diff options
119 files changed, 5000 insertions, 2423 deletions
@@ -1,3 +1,522 @@ | |||
1 | 20100823 | ||
2 | - (djm) Release OpenSSH-5.6p1 | ||
3 | |||
4 | 20100816 | ||
5 | - (dtucker) [configure.ac openbsd-compat/Makefile.in | ||
6 | openbsd-compat/openbsd-compat.h openbsd-compat/strptime.c] Add strptime to | ||
7 | the compat library which helps on platforms like old IRIX. Based on work | ||
8 | by djm, tested by Tom Christensen. | ||
9 | - OpenBSD CVS Sync | ||
10 | - djm@cvs.openbsd.org 2010/08/12 21:49:44 | ||
11 | [ssh.c] | ||
12 | close any extra file descriptors inherited from parent at start and | ||
13 | reopen stdin/stdout to /dev/null when forking for ControlPersist. | ||
14 | |||
15 | prevents tools that fork and run a captive ssh for communication from | ||
16 | failing to exit when the ssh completes while they wait for these fds to | ||
17 | close. The inherited fds may persist arbitrarily long if a background | ||
18 | mux master has been started by ControlPersist. cvs and scp were effected | ||
19 | by this. | ||
20 | |||
21 | "please commit" markus@ | ||
22 | - (djm) [regress/README.regress] typo | ||
23 | |||
24 | 20100812 | ||
25 | - (tim) [regress/login-timeout.sh regress/reconfigure.sh regress/reexec.sh | ||
26 | regress/test-exec.sh] Under certain conditions when testing with sudo | ||
27 | tests would fail because the pidfile could not be read by a regular user. | ||
28 | "cat: cannot open ...../regress/pidfile: Permission denied (error 13)" | ||
29 | Make sure cat is run by $SUDO. no objection from me. djm@ | ||
30 | - (tim) [auth.c] add cast to quiet compiler. Change only affects SVR5 systems. | ||
31 | |||
32 | 20100809 | ||
33 | - (djm) bz#1561: don't bother setting IFF_UP on tun(4) device if it is | ||
34 | already set. Makes FreeBSD user openable tunnels useful; patch from | ||
35 | richard.burakowski+ossh AT mrburak.net, ok dtucker@ | ||
36 | - (dtucker) bug #1530: strip trailing ":" from hostname in ssh-copy-id. | ||
37 | based in part on a patch from Colin Watson, ok djm@ | ||
38 | |||
39 | 20100809 | ||
40 | - OpenBSD CVS Sync | ||
41 | - djm@cvs.openbsd.org 2010/08/08 16:26:42 | ||
42 | [version.h] | ||
43 | crank to 5.6 | ||
44 | - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec] | ||
45 | [contrib/suse/openssh.spec] Crank version numbers | ||
46 | |||
47 | 20100805 | ||
48 | - OpenBSD CVS Sync | ||
49 | - djm@cvs.openbsd.org 2010/08/04 05:37:01 | ||
50 | [ssh.1 ssh_config.5 sshd.8] | ||
51 | Remove mentions of weird "addr/port" alternate address format for IPv6 | ||
52 | addresses combinations. It hasn't worked for ages and we have supported | ||
53 | the more commen "[addr]:port" format for a long time. ok jmc@ markus@ | ||
54 | - djm@cvs.openbsd.org 2010/08/04 05:40:39 | ||
55 | [PROTOCOL.certkeys ssh-keygen.c] | ||
56 | tighten the rules for certificate encoding by requiring that options | ||
57 | appear in lexical order and make our ssh-keygen comply. ok markus@ | ||
58 | - djm@cvs.openbsd.org 2010/08/04 05:42:47 | ||
59 | [auth.c auth2-hostbased.c authfile.c authfile.h ssh-keysign.8] | ||
60 | [ssh-keysign.c ssh.c] | ||
61 | enable certificates for hostbased authentication, from Iain Morgan; | ||
62 | "looks ok" markus@ | ||
63 | - djm@cvs.openbsd.org 2010/08/04 05:49:22 | ||
64 | [authfile.c] | ||
65 | commited the wrong version of the hostbased certificate diff; this | ||
66 | version replaces some strlc{py,at} verbosity with xasprintf() at | ||
67 | the request of markus@ | ||
68 | - djm@cvs.openbsd.org 2010/08/04 06:07:11 | ||
69 | [ssh-keygen.1 ssh-keygen.c] | ||
70 | Support CA keys in PKCS#11 tokens; feedback and ok markus@ | ||
71 | - djm@cvs.openbsd.org 2010/08/04 06:08:40 | ||
72 | [ssh-keysign.c] | ||
73 | clean for -Wuninitialized (Id sync only; portable had this change) | ||
74 | - djm@cvs.openbsd.org 2010/08/05 13:08:42 | ||
75 | [channels.c] | ||
76 | Fix a trio of bugs in the local/remote window calculation for datagram | ||
77 | data channels (i.e. TunnelForward): | ||
78 | |||
79 | Calculate local_consumed correctly in channel_handle_wfd() by measuring | ||
80 | the delta to buffer_len(c->output) from when we start to when we finish. | ||
81 | The proximal problem here is that the output_filter we use in portable | ||
82 | modified the length of the dequeued datagram (to futz with the headers | ||
83 | for !OpenBSD). | ||
84 | |||
85 | In channel_output_poll(), don't enqueue datagrams that won't fit in the | ||
86 | peer's advertised packet size (highly unlikely to ever occur) or which | ||
87 | won't fit in the peer's remaining window (more likely). | ||
88 | |||
89 | In channel_input_data(), account for the 4-byte string header in | ||
90 | datagram packets that we accept from the peer and enqueue in c->output. | ||
91 | |||
92 | report, analysis and testing 2/3 cases from wierbows AT us.ibm.com; | ||
93 | "looks good" markus@ | ||
94 | |||
95 | 20100803 | ||
96 | - (dtucker) [monitor.c] Bug #1795: Initialize the values to be returned from | ||
97 | PAM to sane values in case the PAM method doesn't write to them. Spotted by | ||
98 | Bitman Zhou, ok djm@. | ||
99 | - OpenBSD CVS Sync | ||
100 | - djm@cvs.openbsd.org 2010/07/16 04:45:30 | ||
101 | [ssh-keygen.c] | ||
102 | avoid bogus compiler warning | ||
103 | - djm@cvs.openbsd.org 2010/07/16 14:07:35 | ||
104 | [ssh-rsa.c] | ||
105 | more timing paranoia - compare all parts of the expected decrypted | ||
106 | data before returning. AFAIK not exploitable in the SSH protocol. | ||
107 | "groovy" deraadt@ | ||
108 | - djm@cvs.openbsd.org 2010/07/19 03:16:33 | ||
109 | [sftp-client.c] | ||
110 | bz#1797: fix swapped args in upload_dir_internal(), breaking recursive | ||
111 | upload depth checks and causing verbose printing of transfers to always | ||
112 | be turned on; patch from imorgan AT nas.nasa.gov | ||
113 | - djm@cvs.openbsd.org 2010/07/19 09:15:12 | ||
114 | [clientloop.c readconf.c readconf.h ssh.c ssh_config.5] | ||
115 | add a "ControlPersist" option that automatically starts a background | ||
116 | ssh(1) multiplex master when connecting. This connection can stay alive | ||
117 | indefinitely, or can be set to automatically close after a user-specified | ||
118 | duration of inactivity. bz#1330 - patch by dwmw2 AT infradead.org, but | ||
119 | further hacked on by wmertens AT cisco.com, apb AT cequrux.com, | ||
120 | martin-mindrot-bugzilla AT earth.li and myself; "looks ok" markus@ | ||
121 | - djm@cvs.openbsd.org 2010/07/21 02:10:58 | ||
122 | [misc.c] | ||
123 | sync timingsafe_bcmp() with the one dempsky@ committed to sys/lib/libkern | ||
124 | - dtucker@cvs.openbsd.org 2010/07/23 08:49:25 | ||
125 | [ssh.1] | ||
126 | Ciphers is documented in ssh_config(5) these days | ||
127 | |||
128 | 20100819 | ||
129 | - (dtucker) [contrib/ssh-copy-ud.1] Bug #1786: update ssh-copy-id.1 with more | ||
130 | details about its behaviour WRT existing directories. Patch from | ||
131 | asguthrie at gmail com, ok djm. | ||
132 | |||
133 | 20100716 | ||
134 | - (djm) OpenBSD CVS Sync | ||
135 | - djm@cvs.openbsd.org 2010/07/02 04:32:44 | ||
136 | [misc.c] | ||
137 | unbreak strdelim() skipping past quoted strings, e.g. | ||
138 | AllowUsers "blah blah" blah | ||
139 | was broken; report and fix in bz#1757 from bitman.zhou AT centrify.com | ||
140 | ok dtucker; | ||
141 | - djm@cvs.openbsd.org 2010/07/12 22:38:52 | ||
142 | [ssh.c] | ||
143 | Make ExitOnForwardFailure work with fork-after-authentication ("ssh -f") | ||
144 | for protocol 2. ok markus@ | ||
145 | - djm@cvs.openbsd.org 2010/07/12 22:41:13 | ||
146 | [ssh.c ssh_config.5] | ||
147 | expand %h to the hostname in ssh_config Hostname options. While this | ||
148 | sounds useless, it is actually handy for working with unqualified | ||
149 | hostnames: | ||
150 | |||
151 | Host *.* | ||
152 | Hostname %h | ||
153 | Host * | ||
154 | Hostname %h.example.org | ||
155 | |||
156 | "I like it" markus@ | ||
157 | - djm@cvs.openbsd.org 2010/07/13 11:52:06 | ||
158 | [auth-rsa.c channels.c jpake.c key.c misc.c misc.h monitor.c] | ||
159 | [packet.c ssh-rsa.c] | ||
160 | implement a timing_safe_cmp() function to compare memory without leaking | ||
161 | timing information by short-circuiting like memcmp() and use it for | ||
162 | some of the more sensitive comparisons (though nothing high-value was | ||
163 | readily attackable anyway); "looks ok" markus@ | ||
164 | - djm@cvs.openbsd.org 2010/07/13 23:13:16 | ||
165 | [auth-rsa.c channels.c jpake.c key.c misc.c misc.h monitor.c packet.c] | ||
166 | [ssh-rsa.c] | ||
167 | s/timing_safe_cmp/timingsafe_bcmp/g | ||
168 | - jmc@cvs.openbsd.org 2010/07/14 17:06:58 | ||
169 | [ssh.1] | ||
170 | finally ssh synopsis looks nice again! this commit just removes a ton of | ||
171 | hacks we had in place to make it work with old groff; | ||
172 | - schwarze@cvs.openbsd.org 2010/07/15 21:20:38 | ||
173 | [ssh-keygen.1] | ||
174 | repair incorrect block nesting, which screwed up indentation; | ||
175 | problem reported and fix OK by jmc@ | ||
176 | |||
177 | 20100714 | ||
178 | - (tim) [contrib/redhat/openssh.spec] Bug 1796: Test for skip_x11_askpass | ||
179 | (line 77) should have been for no_x11_askpass. | ||
180 | |||
181 | 20100702 | ||
182 | - (djm) OpenBSD CVS Sync | ||
183 | - jmc@cvs.openbsd.org 2010/06/26 00:57:07 | ||
184 | [ssh_config.5] | ||
185 | tweak previous; | ||
186 | - djm@cvs.openbsd.org 2010/06/26 23:04:04 | ||
187 | [ssh.c] | ||
188 | oops, forgot to #include <canohost.h>; spotted and patch from chl@ | ||
189 | - djm@cvs.openbsd.org 2010/06/29 23:15:30 | ||
190 | [ssh-keygen.1 ssh-keygen.c] | ||
191 | allow import (-i) and export (-e) of PEM and PKCS#8 encoded keys; | ||
192 | bz#1749; ok markus@ | ||
193 | - djm@cvs.openbsd.org 2010/06/29 23:16:46 | ||
194 | [auth2-pubkey.c sshd_config.5] | ||
195 | allow key options (command="..." and friends) in AuthorizedPrincipals; | ||
196 | ok markus@ | ||
197 | - jmc@cvs.openbsd.org 2010/06/30 07:24:25 | ||
198 | [ssh-keygen.1] | ||
199 | tweak previous; | ||
200 | - jmc@cvs.openbsd.org 2010/06/30 07:26:03 | ||
201 | [ssh-keygen.c] | ||
202 | sort usage(); | ||
203 | - jmc@cvs.openbsd.org 2010/06/30 07:28:34 | ||
204 | [sshd_config.5] | ||
205 | tweak previous; | ||
206 | - millert@cvs.openbsd.org 2010/07/01 13:06:59 | ||
207 | [scp.c] | ||
208 | Fix a longstanding problem where if you suspend scp at the | ||
209 | password/passphrase prompt the terminal mode is not restored. | ||
210 | OK djm@ | ||
211 | - phessler@cvs.openbsd.org 2010/06/27 19:19:56 | ||
212 | [regress/Makefile] | ||
213 | fix how we run the tests so we can successfully use SUDO='sudo -E' | ||
214 | in our env | ||
215 | - djm@cvs.openbsd.org 2010/06/29 23:59:54 | ||
216 | [cert-userkey.sh] | ||
217 | regress tests for key options in AuthorizedPrincipals | ||
218 | |||
219 | 20100627 | ||
220 | - (tim) [openbsd-compat/port-uw.c] Reorder includes. auth-options.h now needs | ||
221 | key.h. | ||
222 | |||
223 | 20100626 | ||
224 | - (djm) OpenBSD CVS Sync | ||
225 | - djm@cvs.openbsd.org 2010/05/21 05:00:36 | ||
226 | [misc.c] | ||
227 | colon() returns char*, so s/return (0)/return NULL/ | ||
228 | - markus@cvs.openbsd.org 2010/06/08 21:32:19 | ||
229 | [ssh-pkcs11.c] | ||
230 | check length of value returned C_GetAttributValue for != 0 | ||
231 | from mdrtbugzilla@codefive.co.uk; bugzilla #1773; ok dtucker@ | ||
232 | - djm@cvs.openbsd.org 2010/06/17 07:07:30 | ||
233 | [mux.c] | ||
234 | Correct sizing of object to be allocated by calloc(), replacing | ||
235 | sizeof(state) with sizeof(*state). This worked by accident since | ||
236 | the struct contained a single int at present, but could have broken | ||
237 | in the future. patch from hyc AT symas.com | ||
238 | - djm@cvs.openbsd.org 2010/06/18 00:58:39 | ||
239 | [sftp.c] | ||
240 | unbreak ls in working directories that contains globbing characters in | ||
241 | their pathnames. bz#1655 reported by vgiffin AT apple.com | ||
242 | - djm@cvs.openbsd.org 2010/06/18 03:16:03 | ||
243 | [session.c] | ||
244 | Missing check for chroot_director == "none" (we already checked against | ||
245 | NULL); bz#1564 from Jan.Pechanec AT Sun.COM | ||
246 | - djm@cvs.openbsd.org 2010/06/18 04:43:08 | ||
247 | [sftp-client.c] | ||
248 | fix memory leak in do_realpath() error path; bz#1771, patch from | ||
249 | anicka AT suse.cz | ||
250 | - djm@cvs.openbsd.org 2010/06/22 04:22:59 | ||
251 | [servconf.c sshd_config.5] | ||
252 | expose some more sshd_config options inside Match blocks: | ||
253 | AuthorizedKeysFile AuthorizedPrincipalsFile | ||
254 | HostbasedUsesNameFromPacketOnly PermitTunnel | ||
255 | bz#1764; feedback from imorgan AT nas.nasa.gov; ok dtucker@ | ||
256 | - djm@cvs.openbsd.org 2010/06/22 04:32:06 | ||
257 | [ssh-keygen.c] | ||
258 | standardise error messages when attempting to open private key | ||
259 | files to include "progname: filename: error reason" | ||
260 | bz#1783; ok dtucker@ | ||
261 | - djm@cvs.openbsd.org 2010/06/22 04:49:47 | ||
262 | [auth.c] | ||
263 | queue auth debug messages for bad ownership or permissions on the user's | ||
264 | keyfiles. These messages will be sent after the user has successfully | ||
265 | authenticated (where our client will display them with LogLevel=debug). | ||
266 | bz#1554; ok dtucker@ | ||
267 | - djm@cvs.openbsd.org 2010/06/22 04:54:30 | ||
268 | [ssh-keyscan.c] | ||
269 | replace verbose and overflow-prone Linebuf code with read_keyfile_line() | ||
270 | based on patch from joachim AT joachimschipper.nl; bz#1565; ok dtucker@ | ||
271 | - djm@cvs.openbsd.org 2010/06/22 04:59:12 | ||
272 | [session.c] | ||
273 | include the user name on "subsystem request for ..." log messages; | ||
274 | bz#1571; ok dtucker@ | ||
275 | - djm@cvs.openbsd.org 2010/06/23 02:59:02 | ||
276 | [ssh-keygen.c] | ||
277 | fix printing of extensions in v01 certificates that I broke in r1.190 | ||
278 | - djm@cvs.openbsd.org 2010/06/25 07:14:46 | ||
279 | [channels.c mux.c readconf.c readconf.h ssh.h] | ||
280 | bz#1327: remove hardcoded limit of 100 permitopen clauses and port | ||
281 | forwards per direction; ok markus@ stevesk@ | ||
282 | - djm@cvs.openbsd.org 2010/06/25 07:20:04 | ||
283 | [channels.c session.c] | ||
284 | bz#1750: fix requirement for /dev/null inside ChrootDirectory for | ||
285 | internal-sftp accidentally introduced in r1.253 by removing the code | ||
286 | that opens and dup /dev/null to stderr and modifying the channels code | ||
287 | to read stderr but discard it instead; ok markus@ | ||
288 | - djm@cvs.openbsd.org 2010/06/25 08:46:17 | ||
289 | [auth1.c auth2-none.c] | ||
290 | skip the initial check for access with an empty password when | ||
291 | PermitEmptyPasswords=no; bz#1638; ok markus@ | ||
292 | - djm@cvs.openbsd.org 2010/06/25 23:10:30 | ||
293 | [ssh.c] | ||
294 | log the hostname and address that we connected to at LogLevel=verbose | ||
295 | after authentication is successful to mitigate "phishing" attacks by | ||
296 | servers with trusted keys that accept authentication silently and | ||
297 | automatically before presenting fake password/passphrase prompts; | ||
298 | "nice!" markus@ | ||
299 | - djm@cvs.openbsd.org 2010/06/25 23:10:30 | ||
300 | [ssh.c] | ||
301 | log the hostname and address that we connected to at LogLevel=verbose | ||
302 | after authentication is successful to mitigate "phishing" attacks by | ||
303 | servers with trusted keys that accept authentication silently and | ||
304 | automatically before presenting fake password/passphrase prompts; | ||
305 | "nice!" markus@ | ||
306 | |||
307 | 20100622 | ||
308 | - (djm) [loginrec.c] crank LINFO_NAMESIZE (username length) to 512 | ||
309 | bz#1579; ok dtucker | ||
310 | |||
311 | 20100618 | ||
312 | - (djm) [contrib/ssh-copy-id] Update key file explicitly under ~ | ||
313 | rather than assuming that $CWD == $HOME. bz#1500, patch from | ||
314 | timothy AT gelter.com | ||
315 | |||
316 | 20100617 | ||
317 | - (tim) [contrib/cygwin/README] Remove a reference to the obsolete | ||
318 | minires-devel package, and to add the reference to the libedit-devel | ||
319 | package since CYgwin now provides libedit. Patch from Corinna Vinschen. | ||
320 | |||
321 | 20100521 | ||
322 | - (djm) OpenBSD CVS Sync | ||
323 | - djm@cvs.openbsd.org 2010/05/07 11:31:26 | ||
324 | [regress/Makefile regress/cert-userkey.sh] | ||
325 | regress tests for AuthorizedPrincipalsFile and "principals=" key option. | ||
326 | feedback and ok markus@ | ||
327 | - djm@cvs.openbsd.org 2010/05/11 02:58:04 | ||
328 | [auth-rsa.c] | ||
329 | don't accept certificates marked as "cert-authority" here; ok markus@ | ||
330 | - djm@cvs.openbsd.org 2010/05/14 00:47:22 | ||
331 | [ssh-add.c] | ||
332 | check that the certificate matches the corresponding private key before | ||
333 | grafting it on | ||
334 | - djm@cvs.openbsd.org 2010/05/14 23:29:23 | ||
335 | [channels.c channels.h mux.c ssh.c] | ||
336 | Pause the mux channel while waiting for reply from aynch callbacks. | ||
337 | Prevents misordering of replies if new requests arrive while waiting. | ||
338 | |||
339 | Extend channel open confirm callback to allow signalling failure | ||
340 | conditions as well as success. Use this to 1) fix a memory leak, 2) | ||
341 | start using the above pause mechanism and 3) delay sending a success/ | ||
342 | failure message on mux slave session open until we receive a reply from | ||
343 | the server. | ||
344 | |||
345 | motivated by and with feedback from markus@ | ||
346 | - markus@cvs.openbsd.org 2010/05/16 12:55:51 | ||
347 | [PROTOCOL.mux clientloop.h mux.c readconf.c readconf.h ssh.1 ssh.c] | ||
348 | mux support for remote forwarding with dynamic port allocation, | ||
349 | use with | ||
350 | LPORT=`ssh -S muxsocket -R0:localhost:25 -O forward somehost` | ||
351 | feedback and ok djm@ | ||
352 | - djm@cvs.openbsd.org 2010/05/20 11:25:26 | ||
353 | [auth2-pubkey.c] | ||
354 | fix logspam when key options (from="..." especially) deny non-matching | ||
355 | keys; reported by henning@ also bz#1765; ok markus@ dtucker@ | ||
356 | - djm@cvs.openbsd.org 2010/05/20 23:46:02 | ||
357 | [PROTOCOL.certkeys auth-options.c ssh-keygen.c] | ||
358 | Move the permit-* options to the non-critical "extensions" field for v01 | ||
359 | certificates. The logic is that if another implementation fails to | ||
360 | implement them then the connection just loses features rather than fails | ||
361 | outright. | ||
362 | |||
363 | ok markus@ | ||
364 | |||
365 | 20100511 | ||
366 | - (dtucker) [Makefile.in] Bug #1770: Link libopenbsd-compat twice to solve | ||
367 | circular dependency problem on old or odd platforms. From Tom Lane, ok | ||
368 | djm@. | ||
369 | - (djm) [openbsd-compat/openssl-compat.h] Fix build breakage on older | ||
370 | libcrypto by defining OPENSSL_[DR]SA_MAX_MODULUS_BITS if they aren't | ||
371 | already. ok dtucker@ | ||
372 | |||
373 | 20100510 | ||
374 | - OpenBSD CVS Sync | ||
375 | - djm@cvs.openbsd.org 2010/04/23 01:47:41 | ||
376 | [ssh-keygen.c] | ||
377 | bz#1740: display a more helpful error message when $HOME is | ||
378 | inaccessible while trying to create .ssh directory. Based on patch | ||
379 | from jchadima AT redhat.com; ok dtucker@ | ||
380 | - djm@cvs.openbsd.org 2010/04/23 22:27:38 | ||
381 | [mux.c] | ||
382 | set "detach_close" flag when registering channel cleanup callbacks. | ||
383 | This causes the channel to close normally when its fds close and | ||
384 | hangs when terminating a mux slave using ~. bz#1758; ok markus@ | ||
385 | - djm@cvs.openbsd.org 2010/04/23 22:42:05 | ||
386 | [session.c] | ||
387 | set stderr to /dev/null for subsystems rather than just closing it. | ||
388 | avoids hangs if a subsystem or shell initialisation writes to stderr. | ||
389 | bz#1750; ok markus@ | ||
390 | - djm@cvs.openbsd.org 2010/04/23 22:48:31 | ||
391 | [ssh-keygen.c] | ||
392 | refuse to generate keys longer than OPENSSL_[RD]SA_MAX_MODULUS_BITS, | ||
393 | since we would refuse to use them anyway. bz#1516; ok dtucker@ | ||
394 | - djm@cvs.openbsd.org 2010/04/26 22:28:24 | ||
395 | [sshconnect2.c] | ||
396 | bz#1502: authctxt.success is declared as an int, but passed by | ||
397 | reference to function that accepts sig_atomic_t*. Convert it to | ||
398 | the latter; ok markus@ dtucker@ | ||
399 | - djm@cvs.openbsd.org 2010/05/01 02:50:50 | ||
400 | [PROTOCOL.certkeys] | ||
401 | typo; jmeltzer@ | ||
402 | - dtucker@cvs.openbsd.org 2010/05/05 04:22:09 | ||
403 | [sftp.c] | ||
404 | restore mput and mget which got lost in the tab-completion changes. | ||
405 | found by Kenneth Whitaker, ok djm@ | ||
406 | - djm@cvs.openbsd.org 2010/05/07 11:30:30 | ||
407 | [auth-options.c auth-options.h auth.c auth.h auth2-pubkey.c] | ||
408 | [key.c servconf.c servconf.h sshd.8 sshd_config.5] | ||
409 | add some optional indirection to matching of principal names listed | ||
410 | in certificates. Currently, a certificate must include the a user's name | ||
411 | to be accepted for authentication. This change adds the ability to | ||
412 | specify a list of certificate principal names that are acceptable. | ||
413 | |||
414 | When authenticating using a CA trusted through ~/.ssh/authorized_keys, | ||
415 | this adds a new principals="name1[,name2,...]" key option. | ||
416 | |||
417 | For CAs listed through sshd_config's TrustedCAKeys option, a new config | ||
418 | option "AuthorizedPrincipalsFile" specifies a per-user file containing | ||
419 | the list of acceptable names. | ||
420 | |||
421 | If either option is absent, the current behaviour of requiring the | ||
422 | username to appear in principals continues to apply. | ||
423 | |||
424 | These options are useful for role accounts, disjoint account namespaces | ||
425 | and "user@realm"-style naming policies in certificates. | ||
426 | |||
427 | feedback and ok markus@ | ||
428 | - jmc@cvs.openbsd.org 2010/05/07 12:49:17 | ||
429 | [sshd_config.5] | ||
430 | tweak previous; | ||
431 | |||
432 | 20100423 | ||
433 | - (dtucker) [configure.ac] Bug #1756: Check for the existence of a lib64 dir | ||
434 | in the openssl install directory (some newer openssl versions do this on at | ||
435 | least some amd64 platforms). | ||
436 | |||
437 | 20100418 | ||
438 | - OpenBSD CVS Sync | ||
439 | - jmc@cvs.openbsd.org 2010/04/16 06:45:01 | ||
440 | [ssh_config.5] | ||
441 | tweak previous; ok djm | ||
442 | - jmc@cvs.openbsd.org 2010/04/16 06:47:04 | ||
443 | [ssh-keygen.1 ssh-keygen.c] | ||
444 | tweak previous; ok djm | ||
445 | - djm@cvs.openbsd.org 2010/04/16 21:14:27 | ||
446 | [sshconnect.c] | ||
447 | oops, %r => remote username, not %u | ||
448 | - djm@cvs.openbsd.org 2010/04/16 01:58:45 | ||
449 | [regress/cert-hostkey.sh regress/cert-userkey.sh] | ||
450 | regression tests for v01 certificate format | ||
451 | includes interop tests for v00 certs | ||
452 | - (dtucker) [contrib/aix/buildbff.sh] Fix creation of ssh_prng_cmds.default | ||
453 | file. | ||
454 | |||
455 | 20100416 | ||
456 | - (djm) Release openssh-5.5p1 | ||
457 | - OpenBSD CVS Sync | ||
458 | - djm@cvs.openbsd.org 2010/03/26 03:13:17 | ||
459 | [bufaux.c] | ||
460 | allow buffer_get_int_ret/buffer_get_int64_ret to take a NULL pointer | ||
461 | argument to allow skipping past values in a buffer | ||
462 | - jmc@cvs.openbsd.org 2010/03/26 06:54:36 | ||
463 | [ssh.1] | ||
464 | tweak previous; | ||
465 | - jmc@cvs.openbsd.org 2010/03/27 14:26:55 | ||
466 | [ssh_config.5] | ||
467 | tweak previous; ok dtucker | ||
468 | - djm@cvs.openbsd.org 2010/04/10 00:00:16 | ||
469 | [ssh.c] | ||
470 | bz#1746 - suppress spurious tty warning when using -O and stdin | ||
471 | is not a tty; ok dtucker@ markus@ | ||
472 | - djm@cvs.openbsd.org 2010/04/10 00:04:30 | ||
473 | [sshconnect.c] | ||
474 | fix terminology: we didn't find a certificate in known_hosts, we found | ||
475 | a CA key | ||
476 | - djm@cvs.openbsd.org 2010/04/10 02:08:44 | ||
477 | [clientloop.c] | ||
478 | bz#1698: kill channel when pty allocation requests fail. Fixed | ||
479 | stuck client if the server refuses pty allocation. | ||
480 | ok dtucker@ "think so" markus@ | ||
481 | - djm@cvs.openbsd.org 2010/04/10 02:10:56 | ||
482 | [sshconnect2.c] | ||
483 | show the key type that we are offering in debug(), helps distinguish | ||
484 | between certs and plain keys as the path to the private key is usually | ||
485 | the same. | ||
486 | - djm@cvs.openbsd.org 2010/04/10 05:48:16 | ||
487 | [mux.c] | ||
488 | fix NULL dereference; from matthew.haub AT alumni.adelaide.edu.au | ||
489 | - djm@cvs.openbsd.org 2010/04/14 22:27:42 | ||
490 | [ssh_config.5 sshconnect.c] | ||
491 | expand %r => remote username in ssh_config:ProxyCommand; | ||
492 | ok deraadt markus | ||
493 | - markus@cvs.openbsd.org 2010/04/15 20:32:55 | ||
494 | [ssh-pkcs11.c] | ||
495 | retry lookup for private key if there's no matching key with CKA_SIGN | ||
496 | attribute enabled; this fixes fixes MuscleCard support (bugzilla #1736) | ||
497 | ok djm@ | ||
498 | - djm@cvs.openbsd.org 2010/04/16 01:47:26 | ||
499 | [PROTOCOL.certkeys auth-options.c auth-options.h auth-rsa.c] | ||
500 | [auth2-pubkey.c authfd.c key.c key.h myproposal.h ssh-add.c] | ||
501 | [ssh-agent.c ssh-dss.c ssh-keygen.1 ssh-keygen.c ssh-rsa.c] | ||
502 | [sshconnect.c sshconnect2.c sshd.c] | ||
503 | revised certificate format ssh-{dss,rsa}-cert-v01@openssh.com with the | ||
504 | following changes: | ||
505 | |||
506 | move the nonce field to the beginning of the certificate where it can | ||
507 | better protect against chosen-prefix attacks on the signature hash | ||
508 | |||
509 | Rename "constraints" field to "critical options" | ||
510 | |||
511 | Add a new non-critical "extensions" field | ||
512 | |||
513 | Add a serial number | ||
514 | |||
515 | The older format is still support for authentication and cert generation | ||
516 | (use "ssh-keygen -t v00 -s ca_key ..." to generate a v00 certificate) | ||
517 | |||
518 | ok markus@ | ||
519 | |||
1 | 20100410 | 520 | 20100410 |
2 | - (dtucker) [configure.ac] Put the check for the existence of getaddrinfo | 521 | - (dtucker) [configure.ac] Put the check for the existence of getaddrinfo |
3 | back so we disable the IPv6 tests if we don't have it. | 522 | back so we disable the IPv6 tests if we don't have it. |
diff --git a/Makefile.in b/Makefile.in index debebe448..35f3e5e35 100644 --- a/Makefile.in +++ b/Makefile.in | |||
@@ -1,4 +1,4 @@ | |||
1 | # $Id: Makefile.in,v 1.309 2010/03/13 21:41:34 djm Exp $ | 1 | # $Id: Makefile.in,v 1.310 2010/05/12 06:51:39 dtucker Exp $ |
2 | 2 | ||
3 | # uncomment if you run a non bourne compatable shell. Ie. csh | 3 | # uncomment if you run a non bourne compatable shell. Ie. csh |
4 | #SHELL = @SH@ | 4 | #SHELL = @SH@ |
@@ -162,7 +162,7 @@ ssh-keysign$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keysign.o roaming_dummy.o readco | |||
162 | $(LD) -o $@ ssh-keysign.o readconf.o roaming_dummy.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) | 162 | $(LD) -o $@ ssh-keysign.o readconf.o roaming_dummy.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) |
163 | 163 | ||
164 | ssh-pkcs11-helper$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-pkcs11-helper.o ssh-pkcs11.o | 164 | ssh-pkcs11-helper$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-pkcs11-helper.o ssh-pkcs11.o |
165 | $(LD) -o $@ ssh-pkcs11-helper.o ssh-pkcs11.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS) | 165 | $(LD) -o $@ ssh-pkcs11-helper.o ssh-pkcs11.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS) |
166 | 166 | ||
167 | ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o roaming_dummy.o | 167 | ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o roaming_dummy.o |
168 | $(LD) -o $@ ssh-keyscan.o roaming_dummy.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS) | 168 | $(LD) -o $@ ssh-keyscan.o roaming_dummy.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS) |
diff --git a/PROTOCOL.certkeys b/PROTOCOL.certkeys index 1ed9e2064..1d1be13da 100644 --- a/PROTOCOL.certkeys +++ b/PROTOCOL.certkeys | |||
@@ -16,7 +16,7 @@ These protocol extensions build on the simple public key authentication | |||
16 | system already in SSH to allow certificate-based authentication. | 16 | system already in SSH to allow certificate-based authentication. |
17 | The certificates used are not traditional X.509 certificates, with | 17 | The certificates used are not traditional X.509 certificates, with |
18 | numerous options and complex encoding rules, but something rather | 18 | numerous options and complex encoding rules, but something rather |
19 | more minimal: a key, some identity information and usage constraints | 19 | more minimal: a key, some identity information and usage options |
20 | that have been signed with some other trusted key. | 20 | that have been signed with some other trusted key. |
21 | 21 | ||
22 | A sshd server may be configured to allow authentication via certified | 22 | A sshd server may be configured to allow authentication via certified |
@@ -27,7 +27,7 @@ of acceptance of certified host keys, by adding a similar ability | |||
27 | to specify CA keys in ~/.ssh/known_hosts. | 27 | to specify CA keys in ~/.ssh/known_hosts. |
28 | 28 | ||
29 | Certified keys are represented using two new key types: | 29 | Certified keys are represented using two new key types: |
30 | ssh-rsa-cert-v00@openssh.com and ssh-dss-cert-v00@openssh.com that | 30 | ssh-rsa-cert-v01@openssh.com and ssh-dss-cert-v01@openssh.com that |
31 | include certification information along with the public key that is used | 31 | include certification information along with the public key that is used |
32 | to sign challenges. ssh-keygen performs the CA signing operation. | 32 | to sign challenges. ssh-keygen performs the CA signing operation. |
33 | 33 | ||
@@ -47,7 +47,7 @@ in RFC4252 section 7. | |||
47 | New public key formats | 47 | New public key formats |
48 | ---------------------- | 48 | ---------------------- |
49 | 49 | ||
50 | The ssh-rsa-cert-v00@openssh.com and ssh-dss-cert-v00@openssh.com key | 50 | The ssh-rsa-cert-v01@openssh.com and ssh-dss-cert-v01@openssh.com key |
51 | types take a similar high-level format (note: data types and | 51 | types take a similar high-level format (note: data types and |
52 | encoding are as per RFC4251 section 5). The serialised wire encoding of | 52 | encoding are as per RFC4251 section 5). The serialised wire encoding of |
53 | these certificates is also used for storing them on disk. | 53 | these certificates is also used for storing them on disk. |
@@ -57,42 +57,55 @@ these certificates is also used for storing them on disk. | |||
57 | 57 | ||
58 | RSA certificate | 58 | RSA certificate |
59 | 59 | ||
60 | string "ssh-rsa-cert-v00@openssh.com" | 60 | string "ssh-rsa-cert-v01@openssh.com" |
61 | string nonce | ||
61 | mpint e | 62 | mpint e |
62 | mpint n | 63 | mpint n |
64 | uint64 serial | ||
63 | uint32 type | 65 | uint32 type |
64 | string key id | 66 | string key id |
65 | string valid principals | 67 | string valid principals |
66 | uint64 valid after | 68 | uint64 valid after |
67 | uint64 valid before | 69 | uint64 valid before |
68 | string constraints | 70 | string critical options |
69 | string nonce | 71 | string extensions |
70 | string reserved | 72 | string reserved |
71 | string signature key | 73 | string signature key |
72 | string signature | 74 | string signature |
73 | 75 | ||
74 | DSA certificate | 76 | DSA certificate |
75 | 77 | ||
76 | string "ssh-dss-cert-v00@openssh.com" | 78 | string "ssh-dss-cert-v01@openssh.com" |
79 | string nonce | ||
77 | mpint p | 80 | mpint p |
78 | mpint q | 81 | mpint q |
79 | mpint g | 82 | mpint g |
80 | mpint y | 83 | mpint y |
84 | uint64 serial | ||
81 | uint32 type | 85 | uint32 type |
82 | string key id | 86 | string key id |
83 | string valid principals | 87 | string valid principals |
84 | uint64 valid after | 88 | uint64 valid after |
85 | uint64 valid before | 89 | uint64 valid before |
86 | string constraints | 90 | string critical options |
87 | string nonce | 91 | string extensions |
88 | string reserved | 92 | string reserved |
89 | string signature key | 93 | string signature key |
90 | string signature | 94 | string signature |
91 | 95 | ||
96 | The nonce field is a CA-provided random bitstring of arbitrary length | ||
97 | (but typically 16 or 32 bytes) included to make attacks that depend on | ||
98 | inducing collisions in the signature hash infeasible. | ||
99 | |||
92 | e and n are the RSA exponent and public modulus respectively. | 100 | e and n are the RSA exponent and public modulus respectively. |
93 | 101 | ||
94 | p, q, g, y are the DSA parameters as described in FIPS-186-2. | 102 | p, q, g, y are the DSA parameters as described in FIPS-186-2. |
95 | 103 | ||
104 | serial is an optional certificate serial number set by the CA to | ||
105 | provide an abbreviated way to refer to certificates from that CA. | ||
106 | If a CA does not wish to number its certificates it must set this | ||
107 | field to zero. | ||
108 | |||
96 | type specifies whether this certificate is for identification of a user | 109 | type specifies whether this certificate is for identification of a user |
97 | or a host using a SSH_CERT_TYPE_... value. | 110 | or a host using a SSH_CERT_TYPE_... value. |
98 | 111 | ||
@@ -112,13 +125,15 @@ certificate. Each represents a time in seconds since 1970-01-01 | |||
112 | 00:00:00. A certificate is considered valid if: | 125 | 00:00:00. A certificate is considered valid if: |
113 | valid after <= current time < valid before | 126 | valid after <= current time < valid before |
114 | 127 | ||
115 | constraints is a set of zero or more key constraints encoded as below. | 128 | criticial options is a set of zero or more key options encoded as |
129 | below. All such options are "critical" in the sense that an implementation | ||
130 | must refuse to authorise a key that has an unrecognised option. | ||
116 | 131 | ||
117 | The nonce field is a CA-provided random bitstring of arbitrary length | 132 | extensions is a set of zero or more optional extensions. These extensions |
118 | (but typically 16 or 32 bytes) included to make attacks that depend on | 133 | are not critical, and an implementation that encounters one that it does |
119 | inducing collisions in the signature hash infeasible. | 134 | not recognise may safely ignore it. |
120 | 135 | ||
121 | The reserved field is current unused and is ignored in this version of | 136 | The reserved field is currently unused and is ignored in this version of |
122 | the protocol. | 137 | the protocol. |
123 | 138 | ||
124 | signature key contains the CA key used to sign the certificate. | 139 | signature key contains the CA key used to sign the certificate. |
@@ -132,22 +147,25 @@ up to, and including the signature key. Signatures are computed and | |||
132 | encoded according to the rules defined for the CA's public key algorithm | 147 | encoded according to the rules defined for the CA's public key algorithm |
133 | (RFC4253 section 6.6 for ssh-rsa and ssh-dss). | 148 | (RFC4253 section 6.6 for ssh-rsa and ssh-dss). |
134 | 149 | ||
135 | Constraints | 150 | Critical options |
136 | ----------- | 151 | ---------------- |
137 | 152 | ||
138 | The constraints section of the certificate specifies zero or more | 153 | The critical options section of the certificate specifies zero or more |
139 | constraints on the certificates validity. The format of this field | 154 | options on the certificates validity. The format of this field |
140 | is a sequence of zero or more tuples: | 155 | is a sequence of zero or more tuples: |
141 | 156 | ||
142 | string name | 157 | string name |
143 | string data | 158 | string data |
144 | 159 | ||
145 | The name field identifies the constraint and the data field encodes | 160 | Options must be lexically ordered by "name" if they appear in the |
146 | constraint-specific information (see below). All constraints are | 161 | sequence. |
147 | "critical", if an implementation does not recognise a constraint | 162 | |
163 | The name field identifies the option and the data field encodes | ||
164 | option-specific information (see below). All options are | ||
165 | "critical", if an implementation does not recognise a option | ||
148 | then the validating party should refuse to accept the certificate. | 166 | then the validating party should refuse to accept the certificate. |
149 | 167 | ||
150 | The supported constraints and the contents and structure of their | 168 | The supported options and the contents and structure of their |
151 | data fields are: | 169 | data fields are: |
152 | 170 | ||
153 | Name Format Description | 171 | Name Format Description |
@@ -157,37 +175,51 @@ force-command string Specifies a command that is executed | |||
157 | ssh command-line) whenever this key is | 175 | ssh command-line) whenever this key is |
158 | used for authentication. | 176 | used for authentication. |
159 | 177 | ||
178 | source-address string Comma-separated list of source addresses | ||
179 | from which this certificate is accepted | ||
180 | for authentication. Addresses are | ||
181 | specified in CIDR format (nn.nn.nn.nn/nn | ||
182 | or hhhh::hhhh/nn). | ||
183 | If this option is not present then | ||
184 | certificates may be presented from any | ||
185 | source address. | ||
186 | |||
187 | Extensions | ||
188 | ---------- | ||
189 | |||
190 | The extensions section of the certificate specifies zero or more | ||
191 | non-critical certificate extensions. The encoding and ordering of | ||
192 | extensions in this field is identical to that of the critical options. | ||
193 | If an implementation does not recognise an extension, then it should | ||
194 | ignore it. | ||
195 | |||
196 | The supported extensions and the contents and structure of their data | ||
197 | fields are: | ||
198 | |||
199 | Name Format Description | ||
200 | ----------------------------------------------------------------------------- | ||
160 | permit-X11-forwarding empty Flag indicating that X11 forwarding | 201 | permit-X11-forwarding empty Flag indicating that X11 forwarding |
161 | should be permitted. X11 forwarding will | 202 | should be permitted. X11 forwarding will |
162 | be refused if this constraint is absent. | 203 | be refused if this option is absent. |
163 | 204 | ||
164 | permit-agent-forwarding empty Flag indicating that agent forwarding | 205 | permit-agent-forwarding empty Flag indicating that agent forwarding |
165 | should be allowed. Agent forwarding | 206 | should be allowed. Agent forwarding |
166 | must not be permitted unless this | 207 | must not be permitted unless this |
167 | constraint is present. | 208 | option is present. |
168 | 209 | ||
169 | permit-port-forwarding empty Flag indicating that port-forwarding | 210 | permit-port-forwarding empty Flag indicating that port-forwarding |
170 | should be allowed. If this constraint is | 211 | should be allowed. If this option is |
171 | not present then no port forwarding will | 212 | not present then no port forwarding will |
172 | be allowed. | 213 | be allowed. |
173 | 214 | ||
174 | permit-pty empty Flag indicating that PTY allocation | 215 | permit-pty empty Flag indicating that PTY allocation |
175 | should be permitted. In the absence of | 216 | should be permitted. In the absence of |
176 | this constraint PTY allocation will be | 217 | this option PTY allocation will be |
177 | disabled. | 218 | disabled. |
178 | 219 | ||
179 | permit-user-rc empty Flag indicating that execution of | 220 | permit-user-rc empty Flag indicating that execution of |
180 | ~/.ssh/rc should be permitted. Execution | 221 | ~/.ssh/rc should be permitted. Execution |
181 | of this script will not be permitted if | 222 | of this script will not be permitted if |
182 | this constraint is not present. | 223 | this option is not present. |
183 | |||
184 | source-address string Comma-separated list of source addresses | ||
