diff options
-rw-r--r-- | ChangeLog | 29 | ||||
-rw-r--r-- | auth-rsa.c | 13 | ||||
-rw-r--r-- | auth2.c | 8 | ||||
-rw-r--r-- | cipher.c | 6 | ||||
-rw-r--r-- | compat.c | 21 | ||||
-rw-r--r-- | compat.h | 4 | ||||
-rw-r--r-- | scp.c | 8 | ||||
-rw-r--r-- | servconf.c | 13 | ||||
-rw-r--r-- | servconf.h | 3 | ||||
-rw-r--r-- | serverloop.c | 4 | ||||
-rw-r--r-- | session.c | 8 | ||||
-rw-r--r-- | sftp-server.8 | 16 | ||||
-rw-r--r-- | ssh.1 | 5 | ||||
-rw-r--r-- | sshconnect2.c | 10 | ||||
-rw-r--r-- | sshd.8 | 8 | ||||
-rw-r--r-- | version.h | 2 |
16 files changed, 111 insertions, 47 deletions
@@ -1,3 +1,32 @@ | |||
1 | 20001016 | ||
2 | - (djm) Sync with OpenBSD: | ||
3 | - markus@cvs.openbsd.org 2000/10/14 04:01:15 | ||
4 | [cipher.c] | ||
5 | debug3 | ||
6 | - markus@cvs.openbsd.org 2000/10/14 04:07:23 | ||
7 | [scp.c] | ||
8 | remove spaces from arguments; from djm@mindrot.org | ||
9 | - markus@cvs.openbsd.org 2000/10/14 06:09:46 | ||
10 | [ssh.1] | ||
11 | Cipher is for SSH-1 only | ||
12 | - markus@cvs.openbsd.org 2000/10/14 06:12:09 | ||
13 | [servconf.c servconf.h serverloop.c session.c sshd.8] | ||
14 | AllowTcpForwarding; from naddy@ | ||
15 | - markus@cvs.openbsd.org 2000/10/14 06:16:56 | ||
16 | [auth2.c compat.c compat.h sshconnect2.c version.h] | ||
17 | OpenSSH_2.3; note that is is not complete, but the version number | ||
18 | needs to be changed for interoperability reasons | ||
19 | - markus@cvs.openbsd.org 2000/10/14 06:19:45 | ||
20 | [auth-rsa.c] | ||
21 | do not send RSA challenge if key is not allowed by key-options; from | ||
22 | eivind@ThinkSec.com | ||
23 | - markus@cvs.openbsd.org 2000/10/15 08:14:01 | ||
24 | [rijndael.c session.c] | ||
25 | typos; from stevesk@sweden.hp.com | ||
26 | - markus@cvs.openbsd.org 2000/10/15 08:18:31 | ||
27 | [rijndael.c] | ||
28 | typo | ||
29 | |||
1 | 20001015 | 30 | 20001015 |
2 | - (djm) Fix ssh2 hang on background processes at logout. | 31 | - (djm) Fix ssh2 hang on background processes at logout. |
3 | 32 | ||
diff --git a/auth-rsa.c b/auth-rsa.c index 522f01f84..e8bfa1651 100644 --- a/auth-rsa.c +++ b/auth-rsa.c | |||
@@ -14,7 +14,7 @@ | |||
14 | */ | 14 | */ |
15 | 15 | ||
16 | #include "includes.h" | 16 | #include "includes.h" |
17 | RCSID("$OpenBSD: auth-rsa.c,v 1.31 2000/10/11 19:59:52 markus Exp $"); | 17 | RCSID("$OpenBSD: auth-rsa.c,v 1.32 2000/10/14 12:19:45 markus Exp $"); |
18 | 18 | ||
19 | #include "rsa.h" | 19 | #include "rsa.h" |
20 | #include "packet.h" | 20 | #include "packet.h" |
@@ -231,6 +231,12 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n) | |||
231 | } | 231 | } |
232 | } else | 232 | } else |
233 | options = NULL; | 233 | options = NULL; |
234 | /* | ||
235 | * If our options do not allow this key to be used, | ||
236 | * do not send challenge. | ||
237 | */ | ||
238 | if (!auth_parse_options(pw, options, linenum)) | ||
239 | continue; | ||
234 | 240 | ||
235 | /* Parse the key from the line. */ | 241 | /* Parse the key from the line. */ |
236 | if (!auth_rsa_read_key(&cp, &bits, pk->e, pk->n)) { | 242 | if (!auth_rsa_read_key(&cp, &bits, pk->e, pk->n)) { |
@@ -269,9 +275,8 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n) | |||
