diff options
author | Damien Miller <djm@mindrot.org> | 2010-03-04 21:53:35 +1100 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2010-03-04 21:53:35 +1100 |
commit | 1aed65eb27feec505997c98621bdf158f9ab8b99 (patch) | |
tree | 81c2d0b9aff3c2211388ba00cde544e0618750d2 /sshconnect.c | |
parent | 2befbad9b3c8fc6e4e564c062870229bc722734c (diff) |
- djm@cvs.openbsd.org 2010/03/04 10:36:03
[auth-rh-rsa.c auth-rsa.c auth.c auth.h auth2-hostbased.c auth2-pubkey.c]
[authfile.c authfile.h hostfile.c hostfile.h servconf.c servconf.h]
[ssh-keygen.c ssh.1 sshconnect.c sshd_config.5]
Add a TrustedUserCAKeys option to sshd_config to specify CA keys that
are trusted to authenticate users (in addition than doing it per-user
in authorized_keys).
Add a RevokedKeys option to sshd_config and a @revoked marker to
known_hosts to allow keys to me revoked and banned for user or host
authentication.
feedback and ok markus@
Diffstat (limited to 'sshconnect.c')
-rw-r--r-- | sshconnect.c | 24 |
1 files changed, 22 insertions, 2 deletions
diff --git a/sshconnect.c b/sshconnect.c index 35c2f49be..9de52224d 100644 --- a/sshconnect.c +++ b/sshconnect.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sshconnect.c,v 1.219 2010/02/26 20:29:54 djm Exp $ */ | 1 | /* $OpenBSD: sshconnect.c,v 1.220 2010/03/04 10:36:03 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -859,6 +859,25 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, | |||
859 | logit("Warning: Permanently added '%.200s' (%s) to the " | 859 | logit("Warning: Permanently added '%.200s' (%s) to the " |
860 | "list of known hosts.", hostp, type); | 860 | "list of known hosts.", hostp, type); |
861 | break; | 861 | break; |
862 | case HOST_REVOKED: | ||
863 | error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); | ||
864 | error("@ WARNING: REVOKED HOST KEY DETECTED! @"); | ||
865 | error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); | ||
866 | error("The %s host key for %s is marked as revoked.", type, host); | ||
867 | error("This could mean that a stolen key is being used to"); | ||
868 | error("impersonate this host."); | ||
869 | |||
870 | /* | ||
871 | * If strict host key checking is in use, the user will have | ||
872 | * to edit the key manually and we can only abort. | ||
873 | */ | ||
874 | if (options.strict_host_key_checking) { | ||
875 | error("%s host key for %.200s was revoked and you have " | ||
876 | "requested strict checking.", type, host); | ||
877 | goto fail; | ||
878 | } | ||
879 | goto continue_unsafe; | ||
880 | |||
862 | case HOST_CHANGED: | 881 | case HOST_CHANGED: |
863 | if (want_cert) { | 882 | if (want_cert) { |
864 | /* | 883 | /* |
@@ -908,6 +927,7 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, | |||
908 | goto fail; | 927 | goto fail; |
909 | } | 928 | } |
910 | 929 | ||
930 | continue_unsafe: | ||
911 | /* | 931 | /* |
912 | * If strict host key checking has not been requested, allow | 932 | * If strict host key checking has not been requested, allow |
913 | * the connection but without MITM-able authentication or | 933 | * the connection but without MITM-able authentication or |
@@ -1007,7 +1027,7 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, | |||
1007 | return 0; | 1027 | return 0; |
1008 | 1028 | ||
1009 | fail: | 1029 | fail: |
1010 | if (want_cert) { | 1030 | if (want_cert && host_status != HOST_REVOKED) { |
1011 | /* | 1031 | /* |
1012 | * No matching certificate. Downgrade cert to raw key and | 1032 | * No matching certificate. Downgrade cert to raw key and |
1013 | * search normally. | 1033 | * search normally. |