProtocol:
1491 intptr = &options->protocol;
1492 arg = strdelim(&cp);
1493 if (!arg || *arg == '\0')
1494 fatal("%s line %d: Missing argument.", filename, linenum);
1495 value = proto_spec(arg);
1496 if (value == SSH_PROTO_UNKNOWN)
1497 fatal("%s line %d: Bad protocol spec '%s'.",
1498 filename, linenum, arg ? arg : "<NONE>");
1499 if (*intptr == SSH_PROTO_UNKNOWN)
1500 *intptr = value;
1501 break;
1502
1503 case sSubsystem: 1454 case sSubsystem:
1504 if (options->num_subsystems >= MAX_SUBSYSTEMS) { 1455 if (options->num_subsystems >= MAX_SUBSYSTEMS) {
1505 fatal("%s line %d: too many subsystems defined.", 1456 fatal("%s line %d: too many subsystems defined.",
@@ -2008,7 +1959,6 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth)
2008 1959
2009 M_CP_INTOPT(password_authentication); 1960 M_CP_INTOPT(password_authentication);
2010 M_CP_INTOPT(gss_authentication); 1961 M_CP_INTOPT(gss_authentication);
2011 M_CP_INTOPT(rsa_authentication);
2012 M_CP_INTOPT(pubkey_authentication); 1962 M_CP_INTOPT(pubkey_authentication);
2013 M_CP_INTOPT(kerberos_authentication); 1963 M_CP_INTOPT(kerberos_authentication);
2014 M_CP_INTOPT(hostbased_authentication); 1964 M_CP_INTOPT(hostbased_authentication);
@@ -2148,17 +2098,6 @@ fmt_intarg(ServerOpCodes code, int val)
2148 return fmt_multistate_int(val, multistate_tcpfwd); 2098 return fmt_multistate_int(val, multistate_tcpfwd);
2149 case sFingerprintHash: 2099 case sFingerprintHash:
2150 return ssh_digest_alg_name(val); 2100 return ssh_digest_alg_name(val);
2151 case sProtocol:
2152 switch (val) {
2153 case SSH_PROTO_1:
2154 return "1";
2155 case SSH_PROTO_2:
2156 return "2";
2157 case (SSH_PROTO_1|SSH_PROTO_2):
2158 return "2,1";
2159 default:
2160 return "UNKNOWN";
2161 }
2162 default: 2101 default:
2163 switch (val) { 2102 switch (val) {
2164 case 0: 2103 case 0:
@@ -2245,7 +2184,6 @@ dump_config(ServerOptions *o)
2245 /* these are usually at the top of the config */ 2184 /* these are usually at the top of the config */
2246 for (i = 0; i < o->num_ports; i++) 2185 for (i = 0; i < o->num_ports; i++)
2247 printf("port %d\n", o->ports[i]); 2186 printf("port %d\n", o->ports[i]);
2248 dump_cfg_fmtint(sProtocol, o->protocol);
2249 dump_cfg_fmtint(sAddressFamily, o->address_family); 2187 dump_cfg_fmtint(sAddressFamily, o->address_family);
2250 2188
2251 /* 2189 /*
@@ -2278,9 +2216,7 @@ dump_config(ServerOptions *o)
2278#ifdef USE_PAM 2216#ifdef USE_PAM
2279 dump_cfg_fmtint(sUsePAM, o->use_pam); 2217 dump_cfg_fmtint(sUsePAM, o->use_pam);
2280#endif 2218#endif
2281 dump_cfg_int(sServerKeyBits, o->server_key_bits);
2282 dump_cfg_int(sLoginGraceTime, o->login_grace_time); 2219 dump_cfg_int(sLoginGraceTime, o->login_grace_time);
2283 dump_cfg_int(sKeyRegenerationTime, o->key_regeneration_time);
2284 dump_cfg_int(sX11DisplayOffset, o->x11_display_offset); 2220 dump_cfg_int(sX11DisplayOffset, o->x11_display_offset);
2285 dump_cfg_int(sMaxAuthTries, o->max_authtries); 2221 dump_cfg_int(sMaxAuthTries, o->max_authtries);
2286 dump_cfg_int(sMaxSessions, o->max_sessions); 2222 dump_cfg_int(sMaxSessions, o->max_sessions);
@@ -2292,11 +2228,9 @@ dump_config(ServerOptions *o)
2292 dump_cfg_fmtint(sPermitRootLogin, o->permit_root_login); 2228 dump_cfg_fmtint(sPermitRootLogin, o->permit_root_login);
2293 dump_cfg_fmtint(sIgnoreRhosts, o->ignore_rhosts); 2229 dump_cfg_fmtint(sIgnoreRhosts, o->ignore_rhosts);
2294 dump_cfg_fmtint(sIgnoreUserKnownHosts, o->ignore_user_known_hosts); 2230 dump_cfg_fmtint(sIgnoreUserKnownHosts, o->ignore_user_known_hosts);
2295 dump_cfg_fmtint(sRhostsRSAAuthentication, o->rhosts_rsa_authentication);
2296 dump_cfg_fmtint(sHostbasedAuthentication, o->hostbased_authentication); 2231 dump_cfg_fmtint(sHostbasedAuthentication, o->hostbased_authentication);