269 | * Break out of the loop if authentication was successful; | 275 | * Break out of the loop if authentication was successful; |
270 | * otherwise continue searching. | 276 | * otherwise continue searching. |
271 | */ | 277 | */ |
272 | authenticated = auth_parse_options(pw, options, linenum); | 278 | authenticated = 1; |
273 | if (authenticated) | 279 | break; |
274 | break; | ||
275 | } | 280 | } |
276 | 281 | ||
277 | /* Restore the privileged uid. */ | 282 | /* Restore the privileged uid. */ |
@@ -23,7 +23,7 @@ | |||
23 | */ | 23 | */ |
24 | 24 | ||
25 | #include "includes.h" | 25 | #include "includes.h" |
26 | RCSID("$OpenBSD: auth2.c,v 1.19 2000/10/11 20:27:23 markus Exp $"); | 26 | RCSID("$OpenBSD: auth2.c,v 1.20 2000/10/14 12:16:56 markus Exp $"); |
27 | 27 | ||
28 | #ifdef HAVE_OSF_SIA | 28 | #ifdef HAVE_OSF_SIA |
29 | # include <sia.h> | 29 | # include <sia.h> |
@@ -442,10 +442,10 @@ userauth_pubkey(Authctxt *authctxt) | |||
442 | sig = packet_get_string(&slen); | 442 | sig = packet_get_string(&slen); |
443 | packet_done(); | 443 | packet_done(); |
444 | buffer_init(&b); | 444 | buffer_init(&b); |
445 | if (datafellows & SSH_COMPAT_SESSIONID_ENCODING) { | 445 | if (datafellows & SSH_OLD_SESSIONID) { |
446 | buffer_put_string(&b, session_id2, session_id2_len); | ||
447 | } else { | ||
448 | buffer_append(&b, session_id2, session_id2_len); | 446 | buffer_append(&b, session_id2, session_id2_len); |
447 | } else { | ||
448 | buffer_put_string(&b, session_id2, session_id2_len); | ||
449 | } | 449 | } |
450 | /* reconstruct packet */ | 450 | /* reconstruct packet */ |
451 | buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST); | 451 | buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST); |
@@ -35,7 +35,7 @@ | |||
35 | */ | 35 | */ |
36 | 36 | ||
37 | #include "includes.h" | 37 | #include "includes.h" |
38 | RCSID("$OpenBSD: cipher.c,v 1.35 2000/10/13 18:59:13 markus Exp $"); | 38 | RCSID("$OpenBSD: cipher.c,v 1.36 2000/10/14 10:01:15 markus Exp $"); |
39 | 39 | ||
40 | #include "ssh.h" | 40 | #include "ssh.h" |
41 | #include "xmalloc.h" | 41 | #include "xmalloc.h" |
@@ -488,10 +488,10 @@ ciphers_valid(const char *names) | |||
488 | xfree(ciphers); | 488 | xfree(ciphers); |
489 | return 0; | 489 | return 0; |
490 | } else { | 490 | } else { |
491 | debug("cipher ok: %s [%s]", p, names); | 491 | debug3("cipher ok: %s [%s]", p, names); |
492 | } | 492 | } |
493 | } | 493 | } |
494 | debug("ciphers ok: [%s]", names); | 494 | debug3("ciphers ok: [%s]", names); |
495 | xfree(ciphers); | 495 | xfree(ciphers); |
496 | return 1; | 496 | return 1; |
497 | } | 497 | } |
@@ -23,7 +23,7 @@ | |||
23 | */ | 23 | */ |
24 | 24 | ||
25 | #include "includes.h" | 25 | #include "includes.h" |
26 | RCSID("$OpenBSD: compat.c,v 1.24 2000/10/10 20:20:45 markus Exp $"); | 26 | RCSID("$OpenBSD: compat.c,v 1.25 2000/10/14 12:16:56 markus Exp $"); |
27 | 27 | ||
28 | #include "ssh.h" | 28 | #include "ssh.h" |
29 | #include "packet.h" | 29 | #include "packet.h" |
@@ -62,13 +62,18 @@ compat_datafellows(const char *version) | |||
62 | char *pat; | 62 | char *pat; |
63 | int bugs; | 63 | int bugs; |
64 | } check[] = { | 64 | } check[] = { |
