summaryrefslogtreecommitdiff
path: root/servconf.c
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2014-02-09 23:45:24 +0000
committerColin Watson <cjwatson@debian.org>2014-02-09 23:47:26 +0000
commitd62fa90d496ae9532d8c1426b177e12d3c5ac03b (patch)
tree3179fea9631a318c8a0782dedc7cd690f201af69 /servconf.c
parentd26565af8589d88f824b26f31da493f1056efcf4 (diff)
parentb65a0ded7a8cfe7d351e28266d7851216d679e05 (diff)
Drop ssh-vulnkey
Drop ssh-vulnkey and the associated ssh/ssh-add/sshd integration code, leaving only basic configuration file compatibility, since it has been nearly six years since the original vulnerability and this code is not likely to be of much value any more. See https://lists.debian.org/debian-devel/2013/09/msg00240.html for my full reasoning.
Diffstat (limited to 'servconf.c')
-rw-r--r--servconf.c12
1 files changed, 2 insertions, 10 deletions
diff --git a/servconf.c b/servconf.c
index a2928ff57..802db1d79 100644
--- a/servconf.c
+++ b/servconf.c
@@ -114,7 +114,6 @@ initialize_server_options(ServerOptions *options)
114 options->password_authentication = -1; 114 options->password_authentication = -1;
115 options->kbd_interactive_authentication = -1; 115 options->kbd_interactive_authentication = -1;
116 options->challenge_response_authentication = -1; 116 options->challenge_response_authentication = -1;
117 options->permit_blacklisted_keys = -1;
118 options->permit_empty_passwd = -1; 117 options->permit_empty_passwd = -1;
119 options->permit_user_env = -1; 118 options->permit_user_env = -1;
120 options->use_login = -1; 119 options->use_login = -1;
@@ -259,8 +258,6 @@ fill_default_server_options(ServerOptions *options)
259 options->kbd_interactive_authentication = 0; 258 options->kbd_interactive_authentication = 0;
260 if (options->challenge_response_authentication == -1) 259 if (options->challenge_response_authentication == -1)
261 options->challenge_response_authentication = 1; 260 options->challenge_response_authentication = 1;
262 if (options->permit_blacklisted_keys == -1)
263 options->permit_blacklisted_keys = 0;
264 if (options->permit_empty_passwd == -1) 261 if (options->permit_empty_passwd == -1)
265 options->permit_empty_passwd = 0; 262 options->permit_empty_passwd = 0;
266 if (options->permit_user_env == -1) 263 if (options->permit_user_env == -1)
@@ -344,7 +341,7 @@ typedef enum {
344 sListenAddress, sAddressFamily, 341 sListenAddress, sAddressFamily,
345 sPrintMotd, sPrintLastLog, sIgnoreRhosts, 342 sPrintMotd, sPrintLastLog, sIgnoreRhosts,
346 sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost, 343 sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost,
347 sStrictModes, sPermitBlacklistedKeys, sEmptyPasswd, sTCPKeepAlive, 344 sStrictModes, sEmptyPasswd, sTCPKeepAlive,
348 sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression, 345 sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression,
349 sRekeyLimit, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, 346 sRekeyLimit, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
350 sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile, 347 sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,
@@ -458,7 +455,7 @@ static struct {
458 { "x11uselocalhost", sX11UseLocalhost, SSHCFG_ALL }, 455 { "x11uselocalhost", sX11UseLocalhost, SSHCFG_ALL },
459 { "xauthlocation", sXAuthLocation, SSHCFG_GLOBAL }, 456 { "xauthlocation", sXAuthLocation, SSHCFG_GLOBAL },
460 { "strictmodes", sStrictModes, SSHCFG_GLOBAL }, 457 { "strictmodes", sStrictModes, SSHCFG_GLOBAL },
461 { "permitblacklistedkeys", sPermitBlacklistedKeys, SSHCFG_GLOBAL }, 458 { "permitblacklistedkeys", sDeprecated, SSHCFG_GLOBAL },
462 { "permitemptypasswords", sEmptyPasswd, SSHCFG_ALL }, 459 { "permitemptypasswords", sEmptyPasswd, SSHCFG_ALL },
463 { "permituserenvironment", sPermitUserEnvironment, SSHCFG_GLOBAL }, 460 { "permituserenvironment", sPermitUserEnvironment, SSHCFG_GLOBAL },
464 { "uselogin", sUseLogin, SSHCFG_GLOBAL }, 461 { "uselogin", sUseLogin, SSHCFG_GLOBAL },
@@ -1167,10 +1164,6 @@ process_server_config_line(ServerOptions *options, char *line,
1167 intptr = &options->tcp_keep_alive; 1164 intptr = &options->tcp_keep_alive;
1168 goto parse_flag; 1165 goto parse_flag;
1169 1166
1170 case sPermitBlacklistedKeys:
1171 intptr = &options->permit_blacklisted_keys;
1172 goto parse_flag;
1173
1174 case sEmptyPasswd: 1167 case sEmptyPasswd:
1175 intptr = &options->permit_empty_passwd; 1168 intptr = &options->permit_empty_passwd;
1176 goto parse_flag; 1169 goto parse_flag;
@@ -2053,7 +2046,6 @@ dump_config(ServerOptions *o)
2053 dump_cfg_fmtint(sX11UseLocalhost, o->x11_use_localhost); 2046 dump_cfg_fmtint(sX11UseLocalhost, o->x11_use_localhost);
2054 dump_cfg_fmtint(sStrictModes, o->strict_modes); 2047 dump_cfg_fmtint(sStrictModes, o->strict_modes);
2055 dump_cfg_fmtint(sTCPKeepAlive, o->tcp_keep_alive); 2048 dump_cfg_fmtint(sTCPKeepAlive, o->tcp_keep_alive);
2056 dump_cfg_fmtint(sPermitBlacklistedKeys, o->permit_blacklisted_keys);
2057 dump_cfg_fmtint(sEmptyPasswd, o->permit_empty_passwd); 2049 dump_cfg_fmtint(sEmptyPasswd, o->permit_empty_passwd);
2058 dump_cfg_fmtint(sPermitUserEnvironment, o->permit_user_env); 2050 dump_cfg_fmtint(sPermitUserEnvironment, o->permit_user_env);
2059 dump_cfg_fmtint(sUseLogin, o->use_login); 2051 dump_cfg_fmtint(sUseLogin, o->use_login);