diff options
| author | Darren Tucker <dtucker@zip.com.au> | 2003-08-13 20:37:05 +1000 |
|---|---|---|
| committer | Darren Tucker <dtucker@zip.com.au> | 2003-08-13 20:37:05 +1000 |
| commit | ec960f2c933aa55ca5dc319cff55cecce34f1f4b (patch) | |
| tree | 9b684c910ef3e2fc2253003c6353334969405871 /sshd.c | |
| parent | 3bdbd848ea86c27a65ee766fd2c9d9158dadb381 (diff) | |
- markus@cvs.openbsd.org 2003/08/13 08:46:31
[auth1.c readconf.c readconf.h servconf.c servconf.h ssh.c ssh_config
ssh_config.5 sshconnect1.c sshd.8 sshd.c sshd_config sshd_config.5]
remove RhostsAuthentication; suggested by djm@ before; ok djm@, deraadt@,
fgsch@, miod@, henning@, jakob@ and others
Diffstat (limited to 'sshd.c')
| -rw-r--r-- | sshd.c | 19 |
1 files changed, 2 insertions, 17 deletions
| @@ -42,7 +42,7 @@ | |||
| 42 | */ | 42 | */ |
| 43 | 43 | ||
| 44 | #include "includes.h" | 44 | #include "includes.h" |
| 45 | RCSID("$OpenBSD: sshd.c,v 1.274 2003/07/22 13:35:22 markus Exp $"); | 45 | RCSID("$OpenBSD: sshd.c,v 1.275 2003/08/13 08:46:31 markus Exp $"); |
| 46 | 46 | ||
| 47 | #include <openssl/dh.h> | 47 | #include <openssl/dh.h> |
| 48 | #include <openssl/bn.h> | 48 | #include <openssl/bn.h> |
| @@ -1462,20 +1462,7 @@ main(int ac, char **av) | |||
| 1462 | alarm(options.login_grace_time); | 1462 | alarm(options.login_grace_time); |
| 1463 | 1463 | ||
| 1464 | sshd_exchange_identification(sock_in, sock_out); | 1464 | sshd_exchange_identification(sock_in, sock_out); |
| 1465 | /* | 1465 | |
| 1466 | * Check that the connection comes from a privileged port. | ||
| 1467 | * Rhosts-Authentication only makes sense from privileged | ||
| 1468 | * programs. Of course, if the intruder has root access on his local | ||
| 1469 | * machine, he can connect from any port. So do not use these | ||
| 1470 | * authentication methods from machines that you do not trust. | ||
| 1471 | */ | ||
| 1472 | if (options.rhosts_authentication && | ||
| 1473 | (remote_port >= IPPORT_RESERVED || | ||
| 1474 | remote_port < IPPORT_RESERVED / 2)) { | ||
| 1475 | debug("Rhosts Authentication disabled, " | ||
| 1476 | "originating port %d not trusted.", remote_port); | ||
| 1477 | options.rhosts_authentication = 0; | ||
| 1478 | } | ||
| 1479 | #ifdef KRB5 | 1466 | #ifdef KRB5 |
| 1480 | if (!packet_connection_is_ipv4() && | 1467 | if (!packet_connection_is_ipv4() && |
| 1481 | options.kerberos_authentication) { | 1468 | options.kerberos_authentication) { |
| @@ -1643,8 +1630,6 @@ do_ssh1_kex(void) | |||
| 1643 | 1630 | ||
| 1644 | /* Declare supported authentication types. */ | 1631 | /* Declare supported authentication types. */ |
| 1645 | auth_mask = 0; | 1632 | auth_mask = 0; |
| 1646 | if (options.rhosts_authentication) | ||
| 1647 | auth_mask |= 1 << SSH_AUTH_RHOSTS; | ||
| 1648 | if (options.rhosts_rsa_authentication) | 1633 | if (options.rhosts_rsa_authentication) |
| 1649 | auth_mask |= 1 << SSH_AUTH_RHOSTS_RSA; | 1634 | auth_mask |= 1 << SSH_AUTH_RHOSTS_RSA; |
| 1650 | if (options.rsa_authentication) | 1635 | if (options.rsa_authentication) |