185 | from which this certificate is accepted | ||
186 | for authentication. Addresses are | ||
187 | specified in CIDR format (nn.nn.nn.nn/nn | ||
188 | or hhhh::hhhh/nn). | ||
189 | If this constraint is not present then | ||
190 | certificates may be presented from any | ||
191 | source address. | ||
192 | 224 | ||
193 | $OpenBSD: PROTOCOL.certkeys,v 1.3 2010/03/03 22:50:40 djm Exp $ | 225 | $OpenBSD: PROTOCOL.certkeys,v 1.7 2010/08/04 05:40:39 djm Exp $ |
diff --git a/PROTOCOL.mux b/PROTOCOL.mux index d22f7379c..1d8c463a7 100644 --- a/PROTOCOL.mux +++ b/PROTOCOL.mux | |||
@@ -109,8 +109,14 @@ A client may request the master to establish a port forward: | |||
109 | 109 | ||
110 | forwarding type may be MUX_FWD_LOCAL, MUX_FWD_REMOTE, MUX_FWD_DYNAMIC. | 110 | forwarding type may be MUX_FWD_LOCAL, MUX_FWD_REMOTE, MUX_FWD_DYNAMIC. |
111 | 111 | ||
112 | A server may reply with a MUX_S_OK, a MUX_S_PERMISSION_DENIED or a | 112 | A server may reply with a MUX_S_OK, a MUX_S_REMOTE_PORT, a |
113 | MUX_S_FAILURE. | 113 | MUX_S_PERMISSION_DENIED or a MUX_S_FAILURE. |
114 | |||
115 | For dynamically allocated listen port the server replies with | ||
116 | |||
117 | uint32 MUX_S_REMOTE_PORT | ||
118 | uint32 client request id | ||
119 | uint32 allocated remote listen port | ||
114 | 120 | ||
115 | 5. Requesting closure of port forwards | 121 | 5. Requesting closure of port forwards |
116 | 122 | ||
@@ -178,6 +184,7 @@ The MUX_S_PERMISSION_DENIED and MUX_S_FAILURE include a reason: | |||
178 | #define MUX_S_EXIT_MESSAGE 0x80000004 | 184 | #define MUX_S_EXIT_MESSAGE 0x80000004 |
179 | #define MUX_S_ALIVE 0x80000005 | 185 | #define MUX_S_ALIVE 0x80000005 |
180 | #define MUX_S_SESSION_OPENED 0x80000006 | 186 | #define MUX_S_SESSION_OPENED 0x80000006 |
187 | #define MUX_S_REMOTE_PORT 0x80000007 | ||
181 | 188 | ||
182 | #define MUX_FWD_LOCAL 1 | 189 | #define MUX_FWD_LOCAL 1 |
183 | #define MUX_FWD_REMOTE 2 | 190 | #define MUX_FWD_REMOTE 2 |
@@ -193,4 +200,4 @@ XXX server->client error/warning notifications | |||
193 | XXX port0 rfwd (need custom response message) | 200 | XXX port0 rfwd (need custom response message) |
194 | XXX send signals via mux | 201 | XXX send signals via mux |
195 | 202 | ||
196 | $OpenBSD: PROTOCOL.mux,v 1.1 2010/01/26 01:28:35 djm Exp $ | 203 | $OpenBSD: PROTOCOL.mux,v 1.2 2010/05/16 12:55:51 markus Exp $ |
@@ -1,4 +1,4 @@ | |||
1 | See http://www.openssh.com/txt/release-5.5 for the release notes. | 1 | See http://www.openssh.com/txt/release-5.6 for the release notes. |
2 | 2 | ||
3 | - A Japanese translation of this document and of the OpenSSH FAQ is | 3 | - A Japanese translation of this document and of the OpenSSH FAQ is |
4 | - available at http://www.unixuser.org/~haruyama/security/openssh/index.html | 4 | - available at http://www.unixuser.org/~haruyama/security/openssh/index.html |
@@ -62,4 +62,4 @@ References - | |||
62 | [6] http://www.openbsd.org/cgi-bin/man.cgi?query=style&sektion=9 | 62 | [6] http://www.openbsd.org/cgi-bin/man.cgi?query=style&sektion=9 |
63 | [7] http://www.openssh.com/faq.html | 63 | [7] http://www.openssh.com/faq.html |
64 | 64 | ||
65 | $Id: README,v 1.73 2010/03/21 19:11:55 djm Exp $ | 65 | $Id: README,v 1.74 2010/08/08 16:32:06 djm Exp $ |
diff --git a/auth-options.c b/auth-options.c index 69b314fbd..a7040247f 100644 --- a/auth-options.c +++ b/auth-options.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: auth-options.c,v 1.49 2010/03/16 15:46:52 stevesk Exp $ */ | 1 | /* $OpenBSD: auth-options.c,v 1.52 2010/05/20 23:46:02 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -27,10 +27,10 @@ | |||
27 | #include "canohost.h" | 27 | #include "canohost.h" |
28 | #include "buffer.h" | 28 | #include "buffer.h" |
29 | #include "channels.h" | 29 | #include "channels.h" |
30 | #include "auth-options.h" | ||
31 | #include "servconf.h" | 30 | #include "servconf.h" |
32 | #include "misc.h" | 31 | #include "misc.h" |
33 | #include "key.h" | 32 | #include "key.h" |
33 | #include "auth-options.h" | ||
34 | #include "hostfile.h" | 34 | #include "hostfile.h" |
35 | #include "auth.h" | 35 | #include "auth.h" |
36 | #ifdef GSSAPI | 36 | #ifdef GSSAPI |
@@ -55,6 +55,9 @@ struct envstring *custom_environment = NULL; | |||
55 | /* "tunnel=" option. */ | 55 | /* "tunnel=" option. */ |
56 | int forced_tun_device = -1; | 56 | int forced_tun_device = -1; |
57 | 57 | ||
58 | /* "principals=" option. */ | ||
59 | char *authorized_principals = NULL; | ||
60 | |||
58 | extern ServerOptions options; | 61 | extern ServerOptions options; |
59 | 62 | ||
60 | void | 63 | void |
@@ -76,6 +79,10 @@ auth_clear_options(void) | |||
76 | xfree(forced_command); | 79 | xfree(forced_command); |
77 | forced_command = NULL; | 80 | forced_command = NULL; |
78 | } | 81 | } |
82 | if (authorized_principals) { | ||
83 | xfree(authorized_principals); | ||
84 | authorized_principals = NULL; | ||
85 | } | ||
79 | forced_tun_device = -1; | 86 | forced_tun_device = -1; |
80 | channel_clear_permitted_opens(); | 87 | channel_clear_permitted_opens(); |
81 | } | 88 | } |
@@ -141,6 +148,8 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) | |||
141 | cp = "command=\""; | 148 | cp = "command=\""; |
142 | if (strncasecmp(opts, cp, strlen(cp)) == 0) { | 149 | if (strncasecmp(opts, cp, strlen(cp)) == 0) { |
143 | opts += strlen(cp); | 150 | opts += strlen(cp); |
151 | if (forced_command != NULL) | ||
152 | xfree(forced_command); | ||
144 | forced_command = xmalloc(strlen(opts) + 1); | 153 | forced_command = xmalloc(strlen(opts) + 1); |
145 | i = 0; | 154 | i = 0; |
146 | while (*opts) { | 155 | while (*opts) { |
@@ -167,6 +176,38 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) | |||
167 | opts++; | 176 | opts++; |
168 | goto next_option; | 177 | goto next_option; |
169 | } | 178 | } |
179 | cp = "principals=\""; | ||
180 | if (strncasecmp(opts, cp, strlen(cp)) == 0) { | ||
181 | opts += strlen(cp); | ||
182 | if (authorized_principals != NULL) | ||
183 | xfree(authorized_principals); | ||
184 | authorized_principals = xmalloc(strlen(opts) + 1); | ||
185 | i = 0; | ||
186 | while (*opts) { | ||
187 | if (*opts == '"') | ||
188 | break; | ||
189 | if (*opts == '\\' && opts[1] == '"') { | ||
190 | opts += 2; | ||
191 | authorized_principals[i++] = '"'; | ||
192 | continue; | ||
193 | } | ||
194 | authorized_principals[i++] = *opts++; | ||
195 | } | ||
196 | if (!*opts) { | ||
197 | debug("%.100s, line %lu: missing end quote", | ||
198 | file, linenum); | ||
199 | auth_debug_add("%.100s, line %lu: missing end quote", | ||
200 | file, linenum); | ||
201 | xfree(authorized_principals); | ||
202 | authorized_principals = NULL; | ||
203 | goto bad_option; | ||
204 | } | ||
205 | authorized_principals[i] = '\0'; | ||
206 | auth_debug_add("principals: %.900s", | ||
207 | authorized_principals); | ||
208 | opts++; | ||
209 | goto next_option; | ||
210 | } | ||
170 | cp = "environment=\""; | 211 | cp = "environment=\""; |
171 | if (options.permit_user_env && | 212 | if (options.permit_user_env && |
172 | strncasecmp(opts, cp, strlen(cp)) == 0) { | 213 | strncasecmp(opts, cp, strlen(cp)) == 0) { |
@@ -376,123 +417,147 @@ bad_option: | |||
376 | return 0; | 417 | return 0; |
377 | } | 418 | } |
378 | 419 | ||
379 | /* | 420 | #define OPTIONS_CRITICAL 1 |
380 | * Set options from certificate constraints. These supersede user key options | 421 | #define OPTIONS_EXTENSIONS 2 |
381 | * so this must be called after auth_parse_options(). | 422 | static int |
382 | */ | 423 | parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw, |
383 | int | 424 | u_int which, int crit, |
384 | auth_cert_constraints(Buffer *c_orig, struct passwd *pw) | 425 | int *cert_no_port_forwarding_flag, |
426 | int *cert_no_agent_forwarding_flag, | ||
427 | int *cert_no_x11_forwarding_flag, | ||
428 | int *cert_no_pty_flag, | ||
429 | int *cert_no_user_rc, | ||
430 | char **cert_forced_command, | ||
431 | int *cert_source_address_done) | ||
385 | { | 432 | { |
433 | char *command, *allowed; | ||
434 | const char *remote_ip; | ||
386 | u_char *name = NULL, *data_blob = NULL; | 435 | u_char *name = NULL, *data_blob = NULL; |
387 | u_int nlen, dlen, clen; | 436 | u_int nlen, dlen, clen; |
388 | Buffer c, data; | 437 | Buffer c, data; |
389 | int ret = -1; | 438 | int ret = -1, found; |
390 | |||
391 | int cert_no_port_forwarding_flag = 1; | ||
392 | int cert_no_agent_forwarding_flag = 1; | ||
393 | int cert_no_x11_forwarding_flag = 1; | ||
394 | int cert_no_pty_flag = 1; | ||
395 | int cert_no_user_rc = 1; | ||
396 | char *cert_forced_command = NULL; | ||
397 | int cert_source_address_done = 0; | ||
398 | 439 | ||
399 | buffer_init(&data); | 440 | buffer_init(&data); |
400 | 441 | ||
401 | /* Make copy to avoid altering original */ | 442 | /* Make copy to avoid altering original */ |
402 | buffer_init(&c); | 443 | buffer_init(&c); |
403 | buffer_append(&c, buffer_ptr(c_orig), buffer_len(c_orig)); | 444 | buffer_append(&c, optblob, optblob_len); |
404 | 445 | ||
405 | while (buffer_len(&c) > 0) { | 446 | while (buffer_len(&c) > 0) { |
406 | if ((name = buffer_get_string_ret(&c, &nlen)) == NULL || | 447 | if ((name = buffer_get_string_ret(&c, &nlen)) == NULL || |
407 | (data_blob = buffer_get_string_ret(&c, &dlen)) == NULL) { | 448 | (data_blob = buffer_get_string_ret(&c, &dlen)) == NULL) { |
408 | error("Certificate constraints corrupt"); | 449 | error("Certificate options corrupt"); |
409 | goto out; | 450 | goto out; |
410 | } | 451 | } |
411 | buffer_append(&data, data_blob, dlen); | 452 | buffer_append(&data, data_blob, dlen); |
412 | debug3("found certificate constraint \"%.100s\" len %u", | 453 | debug3("found certificate option \"%.100s\" len %u", |
413 | name, dlen); | 454 | name, dlen); |
414 | if (strlen(name) != nlen) { | 455 | if (strlen(name) != nlen) { |
415 | error("Certificate constraint name contains \\0"); | 456 | error("Certificate constraint name contains \\0"); |
416 | goto out; | 457 | goto out; |
417 | } | 458 | } |
418 | if (strcmp(name, "permit-X11-forwarding") == 0) | 459 | found = 0; |
419 | cert_no_x11_forwarding_flag = 0; | 460 | if ((which & OPTIONS_EXTENSIONS) != 0) { |
420 | else if (strcmp(name, "permit-agent-forwarding") == 0) | 461 | if (strcmp(name, "permit-X11-forwarding") == 0) { |
421 | cert_no_agent_forwarding_flag = 0; | 462 | *cert_no_x11_forwarding_flag = 0; |
422 | else if (strcmp(name, "permit-port-forwarding") == 0) | 463 | found = 1; |
423 | cert_no_port_forwarding_flag = 0; | 464 | } else if (strcmp(name, |
424 | else if (strcmp(name, "permit-pty") == 0) | 465 | "permit-agent-forwarding") == 0) { |
425 | cert_no_pty_flag = 0; | 466 | *cert_no_agent_forwarding_flag = 0; |
426 | else if (strcmp(name, "permit-user-rc") == 0) | 467 | found = 1; |
427 | cert_no_user_rc = 0; | 468 | } else if (strcmp(name, |
428 | else if (strcmp(name, "force-command") == 0) { | 469 | "permit-port-forwarding") == 0) { |
429 | char *command = buffer_get_string_ret(&data, &clen); | 470 | *cert_no_port_forwarding_flag = 0; |
430 | 471 | found = 1; | |
431 | if (command == NULL) { | 472 | } else if (strcmp(name, "permit-pty") == 0) { |
432 | error("Certificate constraint \"%s\" corrupt", | 473 | *cert_no_pty_flag = 0; |
433 | name); | 474 | found = 1; |
434 | goto out; | 475 | } else if (strcmp(name, "permit-user-rc") == 0) { |
476 | *cert_no_user_rc = 0; | ||
477 | found = 1; | ||
435 | } | 478 | } |
436 | if (strlen(command) != clen) { | 479 | } |
437 | error("force-command constraint contains \\0"); | 480 | if (!found && (which & OPTIONS_CRITICAL) != 0) { |
438 | goto out; | 481 | if (strcmp(name, "force-command") == 0) { |
439 | } | 482 | if ((command = buffer_get_string_ret(&data, |
440 | if (cert_forced_command != NULL) { | 483 | &clen)) == NULL) { |
441 | error("Certificate has multiple " | 484 | error("Certificate constraint \"%s\" " |
442 | "force-command constraints"); | 485 | "corrupt", name); |
443 | xfree(command); | 486 | goto out; |
444 | goto out; | 487 | } |
445 | } | 488 | if (strlen(command) != clen) { |
446 | cert_forced_command = command; | 489 | error("force-command constraint " |
447 | } else if (strcmp(name, "source-address") == 0) { | 490 | "contains \\0"); |
448 | char *allowed = buffer_get_string_ret(&data, &clen); | 491 | goto out; |
449 | const char *remote_ip = get_remote_ipaddr(); | 492 | } |
450 | 493 | if (*cert_forced_command != NULL) { | |
451 | if (allowed == NULL) { | 494 | error("Certificate has multiple " |
452 | error("Certificate constraint \"%s\" corrupt", | 495 | "force-command options"); |
453 | name); | 496 | xfree(command); |
454 | goto out; | 497 | goto out; |
455 | } | 498 | } |
456 | if (strlen(allowed) != clen) { | 499 | *cert_forced_command = command; |
457 | error("source-address constraint contains \\0"); | 500 | found = 1; |
458 | goto out; | ||
459 | } | ||
460 | if (cert_source_address_done++) { | ||
461 | error("Certificate has multiple " | ||
462 | "source-address constraints"); | ||
463 | xfree(allowed); | ||
464 | goto out; | ||
465 | } | 501 | } |
466 | switch (addr_match_cidr_list(remote_ip, allowed)) { | 502 | if (strcmp(name, "source-address") == 0) { |
467 | case 1: | 503 | if ((allowed = buffer_get_string_ret(&data, |
468 | /* accepted */ | 504 | &clen)) == NULL) { |
469 | xfree(allowed); | 505 | error("Certificate constraint " |
470 | break; | 506 | "\"%s\" corrupt", name); |
471 | case 0: | 507 | goto out; |
472 | /* no match */ | 508 | } |
473 | logit("Authentication tried for %.100s with " | 509 | if (strlen(allowed) != clen) { |
474 | "valid certificate but not from a " | 510 | error("source-address constraint " |
475 | "permitted host (ip=%.200s).", | 511 | "contains \\0"); |
476 | pw->pw_name, remote_ip); | 512 | goto out; |
477 | auth_debug_add("Your address '%.200s' is not " | 513 | } |
478 | "permitted to use this certificate for " | 514 | if ((*cert_source_address_done)++) { |
479 | "login.", remote_ip); | 515 | error("Certificate has multiple " |
480 | xfree(allowed); | 516 | "source-address options"); |
481 | goto out; | 517 | xfree(allowed); |
482 | case -1: | 518 | goto out; |
483 | error("Certificate source-address contents " | 519 | } |
484 | "invalid"); | 520 | remote_ip = get_remote_ipaddr(); |
485 | xfree(allowed); | 521 | switch (addr_match_cidr_list(remote_ip, |
486 | goto out; | 522 | allowed)) { |
523 | case 1: | ||
524 | /* accepted */ | ||
525 | xfree(allowed); | ||
526 | break; | ||
527 | case 0: | ||
528 | /* no match */ | ||
529 | logit("Authentication tried for %.100s " | ||
530 | "with valid certificate but not " | ||
531 | "from a permitted host " | ||
532 | "(ip=%.200s).", pw->pw_name, | ||
533 | remote_ip); | ||
534 | auth_debug_add("Your address '%.200s' " | ||
535 | "is not permitted to use this " | ||
536 | "certificate for login.", | ||
537 | remote_ip); | ||
538 | xfree(allowed); | ||
539 | goto out; | ||
540 | case -1: | ||
541 | error("Certificate source-address " | ||
542 | "contents invalid"); | ||
543 | xfree(allowed); | ||
544 | goto out; | ||
545 | } | ||
546 | found = 1; | ||
487 | } | 547 | } |
488 | } else { | ||
489 | error("Certificate constraint \"%s\" is not supported", | ||
490 | name); | ||
491 | goto out; | ||
492 | } | 548 | } |
493 | 549 | ||
494 | if (buffer_len(&data) != 0) { | 550 | if (!found) { |
495 | error("Certificate constraint \"%s\" corrupt " | 551 | if (crit) { |
552 | error("Certificate critical option \"%s\" " | ||
553 | "is not supported", name); | ||
554 | goto out; | ||
555 | } else { | ||
556 | logit("Certificate extension \"%s\" " | ||
557 | "is not supported", name); | ||
558 | } | ||
559 | } else if (buffer_len(&data) != 0) { | ||
560 | error("Certificate option \"%s\" corrupt " | ||
496 | "(extra data)", name); | 561 | "(extra data)", name); |
497 | goto out; | 562 | goto out; |
498 | } | 563 | } |
@@ -501,10 +566,73 @@ auth_cert_constraints(Buffer *c_orig, struct passwd *pw) | |||
501 | xfree(data_blob); | 566 | xfree(data_blob); |
502 | name = data_blob = NULL; | 567 | name = data_blob = NULL; |
503 | } | 568 | } |
504 | 569 | /* successfully parsed all options */ | |
505 | /* successfully parsed all constraints */ | ||
506 | ret = 0; | 570 | ret = 0; |
507 | 571 | ||
572 | out: | ||
573 | if (ret != 0 && | ||
574 | cert_forced_command != NULL && | ||
575 | *cert_forced_command != NULL) { | ||
576 | xfree(*cert_forced_command); | ||
577 | *cert_forced_command = NULL; | ||
578 | } | ||
579 | if (name != NULL) | ||
580 | xfree(name); | ||
581 | if (data_blob != NULL) | ||
582 | xfree(data_blob); | ||
583 | buffer_free(&data); | ||
584 | buffer_free(&c); | ||
585 | return ret; | ||
586 | } | ||
587 | |||
588 | /* | ||
589 | * Set options from critical certificate options. These supersede user key | ||
590 | * options so this must be called after auth_parse_options(). | ||
591 | */ | ||
592 | int | ||
593 | auth_cert_options(Key *k, struct passwd *pw) | ||
594 | { | ||
595 | int cert_no_port_forwarding_flag = 1; | ||
596 | int cert_no_agent_forwarding_flag = 1; | ||
597 | int cert_no_x11_forwarding_flag = 1; | ||
598 | int cert_no_pty_flag = 1; | ||
599 | int cert_no_user_rc = 1; | ||
600 | char *cert_forced_command = NULL; | ||
601 | int cert_source_address_done = 0; | ||
602 | |||
603 | if (key_cert_is_legacy(k)) { | ||
604 | /* All options are in the one field for v00 certs */ | ||
605 | if (parse_option_list(buffer_ptr(&k->cert->critical), | ||
606 | buffer_len(&k->cert->critical), pw, | ||
607 | OPTIONS_CRITICAL|OPTIONS_EXTENSIONS, 1, | ||
608 | &cert_no_port_forwarding_flag, | ||
609 | &cert_no_agent_forwarding_flag, | ||
610 | &cert_no_x11_forwarding_flag, | ||
611 | &cert_no_pty_flag, | ||
612 | &cert_no_user_rc, | ||
613 | &cert_forced_command, | ||
614 | &cert_source_address_done) == -1) | ||
615 | return -1; | ||
616 | } else { | ||
617 | /* Separate options and extensions for v01 certs */ | ||
618 | if (parse_option_list(buffer_ptr(&k->cert->critical), | ||
619 | buffer_len(&k->cert->critical), pw, | ||
620 | OPTIONS_CRITICAL, 1, NULL, NULL, NULL, NULL, NULL, | ||
621 | &cert_forced_command, | ||
622 | &cert_source_address_done) == -1) | ||
623 | return -1; | ||
624 | if (parse_option_list(buffer_ptr(&k->cert->extensions), | ||
625 | buffer_len(&k->cert->extensions), pw, | ||
626 | OPTIONS_EXTENSIONS, 1, | ||
627 | &cert_no_port_forwarding_flag, | ||
628 | &cert_no_agent_forwarding_flag, | ||
629 | &cert_no_x11_forwarding_flag, | ||
630 | &cert_no_pty_flag, | ||
631 | &cert_no_user_rc, | ||
632 | NULL, NULL) == -1) | ||
633 | return -1; | ||
634 | } | ||
635 | |||
508 | no_port_forwarding_flag |= cert_no_port_forwarding_flag; | 636 | no_port_forwarding_flag |= cert_no_port_forwarding_flag; |
509 | no_agent_forwarding_flag |= cert_no_agent_forwarding_flag; | 637 | no_agent_forwarding_flag |= cert_no_agent_forwarding_flag; |
510 | no_x11_forwarding_flag |= cert_no_x11_forwarding_flag; | 638 | no_x11_forwarding_flag |= cert_no_x11_forwarding_flag; |
@@ -516,14 +644,6 @@ auth_cert_constraints(Buffer *c_orig, struct passwd *pw) | |||
516 | xfree(forced_command); | 644 | xfree(forced_command); |
517 | forced_command = cert_forced_command; | 645 | forced_command = cert_forced_command; |
518 | } | 646 | } |
519 | 647 | return 0; | |
520 | out: | ||
521 | if (name != NULL) | ||
522 | xfree(name); | ||
523 | if (data_blob != NULL) | ||
524 | xfree(data_blob); | ||
525 | buffer_free(&data); | ||
526 | buffer_free(&c); | ||
527 | return ret; | ||
528 | } | 648 | } |
529 | 649 | ||
diff --git a/auth-options.h b/auth-options.h index 694edc842..7455c9454 100644 --- a/auth-options.h +++ b/auth-options.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: auth-options.h,v 1.18 2010/02/26 20:29:54 djm Exp $ */ | 1 | /* $OpenBSD: auth-options.h,v 1.20 2010/05/07 11:30:29 djm Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
@@ -31,9 +31,10 @@ extern char *forced_command; | |||
31 | extern struct envstring *custom_environment; | 31 | extern struct envstring *custom_environment; |
32 | extern int forced_tun_device; | 32 | extern int forced_tun_device; |
33 | extern int key_is_cert_authority; | 33 | extern int key_is_cert_authority; |
34 | extern char *authorized_principals; | ||
34 | 35 | ||
35 | int auth_parse_options(struct passwd *, char *, char *, u_long); | 36 | int auth_parse_options(struct passwd *, char *, char *, u_long); |
36 | void auth_clear_options(void); | 37 | void auth_clear_options(void); |
37 | int auth_cert_constraints(Buffer *, struct passwd *); | 38 | int auth_cert_options(Key *, struct passwd *); |
38 | 39 | ||
39 | #endif | 40 | #endif |
diff --git a/auth-rsa.c b/auth-rsa.c index 250e9cf78..7afcaee31 100644 --- a/auth-rsa.c +++ b/auth-rsa.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: auth-rsa.c,v 1.74 2010/03/04 10:36:03 djm Exp $ */ | 1 | /* $OpenBSD: auth-rsa.c,v 1.78 2010/07/13 23:13:16 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -34,11 +34,11 @@ | |||
34 | #include "uidswap.h" | 34 | #include "uidswap.h" |
35 | #include "match.h" | 35 | #include "match.h" |
36 | #include "buffer.h" | 36 | #include "buffer.h" |
37 | #include "auth-options.h" | ||
38 | #include "pathnames.h" | 37 | #include "pathnames.h" |
39 | #include "log.h" | 38 | #include "log.h" |
40 | #include "servconf.h" | 39 | #include "servconf.h" |
41 | #include "key.h" | 40 | #include "key.h" |
41 | #include "auth-options.h" | ||
42 | #include "hostfile.h" | 42 | #include "hostfile.h" |
43 | #include "auth.h" | 43 | #include "auth.h" |
44 | #ifdef GSSAPI | 44 | #ifdef GSSAPI |
@@ -116,7 +116,7 @@ auth_rsa_verify_response(Key *key, BIGNUM *challenge, u_char response[16]) | |||
116 | MD5_Final(mdbuf, &md); | 116 | MD5_Final(mdbuf, &md); |
117 | 117 | ||
118 | /* Verify that the response is the original challenge. */ | 118 | /* Verify that the response is the original challenge. */ |
119 | if (memcmp(response, mdbuf, 16) != 0) { | 119 | if (timingsafe_bcmp(response, mdbuf, 16) != 0) { |
120 | /* Wrong answer. */ | 120 | /* Wrong answer. */ |
121 | return (0); | 121 | return (0); |
122 | } | 122 | } |
@@ -256,7 +256,8 @@ auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey) | |||
256 | */ | 256 | */ |
257 | if (!auth_parse_options(pw, key_options, file, linenum)) | 257 | if (!auth_parse_options(pw, key_options, file, linenum)) |
258 | continue; | 258 | continue; |
259 | 259 | if (key_is_cert_authority) | |
260 | continue; | ||
260 | /* break out, this key is allowed */ | 261 | /* break out, this key is allowed */ |
261 | allowed = 1; | 262 | allowed = 1; |
262 | break; | 263 | break; |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: auth.c,v 1.86 2010/03/05 02:58:11 djm Exp $ */ | 1 | /* $OpenBSD: auth.c,v 1.89 2010/08/04 05:42:47 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -144,7 +144,7 @@ allowed_user(struct passwd * pw) | |||
144 | locked = 1; | 144 | locked = 1; |
145 | #endif | 145 | #endif |
146 | #ifdef USE_LIBIAF | 146 | #ifdef USE_LIBIAF |
147 | free(passwd); | 147 | free((void *) passwd); |
148 | #endif /* USE_LIBIAF */ | 148 | #endif /* USE_LIBIAF */ |
149 | if (locked) { | 149 | if (locked) { |
150 | logit("User %.100s not allowed because account is locked", | 150 | logit("User %.100s not allowed because account is locked", |
@@ -367,6 +367,14 @@ authorized_keys_file2(struct passwd *pw) | |||
367 | return expand_authorized_keys(options.authorized_keys_file2, pw); | 367 | return expand_authorized_keys(options.authorized_keys_file2, pw); |
368 | } | 368 | } |
369 | 369 | ||
370 | char * | ||
371 | authorized_principals_file(struct passwd *pw) | ||
372 | { | ||
373 | if (options.authorized_principals_file == NULL) | ||
374 | return NULL; | ||
375 | return expand_authorized_keys(options.authorized_principals_file, pw); | ||
376 | } | ||
377 | |||
370 | /* return ok if key exists in sysfile or userfile */ | 378 | /* return ok if key exists in sysfile or userfile */ |
371 | HostStatus | 379 | HostStatus |
372 | check_key_in_hostfiles(struct passwd *pw, Key *key, const char *host, | 380 | check_key_in_hostfiles(struct passwd *pw, Key *key, const char *host, |
@@ -378,7 +386,7 @@ check_key_in_hostfiles(struct passwd *pw, Key *key, const char *host, | |||
378 | HostStatus host_status; | 386 | HostStatus host_status; |
379 | 387 | ||
380 | /* Check if we know the host and its host key. */ | 388 | /* Check if we know the host and its host key. */ |
381 | found = key_new(key->type); | 389 | found = key_new(key_is_cert(key) ? KEY_UNSPEC : key->type); |
382 | host_status = check_host_in_hostfile(sysfile, host, key, found, NULL); | 390 | host_status = check_host_in_hostfile(sysfile, host, key, found, NULL); |
383 | 391 | ||
384 | if (host_status != HOST_OK && userfile != NULL) { | 392 | if (host_status != HOST_OK && userfile != NULL) { |
@@ -389,6 +397,8 @@ check_key_in_hostfiles(struct passwd *pw, Key *key, const char *host, | |||
389 | logit("Authentication refused for %.100s: " | 397 | logit("Authentication refused for %.100s: " |
390 | "bad owner or modes for %.200s", | 398 | "bad owner or modes for %.200s", |
391 | pw->pw_name, user_hostfile); | 399 | pw->pw_name, user_hostfile); |
400 | auth_debug_add("Ignored %.200s: bad ownership or modes", | ||
401 | user_hostfile); | ||
392 | } else { | 402 | } else { |
393 | temporarily_use_uid(pw); | 403 | temporarily_use_uid(pw); |
394 | host_status = check_host_in_hostfile(user_hostfile, | 404 | host_status = check_host_in_hostfile(user_hostfile, |
@@ -475,21 +485,18 @@ secure_filename(FILE *f, const char *file, struct passwd *pw, | |||
475 | return 0; | 485 | return 0; |
476 | } | 486 | } |
477 | 487 | ||
478 | FILE * | 488 | static FILE * |
479 | auth_openkeyfile(const char *file, struct passwd *pw, int strict_modes) | 489 | auth_openfile(const char *file, struct passwd *pw, int strict_modes, |
490 | int log_missing, char *file_type) | ||
480 | { | 491 | { |
481 | char line[1024]; | 492 | char line[1024]; |
482 | struct stat st; | 493 | struct stat st; |
483 | int fd; | 494 | int fd; |
484 | FILE *f; | 495 | FILE *f; |
485 | 496 | ||
486 | /* | ||
487 | * Open the file containing the authorized keys | ||
488 | * Fail quietly if file does not exist | ||
489 | */ | ||
490 | if ((fd = open(file, O_RDONLY|O_NONBLOCK)) == -1) { | 497 | if ((fd = open(file, O_RDONLY|O_NONBLOCK)) == -1) { |
491 | if (errno != ENOENT) | 498 | if (log_missing || errno != ENOENT) |
492 | debug("Could not open keyfile '%s': %s", file, | 499 | debug("Could not open %s '%s': %s", file_type, file, |
493 | strerror(errno)); | 500 | strerror(errno)); |
494 | return NULL; | 501 | return NULL; |
495 | } | 502 | } |
@@ -499,8 +506,8 @@ auth_openkeyfile(const char *file, struct passwd *pw, int strict_modes) | |||
499 | return NULL; | 506 | return NULL; |
500 | } | 507 | } |
501 | if (!S_ISREG(st.st_mode)) { | 508 | if (!S_ISREG(st.st_mode)) { |
502 | logit("User %s authorized keys %s is not a regular file", | 509 | logit("User %s %s %s is not a regular file", |
503 | pw->pw_name, file); | 510 | pw->pw_name, file_type, file); |
504 | close(fd); | 511 | close(fd); |
505 | return NULL; | 512 | return NULL; |
506 | } | 513 | } |
@@ -513,12 +520,27 @@ auth_openkeyfile(const char *file, struct passwd *pw, int strict_modes) | |||
513 | secure_filename(f, file, pw, line, sizeof(line)) != 0) { | 520 | secure_filename(f, file, pw, line, sizeof(line)) != 0) { |
514 | fclose(f); | 521 | fclose(f); |
515 | logit("Authentication refused: %s", line); | 522 | logit("Authentication refused: %s", line); |
523 | auth_debug_add("Ignored %s: %s", file_type, line); | ||
516 | return NULL; | 524 | return NULL; |
517 | } | 525 | } |
518 | 526 | ||
519 | return f; | 527 | return f; |
520 | } | 528 | } |
521 | 529 | ||
530 | |||
531 | FILE * | ||
532 | auth_openkeyfile(const char *file, struct passwd *pw, int strict_modes) | ||
533 | { | ||
534 | return auth_openfile(file, pw, strict_modes, 1, "authorized keys"); | ||
535 | } | ||
536 | |||
537 | FILE * | ||
538 | auth_openprincipals(const char *file, struct passwd *pw, int strict_modes) | ||
539 | { | ||
540 | return auth_openfile(file, pw, strict_modes, 0, | ||
541 | "authorized principals"); | ||
542 | } | ||
543 | |||
522 | struct passwd * | 544 | struct passwd * |
523 | getpwnamallow(const char *user) | 545 | getpwnamallow(const char *user) |
524 | { | 546 | { |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: auth.h,v 1.65 2010/03/04 10:36:03 djm Exp $ */ | 1 | /* $OpenBSD: auth.h,v 1.66 2010/05/07 11:30:29 djm Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 4 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
@@ -171,8 +171,10 @@ void abandon_challenge_response(Authctxt *); | |||
171 | 171 | ||
172 | char *authorized_keys_file(struct passwd *); | 172 | char *authorized_keys_file(struct passwd *); |
173 | char *authorized_keys_file2(struct passwd *); | 173 | char *authorized_keys_file2(struct passwd *); |
174 | char *authorized_principals_file(struct passwd *); | ||
174 | 175 | ||
175 | FILE *auth_openkeyfile(const char *, struct passwd *, int); | 176 | FILE *auth_openkeyfile(const char *, struct passwd *, int); |
177 | FILE *auth_openprincipals(const char *, struct passwd *, int); | ||
176 | int auth_key_is_revoked(Key *, int); | 178 | int auth_key_is_revoked(Key *, int); |
177 | 179 | ||
178 | HostStatus | 180 | HostStatus |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: auth1.c,v 1.73 2008/07/04 23:30:16 djm Exp $ */ | 1 | /* $OpenBSD: auth1.c,v 1.74 2010/06/25 08:46:17 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
4 | * All rights reserved | 4 | * All rights reserved |
@@ -244,7 +244,7 @@ do_authloop(Authctxt *authctxt) | |||
244 | authctxt->valid ? "" : "invalid user ", authctxt->user); | 244 | authctxt->valid ? "" : "invalid user ", authctxt->user); |
245 | 245 | ||
246 | /* If the user has no password, accept authentication immediately. */ | 246 | /* If the user has no password, accept authentication immediately. */ |
247 | if (options.password_authentication && | 247 | if (options.permit_empty_passwd && options.password_authentication && |
248 | #ifdef KRB5 | 248 | #ifdef KRB5 |
249 | (!options.kerberos_authentication || options.kerberos_or_local_passwd) && | 249 | (!options.kerberos_authentication || options.kerberos_or_local_passwd) && |
250 | #endif | 250 | #endif |
diff --git a/auth2-hostbased.c b/auth2-hostbased.c index 32c06bbdc..700631558 100644 --- a/auth2-hostbased.c +++ b/auth2-hostbased.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: auth2-hostbased.c,v 1.13 2010/03/04 10:36:03 djm Exp $ */ | 1 | /* $OpenBSD: auth2-hostbased.c,v 1.14 2010/08/04 05:42:47 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -141,9 +141,10 @@ int | |||
141 | hostbased_key_allowed(struct passwd *pw, const char *cuser, char *chost, | 141 | hostbased_key_allowed(struct passwd *pw, const char *cuser, char *chost, |
142 | Key *key) | 142 | Key *key) |
143 | { | 143 | { |
144 | const char *resolvedname, *ipaddr, *lookup; | 144 | const char *resolvedname, *ipaddr, *lookup, *reason; |
145 | HostStatus host_status; | 145 | HostStatus host_status; |
146 | int len; | 146 | int len; |
147 | char *fp; | ||
147 | 148 | ||
148 | if (auth_key_is_revoked(key, 0)) | 149 | if (auth_key_is_revoked(key, 0)) |
149 | return 0; | 150 | return 0; |
@@ -174,16 +175,40 @@ hostbased_key_allowed(struct passwd *pw, const char *cuser, char *chost, | |||
174 | } | 175 | } |
175 | debug2("userauth_hostbased: access allowed by auth_rhosts2"); | 176 | debug2("userauth_hostbased: access allowed by auth_rhosts2"); |
176 | 177 | ||
178 | if (key_is_cert(key) && | ||
179 | key_cert_check_authority(key, 1, 0, lookup, &reason)) { | ||
180 | error("%s", reason); | ||
181 | auth_debug_add("%s", reason); | ||
182 | return 0; | ||
183 | } | ||
184 | |||
177 | host_status = check_key_in_hostfiles(pw, key, lookup, | 185 | host_status = check_key_in_hostfiles(pw, key, lookup, |
178 | _PATH_SSH_SYSTEM_HOSTFILE, | 186 | _PATH_SSH_SYSTEM_HOSTFILE, |
179 | options.ignore_user_known_hosts ? NULL : _PATH_SSH_USER_HOSTFILE); | 187 | options.ignore_user_known_hosts ? NULL : _PATH_SSH_USER_HOSTFILE); |
180 | 188 | ||
181 | /* backward compat if no key has been found. */ | 189 | /* backward compat if no key has been found. */ |
182 | if (host_status == HOST_NEW) | 190 | if (host_status == HOST_NEW) { |
183 | host_status = check_key_in_hostfiles(pw, key, lookup, | 191 | host_status = check_key_in_hostfiles(pw, key, lookup, |
184 | _PATH_SSH_SYSTEM_HOSTFILE2, | 192 | _PATH_SSH_SYSTEM_HOSTFILE2, |
185 | options.ignore_user_known_hosts ? NULL : | 193 | options.ignore_user_known_hosts ? NULL : |
186 | _PATH_SSH_USER_HOSTFILE2); | 194 | _PATH_SSH_USER_HOSTFILE2); |
195 | } | ||
196 | |||
197 | if (host_status == HOST_OK) { | ||
198 | if (key_is_cert(key)) { | ||
199 | fp = key_fingerprint(key->cert->signature_key, | ||
200 | SSH_FP_MD5, SSH_FP_HEX); | ||
201 | verbose("Accepted certificate ID \"%s\" signed by " | ||
202 | "%s CA %s from %s@%s", key->cert->key_id, | ||
203 | key_type(key->cert->signature_key), fp, | ||
204 | cuser, lookup); | ||
205 | } else { | ||
206 | fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); | ||
207 | verbose("Accepted %s public key %s from %s@%s", | ||
208 | key_type(key), fp, cuser, lookup); | ||
209 | } | ||
210 | xfree(fp); | ||
211 | } | ||
187 | 212 | ||
188 | return (host_status == HOST_OK); | 213 | return (host_status == HOST_OK); |
189 | } | 214 | } |
diff --git a/auth2-none.c b/auth2-none.c index 08f2f935f..c8c6c74a9 100644 --- a/auth2-none.c +++ b/auth2-none.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: auth2-none.c,v 1.15 2008/07/02 12:36:39 djm Exp $ */ | 1 | /* $OpenBSD: auth2-none.c,v 1.16 2010/06/25 08:46:17 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -61,7 +61,7 @@ userauth_none(Authctxt *authctxt) | |||
61 | { | 61 | { |
62 | none_enabled = 0; | 62 | none_enabled = 0; |
63 | packet_check_eom(); | 63 | packet_check_eom(); |
64 | if (options.password_authentication) | 64 | if (options.permit_empty_passwd && options.password_authentication) |
65 | return (PRIVSEP(auth_password(authctxt, ""))); | 65 | return (PRIVSEP(auth_password(authctxt, ""))); |
66 | return (0); | 66 | return (0); |
67 | } | 67 | } |
diff --git a/auth2-pubkey.c b/auth2-pubkey.c index 49bb062af..2e15424e1 100644 --- a/auth2-pubkey.c +++ b/auth2-pubkey.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: auth2-pubkey.c,v 1.22 2010/03/10 23:27:17 djm Exp $ */ | 1 | /* $OpenBSD: auth2-pubkey.c,v 1.26 2010/06/29 23:16:46 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -57,6 +57,7 @@ | |||
57 | #include "monitor_wrap.h" | 57 | #include "monitor_wrap.h" |
58 | #include "misc.h" | 58 | #include "misc.h" |
59 | #include "authfile.h" | 59 | #include "authfile.h" |
60 | #include "match.h" | ||
60 | 61 | ||
61 | /* import */ | 62 | /* import */ |
62 | extern ServerOptions options; | 63 | extern ServerOptions options; |
@@ -176,6 +177,83 @@ done: | |||
176 | return authenticated; | 177 | return authenticated; |
177 | } | 178 | } |
178 | 179 | ||
180 | static int | ||
181 | match_principals_option(const char *principal_list, struct KeyCert *cert) | ||
182 | { | ||
183 | char *result; | ||
184 | u_int i; | ||
185 | |||
186 | /* XXX percent_expand() sequences for authorized_principals? */ | ||
187 | |||
188 | for (i = 0; i < cert->nprincipals; i++) { | ||
189 | if ((result = match_list(cert->principals[i], | ||
190 | principal_list, NULL)) != NULL) { | ||
191 | debug3("matched principal from key options \"%.100s\"", | ||
192 | result); | ||
193 | xfree(result); | ||
194 | return 1; | ||
195 | } | ||
196 | } | ||
197 | return 0; | ||
198 | } | ||
199 | |||
200 | static int | ||
201 | match_principals_file(char *file, struct passwd *pw, struct KeyCert *cert) | ||
202 | { | ||
203 | FILE *f; | ||
204 | char line[SSH_MAX_PUBKEY_BYTES], *cp, *ep, *line_opts; | ||
205 | u_long linenum = 0; | ||
206 | u_int i; | ||
207 | |||
208 | temporarily_use_uid(pw); | ||
209 | debug("trying authorized principals file %s", file); | ||
210 | if ((f = auth_openprincipals(file, pw, options.strict_modes)) == NULL) { | ||
211 | restore_uid(); | ||
212 | return 0; | ||
213 | } | ||
214 | while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) { | ||
215 | /* Skip leading whitespace. */ | ||
216 | for (cp = line; *cp == ' ' || *cp == '\t'; cp++) | ||
217 | ; | ||
218 | /* Skip blank and comment lines. */ | ||
219 | if ((ep = strchr(cp, '#')) != NULL) | ||
220 | *ep = '\0'; | ||
221 | if (!*cp || *cp == '\n') | ||
222 | continue; | ||
223 | /* Trim trailing whitespace. */ | ||
224 | ep = cp + strlen(cp) - 1; | ||
225 | while (ep > cp && (*ep == '\n' || *ep == ' ' || *ep == '\t')) | ||
226 | *ep-- = '\0'; | ||
227 | /* | ||
228 | * If the line has internal whitespace then assume it has | ||
229 | * key options. | ||
230 | */ | ||
231 | line_opts = NULL; | ||
232 | if ((ep = strrchr(cp, ' ')) != NULL || | ||
233 | (ep = strrchr(cp, '\t')) != NULL) { | ||
234 | for (; *ep == ' ' || *ep == '\t'; ep++) | ||
235 | ;; | ||
236 | line_opts = cp; | ||
237 | cp = ep; | ||
238 | } | ||
239 | for (i = 0; i < cert->nprincipals; i++) { | ||
240 | if (strcmp(cp, cert->principals[i]) == 0) { | ||
241 | debug3("matched principal from file \"%.100s\"", | ||
242 | cert->principals[i]); | ||
243 | if (auth_parse_options(pw, line_opts, | ||
244 | file, linenum) != 1) | ||
245 | continue; | ||
246 | fclose(f); | ||
247 | restore_uid(); | ||
248 | return 1; | ||
249 | } | ||
250 | } | ||
251 | } | ||
252 | fclose(f); | ||
253 | restore_uid(); | ||
254 | return 0; | ||
255 | } | ||
256 | |||
179 | /* return 1 if user allows given key */ | 257 | /* return 1 if user allows given key */ |
180 | static int | 258 | static int |
181 | user_key_allowed2(struct passwd *pw, Key *key, char *file) | 259 | user_key_allowed2(struct passwd *pw, Key *key, char *file) |
@@ -233,26 +311,39 @@ user_key_allowed2(struct passwd *pw, Key *key, char *file) | |||
233 | continue; | 311 | continue; |
234 | } | 312 | } |
235 | } | 313 | } |
236 | if (auth_parse_options(pw, key_options, file, linenum) != 1) | 314 | if (key_is_cert(key)) { |
237 | continue; | ||
238 | if (key->type == KEY_RSA_CERT || key->type == KEY_DSA_CERT) { | ||
239 | if (!key_is_cert_authority) | ||
240 | continue; | ||
241 | if (!key_equal(found, key->cert->signature_key)) | 315 | if (!key_equal(found, key->cert->signature_key)) |
242 | continue; | 316 | continue; |
317 | if (auth_parse_options(pw, key_options, file, | ||
318 | linenum) != 1) | ||
319 | continue; | ||
320 | if (!key_is_cert_authority) | ||
321 | continue; | ||
243 | fp = key_fingerprint(found, SSH_FP_MD5, | 322 | fp = key_fingerprint(found, SSH_FP_MD5, |
244 | SSH_FP_HEX); | 323 | SSH_FP_HEX); |
245 | debug("matching CA found: file %s, line %lu, %s %s", | 324 | debug("matching CA found: file %s, line %lu, %s %s", |
246 | file, linenum, key_type(found), fp); | 325 | file, linenum, key_type(found), fp); |
247 | if (key_cert_check_authority(key, 0, 0, pw->pw_name, | 326 | /* |
248 | &reason) != 0) { | 327 | * If the user has specified a list of principals as |
328 | * a key option, then prefer that list to matching | ||
329 | * their username in the certificate principals list. | ||
330 | */ | ||
331 | if (authorized_principals != NULL && | ||
332 | !match_principals_option(authorized_principals, | ||
333 | key->cert)) { | ||
334 | reason = "Certificate does not contain an " | ||
335 | "authorized principal"; | ||
336 | fail_reason: | ||
249 | xfree(fp); | 337 | xfree(fp); |
250 | error("%s", reason); | 338 | error("%s", reason); |
251 | auth_debug_add("%s", reason); | 339 | auth_debug_add("%s", reason); |
252 | continue; | 340 | continue; |
253 | } | 341 | } |
254 | if (auth_cert_constraints(&key->cert->constraints, | 342 | if (key_cert_check_authority(key, 0, 0, |
255 | pw) != 0) { | 343 | authorized_principals == NULL ? pw->pw_name : NULL, |
344 | &reason) != 0) | ||
345 | goto fail_reason; | ||
346 | if (auth_cert_options(key, pw) != 0) { | ||
256 | xfree(fp); | 347 | xfree(fp); |
