diff options
| author | Damien Miller <djm@mindrot.org> | 2010-03-04 21:53:35 +1100 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2010-03-04 21:53:35 +1100 |
| commit | 1aed65eb27feec505997c98621bdf158f9ab8b99 (patch) | |
| tree | 81c2d0b9aff3c2211388ba00cde544e0618750d2 /sshconnect.c | |
| parent | 2befbad9b3c8fc6e4e564c062870229bc722734c (diff) | |
- djm@cvs.openbsd.org 2010/03/04 10:36:03
[auth-rh-rsa.c auth-rsa.c auth.c auth.h auth2-hostbased.c auth2-pubkey.c]
[authfile.c authfile.h hostfile.c hostfile.h servconf.c servconf.h]
[ssh-keygen.c ssh.1 sshconnect.c sshd_config.5]
Add a TrustedUserCAKeys option to sshd_config to specify CA keys that
are trusted to authenticate users (in addition than doing it per-user
in authorized_keys).
Add a RevokedKeys option to sshd_config and a @revoked marker to
known_hosts to allow keys to me revoked and banned for user or host
authentication.
feedback and ok markus@
Diffstat (limited to 'sshconnect.c')
| -rw-r--r-- | sshconnect.c | 24 |
1 files changed, 22 insertions, 2 deletions
diff --git a/sshconnect.c b/sshconnect.c index 35c2f49be..9de52224d 100644 --- a/sshconnect.c +++ b/sshconnect.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: sshconnect.c,v 1.219 2010/02/26 20:29:54 djm Exp $ */ | 1 | /* $OpenBSD: sshconnect.c,v 1.220 2010/03/04 10:36:03 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -859,6 +859,25 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, | |||
| 859 | logit("Warning: Permanently added '%.200s' (%s) to the " | 859 | logit("Warning: Permanently added '%.200s' (%s) to the " |
| 860 | "list of known hosts.", hostp, type); | 860 | "list of known hosts.", hostp, type); |
| 861 | break; | 861 | break; |
| 862 | case HOST_REVOKED: | ||
| 863 | error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); | ||
| 864 | error("@ WARNING: REVOKED HOST KEY DETECTED! @"); | ||
| 865 | error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); | ||
| 866 | error("The %s host key for %s is marked as revoked.", type, host); | ||
| 867 | error("This could mean that a stolen key is being used to"); | ||
| 868 | error("impersonate this host."); | ||
| 869 | |||
| 870 | /* | ||
| 871 | * If strict host key checking is in use, the user will have | ||
| 872 | * to edit the key manually and we can only abort. | ||
| 873 | */ | ||
| 874 | if (options.strict_host_key_checking) { | ||
| 875 | error("%s host key for %.200s was revoked and you have " | ||
| 876 | "requested strict checking.", type, host); | ||
| 877 | goto fail; | ||
| 878 | } | ||
| 879 | goto continue_unsafe; | ||
| 880 | |||
| 862 | case HOST_CHANGED: | 881 | case HOST_CHANGED: |
| 863 | if (want_cert) { | 882 | if (want_cert) { |
| 864 | /* | 883 | /* |
| @@ -908,6 +927,7 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, | |||
| 908 | goto fail; | 927 | goto fail; |
| 909 | } | 928 | } |
| 910 | 929 | ||
| 930 | continue_unsafe: | ||
| 911 | /* | 931 | /* |
| 912 | * If strict host key checking has not been requested, allow | 932 | * If strict host key checking has not been requested, allow |
| 913 | * the connection but without MITM-able authentication or | 933 | * the connection but without MITM-able authentication or |
| @@ -1007,7 +1027,7 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, | |||
| 1007 | return 0; | 1027 | return 0; |
| 1008 | 1028 | ||
| 1009 | fail: | 1029 | fail: |
| 1010 | if (want_cert) { | 1030 | if (want_cert && host_status != HOST_REVOKED) { |
| 1011 | /* | 1031 | /* |
| 1012 | * No matching certificate. Downgrade cert to raw key and | 1032 | * No matching certificate. Downgrade cert to raw key and |
| 1013 | * search normally. | 1033 | * search normally. |