diff options
author | Darren Tucker <dtucker@zip.com.au> | 2003-08-13 20:37:05 +1000 |
---|---|---|
committer | Darren Tucker <dtucker@zip.com.au> | 2003-08-13 20:37:05 +1000 |
commit | ec960f2c933aa55ca5dc319cff55cecce34f1f4b (patch) | |
tree | 9b684c910ef3e2fc2253003c6353334969405871 /sshd.c | |
parent | 3bdbd848ea86c27a65ee766fd2c9d9158dadb381 (diff) |
- markus@cvs.openbsd.org 2003/08/13 08:46:31
[auth1.c readconf.c readconf.h servconf.c servconf.h ssh.c ssh_config
ssh_config.5 sshconnect1.c sshd.8 sshd.c sshd_config sshd_config.5]
remove RhostsAuthentication; suggested by djm@ before; ok djm@, deraadt@,
fgsch@, miod@, henning@, jakob@ and others
Diffstat (limited to 'sshd.c')
-rw-r--r-- | sshd.c | 19 |
1 files changed, 2 insertions, 17 deletions
@@ -42,7 +42,7 @@ | |||
42 | */ | 42 | */ |
43 | 43 | ||
44 | #include "includes.h" | 44 | #include "includes.h" |
45 | RCSID("$OpenBSD: sshd.c,v 1.274 2003/07/22 13:35:22 markus Exp $"); | 45 | RCSID("$OpenBSD: sshd.c,v 1.275 2003/08/13 08:46:31 markus Exp $"); |
46 | 46 | ||
47 | #include <openssl/dh.h> | 47 | #include <openssl/dh.h> |
48 | #include <openssl/bn.h> | 48 | #include <openssl/bn.h> |
@@ -1462,20 +1462,7 @@ main(int ac, char **av) | |||
1462 | alarm(options.login_grace_time); | 1462 | alarm(options.login_grace_time); |
1463 | 1463 | ||
1464 | sshd_exchange_identification(sock_in, sock_out); | 1464 | sshd_exchange_identification(sock_in, sock_out); |
1465 | /* | 1465 | |
1466 | * Check that the connection comes from a privileged port. | ||
1467 | * Rhosts-Authentication only makes sense from privileged | ||
1468 | * programs. Of course, if the intruder has root access on his local | ||
1469 | * machine, he can connect from any port. So do not use these | ||
1470 | * authentication methods from machines that you do not trust. | ||
1471 | */ | ||
1472 | if (options.rhosts_authentication && | ||
1473 | (remote_port >= IPPORT_RESERVED || | ||
1474 | remote_port < IPPORT_RESERVED / 2)) { | ||
1475 | debug("Rhosts Authentication disabled, " | ||
1476 | "originating port %d not trusted.", remote_port); | ||
1477 | options.rhosts_authentication = 0; | ||
1478 | } | ||
1479 | #ifdef KRB5 | 1466 | #ifdef KRB5 |
1480 | if (!packet_connection_is_ipv4() && | 1467 | if (!packet_connection_is_ipv4() && |
1481 | options.kerberos_authentication) { | 1468 | options.kerberos_authentication) { |
@@ -1643,8 +1630,6 @@ do_ssh1_kex(void) | |||
1643 | 1630 | ||
1644 | /* Declare supported authentication types. */ | 1631 | /* Declare supported authentication types. */ |
1645 | auth_mask = 0; | 1632 | auth_mask = 0; |
1646 | if (options.rhosts_authentication) | ||
1647 | auth_mask |= 1 << SSH_AUTH_RHOSTS; | ||
1648 | if (options.rhosts_rsa_authentication) | 1633 | if (options.rhosts_rsa_authentication) |
1649 | auth_mask |= 1 << SSH_AUTH_RHOSTS_RSA; | 1634 | auth_mask |= 1 << SSH_AUTH_RHOSTS_RSA; |
1650 | if (options.rsa_authentication) | 1635 | if (options.rsa_authentication) |