257 | continue; | 348 | continue; |
258 | } | 349 | } |
@@ -262,7 +353,12 @@ user_key_allowed2(struct passwd *pw, Key *key, char *file) | |||
262 | xfree(fp); | 353 | xfree(fp); |
263 | found_key = 1; | 354 | found_key = 1; |
264 | break; | 355 | break; |
265 | } else if (!key_is_cert_authority && key_equal(found, key)) { | 356 | } else if (key_equal(found, key)) { |
357 | if (auth_parse_options(pw, key_options, file, | ||
358 | linenum) != 1) | ||
359 | continue; | ||
360 | if (key_is_cert_authority) | ||
361 | continue; | ||
266 | found_key = 1; | 362 | found_key = 1; |
267 | debug("matching key found: file %s, line %lu", | 363 | debug("matching key found: file %s, line %lu", |
268 | file, linenum); | 364 | file, linenum); |
@@ -285,7 +381,7 @@ user_key_allowed2(struct passwd *pw, Key *key, char *file) | |||
285 | static int | 381 | static int |
286 | user_cert_trusted_ca(struct passwd *pw, Key *key) | 382 | user_cert_trusted_ca(struct passwd *pw, Key *key) |
287 | { | 383 | { |
288 | char *ca_fp; | 384 | char *ca_fp, *principals_file = NULL; |
289 | const char *reason; | 385 | const char *reason; |
290 | int ret = 0; | 386 | int ret = 0; |
291 | 387 | ||
@@ -302,12 +398,25 @@ user_cert_trusted_ca(struct passwd *pw, Key *key) | |||
302 | options.trusted_user_ca_keys); | 398 | options.trusted_user_ca_keys); |
303 | goto out; | 399 | goto out; |
304 | } | 400 | } |
305 | if (key_cert_check_authority(key, 0, 1, pw->pw_name, &reason) != 0) { | 401 | /* |
306 | error("%s", reason); | 402 | * If AuthorizedPrincipals is in use, then compare the certificate |
307 | auth_debug_add("%s", reason); | 403 | * principals against the names in that file rather than matching |
308 | goto out; | 404 | * against the username. |
405 | */ | ||
406 | if ((principals_file = authorized_principals_file(pw)) != NULL) { | ||
407 | if (!match_principals_file(principals_file, pw, key->cert)) { | ||
408 | reason = "Certificate does not contain an " | ||
409 | "authorized principal"; | ||
410 | fail_reason: | ||
411 | error("%s", reason); | ||
412 | auth_debug_add("%s", reason); | ||
413 | goto out; | ||
414 | } | ||
309 | } | 415 | } |
310 | if (auth_cert_constraints(&key->cert->constraints, pw) != 0) | 416 | if (key_cert_check_authority(key, 0, 1, |
417 | principals_file == NULL ? pw->pw_name : NULL, &reason) != 0) | ||
418 | goto fail_reason; | ||
419 | if (auth_cert_options(key, pw) != 0) | ||
311 | goto out; | 420 | goto out; |
312 | 421 | ||
313 | verbose("Accepted certificate ID \"%s\" signed by %s CA %s via %s", | 422 | verbose("Accepted certificate ID \"%s\" signed by %s CA %s via %s", |
@@ -316,6 +425,8 @@ user_cert_trusted_ca(struct passwd *pw, Key *key) | |||
316 | ret = 1; | 425 | ret = 1; |
317 | 426 | ||
318 | out: | 427 | out: |
428 | if (principals_file != NULL) | ||
429 | xfree(principals_file); | ||
319 | if (ca_fp != NULL) | 430 | if (ca_fp != NULL) |
320 | xfree(ca_fp); | 431 | xfree(ca_fp); |
321 | return ret; | 432 | return ret; |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: authfd.c,v 1.82 2010/02/26 20:29:54 djm Exp $ */ | 1 | /* $OpenBSD: authfd.c,v 1.83 2010/04/16 01:47:26 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -483,6 +483,7 @@ ssh_encode_identity_ssh2(Buffer *b, Key *key, const char *comment) | |||
483 | buffer_put_bignum2(b, key->rsa->p); | 483 | buffer_put_bignum2(b, key->rsa->p); |
484 | buffer_put_bignum2(b, key->rsa->q); | 484 | buffer_put_bignum2(b, key->rsa->q); |
485 | break; | 485 | break; |
486 | case KEY_RSA_CERT_V00: | ||
486 | case KEY_RSA_CERT: | 487 | case KEY_RSA_CERT: |
487 | if (key->cert == NULL || buffer_len(&key->cert->certblob) == 0) | 488 | if (key->cert == NULL || buffer_len(&key->cert->certblob) == 0) |
488 | fatal("%s: no cert/certblob", __func__); | 489 | fatal("%s: no cert/certblob", __func__); |
@@ -500,6 +501,7 @@ ssh_encode_identity_ssh2(Buffer *b, Key *key, const char *comment) | |||
500 | buffer_put_bignum2(b, key->dsa->pub_key); | 501 | buffer_put_bignum2(b, key->dsa->pub_key); |
501 | buffer_put_bignum2(b, key->dsa->priv_key); | 502 | buffer_put_bignum2(b, key->dsa->priv_key); |
502 | break; | 503 | break; |
504 | case KEY_DSA_CERT_V00: | ||
503 | case KEY_DSA_CERT: | 505 | case KEY_DSA_CERT: |
504 | if (key->cert == NULL || buffer_len(&key->cert->certblob) == 0) | 506 | if (key->cert == NULL || buffer_len(&key->cert->certblob) == 0) |
505 | fatal("%s: no cert/certblob", __func__); | 507 | fatal("%s: no cert/certblob", __func__); |
@@ -535,8 +537,10 @@ ssh_add_identity_constrained(AuthenticationConnection *auth, Key *key, | |||
535 | break; | 537 | break; |
536 | case KEY_RSA: | 538 | case KEY_RSA: |
537 | case KEY_RSA_CERT: | 539 | case KEY_RSA_CERT: |
540 | case KEY_RSA_CERT_V00: | ||
538 | case KEY_DSA: | 541 | case KEY_DSA: |
539 | case KEY_DSA_CERT: | 542 | case KEY_DSA_CERT: |
543 | case KEY_DSA_CERT_V00: | ||
540 | type = constrained ? | 544 | type = constrained ? |
541 | SSH2_AGENTC_ADD_ID_CONSTRAINED : | 545 | SSH2_AGENTC_ADD_ID_CONSTRAINED : |
542 | SSH2_AGENTC_ADD_IDENTITY; | 546 | SSH2_AGENTC_ADD_IDENTITY; |
diff --git a/authfile.c b/authfile.c index 4d0823209..deac28f6a 100644 --- a/authfile.c +++ b/authfile.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: authfile.c,v 1.80 2010/03/04 10:36:03 djm Exp $ */ | 1 | /* $OpenBSD: authfile.c,v 1.82 2010/08/04 05:49:22 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -694,6 +694,66 @@ key_load_public(const char *filename, char **commentp) | |||
694 | return NULL; | 694 | return NULL; |
695 | } | 695 | } |
696 | 696 | ||
697 | /* Load the certificate associated with the named private key */ | ||
698 | Key * | ||
699 | key_load_cert(const char *filename) | ||
700 | { | ||
701 | Key *pub; | ||
702 | char *file; | ||
703 | |||
704 | pub = key_new(KEY_UNSPEC); | ||
705 | xasprintf(&file, "%s-cert.pub", filename); | ||
706 | if (key_try_load_public(pub, file, NULL) == 1) { | ||
707 | xfree(file); | ||
708 | return pub; | ||
709 | } | ||
710 | xfree(file); | ||
711 | key_free(pub); | ||
712 | return NULL; | ||
713 | } | ||
714 | |||
715 | /* Load private key and certificate */ | ||
716 | Key * | ||
717 | key_load_private_cert(int type, const char *filename, const char *passphrase, | ||
718 | int *perm_ok) | ||
719 | { | ||
720 | Key *key, *pub; | ||
721 | |||
722 | switch (type) { | ||
723 | case KEY_RSA: | ||
724 | case KEY_DSA: | ||
725 | break; | ||
726 | default: | ||
727 | error("%s: unsupported key type", __func__); | ||
728 | return NULL; | ||
729 | } | ||
730 | |||
731 | if ((key = key_load_private_type(type, filename, | ||
732 | passphrase, NULL, perm_ok)) == NULL) | ||
733 | return NULL; | ||
734 | |||
735 | if ((pub = key_load_cert(filename)) == NULL) { | ||
736 | key_free(key); | ||
737 | return NULL; | ||
738 | } | ||
739 | |||
740 | /* Make sure the private key matches the certificate */ | ||
741 | if (key_equal_public(key, pub) == 0) { | ||
742 | error("%s: certificate does not match private key %s", | ||
743 | __func__, filename); | ||
744 | } else if (key_to_certified(key, key_cert_is_legacy(pub)) != 0) { | ||
745 | error("%s: key_to_certified failed", __func__); | ||
746 | } else { | ||
747 | key_cert_copy(pub, key); | ||
748 | key_free(pub); | ||
749 | return key; | ||
750 | } | ||
751 | |||
752 | key_free(key); | ||
753 | key_free(pub); | ||
754 | return NULL; | ||
755 | } | ||
756 | |||
697 | /* | 757 | /* |
698 | * Returns 1 if the specified "key" is listed in the file "filename", | 758 | * Returns 1 if the specified "key" is listed in the file "filename", |
699 | * 0 if the key is not listed or -1 on error. | 759 | * 0 if the key is not listed or -1 on error. |
diff --git a/authfile.h b/authfile.h index 674fc939f..094b855bd 100644 --- a/authfile.h +++ b/authfile.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: authfile.h,v 1.14 2010/03/04 10:36:03 djm Exp $ */ | 1 | /* $OpenBSD: authfile.h,v 1.15 2010/08/04 05:42:47 djm Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
@@ -16,9 +16,11 @@ | |||
16 | #define AUTHFILE_H | 16 | #define AUTHFILE_H |
17 | 17 | ||
18 | int key_save_private(Key *, const char *, const char *, const char *); | 18 | int key_save_private(Key *, const char *, const char *, const char *); |
19 | Key *key_load_cert(const char *); | ||
19 | Key *key_load_public(const char *, char **); | 20 | Key *key_load_public(const char *, char **); |
20 | Key *key_load_public_type(int, const char *, char **); | 21 | Key *key_load_public_type(int, const char *, char **); |
21 | Key *key_load_private(const char *, const char *, char **); | 22 | Key *key_load_private(const char *, const char *, char **); |
23 | Key *key_load_private_cert(int, const char *, const char *, int *); | ||
22 | Key *key_load_private_type(int, const char *, const char *, char **, int *); | 24 | Key *key_load_private_type(int, const char *, const char *, char **, int *); |
23 | Key *key_load_private_pem(int, int, const char *, char **); | 25 | Key *key_load_private_pem(int, int, const char *, char **); |
24 | int key_perm_ok(int, const char *); | 26 | int key_perm_ok(int, const char *); |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: bufaux.c,v 1.48 2010/02/02 22:49:34 djm Exp $ */ | 1 | /* $OpenBSD: bufaux.c,v 1.49 2010/03/26 03:13:17 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -84,7 +84,8 @@ buffer_get_int_ret(u_int *ret, Buffer *buffer) | |||
84 | 84 | ||
85 | if (buffer_get_ret(buffer, (char *) buf, 4) == -1) | 85 | if (buffer_get_ret(buffer, (char *) buf, 4) == -1) |
86 | return (-1); | 86 | return (-1); |
87 | *ret = get_u32(buf); | 87 | if (ret != NULL) |
88 | *ret = get_u32(buf); | ||
88 | return (0); | 89 | return (0); |
89 | } | 90 | } |
90 | 91 | ||
@@ -106,7 +107,8 @@ buffer_get_int64_ret(u_int64_t *ret, Buffer *buffer) | |||
106 | 107 | ||
107 | if (buffer_get_ret(buffer, (char *) buf, 8) == -1) | 108 | if (buffer_get_ret(buffer, (char *) buf, 8) == -1) |
108 | return (-1); | 109 | return (-1); |
109 | *ret = get_u64(buf); | 110 | if (ret != NULL) |
111 | *ret = get_u64(buf); | ||
110 | return (0); | 112 | return (0); |
111 | } | 113 | } |
112 | 114 | ||
diff --git a/channels.c b/channels.c index a55d27817..1cd5004c4 100644 --- a/channels.c +++ b/channels.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: channels.c,v 1.303 2010/01/30 21:12:08 djm Exp $ */ | 1 | /* $OpenBSD: channels.c,v 1.309 2010/08/05 13:08:42 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -114,10 +114,10 @@ typedef struct { | |||
114 | } ForwardPermission; | 114 | } ForwardPermission; |
115 | 115 | ||
116 | /* List of all permitted host/port pairs to connect by the user. */ | 116 | /* List of all permitted host/port pairs to connect by the user. */ |
117 | static ForwardPermission permitted_opens[SSH_MAX_FORWARDS_PER_DIRECTION]; | 117 | static ForwardPermission *permitted_opens = NULL; |
118 | 118 | ||
119 | /* List of all permitted host/port pairs to connect by the admin. */ | 119 | /* List of all permitted host/port pairs to connect by the admin. */ |
120 | static ForwardPermission permitted_adm_opens[SSH_MAX_FORWARDS_PER_DIRECTION]; | 120 | static ForwardPermission *permitted_adm_opens = NULL; |
121 | 121 | ||
122 | /* Number of permitted host/port pairs in the array permitted by the user. */ | 122 | /* Number of permitted host/port pairs in the array permitted by the user. */ |
123 | static int num_permitted_opens = 0; | 123 | static int num_permitted_opens = 0; |
@@ -330,6 +330,7 @@ channel_new(char *ctype, int type, int rfd, int wfd, int efd, | |||
330 | c->ctl_chan = -1; | 330 | c->ctl_chan = -1; |
331 | c->mux_rcb = NULL; | 331 | c->mux_rcb = NULL; |
332 | c->mux_ctx = NULL; | 332 | c->mux_ctx = NULL; |
333 | c->mux_pause = 0; | ||
333 | c->delayed = 1; /* prevent call to channel_post handler */ | 334 | c->delayed = 1; /* prevent call to channel_post handler */ |
334 | TAILQ_INIT(&c->status_confirms); | 335 | TAILQ_INIT(&c->status_confirms); |
335 | debug("channel %d: new [%s]", found, remote_name); | 336 | debug("channel %d: new [%s]", found, remote_name); |
@@ -703,7 +704,7 @@ channel_register_status_confirm(int id, channel_confirm_cb *cb, | |||
703 | } | 704 | } |
704 | 705 | ||
705 | void | 706 | void |
706 | channel_register_open_confirm(int id, channel_callback_fn *fn, void *ctx) | 707 | channel_register_open_confirm(int id, channel_open_fn *fn, void *ctx) |
707 | { | 708 | { |
708 | Channel *c = channel_lookup(id); | 709 | Channel *c = channel_lookup(id); |
709 | 710 | ||
@@ -838,8 +839,9 @@ channel_pre_open(Channel *c, fd_set *readset, fd_set *writeset) | |||
838 | if (c->extended_usage == CHAN_EXTENDED_WRITE && | 839 | if (c->extended_usage == CHAN_EXTENDED_WRITE && |
839 | buffer_len(&c->extended) > 0) | 840 | buffer_len(&c->extended) > 0) |
840 | FD_SET(c->efd, writeset); | 841 | FD_SET(c->efd, writeset); |
841 | else if (!(c->flags & CHAN_EOF_SENT) && | 842 | else if (c->efd != -1 && !(c->flags & CHAN_EOF_SENT) && |
842 | c->extended_usage == CHAN_EXTENDED_READ && | 843 | (c->extended_usage == CHAN_EXTENDED_READ || |
844 | c->extended_usage == CHAN_EXTENDED_IGNORE) && | ||
843 | buffer_len(&c->extended) < c->remote_window) | 845 | buffer_len(&c->extended) < c->remote_window) |
844 | FD_SET(c->efd, readset); | 846 | FD_SET(c->efd, readset); |
845 | } | 847 | } |
@@ -915,7 +917,7 @@ x11_open_helper(Buffer *b) | |||
915 | } | 917 | } |
916 | /* Check if authentication data matches our fake data. */ | 918 | /* Check if authentication data matches our fake data. */ |
917 | if (data_len != x11_fake_data_len || | 919 | if (data_len != x11_fake_data_len || |
918 | memcmp(ucp + 12 + ((proto_len + 3) & ~3), | 920 | timingsafe_bcmp(ucp + 12 + ((proto_len + 3) & ~3), |
919 | x11_fake_data, x11_fake_data_len) != 0) { | 921 | x11_fake_data, x11_fake_data_len) != 0) { |
920 | debug2("X11 auth data does not match fake data."); | 922 | debug2("X11 auth data does not match fake data."); |
921 | return -1; | 923 | return -1; |
@@ -991,7 +993,7 @@ channel_pre_x11_open(Channel *c, fd_set *readset, fd_set *writeset) | |||
991 | static void | 993 | static void |
992 | channel_pre_mux_client(Channel *c, fd_set *readset, fd_set *writeset) | 994 | channel_pre_mux_client(Channel *c, fd_set *readset, fd_set *writeset) |
993 | { | 995 | { |
994 | if (c->istate == CHAN_INPUT_OPEN && | 996 | if (c->istate == CHAN_INPUT_OPEN && !c->mux_pause && |
995 | buffer_check_alloc(&c->input, CHAN_RBUF)) | 997 | buffer_check_alloc(&c->input, CHAN_RBUF)) |
996 | FD_SET(c->rfd, readset); | 998 | FD_SET(c->rfd, readset); |
997 | if (c->istate == CHAN_INPUT_WAIT_DRAIN) { | 999 | if (c->istate == CHAN_INPUT_WAIT_DRAIN) { |
@@ -1642,13 +1644,14 @@ channel_handle_wfd(Channel *c, fd_set *readset, fd_set *writeset) | |||
1642 | { | 1644 | { |
1643 | struct termios tio; | 1645 | struct termios tio; |
1644 | u_char *data = NULL, *buf; | 1646 | u_char *data = NULL, *buf; |
1645 | u_int dlen; | 1647 | u_int dlen, olen = 0; |
1646 | int len; | 1648 | int len; |
1647 | 1649 | ||
1648 | /* Send buffered output data to the socket. */ | 1650 | /* Send buffered output data to the socket. */ |
1649 | if (c->wfd != -1 && | 1651 | if (c->wfd != -1 && |
1650 | FD_ISSET(c->wfd, writeset) && | 1652 | FD_ISSET(c->wfd, writeset) && |
1651 | buffer_len(&c->output) > 0) { | 1653 | buffer_len(&c->output) > 0) { |
1654 | olen = buffer_len(&c->output); | ||
1652 | if (c->output_filter != NULL) { | 1655 | if (c->output_filter != NULL) { |
1653 | if ((buf = c->output_filter(c, &data, &dlen)) == NULL) { | 1656 | if ((buf = c->output_filter(c, &data, &dlen)) == NULL) { |
1654 | debug2("channel %d: filter stops", c->self); | 1657 | debug2("channel %d: filter stops", c->self); |
@@ -1667,7 +1670,6 @@ channel_handle_wfd(Channel *c, fd_set *readset, fd_set *writeset) | |||
1667 | 1670 | ||
1668 | if (c->datagram) { | 1671 | if (c->datagram) { |
1669 | /* ignore truncated writes, datagrams might get lost */ | 1672 | /* ignore truncated writes, datagrams might get lost */ |
1670 | c->local_consumed += dlen + 4; | ||
1671 | len = write(c->wfd, buf, dlen); | 1673 | len = write(c->wfd, buf, dlen); |
1672 | xfree(data); | 1674 | xfree(data); |
1673 | if (len < 0 && (errno == EINTR || errno == EAGAIN || | 1675 | if (len < 0 && (errno == EINTR || errno == EAGAIN || |
@@ -1680,7 +1682,7 @@ channel_handle_wfd(Channel *c, fd_set *readset, fd_set *writeset) | |||
1680 | chan_write_failed(c); | 1682 | chan_write_failed(c); |
1681 | return -1; | 1683 | return -1; |
1682 | } | 1684 | } |
1683 | return 1; | 1685 | goto out; |
1684 | } | 1686 | } |
1685 | #ifdef _AIX | 1687 | #ifdef _AIX |
1686 | /* XXX: Later AIX versions can't push as much data to tty */ | 1688 | /* XXX: Later AIX versions can't push as much data to tty */ |
@@ -1722,10 +1724,10 @@ channel_handle_wfd(Channel *c, fd_set *readset, fd_set *writeset) | |||
1722 | } | 1724 | } |
1723 | #endif | 1725 | #endif |
1724 | buffer_consume(&c->output, len); | 1726 | buffer_consume(&c->output, len); |
1725 | if (compat20 && len > 0) { | ||
1726 | c->local_consumed += len; | ||
1727 | } | ||
1728 | } | 1727 | } |
1728 | out: | ||
1729 | if (compat20 && olen > 0) | ||
1730 | c->local_consumed += olen - buffer_len(&c->output); | ||
1729 | return 1; | 1731 | return 1; |
1730 | } | 1732 | } |
1731 | 1733 | ||
@@ -1755,7 +1757,9 @@ channel_handle_efd(Channel *c, fd_set *readset, fd_set *writeset) | |||
1755 | buffer_consume(&c->extended, len); | 1757 | buffer_consume(&c->extended, len); |
1756 | c->local_consumed += len; | 1758 | c->local_consumed += len; |
1757 | } | 1759 | } |
1758 | } else if (c->extended_usage == CHAN_EXTENDED_READ && | 1760 | } else if (c->efd != -1 && |
1761 | (c->extended_usage == CHAN_EXTENDED_READ || | ||
1762 | c->extended_usage == CHAN_EXTENDED_IGNORE) && | ||
1759 | (c->detach_close || FD_ISSET(c->efd, readset))) { | 1763 | (c->detach_close || FD_ISSET(c->efd, readset))) { |
1760 | len = read(c->efd, buf, sizeof(buf)); | 1764 | len = read(c->efd, buf, sizeof(buf)); |
1761 | debug2("channel %d: read %d from efd %d", | 1765 | debug2("channel %d: read %d from efd %d", |
@@ -1768,7 +1772,11 @@ channel_handle_efd(Channel *c, fd_set *readset, fd_set *writeset) | |||
1768 | c->self, c->efd); | 1772 | c->self, c->efd); |
1769 | channel_close_fd(&c->efd); | 1773 | channel_close_fd(&c->efd); |
1770 | } else { | 1774 | } else { |
1771 | buffer_append(&c->extended, buf, len); | 1775 | if (c->extended_usage == CHAN_EXTENDED_IGNORE) { |
1776 | debug3("channel %d: discard efd", | ||
1777 | c->self); | ||
1778 | } else | ||
1779 | buffer_append(&c->extended, buf, len); | ||
1772 | } | 1780 | } |
1773 | } | 1781 | } |
1774 | } | 1782 | } |
@@ -1840,7 +1848,7 @@ channel_post_mux_client(Channel *c, fd_set *readset, fd_set *writeset) | |||
1840 | if (!compat20) | 1848 | if (!compat20) |
1841 | fatal("%s: entered with !compat20", __func__); | 1849 | fatal("%s: entered with !compat20", __func__); |
1842 | 1850 | ||
1843 | if (c->rfd != -1 && FD_ISSET(c->rfd, readset) && | 1851 | if (c->rfd != -1 && !c->mux_pause && FD_ISSET(c->rfd, readset) && |
1844 | (c->istate == CHAN_INPUT_OPEN || | 1852 | (c->istate == CHAN_INPUT_OPEN || |
1845 | c->istate == CHAN_INPUT_WAIT_DRAIN)) { | 1853 | c->istate == CHAN_INPUT_WAIT_DRAIN)) { |
1846 | /* | 1854 | /* |
@@ -2164,6 +2172,14 @@ channel_output_poll(void) | |||
2164 | 2172 | ||
2165 | data = buffer_get_string(&c->input, | 2173 | data = buffer_get_string(&c->input, |
2166 | &dlen); | 2174 | &dlen); |
2175 | if (dlen > c->remote_window || | ||
2176 | dlen > c->remote_maxpacket) { | ||
2177 | debug("channel %d: datagram " | ||
2178 | "too big for channel", | ||
2179 | c->self); | ||
2180 | xfree(data); | ||
2181 | continue; | ||
2182 | } | ||
2167 | packet_start(SSH2_MSG_CHANNEL_DATA); | 2183 | packet_start(SSH2_MSG_CHANNEL_DATA); |
2168 | packet_put_int(c->remote_id); | 2184 | packet_put_int(c->remote_id); |
2169 | packet_put_string(data, dlen); | 2185 | packet_put_string(data, dlen); |
@@ -2249,7 +2265,7 @@ channel_input_data(int type, u_int32_t seq, void *ctxt) | |||
2249 | { | 2265 | { |
2250 | int id; | 2266 | int id; |
2251 | char *data; | 2267 | char *data; |
2252 | u_int data_len; | 2268 | u_int data_len, win_len; |
2253 | Channel *c; | 2269 | Channel *c; |
2254 | 2270 | ||
2255 | /* Get the channel number and verify it. */ | 2271 | /* Get the channel number and verify it. */ |
@@ -2265,6 +2281,9 @@ channel_input_data(int type, u_int32_t seq, void *ctxt) | |||
2265 | 2281 | ||
2266 | /* Get the data. */ | 2282 | /* Get the data. */ |
2267 | data = packet_get_string_ptr(&data_len); | 2283 | data = packet_get_string_ptr(&data_len); |
2284 | win_len = data_len; | ||
2285 | if (c->datagram) | ||
2286 | win_len += 4; /* string length header */ | ||
2268 | 2287 | ||
2269 | /* | 2288 | /* |
2270 | * Ignore data for protocol > 1.3 if output end is no longer open. | 2289 | * Ignore data for protocol > 1.3 if output end is no longer open. |
@@ -2275,23 +2294,23 @@ channel_input_data(int type, u_int32_t seq, void *ctxt) | |||
2275 | */ | 2294 | */ |
2276 | if (!compat13 && c->ostate != CHAN_OUTPUT_OPEN) { | 2295 | if (!compat13 && c->ostate != CHAN_OUTPUT_OPEN) { |
2277 | if (compat20) { | 2296 | if (compat20) { |
2278 | c->local_window -= data_len; | 2297 | c->local_window -= win_len; |
2279 | c->local_consumed += data_len; | 2298 | c->local_consumed += win_len; |
2280 | } | 2299 | } |
2281 | return; | 2300 | return; |
2282 | } | 2301 | } |
2283 | 2302 | ||
2284 | if (compat20) { | 2303 | if (compat20) { |
2285 | if (data_len > c->local_maxpacket) { | 2304 | if (win_len > c->local_maxpacket) { |
2286 | logit("channel %d: rcvd big packet %d, maxpack %d", | 2305 | logit("channel %d: rcvd big packet %d, maxpack %d", |
2287 | c->self, data_len, c->local_maxpacket); | 2306 | c->self, win_len, c->local_maxpacket); |
2288 | } | 2307 | } |
2289 | if (data_len > c->local_window) { | 2308 | if (win_len > c->local_window) { |
2290 | logit("channel %d: rcvd too much data %d, win %d", | 2309 | logit("channel %d: rcvd too much data %d, win %d", |
2291 | c->self, data_len, c->local_window); | 2310 | c->self, win_len, c->local_window); |
2292 | return; | 2311 | return; |
2293 | } | 2312 | } |
2294 | c->local_window -= data_len; | 2313 | c->local_window -= win_len; |
2295 | } | 2314 | } |
2296 | if (c->datagram) | 2315 | if (c->datagram) |
2297 | buffer_put_string(&c->output, data, data_len); | 2316 | buffer_put_string(&c->output, data, data_len); |
@@ -2463,7 +2482,7 @@ channel_input_open_confirmation(int type, u_int32_t seq, void *ctxt) | |||
2463 | c->remote_maxpacket = packet_get_int(); | 2482 | c->remote_maxpacket = packet_get_int(); |
2464 | if (c->open_confirm) { | 2483 | if (c->open_confirm) { |
2465 | debug2("callback start"); | 2484 | debug2("callback start"); |
2466 | c->open_confirm(c->self, c->open_confirm_ctx); | 2485 | c->open_confirm(c->self, 1, c->open_confirm_ctx); |
2467 | debug2("callback done"); | 2486 | debug2("callback done"); |
2468 | } | 2487 | } |
2469 | debug2("channel %d: open confirm rwindow %u rmax %u", c->self, | 2488 | debug2("channel %d: open confirm rwindow %u rmax %u", c->self, |
@@ -2514,6 +2533,11 @@ channel_input_open_failure(int type, u_int32_t seq, void *ctxt) | |||
2514 | xfree(msg); | 2533 | xfree(msg); |
2515 | if (lang != NULL) | 2534 | if (lang != NULL) |
2516 | xfree(lang); | 2535 | xfree(lang); |
2536 | if (c->open_confirm) { | ||
2537 | debug2("callback start"); | ||
2538 | c->open_confirm(c->self, 0, c->open_confirm_ctx); | ||
2539 | debug2("callback done"); | ||
2540 | } | ||
2517 | } | 2541 | } |
2518 | packet_check_eom(); | 2542 | packet_check_eom(); |
2519 | /* Schedule the channel for cleanup/deletion. */ | 2543 | /* Schedule the channel for cleanup/deletion. */ |
@@ -2832,10 +2856,6 @@ channel_request_remote_forwarding(const char *listen_host, u_short listen_port, | |||
2832 | { | 2856 | { |
2833 | int type, success = 0; | 2857 | int type, success = 0; |
2834 | 2858 | ||
2835 | /* Record locally that connection to this host/port is permitted. */ | ||
2836 | if (num_permitted_opens >= SSH_MAX_FORWARDS_PER_DIRECTION) | ||
2837 | fatal("channel_request_remote_forwarding: too many forwards"); | ||
2838 | |||
2839 | /* Send the forward request to the remote side. */ | 2859 | /* Send the forward request to the remote side. */ |
2840 | if (compat20) { | 2860 | if (compat20) { |
2841 | const char *address_to_bind; | 2861 | const char *address_to_bind; |
@@ -2885,6 +2905,9 @@ channel_request_remote_forwarding(const char *listen_host, u_short listen_port, | |||
2885 | } | 2905 | } |
2886 | } | 2906 | } |
2887 | if (success) { | 2907 | if (success) { |
2908 | /* Record that connection to this host/port is permitted. */ | ||
2909 | permitted_opens = xrealloc(permitted_opens, | ||
2910 | num_permitted_opens + 1, sizeof(*permitted_opens)); | ||
2888 | permitted_opens[num_permitted_opens].host_to_connect = xstrdup(host_to_connect); | 2911 | permitted_opens[num_permitted_opens].host_to_connect = xstrdup(host_to_connect); |
2889 | permitted_opens[num_permitted_opens].port_to_connect = port_to_connect; | 2912 | permitted_opens[num_permitted_opens].port_to_connect = port_to_connect; |
2890 | permitted_opens[num_permitted_opens].listen_port = listen_port; | 2913 | permitted_opens[num_permitted_opens].listen_port = listen_port; |
@@ -2982,10 +3005,10 @@ channel_permit_all_opens(void) | |||
2982 | void | 3005 | void |
2983 | channel_add_permitted_opens(char *host, int port) | 3006 | channel_add_permitted_opens(char *host, int port) |
2984 | { | 3007 | { |
2985 | if (num_permitted_opens >= SSH_MAX_FORWARDS_PER_DIRECTION) | ||
2986 | fatal("channel_add_permitted_opens: too many forwards"); | ||
2987 | debug("allow port forwarding to host %s port %d", host, port); | 3008 | debug("allow port forwarding to host %s port %d", host, port); |
2988 | 3009 | ||
3010 | permitted_opens = xrealloc(permitted_opens, | ||
3011 | num_permitted_opens + 1, sizeof(*permitted_opens)); | ||
2989 | permitted_opens[num_permitted_opens].host_to_connect = xstrdup(host); | 3012 | permitted_opens[num_permitted_opens].host_to_connect = xstrdup(host); |
2990 | permitted_opens[num_permitted_opens].port_to_connect = port; | 3013 | permitted_opens[num_permitted_opens].port_to_connect = port; |
2991 | num_permitted_opens++; | 3014 | num_permitted_opens++; |
@@ -2996,10 +3019,10 @@ channel_add_permitted_opens(char *host, int port) | |||
2996 | int | 3019 | int |
2997 | channel_add_adm_permitted_opens(char *host, int port) | 3020 | channel_add_adm_permitted_opens(char *host, int port) |
2998 | { | 3021 | { |
2999 | if (num_adm_permitted_opens >= SSH_MAX_FORWARDS_PER_DIRECTION) | ||
3000 | fatal("channel_add_adm_permitted_opens: too many forwards"); | ||
3001 | debug("config allows port forwarding to host %s port %d", host, port); | 3022 | debug("config allows port forwarding to host %s port %d", host, port); |
3002 | 3023 | ||
3024 | permitted_adm_opens = xrealloc(permitted_adm_opens, | ||
3025 | num_adm_permitted_opens + 1, sizeof(*permitted_adm_opens)); | ||
3003 | permitted_adm_opens[num_adm_permitted_opens].host_to_connect | 3026 | permitted_adm_opens[num_adm_permitted_opens].host_to_connect |
3004 | = xstrdup(host); | 3027 | = xstrdup(host); |
3005 | permitted_adm_opens[num_adm_permitted_opens].port_to_connect = port; | 3028 | permitted_adm_opens[num_adm_permitted_opens].port_to_connect = port; |
@@ -3014,6 +3037,10 @@ channel_clear_permitted_opens(void) | |||
3014 | for (i = 0; i < num_permitted_opens; i++) | 3037 | for (i = 0; i < num_permitted_opens; i++) |
3015 | if (permitted_opens[i].host_to_connect != NULL) | 3038 | if (permitted_opens[i].host_to_connect != NULL) |
3016 | xfree(permitted_opens[i].host_to_connect); | 3039 | xfree(permitted_opens[i].host_to_connect); |
3040 | if (num_permitted_opens > 0) { | ||
3041 | xfree(permitted_opens); | ||
3042 | permitted_opens = NULL; | ||
3043 | } | ||
3017 | num_permitted_opens = 0; | 3044 | num_permitted_opens = 0; |
3018 | } | 3045 | } |
3019 | 3046 | ||
@@ -3025,6 +3052,10 @@ channel_clear_adm_permitted_opens(void) | |||
3025 | for (i = 0; i < num_adm_permitted_opens; i++) | 3052 | for (i = 0; i < num_adm_permitted_opens; i++) |
3026 | if (permitted_adm_opens[i].host_to_connect != NULL) | 3053 | if (permitted_adm_opens[i].host_to_connect != NULL) |
3027 | xfree(permitted_adm_opens[i].host_to_connect); | 3054 | xfree(permitted_adm_opens[i].host_to_connect); |
3055 | if (num_adm_permitted_opens > 0) { | ||
3056 | xfree(permitted_adm_opens); | ||
3057 | permitted_adm_opens = NULL; | ||
3058 | } | ||
3028 | num_adm_permitted_opens = 0; | 3059 | num_adm_permitted_opens = 0; |
3029 | } | 3060 | } |
3030 | 3061 | ||
diff --git a/channels.h b/channels.h index cc71885f4..0680ed00e 100644 --- a/channels.h +++ b/channels.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: channels.h,v 1.103 2010/01/26 01:28:35 djm Exp $ */ | 1 | /* $OpenBSD: channels.h,v 1.104 2010/05/14 23:29:23 djm Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
@@ -60,6 +60,7 @@ | |||
60 | struct Channel; | 60 | struct Channel; |
61 | typedef struct Channel Channel; | 61 | typedef struct Channel Channel; |
62 | 62 | ||
63 | typedef void channel_open_fn(int, int, void *); | ||
63 | typedef void channel_callback_fn(int, void *); | 64 | typedef void channel_callback_fn(int, void *); |
64 | typedef int channel_infilter_fn(struct Channel *, char *, int); | 65 | typedef int channel_infilter_fn(struct Channel *, char *, int); |
65 | typedef void channel_filter_cleanup_fn(int, void *); | 66 | typedef void channel_filter_cleanup_fn(int, void *); |
@@ -130,7 +131,7 @@ struct Channel { | |||
130 | char *ctype; /* type */ | 131 | char *ctype; /* type */ |
131 | 132 | ||
132 | /* callback */ | 133 | /* callback */ |
133 | channel_callback_fn *open_confirm; | 134 | channel_open_fn *open_confirm; |
134 | void *open_confirm_ctx; | 135 | void *open_confirm_ctx; |
135 | channel_callback_fn *detach_user; | 136 | channel_callback_fn *detach_user; |
136 | int detach_close; | 137 | int detach_close; |
@@ -151,6 +152,7 @@ struct Channel { | |||
151 | /* multiplexing protocol hook, called for each packet received */ | 152 | /* multiplexing protocol hook, called for each packet received */ |
152 | mux_callback_fn *mux_rcb; | 153 | mux_callback_fn *mux_rcb; |
153 | void *mux_ctx; | 154 | void *mux_ctx; |
155 | int mux_pause; | ||
154 | }; | 156 | }; |
155 | 157 | ||
156 | #define CHAN_EXTENDED_IGNORE 0 | 158 | #define CHAN_EXTENDED_IGNORE 0 |
@@ -208,7 +210,7 @@ void channel_stop_listening(void); | |||
208 | void channel_send_open(int); | 210 | void channel_send_open(int); |
209 | void channel_request_start(int, char *, int); | 211 | void channel_request_start(int, char *, int); |
210 | void channel_register_cleanup(int, channel_callback_fn *, int); | 212 | void channel_register_cleanup(int, channel_callback_fn *, int); |
211 | void channel_register_open_confirm(int, channel_callback_fn *, void *); | 213 | void channel_register_open_confirm(int, channel_open_fn *, void *); |
212 | void channel_register_filter(int, channel_infilter_fn *, | 214 | void channel_register_filter(int, channel_infilter_fn *, |
213 | channel_outfilter_fn *, channel_filter_cleanup_fn *, void *); | 215 | channel_outfilter_fn *, channel_filter_cleanup_fn *, void *); |
214 | void channel_register_status_confirm(int, channel_confirm_cb *, | 216 | void channel_register_status_confirm(int, channel_confirm_cb *, |
diff --git a/clientloop.c b/clientloop.c index 05e7de067..337f47c09 100644 --- a/clientloop.c +++ b/clientloop.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: clientloop.c,v 1.219 2010/03/13 21:10:38 djm Exp $ */ | 1 | /* $OpenBSD: clientloop.c,v 1.222 2010/07/19 09:15:12 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -149,6 +149,9 @@ static volatile sig_atomic_t received_signal = 0; | |||
149 | /* Flag indicating whether the user's terminal is in non-blocking mode. */ | 149 | /* Flag indicating whether the user's terminal is in non-blocking mode. */ |
150 | static int in_non_blocking_mode = 0; | 150 | static int in_non_blocking_mode = 0; |
151 | 151 | ||
152 | /* Time when backgrounded control master using ControlPersist should exit */ | ||
153 | static time_t control_persist_exit_time = 0; | ||
154 | |||
152 | /* Common data for the client loop code. */ | 155 | /* Common data for the client loop code. */ |
153 | volatile sig_atomic_t quit_pending; /* Set non-zero to quit the loop. */ | 156 | volatile sig_atomic_t quit_pending; /* Set non-zero to quit the loop. */ |
154 | static int escape_char1; /* Escape character. (proto1 only) */ | 157 | static int escape_char1; /* Escape character. (proto1 only) */ |
@@ -159,11 +162,12 @@ static int stdin_eof; /* EOF has been encountered on stderr. */ | |||
159 | static Buffer stdin_buffer; /* Buffer for stdin data. */ | 162 | static Buffer stdin_buffer; /* Buffer for stdin data. */ |
160 | static Buffer stdout_buffer; /* Buffer for stdout data. */ | 163 | static Buffer stdout_buffer; /* Buffer for stdout data. */ |
161 | static Buffer stderr_buffer; /* Buffer for stderr data. */ | 164 | static Buffer stderr_buffer; /* Buffer for stderr data. */ |
162 | static u_int buffer_high;/* Soft max buffer size. */ | 165 | static u_int buffer_high; /* Soft max buffer size. */ |
163 | static int connection_in; /* Connection to server (input). */ | 166 | static int connection_in; /* Connection to server (input). */ |
164 | static int connection_out; /* Connection to server (output). */ | 167 | static int connection_out; /* Connection to server (output). */ |
165 | static int need_rekeying; /* Set to non-zero if rekeying is requested. */ | 168 | static int need_rekeying; /* Set to non-zero if rekeying is requested. */ |
166 | static int session_closed = 0; /* In SSH2: login session closed. */ | 169 | static int session_closed; /* In SSH2: login session closed. */ |
170 | static int x11_refuse_time; /* If >0, refuse x11 opens after this time. */ | ||
167 | 171 | ||
168 | static void client_init_dispatch(void); | 172 | static void client_init_dispatch(void); |
169 | int session_ident = -1; | 173 | int session_ident = -1; |
@@ -255,10 +259,38 @@ get_current_time(void) | |||
255 | return (double) tv.tv_sec + (double) tv.tv_usec / 1000000.0; | 259 | return (double) tv.tv_sec + (double) tv.tv_usec / 1000000.0; |
256 | } | 260 | } |
257 | 261 | ||
262 | /* | ||
263 | * Sets control_persist_exit_time to the absolute time when the | ||
264 | * backgrounded control master should exit due to expiry of the | ||
265 | * ControlPersist timeout. Sets it to 0 if we are not a backgrounded | ||
266 | * control master process, or if there is no ControlPersist timeout. | ||
267 | */ | ||
268 | static void | ||
269 | set_control_persist_exit_time(void) | ||
270 | { | ||
271 | if (muxserver_sock == -1 || !options.control_persist | ||
272 | || options.control_persist_timeout == 0) | ||
273 | /* not using a ControlPersist timeout */ | ||
274 | control_persist_exit_time = 0; | ||
275 | else if (channel_still_open()) { | ||
276 | /* some client connections are still open */ | ||
277 | if (control_persist_exit_time > 0) | ||
278 | debug2("%s: cancel scheduled exit", __func__); | ||
279 | control_persist_exit_time = 0; | ||
280 | } else if (control_persist_exit_time <= 0) { | ||
281 | /* a client connection has recently closed */ | ||
282 | control_persist_exit_time = time(NULL) + | ||
283 | (time_t)options.control_persist_timeout; | ||
284 | debug2("%s: schedule exit in %d seconds", __func__, | ||
285 | options.control_persist_timeout); | ||
286 | } | ||
287 | /* else we are already counting down to the timeout */ | ||
288 | } | ||
289 | |||
258 | #define SSH_X11_PROTO "MIT-MAGIC-COOKIE-1" | 290 | #define SSH_X11_PROTO "MIT-MAGIC-COOKIE-1" |
259 | void | 291 | void |
260 | client_x11_get_proto(const char *display, const char *xauth_path, | 292 | client_x11_get_proto(const char *display, const char *xauth_path, |
261 | u_int trusted, char **_proto, char **_data) | 293 | u_int trusted, u_int timeout, char **_proto, char **_data) |
262 | { | 294 | { |
263 | char cmd[1024]; | 295 | char cmd[1024]; |
264 | char line[512]; | 296 | char line[512]; |
@@ -268,6 +300,7 @@ client_x11_get_proto(const char *display, const char *xauth_path, | |||
268 | int got_data = 0, generated = 0, do_unlink = 0, i; | 300 | int got_data = 0, generated = 0, do_unlink = 0, i; |
269 | char *xauthdir, *xauthfile; | 301 | char *xauthdir, *xauthfile; |
270 | struct stat st; | 302 | struct stat st; |
303 | u_int now; | ||
271 | 304 | ||
272 | xauthdir = xauthfile = NULL; | 305 | xauthdir = xauthfile = NULL; |
273 | *_proto = proto; | 306 | *_proto = proto; |
@@ -303,11 +336,18 @@ client_x11_get_proto(const char *display, const char *xauth_path, | |||
303 | xauthdir); | 336 | xauthdir); |
304 | snprintf(cmd, sizeof(cmd), | 337 | snprintf(cmd, sizeof(cmd), |
305 | "%s -f %s generate %s " SSH_X11_PROTO | 338 | "%s -f %s generate %s " SSH_X11_PROTO |
306 | " untrusted timeout 1200 2>" _PATH_DEVNULL, | 339 | " untrusted timeout %u 2>" _PATH_DEVNULL, |
307 | xauth_path, xauthfile, display); | 340 | xauth_path, xauthfile, display, timeout); |
308 | debug2("x11_get_proto: %s", cmd); | 341 | debug2("x11_get_proto: %s", cmd); |
309 | if (system(cmd) == 0) | 342 | if (system(cmd) == 0) |
310 | generated = 1; | 343 | generated = 1; |
344 | if (x11_refuse_time == 0) { | ||
345 | now = time(NULL) + 1; | ||
346 | if (UINT_MAX - timeout < now) | ||
347 | x11_refuse_time = UINT_MAX; | ||
348 | else | ||
349 | x11_refuse_time = now + timeout; | ||
350 | } | ||
311 | } | 351 | } |
312 | } | 352 | } |
313 | 353 | ||
@@ -533,6 +573,7 @@ client_wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp, | |||
533 | int *maxfdp, u_int *nallocp, int rekeying) | 573 | int *maxfdp, u_int *nallocp, int rekeying) |
534 | { | 574 | { |
535 | struct timeval tv, *tvp; | 575 | struct timeval tv, *tvp; |
576 | int timeout_secs; | ||
536 | int ret; | 577 | int ret; |
537 | 578 | ||
538 | /* Add any selections by the channel mechanism. */ | 579 | /* Add any selections by the channel mechanism. */ |
@@ -576,16 +617,27 @@ client_wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp, | |||
576 | /* | 617 | /* |
577 | * Wait for something to happen. This will suspend the process until | 618 | * Wait for something to happen. This will suspend the process until |
578 | * some selected descriptor can be read, written, or has some other | 619 | * some selected descriptor can be read, written, or has some other |
579 | * event pending. | 620 | * event pending, or a timeout expires. |
580 | */ | 621 | */ |
581 | 622 | ||
582 | if (options.server_alive_interval == 0) | 623 | timeout_secs = INT_MAX; /* we use INT_MAX to mean no timeout */ |
624 | if (options.server_alive_interval > 0) | ||
625 | timeout_secs = options.server_alive_interval; | ||
626 | set_control_persist_exit_time(); | ||
627 | if (control_persist_exit_time > 0) { | ||
628 | timeout_secs = MIN(timeout_secs, | ||
629 | control_persist_exit_time - time(NULL)); | ||
630 | if (timeout_secs < 0) | ||
631 | timeout_secs = 0; | ||
632 | } | ||
633 | if (timeout_secs == INT_MAX) | ||
583 | tvp = NULL; | 634 | tvp = NULL; |
584 | else { | 635 | else { |
585 | tv.tv_sec = options.server_alive_interval; | 636 | tv.tv_sec = timeout_secs; |
586 | tv.tv_usec = 0; | 637 | tv.tv_usec = 0; |
587 | tvp = &tv; | 638 | tvp = &tv; |
588 | } | 639 | } |
640 | |||
589 | ret = select((*maxfdp)+1, *readsetp, *writesetp, NULL, tvp); | 641 | ret = select((*maxfdp)+1, *readsetp, *writesetp, NULL, tvp); |
590 | if (ret < 0) { | 642 | if (ret < 0) { |
591 | char buf[100]; | 643 | char buf[100]; |
@@ -1487,6 +1539,18 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id) | |||
1487 | */ | 1539 | */ |
1488 | if (FD_ISSET(connection_out, writeset)) | 1540 | if (FD_ISSET(connection_out, writeset)) |
1489 | packet_write_poll(); | 1541 | packet_write_poll(); |
1542 | |||
1543 | /* | ||
1544 | * If we are a backgrounded control master, and the | ||
