Remove support for S/Key

Most people will 1) be using modern multi-factor authentication methods like TOTP/OATH etc and 2) be getting support for multi-factor authentication via PAM or BSD Auth.
author: Damien Miller <djm@mindrot.org> 2018-07-20 13:18:28 +1000
committer: Damien Miller <djm@mindrot.org> 2018-07-31 12:59:30 +1000
commit: 87f08be054b7eeadbb9cdeb3fb4872be79ccf218 (patch)
tree: 80bfc724ddd93228b8571702a2f153787994022b /monitor.c
parent: 5d14019ba2ff54acbfd20a6b9b96bb860a8c7c31 (diff)
1 files changed, 0 insertions, 66 deletions
diff --git a/monitor.c b/monitor.c
index 78f9c5038..d4b4b0471 100644
--- a/monitor.c
+++ b/monitor.c
@@ -56,10 +56,6 @@
 # endif
 #endif
-#ifdef SKEY
-#include <skey.h>
-#endif
 #ifdef WITH_OPENSSL
 #include <openssl/dh.h>
 #endif
@@ -122,8 +118,6 @@ int mm_answer_authserv(int, struct sshbuf *);
 int mm_answer_authpassword(int, struct sshbuf *);
 int mm_answer_bsdauthquery(int, struct sshbuf *);
 int mm_answer_bsdauthrespond(int, struct sshbuf *);
-int mm_answer_skeyquery(int, struct sshbuf *);
-int mm_answer_skeyrespond(int, struct sshbuf *);
 int mm_answer_keyallowed(int, struct sshbuf *);
 int mm_answer_keyverify(int, struct sshbuf *);
 int mm_answer_pty(int, struct sshbuf *);
@@ -212,10 +206,6 @@ struct mon_table mon_dispatch_proto20[] = {
    {MONITOR_REQ_BSDAUTHQUERY, MON_ISAUTH, mm_answer_bsdauthquery},
    {MONITOR_REQ_BSDAUTHRESPOND, MON_AUTH, mm_answer_bsdauthrespond},
 #endif
-#ifdef SKEY
-    {MONITOR_REQ_SKEYQUERY, MON_ISAUTH, mm_answer_skeyquery},
-    {MONITOR_REQ_SKEYRESPOND, MON_AUTH, mm_answer_skeyrespond},
-#endif
    {MONITOR_REQ_KEYALLOWED, MON_ISAUTH, mm_answer_keyallowed},
    {MONITOR_REQ_KEYVERIFY, MON_AUTH, mm_answer_keyverify},
 #ifdef GSSAPI
@@ -960,62 +950,6 @@ mm_answer_bsdauthrespond(int sock, struct sshbuf *m)
 }
 #endif
-#ifdef SKEY
-int
-mm_answer_skeyquery(int sock, struct sshbuf *m)
-{
-        struct skey skey;
-        char challenge[1024];
-        u_int success;
-        int r;
-        success = _compat_skeychallenge(&skey, authctxt->user, challenge,
-            sizeof(challenge)) < 0 ? 0 : 1;
-        sshbuf_reset(m);
-        if ((r = sshbuf_put_u32(m, success)) != 0)
-                fatal("%s: buffer error: %s", __func__, ssh_err(r));
-        if (success) {
-                if ((r = sshbuf_put_cstring(m, challenge)) != 0)
-                        fatal("%s: buffer error: %s", __func__, ssh_err(r));
-        }
-        debug3("%s: sending challenge success: %u", __func__, success);
-        mm_request_send(sock, MONITOR_ANS_SKEYQUERY, m);
-        return (0);
-}
-int
-mm_answer_skeyrespond(int sock, struct sshbuf *m)
-{
-        char *response;
-        size_t rlen;
-        int authok, r;
-        if ((r = sshbuf_get_cstring(m, &response, &rlen)) != 0)
-                fatal("%s: buffer error: %s", __func__, ssh_err(r));
-        authok = (options.challenge_response_authentication &&
-            authctxt->valid &&
-            skey_haskey(authctxt->pw->pw_name) == 0 &&
-            skey_passcheck(authctxt->pw->pw_name, response) != -1);
-        freezero(response, rlen);
-        sshbuf_reset(m);
-        if ((r = sshbuf_put_u32(m, authok)) != 0)
-                fatal("%s: buffer error: %s", __func__, ssh_err(r));
-        debug3("%s: sending authenticated: %d", __func__, authok);
-        mm_request_send(sock, MONITOR_ANS_SKEYRESPOND, m);
-        auth_method = "keyboard-interactive";
-        auth_submethod = "skey";
-        return (authok != 0);
-}
-#endif
 #ifdef USE_PAM
 int
 mm_answer_pam_start(int sock, struct sshbuf *m)
author	Damien Miller <djm@mindrot.org>	2018-07-20 13:18:28 +1000
committer	Damien Miller <djm@mindrot.org>	2018-07-31 12:59:30 +1000
commit	87f08be054b7eeadbb9cdeb3fb4872be79ccf218 (patch)
tree	80bfc724ddd93228b8571702a2f153787994022b /monitor.c