65 | {"^.*MindTerm", 0}, | 65 | { "^OpenSSH-2\\.[01]", SSH_OLD_SESSIONID }, |
66 | {"^2\\.1\\.0 ", SSH_BUG_SIGBLOB|SSH_BUG_HMAC}, | 66 | { "^OpenSSH_2\\.2", SSH_OLD_SESSIONID }, |
67 | {"^2\\.0\\.", SSH_BUG_SIGBLOB|SSH_BUG_HMAC|SSH_BUG_PUBKEYAUTH|SSH_BUG_X11FWD}, | 67 | { "MindTerm", 0 }, |
68 | {"^2\\.[23]\\.0 ", SSH_BUG_HMAC|SSH_COMPAT_SESSIONID_ENCODING}, | 68 | { "^2\\.1\\.0 ", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| |
69 | {"^2\\.[2-9]\\.", SSH_COMPAT_SESSIONID_ENCODING}, | 69 | SSH_OLD_SESSIONID }, |
70 | {"^2\\.", SSH_BUG_HMAC|SSH_COMPAT_SESSIONID_ENCODING}, | 70 | { "^2\\.0\\.", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| |
71 | {NULL, 0} | 71 | SSH_OLD_SESSIONID| |
72 | SSH_BUG_PUBKEYAUTH|SSH_BUG_X11FWD }, | ||
73 | { "^2\\.[23]\\.0 ", SSH_BUG_HMAC}, | ||
74 | { "^2\\.[2-9]\\.", 0 }, | ||
75 | { "^2\\.", SSH_BUG_HMAC}, /* XXX fallback */ | ||
76 | { NULL, 0 } | ||
72 | }; | 77 | }; |
73 | /* process table, return first match */ | 78 | /* process table, return first match */ |
74 | for (i = 0; check[i].pat; i++) { | 79 | for (i = 0; check[i].pat; i++) { |
@@ -21,7 +21,7 @@ | |||
21 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 21 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
22 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 22 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
23 | */ | 23 | */ |
24 | /* RCSID("$OpenBSD: compat.h,v 1.10 2000/09/07 20:27:50 deraadt Exp $"); */ | 24 | /* RCSID("$OpenBSD: compat.h,v 1.11 2000/10/14 12:16:56 markus Exp $"); */ |
25 | 25 | ||
26 | #ifndef COMPAT_H | 26 | #ifndef COMPAT_H |
27 | #define COMPAT_H | 27 | #define COMPAT_H |
@@ -35,7 +35,7 @@ | |||
35 | #define SSH_BUG_PUBKEYAUTH 0x02 | 35 | #define SSH_BUG_PUBKEYAUTH 0x02 |
36 | #define SSH_BUG_HMAC 0x04 | 36 | #define SSH_BUG_HMAC 0x04 |
37 | #define SSH_BUG_X11FWD 0x08 | 37 | #define SSH_BUG_X11FWD 0x08 |
38 | #define SSH_COMPAT_SESSIONID_ENCODING 0x10 | 38 | #define SSH_OLD_SESSIONID 0x10 |
39 | 39 | ||
40 | void enable_compat13(void); | 40 | void enable_compat13(void); |
41 | void enable_compat20(void); | 41 | void enable_compat20(void); |
@@ -75,7 +75,7 @@ | |||
75 | */ | 75 | */ |
76 | 76 | ||
77 | #include "includes.h" | 77 | #include "includes.h" |
78 | RCSID("$OpenBSD: scp.c,v 1.41 2000/10/11 20:03:27 markus Exp $"); | 78 | RCSID("$OpenBSD: scp.c,v 1.42 2000/10/14 10:07:21 markus Exp $"); |
79 | 79 | ||
80 | #include "ssh.h" | 80 | #include "ssh.h" |
81 | #include "xmalloc.h" | 81 | #include "xmalloc.h" |
@@ -266,13 +266,13 @@ main(argc, argv) | |||
266 | case 'o': | 266 | case 'o': |
267 | case 'c': | 267 | case 'c': |
268 | case 'i': | 268 | case 'i': |
269 | addargs("-%c %s", ch, optarg); | 269 | addargs("-%c%s", ch, optarg); |
270 | break; | 270 | break; |
271 | case 'P': | 271 | case 'P': |
272 | addargs("-p %s", optarg); | 272 | addargs("-p%s", optarg); |
273 | break; | 273 | break; |
274 | case 'B': | 274 | case 'B': |
275 | addargs("-o Batchmode yes"); | 275 | addargs("-oBatchmode yes"); |
276 | break; | 276 | break; |
277 | case 'p': | 277 | case 'p': |
278 | pflag = 1; | 278 | pflag = 1; |
diff --git a/servconf.c b/servconf.c index e90defe61..76702a836 100644 --- a/servconf.c +++ b/servconf.c | |||