1545 | * timeout has expired without any active client | ||
1546 | * connections, then quit. | ||
1547 | */ | ||
1548 | if (control_persist_exit_time > 0) { | ||
1549 | if (time(NULL) >= control_persist_exit_time) { | ||
1550 | debug("ControlPersist timeout expired"); | ||
1551 | break; | ||
1552 | } | ||
1553 | } | ||
1490 | } | 1554 | } |
1491 | if (readset) | 1555 | if (readset) |
1492 | xfree(readset); | 1556 | xfree(readset); |
@@ -1706,6 +1770,11 @@ client_request_x11(const char *request_type, int rchan) | |||
1706 | "malicious server."); | 1770 | "malicious server."); |
1707 | return NULL; | 1771 | return NULL; |
1708 | } | 1772 | } |
1773 | if (x11_refuse_time != 0 && time(NULL) >= x11_refuse_time) { | ||
1774 | verbose("Rejected X11 connection after ForwardX11Timeout " | ||
1775 | "expired"); | ||
1776 | return NULL; | ||
1777 | } | ||
1709 | originator = packet_get_string(NULL); | 1778 | originator = packet_get_string(NULL); |
1710 | if (datafellows & SSH_BUG_X11FWD) { | 1779 | if (datafellows & SSH_BUG_X11FWD) { |
1711 | debug2("buggy server: x11 request w/o originator_port"); | 1780 | debug2("buggy server: x11 request w/o originator_port"); |
@@ -1932,7 +2001,7 @@ client_session2_setup(int id, int want_tty, int want_subsystem, | |||
1932 | memset(&ws, 0, sizeof(ws)); | 2001 | memset(&ws, 0, sizeof(ws)); |
1933 | 2002 | ||
1934 | channel_request_start(id, "pty-req", 1); | 2003 | channel_request_start(id, "pty-req", 1); |
1935 | client_expect_confirm(id, "PTY allocation", 0); | 2004 | client_expect_confirm(id, "PTY allocation", 1); |
1936 | packet_put_cstring(term != NULL ? term : ""); | 2005 | packet_put_cstring(term != NULL ? term : ""); |
1937 | packet_put_int((u_int)ws.ws_col); | 2006 | packet_put_int((u_int)ws.ws_col); |
1938 | packet_put_int((u_int)ws.ws_row); | 2007 | packet_put_int((u_int)ws.ws_row); |
diff --git a/clientloop.h b/clientloop.h index 0b8257b99..52115db6e 100644 --- a/clientloop.h +++ b/clientloop.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: clientloop.h,v 1.23 2010/01/26 01:28:35 djm Exp $ */ | 1 | /* $OpenBSD: clientloop.h,v 1.25 2010/06/25 23:15:36 djm Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
@@ -39,7 +39,7 @@ | |||
39 | 39 | ||
40 | /* Client side main loop for the interactive session. */ | 40 | /* Client side main loop for the interactive session. */ |
41 | int client_loop(int, int, int); | 41 | int client_loop(int, int, int); |
42 | void client_x11_get_proto(const char *, const char *, u_int, | 42 | void client_x11_get_proto(const char *, const char *, u_int, u_int, |
43 | char **, char **); | 43 | char **, char **); |
44 | void client_global_request_reply_fwd(int, u_int32_t, void *); | 44 | void client_global_request_reply_fwd(int, u_int32_t, void *); |
45 | void client_session2_setup(int, int, int, const char *, struct termios *, | 45 | void client_session2_setup(int, int, int, const char *, struct termios *, |
@@ -63,6 +63,7 @@ void client_register_global_confirm(global_confirm_cb *, void *); | |||
63 | #define SSHMUX_COMMAND_ALIVE_CHECK 2 /* Check master is alive */ | 63 | #define SSHMUX_COMMAND_ALIVE_CHECK 2 /* Check master is alive */ |
64 | #define SSHMUX_COMMAND_TERMINATE 3 /* Ask master to exit */ | 64 | #define SSHMUX_COMMAND_TERMINATE 3 /* Ask master to exit */ |
65 | #define SSHMUX_COMMAND_STDIO_FWD 4 /* Open stdio fwd (ssh -W) */ | 65 | #define SSHMUX_COMMAND_STDIO_FWD 4 /* Open stdio fwd (ssh -W) */ |
66 | #define SSHMUX_COMMAND_FORWARD 5 /* Forward only, no command */ | ||
66 | 67 | ||
67 | void muxserver_listen(void); | 68 | void muxserver_listen(void); |
68 | void muxclient(const char *); | 69 | void muxclient(const char *); |
diff --git a/config.h.in b/config.h.in index a609d72ba..8c2ddc7ed 100644 --- a/config.h.in +++ b/config.h.in | |||
@@ -900,6 +900,9 @@ | |||
900 | /* Define to 1 if you have the `strnvis' function. */ | 900 | /* Define to 1 if you have the `strnvis' function. */ |
901 | #undef HAVE_STRNVIS | 901 | #undef HAVE_STRNVIS |
902 | 902 | ||
903 | /* Define to 1 if you have the `strptime' function. */ | ||
904 | #undef HAVE_STRPTIME | ||
905 | |||
903 | /* Define to 1 if you have the `strsep' function. */ | 906 | /* Define to 1 if you have the `strsep' function. */ |
904 | #undef HAVE_STRSEP | 907 | #undef HAVE_STRSEP |
905 | 908 | ||
@@ -1,5 +1,5 @@ | |||
1 | #! /bin/sh | 1 | #! /bin/sh |
2 | # From configure.ac Revision: 1.449 . | 2 | # From configure.ac Revision: 1.451 . |
3 | # Guess values for system-dependent variables and create Makefiles. | 3 | # Guess values for system-dependent variables and create Makefiles. |
4 | # Generated by GNU Autoconf 2.61 for OpenSSH Portable. | 4 | # Generated by GNU Autoconf 2.61 for OpenSSH Portable. |
5 | # | 5 | # |
@@ -13078,6 +13078,7 @@ fi | |||
13078 | 13078 | ||
13079 | 13079 | ||
13080 | 13080 | ||
13081 | |||
13081 | for ac_func in \ | 13082 | for ac_func in \ |
13082 | arc4random \ | 13083 | arc4random \ |
13083 | arc4random_buf \ | 13084 | arc4random_buf \ |
@@ -13158,6 +13159,7 @@ for ac_func in \ | |||
13158 | strlcpy \ | 13159 | strlcpy \ |
13159 | strmode \ | 13160 | strmode \ |
13160 | strnvis \ | 13161 | strnvis \ |
13162 | strptime \ | ||
13161 | strtonum \ | 13163 | strtonum \ |
13162 | strtoll \ | 13164 | strtoll \ |
13163 | strtoul \ | 13165 | strtoul \ |
@@ -16492,6 +16494,12 @@ if test "${with_ssl_dir+set}" = set; then | |||
16492 | else | 16494 | else |
16493 | LDFLAGS="-L${withval}/lib ${LDFLAGS}" | 16495 | LDFLAGS="-L${withval}/lib ${LDFLAGS}" |
16494 | fi | 16496 | fi |
16497 | elif test -d "$withval/lib64"; then | ||
16498 | if test -n "${need_dash_r}"; then | ||
16499 | LDFLAGS="-L${withval}/lib64 -R${withval}/lib64 ${LDFLAGS}" | ||
16500 | else | ||
16501 | LDFLAGS="-L${withval}/lib64 ${LDFLAGS}" | ||
16502 | fi | ||
16495 | else | 16503 | else |
16496 | if test -n "${need_dash_r}"; then | 16504 | if test -n "${need_dash_r}"; then |
16497 | LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}" | 16505 | LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}" |
diff --git a/configure.ac b/configure.ac index b82d48356..510b803b4 100644 --- a/configure.ac +++ b/configure.ac | |||
@@ -1,4 +1,4 @@ | |||
1 | # $Id: configure.ac,v 1.449 2010/04/10 12:58:01 dtucker Exp $ | 1 | # $Id: configure.ac,v 1.451 2010/08/16 03:15:23 dtucker Exp $ |
2 | # | 2 | # |
3 | # Copyright (c) 1999-2004 Damien Miller | 3 | # Copyright (c) 1999-2004 Damien Miller |
4 | # | 4 | # |
@@ -15,7 +15,7 @@ | |||
15 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | 15 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
16 | 16 | ||
17 | AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) | 17 | AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) |
18 | AC_REVISION($Revision: 1.449 $) | 18 | AC_REVISION($Revision: 1.451 $) |
19 | AC_CONFIG_SRCDIR([ssh.c]) | 19 | AC_CONFIG_SRCDIR([ssh.c]) |
20 | 20 | ||
21 | AC_CONFIG_HEADER(config.h) | 21 | AC_CONFIG_HEADER(config.h) |
@@ -1451,6 +1451,7 @@ AC_CHECK_FUNCS( \ | |||
1451 | strlcpy \ | 1451 | strlcpy \ |
1452 | strmode \ | 1452 | strmode \ |
1453 | strnvis \ | 1453 | strnvis \ |
1454 | strptime \ | ||
1454 | strtonum \ | 1455 | strtonum \ |
1455 | strtoll \ | 1456 | strtoll \ |
1456 | strtoul \ | 1457 | strtoul \ |
@@ -1930,6 +1931,12 @@ AC_ARG_WITH(ssl-dir, | |||
1930 | else | 1931 | else |
1931 | LDFLAGS="-L${withval}/lib ${LDFLAGS}" | 1932 | LDFLAGS="-L${withval}/lib ${LDFLAGS}" |
1932 | fi | 1933 | fi |
1934 | elif test -d "$withval/lib64"; then | ||
1935 | if test -n "${need_dash_r}"; then | ||
1936 | LDFLAGS="-L${withval}/lib64 -R${withval}/lib64 ${LDFLAGS}" | ||
1937 | else | ||
1938 | LDFLAGS="-L${withval}/lib64 ${LDFLAGS}" | ||
1939 | fi | ||
1933 | else | 1940 | else |
1934 | if test -n "${need_dash_r}"; then | 1941 | if test -n "${need_dash_r}"; then |
1935 | LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}" | 1942 | LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}" |
diff --git a/contrib/aix/buildbff.sh b/contrib/aix/buildbff.sh index 6648e8e65..ca4bf0210 100755 --- a/contrib/aix/buildbff.sh +++ b/contrib/aix/buildbff.sh | |||
@@ -1,7 +1,7 @@ | |||
1 | #!/bin/sh | 1 | #!/bin/sh |
2 | # | 2 | # |
3 | # buildbff.sh: Create AIX SMIT-installable OpenSSH packages | 3 | # buildbff.sh: Create AIX SMIT-installable OpenSSH packages |
4 | # $Id: buildbff.sh,v 1.11 2009/03/06 23:22:10 dtucker Exp $ | 4 | # $Id: buildbff.sh,v 1.12 2010/04/18 03:35:00 dtucker Exp $ |
5 | # | 5 | # |
6 | # Author: Darren Tucker (dtucker at zip dot com dot au) | 6 | # Author: Darren Tucker (dtucker at zip dot com dot au) |
7 | # This file is placed in the public domain and comes with absolutely | 7 | # This file is placed in the public domain and comes with absolutely |
@@ -159,7 +159,7 @@ done | |||
159 | # AIX 5.3 and newer have /dev/random and don't create ssh_prng_cmds | 159 | # AIX 5.3 and newer have /dev/random and don't create ssh_prng_cmds |
160 | if [ -f $FAKE_ROOT/$sysconfdir/ssh_prng_cmds ] | 160 | if [ -f $FAKE_ROOT/$sysconfdir/ssh_prng_cmds ] |
161 | then | 161 | then |
162 | mv FAKE_ROOT/$sysconfdir/ssh_prng_cmds \ | 162 | mv $FAKE_ROOT/$sysconfdir/ssh_prng_cmds \ |
163 | $FAKE_ROOT/$sysconfdir/ssh_prng_cmds.default | 163 | $FAKE_ROOT/$sysconfdir/ssh_prng_cmds.default |
164 | fi | 164 | fi |
165 | 165 | ||
diff --git a/contrib/caldera/openssh.spec b/contrib/caldera/openssh.spec index 6bea9a40f..515fe334d 100644 --- a/contrib/caldera/openssh.spec +++ b/contrib/caldera/openssh.spec | |||
@@ -16,12 +16,11 @@ | |||
16 | 16 | ||
17 | #old cvs stuff. please update before use. may be deprecated. | 17 | #old cvs stuff. please update before use. may be deprecated. |
18 | %define use_stable 1 | 18 | %define use_stable 1 |
19 | %define version 5.6p1 | ||
19 | %if %{use_stable} | 20 | %if %{use_stable} |
20 | %define version 5.5p1 | ||
21 | %define cvs %{nil} | 21 | %define cvs %{nil} |
22 | %define release 1 | 22 | %define release 1 |
23 | %else | 23 | %else |
24 | %define version 5.5p1 | ||
25 | %define cvs cvs20050315 | 24 | %define cvs cvs20050315 |
26 | %define release 0r1 | 25 | %define release 0r1 |
27 | %endif | 26 | %endif |
@@ -360,4 +359,4 @@ fi | |||
360 | * Mon Jan 01 1998 ... | 359 | * Mon Jan 01 1998 ... |
361 | Template Version: 1.31 | 360 | Template Version: 1.31 |
362 | 361 | ||
363 | $Id: openssh.spec,v 1.70 2010/03/21 19:11:58 djm Exp $ | 362 | $Id: openssh.spec,v 1.71 2010/08/08 16:32:09 djm Exp $ |
diff --git a/contrib/cygwin/README b/contrib/cygwin/README index 3dd45014a..5f911e924 100644 --- a/contrib/cygwin/README +++ b/contrib/cygwin/README | |||
@@ -201,6 +201,7 @@ configure are used for the Cygwin binary distribution: | |||
201 | --mandir='${datadir}/man' \ | 201 | --mandir='${datadir}/man' \ |
202 | --infodir='${datadir}/info' | 202 | --infodir='${datadir}/info' |
203 | --with-tcp-wrappers | 203 | --with-tcp-wrappers |
204 | --with-libedit | ||
204 | 205 | ||
205 | If you want to create a Cygwin package, equivalent to the one | 206 | If you want to create a Cygwin package, equivalent to the one |
206 | in the Cygwin binary distribution, install like this: | 207 | in the Cygwin binary distribution, install like this: |
@@ -217,12 +218,15 @@ You must have installed the following packages to be able to build OpenSSH: | |||
217 | 218 | ||
218 | - zlib | 219 | - zlib |
219 | - openssl-devel | 220 | - openssl-devel |
220 | - minires-devel | ||
221 | 221 | ||
222 | If you want to build with --with-tcp-wrappers, you also need the package | 222 | If you want to build with --with-tcp-wrappers, you also need the package |
223 | 223 | ||
224 | - tcp_wrappers | 224 | - tcp_wrappers |
225 | 225 | ||
226 | If you want to build with --with-libedit, you also need the package | ||
227 | |||
228 | - libedit-devel | ||
229 | |||
226 | Please send requests, error reports etc. to cygwin@cygwin.com. | 230 | Please send requests, error reports etc. to cygwin@cygwin.com. |
227 | 231 | ||
228 | 232 | ||
diff --git a/contrib/redhat/openssh.spec b/contrib/redhat/openssh.spec index c13cfe60d..77e66252e 100644 --- a/contrib/redhat/openssh.spec +++ b/contrib/redhat/openssh.spec | |||
@@ -1,4 +1,4 @@ | |||
1 | %define ver 5.5p1 | 1 | %define ver 5.6p1 |
2 | %define rel 1 | 2 | %define rel 1 |
3 | 3 | ||
4 | # OpenSSH privilege separation requires a user & group ID | 4 | # OpenSSH privilege separation requires a user & group ID |
@@ -74,7 +74,7 @@ Release: %{rel} | |||
74 | %endif | 74 | %endif |
75 | URL: http://www.openssh.com/portable.html | 75 | URL: http://www.openssh.com/portable.html |
76 | Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz | 76 | Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz |
77 | %if ! %{skip_x11_askpass} | 77 | %if ! %{no_x11_askpass} |
78 | Source1: http://www.jmknoble.net/software/x11-ssh-askpass/x11-ssh-askpass-%{aversion}.tar.gz | 78 | Source1: http://www.jmknoble.net/software/x11-ssh-askpass/x11-ssh-askpass-%{aversion}.tar.gz |
79 | %endif | 79 | %endif |
80 | License: BSD | 80 | License: BSD |
@@ -407,6 +407,9 @@ fi | |||
407 | %endif | 407 | %endif |
408 | 408 | ||
409 | %changelog | 409 | %changelog |
410 | * Wed Jul 14 2010 Tim Rice <tim@multitalents.net> | ||
411 | - test for skip_x11_askpass (line 77) should have been for no_x11_askpass | ||
412 | |||
410 | * Mon Jun 2 2003 Damien Miller <djm@mindrot.org> | 413 | * Mon Jun 2 2003 Damien Miller <djm@mindrot.org> |
411 | - Remove noip6 option. This may be controlled at run-time in client config | 414 | - Remove noip6 option. This may be controlled at run-time in client config |
412 | file using new AddressFamily directive | 415 | file using new AddressFamily directive |
diff --git a/contrib/ssh-copy-id b/contrib/ssh-copy-id index 2f757de4b..368645cb4 100644 --- a/contrib/ssh-copy-id +++ b/contrib/ssh-copy-id | |||
@@ -38,13 +38,17 @@ if [ "$#" -lt 1 ] || [ "$1" = "-h" ] || [ "$1" = "--help" ]; then | |||
38 | exit 1 | 38 | exit 1 |
39 | fi | 39 | fi |
40 | 40 | ||
41 | { eval "$GET_ID" ; } | ssh ${1%:} "umask 077; test -d .ssh || mkdir .ssh ; cat >> .ssh/authorized_keys" || exit 1 | 41 | # strip any trailing colon |
42 | host=`echo $1 | sed 's/:$//'` | ||
43 | |||
44 | { eval "$GET_ID" ; } | ssh $host "umask 077; test -d ~/.ssh || mkdir ~/.ssh ; cat >> ~/.ssh/authorized_keys" || exit 1 | ||
42 | 45 | ||
43 | cat <<EOF | 46 | cat <<EOF |
44 | Now try logging into the machine, with "ssh '${1%:}'", and check in: | 47 | Now try logging into the machine, with "ssh '$host'", and check in: |
45 | 48 | ||
46 | .ssh/authorized_keys | 49 | ~/.ssh/authorized_keys |
47 | 50 | ||
48 | to make sure we haven't added extra keys that you weren't expecting. | 51 | to make sure we haven't added extra keys that you weren't expecting. |
49 | 52 | ||
50 | EOF | 53 | EOF |
54 | |||
diff --git a/contrib/ssh-copy-id.1 b/contrib/ssh-copy-id.1 index f25ed01f2..cb15ab24d 100644 --- a/contrib/ssh-copy-id.1 +++ b/contrib/ssh-copy-id.1 | |||
@@ -25,19 +25,10 @@ ssh-copy-id \- install your public key in a remote machine's authorized_keys | |||
25 | .br | 25 | .br |
26 | .SH DESCRIPTION | 26 | .SH DESCRIPTION |
27 | .BR ssh-copy-id | 27 | .BR ssh-copy-id |
28 | is a script that uses ssh to log into a remote machine (presumably | 28 | is a script that uses ssh to log into a remote machine and |
29 | using a login password, so password authentication should be enabled, | 29 | append the indicated identity file to that machine's |
30 | unless you've done some clever use of multiple identities) | ||
31 | .PP | ||
32 | It also changes the permissions of the remote user's home, | ||
33 | .BR ~/.ssh , | ||
34 | and | ||
35 | .B ~/.ssh/authorized_keys | 30 | .B ~/.ssh/authorized_keys |
36 | to remove group writability (which would otherwise prevent you from logging in, if the remote | 31 | file. |
37 | .B sshd | ||
38 | has | ||
39 | .B StrictModes | ||
40 | set in its configuration). | ||
41 | .PP | 32 | .PP |
42 | If the | 33 | If the |
43 | .B -i | 34 | .B -i |
@@ -59,7 +50,24 @@ produced no output, then it uses the contents of the identity | |||
59 | file. Once it has one or more fingerprints (by whatever means) it | 50 | file. Once it has one or more fingerprints (by whatever means) it |
60 | uses ssh to append them to | 51 | uses ssh to append them to |
61 | .B ~/.ssh/authorized_keys | 52 | .B ~/.ssh/authorized_keys |
62 | on the remote machine (creating the file, and directory, if necessary) | 53 | on the remote machine (creating the file, and directory, if necessary.) |
54 | |||
55 | .SH NOTES | ||
56 | This program does not modify the permissions of any | ||
57 | pre-existing files or directories. Therefore, if the remote | ||
58 | .B sshd | ||
59 | has | ||
60 | .B StrictModes | ||
61 | set in its | ||
62 | configuration, then the user's home, | ||
63 | .B ~/.ssh | ||
64 | folder, and | ||
65 | .B ~/.ssh/authorized_keys | ||
66 | file may need to have group writability disabled manually, e.g. via | ||
67 | |||
68 | .B " chmod go-w ~ ~/.ssh ~/.ssh/authorized_keys" | ||
69 | |||
70 | on the remote machine. | ||
63 | 71 | ||
64 | .SH "SEE ALSO" | 72 | .SH "SEE ALSO" |
65 | .BR ssh (1), | 73 | .BR ssh (1), |
diff --git a/contrib/suse/openssh.spec b/contrib/suse/openssh.spec index 52ed915dc..f099746f2 100644 --- a/contrib/suse/openssh.spec +++ b/contrib/suse/openssh.spec | |||
@@ -13,7 +13,7 @@ | |||
13 | 13 | ||
14 | Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation | 14 | Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation |
15 | Name: openssh | 15 | Name: openssh |
16 | Version: 5.5p1 | 16 | Version: 5.6p1 |
17 | URL: http://www.openssh.com/ | 17 | URL: http://www.openssh.com/ |
18 | Release: 1 | 18 | Release: 1 |
19 | Source0: openssh-%{version}.tar.gz | 19 | Source0: openssh-%{version}.tar.gz |
diff --git a/debian/changelog b/debian/changelog index 47aee318f..4a72d01e4 100644 --- a/debian/changelog +++ b/debian/changelog | |||
@@ -1,3 +1,19 @@ | |||
1 | openssh (1:5.6p1-1) UNRELEASED; urgency=low | ||
2 | |||
3 | * New upstream release (http://www.openssh.com/txt/release-5.6): | ||
4 | - Added a ControlPersist option to ssh_config(5) that automatically | ||
5 | starts a background ssh(1) multiplex master when connecting. This | ||
6 | connection can stay alive indefinitely, or can be set to automatically | ||
7 | close after a user-specified duration of inactivity (closes: #335697, | ||
8 | #350898, #454787, #500573, #550262). | ||
9 | - Support AuthorizedKeysFile, AuthorizedPrincipalsFile, | ||
10 | HostbasedUsesNameFromPacketOnly, and PermitTunnel in sshd_config(5) | ||
11 | Match blocks (closes: #549858). | ||
12 | - sftp(1): fix ls in working directories that contain globbing | ||
13 | characters in their pathnames (LP: #530714). | ||
14 | |||
15 | -- Colin Watson <cjwatson@debian.org> Mon, 23 Aug 2010 23:22:10 +0100 | ||
16 | |||
1 | openssh (1:5.5p1-5) unstable; urgency=low | 17 | openssh (1:5.5p1-5) unstable; urgency=low |
2 | 18 | ||
3 | * Use an architecture wildcard for libselinux1-dev (closes: #591740). | 19 | * Use an architecture wildcard for libselinux1-dev (closes: #591740). |
diff --git a/debian/patches/debian-banner.patch b/debian/patches/debian-banner.patch index e608bd20d..b0761420e 100644 --- a/debian/patches/debian-banner.patch +++ b/debian/patches/debian-banner.patch | |||
@@ -10,15 +10,15 @@ Index: b/servconf.c | |||
10 | =================================================================== | 10 | =================================================================== |
11 | --- a/servconf.c | 11 | --- a/servconf.c |
12 | +++ b/servconf.c | 12 | +++ b/servconf.c |
13 | @@ -135,6 +135,7 @@ | 13 | @@ -136,6 +136,7 @@ |
14 | options->zero_knowledge_password_authentication = -1; | ||
15 | options->revoked_keys_file = NULL; | 14 | options->revoked_keys_file = NULL; |
16 | options->trusted_user_ca_keys = NULL; | 15 | options->trusted_user_ca_keys = NULL; |
16 | options->authorized_principals_file = NULL; | ||
17 | + options->debian_banner = -1; | 17 | + options->debian_banner = -1; |
18 | } | 18 | } |
19 | 19 | ||
20 | void | 20 | void |
21 | @@ -277,6 +278,8 @@ | 21 | @@ -278,6 +279,8 @@ |
22 | options->permit_tun = SSH_TUNMODE_NO; | 22 | options->permit_tun = SSH_TUNMODE_NO; |
23 | if (options->zero_knowledge_password_authentication == -1) | 23 | if (options->zero_knowledge_password_authentication == -1) |
24 | options->zero_knowledge_password_authentication = 0; | 24 | options->zero_knowledge_password_authentication = 0; |
@@ -27,23 +27,23 @@ Index: b/servconf.c | |||
27 | 27 | ||
28 | /* Turn privilege separation on by default */ | 28 | /* Turn privilege separation on by default */ |
29 | if (use_privsep == -1) | 29 | if (use_privsep == -1) |
30 | @@ -325,6 +328,7 @@ | 30 | @@ -326,6 +329,7 @@ |
31 | sUsePrivilegeSeparation, sAllowAgentForwarding, | 31 | sUsePrivilegeSeparation, sAllowAgentForwarding, |
32 | sZeroKnowledgePasswordAuthentication, sHostCertificate, | 32 | sZeroKnowledgePasswordAuthentication, sHostCertificate, |
33 | sRevokedKeys, sTrustedUserCAKeys, | 33 | sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, |
34 | + sDebianBanner, | 34 | + sDebianBanner, |
35 | sDeprecated, sUnsupported | 35 | sDeprecated, sUnsupported |
36 | } ServerOpCodes; | 36 | } ServerOpCodes; |
37 | 37 | ||
38 | @@ -457,6 +461,7 @@ | 38 | @@ -459,6 +463,7 @@ |
39 | { "hostcertificate", sHostCertificate, SSHCFG_GLOBAL }, | ||
40 | { "revokedkeys", sRevokedKeys, SSHCFG_ALL }, | 39 | { "revokedkeys", sRevokedKeys, SSHCFG_ALL }, |
41 | { "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL }, | 40 | { "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL }, |
41 | { "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL }, | ||
42 | + { "debianbanner", sDebianBanner, SSHCFG_GLOBAL }, | 42 | + { "debianbanner", sDebianBanner, SSHCFG_GLOBAL }, |
43 | { NULL, sBadOption, 0 } | 43 | { NULL, sBadOption, 0 } |
44 | }; | 44 | }; |
45 | 45 | ||
46 | @@ -1386,6 +1391,10 @@ | 46 | @@ -1392,6 +1397,10 @@ |
47 | charptr = &options->revoked_keys_file; | 47 | charptr = &options->revoked_keys_file; |
48 | goto parse_filename; | 48 | goto parse_filename; |
49 | 49 | ||
@@ -85,7 +85,7 @@ Index: b/sshd_config.5 | |||
85 | =================================================================== | 85 | =================================================================== |
86 | --- a/sshd_config.5 | 86 | --- a/sshd_config.5 |
87 | +++ b/sshd_config.5 | 87 | +++ b/sshd_config.5 |
88 | @@ -295,6 +295,11 @@ | 88 | @@ -340,6 +340,11 @@ |
89 | .Dq no . | 89 | .Dq no . |
90 | The default is | 90 | The default is |
91 | .Dq delayed . | 91 | .Dq delayed . |
diff --git a/debian/patches/debian-config.patch b/debian/patches/debian-config.patch index ac77919e6..2fe365639 100644 --- a/debian/patches/debian-config.patch +++ b/debian/patches/debian-config.patch | |||
@@ -24,15 +24,15 @@ Index: b/readconf.c | |||
24 | =================================================================== | 24 | =================================================================== |
25 | --- a/readconf.c | 25 | --- a/readconf.c |
26 | +++ b/readconf.c | 26 | +++ b/readconf.c |
27 | @@ -1132,7 +1132,7 @@ | 27 | @@ -1179,7 +1179,7 @@ |
28 | if (options->forward_x11 == -1) | 28 | if (options->forward_x11 == -1) |
29 | options->forward_x11 = 0; | 29 | options->forward_x11 = 0; |
30 | if (options->forward_x11_trusted == -1) | 30 | if (options->forward_x11_trusted == -1) |
31 | - options->forward_x11_trusted = 0; | 31 | - options->forward_x11_trusted = 0; |
32 | + options->forward_x11_trusted = 1; | 32 | + options->forward_x11_trusted = 1; |
33 | if (options->forward_x11_timeout == -1) | ||
34 | options->forward_x11_timeout = 1200; | ||
33 | if (options->exit_on_forward_failure == -1) | 35 | if (options->exit_on_forward_failure == -1) |
34 | options->exit_on_forward_failure = 0; | ||
35 | if (options->xauth_location == NULL) | ||
36 | Index: b/ssh_config | 36 | Index: b/ssh_config |
37 | =================================================================== | 37 | =================================================================== |
38 | --- a/ssh_config | 38 | --- a/ssh_config |
@@ -84,7 +84,7 @@ Index: b/ssh_config.5 | |||
84 | The configuration file has the following format: | 84 | The configuration file has the following format: |
85 | .Pp | 85 | .Pp |
86 | Empty lines and lines starting with | 86 | Empty lines and lines starting with |
87 | @@ -452,7 +468,8 @@ | 87 | @@ -483,7 +499,8 @@ |
88 | Remote clients will be refused access after this time. | 88 | Remote clients will be refused access after this time. |
89 | .Pp | 89 | .Pp |
90 | The default is | 90 | The default is |
diff --git a/debian/patches/doc-hash-tab-completion.patch b/debian/patches/doc-hash-tab-completion.patch index 4c555799f..fb522013c 100644 --- a/debian/patches/doc-hash-tab-completion.patch +++ b/debian/patches/doc-hash-tab-completion.patch | |||
@@ -8,7 +8,7 @@ Index: b/ssh_config.5 | |||
8 | =================================================================== | 8 | =================================================================== |
9 | --- a/ssh_config.5 | 9 | --- a/ssh_config.5 |
10 | +++ b/ssh_config.5 | 10 | +++ b/ssh_config.5 |
11 | @@ -531,6 +531,9 @@ | 11 | @@ -562,6 +562,9 @@ |
12 | will not be converted automatically, | 12 | will not be converted automatically, |
13 | but may be manually hashed using | 13 | but may be manually hashed using |
14 | .Xr ssh-keygen 1 . | 14 | .Xr ssh-keygen 1 . |
diff --git a/debian/patches/gssapi-autoconf.patch b/debian/patches/gssapi-autoconf.patch index 3ea221834..d88382dcb 100644 --- a/debian/patches/gssapi-autoconf.patch +++ b/debian/patches/gssapi-autoconf.patch | |||
@@ -7,7 +7,7 @@ Index: b/config.h.in | |||
7 | =================================================================== | 7 | =================================================================== |
8 | --- a/config.h.in | 8 | --- a/config.h.in |
9 | +++ b/config.h.in | 9 | +++ b/config.h.in |
10 | @@ -1384,6 +1384,9 @@ | 10 | @@ -1387,6 +1387,9 @@ |
11 | /* Use btmp to log bad logins */ | 11 | /* Use btmp to log bad logins */ |
12 | #undef USE_BTMP | 12 | #undef USE_BTMP |
13 | 13 | ||
@@ -17,7 +17,7 @@ Index: b/config.h.in | |||
17 | /* Use libedit for sftp */ | 17 | /* Use libedit for sftp */ |
18 | #undef USE_LIBEDIT | 18 | #undef USE_LIBEDIT |
19 | 19 | ||
20 | @@ -1396,6 +1399,9 @@ | 20 | @@ -1399,6 +1402,9 @@ |
21 | /* Use PIPES instead of a socketpair() */ | 21 | /* Use PIPES instead of a socketpair() */ |
22 | #undef USE_PIPES | 22 | #undef USE_PIPES |
23 | 23 | ||
diff --git a/debian/patches/gssapi-compat.patch b/debian/patches/gssapi-compat.patch index 369a23360..b93134933 100644 --- a/debian/patches/gssapi-compat.patch +++ b/debian/patches/gssapi-compat.patch | |||
@@ -10,7 +10,7 @@ Index: b/servconf.c | |||
10 | =================================================================== | 10 | =================================================================== |
11 | --- a/servconf.c | 11 | --- a/servconf.c |
12 | +++ b/servconf.c | 12 | +++ b/servconf.c |
13 | @@ -380,16 +380,20 @@ | 13 | @@ -381,16 +381,20 @@ |
14 | #ifdef GSSAPI | 14 | #ifdef GSSAPI |
15 | { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL }, | 15 | { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL }, |
16 | { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL }, | 16 | { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL }, |
diff --git a/debian/patches/gssapi-dump.patch b/debian/patches/gssapi-dump.patch index 6e09df484..0969c59b4 100644 --- a/debian/patches/gssapi-dump.patch +++ b/debian/patches/gssapi-dump.patch | |||
@@ -11,7 +11,7 @@ Index: b/servconf.c | |||
11 | =================================================================== | 11 | =================================================================== |
12 | --- a/servconf.c | 12 | --- a/servconf.c |
13 | +++ b/servconf.c | 13 | +++ b/servconf.c |
14 | @@ -1677,7 +1677,10 @@ | 14 | @@ -1688,7 +1688,10 @@ |
15 | #endif | 15 | #endif |
16 | #ifdef GSSAPI | 16 | #ifdef GSSAPI |
17 | dump_cfg_fmtint(sGssAuthentication, o->gss_authentication); | 17 | dump_cfg_fmtint(sGssAuthentication, o->gss_authentication); |
diff --git a/debian/patches/gssapi.patch b/debian/patches/gssapi.patch index e39239fbd..778c23023 100644 --- a/debian/patches/gssapi.patch +++ b/debian/patches/gssapi.patch | |||
@@ -364,7 +364,7 @@ Index: b/clientloop.c | |||
364 | /* import options */ | 364 | /* import options */ |
365 | extern Options options; | 365 | extern Options options; |
366 | 366 | ||
367 | @@ -1431,6 +1435,15 @@ | 367 | @@ -1483,6 +1487,15 @@ |
368 | /* Do channel operations unless rekeying in progress. */ | 368 | /* Do channel operations unless rekeying in progress. */ |
369 | if (!rekeying) { | 369 | if (!rekeying) { |
370 | channel_after_select(readset, writeset); | 370 | channel_after_select(readset, writeset); |
@@ -1918,9 +1918,9 @@ Index: b/key.c | |||
1918 | =================================================================== | 1918 | =================================================================== |
1919 | --- a/key.c | 1919 | --- a/key.c |
1920 | +++ b/key.c | 1920 | +++ b/key.c |
1921 | @@ -982,6 +982,8 @@ | 1921 | @@ -1020,6 +1020,8 @@ |
1922 | return KEY_RSA_CERT; | 1922 | return KEY_RSA_CERT; |
1923 | } else if (strcmp(name, "ssh-dss-cert-v00@openssh.com") == 0) { | 1923 | } else if (strcmp(name, "ssh-dss-cert-v01@openssh.com") == 0) { |
1924 | return KEY_DSA_CERT; | 1924 | return KEY_DSA_CERT; |
1925 | + } else if (strcmp(name, "null") == 0) { | 1925 | + } else if (strcmp(name, "null") == 0) { |
1926 | + return KEY_NULL; | 1926 | + return KEY_NULL; |
@@ -1931,10 +1931,10 @@ Index: b/key.h | |||
1931 | =================================================================== | 1931 | =================================================================== |
1932 | --- a/key.h | 1932 | --- a/key.h |
1933 | +++ b/key.h | 1933 | +++ b/key.h |
1934 | @@ -37,6 +37,7 @@ | 1934 | @@ -39,6 +39,7 @@ |
1935 | KEY_DSA, | ||
1936 | KEY_RSA_CERT, | ||
1937 | KEY_DSA_CERT, | 1935 | KEY_DSA_CERT, |
1936 | KEY_RSA_CERT_V00, | ||
1937 | KEY_DSA_CERT_V00, | ||
1938 | + KEY_NULL, | 1938 | + KEY_NULL, |
1939 | KEY_UNSPEC | 1939 | KEY_UNSPEC |
1940 | }; | 1940 | }; |
@@ -2239,9 +2239,9 @@ Index: b/readconf.c | |||
2239 | oAddressFamily, oGssAuthentication, oGssDelegateCreds, | 2239 | oAddressFamily, oGssAuthentication, oGssDelegateCreds, |
2240 | + oGssTrustDns, oGssKeyEx, oGssClientIdentity, oGssRenewalRekey, | 2240 | + oGssTrustDns, oGssKeyEx, oGssClientIdentity, oGssRenewalRekey, |
2241 | oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, | 2241 | oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, |
2242 | oSendEnv, oControlPath, oControlMaster, oHashKnownHosts, | 2242 | oSendEnv, oControlPath, oControlMaster, oControlPersist, |
2243 | oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand, | 2243 | oHashKnownHosts, |
2244 | @@ -164,10 +165,18 @@ | 2244 | @@ -166,10 +167,18 @@ |
2245 | { "afstokenpassing", oUnsupported }, | 2245 | { "afstokenpassing", oUnsupported }, |
2246 | #if defined(GSSAPI) | 2246 | #if defined(GSSAPI) |
2247 | { "gssapiauthentication", oGssAuthentication }, | 2247 | { "gssapiauthentication", oGssAuthentication }, |
@@ -2260,7 +2260,7 @@ Index: b/readconf.c | |||
2260 | #endif | 2260 | #endif |
2261 | { "fallbacktorsh", oDeprecated }, | 2261 | { "fallbacktorsh", oDeprecated }, |
2262 | { "usersh", oDeprecated }, | 2262 | { "usersh", oDeprecated }, |
2263 | @@ -456,10 +465,26 @@ | 2263 | @@ -474,10 +483,26 @@ |
2264 | intptr = &options->gss_authentication; | 2264 | intptr = &options->gss_authentication; |
2265 | goto parse_flag; | 2265 | goto parse_flag; |
2266 | 2266 | ||
@@ -2287,7 +2287,7 @@ Index: b/readconf.c | |||
2287 | case oBatchMode: | 2287 | case oBatchMode: |
2288 | intptr = &options->batch_mode; | 2288 | intptr = &options->batch_mode; |
2289 | goto parse_flag; | 2289 | goto parse_flag; |
2290 | @@ -1015,7 +1040,11 @@ | 2290 | @@ -1058,7 +1083,11 @@ |
2291 | options->pubkey_authentication = -1; | 2291 | options->pubkey_authentication = -1; |
2292 | options->challenge_response_authentication = -1; | 2292 | options->challenge_response_authentication = -1; |
2293 | options->gss_authentication = -1; | 2293 | options->gss_authentication = -1; |
@@ -2299,7 +2299,7 @@ Index: b/readconf.c | |||
2299 | options->password_authentication = -1; | 2299 | options->password_authentication = -1; |
2300 | options->kbd_interactive_authentication = -1; | 2300 | options->kbd_interactive_authentication = -1; |
2301 | options->kbd_interactive_devices = NULL; | 2301 | options->kbd_interactive_devices = NULL; |
2302 | @@ -1107,8 +1136,14 @@ | 2302 | @@ -1156,8 +1185,14 @@ |
2303 | options->challenge_response_authentication = 1; | 2303 | options->challenge_response_authentication = 1; |
2304 | if (options->gss_authentication == -1) | 2304 | if (options->gss_authentication == -1) |
2305 | options->gss_authentication = 0; | 2305 | options->gss_authentication = 0; |
@@ -2318,7 +2318,7 @@ Index: b/readconf.h | |||
2318 | =================================================================== | 2318 | =================================================================== |
2319 | --- a/readconf.h | 2319 | --- a/readconf.h |
2320 | +++ b/readconf.h | 2320 | +++ b/readconf.h |
2321 | @@ -44,7 +44,11 @@ | 2321 | @@ -46,7 +46,11 @@ |
2322 | int challenge_response_authentication; | 2322 | int challenge_response_authentication; |
2323 | /* Try S/Key or TIS, authentication. */ | 2323 | /* Try S/Key or TIS, authentication. */ |
2324 | int gss_authentication; /* Try GSS authentication */ | 2324 | int gss_authentication; /* Try GSS authentication */ |
@@ -2345,7 +2345,7 @@ Index: b/servconf.c | |||
2345 | options->password_authentication = -1; | 2345 | options->password_authentication = -1; |
2346 | options->kbd_interactive_authentication = -1; | 2346 | options->kbd_interactive_authentication = -1; |
2347 | options->challenge_response_authentication = -1; | 2347 | options->challenge_response_authentication = -1; |
2348 | @@ -214,8 +217,14 @@ | 2348 | @@ -215,8 +218,14 @@ |
2349 | options->kerberos_get_afs_token = 0; | 2349 | options->kerberos_get_afs_token = 0; |
2350 | if (options->gss_authentication == -1) | 2350 | if (options->gss_authentication == -1) |
2351 | options->gss_authentication = 0; | 2351 | options->gss_authentication = 0; |
@@ -2360,7 +2360,7 @@ Index: b/servconf.c | |||
2360 | if (options->password_authentication == -1) | 2360 | if (options->password_authentication == -1) |
2361 | options->password_authentication = 1; | 2361 | options->password_authentication = 1; |
2362 | if (options->kbd_interactive_authentication == -1) | 2362 | if (options->kbd_interactive_authentication == -1) |
2363 | @@ -306,7 +315,9 @@ | 2363 | @@ -307,7 +316,9 @@ |
2364 | sBanner, sUseDNS, sHostbasedAuthentication, | 2364 | sBanner, sUseDNS, sHostbasedAuthentication, |
2365 | sHostbasedUsesNameFromPacketOnly, sClientAliveInterval, | 2365 | sHostbasedUsesNameFromPacketOnly, sClientAliveInterval, |
2366 | sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2, | 2366 | sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2, |
@@ -2371,7 +2371,7 @@ Index: b/servconf.c | |||
2371 | sMatch, sPermitOpen, sForceCommand, sChrootDirectory, | 2371 | sMatch, sPermitOpen, sForceCommand, sChrootDirectory, |
2372 | sUsePrivilegeSeparation, sAllowAgentForwarding, | 2372 | sUsePrivilegeSeparation, sAllowAgentForwarding, |
2373 | sZeroKnowledgePasswordAuthentication, sHostCertificate, | 2373 | sZeroKnowledgePasswordAuthentication, sHostCertificate, |
2374 | @@ -369,9 +380,15 @@ | 2374 | @@ -370,9 +381,15 @@ |
2375 | #ifdef GSSAPI | 2375 | #ifdef GSSAPI |
2376 | { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL }, | 2376 | { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL }, |
2377 | { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL }, | 2377 | { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL }, |
@@ -2387,7 +2387,7 @@ Index: b/servconf.c | |||
2387 | #endif | 2387 | #endif |
2388 | { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL }, | 2388 | { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL }, |
2389 | { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, | 2389 | { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, |
2390 | @@ -924,10 +941,22 @@ | 2390 | @@ -926,10 +943,22 @@ |
2391 | intptr = &options->gss_authentication; | 2391 | intptr = &options->gss_authentication; |
2392 | goto parse_flag; | 2392 | goto parse_flag; |
2393 | 2393 | ||
@@ -2543,7 +2543,7 @@ Index: b/ssh_config.5 | |||
2543 | =================================================================== | 2543 | =================================================================== |
2544 | --- a/ssh_config.5 | 2544 | --- a/ssh_config.5 |
2545 | +++ b/ssh_config.5 | 2545 | +++ b/ssh_config.5 |
2546 | @@ -478,11 +478,38 @@ | 2546 | @@ -509,11 +509,38 @@ |
2547 | The default is | 2547 | The default is |
2548 | .Dq no . | 2548 | .Dq no . |
2549 | Note that this option applies to protocol version 2 only. | 2549 | Note that this option applies to protocol version 2 only. |
@@ -2794,7 +2794,7 @@ Index: b/sshd.c | |||
2794 | #ifdef LIBWRAP | 2794 | #ifdef LIBWRAP |
2795 | #include <tcpd.h> | 2795 | #include <tcpd.h> |
2796 | #include <syslog.h> | 2796 | #include <syslog.h> |
2797 | @@ -1577,10 +1581,13 @@ | 2797 | @@ -1586,10 +1590,13 @@ |
2798 | logit("Disabling protocol version 1. Could not load host key"); | 2798 | logit("Disabling protocol version 1. Could not load host key"); |
2799 | options.protocol &= ~SSH_PROTO_1; | 2799 | options.protocol &= ~SSH_PROTO_1; |
2800 | } | 2800 | } |
@@ -2808,7 +2808,7 @@ Index: b/sshd.c | |||
2808 | if (!(options.protocol & (SSH_PROTO_1|SSH_PROTO_2))) { | 2808 | if (!(options.protocol & (SSH_PROTO_1|SSH_PROTO_2))) { |
2809 | logit("sshd: no hostkeys available -- exiting."); | 2809 | logit("sshd: no hostkeys available -- exiting."); |
2810 | exit(1); | 2810 | exit(1); |
2811 | @@ -1909,6 +1916,60 @@ | 2811 | @@ -1918,6 +1925,60 @@ |
2812 | /* Log the connection. */ | 2812 | /* Log the connection. */ |
2813 | verbose("Connection from %.500s port %d", remote_ip, remote_port); | 2813 | verbose("Connection from %.500s port %d", remote_ip, remote_port); |
2814 | 2814 | ||
@@ -2869,7 +2869,7 @@ Index: b/sshd.c | |||
2869 | /* | 2869 | /* |
2870 | * We don't want to listen forever unless the other side | 2870 | * We don't want to listen forever unless the other side |
2871 | * successfully authenticates itself. So we set up an alarm which is | 2871 | * successfully authenticates itself. So we set up an alarm which is |
2872 | @@ -2287,12 +2348,61 @@ | 2872 | @@ -2296,12 +2357,61 @@ |
2873 | 2873 | ||
2874 | myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = list_hostkey_types(); | 2874 | myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = list_hostkey_types(); |
2875 | 2875 | ||
@@ -2948,7 +2948,7 @@ Index: b/sshd_config.5 | |||
2948 | =================================================================== | 2948 | =================================================================== |
2949 | --- a/sshd_config.5 | 2949 | --- a/sshd_config.5 |
2950 | +++ b/sshd_config.5 | 2950 | +++ b/sshd_config.5 |
2951 | @@ -379,12 +379,40 @@ | 2951 | @@ -424,12 +424,40 @@ |
2952 | The default is | 2952 | The default is |
2953 | .Dq no . | 2953 | .Dq no . |
2954 | Note that this option applies to protocol version 2 only. | 2954 | Note that this option applies to protocol version 2 only. |
diff --git a/debian/patches/keepalive-extensions.patch b/debian/patches/keepalive-extensions.patch index 36335f475..9e1705719 100644 --- a/debian/patches/keepalive-extensions.patch +++ b/debian/patches/keepalive-extensions.patch | |||
@@ -18,15 +18,15 @@ Index: b/readconf.c | |||
18 | =================================================================== | 18 | =================================================================== |
19 | --- a/readconf.c | 19 | --- a/readconf.c |
20 | +++ b/readconf.c | 20 | +++ b/readconf.c |
21 | @@ -133,6 +133,7 @@ | 21 | @@ -134,6 +134,7 @@ |
