diff options
| author | Kevin Steves <stevesk@pobox.com> | 2000-12-15 19:55:48 +0000 |
|---|---|---|
| committer | Kevin Steves <stevesk@pobox.com> | 2000-12-15 19:55:48 +0000 |
| commit | fcec7f82bb394762afce0801f43bad6d2a4b4a86 (patch) | |
| tree | c746459c01b391b6e316e97ba47098eb05cc0068 /ssh.c | |
| parent | fa72ddac73e3549cf5d399fae31bfb5a293ed0cc (diff) | |
- markus@cvs.openbsd.org 2000/12/12 14:45:21
[sshd.c]
source port < 1024 is no longer required for rhosts-rsa since it
adds no additional security.
- markus@cvs.openbsd.org 2000/12/12 16:11:49
[ssh.1 ssh.c]
rhosts-rsa is no longer automagically disabled if ssh is not privileged.
UsePrivilegedPort=no disables rhosts-rsa _only_ for old servers.
these changes should not change the visible default behaviour of the ssh client.
Diffstat (limited to 'ssh.c')
| -rw-r--r-- | ssh.c | 21 |
1 files changed, 8 insertions, 13 deletions
| @@ -39,7 +39,7 @@ | |||
| 39 | */ | 39 | */ |
| 40 | 40 | ||
| 41 | #include "includes.h" | 41 | #include "includes.h" |
| 42 | RCSID("$OpenBSD: ssh.c,v 1.75 2000/11/30 07:02:35 markus Exp $"); | 42 | RCSID("$OpenBSD: ssh.c,v 1.77 2000/12/12 23:11:48 markus Exp $"); |
| 43 | 43 | ||
| 44 | #include <openssl/evp.h> | 44 | #include <openssl/evp.h> |
| 45 | #include <openssl/dsa.h> | 45 | #include <openssl/dsa.h> |
| @@ -575,11 +575,10 @@ main(int ac, char **av) | |||
| 575 | if (!options.use_privileged_port) { | 575 | if (!options.use_privileged_port) { |
| 576 | #else | 576 | #else |
| 577 | if (original_effective_uid != 0 || !options.use_privileged_port) { | 577 | if (original_effective_uid != 0 || !options.use_privileged_port) { |
| 578 | debug("Rhosts Authentication methods disabled, " | ||
| 579 | "originating port will not be trusted."); | ||
| 580 | #endif | 578 | #endif |
| 579 | debug("Rhosts Authentication disabled, " | ||
| 580 | "originating port will not be trusted."); | ||
| 581 | options.rhosts_authentication = 0; | 581 | options.rhosts_authentication = 0; |
| 582 | options.rhosts_rsa_authentication = 0; | ||
| 583 | } | 582 | } |
| 584 | /* | 583 | /* |
| 585 | * If using rsh has been selected, exec it now (without trying | 584 | * If using rsh has been selected, exec it now (without trying |
| @@ -602,17 +601,13 @@ main(int ac, char **av) | |||
| 602 | /* Restore our superuser privileges. */ | 601 | /* Restore our superuser privileges. */ |
| 603 | restore_uid(); | 602 | restore_uid(); |
| 604 | 603 | ||
| 605 | /* | 604 | /* Open a connection to the remote host. */ |
| 606 | * Open a connection to the remote host. This needs root privileges | ||
| 607 | * if rhosts_{rsa_}authentication is enabled. | ||
| 608 | */ | ||
| 609 | 605 | ||
| 610 | ok = ssh_connect(host, &hostaddr, options.port, | 606 | ok = ssh_connect(host, &hostaddr, options.port, |
| 611 | options.connection_attempts, | 607 | options.connection_attempts, |
| 612 | !options.rhosts_authentication && | 608 | original_effective_uid != 0 || !options.use_privileged_port, |
| 613 | !options.rhosts_rsa_authentication, | 609 | original_real_uid, |
| 614 | original_real_uid, | 610 | options.proxy_command); |
| 615 | options.proxy_command); | ||
| 616 | 611 | ||
| 617 | /* | 612 | /* |
| 618 | * If we successfully made the connection, load the host private key | 613 | * If we successfully made the connection, load the host private key |