@@ -10,7 +10,7 @@ | |||
10 | */ | 10 | */ |
11 | 11 | ||
12 | #include "includes.h" | 12 | #include "includes.h" |
13 | RCSID("$OpenBSD: servconf.c,v 1.52 2000/10/11 20:14:39 markus Exp $"); | 13 | RCSID("$OpenBSD: servconf.c,v 1.53 2000/10/14 12:12:09 markus Exp $"); |
14 | 14 | ||
15 | #include "ssh.h" | 15 | #include "ssh.h" |
16 | #include "servconf.h" | 16 | #include "servconf.h" |
@@ -67,6 +67,7 @@ initialize_server_options(ServerOptions *options) | |||
67 | #endif | 67 | #endif |
68 | options->permit_empty_passwd = -1; | 68 | options->permit_empty_passwd = -1; |
69 | options->use_login = -1; | 69 | options->use_login = -1; |
70 | options->allow_tcp_forwarding = -1; | ||
70 | options->num_allow_users = 0; | 71 | options->num_allow_users = 0; |
71 | options->num_deny_users = 0; | 72 | options->num_deny_users = 0; |
72 | options->num_allow_groups = 0; | 73 | options->num_allow_groups = 0; |
@@ -159,6 +160,8 @@ fill_default_server_options(ServerOptions *options) | |||
159 | options->permit_empty_passwd = 0; | 160 | options->permit_empty_passwd = 0; |
160 | if (options->use_login == -1) | 161 | if (options->use_login == -1) |
161 | options->use_login = 0; | 162 | options->use_login = 0; |
163 | if (options->allow_tcp_forwarding == -1) | ||
164 | options->allow_tcp_forwarding = 1; | ||
162 | if (options->protocol == SSH_PROTO_UNKNOWN) | 165 | if (options->protocol == SSH_PROTO_UNKNOWN) |
163 | options->protocol = SSH_PROTO_1|SSH_PROTO_2; | 166 | options->protocol = SSH_PROTO_1|SSH_PROTO_2; |
164 | if (options->gateway_ports == -1) | 167 | if (options->gateway_ports == -1) |
@@ -189,7 +192,8 @@ typedef enum { | |||
189 | sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress, | 192 | sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress, |
190 | sPrintMotd, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset, | 193 | sPrintMotd, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset, |
191 | sStrictModes, sEmptyPasswd, sRandomSeedFile, sKeepAlives, sCheckMail, | 194 | sStrictModes, sEmptyPasswd, sRandomSeedFile, sKeepAlives, sCheckMail, |
192 | sUseLogin, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, | 195 | sUseLogin, sAllowTcpForwarding, |
196 | sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, | ||
193 | sIgnoreUserKnownHosts, sHostDSAKeyFile, sCiphers, sProtocol, sPidFile, | 197 | sIgnoreUserKnownHosts, sHostDSAKeyFile, sCiphers, sProtocol, sPidFile, |
194 | sGatewayPorts, sDSAAuthentication, sXAuthLocation, sSubsystem, sMaxStartups | 198 | sGatewayPorts, sDSAAuthentication, sXAuthLocation, sSubsystem, sMaxStartups |
195 | } ServerOpCodes; | 199 | } ServerOpCodes; |
@@ -240,6 +244,7 @@ static struct { | |||
240 | { "uselogin", sUseLogin }, | 244 | { "uselogin", sUseLogin }, |
241 | { "randomseed", sRandomSeedFile }, | 245 | { "randomseed", sRandomSeedFile }, |
242 | { "keepalive", sKeepAlives }, | 246 | { "keepalive", sKeepAlives }, |
247 | { "allowtcpforwarding", sAllowTcpForwarding }, | ||
243 | { "allowusers", sAllowUsers }, | 248 | { "allowusers", sAllowUsers }, |
244 | { "denyusers", sDenyUsers }, | 249 | { "denyusers", sDenyUsers }, |