22 | oSendEnv, oControlPath, oControlMaster, oHashKnownHosts, | 22 | oHashKnownHosts, |
23 | oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand, | 23 | oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand, |
24 | oVisualHostKey, oUseRoaming, oZeroKnowledgePasswordAuthentication, | 24 | oVisualHostKey, oUseRoaming, oZeroKnowledgePasswordAuthentication, |
25 | + oProtocolKeepAlives, oSetupTimeOut, | 25 | + oProtocolKeepAlives, oSetupTimeOut, |
26 | oDeprecated, oUnsupported | 26 | oDeprecated, oUnsupported |
27 | } OpCodes; | 27 | } OpCodes; |
28 | 28 | ||
29 | @@ -248,6 +249,8 @@ | 29 | @@ -251,6 +252,8 @@ |
30 | #else | 30 | #else |
31 | { "zeroknowledgepasswordauthentication", oUnsupported }, | 31 | { "zeroknowledgepasswordauthentication", oUnsupported }, |
32 | #endif | 32 | #endif |
@@ -35,7 +35,7 @@ Index: b/readconf.c | |||
35 | 35 | ||
36 | { NULL, oBadOption } | 36 | { NULL, oBadOption } |
37 | }; | 37 | }; |
38 | @@ -847,6 +850,8 @@ | 38 | @@ -865,6 +868,8 @@ |
39 | goto parse_flag; | 39 | goto parse_flag; |
40 | 40 | ||
41 | case oServerAliveInterval: | 41 | case oServerAliveInterval: |
@@ -44,7 +44,7 @@ Index: b/readconf.c | |||
44 | intptr = &options->server_alive_interval; | 44 | intptr = &options->server_alive_interval; |
45 | goto parse_time; | 45 | goto parse_time; |
46 | 46 | ||
47 | @@ -1235,8 +1240,13 @@ | 47 | @@ -1284,8 +1289,13 @@ |
48 | options->rekey_limit = 0; | 48 | options->rekey_limit = 0; |
49 | if (options->verify_host_key_dns == -1) | 49 | if (options->verify_host_key_dns == -1) |
50 | options->verify_host_key_dns = 0; | 50 | options->verify_host_key_dns = 0; |
@@ -78,7 +78,7 @@ Index: b/ssh_config.5 | |||
78 | The argument must be | 78 | The argument must be |
79 | .Dq yes | 79 | .Dq yes |
80 | or | 80 | or |
81 | @@ -963,8 +967,15 @@ | 81 | @@ -994,8 +998,15 @@ |
82 | will send a message through the encrypted | 82 | will send a message through the encrypted |
83 | channel to request a response from the server. | 83 | channel to request a response from the server. |
84 | The default | 84 | The default |
@@ -95,7 +95,7 @@ Index: b/ssh_config.5 | |||
95 | .It Cm StrictHostKeyChecking | 95 | .It Cm StrictHostKeyChecking |
96 | If this flag is set to | 96 | If this flag is set to |
97 | .Dq yes , | 97 | .Dq yes , |
98 | @@ -1003,6 +1014,12 @@ | 98 | @@ -1034,6 +1045,12 @@ |
99 | other side. | 99 | other side. |
100 | If they are sent, death of the connection or crash of one | 100 | If they are sent, death of the connection or crash of one |
101 | of the machines will be properly noticed. | 101 | of the machines will be properly noticed. |
@@ -112,7 +112,7 @@ Index: b/sshd_config.5 | |||
112 | =================================================================== | 112 | =================================================================== |
113 | --- a/sshd_config.5 | 113 | --- a/sshd_config.5 |
114 | +++ b/sshd_config.5 | 114 | +++ b/sshd_config.5 |
115 | @@ -936,6 +936,9 @@ | 115 | @@ -985,6 +985,9 @@ |
116 | .Pp | 116 | .Pp |
117 | To disable TCP keepalive messages, the value should be set to | 117 | To disable TCP keepalive messages, the value should be set to |
118 | .Dq no . | 118 | .Dq no . |
diff --git a/debian/patches/openbsd-docs.patch b/debian/patches/openbsd-docs.patch index dea370a1b..de63e46f8 100644 --- a/debian/patches/openbsd-docs.patch +++ b/debian/patches/openbsd-docs.patch | |||
@@ -34,7 +34,7 @@ Index: b/ssh-keygen.1 | |||
34 | =================================================================== | 34 | =================================================================== |
35 | --- a/ssh-keygen.1 | 35 | --- a/ssh-keygen.1 |
36 | +++ b/ssh-keygen.1 | 36 | +++ b/ssh-keygen.1 |
37 | @@ -145,9 +145,7 @@ | 37 | @@ -148,9 +148,7 @@ |
38 | .Pa ~/.ssh/id_dsa | 38 | .Pa ~/.ssh/id_dsa |
39 | or | 39 | or |
40 | .Pa ~/.ssh/id_rsa . | 40 | .Pa ~/.ssh/id_rsa . |
@@ -45,7 +45,7 @@ Index: b/ssh-keygen.1 | |||
45 | .Pp | 45 | .Pp |
46 | Normally this program generates the key and asks for a file in which | 46 | Normally this program generates the key and asks for a file in which |
47 | to store the private key. | 47 | to store the private key. |
48 | @@ -367,9 +365,7 @@ | 48 | @@ -394,9 +392,7 @@ |
49 | .It Fl q | 49 | .It Fl q |
50 | Silence | 50 | Silence |
51 | .Nm ssh-keygen . | 51 | .Nm ssh-keygen . |
@@ -60,7 +60,7 @@ Index: b/ssh.1 | |||
60 | =================================================================== | 60 | =================================================================== |
61 | --- a/ssh.1 | 61 | --- a/ssh.1 |
62 | +++ b/ssh.1 | 62 | +++ b/ssh.1 |
63 | @@ -762,6 +762,10 @@ | 63 | @@ -728,6 +728,10 @@ |
64 | .Sx HISTORY | 64 | .Sx HISTORY |
65 | section of | 65 | section of |
66 | .Xr ssl 8 | 66 | .Xr ssl 8 |
@@ -84,7 +84,7 @@ Index: b/sshd.8 | |||
84 | It forks a new | 84 | It forks a new |
85 | daemon for each incoming connection. | 85 | daemon for each incoming connection. |
86 | The forked daemons handle | 86 | The forked daemons handle |
87 | @@ -835,7 +835,7 @@ | 87 | @@ -845,7 +845,7 @@ |
88 | .Xr ssh 1 ) . | 88 | .Xr ssh 1 ) . |
89 | It should only be writable by root. | 89 | It should only be writable by root. |
90 | .Pp | 90 | .Pp |
@@ -93,7 +93,7 @@ Index: b/sshd.8 | |||
93 | Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange". | 93 | Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange". |
94 | The file format is described in | 94 | The file format is described in |
95 | .Xr moduli 5 . | 95 | .Xr moduli 5 . |
96 | @@ -931,7 +931,6 @@ | 96 | @@ -941,7 +941,6 @@ |
97 | .Xr ssh-vulnkey 1 , | 97 | .Xr ssh-vulnkey 1 , |
98 | .Xr chroot 2 , | 98 | .Xr chroot 2 , |
99 | .Xr hosts_access 5 , | 99 | .Xr hosts_access 5 , |
@@ -105,7 +105,7 @@ Index: b/sshd_config.5 | |||
105 | =================================================================== | 105 | =================================================================== |
106 | --- a/sshd_config.5 | 106 | --- a/sshd_config.5 |
107 | +++ b/sshd_config.5 | 107 | +++ b/sshd_config.5 |
108 | @@ -177,8 +177,7 @@ | 108 | @@ -222,8 +222,7 @@ |
109 | By default, no banner is displayed. | 109 | By default, no banner is displayed. |
110 | .It Cm ChallengeResponseAuthentication | 110 | .It Cm ChallengeResponseAuthentication |
111 | Specifies whether challenge-response authentication is allowed (e.g. via | 111 | Specifies whether challenge-response authentication is allowed (e.g. via |
diff --git a/debian/patches/package-versioning.patch b/debian/patches/package-versioning.patch index f45cc6968..67e014002 100644 --- a/debian/patches/package-versioning.patch +++ b/debian/patches/package-versioning.patch | |||
@@ -38,7 +38,7 @@ Index: b/version.h | |||
38 | --- a/version.h | 38 | --- a/version.h |
39 | +++ b/version.h | 39 | +++ b/version.h |
40 | @@ -3,4 +3,9 @@ | 40 | @@ -3,4 +3,9 @@ |
41 | #define SSH_VERSION "OpenSSH_5.5" | 41 | #define SSH_VERSION "OpenSSH_5.6" |
42 | 42 | ||
43 | #define SSH_PORTABLE "p1" | 43 | #define SSH_PORTABLE "p1" |
44 | -#define SSH_RELEASE SSH_VERSION SSH_PORTABLE | 44 | -#define SSH_RELEASE SSH_VERSION SSH_PORTABLE |
diff --git a/debian/patches/quieter-signals.patch b/debian/patches/quieter-signals.patch index 96a26cf7e..f8bc5fd4e 100644 --- a/debian/patches/quieter-signals.patch +++ b/debian/patches/quieter-signals.patch | |||
@@ -16,7 +16,7 @@ Index: b/clientloop.c | |||
16 | =================================================================== | 16 | =================================================================== |
17 | --- a/clientloop.c | 17 | --- a/clientloop.c |
18 | +++ b/clientloop.c | 18 | +++ b/clientloop.c |
19 | @@ -1530,8 +1530,10 @@ | 19 | @@ -1594,8 +1594,10 @@ |
20 | exit_status = 0; | 20 | exit_status = 0; |
21 | } | 21 | } |
22 | 22 | ||
diff --git a/debian/patches/scp-quoting.patch b/debian/patches/scp-quoting.patch index 99702c317..3f06225ad 100644 --- a/debian/patches/scp-quoting.patch +++ b/debian/patches/scp-quoting.patch | |||
@@ -11,7 +11,7 @@ Index: b/scp.c | |||
11 | =================================================================== | 11 | =================================================================== |
12 | --- a/scp.c | 12 | --- a/scp.c |
13 | +++ b/scp.c | 13 | +++ b/scp.c |
14 | @@ -168,8 +168,16 @@ | 14 | @@ -182,8 +182,16 @@ |
15 | 15 | ||
16 | if (verbose_mode) { | 16 | if (verbose_mode) { |
17 | fprintf(stderr, "Executing:"); | 17 | fprintf(stderr, "Executing:"); |
diff --git a/debian/patches/series b/debian/patches/series index 699dbaa98..fe14d7a8d 100644 --- a/debian/patches/series +++ b/debian/patches/series | |||
@@ -23,7 +23,6 @@ helpful-wait-terminate.patch | |||
23 | user-group-modes.patch | 23 | user-group-modes.patch |
24 | scp-quoting.patch | 24 | scp-quoting.patch |
25 | shell-path.patch | 25 | shell-path.patch |
26 | ssh-copy-id-trailing-colons.patch | ||
27 | dnssec-sshfp.patch | 26 | dnssec-sshfp.patch |
28 | 27 | ||
29 | # Versioning | 28 | # Versioning |
diff --git a/debian/patches/ssh-argv0.patch b/debian/patches/ssh-argv0.patch index 851687dfd..4a651bfa1 100644 --- a/debian/patches/ssh-argv0.patch +++ b/debian/patches/ssh-argv0.patch | |||
@@ -11,7 +11,7 @@ Index: b/ssh.1 | |||
11 | =================================================================== | 11 | =================================================================== |
12 | --- a/ssh.1 | 12 | --- a/ssh.1 |
13 | +++ b/ssh.1 | 13 | +++ b/ssh.1 |
14 | @@ -1430,6 +1430,7 @@ | 14 | @@ -1396,6 +1396,7 @@ |
15 | .Xr sftp 1 , | 15 | .Xr sftp 1 , |
16 | .Xr ssh-add 1 , | 16 | .Xr ssh-add 1 , |
17 | .Xr ssh-agent 1 , | 17 | .Xr ssh-agent 1 , |
diff --git a/debian/patches/ssh-copy-id-trailing-colons.patch b/debian/patches/ssh-copy-id-trailing-colons.patch deleted file mode 100644 index 1063fc6bb..000000000 --- a/debian/patches/ssh-copy-id-trailing-colons.patch +++ /dev/null | |||
@@ -1,25 +0,0 @@ | |||
1 | Description: ssh-copy-id: Strip trailing colons from hostname | ||
2 | Author: Karl Goetz <karl@kgoetz.id.au> | ||
3 | Author: Colin Watson <cjwatson@debian.org> | ||
4 | Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1530 | ||
5 | Bug-Debian: http://bugs.debian.org/226172 | ||
6 | Bug-Ubuntu: https://bugs.launchpad.net/bugs/249706 | ||
7 | Last-Update: 2010-02-27 | ||
8 | |||
9 | Index: b/contrib/ssh-copy-id | ||
10 | =================================================================== | ||
11 | --- a/contrib/ssh-copy-id | ||
12 | +++ b/contrib/ssh-copy-id | ||
13 | @@ -38,10 +38,10 @@ | ||
14 | exit 1 | ||
15 | fi | ||
16 | |||
17 | -{ eval "$GET_ID" ; } | ssh $1 "umask 077; test -d .ssh || mkdir .ssh ; cat >> .ssh/authorized_keys" || exit 1 | ||
18 | +{ eval "$GET_ID" ; } | ssh ${1%:} "umask 077; test -d .ssh || mkdir .ssh ; cat >> .ssh/authorized_keys" || exit 1 | ||
19 | |||
20 | cat <<EOF | ||
21 | -Now try logging into the machine, with "ssh '$1'", and check in: | ||
22 | +Now try logging into the machine, with "ssh '${1%:}'", and check in: | ||
23 | |||
24 | .ssh/authorized_keys | ||
25 | |||
diff --git a/debian/patches/ssh-vulnkey.patch b/debian/patches/ssh-vulnkey.patch index af56dc031..ecb6e0c64 100644 --- a/debian/patches/ssh-vulnkey.patch +++ b/debian/patches/ssh-vulnkey.patch | |||
@@ -132,7 +132,7 @@ Index: b/auth.c | |||
132 | #include "auth.h" | 132 | #include "auth.h" |
133 | #include "auth-options.h" | 133 | #include "auth-options.h" |
134 | #include "canohost.h" | 134 | #include "canohost.h" |
135 | @@ -593,10 +594,34 @@ | 135 | @@ -615,10 +616,34 @@ |
136 | 136 | ||
137 | /* Returns 1 if key is revoked by revoked_keys_file, 0 otherwise */ | 137 | /* Returns 1 if key is revoked by revoked_keys_file, 0 otherwise */ |
138 | int | 138 | int |
@@ -172,10 +172,10 @@ Index: b/auth.h | |||
172 | =================================================================== | 172 | =================================================================== |
173 | --- a/auth.h | 173 | --- a/auth.h |
174 | +++ b/auth.h | 174 | +++ b/auth.h |
175 | @@ -173,7 +173,7 @@ | 175 | @@ -175,7 +175,7 @@ |
176 | char *authorized_keys_file2(struct passwd *); | ||
177 | 176 | ||
178 | FILE *auth_openkeyfile(const char *, struct passwd *, int); | 177 | FILE *auth_openkeyfile(const char *, struct passwd *, int); |
178 | FILE *auth_openprincipals(const char *, struct passwd *, int); | ||
179 | -int auth_key_is_revoked(Key *); | 179 | -int auth_key_is_revoked(Key *); |
180 | +int auth_key_is_revoked(Key *, int); | 180 | +int auth_key_is_revoked(Key *, int); |
181 | 181 | ||
@@ -185,9 +185,9 @@ Index: b/auth2-hostbased.c | |||
185 | =================================================================== | 185 | =================================================================== |
186 | --- a/auth2-hostbased.c | 186 | --- a/auth2-hostbased.c |
187 | +++ b/auth2-hostbased.c | 187 | +++ b/auth2-hostbased.c |
188 | @@ -145,7 +145,7 @@ | 188 | @@ -146,7 +146,7 @@ |
189 | HostStatus host_status; | ||
190 | int len; | 189 | int len; |
190 | char *fp; | ||
191 | 191 | ||
192 | - if (auth_key_is_revoked(key)) | 192 | - if (auth_key_is_revoked(key)) |
193 | + if (auth_key_is_revoked(key, 0)) | 193 | + if (auth_key_is_revoked(key, 0)) |
@@ -198,7 +198,7 @@ Index: b/auth2-pubkey.c | |||
198 | =================================================================== | 198 | =================================================================== |
199 | --- a/auth2-pubkey.c | 199 | --- a/auth2-pubkey.c |
200 | +++ b/auth2-pubkey.c | 200 | +++ b/auth2-pubkey.c |
201 | @@ -328,9 +328,10 @@ | 201 | @@ -439,9 +439,10 @@ |
202 | int success; | 202 | int success; |
203 | char *file; | 203 | char *file; |
204 | 204 | ||
@@ -223,7 +223,7 @@ Index: b/authfile.c | |||
223 | 223 | ||
224 | /* Version identification string for SSH v1 identity files. */ | 224 | /* Version identification string for SSH v1 identity files. */ |
225 | static const char authfile_id_string[] = | 225 | static const char authfile_id_string[] = |
226 | @@ -754,3 +755,140 @@ | 226 | @@ -814,3 +815,140 @@ |
227 | return ret; | 227 | return ret; |
228 | } | 228 | } |
229 | 229 | ||
@@ -368,7 +368,7 @@ Index: b/authfile.h | |||
368 | =================================================================== | 368 | =================================================================== |
369 | --- a/authfile.h | 369 | --- a/authfile.h |
370 | +++ b/authfile.h | 370 | +++ b/authfile.h |
371 | @@ -24,4 +24,6 @@ | 371 | @@ -26,4 +26,6 @@ |
372 | int key_perm_ok(int, const char *); | 372 | int key_perm_ok(int, const char *); |
373 | int key_in_file(Key *, const char *, int); | 373 | int key_in_file(Key *, const char *, int); |
374 | 374 | ||
@@ -412,7 +412,7 @@ Index: b/readconf.c | |||
412 | oHostKeyAlgorithms, oBindAddress, oPKCS11Provider, | 412 | oHostKeyAlgorithms, oBindAddress, oPKCS11Provider, |
413 | oClearAllForwardings, oNoHostAuthenticationForLocalhost, | 413 | oClearAllForwardings, oNoHostAuthenticationForLocalhost, |
414 | oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout, | 414 | oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout, |
415 | @@ -152,6 +153,7 @@ | 415 | @@ -154,6 +155,7 @@ |
416 | { "passwordauthentication", oPasswordAuthentication }, | 416 | { "passwordauthentication", oPasswordAuthentication }, |
417 | { "kbdinteractiveauthentication", oKbdInteractiveAuthentication }, | 417 | { "kbdinteractiveauthentication", oKbdInteractiveAuthentication }, |
418 | { "kbdinteractivedevices", oKbdInteractiveDevices }, | 418 | { "kbdinteractivedevices", oKbdInteractiveDevices }, |
@@ -420,7 +420,7 @@ Index: b/readconf.c | |||
420 | { "rsaauthentication", oRSAAuthentication }, | 420 | { "rsaauthentication", oRSAAuthentication }, |
421 | { "pubkeyauthentication", oPubkeyAuthentication }, | 421 | { "pubkeyauthentication", oPubkeyAuthentication }, |
422 | { "dsaauthentication", oPubkeyAuthentication }, /* alias */ | 422 | { "dsaauthentication", oPubkeyAuthentication }, /* alias */ |
423 | @@ -461,6 +463,10 @@ | 423 | @@ -479,6 +481,10 @@ |
424 | intptr = &options->challenge_response_authentication; | 424 | intptr = &options->challenge_response_authentication; |
425 | goto parse_flag; | 425 | goto parse_flag; |
426 | 426 | ||
@@ -431,7 +431,7 @@ Index: b/readconf.c | |||
431 | case oGssAuthentication: | 431 | case oGssAuthentication: |
432 | intptr = &options->gss_authentication; | 432 | intptr = &options->gss_authentication; |
433 | goto parse_flag; | 433 | goto parse_flag; |
434 | @@ -1050,6 +1056,7 @@ | 434 | @@ -1093,6 +1099,7 @@ |
435 | options->kbd_interactive_devices = NULL; | 435 | options->kbd_interactive_devices = NULL; |
436 | options->rhosts_rsa_authentication = -1; | 436 | options->rhosts_rsa_authentication = -1; |
437 | options->hostbased_authentication = -1; | 437 | options->hostbased_authentication = -1; |
@@ -439,7 +439,7 @@ Index: b/readconf.c | |||
439 | options->batch_mode = -1; | 439 | options->batch_mode = -1; |
440 | options->check_host_ip = -1; | 440 | options->check_host_ip = -1; |
441 | options->strict_host_key_checking = -1; | 441 | options->strict_host_key_checking = -1; |
442 | @@ -1152,6 +1159,8 @@ | 442 | @@ -1201,6 +1208,8 @@ |
443 | options->rhosts_rsa_authentication = 0; | 443 | options->rhosts_rsa_authentication = 0; |
444 | if (options->hostbased_authentication == -1) | 444 | if (options->hostbased_authentication == -1) |
445 | options->hostbased_authentication = 0; | 445 | options->hostbased_authentication = 0; |
@@ -452,7 +452,7 @@ Index: b/readconf.h | |||
452 | =================================================================== | 452 | =================================================================== |
453 | --- a/readconf.h | 453 | --- a/readconf.h |
454 | +++ b/readconf.h | 454 | +++ b/readconf.h |
455 | @@ -54,6 +54,7 @@ | 455 | @@ -56,6 +56,7 @@ |
456 | int kbd_interactive_authentication; /* Try keyboard-interactive auth. */ | 456 | int kbd_interactive_authentication; /* Try keyboard-interactive auth. */ |
457 | char *kbd_interactive_devices; /* Keyboard-interactive auth devices. */ | 457 | char *kbd_interactive_devices; /* Keyboard-interactive auth devices. */ |
458 | int zero_knowledge_password_authentication; /* Try jpake */ | 458 | int zero_knowledge_password_authentication; /* Try jpake */ |
@@ -472,7 +472,7 @@ Index: b/servconf.c | |||
472 | options->permit_empty_passwd = -1; | 472 | options->permit_empty_passwd = -1; |
473 | options->permit_user_env = -1; | 473 | options->permit_user_env = -1; |
474 | options->use_login = -1; | 474 | options->use_login = -1; |
475 | @@ -231,6 +232,8 @@ | 475 | @@ -232,6 +233,8 @@ |
476 | options->kbd_interactive_authentication = 0; | 476 | options->kbd_interactive_authentication = 0; |
477 | if (options->challenge_response_authentication == -1) | 477 | if (options->challenge_response_authentication == -1) |
478 | options->challenge_response_authentication = 1; | 478 | options->challenge_response_authentication = 1; |
@@ -481,7 +481,7 @@ Index: b/servconf.c | |||
481 | if (options->permit_empty_passwd == -1) | 481 | if (options->permit_empty_passwd == -1) |
482 | options->permit_empty_passwd = 0; | 482 | options->permit_empty_passwd = 0; |
483 | if (options->permit_user_env == -1) | 483 | if (options->permit_user_env == -1) |
484 | @@ -306,7 +309,7 @@ | 484 | @@ -307,7 +310,7 @@ |
485 | sListenAddress, sAddressFamily, | 485 | sListenAddress, sAddressFamily, |
486 | sPrintMotd, sPrintLastLog, sIgnoreRhosts, | 486 | sPrintMotd, sPrintLastLog, sIgnoreRhosts, |
487 | sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost, | 487 | sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost, |
@@ -490,7 +490,7 @@ Index: b/servconf.c | |||
490 | sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression, | 490 | sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression, |
491 | sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, | 491 | sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, |
492 | sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile, | 492 | sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile, |
493 | @@ -415,6 +418,7 @@ | 493 | @@ -416,6 +419,7 @@ |
494 | { "x11uselocalhost", sX11UseLocalhost, SSHCFG_ALL }, | 494 | { "x11uselocalhost", sX11UseLocalhost, SSHCFG_ALL }, |
495 | { "xauthlocation", sXAuthLocation, SSHCFG_GLOBAL }, | 495 | { "xauthlocation", sXAuthLocation, SSHCFG_GLOBAL }, |
496 | { "strictmodes", sStrictModes, SSHCFG_GLOBAL }, | 496 | { "strictmodes", sStrictModes, SSHCFG_GLOBAL }, |
@@ -498,7 +498,7 @@ Index: b/servconf.c | |||
498 | { "permitemptypasswords", sEmptyPasswd, SSHCFG_ALL }, | 498 | { "permitemptypasswords", sEmptyPasswd, SSHCFG_ALL }, |
499 | { "permituserenvironment", sPermitUserEnvironment, SSHCFG_GLOBAL }, | 499 | { "permituserenvironment", sPermitUserEnvironment, SSHCFG_GLOBAL }, |
500 | { "uselogin", sUseLogin, SSHCFG_GLOBAL }, | 500 | { "uselogin", sUseLogin, SSHCFG_GLOBAL }, |
501 | @@ -1009,6 +1013,10 @@ | 501 | @@ -1011,6 +1015,10 @@ |
502 | intptr = &options->tcp_keep_alive; | 502 | intptr = &options->tcp_keep_alive; |
503 | goto parse_flag; | 503 | goto parse_flag; |
504 | 504 | ||
@@ -509,7 +509,7 @@ Index: b/servconf.c | |||
509 | case sEmptyPasswd: | 509 | case sEmptyPasswd: |
510 | intptr = &options->permit_empty_passwd; | 510 | intptr = &options->permit_empty_passwd; |
511 | goto parse_flag; | 511 | goto parse_flag; |
512 | @@ -1697,6 +1705,7 @@ | 512 | @@ -1708,6 +1716,7 @@ |
513 | dump_cfg_fmtint(sX11UseLocalhost, o->x11_use_localhost); | 513 | dump_cfg_fmtint(sX11UseLocalhost, o->x11_use_localhost); |
514 | dump_cfg_fmtint(sStrictModes, o->strict_modes); | 514 | dump_cfg_fmtint(sStrictModes, o->strict_modes); |
515 | dump_cfg_fmtint(sTCPKeepAlive, o->tcp_keep_alive); | 515 | dump_cfg_fmtint(sTCPKeepAlive, o->tcp_keep_alive); |
@@ -584,7 +584,7 @@ Index: b/ssh-keygen.1 | |||
584 | =================================================================== | 584 | =================================================================== |
585 | --- a/ssh-keygen.1 | 585 | --- a/ssh-keygen.1 |
586 | +++ b/ssh-keygen.1 | 586 | +++ b/ssh-keygen.1 |
587 | @@ -628,6 +628,7 @@ | 587 | @@ -669,6 +669,7 @@ |
588 | .Xr ssh 1 , | 588 | .Xr ssh 1 , |
589 | .Xr ssh-add 1 , | 589 | .Xr ssh-add 1 , |
590 | .Xr ssh-agent 1 , | 590 | .Xr ssh-agent 1 , |
@@ -1236,7 +1236,7 @@ Index: b/ssh.1 | |||
1236 | =================================================================== | 1236 | =================================================================== |
1237 | --- a/ssh.1 | 1237 | --- a/ssh.1 |
1238 | +++ b/ssh.1 | 1238 | +++ b/ssh.1 |
1239 | @@ -1426,6 +1426,7 @@ | 1239 | @@ -1392,6 +1392,7 @@ |
1240 | .Xr ssh-agent 1 , | 1240 | .Xr ssh-agent 1 , |
1241 | .Xr ssh-keygen 1 , | 1241 | .Xr ssh-keygen 1 , |
1242 | .Xr ssh-keyscan 1 , | 1242 | .Xr ssh-keyscan 1 , |
@@ -1248,7 +1248,7 @@ Index: b/ssh.c | |||
1248 | =================================================================== | 1248 | =================================================================== |
1249 | --- a/ssh.c | 1249 | --- a/ssh.c |
1250 | +++ b/ssh.c | 1250 | +++ b/ssh.c |
1251 | @@ -1301,7 +1301,7 @@ | 1251 | @@ -1422,7 +1422,7 @@ |
1252 | static void | 1252 | static void |
1253 | load_public_identity_files(void) | 1253 | load_public_identity_files(void) |
1254 | { | 1254 | { |
@@ -1257,7 +1257,7 @@ Index: b/ssh.c | |||
1257 | char *pwdir = NULL, *pwname = NULL; | 1257 | char *pwdir = NULL, *pwname = NULL; |
1258 | int i = 0; | 1258 | int i = 0; |
1259 | Key *public; | 1259 | Key *public; |
1260 | @@ -1358,6 +1358,22 @@ | 1260 | @@ -1479,6 +1479,22 @@ |
1261 | public = key_load_public(filename, NULL); | 1261 | public = key_load_public(filename, NULL); |
1262 | debug("identity file %s type %d", filename, | 1262 | debug("identity file %s type %d", filename, |
1263 | public ? public->type : -1); | 1263 | public ? public->type : -1); |
@@ -1284,7 +1284,7 @@ Index: b/ssh_config.5 | |||
1284 | =================================================================== | 1284 | =================================================================== |
1285 | --- a/ssh_config.5 | 1285 | --- a/ssh_config.5 |
1286 | +++ b/ssh_config.5 | 1286 | +++ b/ssh_config.5 |
1287 | @@ -1051,6 +1051,23 @@ | 1287 | @@ -1082,6 +1082,23 @@ |
1288 | .Dq any . | 1288 | .Dq any . |
1289 | The default is | 1289 | The default is |
1290 | .Dq any:any . | 1290 | .Dq any:any . |
@@ -1312,7 +1312,7 @@ Index: b/sshconnect2.c | |||
1312 | =================================================================== | 1312 | =================================================================== |
1313 | --- a/sshconnect2.c | 1313 | --- a/sshconnect2.c |
1314 | +++ b/sshconnect2.c | 1314 | +++ b/sshconnect2.c |
1315 | @@ -1418,6 +1418,8 @@ | 1315 | @@ -1421,6 +1421,8 @@ |
1316 | 1316 | ||
1317 | /* list of keys stored in the filesystem */ | 1317 | /* list of keys stored in the filesystem */ |
1318 | for (i = 0; i < options.num_identity_files; i++) { | 1318 | for (i = 0; i < options.num_identity_files; i++) { |
@@ -1321,9 +1321,9 @@ Index: b/sshconnect2.c | |||
1321 | key = options.identity_keys[i]; | 1321 | key = options.identity_keys[i]; |
1322 | if (key && key->type == KEY_RSA1) | 1322 | if (key && key->type == KEY_RSA1) |
1323 | continue; | 1323 | continue; |
1324 | @@ -1510,7 +1512,7 @@ | 1324 | @@ -1514,7 +1516,7 @@ |
1325 | if (id->key && id->key->type != KEY_RSA1) { | 1325 | debug("Offering %s public key: %s", key_type(id->key), |
1326 | debug("Offering public key: %s", id->filename); | 1326 | id->filename); |
1327 | sent = send_pubkey_test(authctxt, id); | 1327 | sent = send_pubkey_test(authctxt, id); |
1328 | - } else if (id->key == NULL) { | 1328 | - } else if (id->key == NULL) { |
1329 | + } else if (id->key == NULL && id->filename) { | 1329 | + } else if (id->key == NULL && id->filename) { |
@@ -1334,7 +1334,7 @@ Index: b/sshd.8 | |||
1334 | =================================================================== | 1334 | =================================================================== |
1335 | --- a/sshd.8 | 1335 | --- a/sshd.8 |
1336 | +++ b/sshd.8 | 1336 | +++ b/sshd.8 |
1337 | @@ -928,6 +928,7 @@ | 1337 | @@ -938,6 +938,7 @@ |
1338 | .Xr ssh-agent 1 , | 1338 | .Xr ssh-agent 1 , |
1339 | .Xr ssh-keygen 1 , | 1339 | .Xr ssh-keygen 1 , |
1340 | .Xr ssh-keyscan 1 , | 1340 | .Xr ssh-keyscan 1 , |
@@ -1346,7 +1346,7 @@ Index: b/sshd.c | |||
1346 | =================================================================== | 1346 | =================================================================== |
1347 | --- a/sshd.c | 1347 | --- a/sshd.c |
1348 | +++ b/sshd.c | 1348 | +++ b/sshd.c |
1349 | @@ -1564,6 +1564,11 @@ | 1349 | @@ -1573,6 +1573,11 @@ |
1350 | sensitive_data.host_keys[i] = NULL; | 1350 | sensitive_data.host_keys[i] = NULL; |
1351 | continue; | 1351 | continue; |
1352 | } | 1352 | } |
@@ -1362,7 +1362,7 @@ Index: b/sshd_config.5 | |||
1362 | =================================================================== | 1362 | =================================================================== |
1363 | --- a/sshd_config.5 | 1363 | --- a/sshd_config.5 |
1364 | +++ b/sshd_config.5 | 1364 | +++ b/sshd_config.5 |
1365 | @@ -694,6 +694,20 @@ | 1365 | @@ -743,6 +743,20 @@ |
1366 | Specifies whether password authentication is allowed. | 1366 | Specifies whether password authentication is allowed. |
1367 | The default is | 1367 | The default is |
1368 | .Dq yes . | 1368 | .Dq yes . |
diff --git a/debian/patches/ssh1-keepalive.patch b/debian/patches/ssh1-keepalive.patch index 7682c0761..dac1ca1cc 100644 --- a/debian/patches/ssh1-keepalive.patch +++ b/debian/patches/ssh1-keepalive.patch | |||
@@ -7,20 +7,13 @@ Index: b/clientloop.c | |||
7 | =================================================================== | 7 | =================================================================== |
8 | --- a/clientloop.c | 8 | --- a/clientloop.c |
9 | +++ b/clientloop.c | 9 | +++ b/clientloop.c |
10 | @@ -507,16 +507,21 @@ | 10 | @@ -547,16 +547,21 @@ |
11 | static void | 11 | static void |
12 | server_alive_check(void) | 12 | server_alive_check(void) |
13 | { | 13 | { |
14 | - if (packet_inc_alive_timeouts() > options.server_alive_count_max) { | 14 | - if (packet_inc_alive_timeouts() > options.server_alive_count_max) { |
15 | - logit("Timeout, server not responding."); | 15 | - logit("Timeout, server not responding."); |
16 | - cleanup_exit(255); | 16 | - cleanup_exit(255); |
17 | - } | ||
18 | - packet_start(SSH2_MSG_GLOBAL_REQUEST); | ||
19 | - packet_put_cstring("keepalive@openssh.com"); | ||
20 | - packet_put_char(1); /* boolean: want reply */ | ||
21 | - packet_send(); | ||
22 | - /* Insert an empty placeholder to maintain ordering */ | ||
23 | - client_register_global_confirm(NULL, NULL); | ||
24 | + if (compat20) { | 17 | + if (compat20) { |
25 | + if (packet_inc_alive_timeouts() > options.server_alive_count_max) { | 18 | + if (packet_inc_alive_timeouts() > options.server_alive_count_max) { |
26 | + logit("Timeout, server not responding."); | 19 | + logit("Timeout, server not responding."); |
@@ -35,24 +28,30 @@ Index: b/clientloop.c | |||
35 | + } else { | 28 | + } else { |
36 | + packet_send_ignore(0); | 29 | + packet_send_ignore(0); |
37 | + packet_send(); | 30 | + packet_send(); |
38 | + } | 31 | } |
32 | - packet_start(SSH2_MSG_GLOBAL_REQUEST); | ||
33 | - packet_put_cstring("keepalive@openssh.com"); | ||
34 | - packet_put_char(1); /* boolean: want reply */ | ||
35 | - packet_send(); | ||
36 | - /* Insert an empty placeholder to maintain ordering */ | ||
37 | - client_register_global_confirm(NULL, NULL); | ||
39 | } | 38 | } |
40 | 39 | ||
41 | /* | 40 | /* |
42 | @@ -574,7 +579,7 @@ | 41 | @@ -616,7 +621,7 @@ |
43 | * event pending. | ||
44 | */ | 42 | */ |
45 | 43 | ||
46 | - if (options.server_alive_interval == 0 || !compat20) | 44 | timeout_secs = INT_MAX; /* we use INT_MAX to mean no timeout */ |
47 | + if (options.server_alive_interval == 0) | 45 | - if (options.server_alive_interval > 0 && compat20) |
48 | tvp = NULL; | 46 | + if (options.server_alive_interval > 0) |
49 | else { | 47 | timeout_secs = options.server_alive_interval; |
50 | tv.tv_sec = options.server_alive_interval; | 48 | set_control_persist_exit_time(); |
49 | if (control_persist_exit_time > 0) { | ||
51 | Index: b/ssh_config.5 | 50 | Index: b/ssh_config.5 |
52 | =================================================================== | 51 | =================================================================== |
53 | --- a/ssh_config.5 | 52 | --- a/ssh_config.5 |
54 | +++ b/ssh_config.5 | 53 | +++ b/ssh_config.5 |
55 | @@ -952,7 +952,10 @@ | 54 | @@ -983,7 +983,10 @@ |
56 | .Cm ServerAliveCountMax | 55 | .Cm ServerAliveCountMax |
57 | is left at the default, if the server becomes unresponsive, | 56 | is left at the default, if the server becomes unresponsive, |
58 | ssh will disconnect after approximately 45 seconds. | 57 | ssh will disconnect after approximately 45 seconds. |
diff --git a/debian/patches/syslog-level-silent.patch b/debian/patches/syslog-level-silent.patch index 2dc912b8e..3cb9fdc65 100644 --- a/debian/patches/syslog-level-silent.patch +++ b/debian/patches/syslog-level-silent.patch | |||
@@ -26,7 +26,7 @@ Index: b/ssh.c | |||
26 | =================================================================== | 26 | =================================================================== |
27 | --- a/ssh.c | 27 | --- a/ssh.c |
28 | +++ b/ssh.c | 28 | +++ b/ssh.c |
29 | @@ -624,7 +624,7 @@ | 29 | @@ -642,7 +642,7 @@ |
30 | tty_flag = 0; | 30 | tty_flag = 0; |
31 | /* Do not allocate a tty if stdin is not a tty. */ | 31 | /* Do not allocate a tty if stdin is not a tty. */ |
32 | if ((!isatty(fileno(stdin)) || stdin_null_flag) && !force_tty_flag) { | 32 | if ((!isatty(fileno(stdin)) || stdin_null_flag) && !force_tty_flag) { |
diff --git a/debian/patches/user-group-modes.patch b/debian/patches/user-group-modes.patch index 164b8ec81..69700e592 100644 --- a/debian/patches/user-group-modes.patch +++ b/debian/patches/user-group-modes.patch | |||
@@ -24,7 +24,7 @@ Index: b/readconf.c | |||
24 | 24 | ||
25 | #include "xmalloc.h" | 25 | #include "xmalloc.h" |
26 | #include "ssh.h" | 26 | #include "ssh.h" |
27 | @@ -1003,8 +1005,7 @@ | 27 | @@ -1045,8 +1047,7 @@ |
28 | 28 | ||
29 | if (fstat(fileno(f), &sb) == -1) | 29 | if (fstat(fileno(f), &sb) == -1) |
30 | fatal("fstat %s: %s", filename, strerror(errno)); | 30 | fatal("fstat %s: %s", filename, strerror(errno)); |
@@ -38,7 +38,7 @@ Index: b/ssh.1 | |||
38 | =================================================================== | 38 | =================================================================== |
39 | --- a/ssh.1 | 39 | --- a/ssh.1 |
40 | +++ b/ssh.1 | 40 | +++ b/ssh.1 |
41 | @@ -1324,6 +1324,8 @@ | 41 | @@ -1290,6 +1290,8 @@ |
42 | .Xr ssh_config 5 . | 42 | .Xr ssh_config 5 . |
43 | Because of the potential for abuse, this file must have strict permissions: | 43 | Because of the potential for abuse, this file must have strict permissions: |
44 | read/write for the user, and not accessible by others. | 44 | read/write for the user, and not accessible by others. |
@@ -51,7 +51,7 @@ Index: b/ssh_config.5 | |||
51 | =================================================================== | 51 | =================================================================== |
52 | --- a/ssh_config.5 | 52 | --- a/ssh_config.5 |
53 | +++ b/ssh_config.5 | 53 | +++ b/ssh_config.5 |
54 | @@ -1204,6 +1204,8 @@ | 54 | @@ -1235,6 +1235,8 @@ |
55 | This file is used by the SSH client. | 55 | This file is used by the SSH client. |
56 | Because of the potential for abuse, this file must have strict permissions: | 56 | Because of the potential for abuse, this file must have strict permissions: |
57 | read/write for the user, and not accessible by others. | 57 | read/write for the user, and not accessible by others. |
@@ -64,7 +64,7 @@ Index: b/auth.c | |||
64 | =================================================================== | 64 | =================================================================== |
65 | --- a/auth.c | 65 | --- a/auth.c |
66 | +++ b/auth.c | 66 | +++ b/auth.c |
67 | @@ -385,8 +385,7 @@ | 67 | @@ -393,8 +393,7 @@ |
68 | user_hostfile = tilde_expand_filename(userfile, pw->pw_uid); | 68 | user_hostfile = tilde_expand_filename(userfile, pw->pw_uid); |
69 | if (options.strict_modes && | 69 | if (options.strict_modes && |
70 | (stat(user_hostfile, &st) == 0) && | 70 | (stat(user_hostfile, &st) == 0) && |
@@ -74,7 +74,7 @@ Index: b/auth.c | |||
74 | logit("Authentication refused for %.100s: " | 74 | logit("Authentication refused for %.100s: " |
75 | "bad owner or modes for %.200s", | 75 | "bad owner or modes for %.200s", |
76 | pw->pw_name, user_hostfile); | 76 | pw->pw_name, user_hostfile); |
77 | @@ -438,8 +437,7 @@ | 77 | @@ -448,8 +447,7 @@ |
78 | 78 | ||
79 | /* check the open file to avoid races */ | 79 | /* check the open file to avoid races */ |
80 | if (fstat(fileno(f), &st) < 0 || | 80 | if (fstat(fileno(f), &st) < 0 || |
@@ -84,7 +84,7 @@ Index: b/auth.c | |||
84 | snprintf(err, errlen, "bad ownership or modes for file %s", | 84 | snprintf(err, errlen, "bad ownership or modes for file %s", |
85 | buf); | 85 | buf); |
86 | return -1; | 86 | return -1; |
87 | @@ -455,8 +453,7 @@ | 87 | @@ -465,8 +463,7 @@ |
88 | 88 | ||
89 | debug3("secure_filename: checking '%s'", buf); | 89 | debug3("secure_filename: checking '%s'", buf); |
90 | if (stat(buf, &st) < 0 || | 90 | if (stat(buf, &st) < 0 || |
@@ -109,7 +109,7 @@ Index: b/misc.c | |||
109 | #ifdef SSH_TUN_OPENBSD | 109 | #ifdef SSH_TUN_OPENBSD |
110 | #include <net/if.h> | 110 | #include <net/if.h> |
111 | #endif | 111 | #endif |
112 | @@ -638,6 +639,55 @@ | 112 | @@ -639,6 +640,55 @@ |
113 | } | 113 | } |
114 | 114 | ||
115 | int | 115 | int |
@@ -169,7 +169,7 @@ Index: b/misc.h | |||
169 | =================================================================== | 169 | =================================================================== |
170 | --- a/misc.h | 170 | --- a/misc.h |
171 | +++ b/misc.h | 171 | +++ b/misc.h |
172 | @@ -91,4 +91,6 @@ | 172 | @@ -92,4 +92,6 @@ |
173 | int ask_permission(const char *, ...) __attribute__((format(printf, 1, 2))); | 173 | int ask_permission(const char *, ...) __attribute__((format(printf, 1, 2))); |
174 | int read_keyfile_line(FILE *, const char *, char *, size_t, u_long *); | 174 | int read_keyfile_line(FILE *, const char *, char *, size_t, u_long *); |
175 | 175 | ||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: jpake.c,v 1.2 2009/03/05 07:18:19 djm Exp $ */ | 1 | /* $OpenBSD: jpake.c,v 1.4 2010/07/13 23:13:16 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2008 Damien Miller. All rights reserved. | 3 | * Copyright (c) 2008 Damien Miller. All rights reserved. |
4 | * | 4 | * |
@@ -434,7 +434,7 @@ jpake_check_confirm(const BIGNUM *k, | |||
434 | if (peer_confirm_hash_len != expected_confirm_hash_len) | 434 | if (peer_confirm_hash_len != expected_confirm_hash_len) |
435 | error("%s: confirmation length mismatch (my %u them %u)", | 435 | error("%s: confirmation length mismatch (my %u them %u)", |
436 | __func__, expected_confirm_hash_len, peer_confirm_hash_len); | 436 | __func__, expected_confirm_hash_len, peer_confirm_hash_len); |
437 | else if (memcmp(peer_confirm_hash, expected_confirm_hash, | 437 | else if (timingsafe_bcmp(peer_confirm_hash, expected_confirm_hash, |
438 | expected_confirm_hash_len) == 0) | 438 | expected_confirm_hash_len) == 0) |
439 | success = 1; | 439 | success = 1; |
440 | bzero(expected_confirm_hash, expected_confirm_hash_len); | 440 | bzero(expected_confirm_hash, expected_confirm_hash_len); |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: key.c,v 1.86 2010/03/15 19:40:02 stevesk Exp $ */ | 1 | /* $OpenBSD: key.c,v 1.90 2010/07/13 23:13:16 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * read_bignum(): | 3 | * read_bignum(): |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -52,6 +52,7 @@ | |||
52 | #include "uuencode.h" | 52 | #include "uuencode.h" |
53 | #include "buffer.h" | 53 | #include "buffer.h" |
54 | #include "log.h" | 54 | #include "log.h" |
55 | #include "misc.h" | ||
55 | #include "ssh2.h" | 56 | #include "ssh2.h" |
56 | 57 | ||
57 | static struct KeyCert * | 58 | static struct KeyCert * |
@@ -61,7 +62,8 @@ cert_new(void) | |||
61 | 62 | ||
62 | cert = xcalloc(1, sizeof(*cert)); | 63 | cert = xcalloc(1, sizeof(*cert)); |
63 | buffer_init(&cert->certblob); | 64 | buffer_init(&cert->certblob); |
64 | buffer_init(&cert->constraints); | 65 | buffer_init(&cert->critical); |
66 | buffer_init(&cert->extensions); | ||
65 | cert->key_id = NULL; | 67 | cert->key_id = NULL; |
66 | cert->principals = NULL; | 68 | cert->principals = NULL; |
67 | cert->signature_key = NULL; | 69 | cert->signature_key = NULL; |
@@ -82,6 +84,7 @@ key_new(int type) | |||
82 | switch (k->type) { | 84 | switch (k->type) { |
83 | case KEY_RSA1: | 85 | case KEY_RSA1: |
84 | case KEY_RSA: | 86 | case KEY_RSA: |
87 | case KEY_RSA_CERT_V00: | ||
85 | case KEY_RSA_CERT: | 88 | case KEY_RSA_CERT: |
86 | if ((rsa = RSA_new()) == NULL) | 89 | if ((rsa = RSA_new()) == NULL) |
87 | fatal("key_new: RSA_new failed"); | 90 | fatal("key_new: RSA_new failed"); |
@@ -92,6 +95,7 @@ key_new(int type) | |||
92 | k->rsa = rsa; | 95 | k->rsa = rsa; |
93 | break; | 96 | break; |
94 | case KEY_DSA: | 97 | case KEY_DSA: |
98 | case KEY_DSA_CERT_V00: | ||
95 | case KEY_DSA_CERT: | 99 | case KEY_DSA_CERT: |
96 | if ((dsa = DSA_new()) == NULL) | 100 | if ((dsa = DSA_new()) == NULL) |
97 | fatal("key_new: DSA_new failed"); | 101 | fatal("key_new: DSA_new failed"); |
@@ -124,6 +128,7 @@ key_add_private(Key *k) | |||
124 | switch (k->type) { | 128 | switch (k->type) { |
125 | case KEY_RSA1: | 129 | case KEY_RSA1: |
126 | case KEY_RSA: | 130 | case KEY_RSA: |
131 | case KEY_RSA_CERT_V00: | ||
127 | case KEY_RSA_CERT: | 132 | case KEY_RSA_CERT: |
128 | if ((k->rsa->d = BN_new()) == NULL) | 133 | if ((k->rsa->d = BN_new()) == NULL) |
129 | fatal("key_new_private: BN_new failed"); | 134 | fatal("key_new_private: BN_new failed"); |
