diff options
| author | Colin Watson <cjwatson@debian.org> | 2014-02-09 23:45:24 +0000 |
|---|---|---|
| committer | Colin Watson <cjwatson@debian.org> | 2014-02-09 23:47:26 +0000 |
| commit | d62fa90d496ae9532d8c1426b177e12d3c5ac03b (patch) | |
| tree | 3179fea9631a318c8a0782dedc7cd690f201af69 /servconf.c | |
| parent | d26565af8589d88f824b26f31da493f1056efcf4 (diff) | |
| parent | b65a0ded7a8cfe7d351e28266d7851216d679e05 (diff) | |
Drop ssh-vulnkey
Drop ssh-vulnkey and the associated ssh/ssh-add/sshd integration
code, leaving only basic configuration file compatibility, since it
has been nearly six years since the original vulnerability and this
code is not likely to be of much value any more. See
https://lists.debian.org/debian-devel/2013/09/msg00240.html for my
full reasoning.
Diffstat (limited to 'servconf.c')
| -rw-r--r-- | servconf.c | 12 |
1 files changed, 2 insertions, 10 deletions
diff --git a/servconf.c b/servconf.c index a2928ff57..802db1d79 100644 --- a/servconf.c +++ b/servconf.c | |||
| @@ -114,7 +114,6 @@ initialize_server_options(ServerOptions *options) | |||
| 114 | options->password_authentication = -1; | 114 | options->password_authentication = -1; |
| 115 | options->kbd_interactive_authentication = -1; | 115 | options->kbd_interactive_authentication = -1; |
| 116 | options->challenge_response_authentication = -1; | 116 | options->challenge_response_authentication = -1; |
| 117 | options->permit_blacklisted_keys = -1; | ||
| 118 | options->permit_empty_passwd = -1; | 117 | options->permit_empty_passwd = -1; |
| 119 | options->permit_user_env = -1; | 118 | options->permit_user_env = -1; |
| 120 | options->use_login = -1; | 119 | options->use_login = -1; |
| @@ -259,8 +258,6 @@ fill_default_server_options(ServerOptions *options) | |||
| 259 | options->kbd_interactive_authentication = 0; | 258 | options->kbd_interactive_authentication = 0; |
| 260 | if (options->challenge_response_authentication == -1) | 259 | if (options->challenge_response_authentication == -1) |
| 261 | options->challenge_response_authentication = 1; | 260 | options->challenge_response_authentication = 1; |
| 262 | if (options->permit_blacklisted_keys == -1) | ||
| 263 | options->permit_blacklisted_keys = 0; | ||
| 264 | if (options->permit_empty_passwd == -1) | 261 | if (options->permit_empty_passwd == -1) |
| 265 | options->permit_empty_passwd = 0; | 262 | options->permit_empty_passwd = 0; |
| 266 | if (options->permit_user_env == -1) | 263 | if (options->permit_user_env == -1) |
| @@ -344,7 +341,7 @@ typedef enum { | |||
| 344 | sListenAddress, sAddressFamily, | 341 | sListenAddress, sAddressFamily, |
| 345 | sPrintMotd, sPrintLastLog, sIgnoreRhosts, | 342 | sPrintMotd, sPrintLastLog, sIgnoreRhosts, |
| 346 | sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost, | 343 | sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost, |
| 347 | sStrictModes, sPermitBlacklistedKeys, sEmptyPasswd, sTCPKeepAlive, | 344 | sStrictModes, sEmptyPasswd, sTCPKeepAlive, |
| 348 | sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression, | 345 | sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression, |
| 349 | sRekeyLimit, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, | 346 | sRekeyLimit, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, |
| 350 | sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile, | 347 | sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile, |
| @@ -458,7 +455,7 @@ static struct { | |||
| 458 | { "x11uselocalhost", sX11UseLocalhost, SSHCFG_ALL }, | 455 | { "x11uselocalhost", sX11UseLocalhost, SSHCFG_ALL }, |
| 459 | { "xauthlocation", sXAuthLocation, SSHCFG_GLOBAL }, | 456 | { "xauthlocation", sXAuthLocation, SSHCFG_GLOBAL }, |
| 460 | { "strictmodes", sStrictModes, SSHCFG_GLOBAL }, | 457 | { "strictmodes", sStrictModes, SSHCFG_GLOBAL }, |
| 461 | { "permitblacklistedkeys", sPermitBlacklistedKeys, SSHCFG_GLOBAL }, | 458 | { "permitblacklistedkeys", sDeprecated, SSHCFG_GLOBAL }, |
| 462 | { "permitemptypasswords", sEmptyPasswd, SSHCFG_ALL }, | 459 | { "permitemptypasswords", sEmptyPasswd, SSHCFG_ALL }, |
| 463 | { "permituserenvironment", sPermitUserEnvironment, SSHCFG_GLOBAL }, | 460 | { "permituserenvironment", sPermitUserEnvironment, SSHCFG_GLOBAL }, |
| 464 | { "uselogin", sUseLogin, SSHCFG_GLOBAL }, | 461 | { "uselogin", sUseLogin, SSHCFG_GLOBAL }, |
| @@ -1167,10 +1164,6 @@ process_server_config_line(ServerOptions *options, char *line, | |||
| 1167 | intptr = &options->tcp_keep_alive; | 1164 | intptr = &options->tcp_keep_alive; |
| 1168 | goto parse_flag; | 1165 | goto parse_flag; |
| 1169 | 1166 | ||
| 1170 | case sPermitBlacklistedKeys: | ||
| 1171 | intptr = &options->permit_blacklisted_keys; | ||
| 1172 | goto parse_flag; | ||
| 1173 | |||
| 1174 | case sEmptyPasswd: | 1167 | case sEmptyPasswd: |
| 1175 | intptr = &options->permit_empty_passwd; | 1168 | intptr = &options->permit_empty_passwd; |
| 1176 | goto parse_flag; | 1169 | goto parse_flag; |
| @@ -2053,7 +2046,6 @@ dump_config(ServerOptions *o) | |||
| 2053 | dump_cfg_fmtint(sX11UseLocalhost, o->x11_use_localhost); | 2046 | dump_cfg_fmtint(sX11UseLocalhost, o->x11_use_localhost); |
| 2054 | dump_cfg_fmtint(sStrictModes, o->strict_modes); | 2047 | dump_cfg_fmtint(sStrictModes, o->strict_modes); |
| 2055 | dump_cfg_fmtint(sTCPKeepAlive, o->tcp_keep_alive); | 2048 | dump_cfg_fmtint(sTCPKeepAlive, o->tcp_keep_alive); |
| 2056 | dump_cfg_fmtint(sPermitBlacklistedKeys, o->permit_blacklisted_keys); | ||
| 2057 | dump_cfg_fmtint(sEmptyPasswd, o->permit_empty_passwd); | 2049 | dump_cfg_fmtint(sEmptyPasswd, o->permit_empty_passwd); |
| 2058 | dump_cfg_fmtint(sPermitUserEnvironment, o->permit_user_env); | 2050 | dump_cfg_fmtint(sPermitUserEnvironment, o->permit_user_env); |
| 2059 | dump_cfg_fmtint(sUseLogin, o->use_login); | 2051 | dump_cfg_fmtint(sUseLogin, o->use_login); |