245 | { "allowgroups", sAllowGroups }, | 250 | { "allowgroups", sAllowGroups }, |
@@ -573,6 +578,10 @@ parse_flag: | |||
573 | *intptr = (LogLevel) value; | 578 | *intptr = (LogLevel) value; |
574 | break; | 579 | break; |
575 | 580 | ||
581 | case sAllowTcpForwarding: | ||
582 | intptr = &options->allow_tcp_forwarding; | ||
583 | goto parse_flag; | ||
584 | |||
576 | case sAllowUsers: | 585 | case sAllowUsers: |
577 | while ((arg = strdelim(&cp)) && *arg != '\0') { | 586 | while ((arg = strdelim(&cp)) && *arg != '\0') { |
578 | if (options->num_allow_users >= MAX_ALLOW_USERS) | 587 | if (options->num_allow_users >= MAX_ALLOW_USERS) |
diff --git a/servconf.h b/servconf.h index ef0790c7b..0188b9b89 100644 --- a/servconf.h +++ b/servconf.h | |||
@@ -11,7 +11,7 @@ | |||
11 | * called by a name other than "ssh" or "Secure Shell". | 11 | * called by a name other than "ssh" or "Secure Shell". |
12 | */ | 12 | */ |
13 | 13 | ||
14 | /* RCSID("$OpenBSD: servconf.h,v 1.29 2000/10/11 20:14:39 markus Exp $"); */ | 14 | /* RCSID("$OpenBSD: servconf.h,v 1.30 2000/10/14 12:12:09 markus Exp $"); */ |
15 | 15 | ||
16 | #ifndef SERVCONF_H | 16 | #ifndef SERVCONF_H |
17 | #define SERVCONF_H | 17 | #define SERVCONF_H |
@@ -86,6 +86,7 @@ typedef struct { | |||
86 | int permit_empty_passwd; /* If false, do not permit empty | 86 | int permit_empty_passwd; /* If false, do not permit empty |
87 | * passwords. */ | 87 | * passwords. */ |
88 | int use_login; /* If true, login(1) is used */ | 88 | int use_login; /* If true, login(1) is used */ |
89 | int allow_tcp_forwarding; | ||
89 | unsigned int num_allow_users; | 90 | unsigned int num_allow_users; |
90 | char *allow_users[MAX_ALLOW_USERS]; | 91 | char *allow_users[MAX_ALLOW_USERS]; |
91 | unsigned int num_deny_users; | 92 | unsigned int num_deny_users; |
diff --git a/serverloop.c b/serverloop.c index 0c07a2821..d98d74c25 100644 --- a/serverloop.c +++ b/serverloop.c | |||
@@ -49,6 +49,8 @@ | |||
49 | #include "dispatch.h" | 49 | #include "dispatch.h" |
50 | #include "auth-options.h" | 50 | #include "auth-options.h" |
51 | 51 | ||
52 | extern ServerOptions options; | ||
53 | |||
52 | static Buffer stdin_buffer; /* Buffer for stdin data. */ | 54 | static Buffer stdin_buffer; /* Buffer for stdin data. */ |
53 | static Buffer stdout_buffer; /* Buffer for stdout data. */ | 55 | static Buffer stdout_buffer; /* Buffer for stdout data. */ |
54 | static Buffer stderr_buffer; /* Buffer for stderr data. */ | 56 | static Buffer stderr_buffer; /* Buffer for stderr data. */ |
@@ -749,7 +751,7 @@ input_direct_tcpip(void) | |||
749 | originator, originator_port, target, target_port); | 751 | originator, originator_port, target, target_port); |
750 | 752 | ||
751 | /* XXX check permission */ | 753 | /* XXX check permission */ |
752 | if (no_port_forwarding_flag) { | 754 | if (no_port_forwarding_flag || !options.allow_tcp_forwarding) { |
753 | xfree(target); | 755 | xfree(target); |
754 | xfree(originator); | 756 | xfree(originator); |
755 | return -1; | 757 | return -1; |
@@ -33,7 +33,7 @@ | |||
33 | */ | 33 | */ |
34 | 34 | ||
35 | #include "includes.h" | 35 | #include "includes.h" |