@@ -139,6 +144,7 @@ key_add_private(Key *k) | |||
139 | fatal("key_new_private: BN_new failed"); | 144 | fatal("key_new_private: BN_new failed"); |
140 | break; | 145 | break; |
141 | case KEY_DSA: | 146 | case KEY_DSA: |
147 | case KEY_DSA_CERT_V00: | ||
142 | case KEY_DSA_CERT: | 148 | case KEY_DSA_CERT: |
143 | if ((k->dsa->priv_key = BN_new()) == NULL) | 149 | if ((k->dsa->priv_key = BN_new()) == NULL) |
144 | fatal("key_new_private: BN_new failed"); | 150 | fatal("key_new_private: BN_new failed"); |
@@ -165,7 +171,8 @@ cert_free(struct KeyCert *cert) | |||
165 | u_int i; | 171 | u_int i; |
166 | 172 | ||
167 | buffer_free(&cert->certblob); | 173 | buffer_free(&cert->certblob); |
168 | buffer_free(&cert->constraints); | 174 | buffer_free(&cert->critical); |
175 | buffer_free(&cert->extensions); | ||
169 | if (cert->key_id != NULL) | 176 | if (cert->key_id != NULL) |
170 | xfree(cert->key_id); | 177 | xfree(cert->key_id); |
171 | for (i = 0; i < cert->nprincipals; i++) | 178 | for (i = 0; i < cert->nprincipals; i++) |
@@ -184,12 +191,14 @@ key_free(Key *k) | |||
184 | switch (k->type) { | 191 | switch (k->type) { |
185 | case KEY_RSA1: | 192 | case KEY_RSA1: |
186 | case KEY_RSA: | 193 | case KEY_RSA: |
194 | case KEY_RSA_CERT_V00: | ||
187 | case KEY_RSA_CERT: | 195 | case KEY_RSA_CERT: |
188 | if (k->rsa != NULL) | 196 | if (k->rsa != NULL) |
189 | RSA_free(k->rsa); | 197 | RSA_free(k->rsa); |
190 | k->rsa = NULL; | 198 | k->rsa = NULL; |
191 | break; | 199 | break; |
192 | case KEY_DSA: | 200 | case KEY_DSA: |
201 | case KEY_DSA_CERT_V00: | ||
193 | case KEY_DSA_CERT: | 202 | case KEY_DSA_CERT: |
194 | if (k->dsa != NULL) | 203 | if (k->dsa != NULL) |
195 | DSA_free(k->dsa); | 204 | DSA_free(k->dsa); |
@@ -219,7 +228,7 @@ cert_compare(struct KeyCert *a, struct KeyCert *b) | |||
219 | return 0; | 228 | return 0; |
220 | if (buffer_len(&a->certblob) != buffer_len(&b->certblob)) | 229 | if (buffer_len(&a->certblob) != buffer_len(&b->certblob)) |
221 | return 0; | 230 | return 0; |
222 | if (memcmp(buffer_ptr(&a->certblob), buffer_ptr(&b->certblob), | 231 | if (timingsafe_bcmp(buffer_ptr(&a->certblob), buffer_ptr(&b->certblob), |
223 | buffer_len(&a->certblob)) != 0) | 232 | buffer_len(&a->certblob)) != 0) |
224 | return 0; | 233 | return 0; |
225 | return 1; | 234 | return 1; |
@@ -238,11 +247,13 @@ key_equal_public(const Key *a, const Key *b) | |||
238 | 247 | ||
239 | switch (a->type) { | 248 | switch (a->type) { |
240 | case KEY_RSA1: | 249 | case KEY_RSA1: |
250 | case KEY_RSA_CERT_V00: | ||
241 | case KEY_RSA_CERT: | 251 | case KEY_RSA_CERT: |
242 | case KEY_RSA: | 252 | case KEY_RSA: |
243 | return a->rsa != NULL && b->rsa != NULL && | 253 | return a->rsa != NULL && b->rsa != NULL && |
244 | BN_cmp(a->rsa->e, b->rsa->e) == 0 && | 254 | BN_cmp(a->rsa->e, b->rsa->e) == 0 && |
245 | BN_cmp(a->rsa->n, b->rsa->n) == 0; | 255 | BN_cmp(a->rsa->n, b->rsa->n) == 0; |
256 | case KEY_DSA_CERT_V00: | ||
246 | case KEY_DSA_CERT: | 257 | case KEY_DSA_CERT: |
247 | case KEY_DSA: | 258 | case KEY_DSA: |
248 | return a->dsa != NULL && b->dsa != NULL && | 259 | return a->dsa != NULL && b->dsa != NULL && |
@@ -304,6 +315,8 @@ key_fingerprint_raw(Key *k, enum fp_type dgst_type, u_int *dgst_raw_length) | |||
304 | case KEY_RSA: | 315 | case KEY_RSA: |
305 | key_to_blob(k, &blob, &len); | 316 | key_to_blob(k, &blob, &len); |
306 | break; | 317 | break; |
318 | case KEY_DSA_CERT_V00: | ||
319 | case KEY_RSA_CERT_V00: | ||
307 | case KEY_DSA_CERT: | 320 | case KEY_DSA_CERT: |
308 | case KEY_RSA_CERT: | 321 | case KEY_RSA_CERT: |
309 | /* We want a fingerprint of the _key_ not of the cert */ | 322 | /* We want a fingerprint of the _key_ not of the cert */ |
@@ -631,6 +644,8 @@ key_read(Key *ret, char **cpp) | |||
631 | case KEY_UNSPEC: | 644 | case KEY_UNSPEC: |
632 | case KEY_RSA: | 645 | case KEY_RSA: |
633 | case KEY_DSA: | 646 | case KEY_DSA: |
647 | case KEY_DSA_CERT_V00: | ||
648 | case KEY_RSA_CERT_V00: | ||
634 | case KEY_DSA_CERT: | 649 | case KEY_DSA_CERT: |
635 | case KEY_RSA_CERT: | 650 | case KEY_RSA_CERT: |
636 | space = strchr(cp, ' '); | 651 | space = strchr(cp, ' '); |
@@ -757,11 +772,13 @@ key_write(const Key *key, FILE *f) | |||
757 | error("key_write: failed for RSA key"); | 772 | error("key_write: failed for RSA key"); |
758 | return 0; | 773 | return 0; |
759 | case KEY_DSA: | 774 | case KEY_DSA: |
775 | case KEY_DSA_CERT_V00: | ||
760 | case KEY_DSA_CERT: | 776 | case KEY_DSA_CERT: |
761 | if (key->dsa == NULL) | 777 | if (key->dsa == NULL) |
762 | return 0; | 778 | return 0; |
763 | break; | 779 | break; |
764 | case KEY_RSA: | 780 | case KEY_RSA: |
781 | case KEY_RSA_CERT_V00: | ||
765 | case KEY_RSA_CERT: | 782 | case KEY_RSA_CERT: |
766 | if (key->rsa == NULL) | 783 | if (key->rsa == NULL) |
767 | return 0; | 784 | return 0; |
@@ -793,6 +810,10 @@ key_type(const Key *k) | |||
793 | return "RSA"; | 810 | return "RSA"; |
794 | case KEY_DSA: | 811 | case KEY_DSA: |
795 | return "DSA"; | 812 | return "DSA"; |
813 | case KEY_RSA_CERT_V00: | ||
814 | return "RSA-CERT-V00"; | ||
815 | case KEY_DSA_CERT_V00: | ||
816 | return "DSA-CERT-V00"; | ||
796 | case KEY_RSA_CERT: | 817 | case KEY_RSA_CERT: |
797 | return "RSA-CERT"; | 818 | return "RSA-CERT"; |
798 | case KEY_DSA_CERT: | 819 | case KEY_DSA_CERT: |
@@ -822,10 +843,14 @@ key_ssh_name(const Key *k) | |||
822 | return "ssh-rsa"; | 843 | return "ssh-rsa"; |
823 | case KEY_DSA: | 844 | case KEY_DSA: |
824 | return "ssh-dss"; | 845 | return "ssh-dss"; |
825 | case KEY_RSA_CERT: | 846 | case KEY_RSA_CERT_V00: |
826 | return "ssh-rsa-cert-v00@openssh.com"; | 847 | return "ssh-rsa-cert-v00@openssh.com"; |
827 | case KEY_DSA_CERT: | 848 | case KEY_DSA_CERT_V00: |
828 | return "ssh-dss-cert-v00@openssh.com"; | 849 | return "ssh-dss-cert-v00@openssh.com"; |
850 | case KEY_RSA_CERT: | ||
851 | return "ssh-rsa-cert-v01@openssh.com"; | ||
852 | case KEY_DSA_CERT: | ||
853 | return "ssh-dss-cert-v01@openssh.com"; | ||
829 | } | 854 | } |
830 | return "ssh-unknown"; | 855 | return "ssh-unknown"; |
831 | } | 856 | } |
@@ -836,9 +861,11 @@ key_size(const Key *k) | |||
836 | switch (k->type) { | 861 | switch (k->type) { |
837 | case KEY_RSA1: | 862 | case KEY_RSA1: |
838 | case KEY_RSA: | 863 | case KEY_RSA: |
864 | case KEY_RSA_CERT_V00: | ||
839 | case KEY_RSA_CERT: | 865 | case KEY_RSA_CERT: |
840 | return BN_num_bits(k->rsa->n); | 866 | return BN_num_bits(k->rsa->n); |
841 | case KEY_DSA: | 867 | case KEY_DSA: |
868 | case KEY_DSA_CERT_V00: | ||
842 | case KEY_DSA_CERT: | 869 | case KEY_DSA_CERT: |
843 | return BN_num_bits(k->dsa->p); | 870 | return BN_num_bits(k->dsa->p); |
844 | } | 871 | } |
@@ -882,6 +909,8 @@ key_generate(int type, u_int bits) | |||
882 | case KEY_RSA1: | 909 | case KEY_RSA1: |
883 | k->rsa = rsa_generate_private_key(bits); | 910 | k->rsa = rsa_generate_private_key(bits); |
884 | break; | 911 | break; |
912 | case KEY_RSA_CERT_V00: | ||
913 | case KEY_DSA_CERT_V00: | ||
885 | case KEY_RSA_CERT: | 914 | case KEY_RSA_CERT: |
886 | case KEY_DSA_CERT: | 915 | case KEY_DSA_CERT: |
887 | fatal("key_generate: cert keys cannot be generated directly"); | 916 | fatal("key_generate: cert keys cannot be generated directly"); |
@@ -912,9 +941,12 @@ key_cert_copy(const Key *from_key, struct Key *to_key) | |||
912 | buffer_append(&to->certblob, buffer_ptr(&from->certblob), | 941 | buffer_append(&to->certblob, buffer_ptr(&from->certblob), |
913 | buffer_len(&from->certblob)); | 942 | buffer_len(&from->certblob)); |
914 | 943 | ||
915 | buffer_append(&to->constraints, buffer_ptr(&from->constraints), | 944 | buffer_append(&to->critical, |
916 | buffer_len(&from->constraints)); | 945 | buffer_ptr(&from->critical), buffer_len(&from->critical)); |
946 | buffer_append(&to->extensions, | ||
947 | buffer_ptr(&from->extensions), buffer_len(&from->extensions)); | ||
917 | 948 | ||
949 | to->serial = from->serial; | ||
918 | to->type = from->type; | 950 | to->type = from->type; |
919 | to->key_id = from->key_id == NULL ? NULL : xstrdup(from->key_id); | 951 | to->key_id = from->key_id == NULL ? NULL : xstrdup(from->key_id); |
920 | to->valid_after = from->valid_after; | 952 | to->valid_after = from->valid_after; |
@@ -940,6 +972,7 @@ key_from_private(const Key *k) | |||
940 | Key *n = NULL; | 972 | Key *n = NULL; |
941 | switch (k->type) { | 973 | switch (k->type) { |
942 | case KEY_DSA: | 974 | case KEY_DSA: |
975 | case KEY_DSA_CERT_V00: | ||
943 | case KEY_DSA_CERT: | 976 | case KEY_DSA_CERT: |
944 | n = key_new(k->type); | 977 | n = key_new(k->type); |
945 | if ((BN_copy(n->dsa->p, k->dsa->p) == NULL) || | 978 | if ((BN_copy(n->dsa->p, k->dsa->p) == NULL) || |
@@ -950,6 +983,7 @@ key_from_private(const Key *k) | |||
950 | break; | 983 | break; |
951 | case KEY_RSA: | 984 | case KEY_RSA: |
952 | case KEY_RSA1: | 985 | case KEY_RSA1: |
986 | case KEY_RSA_CERT_V00: | ||
953 | case KEY_RSA_CERT: | 987 | case KEY_RSA_CERT: |
954 | n = key_new(k->type); | 988 | n = key_new(k->type); |
955 | if ((BN_copy(n->rsa->n, k->rsa->n) == NULL) || | 989 | if ((BN_copy(n->rsa->n, k->rsa->n) == NULL) || |
@@ -979,8 +1013,12 @@ key_type_from_name(char *name) | |||
979 | } else if (strcmp(name, "ssh-dss") == 0) { | 1013 | } else if (strcmp(name, "ssh-dss") == 0) { |
980 | return KEY_DSA; | 1014 | return KEY_DSA; |
981 | } else if (strcmp(name, "ssh-rsa-cert-v00@openssh.com") == 0) { | 1015 | } else if (strcmp(name, "ssh-rsa-cert-v00@openssh.com") == 0) { |
982 | return KEY_RSA_CERT; | 1016 | return KEY_RSA_CERT_V00; |
983 | } else if (strcmp(name, "ssh-dss-cert-v00@openssh.com") == 0) { | 1017 | } else if (strcmp(name, "ssh-dss-cert-v00@openssh.com") == 0) { |
1018 | return KEY_DSA_CERT_V00; | ||
1019 | } else if (strcmp(name, "ssh-rsa-cert-v01@openssh.com") == 0) { | ||
1020 | return KEY_RSA_CERT; | ||
1021 | } else if (strcmp(name, "ssh-dss-cert-v01@openssh.com") == 0) { | ||
984 | return KEY_DSA_CERT; | 1022 | return KEY_DSA_CERT; |
985 | } else if (strcmp(name, "null") == 0) { | 1023 | } else if (strcmp(name, "null") == 0) { |
986 | return KEY_NULL; | 1024 | return KEY_NULL; |
@@ -1014,26 +1052,31 @@ key_names_valid2(const char *names) | |||
1014 | static int | 1052 | static int |
1015 | cert_parse(Buffer *b, Key *key, const u_char *blob, u_int blen) | 1053 | cert_parse(Buffer *b, Key *key, const u_char *blob, u_int blen) |
1016 | { | 1054 | { |
1017 | u_char *principals, *constraints, *sig_key, *sig; | 1055 | u_char *principals, *critical, *exts, *sig_key, *sig; |
1018 | u_int signed_len, plen, clen, sklen, slen, kidlen; | 1056 | u_int signed_len, plen, clen, sklen, slen, kidlen, elen; |
1019 | Buffer tmp; | 1057 | Buffer tmp; |
1020 | char *principal; | 1058 | char *principal; |
1021 | int ret = -1; | 1059 | int ret = -1; |
1060 | int v00 = key->type == KEY_DSA_CERT_V00 || | ||
1061 | key->type == KEY_RSA_CERT_V00; | ||
1022 | 1062 | ||
1023 | buffer_init(&tmp); | 1063 | buffer_init(&tmp); |
1024 | 1064 | ||
1025 | /* Copy the entire key blob for verification and later serialisation */ | 1065 | /* Copy the entire key blob for verification and later serialisation */ |
1026 | buffer_append(&key->cert->certblob, blob, blen); | 1066 | buffer_append(&key->cert->certblob, blob, blen); |
1027 | 1067 | ||
1028 | principals = constraints = sig_key = sig = NULL; | 1068 | elen = 0; /* Not touched for v00 certs */ |
1029 | if (buffer_get_int_ret(&key->cert->type, b) != 0 || | 1069 | principals = exts = critical = sig_key = sig = NULL; |
1070 | if ((!v00 && buffer_get_int64_ret(&key->cert->serial, b) != 0) || | ||
1071 | buffer_get_int_ret(&key->cert->type, b) != 0 || | ||
1030 | (key->cert->key_id = buffer_get_string_ret(b, &kidlen)) == NULL || | 1072 | (key->cert->key_id = buffer_get_string_ret(b, &kidlen)) == NULL || |
1031 | (principals = buffer_get_string_ret(b, &plen)) == NULL || | 1073 | (principals = buffer_get_string_ret(b, &plen)) == NULL || |
1032 | buffer_get_int64_ret(&key->cert->valid_after, b) != 0 || | 1074 | buffer_get_int64_ret(&key->cert->valid_after, b) != 0 || |
1033 | buffer_get_int64_ret(&key->cert->valid_before, b) != 0 || | 1075 | buffer_get_int64_ret(&key->cert->valid_before, b) != 0 || |
1034 | (constraints = buffer_get_string_ret(b, &clen)) == NULL || | 1076 | (critical = buffer_get_string_ret(b, &clen)) == NULL || |
1035 | /* skip nonce */ buffer_get_string_ptr_ret(b, NULL) == NULL || | 1077 | (!v00 && (exts = buffer_get_string_ret(b, &elen)) == NULL) || |
1036 | /* skip reserved */ buffer_get_string_ptr_ret(b, NULL) == NULL || | 1078 | (v00 && buffer_get_string_ptr_ret(b, NULL) == NULL) || /* nonce */ |
1079 | buffer_get_string_ptr_ret(b, NULL) == NULL || /* reserved */ | ||
1037 | (sig_key = buffer_get_string_ret(b, &sklen)) == NULL) { | 1080 | (sig_key = buffer_get_string_ret(b, &sklen)) == NULL) { |
1038 | error("%s: parse error", __func__); | 1081 | error("%s: parse error", __func__); |
1039 | goto out; | 1082 | goto out; |
@@ -1080,13 +1123,25 @@ cert_parse(Buffer *b, Key *key, const u_char *blob, u_int blen) | |||
1080 | 1123 | ||
1081 | buffer_clear(&tmp); | 1124 | buffer_clear(&tmp); |
1082 | 1125 | ||
1083 | buffer_append(&key->cert->constraints, constraints, clen); | 1126 | buffer_append(&key->cert->critical, critical, clen); |
1084 | buffer_append(&tmp, constraints, clen); | 1127 | buffer_append(&tmp, critical, clen); |
1085 | /* validate structure */ | 1128 | /* validate structure */ |
1086 | while (buffer_len(&tmp) != 0) { | 1129 | while (buffer_len(&tmp) != 0) { |
1087 | if (buffer_get_string_ptr_ret(&tmp, NULL) == NULL || | 1130 | if (buffer_get_string_ptr_ret(&tmp, NULL) == NULL || |
1088 | buffer_get_string_ptr_ret(&tmp, NULL) == NULL) { | 1131 | buffer_get_string_ptr_ret(&tmp, NULL) == NULL) { |
1089 | error("%s: Constraints data invalid", __func__); | 1132 | error("%s: critical option data invalid", __func__); |
1133 | goto out; | ||
1134 | } | ||
1135 | } | ||
1136 | buffer_clear(&tmp); | ||
1137 | |||
1138 | buffer_append(&key->cert->extensions, exts, elen); | ||
1139 | buffer_append(&tmp, exts, elen); | ||
1140 | /* validate structure */ | ||
1141 | while (buffer_len(&tmp) != 0) { | ||
1142 | if (buffer_get_string_ptr_ret(&tmp, NULL) == NULL || | ||
1143 | buffer_get_string_ptr_ret(&tmp, NULL) == NULL) { | ||
1144 | error("%s: extension data invalid", __func__); | ||
1090 | goto out; | 1145 | goto out; |
1091 | } | 1146 | } |
1092 | } | 1147 | } |
@@ -1123,8 +1178,10 @@ cert_parse(Buffer *b, Key *key, const u_char *blob, u_int blen) | |||
1123 | buffer_free(&tmp); | 1178 | buffer_free(&tmp); |
1124 | if (principals != NULL) | 1179 | if (principals != NULL) |
1125 | xfree(principals); | 1180 | xfree(principals); |
1126 | if (constraints != NULL) | 1181 | if (critical != NULL) |
1127 | xfree(constraints); | 1182 | xfree(critical); |
1183 | if (exts != NULL) | ||
1184 | xfree(exts); | ||
1128 | if (sig_key != NULL) | 1185 | if (sig_key != NULL) |
1129 | xfree(sig_key); | 1186 | xfree(sig_key); |
1130 | if (sig != NULL) | 1187 | if (sig != NULL) |
@@ -1153,8 +1210,11 @@ key_from_blob(const u_char *blob, u_int blen) | |||
1153 | type = key_type_from_name(ktype); | 1210 | type = key_type_from_name(ktype); |
1154 | 1211 | ||
1155 | switch (type) { | 1212 | switch (type) { |
1156 | case KEY_RSA: | ||
1157 | case KEY_RSA_CERT: | 1213 | case KEY_RSA_CERT: |
1214 | (void)buffer_get_string_ptr_ret(&b, NULL); /* Skip nonce */ | ||
1215 | /* FALLTHROUGH */ | ||
1216 | case KEY_RSA: | ||
1217 | case KEY_RSA_CERT_V00: | ||
1158 | key = key_new(type); | 1218 | key = key_new(type); |
1159 | if (buffer_get_bignum2_ret(&b, key->rsa->e) == -1 || | 1219 | if (buffer_get_bignum2_ret(&b, key->rsa->e) == -1 || |
1160 | buffer_get_bignum2_ret(&b, key->rsa->n) == -1) { | 1220 | buffer_get_bignum2_ret(&b, key->rsa->n) == -1) { |
@@ -1168,8 +1228,11 @@ key_from_blob(const u_char *blob, u_int blen) | |||
1168 | RSA_print_fp(stderr, key->rsa, 8); | 1228 | RSA_print_fp(stderr, key->rsa, 8); |
1169 | #endif | 1229 | #endif |
1170 | break; | 1230 | break; |
1171 | case KEY_DSA: | ||
1172 | case KEY_DSA_CERT: | 1231 | case KEY_DSA_CERT: |
1232 | (void)buffer_get_string_ptr_ret(&b, NULL); /* Skip nonce */ | ||
1233 | /* FALLTHROUGH */ | ||
1234 | case KEY_DSA: | ||
1235 | case KEY_DSA_CERT_V00: | ||
1173 | key = key_new(type); | 1236 | key = key_new(type); |
1174 | if (buffer_get_bignum2_ret(&b, key->dsa->p) == -1 || | 1237 | if (buffer_get_bignum2_ret(&b, key->dsa->p) == -1 || |
1175 | buffer_get_bignum2_ret(&b, key->dsa->q) == -1 || | 1238 | buffer_get_bignum2_ret(&b, key->dsa->q) == -1 || |
@@ -1215,6 +1278,8 @@ key_to_blob(const Key *key, u_char **blobp, u_int *lenp) | |||
1215 | } | 1278 | } |
1216 | buffer_init(&b); | 1279 | buffer_init(&b); |
1217 | switch (key->type) { | 1280 | switch (key->type) { |
1281 | case KEY_DSA_CERT_V00: | ||
1282 | case KEY_RSA_CERT_V00: | ||
1218 | case KEY_DSA_CERT: | 1283 | case KEY_DSA_CERT: |
1219 | case KEY_RSA_CERT: | 1284 | case KEY_RSA_CERT: |
1220 | /* Use the existing blob */ | 1285 | /* Use the existing blob */ |
@@ -1257,9 +1322,11 @@ key_sign( | |||
1257 | const u_char *data, u_int datalen) | 1322 | const u_char *data, u_int datalen) |
1258 | { | 1323 | { |
1259 | switch (key->type) { | 1324 | switch (key->type) { |
1325 | case KEY_DSA_CERT_V00: | ||
1260 | case KEY_DSA_CERT: | 1326 | case KEY_DSA_CERT: |
1261 | case KEY_DSA: | 1327 | case KEY_DSA: |
1262 | return ssh_dss_sign(key, sigp, lenp, data, datalen); | 1328 | return ssh_dss_sign(key, sigp, lenp, data, datalen); |
1329 | case KEY_RSA_CERT_V00: | ||
1263 | case KEY_RSA_CERT: | 1330 | case KEY_RSA_CERT: |
1264 | case KEY_RSA: | 1331 | case KEY_RSA: |
1265 | return ssh_rsa_sign(key, sigp, lenp, data, datalen); | 1332 | return ssh_rsa_sign(key, sigp, lenp, data, datalen); |
@@ -1283,9 +1350,11 @@ key_verify( | |||
1283 | return -1; | 1350 | return -1; |
1284 | 1351 | ||
1285 | switch (key->type) { | 1352 | switch (key->type) { |
1353 | case KEY_DSA_CERT_V00: | ||
1286 | case KEY_DSA_CERT: | 1354 | case KEY_DSA_CERT: |
1287 | case KEY_DSA: | 1355 | case KEY_DSA: |
1288 | return ssh_dss_verify(key, signature, signaturelen, data, datalen); | 1356 | return ssh_dss_verify(key, signature, signaturelen, data, datalen); |
1357 | case KEY_RSA_CERT_V00: | ||
1289 | case KEY_RSA_CERT: | 1358 | case KEY_RSA_CERT: |
1290 | case KEY_RSA: | 1359 | case KEY_RSA: |
1291 | return ssh_rsa_verify(key, signature, signaturelen, data, datalen); | 1360 | return ssh_rsa_verify(key, signature, signaturelen, data, datalen); |
@@ -1308,6 +1377,7 @@ key_demote(const Key *k) | |||
1308 | pk->rsa = NULL; | 1377 | pk->rsa = NULL; |
1309 | 1378 | ||
1310 | switch (k->type) { | 1379 | switch (k->type) { |
1380 | case KEY_RSA_CERT_V00: | ||
1311 | case KEY_RSA_CERT: | 1381 | case KEY_RSA_CERT: |
1312 | key_cert_copy(k, pk); | 1382 | key_cert_copy(k, pk); |
1313 | /* FALLTHROUGH */ | 1383 | /* FALLTHROUGH */ |
@@ -1320,6 +1390,7 @@ key_demote(const Key *k) | |||
1320 | if ((pk->rsa->n = BN_dup(k->rsa->n)) == NULL) | 1390 | if ((pk->rsa->n = BN_dup(k->rsa->n)) == NULL) |
1321 | fatal("key_demote: BN_dup failed"); | 1391 | fatal("key_demote: BN_dup failed"); |
1322 | break; | 1392 | break; |
1393 | case KEY_DSA_CERT_V00: | ||
1323 | case KEY_DSA_CERT: | 1394 | case KEY_DSA_CERT: |
1324 | key_cert_copy(k, pk); | 1395 | key_cert_copy(k, pk); |
1325 | /* FALLTHROUGH */ | 1396 | /* FALLTHROUGH */ |
@@ -1346,8 +1417,17 @@ key_demote(const Key *k) | |||
1346 | int | 1417 | int |
1347 | key_is_cert(const Key *k) | 1418 | key_is_cert(const Key *k) |
1348 | { | 1419 | { |
1349 | return k != NULL && | 1420 | if (k == NULL) |
1350 | (k->type == KEY_RSA_CERT || k->type == KEY_DSA_CERT); | 1421 | return 0; |
1422 | switch (k->type) { | ||
1423 | case KEY_RSA_CERT_V00: | ||
1424 | case KEY_DSA_CERT_V00: | ||
1425 | case KEY_RSA_CERT: | ||
1426 | case KEY_DSA_CERT: | ||
1427 | return 1; | ||
1428 | default: | ||
1429 | return 0; | ||
1430 | } | ||
1351 | } | 1431 | } |
1352 | 1432 | ||
1353 | /* Return the cert-less equivalent to a certified key type */ | 1433 | /* Return the cert-less equivalent to a certified key type */ |
@@ -1355,8 +1435,10 @@ int | |||
1355 | key_type_plain(int type) | 1435 | key_type_plain(int type) |
1356 | { | 1436 | { |
1357 | switch (type) { | 1437 | switch (type) { |
1438 | case KEY_RSA_CERT_V00: | ||
1358 | case KEY_RSA_CERT: | 1439 | case KEY_RSA_CERT: |
1359 | return KEY_RSA; | 1440 | return KEY_RSA; |
1441 | case KEY_DSA_CERT_V00: | ||
1360 | case KEY_DSA_CERT: | 1442 | case KEY_DSA_CERT: |
1361 | return KEY_DSA; | 1443 | return KEY_DSA; |
1362 | default: | 1444 | default: |
@@ -1366,16 +1448,16 @@ key_type_plain(int type) | |||
1366 | 1448 | ||
1367 | /* Convert a KEY_RSA or KEY_DSA to their _CERT equivalent */ | 1449 | /* Convert a KEY_RSA or KEY_DSA to their _CERT equivalent */ |
1368 | int | 1450 | int |
1369 | key_to_certified(Key *k) | 1451 | key_to_certified(Key *k, int legacy) |
1370 | { | 1452 | { |
1371 | switch (k->type) { | 1453 | switch (k->type) { |
1372 | case KEY_RSA: | 1454 | case KEY_RSA: |
1373 | k->cert = cert_new(); | 1455 | k->cert = cert_new(); |
1374 | k->type = KEY_RSA_CERT; | 1456 | k->type = legacy ? KEY_RSA_CERT_V00 : KEY_RSA_CERT; |
1375 | return 0; | 1457 | return 0; |
1376 | case KEY_DSA: | 1458 | case KEY_DSA: |
1377 | k->cert = cert_new(); | 1459 | k->cert = cert_new(); |
1378 | k->type = KEY_DSA_CERT; | 1460 | k->type = legacy ? KEY_DSA_CERT_V00 : KEY_DSA_CERT; |
1379 | return 0; | 1461 | return 0; |
1380 | default: | 1462 | default: |
1381 | error("%s: key has incorrect type %s", __func__, key_type(k)); | 1463 | error("%s: key has incorrect type %s", __func__, key_type(k)); |
@@ -1388,10 +1470,12 @@ int | |||
1388 | key_drop_cert(Key *k) | 1470 | key_drop_cert(Key *k) |
1389 | { | 1471 | { |
1390 | switch (k->type) { | 1472 | switch (k->type) { |
1473 | case KEY_RSA_CERT_V00: | ||
1391 | case KEY_RSA_CERT: | 1474 | case KEY_RSA_CERT: |
1392 | cert_free(k->cert); | 1475 | cert_free(k->cert); |
1393 | k->type = KEY_RSA; | 1476 | k->type = KEY_RSA; |
1394 | return 0; | 1477 | return 0; |
1478 | case KEY_DSA_CERT_V00: | ||
1395 | case KEY_DSA_CERT: | 1479 | case KEY_DSA_CERT: |
1396 | cert_free(k->cert); | 1480 | cert_free(k->cert); |
1397 | k->type = KEY_DSA; | 1481 | k->type = KEY_DSA; |
@@ -1432,13 +1516,21 @@ key_certify(Key *k, Key *ca) | |||
1432 | buffer_clear(&k->cert->certblob); | 1516 | buffer_clear(&k->cert->certblob); |
1433 | buffer_put_cstring(&k->cert->certblob, key_ssh_name(k)); | 1517 | buffer_put_cstring(&k->cert->certblob, key_ssh_name(k)); |
1434 | 1518 | ||
1519 | /* -v01 certs put nonce first */ | ||
1520 | if (k->type == KEY_DSA_CERT || k->type == KEY_RSA_CERT) { | ||
1521 | arc4random_buf(&nonce, sizeof(nonce)); | ||
1522 | buffer_put_string(&k->cert->certblob, nonce, sizeof(nonce)); | ||
1523 | } | ||
1524 | |||
1435 | switch (k->type) { | 1525 | switch (k->type) { |
1526 | case KEY_DSA_CERT_V00: | ||
1436 | case KEY_DSA_CERT: | 1527 | case KEY_DSA_CERT: |
1437 | buffer_put_bignum2(&k->cert->certblob, k->dsa->p); | 1528 | buffer_put_bignum2(&k->cert->certblob, k->dsa->p); |
1438 | buffer_put_bignum2(&k->cert->certblob, k->dsa->q); | 1529 | buffer_put_bignum2(&k->cert->certblob, k->dsa->q); |
1439 | buffer_put_bignum2(&k->cert->certblob, k->dsa->g); | 1530 | buffer_put_bignum2(&k->cert->certblob, k->dsa->g); |
1440 | buffer_put_bignum2(&k->cert->certblob, k->dsa->pub_key); | 1531 | buffer_put_bignum2(&k->cert->certblob, k->dsa->pub_key); |
1441 | break; | 1532 | break; |
1533 | case KEY_RSA_CERT_V00: | ||
1442 | case KEY_RSA_CERT: | 1534 | case KEY_RSA_CERT: |
1443 | buffer_put_bignum2(&k->cert->certblob, k->rsa->e); | 1535 | buffer_put_bignum2(&k->cert->certblob, k->rsa->e); |
1444 | buffer_put_bignum2(&k->cert->certblob, k->rsa->n); | 1536 | buffer_put_bignum2(&k->cert->certblob, k->rsa->n); |
@@ -1450,6 +1542,10 @@ key_certify(Key *k, Key *ca) | |||
1450 | return -1; | 1542 | return -1; |
1451 | } | 1543 | } |
1452 | 1544 | ||
1545 | /* -v01 certs have a serial number next */ | ||
1546 | if (k->type == KEY_DSA_CERT || k->type == KEY_RSA_CERT) | ||
1547 | buffer_put_int64(&k->cert->certblob, k->cert->serial); | ||
1548 | |||
1453 | buffer_put_int(&k->cert->certblob, k->cert->type); | 1549 | buffer_put_int(&k->cert->certblob, k->cert->type); |
1454 | buffer_put_cstring(&k->cert->certblob, k->cert->key_id); | 1550 | buffer_put_cstring(&k->cert->certblob, k->cert->key_id); |
1455 | 1551 | ||
@@ -1463,11 +1559,19 @@ key_certify(Key *k, Key *ca) | |||
1463 | buffer_put_int64(&k->cert->certblob, k->cert->valid_after); | 1559 | buffer_put_int64(&k->cert->certblob, k->cert->valid_after); |
1464 | buffer_put_int64(&k->cert->certblob, k->cert->valid_before); | 1560 | buffer_put_int64(&k->cert->certblob, k->cert->valid_before); |
1465 | buffer_put_string(&k->cert->certblob, | 1561 | buffer_put_string(&k->cert->certblob, |
1466 | buffer_ptr(&k->cert->constraints), | 1562 | buffer_ptr(&k->cert->critical), buffer_len(&k->cert->critical)); |
1467 | buffer_len(&k->cert->constraints)); | 1563 | |
1564 | /* -v01 certs have non-critical options here */ | ||
1565 | if (k->type == KEY_DSA_CERT || k->type == KEY_RSA_CERT) { | ||
1566 | buffer_put_string(&k->cert->certblob, | ||
1567 | buffer_ptr(&k->cert->extensions), | ||
1568 | buffer_len(&k->cert->extensions)); | ||
1569 | } | ||
1570 | |||
1571 | /* -v00 certs put the nonce at the end */ | ||
1572 | if (k->type == KEY_DSA_CERT_V00 || k->type == KEY_RSA_CERT_V00) | ||
1573 | buffer_put_string(&k->cert->certblob, nonce, sizeof(nonce)); | ||
1468 | 1574 | ||
1469 | arc4random_buf(&nonce, sizeof(nonce)); | ||
1470 | buffer_put_string(&k->cert->certblob, nonce, sizeof(nonce)); | ||
1471 | buffer_put_string(&k->cert->certblob, NULL, 0); /* reserved */ | 1575 | buffer_put_string(&k->cert->certblob, NULL, 0); /* reserved */ |
1472 | buffer_put_string(&k->cert->certblob, ca_blob, ca_len); | 1576 | buffer_put_string(&k->cert->certblob, ca_blob, ca_len); |
1473 | xfree(ca_blob); | 1577 | xfree(ca_blob); |
@@ -1522,7 +1626,7 @@ key_cert_check_authority(const Key *k, int want_host, int require_principal, | |||
1522 | *reason = "Certificate lacks principal list"; | 1626 | *reason = "Certificate lacks principal list"; |
1523 | return -1; | 1627 | return -1; |
1524 | } | 1628 | } |
1525 | } else { | 1629 | } else if (name != NULL) { |
1526 | principal_matches = 0; | 1630 | principal_matches = 0; |
1527 | for (i = 0; i < k->cert->nprincipals; i++) { | 1631 | for (i = 0; i < k->cert->nprincipals; i++) { |
1528 | if (strcmp(name, k->cert->principals[i]) == 0) { | 1632 | if (strcmp(name, k->cert->principals[i]) == 0) { |
@@ -1538,3 +1642,15 @@ key_cert_check_authority(const Key *k, int want_host, int require_principal, | |||
1538 | } | 1642 | } |
1539 | return 0; | 1643 | return 0; |
1540 | } | 1644 | } |
1645 | |||
1646 | int | ||
1647 | key_cert_is_legacy(Key *k) | ||
1648 | { | ||
1649 | switch (k->type) { | ||
1650 | case KEY_DSA_CERT_V00: | ||
1651 | case KEY_RSA_CERT_V00: | ||
1652 | return 1; | ||
1653 | default: | ||
1654 | return 0; | ||
1655 | } | ||
1656 | } | ||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: key.h,v 1.29 2010/03/15 19:40:02 stevesk Exp $ */ | 1 | /* $OpenBSD: key.h,v 1.30 2010/04/16 01:47:26 djm Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. | 4 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. |
@@ -37,6 +37,8 @@ enum types { | |||
37 | KEY_DSA, | 37 | KEY_DSA, |
38 | KEY_RSA_CERT, | 38 | KEY_RSA_CERT, |
39 | KEY_DSA_CERT, | 39 | KEY_DSA_CERT, |
40 | KEY_RSA_CERT_V00, | ||
41 | KEY_DSA_CERT_V00, | ||
40 | KEY_NULL, | 42 | KEY_NULL, |
41 | KEY_UNSPEC | 43 | KEY_UNSPEC |
42 | }; | 44 | }; |
@@ -57,11 +59,13 @@ enum fp_rep { | |||
57 | struct KeyCert { | 59 | struct KeyCert { |
58 | Buffer certblob; /* Kept around for use on wire */ | 60 | Buffer certblob; /* Kept around for use on wire */ |
59 | u_int type; /* SSH2_CERT_TYPE_USER or SSH2_CERT_TYPE_HOST */ | 61 | u_int type; /* SSH2_CERT_TYPE_USER or SSH2_CERT_TYPE_HOST */ |
62 | u_int64_t serial; | ||
60 | char *key_id; | 63 | char *key_id; |
61 | u_int nprincipals; | 64 | u_int nprincipals; |
62 | char **principals; | 65 | char **principals; |
63 | u_int64_t valid_after, valid_before; | 66 | u_int64_t valid_after, valid_before; |
64 | Buffer constraints; | 67 | Buffer critical; |
68 | Buffer extensions; | ||
65 | Key *signature_key; | 69 | Key *signature_key; |
66 | }; | 70 | }; |
67 | 71 | ||
@@ -93,12 +97,13 @@ Key *key_from_private(const Key *); | |||
93 | int key_type_from_name(char *); | 97 | int key_type_from_name(char *); |
94 | int key_is_cert(const Key *); | 98 | int key_is_cert(const Key *); |
95 | int key_type_plain(int); | 99 | int key_type_plain(int); |
96 | int key_to_certified(Key *); | 100 | int key_to_certified(Key *, int); |
97 | int key_drop_cert(Key *); | 101 | int key_drop_cert(Key *); |
98 | int key_certify(Key *, Key *); | 102 | int key_certify(Key *, Key *); |
99 | void key_cert_copy(const Key *, struct Key *); | 103 | void key_cert_copy(const Key *, struct Key *); |
100 | int key_cert_check_authority(const Key *, int, int, const char *, | 104 | int key_cert_check_authority(const Key *, int, int, const char *, |
101 | const char **); | 105 | const char **); |
106 | int key_cert_is_legacy(Key *); | ||
102 | 107 | ||
103 | Key *key_from_blob(const u_char *, u_int); | 108 | Key *key_from_blob(const u_char *, u_int); |
104 | int key_to_blob(const Key *, u_char **, u_int *); | 109 | int key_to_blob(const Key *, u_char **, u_int *); |
diff --git a/loginrec.h b/loginrec.h index 859e1a630..84b486590 100644 --- a/loginrec.h +++ b/loginrec.h | |||
@@ -56,7 +56,7 @@ union login_netinfo { | |||
56 | /* string lengths - set very long */ | 56 | /* string lengths - set very long */ |
57 | #define LINFO_PROGSIZE 64 | 57 | #define LINFO_PROGSIZE 64 |
58 | #define LINFO_LINESIZE 64 | 58 | #define LINFO_LINESIZE 64 |
59 | #define LINFO_NAMESIZE 128 | 59 | #define LINFO_NAMESIZE 512 |
60 | #define LINFO_HOSTSIZE 256 | 60 | #define LINFO_HOSTSIZE 256 |
61 | 61 | ||
62 | struct logininfo { | 62 | struct logininfo { |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: misc.c,v 1.75 2010/01/09 23:04:13 dtucker Exp $ */ | 1 | /* $OpenBSD: misc.c,v 1.80 2010/07/21 02:10:58 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
4 | * Copyright (c) 2005,2006 Damien Miller. All rights reserved. | 4 | * Copyright (c) 2005,2006 Damien Miller. All rights reserved. |
@@ -179,6 +179,7 @@ strdelim(char **s) | |||
179 | return (NULL); /* no matching quote */ | 179 | return (NULL); /* no matching quote */ |
180 | } else { | 180 | } else { |
181 | *s[0] = '\0'; | 181 | *s[0] = '\0'; |
182 | *s += strspn(*s + 1, WHITESPACE) + 1; | ||
182 | return (old); | 183 | return (old); |
183 | } | 184 | } |
184 | } | 185 | } |
@@ -426,7 +427,7 @@ colon(char *cp) | |||
426 | int flag = 0; | 427 | int flag = 0; |
427 | 428 | ||
428 | if (*cp == ':') /* Leading colon is part of file name. */ | 429 | if (*cp == ':') /* Leading colon is part of file name. */ |
429 | return (0); | 430 | return NULL; |
430 | if (*cp == '[') | 431 | if (*cp == '[') |
431 | flag = 1; | 432 | flag = 1; |
432 | 433 | ||
@@ -438,9 +439,9 @@ colon(char *cp) | |||
438 | if (*cp == ':' && !flag) | 439 | if (*cp == ':' && !flag) |
439 | return (cp); | 440 | return (cp); |
440 | if (*cp == '/') | 441 | if (*cp == '/') |
441 | return (0); | 442 | return NULL; |
442 | } | 443 | } |
443 | return (0); | 444 | return NULL; |
444 | } | 445 | } |
445 | 446 | ||
446 | /* function to assist building execv() arguments */ | 447 | /* function to assist building execv() arguments */ |
@@ -899,6 +900,16 @@ ms_to_timeval(struct timeval *tv, int ms) | |||
899 | tv->tv_usec = (ms % 1000) * 1000; | 900 | tv->tv_usec = (ms % 1000) * 1000; |
900 | } | 901 | } |
901 | 902 | ||
903 | int | ||
904 | timingsafe_bcmp(const void *b1, const void *b2, size_t n) | ||
905 | { | ||
906 | const unsigned char *p1 = b1, *p2 = b2; | ||
907 | int ret = 0; | ||
908 | |||
909 | for (; n > 0; n--) | ||
910 | ret |= *p1++ ^ *p2++; | ||
911 | return (ret != 0); | ||
912 | } | ||
902 | void | 913 | void |
903 | sock_set_v6only(int s) | 914 | sock_set_v6only(int s) |
904 | { | 915 | { |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: misc.h,v 1.41 2010/01/09 23:04:13 dtucker Exp $ */ | 1 | /* $OpenBSD: misc.h,v 1.43 2010/07/13 23:13:16 djm Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
@@ -36,6 +36,7 @@ void sanitise_stdfd(void); | |||
36 | void ms_subtract_diff(struct timeval *, int *); | 36 | void ms_subtract_diff(struct timeval *, int *); |
37 | void ms_to_timeval(struct timeval *, int); | 37 | void ms_to_timeval(struct timeval *, int); |
38 | void sock_set_v6only(int); | 38 | void sock_set_v6only(int); |
39 | int timingsafe_bcmp(const void *, const void *, size_t); | ||
39 | 40 | ||
40 | struct passwd *pwcopy(struct passwd *); | 41 | struct passwd *pwcopy(struct passwd *); |
41 | const char *ssh_gai_strerror(int); | 42 | const char *ssh_gai_strerror(int); |
@@ -14,11 +14,12 @@ DESCRIPTION | |||
14 | are prime and are safe for use in Diffie Hellman operations by sshd(8). | 14 | are prime and are safe for use in Diffie Hellman operations by sshd(8). |
15 | This moduli format is used as the output from each pass. | 15 | This moduli format is used as the output from each pass. |
16 | 16 | ||
17 | The file consists of newline-separated records, one per modulus, contain- | 17 | The file consists of newline-separated records, one per modulus, |
18 | ing seven space separated fields. These fields are as follows: | 18 | containing seven space separated fields. These fields are as follows: |
19 | 19 | ||
20 | timestamp The time that the modulus was last processed as YYYYM- | 20 | |
21 | MDDHHMMSS. | 21 | timestamp The time that the modulus was last processed as |
22 | YYYYMMDDHHMMSS. | ||
22 | 23 | ||
23 | type Decimal number specifying the internal structure of | 24 | type Decimal number specifying the internal structure of |
24 | the prime modulus. Supported types are: | 25 | the prime modulus. Supported types are: |
@@ -69,4 +70,4 @@ SEE ALSO | |||
69 | Diffie-Hellman Group Exchange for the Secure Shell (SSH) Transport Layer | 70 | Diffie-Hellman Group Exchange for the Secure Shell (SSH) Transport Layer |
70 | Protocol, RFC 4419, 2006. | 71 | Protocol, RFC 4419, 2006. |
71 | 72 | ||
72 | OpenBSD 4.7 June 26, 2008 2 | 73 | OpenBSD 4.8 June 26, 2008 OpenBSD 4.8 |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: monitor.c,v 1.106 2010/03/07 11:57:13 dtucker Exp $ */ | 1 | /* $OpenBSD: monitor.c,v 1.108 2010/07/13 23:13:16 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright 2002 Niels Provos <provos@citi.umich.edu> | 3 | * Copyright 2002 Niels Provos <provos@citi.umich.edu> |
4 | * Copyright 2002 Markus Friedl <markus@openbsd.org> | 4 | * Copyright 2002 Markus Friedl <markus@openbsd.org> |
@@ -537,7 +537,7 @@ monitor_allowed_key(u_char *blob, u_int bloblen) | |||
537 | { | 537 | { |
538 | /* make sure key is allowed */ | 538 | /* make sure key is allowed */ |
539 | if (key_blob == NULL || key_bloblen != bloblen || | 539 | if (key_blob == NULL || key_bloblen != bloblen || |
540 | memcmp(key_blob, blob, key_bloblen)) | 540 | timingsafe_bcmp(key_blob, blob, key_bloblen)) |
541 | return (0); | 541 | return (0); |
542 | return (1); | 542 | return (1); |
543 | } | 543 | } |
@@ -965,8 +965,8 @@ mm_answer_pam_init_ctx(int sock, Buffer *m) | |||
965 | int | 965 | int |
966 | mm_answer_pam_query(int sock, Buffer *m) | 966 | mm_answer_pam_query(int sock, Buffer *m) |
967 | { | 967 | { |
968 | char *name, *info, **prompts; | 968 | char *name = NULL, *info = NULL, **prompts = NULL; |
969 | u_int i, num, *echo_on; | 969 | u_int i, num = 0, *echo_on = 0; |
970 | int ret; | 970 | int ret; |
971 | 971 | ||
972 | debug3("%s", __func__); | 972 | debug3("%s", __func__); |
@@ -1146,14 +1146,14 @@ monitor_valid_userblob(u_char *data, u_int datalen) | |||
1146 | len = buffer_len(&b); | 1146 | len = buffer_len(&b); |
1147 | if ((session_id2 == NULL) || | 1147 | if ((session_id2 == NULL) || |
1148 | (len < session_id2_len) || | 1148 | (len < session_id2_len) || |
1149 | (memcmp(p, session_id2, session_id2_len) != 0)) | 1149 | (timingsafe_bcmp(p, session_id2, session_id2_len) != 0)) |
1150 | fail++; | 1150 | fail++; |
1151 | buffer_consume(&b, session_id2_len); | 1151 | buffer_consume(&b, session_id2_len); |
1152 | } else { | 1152 | } else { |
1153 | p = buffer_get_string(&b, &len); | 1153 | p = buffer_get_string(&b, &len); |
1154 | if ((session_id2 == NULL) || | 1154 | if ((session_id2 == NULL) || |
1155 | (len != session_id2_len) || | 1155 | (len != session_id2_len) || |
1156 | (memcmp(p, session_id2, session_id2_len) != 0)) | 1156 | (timingsafe_bcmp(p, session_id2, session_id2_len) != 0)) |
1157 | fail++; | 1157 | fail++; |
1158 | xfree(p); | 1158 | xfree(p); |
1159 | } | 1159 | } |
@@ -1201,7 +1201,7 @@ monitor_valid_hostbasedblob(u_char *data, u_int datalen, char *cuser, | |||
1201 | p = buffer_get_string(&b, &len); | 1201 | p = buffer_get_string(&b, &len); |
1202 | if ((session_id2 == NULL) || | 1202 | if ((session_id2 == NULL) || |
1203 | (len != session_id2_len) || | 1203 | (len != session_id2_len) || |
1204 | (memcmp(p, session_id2, session_id2_len) != 0)) | 1204 | (timingsafe_bcmp(p, session_id2, session_id2_len) != 0)) |
1205 | fail++; | 1205 | fail++; |
1206 | xfree(p); | 1206 | xfree(p); |
1207 | 1207 | ||
@@ -1725,9 +1725,9 @@ mm_get_kex(Buffer *m) | |||
1725 | 1725 | ||
1726 | kex = xcalloc(1, sizeof(*kex)); | 1726 | kex = xcalloc(1, sizeof(*kex)); |
1727 | kex->session_id = buffer_get_string(m, &kex->session_id_len); | 1727 | kex->session_id = buffer_get_string(m, &kex->session_id_len); |
1728 | if ((session_id2 == NULL) || | 1728 | if (session_id2 == NULL || |
1729 | (kex->session_id_len != session_id2_len) || | 1729 | kex->session_id_len != session_id2_len || |
1730 | (memcmp(kex->session_id, session_id2, session_id2_len) != 0)) | 1730 | timingsafe_bcmp(kex->session_id, session_id2, session_id2_len) != 0) |
1731 | fatal("mm_get_get: internal error: bad session id"); | 1731 | fatal("mm_get_get: internal error: bad session id"); |
1732 | kex->we_need = buffer_get_int(m); | 1732 | kex->we_need = buffer_get_int(m); |
1733 | kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; | 1733 | kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: mux.c,v 1.14 2010/01/30 02:54:53 djm Exp $ */ | 1 | /* $OpenBSD: mux.c,v 1.21 2010/06/25 23:15:36 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2002-2008 Damien Miller <djm@openbsd.org> | 3 | * Copyright (c) 2002-2008 Damien Miller <djm@openbsd.org> |
4 | * | 4 | * |
@@ -71,6 +71,7 @@ | |||
71 | #include "xmalloc.h" | 71 | #include "xmalloc.h" |
72 | #include "log.h" | 72 | #include "log.h" |
73 | #include "ssh.h" | 73 | #include "ssh.h" |
74 | #include "ssh2.h" | ||
74 | #include "pathnames.h" | 75 | #include "pathnames.h" |
75 | #include "misc.h" | 76 | #include "misc.h" |
76 | #include "match.h" | 77 | #include "match.h" |
@@ -106,6 +107,14 @@ struct mux_session_confirm_ctx { | |||
106 | char *term; | 107 | char *term; |
107 | struct termios tio; | 108 | struct termios tio; |
108 | char **env; | 109 | char **env; |
110 | u_int rid; | ||
111 | }; | ||
112 | |||
113 | /* Context for global channel callback */ | ||
114 | struct mux_channel_confirm_ctx { | ||
115 | u_int cid; /* channel id */ | ||
116 | u_int rid; /* request id */ | ||
117 | int fid; /* forward id */ | ||
109 | }; | 118 | }; |
110 | 119 | ||
111 | /* fd to control socket */ | 120 | /* fd to control socket */ |
@@ -143,13 +152,14 @@ struct mux_master_state { | |||
143 | #define MUX_S_EXIT_MESSAGE 0x80000004 | 152 | #define MUX_S_EXIT_MESSAGE 0x80000004 |
144 | #define MUX_S_ALIVE 0x80000005 | 153 | #define MUX_S_ALIVE 0x80000005 |
145 | #define MUX_S_SESSION_OPENED 0x80000006 | 154 | #define MUX_S_SESSION_OPENED 0x80000006 |
155 | #define MUX_S_REMOTE_PORT 0x80000007 | ||
146 | 156 | ||
147 | /* type codes for MUX_C_OPEN_FWD and MUX_C_CLOSE_FWD */ | 157 | /* type codes for MUX_C_OPEN_FWD and MUX_C_CLOSE_FWD */ |