2297 dump_cfg_fmtint(sHostbasedUsesNameFromPacketOnly, 2232 dump_cfg_fmtint(sHostbasedUsesNameFromPacketOnly,
2298 o->hostbased_uses_name_from_packet_only); 2233 o->hostbased_uses_name_from_packet_only);
2299 dump_cfg_fmtint(sRSAAuthentication, o->rsa_authentication);
2300 dump_cfg_fmtint(sPubkeyAuthentication, o->pubkey_authentication); 2234 dump_cfg_fmtint(sPubkeyAuthentication, o->pubkey_authentication);
2301#ifdef KRB5 2235#ifdef KRB5
2302 dump_cfg_fmtint(sKerberosAuthentication, o->kerberos_authentication); 2236 dump_cfg_fmtint(sKerberosAuthentication, o->kerberos_authentication);
diff --git a/servconf.h b/servconf.h
index f4137af7d..16b1467d2 100644
--- a/servconf.h
+++ b/servconf.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: servconf.h,v 1.120 2015/07/10 06:21:53 markus Exp $ */ 1/* $OpenBSD: servconf.h,v 1.121 2016/08/15 12:27:56 naddy Exp $ */
2 2
3/* 3/*
4 * Author: Tatu Ylonen <ylo@cs.hut.fi> 4 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -69,10 +69,8 @@ typedef struct {
69 int num_host_cert_files; /* Number of files for host certs. */ 69 int num_host_cert_files; /* Number of files for host certs. */
70 char *host_key_agent; /* ssh-agent socket for host keys. */ 70 char *host_key_agent; /* ssh-agent socket for host keys. */
71 char *pid_file; /* Where to put our pid */ 71 char *pid_file; /* Where to put our pid */
72 int server_key_bits;/* Size of the server key. */
73 int login_grace_time; /* Disconnect if no auth in this time 72 int login_grace_time; /* Disconnect if no auth in this time
74 * (sec). */ 73 * (sec). */
75 int key_regeneration_time; /* Server key lifetime (seconds). */
76 int permit_root_login; /* PERMIT_*, see above */ 74 int permit_root_login; /* PERMIT_*, see above */
77 int ignore_rhosts; /* Ignore .rhosts and .shosts. */ 75 int ignore_rhosts; /* Ignore .rhosts and .shosts. */
78 int ignore_user_known_hosts; /* Ignore ~/.ssh/known_hosts 76 int ignore_user_known_hosts; /* Ignore ~/.ssh/known_hosts
@@ -93,17 +91,13 @@ typedef struct {
93 char *ciphers; /* Supported SSH2 ciphers. */ 91 char *ciphers; /* Supported SSH2 ciphers. */
94 char *macs; /* Supported SSH2 macs. */ 92 char *macs; /* Supported SSH2 macs. */
95 char *kex_algorithms; /* SSH2 kex methods in order of preference. */ 93 char *kex_algorithms; /* SSH2 kex methods in order of preference. */
96 int protocol; /* Supported protocol versions. */
97 struct ForwardOptions fwd_opts; /* forwarding options */ 94 struct ForwardOptions fwd_opts; /* forwarding options */
98 SyslogFacility log_facility; /* Facility for system logging. */ 95 SyslogFacility log_facility; /* Facility for system logging. */
99 LogLevel log_level; /* Level for system logging. */ 96 LogLevel log_level; /* Level for system logging. */
100 int rhosts_rsa_authentication; /* If true, permit rhosts RSA
101 * authentication. */
102 int hostbased_authentication; /* If true, permit ssh2 hostbased auth */ 97 int hostbased_authentication; /* If true, permit ssh2 hostbased auth */
103 int hostbased_uses_name_from_packet_only; /* experimental */ 98 int hostbased_uses_name_from_packet_only; /* experimental */
104 char *hostbased_key_types; /* Key types allowed for hostbased */ 99 char *hostbased_key_types; /* Key types allowed for hostbased */
105 char *hostkeyalgorithms; /* SSH2 server key types */ 100 char *hostkeyalgorithms; /* SSH2 server key types */
106 int rsa_authentication; /* If true, permit RSA authentication. */
107 int pubkey_authentication; /* If true, permit ssh2 pubkey authentication. */ 101 int pubkey_authentication; /* If true, permit ssh2 pubkey authentication. */
108 char *pubkey_key_types; /* Key types allowed for public key */ 102 char *pubkey_key_types; /* Key types allowed for public key */