36 | RCSID("$OpenBSD: session.c,v 1.38 2000/10/11 20:27:23 markus Exp $"); | 36 | RCSID("$OpenBSD: session.c,v 1.40 2000/10/15 14:14:01 markus Exp $"); |
37 | 37 | ||
38 | #include "xmalloc.h" | 38 | #include "xmalloc.h" |
39 | #include "ssh.h" | 39 | #include "ssh.h" |
@@ -236,7 +236,7 @@ do_authenticated(struct passwd * pw) | |||
236 | * by the client telling us, so we can equally well trust the client | 236 | * by the client telling us, so we can equally well trust the client |
237 | * not to request anything bogus.) | 237 | * not to request anything bogus.) |
238 | */ | 238 | */ |
239 | if (!no_port_forwarding_flag) | 239 | if (!no_port_forwarding_flag && options.allow_tcp_forwarding) |
240 | channel_permit_all_opens(); | 240 | channel_permit_all_opens(); |
241 | 241 | ||
242 | s = session_new(); | 242 | s = session_new(); |
@@ -388,6 +388,10 @@ do_authenticated(struct passwd * pw) | |||
388 | debug("Port forwarding not permitted for this authentication."); | 388 | debug("Port forwarding not permitted for this authentication."); |
389 | break; | 389 | break; |
390 | } | 390 | } |
391 | if (!options.allow_tcp_forwarding) { | ||
392 | debug("Port forwarding not permitted."); | ||
393 | break; | ||
394 | } | ||
391 | debug("Received TCP/IP port forwarding request."); | 395 | debug("Received TCP/IP port forwarding request."); |
392 | channel_input_port_forward_request(pw->pw_uid == 0, options.gateway_ports); | 396 | channel_input_port_forward_request(pw->pw_uid == 0, options.gateway_ports); |
393 | success = 1; | 397 | success = 1; |
diff --git a/sftp-server.8 b/sftp-server.8 index 2a7ba258b..fb4706c43 100644 --- a/sftp-server.8 +++ b/sftp-server.8 | |||
@@ -36,20 +36,20 @@ is a program that speaks the server side of SFTP protocol | |||
36 | to stdout and expects client requests from stdin. | 36 | to stdout and expects client requests from stdin. |
37 | .Nm | 37 | .Nm |
38 | is not intended to be called directly, but from | 38 | is not intended to be called directly, but from |
39 | .Xr sshd 8 | 39 | .Xr sshd 8 |
40 | using the | 40 | using the |
41 | .Cm Subsystem | 41 | .Cm Subsystem |
42 | option. | 42 | option. |
43 | See | 43 | See |
44 | .Xr sshd 8 | 44 | .Xr sshd 8 |
45 | for more information. | 45 | for more information. |
46 | .Sh HISTORY | ||
47 | .Nm | ||
48 | first appeared in OpenBSD 2.8. | ||
49 | .Sh AUTHOR | ||
50 | Markus Friedl <markus@openbsd.org> | ||
51 | .Sh SEE ALSO | 46 | .Sh SEE ALSO |
52 | .Xr ssh 1 , | 47 | .Xr ssh 1 , |
53 | .Xr ssh-add 1 , | 48 | .Xr ssh-add 1 , |
54 | .Xr ssh-keygen 1 , | 49 | .Xr ssh-keygen 1 , |
55 | .Xr sshd 8 , | 50 | .Xr sshd 8 |
51 | .Sh AUTHOR | ||
52 | Markus Friedl <markus@openbsd.org> | ||
53 | .Sh HISTORY | ||
54 | .Nm | ||
55 | first appeared in OpenBSD 2.8 . | ||
@@ -627,7 +627,8 @@ If the option is set to | |||
627 | .Dq no , | 627 | .Dq no , |
628 | the check will not be executed. | 628 | the check will not be executed. |
629 | .It Cm Cipher | 629 | .It Cm Cipher |
630 | Specifies the cipher to use for encrypting the session. | 630 | Specifies the cipher to use for encrypting the session |
631 | in protocol version 1 | ||
631 | Currently, | 632 | Currently, |
632 | .Dq blowfish , | 633 | .Dq blowfish , |
633 | and | 634 | and |