148 | #define MUX_FWD_LOCAL 1 | 158 | #define MUX_FWD_LOCAL 1 |
149 | #define MUX_FWD_REMOTE 2 | 159 | #define MUX_FWD_REMOTE 2 |
150 | #define MUX_FWD_DYNAMIC 3 | 160 | #define MUX_FWD_DYNAMIC 3 |
151 | 161 | ||
152 | static void mux_session_confirm(int, void *); | 162 | static void mux_session_confirm(int, int, void *); |
153 | 163 | ||
154 | static int process_mux_master_hello(u_int, Channel *, Buffer *, Buffer *); | 164 | static int process_mux_master_hello(u_int, Channel *, Buffer *, Buffer *); |
155 | static int process_mux_new_session(u_int, Channel *, Buffer *, Buffer *); | 165 | static int process_mux_new_session(u_int, Channel *, Buffer *, Buffer *); |
@@ -206,7 +216,7 @@ mux_master_control_cleanup_cb(int cid, void *unused) | |||
206 | fatal("%s: channel_by_id(%i) == NULL", __func__, cid); | 216 | fatal("%s: channel_by_id(%i) == NULL", __func__, cid); |
207 | if (c->remote_id != -1) { | 217 | if (c->remote_id != -1) { |
208 | if ((sc = channel_by_id(c->remote_id)) == NULL) | 218 | if ((sc = channel_by_id(c->remote_id)) == NULL) |
209 | debug2("%s: channel %d n session channel %d", | 219 | fatal("%s: channel %d missing session channel %d", |
210 | __func__, c->self, c->remote_id); | 220 | __func__, c->self, c->remote_id); |
211 | c->remote_id = -1; | 221 | c->remote_id = -1; |
212 | sc->ctl_chan = -1; | 222 | sc->ctl_chan = -1; |
@@ -301,6 +311,7 @@ process_mux_new_session(u_int rid, Channel *c, Buffer *m, Buffer *r) | |||
301 | /* Reply for SSHMUX_COMMAND_OPEN */ | 311 | /* Reply for SSHMUX_COMMAND_OPEN */ |
302 | cctx = xcalloc(1, sizeof(*cctx)); | 312 | cctx = xcalloc(1, sizeof(*cctx)); |
303 | cctx->term = NULL; | 313 | cctx->term = NULL; |
314 | cctx->rid = rid; | ||
304 | cmd = reserved = NULL; | 315 | cmd = reserved = NULL; |
305 | if ((reserved = buffer_get_string_ret(m, NULL)) == NULL || | 316 | if ((reserved = buffer_get_string_ret(m, NULL)) == NULL || |
306 | buffer_get_int_ret(&cctx->want_tty, m) != 0 || | 317 | buffer_get_int_ret(&cctx->want_tty, m) != 0 || |
@@ -454,14 +465,10 @@ process_mux_new_session(u_int rid, Channel *c, Buffer *m, Buffer *r) | |||
454 | 465 | ||
455 | channel_send_open(nc->self); | 466 | channel_send_open(nc->self); |
456 | channel_register_open_confirm(nc->self, mux_session_confirm, cctx); | 467 | channel_register_open_confirm(nc->self, mux_session_confirm, cctx); |
457 | channel_register_cleanup(nc->self, mux_master_session_cleanup_cb, 0); | 468 | c->mux_pause = 1; /* stop handling messages until open_confirm done */ |
458 | 469 | channel_register_cleanup(nc->self, mux_master_session_cleanup_cb, 1); | |
459 | /* prepare reply */ | ||
460 | /* XXX defer until mux_session_confirm() fires */ | ||
461 | buffer_put_int(r, MUX_S_SESSION_OPENED); | ||
462 | buffer_put_int(r, rid); | ||
463 | buffer_put_int(r, nc->self); | ||
464 | 470 | ||
471 | /* reply is deferred, sent by mux_session_confirm */ | ||
465 | return 0; | 472 | return 0; |
466 | } | 473 | } |
467 | 474 | ||
@@ -559,6 +566,61 @@ compare_forward(Forward *a, Forward *b) | |||
559 | return 1; | 566 | return 1; |
560 | } | 567 | } |
561 | 568 | ||
569 | static void | ||
570 | mux_confirm_remote_forward(int type, u_int32_t seq, void *ctxt) | ||
571 | { | ||
572 | struct mux_channel_confirm_ctx *fctx = ctxt; | ||
573 | char *failmsg = NULL; | ||
574 | Forward *rfwd; | ||
575 | Channel *c; | ||
576 | Buffer out; | ||
577 | |||
578 | if ((c = channel_by_id(fctx->cid)) == NULL) { | ||
579 | /* no channel for reply */ | ||
580 | error("%s: unknown channel", __func__); | ||
581 | return; | ||
582 | } | ||
583 | buffer_init(&out); | ||
584 | if (fctx->fid >= options.num_remote_forwards) { | ||
585 | xasprintf(&failmsg, "unknown forwarding id %d", fctx->fid); | ||
586 | goto fail; | ||
587 | } | ||
588 | rfwd = &options.remote_forwards[fctx->fid]; | ||
589 | debug("%s: %s for: listen %d, connect %s:%d", __func__, | ||
590 | type == SSH2_MSG_REQUEST_SUCCESS ? "success" : "failure", | ||
591 | rfwd->listen_port, rfwd->connect_host, rfwd->connect_port); | ||
592 | if (type == SSH2_MSG_REQUEST_SUCCESS) { | ||
593 | if (rfwd->listen_port == 0) { | ||
594 | rfwd->allocated_port = packet_get_int(); | ||
595 | logit("Allocated port %u for mux remote forward" | ||
596 | " to %s:%d", rfwd->allocated_port, | ||
597 | rfwd->connect_host, rfwd->connect_port); | ||
598 | buffer_put_int(&out, MUX_S_REMOTE_PORT); | ||
599 | buffer_put_int(&out, fctx->rid); | ||
600 | buffer_put_int(&out, rfwd->allocated_port); | ||
601 | } else { | ||
602 | buffer_put_int(&out, MUX_S_OK); | ||
603 | buffer_put_int(&out, fctx->rid); | ||
604 | } | ||
605 | goto out; | ||
606 | } else { | ||
607 | xasprintf(&failmsg, "remote port forwarding failed for " | ||
608 | "listen port %d", rfwd->listen_port); | ||
609 | } | ||
610 | fail: | ||
611 | error("%s: %s", __func__, failmsg); | ||
612 | buffer_put_int(&out, MUX_S_FAILURE); | ||
613 | buffer_put_int(&out, fctx->rid); | ||
614 | buffer_put_cstring(&out, failmsg); | ||
615 | xfree(failmsg); | ||
616 | out: | ||
617 | buffer_put_string(&c->output, buffer_ptr(&out), buffer_len(&out)); | ||
618 | buffer_free(&out); | ||
619 | if (c->mux_pause <= 0) | ||
620 | fatal("%s: mux_pause %d", __func__, c->mux_pause); | ||
621 | c->mux_pause = 0; /* start processing messages again */ | ||
622 | } | ||
623 | |||
562 | static int | 624 | static int |
563 | process_mux_open_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r) | 625 | process_mux_open_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r) |
564 | { | 626 | { |
@@ -594,15 +656,16 @@ process_mux_open_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r) | |||
594 | ftype != MUX_FWD_DYNAMIC) { | 656 | ftype != MUX_FWD_DYNAMIC) { |
595 | logit("%s: invalid forwarding type %u", __func__, ftype); | 657 | logit("%s: invalid forwarding type %u", __func__, ftype); |
596 | invalid: | 658 | invalid: |
597 | xfree(fwd.listen_host); | 659 | if (fwd.listen_host) |
598 | xfree(fwd.connect_host); | 660 | xfree(fwd.listen_host); |
661 | if (fwd.connect_host) | ||
662 | xfree(fwd.connect_host); | ||
599 | buffer_put_int(r, MUX_S_FAILURE); | 663 | buffer_put_int(r, MUX_S_FAILURE); |
600 | buffer_put_int(r, rid); | 664 | buffer_put_int(r, rid); |
601 | buffer_put_cstring(r, "Invalid forwarding request"); | 665 | buffer_put_cstring(r, "Invalid forwarding request"); |
602 | return 0; | 666 | return 0; |
603 | } | 667 | } |
604 | /* XXX support rport0 forwarding with reply of port assigned */ | 668 | if (fwd.listen_port >= 65536) { |
605 | if (fwd.listen_port == 0 || fwd.listen_port >= 65536) { | ||
606 | logit("%s: invalid listen port %u", __func__, | 669 | logit("%s: invalid listen port %u", __func__, |
607 | fwd.listen_port); | 670 | fwd.listen_port); |
608 | goto invalid; | 671 | goto invalid; |
@@ -637,8 +700,17 @@ process_mux_open_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r) | |||
637 | case MUX_FWD_REMOTE: | 700 | case MUX_FWD_REMOTE: |
638 | for (i = 0; i < options.num_remote_forwards; i++) { | 701 | for (i = 0; i < options.num_remote_forwards; i++) { |
639 | if (compare_forward(&fwd, | 702 | if (compare_forward(&fwd, |
640 | options.remote_forwards + i)) | 703 | options.remote_forwards + i)) { |
641 | goto exists; | 704 | if (fwd.listen_port != 0) |
705 | goto exists; | ||
706 | debug2("%s: found allocated port", | ||
707 | __func__); | ||
708 | buffer_put_int(r, MUX_S_REMOTE_PORT); | ||
709 | buffer_put_int(r, rid); | ||
710 | buffer_put_int(r, | ||
711 | options.remote_forwards[i].allocated_port); | ||
712 | goto out; | ||
713 | } | ||
642 | } | 714 | } |
643 | break; | 715 | break; |
644 | } | 716 | } |
@@ -655,9 +727,7 @@ process_mux_open_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r) | |||
655 | } | 727 | } |
656 | 728 | ||
657 | if (ftype == MUX_FWD_LOCAL || ftype == MUX_FWD_DYNAMIC) { | 729 | if (ftype == MUX_FWD_LOCAL || ftype == MUX_FWD_DYNAMIC) { |
658 | if (options.num_local_forwards + 1 >= | 730 | if (channel_setup_local_fwd_listener(fwd.listen_host, |
659 | SSH_MAX_FORWARDS_PER_DIRECTION || | ||
660 | channel_setup_local_fwd_listener(fwd.listen_host, | ||
661 | fwd.listen_port, fwd.connect_host, fwd.connect_port, | 731 | fwd.listen_port, fwd.connect_host, fwd.connect_port, |
662 | options.gateway_ports) < 0) { | 732 | options.gateway_ports) < 0) { |
663 | fail: | 733 | fail: |
@@ -670,14 +740,22 @@ process_mux_open_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r) | |||
670 | add_local_forward(&options, &fwd); | 740 | add_local_forward(&options, &fwd); |
671 | freefwd = 0; | 741 | freefwd = 0; |
672 | } else { | 742 | } else { |
673 | /* XXX wait for remote to confirm */ | 743 | struct mux_channel_confirm_ctx *fctx; |
674 | if (options.num_remote_forwards + 1 >= | 744 | |
675 | SSH_MAX_FORWARDS_PER_DIRECTION || | 745 | if (channel_request_remote_forwarding(fwd.listen_host, |
676 | channel_request_remote_forwarding(fwd.listen_host, | ||
677 | fwd.listen_port, fwd.connect_host, fwd.connect_port) < 0) | 746 | fwd.listen_port, fwd.connect_host, fwd.connect_port) < 0) |
678 | goto fail; | 747 | goto fail; |
679 | add_remote_forward(&options, &fwd); | 748 | add_remote_forward(&options, &fwd); |
749 | fctx = xcalloc(1, sizeof(*fctx)); | ||
750 | fctx->cid = c->self; | ||
751 | fctx->rid = rid; | ||
752 | fctx->fid = options.num_remote_forwards - 1; | ||
753 | client_register_global_confirm(mux_confirm_remote_forward, | ||
754 | fctx); | ||
680 | freefwd = 0; | 755 | freefwd = 0; |
756 | c->mux_pause = 1; /* wait for mux_confirm_remote_forward */ | ||
757 | /* delayed reply in mux_confirm_remote_forward */ | ||
758 | goto out; | ||
681 | } | 759 | } |
682 | buffer_put_int(r, MUX_S_OK); | 760 | buffer_put_int(r, MUX_S_OK); |
683 | buffer_put_int(r, rid); | 761 | buffer_put_int(r, rid); |
@@ -826,7 +904,7 @@ process_mux_stdio_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r) | |||
826 | debug2("%s: channel_new: %d linked to control channel %d", | 904 | debug2("%s: channel_new: %d linked to control channel %d", |
827 | __func__, nc->self, nc->ctl_chan); | 905 | __func__, nc->self, nc->ctl_chan); |
828 | 906 | ||
829 | channel_register_cleanup(nc->self, mux_master_session_cleanup_cb, 0); | 907 | channel_register_cleanup(nc->self, mux_master_session_cleanup_cb, 1); |
830 | 908 | ||
831 | /* prepare reply */ | 909 | /* prepare reply */ |
832 | /* XXX defer until channel confirmed */ | 910 | /* XXX defer until channel confirmed */ |
@@ -849,7 +927,7 @@ mux_master_read_cb(Channel *c) | |||
849 | 927 | ||
850 | /* Setup ctx and */ | 928 | /* Setup ctx and */ |
851 | if (c->mux_ctx == NULL) { | 929 | if (c->mux_ctx == NULL) { |
852 | state = xcalloc(1, sizeof(state)); | 930 | state = xcalloc(1, sizeof(*state)); |
853 | c->mux_ctx = state; | 931 | c->mux_ctx = state; |
854 | channel_register_cleanup(c->self, | 932 | channel_register_cleanup(c->self, |
855 | mux_master_control_cleanup_cb, 0); | 933 | mux_master_control_cleanup_cb, 0); |
@@ -1000,26 +1078,43 @@ muxserver_listen(void) | |||
1000 | 1078 | ||
1001 | /* Callback on open confirmation in mux master for a mux client session. */ | 1079 | /* Callback on open confirmation in mux master for a mux client session. */ |
1002 | static void | 1080 | static void |
1003 | mux_session_confirm(int id, void *arg) | 1081 | mux_session_confirm(int id, int success, void *arg) |
1004 | { | 1082 | { |
1005 | struct mux_session_confirm_ctx *cctx = arg; | 1083 | struct mux_session_confirm_ctx *cctx = arg; |
1006 | const char *display; | 1084 | const char *display; |
1007 | Channel *c; | 1085 | Channel *c, *cc; |
1008 | int i; | 1086 | int i; |
1087 | Buffer reply; | ||
1009 | 1088 | ||
1010 | if (cctx == NULL) | 1089 | if (cctx == NULL) |
1011 | fatal("%s: cctx == NULL", __func__); | 1090 | fatal("%s: cctx == NULL", __func__); |
1012 | if ((c = channel_by_id(id)) == NULL) | 1091 | if ((c = channel_by_id(id)) == NULL) |
1013 | fatal("%s: no channel for id %d", __func__, id); | 1092 | fatal("%s: no channel for id %d", __func__, id); |
1093 | if ((cc = channel_by_id(c->ctl_chan)) == NULL) | ||
1094 | fatal("%s: channel %d lacks control channel %d", __func__, | ||
1095 | id, c->ctl_chan); | ||
1096 | |||
1097 | if (!success) { | ||
1098 | debug3("%s: sending failure reply", __func__); | ||
1099 | /* prepare reply */ | ||
1100 | buffer_init(&reply); | ||
1101 | buffer_put_int(&reply, MUX_S_FAILURE); | ||
1102 | buffer_put_int(&reply, cctx->rid); | ||
1103 | buffer_put_cstring(&reply, "Session open refused by peer"); | ||
1104 | goto done; | ||
1105 | } | ||
1014 | 1106 | ||
1015 | display = getenv("DISPLAY"); | 1107 | display = getenv("DISPLAY"); |
1016 | if (cctx->want_x_fwd && options.forward_x11 && display != NULL) { | 1108 | if (cctx->want_x_fwd && options.forward_x11 && display != NULL) { |
1017 | char *proto, *data; | 1109 | char *proto, *data; |
1110 | |||
1018 | /* Get reasonable local authentication information. */ | 1111 | /* Get reasonable local authentication information. */ |
1019 | client_x11_get_proto(display, options.xauth_location, | 1112 | client_x11_get_proto(display, options.xauth_location, |
1020 | options.forward_x11_trusted, &proto, &data); | 1113 | options.forward_x11_trusted, options.forward_x11_timeout, |
1114 | &proto, &data); | ||
1021 | /* Request forwarding with authentication spoofing. */ | 1115 | /* Request forwarding with authentication spoofing. */ |
1022 | debug("Requesting X11 forwarding with authentication spoofing."); | 1116 | debug("Requesting X11 forwarding with authentication " |
1117 | "spoofing."); | ||
1023 | x11_request_forwarding_with_spoofing(id, display, proto, data); | 1118 | x11_request_forwarding_with_spoofing(id, display, proto, data); |
1024 | /* XXX wait for reply */ | 1119 | /* XXX wait for reply */ |
1025 | } | 1120 | } |
@@ -1033,6 +1128,21 @@ mux_session_confirm(int id, void *arg) | |||
1033 | client_session2_setup(id, cctx->want_tty, cctx->want_subsys, | 1128 | client_session2_setup(id, cctx->want_tty, cctx->want_subsys, |
1034 | cctx->term, &cctx->tio, c->rfd, &cctx->cmd, cctx->env); | 1129 | cctx->term, &cctx->tio, c->rfd, &cctx->cmd, cctx->env); |
1035 | 1130 | ||
1131 | debug3("%s: sending success reply", __func__); | ||
1132 | /* prepare reply */ | ||
1133 | buffer_init(&reply); | ||
1134 | buffer_put_int(&reply, MUX_S_SESSION_OPENED); | ||
1135 | buffer_put_int(&reply, cctx->rid); | ||
1136 | buffer_put_int(&reply, c->self); | ||
1137 | |||
1138 | done: | ||
1139 | /* Send reply */ | ||
1140 | buffer_put_string(&cc->output, buffer_ptr(&reply), buffer_len(&reply)); | ||
1141 | buffer_free(&reply); | ||
1142 | |||
1143 | if (cc->mux_pause <= 0) | ||
1144 | fatal("%s: mux_pause %d", __func__, cc->mux_pause); | ||
1145 | cc->mux_pause = 0; /* start processing messages again */ | ||
1036 | c->open_confirm_ctx = NULL; | 1146 | c->open_confirm_ctx = NULL; |
1037 | buffer_free(&cctx->cmd); | 1147 | buffer_free(&cctx->cmd); |
1038 | xfree(cctx->term); | 1148 | xfree(cctx->term); |
@@ -1365,6 +1475,15 @@ mux_client_request_forward(int fd, u_int ftype, Forward *fwd) | |||
1365 | switch (type) { | 1475 | switch (type) { |
1366 | case MUX_S_OK: | 1476 | case MUX_S_OK: |
1367 | break; | 1477 | break; |
1478 | case MUX_S_REMOTE_PORT: | ||
1479 | fwd->allocated_port = buffer_get_int(&m); | ||
1480 | logit("Allocated port %u for remote forward to %s:%d", | ||
1481 | fwd->allocated_port, | ||
1482 | fwd->connect_host ? fwd->connect_host : "", | ||
1483 | fwd->connect_port); | ||
1484 | if (muxclient_command == SSHMUX_COMMAND_FORWARD) | ||
1485 | fprintf(stdout, "%u\n", fwd->allocated_port); | ||
1486 | break; | ||
1368 | case MUX_S_PERMISSION_DENIED: | 1487 | case MUX_S_PERMISSION_DENIED: |
1369 | e = buffer_get_string(&m, NULL); | 1488 | e = buffer_get_string(&m, NULL); |
1370 | buffer_free(&m); | 1489 | buffer_free(&m); |
@@ -1731,6 +1850,10 @@ muxclient(const char *path) | |||
1731 | mux_client_request_terminate(sock); | 1850 | mux_client_request_terminate(sock); |
1732 | fprintf(stderr, "Exit request sent.\r\n"); | 1851 | fprintf(stderr, "Exit request sent.\r\n"); |
1733 | exit(0); | 1852 | exit(0); |
1853 | case SSHMUX_COMMAND_FORWARD: | ||
1854 | if (mux_client_request_forwards(sock) != 0) | ||
1855 | fatal("%s: master forward request failed", __func__); | ||
1856 | exit(0); | ||
1734 | case SSHMUX_COMMAND_OPEN: | 1857 | case SSHMUX_COMMAND_OPEN: |
1735 | if (mux_client_request_forwards(sock) != 0) { | 1858 | if (mux_client_request_forwards(sock) != 0) { |
1736 | error("%s: master forward request failed", __func__); | 1859 | error("%s: master forward request failed", __func__); |
diff --git a/myproposal.h b/myproposal.h index 98f27fd15..7bedfab0a 100644 --- a/myproposal.h +++ b/myproposal.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: myproposal.h,v 1.24 2010/02/26 20:29:54 djm Exp $ */ | 1 | /* $OpenBSD: myproposal.h,v 1.25 2010/04/16 01:47:26 djm Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 4 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
@@ -40,9 +40,12 @@ | |||
40 | "diffie-hellman-group1-sha1" | 40 | "diffie-hellman-group1-sha1" |
41 | #endif | 41 | #endif |
42 | 42 | ||
43 | #define KEX_DEFAULT_PK_ALG "ssh-rsa-cert-v00@openssh.com," \ | 43 | #define KEX_DEFAULT_PK_ALG \ |
44 | "ssh-dss-cert-v00@openssh.com," \ | 44 | "ssh-rsa-cert-v01@openssh.com," \ |
45 | "ssh-rsa,ssh-dss" | 45 | "ssh-dss-cert-v01@openssh.com," \ |
46 | "ssh-rsa-cert-v00@openssh.com," \ | ||
47 | "ssh-dss-cert-v00@openssh.com," \ | ||
48 | "ssh-rsa,ssh-dss" | ||
46 | 49 | ||
47 | #define KEX_DEFAULT_ENCRYPT \ | 50 | #define KEX_DEFAULT_ENCRYPT \ |
48 | "aes128-ctr,aes192-ctr,aes256-ctr," \ | 51 | "aes128-ctr,aes192-ctr,aes256-ctr," \ |
diff --git a/openbsd-compat/Makefile.in b/openbsd-compat/Makefile.in index d65b77b5b..d22efd66c 100644 --- a/openbsd-compat/Makefile.in +++ b/openbsd-compat/Makefile.in | |||
@@ -1,4 +1,4 @@ | |||
1 | # $Id: Makefile.in,v 1.44 2010/01/15 01:38:30 dtucker Exp $ | 1 | # $Id: Makefile.in,v 1.45 2010/08/16 03:15:23 dtucker Exp $ |
2 | 2 | ||
3 | sysconfdir=@sysconfdir@ | 3 | sysconfdir=@sysconfdir@ |
4 | piddir=@piddir@ | 4 | piddir=@piddir@ |
@@ -16,7 +16,7 @@ RANLIB=@RANLIB@ | |||
16 | INSTALL=@INSTALL@ | 16 | INSTALL=@INSTALL@ |
17 | LDFLAGS=-L. @LDFLAGS@ | 17 | LDFLAGS=-L. @LDFLAGS@ |
18 | 18 | ||
19 | OPENBSD=base64.o basename.o bindresvport.o daemon.o dirname.o fmt_scaled.o getcwd.o getgrouplist.o getopt.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o pwcache.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sha2.o sigact.o strlcat.o strlcpy.o strmode.o strsep.o strtonum.o strtoll.o strtoul.o vis.o | 19 | OPENBSD=base64.o basename.o bindresvport.o daemon.o dirname.o fmt_scaled.o getcwd.o getgrouplist.o getopt.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o pwcache.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sha2.o sigact.o strlcat.o strlcpy.o strmode.o strptime.o strsep.o strtonum.o strtoll.o strtoul.o vis.o |
20 | 20 | ||
21 | COMPAT=bsd-arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o | 21 | COMPAT=bsd-arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o |
22 | 22 | ||
diff --git a/openbsd-compat/openbsd-compat.h b/openbsd-compat/openbsd-compat.h index cad2408d6..e15d2bd96 100644 --- a/openbsd-compat/openbsd-compat.h +++ b/openbsd-compat/openbsd-compat.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $Id: openbsd-compat.h,v 1.49 2010/01/16 12:58:37 dtucker Exp $ */ | 1 | /* $Id: openbsd-compat.h,v 1.50 2010/08/16 03:15:23 dtucker Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 1999-2003 Damien Miller. All rights reserved. | 4 | * Copyright (c) 1999-2003 Damien Miller. All rights reserved. |
@@ -87,6 +87,11 @@ int setenv(register const char *name, register const char *value, int rewrite); | |||
87 | void strmode(int mode, char *p); | 87 | void strmode(int mode, char *p); |
88 | #endif | 88 | #endif |
89 | 89 | ||
90 | #ifndef HAVE_STRPTIME | ||
91 | #include <time.h> | ||
92 | char *strptime(const char *buf, const char *fmt, struct tm *tm); | ||
93 | #endif | ||
94 | |||
90 | #if !defined(HAVE_MKDTEMP) || defined(HAVE_STRICT_MKSTEMP) | 95 | #if !defined(HAVE_MKDTEMP) || defined(HAVE_STRICT_MKSTEMP) |
91 | int mkstemps(char *path, int slen); | 96 | int mkstemps(char *path, int slen); |
92 | int mkstemp(char *path); | 97 | int mkstemp(char *path); |
diff --git a/openbsd-compat/openssl-compat.h b/openbsd-compat/openssl-compat.h index fcc762867..b7caa650c 100644 --- a/openbsd-compat/openssl-compat.h +++ b/openbsd-compat/openssl-compat.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $Id: openssl-compat.h,v 1.14 2009/03/07 11:22:35 dtucker Exp $ */ | 1 | /* $Id: openssl-compat.h,v 1.15 2010/05/12 07:50:02 djm Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au> | 4 | * Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au> |
@@ -18,6 +18,16 @@ | |||
18 | 18 | ||
19 | #include "includes.h" | 19 | #include "includes.h" |
20 | #include <openssl/evp.h> | 20 | #include <openssl/evp.h> |
21 | #include <openssl/rsa.h> | ||
22 | #include <openssl/dsa.h> | ||
23 | |||
24 | /* Only in 0.9.8 */ | ||
25 | #ifndef OPENSSL_DSA_MAX_MODULUS_BITS | ||
26 | # define OPENSSL_DSA_MAX_MODULUS_BITS 10000 | ||
27 | #endif | ||
28 | #ifndef OPENSSL_RSA_MAX_MODULUS_BITS | ||
29 | # define OPENSSL_RSA_MAX_MODULUS_BITS 16384 | ||
30 | #endif | ||
21 | 31 | ||
22 | /* OPENSSL_free() is Free() in versions before OpenSSL 0.9.6 */ | 32 | /* OPENSSL_free() is Free() in versions before OpenSSL 0.9.6 */ |
23 | #if !defined(OPENSSL_VERSION_NUMBER) || (OPENSSL_VERSION_NUMBER < 0x0090600f) | 33 | #if !defined(OPENSSL_VERSION_NUMBER) || (OPENSSL_VERSION_NUMBER < 0x0090600f) |
@@ -97,3 +107,4 @@ int ssh_EVP_Cipher(EVP_CIPHER_CTX *, char *, char *, int); | |||
97 | int ssh_EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *); | 107 | int ssh_EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *); |
98 | void ssh_SSLeay_add_all_algorithms(void); | 108 | void ssh_SSLeay_add_all_algorithms(void); |
99 | #endif /* SSH_DONT_OVERLOAD_OPENSSL_FUNCS */ | 109 | #endif /* SSH_DONT_OVERLOAD_OPENSSL_FUNCS */ |
110 | |||
diff --git a/openbsd-compat/port-tun.c b/openbsd-compat/port-tun.c index ddc92d0f3..0d756f74f 100644 --- a/openbsd-compat/port-tun.c +++ b/openbsd-compat/port-tun.c | |||
@@ -173,9 +173,11 @@ sys_tun_open(int tun, int mode) | |||
173 | 173 | ||
174 | if (ioctl(sock, SIOCGIFFLAGS, &ifr) == -1) | 174 | if (ioctl(sock, SIOCGIFFLAGS, &ifr) == -1) |
175 | goto failed; | 175 | goto failed; |
176 | ifr.ifr_flags |= IFF_UP; | 176 | if ((ifr.ifr_flags & IFF_UP) == 0) { |
177 | if (ioctl(sock, SIOCSIFFLAGS, &ifr) == -1) | 177 | ifr.ifr_flags |= IFF_UP; |
178 | goto failed; | 178 | if (ioctl(sock, SIOCSIFFLAGS, &ifr) == -1) |
179 | goto failed; | ||
180 | } | ||
179 | 181 | ||
180 | close(sock); | 182 | close(sock); |
181 | return (fd); | 183 | return (fd); |
diff --git a/openbsd-compat/port-uw.c b/openbsd-compat/port-uw.c index be9905a6a..b1fbfa208 100644 --- a/openbsd-compat/port-uw.c +++ b/openbsd-compat/port-uw.c | |||
@@ -39,10 +39,10 @@ | |||
39 | #include "xmalloc.h" | 39 | #include "xmalloc.h" |
40 | #include "packet.h" | 40 | #include "packet.h" |
41 | #include "buffer.h" | 41 | #include "buffer.h" |
42 | #include "key.h" | ||
42 | #include "auth-options.h" | 43 | #include "auth-options.h" |
43 | #include "log.h" | 44 | #include "log.h" |
44 | #include "servconf.h" | 45 | #include "servconf.h" |
45 | #include "key.h" | ||
46 | #include "hostfile.h" | 46 | #include "hostfile.h" |
47 | #include "auth.h" | 47 | #include "auth.h" |
48 | #include "ssh.h" | 48 | #include "ssh.h" |
diff --git a/openbsd-compat/strptime.c b/openbsd-compat/strptime.c new file mode 100644 index 000000000..d8d83d907 --- /dev/null +++ b/openbsd-compat/strptime.c | |||
@@ -0,0 +1,401 @@ | |||
1 | /* $OpenBSD: strptime.c,v 1.12 2008/06/26 05:42:05 ray Exp $ */ | ||
2 | /* $NetBSD: strptime.c,v 1.12 1998/01/20 21:39:40 mycroft Exp $ */ | ||
3 | |||
4 | /*- | ||
5 | * Copyright (c) 1997, 1998 The NetBSD Foundation, Inc. | ||
6 | * All rights reserved. | ||
7 | * | ||
8 | * This code was contributed to The NetBSD Foundation by Klaus Klein. | ||
9 | * | ||
10 | * Redistribution and use in source and binary forms, with or without | ||
11 | * modification, are permitted provided that the following conditions | ||
12 | * are met: | ||
13 | * 1. Redistributions of source code must retain the above copyright | ||
14 | * notice, this list of conditions and the following disclaimer. | ||
15 | * 2. Redistributions in binary form must reproduce the above copyright | ||
16 | * notice, this list of conditions and the following disclaimer in the | ||
17 | * documentation and/or other materials provided with the distribution. | ||
18 | * | ||
19 | * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS | ||
20 | * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED | ||
21 | * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
22 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS | ||
23 | * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR | ||
24 | * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF | ||
25 | * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS | ||
26 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN | ||
27 | * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
28 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE | ||
29 | * POSSIBILITY OF SUCH DAMAGE. | ||
30 | */ | ||
31 | |||
32 | /* OPENBSD ORIGINAL: lib/libc/time/strptime.c */ | ||
33 | |||
34 | #include "includes.h" | ||
35 | |||
36 | #ifndef HAVE_STRPTIME | ||
37 | |||
38 | #define TM_YEAR_BASE 1900 /* from tzfile.h */ | ||
39 | |||
40 | #include <ctype.h> | ||
41 | #include <locale.h> | ||
42 | #include <string.h> | ||
43 | #include <time.h> | ||
44 | |||
45 | /* #define _ctloc(x) (_CurrentTimeLocale->x) */ | ||
46 | |||
47 | /* | ||
48 | * We do not implement alternate representations. However, we always | ||
49 | * check whether a given modifier is allowed for a certain conversion. | ||
50 | */ | ||
51 | #define _ALT_E 0x01 | ||
52 | #define _ALT_O 0x02 | ||
53 | #define _LEGAL_ALT(x) { if (alt_format & ~(x)) return (0); } | ||
54 | |||
55 | |||
56 | static int _conv_num(const unsigned char **, int *, int, int); | ||
57 | static char *_strptime(const char *, const char *, struct tm *, int); | ||
58 | |||
59 | |||
60 | char * | ||
61 | strptime(const char *buf, const char *fmt, struct tm *tm) | ||
62 | { | ||
63 | return(_strptime(buf, fmt, tm, 1)); | ||
64 | } | ||
65 | |||
66 | static char * | ||
67 | _strptime(const char *buf, const char *fmt, struct tm *tm, int initialize) | ||
68 | { | ||
69 | unsigned char c; | ||
70 | const unsigned char *bp; | ||
71 | size_t len; | ||
72 | int alt_format, i; | ||
73 | static int century, relyear; | ||
74 | |||
75 | if (initialize) { | ||
76 | century = TM_YEAR_BASE; | ||
77 | relyear = -1; | ||
78 | } | ||
79 | |||
80 | bp = (unsigned char *)buf; | ||
81 | while ((c = *fmt) != '\0') { | ||
82 | /* Clear `alternate' modifier prior to new conversion. */ | ||
83 | alt_format = 0; | ||
84 | |||
85 | /* Eat up white-space. */ | ||
86 | if (isspace(c)) { | ||
87 | while (isspace(*bp)) | ||
88 | bp++; | ||
89 | |||
90 | fmt++; | ||
91 | continue; | ||
92 | } | ||
93 | |||
94 | if ((c = *fmt++) != '%') | ||
95 | goto literal; | ||
96 | |||
97 | |||
98 | again: switch (c = *fmt++) { | ||
99 | case '%': /* "%%" is converted to "%". */ | ||
100 | literal: | ||
101 | if (c != *bp++) | ||
102 | return (NULL); | ||
103 | |||
104 | break; | ||
105 | |||
106 | /* | ||
107 | * "Alternative" modifiers. Just set the appropriate flag | ||
108 | * and start over again. | ||
109 | */ | ||
110 | case 'E': /* "%E?" alternative conversion modifier. */ | ||
111 | _LEGAL_ALT(0); | ||
112 | alt_format |= _ALT_E; | ||
113 | goto again; | ||
114 | |||
115 | case 'O': /* "%O?" alternative conversion modifier. */ | ||
116 | _LEGAL_ALT(0); | ||
117 | alt_format |= _ALT_O; | ||
118 | goto again; | ||
119 | |||
120 | /* | ||
121 | * "Complex" conversion rules, implemented through recursion. | ||
122 | */ | ||
123 | #if 0 | ||
124 | case 'c': /* Date and time, using the locale's format. */ | ||
125 | _LEGAL_ALT(_ALT_E); | ||
126 | if (!(bp = _strptime(bp, _ctloc(d_t_fmt), tm, 0))) | ||
127 | return (NULL); | ||
128 | break; | ||
129 | #endif | ||
130 | case 'D': /* The date as "%m/%d/%y". */ | ||
131 | _LEGAL_ALT(0); | ||
132 | if (!(bp = _strptime(bp, "%m/%d/%y", tm, 0))) | ||
133 | return (NULL); | ||
134 | break; | ||
135 | |||
136 | case 'R': /* The time as "%H:%M". */ | ||
137 | _LEGAL_ALT(0); | ||
138 | if (!(bp = _strptime(bp, "%H:%M", tm, 0))) | ||
139 | return (NULL); | ||
140 | break; | ||
141 | |||
142 | case 'r': /* The time as "%I:%M:%S %p". */ | ||
143 | _LEGAL_ALT(0); | ||
144 | if (!(bp = _strptime(bp, "%I:%M:%S %p", tm, 0))) | ||
145 | return (NULL); | ||
146 | break; | ||
147 | |||
148 | case 'T': /* The time as "%H:%M:%S". */ | ||
149 | _LEGAL_ALT(0); | ||
150 | if (!(bp = _strptime(bp, "%H:%M:%S", tm, 0))) | ||
151 | return (NULL); | ||
152 | break; | ||
153 | #if 0 | ||
154 | case 'X': /* The time, using the locale's format. */ | ||
155 | _LEGAL_ALT(_ALT_E); | ||
156 | if (!(bp = _strptime(bp, _ctloc(t_fmt), tm, 0))) | ||
157 | return (NULL); | ||
158 | break; | ||
159 | |||
160 | case 'x': /* The date, using the locale's format. */ | ||
161 | _LEGAL_ALT(_ALT_E); | ||
162 | if (!(bp = _strptime(bp, _ctloc(d_fmt), tm, 0))) | ||
163 | return (NULL); | ||
164 | break; | ||
165 | #endif | ||
166 | /* | ||
167 | * "Elementary" conversion rules. | ||
168 | */ | ||
169 | #if 0 | ||
170 | case 'A': /* The day of week, using the locale's form. */ | ||
171 | case 'a': | ||
172 | _LEGAL_ALT(0); | ||
173 | for (i = 0; i < 7; i++) { | ||
174 | /* Full name. */ | ||
175 | len = strlen(_ctloc(day[i])); | ||
176 | if (strncasecmp(_ctloc(day[i]), bp, len) == 0) | ||
177 | break; | ||
178 | |||
179 | /* Abbreviated name. */ | ||
180 | len = strlen(_ctloc(abday[i])); | ||
181 | if (strncasecmp(_ctloc(abday[i]), bp, len) == 0) | ||
182 | break; | ||
183 | } | ||
184 | |||
185 | /* Nothing matched. */ | ||
186 | if (i == 7) | ||
187 | return (NULL); | ||
188 | |||
189 | tm->tm_wday = i; | ||
190 | bp += len; | ||
191 | break; | ||
192 | |||
193 | case 'B': /* The month, using the locale's form. */ | ||
194 | case 'b': | ||
195 | case 'h': | ||
196 | _LEGAL_ALT(0); | ||
197 | for (i = 0; i < 12; i++) { | ||
198 | /* Full name. */ | ||
199 | len = strlen(_ctloc(mon[i])); | ||
200 | if (strncasecmp(_ctloc(mon[i]), bp, len) == 0) | ||
201 | break; | ||
202 | |||
203 | /* Abbreviated name. */ | ||
204 | len = strlen(_ctloc(abmon[i])); | ||
205 | if (strncasecmp(_ctloc(abmon[i]), bp, len) == 0) | ||
206 | break; | ||
207 | } | ||
208 | |||
209 | /* Nothing matched. */ | ||
210 | if (i == 12) | ||
211 | return (NULL); | ||
212 | |||
213 | tm->tm_mon = i; | ||
214 | bp += len; | ||
215 | break; | ||
216 | #endif | ||
217 | |||
218 | case 'C': /* The century number. */ | ||
219 | _LEGAL_ALT(_ALT_E); | ||
220 | if (!(_conv_num(&bp, &i, 0, 99))) | ||
221 | return (NULL); | ||
222 | |||
223 | century = i * 100; | ||
224 | break; | ||
225 | |||
226 | case 'd': /* The day of month. */ | ||
227 | case 'e': | ||
228 | _LEGAL_ALT(_ALT_O); | ||
229 | if (!(_conv_num(&bp, &tm->tm_mday, 1, 31))) | ||
230 | return (NULL); | ||
231 | break; | ||
232 | |||
233 | case 'k': /* The hour (24-hour clock representation). */ | ||
234 | _LEGAL_ALT(0); | ||
235 | /* FALLTHROUGH */ | ||
236 | case 'H': | ||
237 | _LEGAL_ALT(_ALT_O); | ||
238 | if (!(_conv_num(&bp, &tm->tm_hour, 0, 23))) | ||
239 | return (NULL); | ||
240 | break; | ||
241 | |||
242 | case 'l': /* The hour (12-hour clock representation). */ | ||
243 | _LEGAL_ALT(0); | ||
244 | /* FALLTHROUGH */ | ||
245 | case 'I': | ||
246 | _LEGAL_ALT(_ALT_O); | ||
247 | if (!(_conv_num(&bp, &tm->tm_hour, 1, 12))) | ||
248 | return (NULL); | ||
249 | break; | ||
250 | |||
251 | case 'j': /* The day of year. */ | ||
252 | _LEGAL_ALT(0); | ||
253 | if (!(_conv_num(&bp, &tm->tm_yday, 1, 366))) | ||
254 | return (NULL); | ||
255 | tm->tm_yday--; | ||
256 | break; | ||
257 | |||
258 | case 'M': /* The minute. */ | ||
259 | _LEGAL_ALT(_ALT_O); | ||
260 | if (!(_conv_num(&bp, &tm->tm_min, 0, 59))) | ||
261 | return (NULL); | ||
262 | break; | ||
263 | |||
264 | case 'm': /* The month. */ | ||
265 | _LEGAL_ALT(_ALT_O); | ||
266 | if (!(_conv_num(&bp, &tm->tm_mon, 1, 12))) | ||
267 | return (NULL); | ||
268 | tm->tm_mon--; | ||
269 | break; | ||
270 | |||
271 | #if 0 | ||
272 | case 'p': /* The locale's equivalent of AM/PM. */ | ||
273 | _LEGAL_ALT(0); | ||
274 | /* AM? */ | ||
275 | len = strlen(_ctloc(am_pm[0])); | ||
276 | if (strncasecmp(_ctloc(am_pm[0]), bp, len) == 0) { | ||
277 | if (tm->tm_hour > 12) /* i.e., 13:00 AM ?! */ | ||
278 | return (NULL); | ||
279 | else if (tm->tm_hour == 12) | ||
280 | tm->tm_hour = 0; | ||
281 | |||
282 | bp += len; | ||
283 | break; | ||
284 | } | ||
285 | /* PM? */ | ||
286 | len = strlen(_ctloc(am_pm[1])); | ||
287 | if (strncasecmp(_ctloc(am_pm[1]), bp, len) == 0) { | ||
288 | if (tm->tm_hour > 12) /* i.e., 13:00 PM ?! */ | ||
289 | return (NULL); | ||
290 | else if (tm->tm_hour < 12) | ||
291 | tm->tm_hour += 12; | ||
292 | |||
293 | bp += len; | ||
294 | break; | ||
295 | } | ||
296 | |||
297 | /* Nothing matched. */ | ||
298 | return (NULL); | ||
299 | #endif | ||
300 | case 'S': /* The seconds. */ | ||
301 | _LEGAL_ALT(_ALT_O); | ||
302 | if (!(_conv_num(&bp, &tm->tm_sec, 0, 61))) | ||
303 | return (NULL); | ||
304 | break; | ||
305 | |||
306 | case 'U': /* The week of year, beginning on sunday. */ | ||
307 | case 'W': /* The week of year, beginning on monday. */ | ||
308 | _LEGAL_ALT(_ALT_O); | ||
309 | /* | ||
310 | * XXX This is bogus, as we can not assume any valid | ||
311 | * information present in the tm structure at this | ||
312 | * point to calculate a real value, so just check the | ||
313 | * range for now. | ||
314 | */ | ||
315 | if (!(_conv_num(&bp, &i, 0, 53))) | ||
316 | return (NULL); | ||
317 | break; | ||
318 | |||
319 | case 'w': /* The day of week, beginning on sunday. */ | ||
320 | _LEGAL_ALT(_ALT_O); | ||
321 | if (!(_conv_num(&bp, &tm->tm_wday, 0, 6))) | ||
322 | return (NULL); | ||
323 | break; | ||
324 | |||
325 | case 'Y': /* The year. */ | ||
326 | _LEGAL_ALT(_ALT_E); | ||
327 | if (!(_conv_num(&bp, &i, 0, 9999))) | ||
328 | return (NULL); | ||
329 | |||
330 | relyear = -1; | ||
331 | tm->tm_year = i - TM_YEAR_BASE; | ||
332 | break; | ||
333 | |||
334 | case 'y': /* The year within the century (2 digits). */ | ||
335 | _LEGAL_ALT(_ALT_E | _ALT_O); | ||
336 | if (!(_conv_num(&bp, &relyear, 0, 99))) | ||
337 | return (NULL); | ||
338 | break; | ||
339 | |||
340 | /* | ||
341 | * Miscellaneous conversions. | ||
342 | */ | ||
343 | case 'n': /* Any kind of white-space. */ | ||
344 | case 't': | ||
345 | _LEGAL_ALT(0); | ||
346 | while (isspace(*bp)) | ||
347 | bp++; | ||
348 | break; | ||
349 | |||
350 | |||
351 | default: /* Unknown/unsupported conversion. */ | ||
352 | return (NULL); | ||
353 | } | ||
354 | |||
355 | |||
356 | } | ||
357 | |||
358 | /* | ||
359 | * We need to evaluate the two digit year spec (%y) | ||
360 | * last as we can get a century spec (%C) at any time. | ||
361 | */ | ||
362 | if (relyear != -1) { | ||
363 | if (century == TM_YEAR_BASE) { | ||
364 | if (relyear <= 68) | ||
365 | tm->tm_year = relyear + 2000 - TM_YEAR_BASE; | ||
366 | else | ||
367 | tm->tm_year = relyear + 1900 - TM_YEAR_BASE; | ||
368 | } else { | ||
369 | tm->tm_year = relyear + century - TM_YEAR_BASE; | ||
370 | } | ||
371 | } | ||
372 | |||
373 | return ((char *)bp); | ||
374 | } | ||
375 | |||
376 | |||
377 | static int | ||
378 | _conv_num(const unsigned char **buf, int *dest, int llim, int ulim) | ||
379 | { | ||
380 | int result = 0; | ||
381 | int rulim = ulim; | ||
382 | |||
383 | if (**buf < '0' || **buf > '9') | ||
384 | return (0); | ||
385 | |||
386 | /* we use rulim to break out of the loop when we run out of digits */ | ||
387 | do { | ||
388 | result *= 10; | ||
389 | result += *(*buf)++ - '0'; | ||
390 | rulim /= 10; | ||
391 | } while ((result * 10 <= ulim) && rulim && **buf >= '0' && **buf <= '9'); | ||
392 | |||
393 | if (result < llim || result > ulim) | ||
394 | return (0); | ||
395 | |||
396 | *dest = result; | ||
397 | return (1); | ||
398 | } | ||
399 | |||
400 | #endif /* HAVE_STRPTIME */ | ||
401 | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: packet.c,v 1.166 2009/06/27 09:29:06 andreas Exp $ */ | 1 | /* $OpenBSD: packet.c,v 1.168 2010/07/13 23:13:16 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -1307,7 +1307,7 @@ packet_read_poll2(u_int32_t *seqnr_p) | |||
1307 | macbuf = mac_compute(mac, active_state->p_read.seqnr, | 1307 | macbuf = mac_compute(mac, active_state->p_read.seqnr, |
1308 | buffer_ptr(&active_state->incoming_packet), | 1308 | buffer_ptr(&active_state->incoming_packet), |
1309 | buffer_len(&active_state->incoming_packet)); | 1309 | buffer_len(&active_state->incoming_packet)); |
1310 | if (memcmp(macbuf, buffer_ptr(&active_state->input), | 1310 | if (timingsafe_bcmp(macbuf, buffer_ptr(&active_state->input), |
1311 | mac->mac_len) != 0) { | 1311 | mac->mac_len) != 0) { |
1312 | logit("Corrupted MAC on input."); | 1312 | logit("Corrupted MAC on input."); |
1313 | if (need > PACKET_MAX_SIZE) | 1313 | if (need > PACKET_MAX_SIZE) |
diff --git a/readconf.c b/readconf.c index 2a5a706ab..0e83f5809 100644 --- a/readconf.c +++ b/readconf.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: readconf.c,v 1.183 2010/02/08 10:50:20 markus Exp $ */ | 1 | /* $OpenBSD: readconf.c,v 1.187 2010/07/19 09:15:12 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -112,8 +112,8 @@ | |||
112 | 112 | ||
113 | typedef enum { | 113 | typedef enum { |
114 | oBadOption, | 114 | oBadOption, |
115 | oForwardAgent, oForwardX11, oForwardX11Trusted, oGatewayPorts, | 115 | oForwardAgent, oForwardX11, oForwardX11Trusted, oForwardX11Timeout, |
116 | oExitOnForwardFailure, | 116 | oGatewayPorts, oExitOnForwardFailure, |
117 | oPasswordAuthentication, oRSAAuthentication, | 117 | oPasswordAuthentication, oRSAAuthentication, |
118 | oChallengeResponseAuthentication, oXAuthLocation, | 118 | oChallengeResponseAuthentication, oXAuthLocation, |
119 | oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward, | 119 | oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward, |
@@ -132,7 +132,8 @@ typedef enum { | |||
132 | oAddressFamily, oGssAuthentication, oGssDelegateCreds, | 132 | oAddressFamily, oGssAuthentication, oGssDelegateCreds, |
133 | oGssTrustDns, oGssKeyEx, oGssClientIdentity, oGssRenewalRekey, | 133 | oGssTrustDns, oGssKeyEx, oGssClientIdentity, oGssRenewalRekey, |
134 | oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, | 134 | oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, |
135 | oSendEnv, oControlPath, oControlMaster, oHashKnownHosts, | 135 | oSendEnv, oControlPath, oControlMaster, oControlPersist, |
136 | oHashKnownHosts, | ||
136 | oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand, | 137 | oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand, |
137 | oVisualHostKey, oUseRoaming, oZeroKnowledgePasswordAuthentication, | 138 | oVisualHostKey, oUseRoaming, oZeroKnowledgePasswordAuthentication, |
138 | oProtocolKeepAlives, oSetupTimeOut, | 139 | oProtocolKeepAlives, oSetupTimeOut, |
@@ -148,6 +149,7 @@ static struct { | |||
148 | { "forwardagent", oForwardAgent }, | 149 | { "forwardagent", oForwardAgent }, |
149 | { "forwardx11", oForwardX11 }, | 150 | { "forwardx11", oForwardX11 }, |
150 | { "forwardx11trusted", oForwardX11Trusted }, | 151 | { "forwardx11trusted", oForwardX11Trusted }, |
152 | { "forwardx11timeout", oForwardX11Timeout }, | ||
151 | { "exitonforwardfailure", oExitOnForwardFailure }, | 153 | { "exitonforwardfailure", oExitOnForwardFailure }, |
152 | { "xauthlocation", oXAuthLocation }, | 154 | { "xauthlocation", oXAuthLocation }, |