109 int kerberos_authentication; /* If true, permit Kerberos 103 int kerberos_authentication; /* If true, permit Kerberos
diff --git a/sshd.c b/sshd.c
index b50ea1d99..fd89acbb9 100644
--- a/sshd.c
+++ b/sshd.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshd.c,v 1.472 2016/08/13 17:47:41 markus Exp $ */ 1/* $OpenBSD: sshd.c,v 1.473 2016/08/15 12:27:56 naddy Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -365,26 +365,12 @@ sshd_exchange_identification(struct ssh *ssh, int sock_in, int sock_out)
365{ 365{
366 u_int i; 366 u_int i;
367 int remote_major, remote_minor; 367 int remote_major, remote_minor;
368 int major, minor;
369 char *s, *newline = "\n"; 368 char *s, *newline = "\n";
370 char buf[256]; /* Must not be larger than remote_version. */ 369 char buf[256]; /* Must not be larger than remote_version. */
371 char remote_version[256]; /* Must be at least as big as buf. */ 370 char remote_version[256]; /* Must be at least as big as buf. */
372 371
373 if ((options.protocol & SSH_PROTO_1) &&
374 (options.protocol & SSH_PROTO_2)) {
375 major = PROTOCOL_MAJOR_1;
376 minor = 99;
377 } else if (options.protocol & SSH_PROTO_2) {
378 major = PROTOCOL_MAJOR_2;
379 minor = PROTOCOL_MINOR_2;
380 newline = "\r\n";
381 } else {
382 major = PROTOCOL_MAJOR_1;
383 minor = PROTOCOL_MINOR_1;
384 }
385
386 xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s", 372 xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s",
387 major, minor, SSH_VERSION, 373 PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION,
388 *options.version_addendum == '\0' ? "" : " ", 374 *options.version_addendum == '\0' ? "" : " ",
389 options.version_addendum, newline); 375 options.version_addendum, newline);
390 376
@@ -925,10 +911,9 @@ usage(void)
925#endif 911#endif
926 ); 912 );
927 fprintf(stderr, 913 fprintf(stderr,
928"usage: sshd [-46DdeiqTt] [-b bits] [-C connection_spec] [-c host_cert_file]\n" 914"usage: sshd [-46DdeiqTt] [-C connection_spec] [-c host_cert_file]\n"
929" [-E log_file] [-f config_file] [-g login_grace_time]\n" 915" [-E log_file] [-f config_file] [-g login_grace_time]\n"
930" [-h host_key_file] [-k key_gen_time] [-o option] [-p port]\n" 916" [-h host_key_file] [-o option] [-p port] [-u len]\n"
931" [-u len]\n"
932 ); 917 );
933 exit(1); 918 exit(1);
934} 919}
@@ -1461,7 +1446,7 @@ main(int ac, char **av)
1461 options.log_level = SYSLOG_LEVEL_QUIET; 1446 options.log_level = SYSLOG_LEVEL_QUIET;
1462 break; 1447 break;
1463 case 'b': 1448 case 'b':
1464 /* ignored */ 1449 /* protocol 1, ignored */
1465 break; 1450 break;
1466 case 'p': 1451 case 'p':
1467 options.ports_from_cmdline = 1; 1452 options.ports_from_cmdline = 1;
@@ -1482,10 +1467,7 @@ main(int ac, char **av)
1482 } 1467 }
1483 break; 1468 break;
1484 case 'k': 1469 case 'k':
1485 if ((options.key_regeneration_time = convtime(optarg)) == -1) { 1470 /* protocol 1, ignored */
1486 fprintf(stderr, "Invalid key regeneration interval.\n");
1487 exit(1);
1488 }
1489 break; 1471 break;
1490 case 'h': 1472 case 'h':
1491 if (options.num_host_key_files >= MAX_HOSTKEYS) { 1473 if (options.num_host_key_files >= MAX_HOSTKEYS) {
@@ -1619,9 +1601,6 @@ main(int ac, char **av)
1619 * and warns for trivial misconfigurations that could break login. 1601 * and warns for trivial misconfigurations that could break login.
1620 */ 1602 */
1621 if (options.num_auth_methods != 0) { 1603 if (options.num_auth_methods != 0) {
1622 if ((options.protocol & SSH_PROTO_1))
1623 fatal("AuthenticationMethods is not supported with "
1624 "SSH protocol 1");
1625 for (n = 0; n < options.num_auth_methods; n++) { 1604 for (n = 0; n < options.num_auth_methods; n++) {
1626 if (auth2_methods_valid(options.auth_methods[n], 1605 if (auth2_methods_valid(options.auth_methods[n],
1627 1) == 0) 1606 1) == 0)