@@ -640,7 +641,7 @@ Specifies the ciphers allowed for protocol version 2 | |||
640 | in order of preference. | 641 | in order of preference. |
641 | Multiple ciphers must be comma-separated. | 642 | Multiple ciphers must be comma-separated. |
642 | The default is | 643 | The default is |
643 | .Dq 3des-cbc,blowfish-cbc,arcfour,cast128-cbc . | 644 | .Dq 3des-cbc,blowfish-cbc,cast128-cbc,arcfour . |
644 | .It Cm Compression | 645 | .It Cm Compression |
645 | Specifies whether to use compression. | 646 | Specifies whether to use compression. |
646 | The argument must be | 647 | The argument must be |
diff --git a/sshconnect2.c b/sshconnect2.c index ca459f62c..1f3b5a261 100644 --- a/sshconnect2.c +++ b/sshconnect2.c | |||
@@ -23,7 +23,7 @@ | |||
23 | */ | 23 | */ |
24 | 24 | ||
25 | #include "includes.h" | 25 | #include "includes.h" |
26 | RCSID("$OpenBSD: sshconnect2.c,v 1.25 2000/10/12 09:59:19 markus Exp $"); | 26 | RCSID("$OpenBSD: sshconnect2.c,v 1.26 2000/10/14 12:16:56 markus Exp $"); |
27 | 27 | ||
28 | #include <openssl/bn.h> | 28 | #include <openssl/bn.h> |
29 | #include <openssl/rsa.h> | 29 | #include <openssl/rsa.h> |
@@ -657,12 +657,12 @@ sign_and_send_pubkey(Authctxt *authctxt, Key *k, sign_cb_fn *sign_callback) | |||
657 | 657 | ||
658 | /* data to be signed */ | 658 | /* data to be signed */ |
659 | buffer_init(&b); | 659 | buffer_init(&b); |
660 | if (datafellows & SSH_COMPAT_SESSIONID_ENCODING) { | 660 | if (datafellows & SSH_OLD_SESSIONID) { |
661 | buffer_put_string(&b, session_id2, session_id2_len); | ||
662 | skip = buffer_len(&b); | ||
663 | } else { | ||
664 | buffer_append(&b, session_id2, session_id2_len); | 661 | buffer_append(&b, session_id2, session_id2_len); |
665 | skip = session_id2_len; | 662 | skip = session_id2_len; |
663 | } else { | ||
664 | buffer_put_string(&b, session_id2, session_id2_len); | ||
665 | skip = buffer_len(&b); | ||
666 | } | 666 | } |
667 | buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST); | 667 | buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST); |
668 | buffer_put_cstring(&b, authctxt->server_user); | 668 | buffer_put_cstring(&b, authctxt->server_user); |
@@ -303,6 +303,14 @@ wildcards in the patterns. | |||
303 | Only group names are valid; a numerical group ID isn't recognized. | 303 | Only group names are valid; a numerical group ID isn't recognized. |
304 | By default login is allowed regardless of the primary group. | 304 | By default login is allowed regardless of the primary group. |
305 | .Pp | 305 | .Pp |
306 | .It Cm AllowTcpForwarding | ||
307 | Specifies whether TCP forwarding is permitted. | ||
308 | The default is | ||
309 | .Dq yes . | ||
310 | Note that disabling TCP forwarding does not improve security unless | ||
311 | users are also denied shell access, as they can always install their | ||
312 | own forwarders. | ||
313 | .Pp | ||
306 | .It Cm AllowUsers | 314 | .It Cm AllowUsers |
307 | This keyword can be followed by a number of user names, separated | 315 | This keyword can be followed by a number of user names, separated |
308 | by spaces. | 316 | by spaces. |
@@ -1 +1 @@ | |||
#define SSH_VERSION "OpenSSH_2.2.0p2" | #define SSH_VERSION "OpenSSH_2.3.0p1" | ||