parent	5d14019ba2ff54acbfd20a6b9b96bb860a8c7c31 (diff)

diff --git a/monitor.c b/monitor.c index 78f9c5038..d4b4b0471 100644 --- a/monitor.c +++ b/monitor.c
@@ -56,10 +56,6 @@
56	# endif	56	# endif
57	#endif	57	#endif
58		58
59	#ifdef SKEY
60	#include <skey.h>
61	#endif
62
63	#ifdef WITH_OPENSSL	59	#ifdef WITH_OPENSSL
64	#include <openssl/dh.h>	60	#include <openssl/dh.h>
65	#endif	61	#endif
@@ -122,8 +118,6 @@ int mm_answer_authserv(int, struct sshbuf *);
122	int mm_answer_authpassword(int, struct sshbuf *);	118	int mm_answer_authpassword(int, struct sshbuf *);
123	int mm_answer_bsdauthquery(int, struct sshbuf *);	119	int mm_answer_bsdauthquery(int, struct sshbuf *);
124	int mm_answer_bsdauthrespond(int, struct sshbuf *);	120	int mm_answer_bsdauthrespond(int, struct sshbuf *);
125	int mm_answer_skeyquery(int, struct sshbuf *);
126	int mm_answer_skeyrespond(int, struct sshbuf *);
127	int mm_answer_keyallowed(int, struct sshbuf *);	121	int mm_answer_keyallowed(int, struct sshbuf *);
128	int mm_answer_keyverify(int, struct sshbuf *);	122	int mm_answer_keyverify(int, struct sshbuf *);
129	int mm_answer_pty(int, struct sshbuf *);	123	int mm_answer_pty(int, struct sshbuf *);
@@ -212,10 +206,6 @@ struct mon_table mon_dispatch_proto20[] = {
212	{MONITOR_REQ_BSDAUTHQUERY, MON_ISAUTH, mm_answer_bsdauthquery},	206	{MONITOR_REQ_BSDAUTHQUERY, MON_ISAUTH, mm_answer_bsdauthquery},
213	{MONITOR_REQ_BSDAUTHRESPOND, MON_AUTH, mm_answer_bsdauthrespond},	207	{MONITOR_REQ_BSDAUTHRESPOND, MON_AUTH, mm_answer_bsdauthrespond},
214	#endif	208	#endif
215	#ifdef SKEY
216	{MONITOR_REQ_SKEYQUERY, MON_ISAUTH, mm_answer_skeyquery},
217	{MONITOR_REQ_SKEYRESPOND, MON_AUTH, mm_answer_skeyrespond},
218	#endif
219	{MONITOR_REQ_KEYALLOWED, MON_ISAUTH, mm_answer_keyallowed},	209	{MONITOR_REQ_KEYALLOWED, MON_ISAUTH, mm_answer_keyallowed},
220	{MONITOR_REQ_KEYVERIFY, MON_AUTH, mm_answer_keyverify},	210	{MONITOR_REQ_KEYVERIFY, MON_AUTH, mm_answer_keyverify},
221	#ifdef GSSAPI	211	#ifdef GSSAPI
@@ -960,62 +950,6 @@ mm_answer_bsdauthrespond(int sock, struct sshbuf *m)
960	}	950	}
961	#endif	951	#endif
962		952
963	#ifdef SKEY
964	int
965	mm_answer_skeyquery(int sock, struct sshbuf *m)
966	{
967	struct skey skey;
968	char challenge[1024];
969	u_int success;
970	int r;
971
972	success = _compat_skeychallenge(&skey, authctxt->user, challenge,
973	sizeof(challenge)) < 0 ? 0 : 1;
974
975	sshbuf_reset(m);
976	if ((r = sshbuf_put_u32(m, success)) != 0)
977	fatal("%s: buffer error: %s", __func__, ssh_err(r));
978	if (success) {
979	if ((r = sshbuf_put_cstring(m, challenge)) != 0)
980	fatal("%s: buffer error: %s", __func__, ssh_err(r));
981	}
982	debug3("%s: sending challenge success: %u", __func__, success);
983	mm_request_send(sock, MONITOR_ANS_SKEYQUERY, m);
984
985	return (0);
986	}
987
988	int
989	mm_answer_skeyrespond(int sock, struct sshbuf *m)
990	{
991	char *response;
992	size_t rlen;
993	int authok, r;
994
995	if ((r = sshbuf_get_cstring(m, &response, &rlen)) != 0)
996	fatal("%s: buffer error: %s", __func__, ssh_err(r));
997
998	authok = (options.challenge_response_authentication &&
999	authctxt->valid &&
1000	skey_haskey(authctxt->pw->pw_name) == 0 &&
1001	skey_passcheck(authctxt->pw->pw_name, response) != -1);
1002
1003	freezero(response, rlen);
1004
1005	sshbuf_reset(m);
1006	if ((r = sshbuf_put_u32(m, authok)) != 0)
1007	fatal("%s: buffer error: %s", __func__, ssh_err(r));
1008
1009	debug3("%s: sending authenticated: %d", __func__, authok);
1010	mm_request_send(sock, MONITOR_ANS_SKEYRESPOND, m);
1011
1012	auth_method = "keyboard-interactive";
1013	auth_submethod = "skey";
1014
1015	return (authok != 0);
1016	}
1017	#endif
1018
1019	#ifdef USE_PAM	953	#ifdef USE_PAM
1020	int	954	int
1021	mm_answer_pam_start(int sock, struct sshbuf *m)	955	mm_answer_pam_start(int sock, struct sshbuf *m)