153 | { "gatewayports", oGatewayPorts }, | 155 | { "gatewayports", oGatewayPorts }, |
@@ -238,6 +240,7 @@ static struct { | |||
238 | { "sendenv", oSendEnv }, | 240 | { "sendenv", oSendEnv }, |
239 | { "controlpath", oControlPath }, | 241 | { "controlpath", oControlPath }, |
240 | { "controlmaster", oControlMaster }, | 242 | { "controlmaster", oControlMaster }, |
243 | { "controlpersist", oControlPersist }, | ||
241 | { "hashknownhosts", oHashKnownHosts }, | 244 | { "hashknownhosts", oHashKnownHosts }, |
242 | { "tunnel", oTunnel }, | 245 | { "tunnel", oTunnel }, |
243 | { "tunneldevice", oTunnelDevice }, | 246 | { "tunneldevice", oTunnelDevice }, |
@@ -271,8 +274,9 @@ add_local_forward(Options *options, const Forward *newfwd) | |||
271 | if (newfwd->listen_port < IPPORT_RESERVED && original_real_uid != 0) | 274 | if (newfwd->listen_port < IPPORT_RESERVED && original_real_uid != 0) |
272 | fatal("Privileged ports can only be forwarded by root."); | 275 | fatal("Privileged ports can only be forwarded by root."); |
273 | #endif | 276 | #endif |
274 | if (options->num_local_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION) | 277 | options->local_forwards = xrealloc(options->local_forwards, |
275 | fatal("Too many local forwards (max %d).", SSH_MAX_FORWARDS_PER_DIRECTION); | 278 | options->num_local_forwards + 1, |
279 | sizeof(*options->local_forwards)); | ||
276 | fwd = &options->local_forwards[options->num_local_forwards++]; | 280 | fwd = &options->local_forwards[options->num_local_forwards++]; |
277 | 281 | ||
278 | fwd->listen_host = newfwd->listen_host; | 282 | fwd->listen_host = newfwd->listen_host; |
@@ -290,15 +294,17 @@ void | |||
290 | add_remote_forward(Options *options, const Forward *newfwd) | 294 | add_remote_forward(Options *options, const Forward *newfwd) |
291 | { | 295 | { |
292 | Forward *fwd; | 296 | Forward *fwd; |
293 | if (options->num_remote_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION) | 297 | |
294 | fatal("Too many remote forwards (max %d).", | 298 | options->remote_forwards = xrealloc(options->remote_forwards, |
295 | SSH_MAX_FORWARDS_PER_DIRECTION); | 299 | options->num_remote_forwards + 1, |
300 | sizeof(*options->remote_forwards)); | ||
296 | fwd = &options->remote_forwards[options->num_remote_forwards++]; | 301 | fwd = &options->remote_forwards[options->num_remote_forwards++]; |
297 | 302 | ||
298 | fwd->listen_host = newfwd->listen_host; | 303 | fwd->listen_host = newfwd->listen_host; |
299 | fwd->listen_port = newfwd->listen_port; | 304 | fwd->listen_port = newfwd->listen_port; |
300 | fwd->connect_host = newfwd->connect_host; | 305 | fwd->connect_host = newfwd->connect_host; |
301 | fwd->connect_port = newfwd->connect_port; | 306 | fwd->connect_port = newfwd->connect_port; |
307 | fwd->allocated_port = 0; | ||
302 | } | 308 | } |
303 | 309 | ||
304 | static void | 310 | static void |
@@ -311,12 +317,20 @@ clear_forwardings(Options *options) | |||
311 | xfree(options->local_forwards[i].listen_host); | 317 | xfree(options->local_forwards[i].listen_host); |
312 | xfree(options->local_forwards[i].connect_host); | 318 | xfree(options->local_forwards[i].connect_host); |
313 | } | 319 | } |
320 | if (options->num_local_forwards > 0) { | ||
321 | xfree(options->local_forwards); | ||
322 | options->local_forwards = NULL; | ||
323 | } | ||
314 | options->num_local_forwards = 0; | 324 | options->num_local_forwards = 0; |
315 | for (i = 0; i < options->num_remote_forwards; i++) { | 325 | for (i = 0; i < options->num_remote_forwards; i++) { |
316 | if (options->remote_forwards[i].listen_host != NULL) | 326 | if (options->remote_forwards[i].listen_host != NULL) |
317 | xfree(options->remote_forwards[i].listen_host); | 327 | xfree(options->remote_forwards[i].listen_host); |
318 | xfree(options->remote_forwards[i].connect_host); | 328 | xfree(options->remote_forwards[i].connect_host); |
319 | } | 329 | } |
330 | if (options->num_remote_forwards > 0) { | ||
331 | xfree(options->remote_forwards); | ||
332 | options->remote_forwards = NULL; | ||
333 | } | ||
320 | options->num_remote_forwards = 0; | 334 | options->num_remote_forwards = 0; |
321 | options->tun_open = SSH_TUNMODE_NO; | 335 | options->tun_open = SSH_TUNMODE_NO; |
322 | } | 336 | } |
@@ -419,6 +433,10 @@ parse_flag: | |||
419 | case oForwardX11Trusted: | 433 | case oForwardX11Trusted: |
420 | intptr = &options->forward_x11_trusted; | 434 | intptr = &options->forward_x11_trusted; |
421 | goto parse_flag; | 435 | goto parse_flag; |
436 | |||
437 | case oForwardX11Timeout: | ||
438 | intptr = &options->forward_x11_timeout; | ||
439 | goto parse_time; | ||
422 | 440 | ||
423 | case oGatewayPorts: | 441 | case oGatewayPorts: |
424 | intptr = &options->gateway_ports; | 442 | intptr = &options->gateway_ports; |
@@ -904,6 +922,30 @@ parse_int: | |||
904 | *intptr = value; | 922 | *intptr = value; |
905 | break; | 923 | break; |
906 | 924 | ||
925 | case oControlPersist: | ||
926 | /* no/false/yes/true, or a time spec */ | ||
927 | intptr = &options->control_persist; | ||
928 | arg = strdelim(&s); | ||
929 | if (!arg || *arg == '\0') | ||
930 | fatal("%.200s line %d: Missing ControlPersist" | ||
931 | " argument.", filename, linenum); | ||
932 | value = 0; | ||
933 | value2 = 0; /* timeout */ | ||
934 | if (strcmp(arg, "no") == 0 || strcmp(arg, "false") == 0) | ||
935 | value = 0; | ||
936 | else if (strcmp(arg, "yes") == 0 || strcmp(arg, "true") == 0) | ||
937 | value = 1; | ||
938 | else if ((value2 = convtime(arg)) >= 0) | ||
939 | value = 1; | ||
940 | else | ||
941 | fatal("%.200s line %d: Bad ControlPersist argument.", | ||
942 | filename, linenum); | ||
943 | if (*activep && *intptr == -1) { | ||
944 | *intptr = value; | ||
945 | options->control_persist_timeout = value2; | ||
946 | } | ||
947 | break; | ||
948 | |||
907 | case oHashKnownHosts: | 949 | case oHashKnownHosts: |
908 | intptr = &options->hash_known_hosts; | 950 | intptr = &options->hash_known_hosts; |
909 | goto parse_flag; | 951 | goto parse_flag; |
@@ -1044,6 +1086,7 @@ initialize_options(Options * options) | |||
1044 | options->forward_agent = -1; | 1086 | options->forward_agent = -1; |
1045 | options->forward_x11 = -1; | 1087 | options->forward_x11 = -1; |
1046 | options->forward_x11_trusted = -1; | 1088 | options->forward_x11_trusted = -1; |
1089 | options->forward_x11_timeout = -1; | ||
1047 | options->exit_on_forward_failure = -1; | 1090 | options->exit_on_forward_failure = -1; |
1048 | options->xauth_location = NULL; | 1091 | options->xauth_location = NULL; |
1049 | options->gateway_ports = -1; | 1092 | options->gateway_ports = -1; |
@@ -1089,7 +1132,9 @@ initialize_options(Options * options) | |||
1089 | options->user_hostfile = NULL; | 1132 | options->user_hostfile = NULL; |
1090 | options->system_hostfile2 = NULL; | 1133 | options->system_hostfile2 = NULL; |
1091 | options->user_hostfile2 = NULL; | 1134 | options->user_hostfile2 = NULL; |
1135 | options->local_forwards = NULL; | ||
1092 | options->num_local_forwards = 0; | 1136 | options->num_local_forwards = 0; |
1137 | options->remote_forwards = NULL; | ||
1093 | options->num_remote_forwards = 0; | 1138 | options->num_remote_forwards = 0; |
1094 | options->clear_forwardings = -1; | 1139 | options->clear_forwardings = -1; |
1095 | options->log_level = SYSLOG_LEVEL_NOT_SET; | 1140 | options->log_level = SYSLOG_LEVEL_NOT_SET; |
@@ -1106,6 +1151,8 @@ initialize_options(Options * options) | |||
1106 | options->num_send_env = 0; | 1151 | options->num_send_env = 0; |
1107 | options->control_path = NULL; | 1152 | options->control_path = NULL; |
1108 | options->control_master = -1; | 1153 | options->control_master = -1; |
1154 | options->control_persist = -1; | ||
1155 | options->control_persist_timeout = 0; | ||
1109 | options->hash_known_hosts = -1; | 1156 | options->hash_known_hosts = -1; |
1110 | options->tun_open = -1; | 1157 | options->tun_open = -1; |
1111 | options->tun_local = -1; | 1158 | options->tun_local = -1; |
@@ -1133,6 +1180,8 @@ fill_default_options(Options * options) | |||
1133 | options->forward_x11 = 0; | 1180 | options->forward_x11 = 0; |
1134 | if (options->forward_x11_trusted == -1) | 1181 | if (options->forward_x11_trusted == -1) |
1135 | options->forward_x11_trusted = 1; | 1182 | options->forward_x11_trusted = 1; |
1183 | if (options->forward_x11_timeout == -1) | ||
1184 | options->forward_x11_timeout = 1200; | ||
1136 | if (options->exit_on_forward_failure == -1) | 1185 | if (options->exit_on_forward_failure == -1) |
1137 | options->exit_on_forward_failure = 0; | 1186 | options->exit_on_forward_failure = 0; |
1138 | if (options->xauth_location == NULL) | 1187 | if (options->xauth_location == NULL) |
@@ -1252,6 +1301,10 @@ fill_default_options(Options * options) | |||
1252 | options->server_alive_count_max = 3; | 1301 | options->server_alive_count_max = 3; |
1253 | if (options->control_master == -1) | 1302 | if (options->control_master == -1) |
1254 | options->control_master = 0; | 1303 | options->control_master = 0; |
1304 | if (options->control_persist == -1) { | ||
1305 | options->control_persist = 0; | ||
1306 | options->control_persist_timeout = 0; | ||
1307 | } | ||
1255 | if (options->hash_known_hosts == -1) | 1308 | if (options->hash_known_hosts == -1) |
1256 | options->hash_known_hosts = 0; | 1309 | options->hash_known_hosts = 0; |
1257 | if (options->tun_open == -1) | 1310 | if (options->tun_open == -1) |
diff --git a/readconf.h b/readconf.h index 24762e71c..cc341c9ba 100644 --- a/readconf.h +++ b/readconf.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: readconf.h,v 1.82 2010/02/08 10:50:20 markus Exp $ */ | 1 | /* $OpenBSD: readconf.h,v 1.86 2010/07/19 09:15:12 djm Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
@@ -23,6 +23,7 @@ typedef struct { | |||
23 | int listen_port; /* Port to forward. */ | 23 | int listen_port; /* Port to forward. */ |
24 | char *connect_host; /* Host to connect. */ | 24 | char *connect_host; /* Host to connect. */ |
25 | int connect_port; /* Port to connect on connect_host. */ | 25 | int connect_port; /* Port to connect on connect_host. */ |
26 | int allocated_port; /* Dynamically allocated listen port */ | ||
26 | } Forward; | 27 | } Forward; |
27 | /* Data structure for representing option data. */ | 28 | /* Data structure for representing option data. */ |
28 | 29 | ||
@@ -31,6 +32,7 @@ typedef struct { | |||
31 | typedef struct { | 32 | typedef struct { |
32 | int forward_agent; /* Forward authentication agent. */ | 33 | int forward_agent; /* Forward authentication agent. */ |
33 | int forward_x11; /* Forward X11 display. */ | 34 | int forward_x11; /* Forward X11 display. */ |
35 | int forward_x11_timeout; /* Expiration for Cookies */ | ||
34 | int forward_x11_trusted; /* Trust Forward X11 display. */ | 36 | int forward_x11_trusted; /* Trust Forward X11 display. */ |
35 | int exit_on_forward_failure; /* Exit if bind(2) fails for -L/-R */ | 37 | int exit_on_forward_failure; /* Exit if bind(2) fails for -L/-R */ |
36 | char *xauth_location; /* Location for xauth program */ | 38 | char *xauth_location; /* Location for xauth program */ |
@@ -98,11 +100,11 @@ typedef struct { | |||
98 | 100 | ||
99 | /* Local TCP/IP forward requests. */ | 101 | /* Local TCP/IP forward requests. */ |
100 | int num_local_forwards; | 102 | int num_local_forwards; |
101 | Forward local_forwards[SSH_MAX_FORWARDS_PER_DIRECTION]; | 103 | Forward *local_forwards; |
102 | 104 | ||
103 | /* Remote TCP/IP forward requests. */ | 105 | /* Remote TCP/IP forward requests. */ |
104 | int num_remote_forwards; | 106 | int num_remote_forwards; |
105 | Forward remote_forwards[SSH_MAX_FORWARDS_PER_DIRECTION]; | 107 | Forward *remote_forwards; |
106 | int clear_forwardings; | 108 | int clear_forwardings; |
107 | 109 | ||
108 | int enable_ssh_keysign; | 110 | int enable_ssh_keysign; |
@@ -117,6 +119,8 @@ typedef struct { | |||
117 | 119 | ||
118 | char *control_path; | 120 | char *control_path; |
119 | int control_master; | 121 | int control_master; |
122 | int control_persist; /* ControlPersist flag */ | ||
123 | int control_persist_timeout; /* ControlPersist timeout (seconds) */ | ||
120 | 124 | ||
121 | int hash_known_hosts; | 125 | int hash_known_hosts; |
122 | 126 | ||
diff --git a/regress/Makefile b/regress/Makefile index d25a64555..9762ab204 100644 --- a/regress/Makefile +++ b/regress/Makefile | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: Makefile,v 1.52 2010/02/26 20:33:21 djm Exp $ | 1 | # $OpenBSD: Makefile,v 1.54 2010/06/27 19:19:56 phessler Exp $ |
2 | 2 | ||
3 | REGRESS_TARGETS= t1 t2 t3 t4 t5 t6 t7 t-exec | 3 | REGRESS_TARGETS= t1 t2 t3 t4 t5 t6 t7 t-exec |
4 | tests: $(REGRESS_TARGETS) | 4 | tests: $(REGRESS_TARGETS) |
@@ -69,7 +69,8 @@ CLEANFILES= t2.out t6.out1 t6.out2 t7.out t7.out.pub copy.1 copy.2 \ | |||
69 | scp-ssh-wrapper.scp ssh_proxy_envpass remote_pid \ | 69 | scp-ssh-wrapper.scp ssh_proxy_envpass remote_pid \ |
70 | sshd_proxy_bak rsa_ssh2_cr.prv rsa_ssh2_crnl.prv \ | 70 | sshd_proxy_bak rsa_ssh2_cr.prv rsa_ssh2_crnl.prv \ |
71 | known_hosts-cert host_ca_key* cert_host_key* \ | 71 | known_hosts-cert host_ca_key* cert_host_key* \ |
72 | putty.rsa2 sshd_proxy_orig | 72 | putty.rsa2 sshd_proxy_orig \ |
73 | authorized_principals_${USER} | ||
73 | 74 | ||
74 | # Enable all malloc(3) randomisations and checks | 75 | # Enable all malloc(3) randomisations and checks |
75 | TEST_ENV= "MALLOC_OPTIONS=AFGJPRX" | 76 | TEST_ENV= "MALLOC_OPTIONS=AFGJPRX" |
@@ -112,13 +113,13 @@ t-exec: ${LTESTS:=.sh} | |||
112 | @if [ "x$?" = "x" ]; then exit 0; fi; \ | 113 | @if [ "x$?" = "x" ]; then exit 0; fi; \ |
113 | for TEST in ""$?; do \ | 114 | for TEST in ""$?; do \ |
114 | echo "run test $${TEST}" ... 1>&2; \ | 115 | echo "run test $${TEST}" ... 1>&2; \ |
115 | (env SUDO=${SUDO} TEST_ENV=${TEST_ENV} sh ${.CURDIR}/test-exec.sh ${.OBJDIR} ${.CURDIR}/$${TEST}) || exit $$?; \ | 116 | (env SUDO="${SUDO}" TEST_ENV=${TEST_ENV} sh ${.CURDIR}/test-exec.sh ${.OBJDIR} ${.CURDIR}/$${TEST}) || exit $$?; \ |
116 | done | 117 | done |
117 | 118 | ||
118 | t-exec-interop: ${INTEROP_TESTS:=.sh} | 119 | t-exec-interop: ${INTEROP_TESTS:=.sh} |
119 | @if [ "x$?" = "x" ]; then exit 0; fi; \ | 120 | @if [ "x$?" = "x" ]; then exit 0; fi; \ |
120 | for TEST in ""$?; do \ | 121 | for TEST in ""$?; do \ |
121 | echo "run test $${TEST}" ... 1>&2; \ | 122 | echo "run test $${TEST}" ... 1>&2; \ |
122 | (env SUDO=${SUDO} TEST_ENV=${TEST_ENV} sh ${.CURDIR}/test-exec.sh ${.OBJDIR} ${.CURDIR}/$${TEST}) || exit $$?; \ | 123 | (env SUDO="${SUDO}" TEST_ENV=${TEST_ENV} sh ${.CURDIR}/test-exec.sh ${.OBJDIR} ${.CURDIR}/$${TEST}) || exit $$?; \ |
123 | done | 124 | done |
124 | 125 | ||
diff --git a/regress/README.regress b/regress/README.regress index 5aaf734bd..da9bb6a99 100644 --- a/regress/README.regress +++ b/regress/README.regress | |||
@@ -29,7 +29,7 @@ TEST_SSH_x: path to "ssh" command under test, where x=SSH,SSHD,SSHAGENT,SSHADD | |||
29 | OBJ: used by test scripts to access build dir. | 29 | OBJ: used by test scripts to access build dir. |
30 | TEST_SHELL: shell used for running the test scripts. | 30 | TEST_SHELL: shell used for running the test scripts. |
31 | TEST_SSH_PORT: TCP port to be used for the listening tests. | 31 | TEST_SSH_PORT: TCP port to be used for the listening tests. |
32 | TEST_SSH_SSH_CONFOTPS: Configuration directives to be added to ssh_config | 32 | TEST_SSH_SSH_CONFOPTS: Configuration directives to be added to ssh_config |
33 | before running each test. | 33 | before running each test. |
34 | TEST_SSH_SSHD_CONFOTPS: Configuration directives to be added to sshd_config | 34 | TEST_SSH_SSHD_CONFOTPS: Configuration directives to be added to sshd_config |
35 | before running each test. | 35 | before running each test. |
@@ -105,4 +105,4 @@ Known Issues. | |||
105 | test to fail. The old behaviour can be restored by setting (and | 105 | test to fail. The old behaviour can be restored by setting (and |
106 | exporting) _POSIX2_VERSION=199209 before running the tests. | 106 | exporting) _POSIX2_VERSION=199209 before running the tests. |
107 | 107 | ||
108 | $Id: README.regress,v 1.10 2005/10/03 10:14:18 dtucker Exp $ | 108 | $Id: README.regress,v 1.11 2010/08/16 21:04:29 djm Exp $ |
diff --git a/regress/cert-hostkey.sh b/regress/cert-hostkey.sh index 3fda667cb..0265e8f6b 100644 --- a/regress/cert-hostkey.sh +++ b/regress/cert-hostkey.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: cert-hostkey.sh,v 1.3 2010/03/04 10:38:23 djm Exp $ | 1 | # $OpenBSD: cert-hostkey.sh,v 1.4 2010/04/16 01:58:45 djm Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="certified host keys" | 4 | tid="certified host keys" |
@@ -28,11 +28,17 @@ for ktype in rsa dsa ; do | |||
28 | -I "regress host key for $USER" \ | 28 | -I "regress host key for $USER" \ |
29 | -n $HOSTS $OBJ/cert_host_key_${ktype} || | 29 | -n $HOSTS $OBJ/cert_host_key_${ktype} || |
30 | fail "couldn't sign cert_host_key_${ktype}" | 30 | fail "couldn't sign cert_host_key_${ktype}" |
31 | cp $OBJ/cert_host_key_${ktype} $OBJ/cert_host_key_${ktype}_v00 | ||
32 | cp $OBJ/cert_host_key_${ktype}.pub $OBJ/cert_host_key_${ktype}_v00.pub | ||
33 | ${SSHKEYGEN} -t v00 -h -q -s $OBJ/host_ca_key \ | ||
34 | -I "regress host key for $USER" \ | ||
35 | -n $HOSTS $OBJ/cert_host_key_${ktype}_v00 || | ||
36 | fail "couldn't sign cert_host_key_${ktype}_v00" | ||
31 | done | 37 | done |
32 | 38 | ||
33 | # Basic connect tests | 39 | # Basic connect tests |
34 | for privsep in yes no ; do | 40 | for privsep in yes no ; do |
35 | for ktype in rsa dsa ; do | 41 | for ktype in rsa dsa rsa_v00 dsa_v00; do |
36 | verbose "$tid: host ${ktype} cert connect privsep $privsep" | 42 | verbose "$tid: host ${ktype} cert connect privsep $privsep" |
37 | ( | 43 | ( |
38 | cat $OBJ/sshd_proxy_bak | 44 | cat $OBJ/sshd_proxy_bak |
@@ -61,9 +67,15 @@ done | |||
61 | echon '@revoked ' | 67 | echon '@revoked ' |
62 | echon "* " | 68 | echon "* " |
63 | cat $OBJ/cert_host_key_dsa.pub | 69 | cat $OBJ/cert_host_key_dsa.pub |
70 | echon '@revoked ' | ||
71 | echon "* " | ||
72 | cat $OBJ/cert_host_key_rsa_v00.pub | ||
73 | echon '@revoked ' | ||
74 | echon "* " | ||
75 | cat $OBJ/cert_host_key_dsa_v00.pub | ||
64 | ) > $OBJ/known_hosts-cert | 76 | ) > $OBJ/known_hosts-cert |
65 | for privsep in yes no ; do | 77 | for privsep in yes no ; do |
66 | for ktype in rsa dsa ; do | 78 | for ktype in rsa dsa rsa_v00 dsa_v00; do |
67 | verbose "$tid: host ${ktype} revoked cert privsep $privsep" | 79 | verbose "$tid: host ${ktype} revoked cert privsep $privsep" |
68 | ( | 80 | ( |
69 | cat $OBJ/sshd_proxy_bak | 81 | cat $OBJ/sshd_proxy_bak |
@@ -90,7 +102,7 @@ done | |||
90 | echon "* " | 102 | echon "* " |
91 | cat $OBJ/host_ca_key.pub | 103 | cat $OBJ/host_ca_key.pub |
92 | ) > $OBJ/known_hosts-cert | 104 | ) > $OBJ/known_hosts-cert |
93 | for ktype in rsa dsa ; do | 105 | for ktype in rsa dsa rsa_v00 dsa_v00 ; do |
94 | verbose "$tid: host ${ktype} revoked cert" | 106 | verbose "$tid: host ${ktype} revoked cert" |
95 | ( | 107 | ( |
96 | cat $OBJ/sshd_proxy_bak | 108 | cat $OBJ/sshd_proxy_bak |
@@ -116,32 +128,39 @@ test_one() { | |||
116 | ident=$1 | 128 | ident=$1 |
117 | result=$2 | 129 | result=$2 |
118 | sign_opts=$3 | 130 | sign_opts=$3 |
119 | |||
120 | verbose "$tid: test host cert connect $ident expect $result" | ||
121 | |||
122 | ${SSHKEYGEN} -q -s $OBJ/host_ca_key -I "regress host key for $USER" \ | ||
123 | $sign_opts \ | ||
124 | $OBJ/cert_host_key_rsa || | ||
125 | fail "couldn't sign cert_host_key_rsa" | ||
126 | ( | ||
127 | cat $OBJ/sshd_proxy_bak | ||
128 | echo HostKey $OBJ/cert_host_key_rsa | ||
129 | echo HostCertificate $OBJ/cert_host_key_rsa-cert.pub | ||
130 | ) > $OBJ/sshd_proxy | ||
131 | 131 | ||
132 | ${SSH} -2 -oUserKnownHostsFile=$OBJ/known_hosts-cert \ | 132 | for kt in rsa rsa_v00 ; do |
133 | -oGlobalKnownHostsFile=$OBJ/known_hosts-cert \ | 133 | case $kt in |
134 | -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1 | 134 | *_v00) args="-t v00" ;; |
135 | rc=$? | 135 | *) args="" ;; |
136 | if [ "x$result" = "xsuccess" ] ; then | 136 | esac |
137 | if [ $rc -ne 0 ]; then | 137 | |
138 | fail "ssh cert connect $ident failed unexpectedly" | 138 | verbose "$tid: host cert connect $ident $kt expect $result" |
139 | fi | 139 | ${SSHKEYGEN} -q -s $OBJ/host_ca_key \ |
140 | else | 140 | -I "regress host key for $USER" \ |
141 | if [ $rc -eq 0 ]; then | 141 | $sign_opts $args \ |
142 | fail "ssh cert connect $ident succeeded unexpectedly" | 142 | $OBJ/cert_host_key_${kt} || |
143 | fail "couldn't sign cert_host_key_${kt}" | ||
144 | ( | ||
145 | cat $OBJ/sshd_proxy_bak | ||
146 | echo HostKey $OBJ/cert_host_key_${kt} | ||
147 | echo HostCertificate $OBJ/cert_host_key_${kt}-cert.pub | ||
148 | ) > $OBJ/sshd_proxy | ||
149 | |||
150 | ${SSH} -2 -oUserKnownHostsFile=$OBJ/known_hosts-cert \ | ||
151 | -oGlobalKnownHostsFile=$OBJ/known_hosts-cert \ | ||
152 | -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1 | ||
153 | rc=$? | ||
154 | if [ "x$result" = "xsuccess" ] ; then | ||
155 | if [ $rc -ne 0 ]; then | ||
156 | fail "ssh cert connect $ident failed unexpectedly" | ||
157 | fi | ||
158 | else | ||
159 | if [ $rc -eq 0 ]; then | ||
160 | fail "ssh cert connect $ident succeeded unexpectedly" | ||
161 | fi | ||
143 | fi | 162 | fi |
144 | fi | 163 | done |
145 | } | 164 | } |
146 | 165 | ||
147 | test_one "user-certificate" failure "-n $HOSTS" | 166 | test_one "user-certificate" failure "-n $HOSTS" |
@@ -153,32 +172,35 @@ test_one "cert valid interval" success "-h -V-1w:+2w" | |||
153 | test_one "cert has constraints" failure "-h -Oforce-command=false" | 172 | test_one "cert has constraints" failure "-h -Oforce-command=false" |
154 | 173 | ||
155 | # Check downgrade of cert to raw key when no CA found | 174 | # Check downgrade of cert to raw key when no CA found |
156 | rm -f $OBJ/known_hosts-cert $OBJ/cert_host_key* | 175 | for v in v01 v00 ; do |
157 | for ktype in rsa dsa ; do | 176 | for ktype in rsa dsa ; do |
158 | verbose "$tid: host ${ktype} cert downgrade to raw key" | 177 | rm -f $OBJ/known_hosts-cert $OBJ/cert_host_key* |
159 | # Generate and sign a host key | 178 | verbose "$tid: host ${ktype} ${v} cert downgrade to raw key" |
160 | ${SSHKEYGEN} -q -N '' -t ${ktype} \ | 179 | # Generate and sign a host key |
161 | -f $OBJ/cert_host_key_${ktype} || \ | 180 | ${SSHKEYGEN} -q -N '' -t ${ktype} \ |
162 | fail "ssh-keygen of cert_host_key_${ktype} failed" | 181 | -f $OBJ/cert_host_key_${ktype} || \ |
163 | ${SSHKEYGEN} -h -q -s $OBJ/host_ca_key -I "regress host key for $USER" \ | 182 | fail "ssh-keygen of cert_host_key_${ktype} failed" |
164 | -n $HOSTS $OBJ/cert_host_key_${ktype} || | 183 | ${SSHKEYGEN} -t ${v} -h -q -s $OBJ/host_ca_key \ |
165 | fail "couldn't sign cert_host_key_${ktype}" | 184 | -I "regress host key for $USER" \ |
166 | ( | 185 | -n $HOSTS $OBJ/cert_host_key_${ktype} || |
167 | echon "$HOSTS " | 186 | fail "couldn't sign cert_host_key_${ktype}" |
168 | cat $OBJ/cert_host_key_${ktype}.pub | 187 | ( |
169 | ) > $OBJ/known_hosts-cert | 188 | echon "$HOSTS " |
170 | ( | 189 | cat $OBJ/cert_host_key_${ktype}.pub |
171 | cat $OBJ/sshd_proxy_bak | 190 | ) > $OBJ/known_hosts-cert |
172 | echo HostKey $OBJ/cert_host_key_${ktype} | 191 | ( |
173 | echo HostCertificate $OBJ/cert_host_key_${ktype}-cert.pub | 192 | cat $OBJ/sshd_proxy_bak |
174 | ) > $OBJ/sshd_proxy | 193 | echo HostKey $OBJ/cert_host_key_${ktype} |
175 | 194 | echo HostCertificate $OBJ/cert_host_key_${ktype}-cert.pub | |
176 | ${SSH} -2 -oUserKnownHostsFile=$OBJ/known_hosts-cert \ | 195 | ) > $OBJ/sshd_proxy |
177 | -oGlobalKnownHostsFile=$OBJ/known_hosts-cert \ | 196 | |
178 | -F $OBJ/ssh_proxy somehost true | 197 | ${SSH} -2 -oUserKnownHostsFile=$OBJ/known_hosts-cert \ |
179 | if [ $? -ne 0 ]; then | 198 | -oGlobalKnownHostsFile=$OBJ/known_hosts-cert \ |
180 | fail "ssh cert connect failed" | 199 | -F $OBJ/ssh_proxy somehost true |
181 | fi | 200 | if [ $? -ne 0 ]; then |
201 | fail "ssh cert connect failed" | ||
202 | fi | ||
203 | done | ||
182 | done | 204 | done |
183 | 205 | ||
184 | # Wrong certificate | 206 | # Wrong certificate |
@@ -187,25 +209,31 @@ done | |||
187 | echon "$HOSTS " | 209 | echon "$HOSTS " |
188 | cat $OBJ/host_ca_key.pub | 210 | cat $OBJ/host_ca_key.pub |
189 | ) > $OBJ/known_hosts-cert | 211 | ) > $OBJ/known_hosts-cert |
190 | for ktype in rsa dsa ; do | 212 | for v in v01 v00 ; do |
191 | # Self-sign key | 213 | for kt in rsa dsa ; do |
192 | ${SSHKEYGEN} -h -q -s $OBJ/cert_host_key_${ktype} \ | 214 | rm -f $OBJ/cert_host_key* |
193 | -I "regress host key for $USER" \ | 215 | # Self-sign key |
194 | -n $HOSTS $OBJ/cert_host_key_${ktype} || | 216 | ${SSHKEYGEN} -q -N '' -t ${kt} \ |
195 | fail "couldn't sign cert_host_key_${ktype}" | 217 | -f $OBJ/cert_host_key_${kt} || \ |
196 | verbose "$tid: host ${ktype} connect wrong cert" | 218 | fail "ssh-keygen of cert_host_key_${kt} failed" |
197 | ( | 219 | ${SSHKEYGEN} -t ${v} -h -q -s $OBJ/cert_host_key_${kt} \ |
198 | cat $OBJ/sshd_proxy_bak | 220 | -I "regress host key for $USER" \ |
199 | echo HostKey $OBJ/cert_host_key_${ktype} | 221 | -n $HOSTS $OBJ/cert_host_key_${kt} || |
200 | echo HostCertificate $OBJ/cert_host_key_${ktype}-cert.pub | 222 | fail "couldn't sign cert_host_key_${kt}" |
201 | ) > $OBJ/sshd_proxy | 223 | verbose "$tid: host ${kt} connect wrong cert" |
202 | 224 | ( | |
203 | ${SSH} -2 -oUserKnownHostsFile=$OBJ/known_hosts-cert \ | 225 | cat $OBJ/sshd_proxy_bak |
204 | -oGlobalKnownHostsFile=$OBJ/known_hosts-cert \ | 226 | echo HostKey $OBJ/cert_host_key_${kt} |
205 | -F $OBJ/ssh_proxy -q somehost true >/dev/null 2>&1 | 227 | echo HostCertificate $OBJ/cert_host_key_${kt}-cert.pub |
206 | if [ $? -eq 0 ]; then | 228 | ) > $OBJ/sshd_proxy |
207 | fail "ssh cert connect $ident succeeded unexpectedly" | 229 | |
208 | fi | 230 | ${SSH} -2 -oUserKnownHostsFile=$OBJ/known_hosts-cert \ |
231 | -oGlobalKnownHostsFile=$OBJ/known_hosts-cert \ | ||
232 | -F $OBJ/ssh_proxy -q somehost true >/dev/null 2>&1 | ||
233 | if [ $? -eq 0 ]; then | ||
234 | fail "ssh cert connect $ident succeeded unexpectedly" | ||
235 | fi | ||
236 | done | ||
209 | done | 237 | done |
210 | 238 | ||
211 | rm -f $OBJ/known_hosts-cert $OBJ/host_ca_key* $OBJ/cert_host_key* | 239 | rm -f $OBJ/known_hosts-cert $OBJ/host_ca_key* $OBJ/cert_host_key* |
diff --git a/regress/cert-userkey.sh b/regress/cert-userkey.sh index 7a58e7b75..a41a9a9c0 100644 --- a/regress/cert-userkey.sh +++ b/regress/cert-userkey.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: cert-userkey.sh,v 1.3 2010/03/04 10:38:23 djm Exp $ | 1 | # $OpenBSD: cert-userkey.sh,v 1.6 2010/06/29 23:59:54 djm Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="certified user keys" | 4 | tid="certified user keys" |
@@ -18,8 +18,128 @@ for ktype in rsa dsa ; do | |||
18 | fail "ssh-keygen of cert_user_key_${ktype} failed" | 18 | fail "ssh-keygen of cert_user_key_${ktype} failed" |
19 | ${SSHKEYGEN} -q -s $OBJ/user_ca_key -I \ | 19 | ${SSHKEYGEN} -q -s $OBJ/user_ca_key -I \ |
20 | "regress user key for $USER" \ | 20 | "regress user key for $USER" \ |
21 | -n $USER $OBJ/cert_user_key_${ktype} || | 21 | -n ${USER},mekmitasdigoat $OBJ/cert_user_key_${ktype} || |
22 | fail "couldn't sign cert_user_key_${ktype}" | 22 | fail "couldn't sign cert_user_key_${ktype}" |
23 | cp $OBJ/cert_user_key_${ktype} $OBJ/cert_user_key_${ktype}_v00 | ||
24 | cp $OBJ/cert_user_key_${ktype}.pub $OBJ/cert_user_key_${ktype}_v00.pub | ||
25 | ${SSHKEYGEN} -q -t v00 -s $OBJ/user_ca_key -I \ | ||
26 | "regress user key for $USER" \ | ||
27 | -n ${USER},mekmitasdigoat $OBJ/cert_user_key_${ktype}_v00 || | ||
28 | fail "couldn't sign cert_user_key_${ktype}_v00" | ||
29 | done | ||
30 | |||
31 | # Test explicitly-specified principals | ||
32 | for ktype in rsa dsa rsa_v00 dsa_v00 ; do | ||
33 | for privsep in yes no ; do | ||
34 | _prefix="${ktype} privsep $privsep" | ||
35 | |||
36 | # Setup for AuthorizedPrincipalsFile | ||
37 | rm -f $OBJ/authorized_keys_$USER | ||
38 | ( | ||
39 | cat $OBJ/sshd_proxy_bak | ||
40 | echo "UsePrivilegeSeparation $privsep" | ||
41 | echo "AuthorizedPrincipalsFile " \ | ||
42 | "$OBJ/authorized_principals_%u" | ||
43 | echo "TrustedUserCAKeys $OBJ/user_ca_key.pub" | ||
44 | ) > $OBJ/sshd_proxy | ||
45 | |||
46 | # Missing authorized_principals | ||
47 | verbose "$tid: ${_prefix} missing authorized_principals" | ||
48 | rm -f $OBJ/authorized_principals_$USER | ||
49 | ${SSH} -2i $OBJ/cert_user_key_${ktype} \ | ||
50 | -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1 | ||
51 | if [ $? -eq 0 ]; then | ||
52 | fail "ssh cert connect succeeded unexpectedly" | ||
53 | fi | ||
54 | |||
55 | # Empty authorized_principals | ||
56 | verbose "$tid: ${_prefix} empty authorized_principals" | ||
57 | echo > $OBJ/authorized_principals_$USER | ||
58 | ${SSH} -2i $OBJ/cert_user_key_${ktype} \ | ||
59 | -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1 | ||
60 | if [ $? -eq 0 ]; then | ||
61 | fail "ssh cert connect succeeded unexpectedly" | ||
62 | fi | ||
63 | |||
64 | # Wrong authorized_principals | ||
65 | verbose "$tid: ${_prefix} wrong authorized_principals" | ||
66 | echo gregorsamsa > $OBJ/authorized_principals_$USER | ||
67 | ${SSH} -2i $OBJ/cert_user_key_${ktype} \ | ||
68 | -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1 | ||
69 | if [ $? -eq 0 ]; then | ||
70 | fail "ssh cert connect succeeded unexpectedly" | ||
71 | fi | ||
72 | |||
73 | # Correct authorized_principals | ||
74 | verbose "$tid: ${_prefix} correct authorized_principals" | ||
75 | echo mekmitasdigoat > $OBJ/authorized_principals_$USER | ||
76 | ${SSH} -2i $OBJ/cert_user_key_${ktype} \ | ||
77 | -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1 | ||
78 | if [ $? -ne 0 ]; then | ||
79 | fail "ssh cert connect failed" | ||
80 | fi | ||
81 | |||
82 | # authorized_principals with bad key option | ||
83 | verbose "$tid: ${_prefix} authorized_principals bad key opt" | ||
84 | echo 'blah mekmitasdigoat' > $OBJ/authorized_principals_$USER | ||
85 | ${SSH} -2i $OBJ/cert_user_key_${ktype} \ | ||
86 | -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1 | ||
87 | if [ $? -eq 0 ]; then | ||
88 | fail "ssh cert connect succeeded unexpectedly" | ||
89 | fi | ||
90 | |||
91 | # authorized_principals with command=false | ||
92 | verbose "$tid: ${_prefix} authorized_principals command=false" | ||
93 | echo 'command="false" mekmitasdigoat' > \ | ||
94 | $OBJ/authorized_principals_$USER | ||
95 | ${SSH} -2i $OBJ/cert_user_key_${ktype} \ | ||
96 | -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1 | ||
97 | if [ $? -eq 0 ]; then | ||
98 | fail "ssh cert connect succeeded unexpectedly" | ||
99 | fi | ||
100 | |||
101 | |||
102 | # authorized_principals with command=true | ||
103 | verbose "$tid: ${_prefix} authorized_principals command=true" | ||
104 | echo 'command="true" mekmitasdigoat' > \ | ||
105 | $OBJ/authorized_principals_$USER | ||
106 | ${SSH} -2i $OBJ/cert_user_key_${ktype} \ | ||
107 | -F $OBJ/ssh_proxy somehost false >/dev/null 2>&1 | ||
108 | if [ $? -ne 0 ]; then | ||
109 | fail "ssh cert connect failed" | ||
110 | fi | ||
111 | |||
112 | # Setup for principals= key option | ||
113 | rm -f $OBJ/authorized_principals_$USER | ||
114 | ( | ||
115 | cat $OBJ/sshd_proxy_bak | ||
116 | echo "UsePrivilegeSeparation $privsep" | ||
117 | ) > $OBJ/sshd_proxy | ||
118 | |||
119 | # Wrong principals list | ||
120 | verbose "$tid: ${_prefix} wrong principals key option" | ||
121 | ( | ||
122 | echon 'cert-authority,principals="gregorsamsa" ' | ||
123 | cat $OBJ/user_ca_key.pub | ||
124 | ) > $OBJ/authorized_keys_$USER | ||
125 | ${SSH} -2i $OBJ/cert_user_key_${ktype} \ | ||
126 | -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1 | ||
127 | if [ $? -eq 0 ]; then | ||
128 | fail "ssh cert connect succeeded unexpectedly" | ||
129 | fi | ||
130 | |||
131 | # Correct principals list | ||
132 | verbose "$tid: ${_prefix} correct principals key option" | ||
133 | ( | ||
134 | echon 'cert-authority,principals="mekmitasdigoat" ' | ||
135 | cat $OBJ/user_ca_key.pub | ||
136 | ) > $OBJ/authorized_keys_$USER | ||
137 | ${SSH} -2i $OBJ/cert_user_key_${ktype} \ | ||
138 | -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1 | ||
139 | if [ $? -ne 0 ]; then | ||
140 | fail "ssh cert connect failed" | ||
141 | fi | ||
142 | done | ||
23 | done | 143 | done |
24 | 144 | ||
25 | basic_tests() { | 145 | basic_tests() { |
@@ -35,7 +155,7 @@ basic_tests() { | |||
35 | extra_sshd="TrustedUserCAKeys $OBJ/user_ca_key.pub" | 155 | extra_sshd="TrustedUserCAKeys $OBJ/user_ca_key.pub" |
36 | fi | 156 | fi |
37 | 157 | ||
38 | for ktype in rsa dsa ; do | 158 | for ktype in rsa dsa rsa_v00 dsa_v00 ; do |
39 | for privsep in yes no ; do | 159 | for privsep in yes no ; do |
40 | _prefix="${ktype} privsep $privsep $auth" | 160 | _prefix="${ktype} privsep $privsep $auth" |
41 | # Simple connect | 161 | # Simple connect |
@@ -102,45 +222,50 @@ test_one() { | |||
102 | result=$2 | 222 | result=$2 |
103 | sign_opts=$3 | 223 | sign_opts=$3 |
104 | auth_choice=$4 | 224 | auth_choice=$4 |
225 | auth_opt=$5 | ||
105 | 226 | ||
106 | if test "x$auth_choice" = "x" ; then | 227 | if test "x$auth_choice" = "x" ; then |
107 | auth_choice="authorized_keys TrustedUserCAKeys" | 228 | auth_choice="authorized_keys TrustedUserCAKeys" |
108 | fi | 229 | fi |
109 | 230 | ||
110 | for auth in $auth_choice ; do | 231 | for auth in $auth_choice ; do |
111 | cat $OBJ/sshd_proxy_bak > $OBJ/sshd_proxy | 232 | for ktype in rsa rsa_v00 ; do |
112 | if test "x$auth" = "xauthorized_keys" ; then | 233 | cat $OBJ/sshd_proxy_bak > $OBJ/sshd_proxy |
113 | # Add CA to authorized_keys | 234 | if test "x$auth" = "xauthorized_keys" ; then |
114 | ( | 235 | # Add CA to authorized_keys |
115 | echon 'cert-authority ' | 236 | ( |
116 | cat $OBJ/user_ca_key.pub | 237 | echon "cert-authority${auth_opt} " |
117 | ) > $OBJ/authorized_keys_$USER | 238 | cat $OBJ/user_ca_key.pub |
118 | else | 239 | ) > $OBJ/authorized_keys_$USER |
119 | echo > $OBJ/authorized_keys_$USER | 240 | else |
120 | echo "TrustedUserCAKeys $OBJ/user_ca_key.pub" >> \ | 241 | echo > $OBJ/authorized_keys_$USER |
121 | $OBJ/sshd_proxy | 242 | echo "TrustedUserCAKeys $OBJ/user_ca_key.pub" \ |
122 | 243 | >> $OBJ/sshd_proxy | |
123 | fi | 244 | if test "x$auth_opt" != "x" ; then |
124 | 245 | echo $auth_opt >> $OBJ/sshd_proxy | |
125 | verbose "$tid: $ident auth $auth expect $result" | 246 | fi |
126 | ${SSHKEYGEN} -q -s $OBJ/user_ca_key \ | ||
127 | -I "regress user key for $USER" \ | ||
128 | $sign_opts \ | ||
129 | $OBJ/cert_user_key_rsa || | ||
130 | fail "couldn't sign cert_user_key_rsa" | ||
131 | |||
132 | ${SSH} -2i $OBJ/cert_user_key_rsa -F $OBJ/ssh_proxy \ | ||
133 | somehost true >/dev/null 2>&1 | ||
134 | rc=$? | ||
135 | if [ "x$result" = "xsuccess" ] ; then | ||
136 | if [ $rc -ne 0 ]; then | ||
137 | fail "$ident failed unexpectedly" | ||
138 | fi | 247 | fi |
139 | else | 248 | |
140 | if [ $rc -eq 0 ]; then | 249 | verbose "$tid: $ident auth $auth expect $result $ktype" |
141 | fail "$ident succeeded unexpectedly" | 250 | ${SSHKEYGEN} -q -s $OBJ/user_ca_key \ |
251 | -I "regress user key for $USER" \ | ||
252 | $sign_opts \ | ||
253 | $OBJ/cert_user_key_${ktype} || | ||
254 | fail "couldn't sign cert_user_key_${ktype}" | ||
255 | |||
256 | ${SSH} -2i $OBJ/cert_user_key_${ktype} \ | ||
257 | -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1 | ||
258 | rc=$? | ||
259 | if [ "x$result" = "xsuccess" ] ; then | ||
260 | if [ $rc -ne 0 ]; then | ||
261 | fail "$ident failed unexpectedly" | ||
262 | fi | ||
263 | else | ||
264 | if [ $rc -eq 0 ]; then | ||
265 | fail "$ident succeeded unexpectedly" | ||
266 | fi | ||
142 | fi | 267 | fi |
143 | fi | 268 | done |
144 | done | 269 | done |
145 | } | 270 | } |
146 | 271 | ||
@@ -157,10 +282,33 @@ test_one "force-command" failure "-n ${USER} -Oforce-command=false" | |||
157 | test_one "empty principals" success "" authorized_keys | 282 | test_one "empty principals" success "" authorized_keys |
158 | test_one "empty principals" failure "" TrustedUserCAKeys | 283 | test_one "empty principals" failure "" TrustedUserCAKeys |
159 | 284 | ||
285 | # Check explicitly-specified principals: an empty principals list in the cert | ||
286 | # should always be refused. | ||
287 | |||
288 | # AuthorizedPrincipalsFile | ||
289 | rm -f $OBJ/authorized_keys_$USER | ||
290 | echo mekmitasdigoat > $OBJ/authorized_principals_$USER | ||
291 | test_one "AuthorizedPrincipalsFile principals" success "-n mekmitasdigoat" \ | ||
292 | TrustedUserCAKeys "AuthorizedPrincipalsFile $OBJ/authorized_principals_%u" | ||
293 | test_one "AuthorizedPrincipalsFile no principals" failure "" \ | ||
294 | TrustedUserCAKeys "AuthorizedPrincipalsFile $OBJ/authorized_principals_%u" | ||
295 | |||
296 | # principals= key option | ||
297 | rm -f $OBJ/authorized_principals_$USER | ||
298 | test_one "principals key option principals" success "-n mekmitasdigoat" \ | ||
299 | authorized_keys ',principals="mekmitasdigoat"' | ||
300 | test_one "principals key option no principals" failure "" \ | ||
301 | authorized_keys ',principals="mekmitasdigoat"' | ||
302 | |||
160 | # Wrong certificate | 303 | # Wrong certificate |
161 | for ktype in rsa dsa ; do | 304 | cat $OBJ/sshd_proxy_bak > $OBJ/sshd_proxy |
305 | for ktype in rsa dsa rsa_v00 dsa_v00 ; do | ||
306 | case $ktype in | ||
307 | *_v00) args="-t v00" ;; | ||
308 | *) args="" ;; | ||
309 | esac | ||
162 | # Self-sign | 310 | # Self-sign |
163 | ${SSHKEYGEN} -q -s $OBJ/cert_user_key_${ktype} -I \ | 311 | ${SSHKEYGEN} $args -q -s $OBJ/cert_user_key_${ktype} -I \ |
164 | "regress user key for $USER" \ | 312 | "regress user key for $USER" \ |
165 | -n $USER $OBJ/cert_user_key_${ktype} || | 313 | -n $USER $OBJ/cert_user_key_${ktype} || |
166 | fail "couldn't sign cert_user_key_${ktype}" | 314 | fail "couldn't sign cert_user_key_${ktype}" |
@@ -173,4 +321,5 @@ for ktype in rsa dsa ; do | |||
173 | done | 321 | done |
174 | 322 | ||
175 | rm -f $OBJ/authorized_keys_$USER $OBJ/user_ca_key* $OBJ/cert_user_key* | 323 | rm -f $OBJ/authorized_keys_$USER $OBJ/user_ca_key* $OBJ/cert_user_key* |
324 | rm -f $OBJ/authorized_principals_$USER | ||
176 | 325 | ||
diff --git a/regress/login-timeout.sh b/regress/login-timeout.sh index 15a887f74..55fbb324d 100644 --- a/regress/login-timeout.sh +++ b/regress/login-timeout.sh | |||
@@ -15,7 +15,7 @@ if [ $? -ne 0 ]; then | |||
15 | fail "ssh connect after login grace timeout failed with privsep" | 15 | fail "ssh connect after login grace timeout failed with privsep" |
16 | fi | 16 | fi |
17 | 17 | ||
18 | $SUDO kill `cat $PIDFILE` | 18 | $SUDO kill `$SUDO cat $PIDFILE` |
19 | 19 | ||
20 | trace "test login grace without privsep" | 20 | trace "test login grace without privsep" |
21 | echo "UsePrivilegeSeparation no" >> $OBJ/sshd_config | 21 | echo "UsePrivilegeSeparation no" >> $OBJ/sshd_config |
diff --git a/regress/reconfigure.sh b/regress/reconfigure.sh index 1daf29f9a..9fd289531 100644 --- a/regress/reconfigure.sh +++ b/regress/reconfigure.sh | |||
@@ -15,7 +15,7 @@ esac | |||
15 | 15 | ||
16 | start_sshd | 16 | start_sshd |
17 | 17 | ||
18 | PID=`cat $PIDFILE` | 18 | PID=`$SUDO cat $PIDFILE` |
19 | rm -f $PIDFILE | 19 | rm -f $PIDFILE |
20 | $SUDO kill -HUP $PID | 20 | $SUDO kill -HUP $PID |
21 | 21 | ||
diff --git a/regress/reexec.sh b/regress/reexec.sh index 4f824a31d..6edfc318e 100644 --- a/regress/reexec.sh +++ b/regress/reexec.sh | |||
@@ -41,7 +41,7 @@ echo "InvalidXXX=no" >> $OBJ/sshd_config | |||
41 | 41 | ||
42 | copy_tests | 42 | copy_tests |
43 | 43 | ||
44 | $SUDO kill `cat $PIDFILE` | 44 | $SUDO kill `$SUDO cat $PIDFILE` |
45 | rm -f $PIDFILE | 45 | rm -f $PIDFILE |
46 | 46 | ||
47 | cp $OBJ/sshd_config.orig $OBJ/sshd_config | 47 | cp $OBJ/sshd_config.orig $OBJ/sshd_config |
@@ -53,7 +53,7 @@ rm -f $SSHD_COPY | |||
53 | 53 | ||
54 | copy_tests | 54 | copy_tests |
55 | 55 | ||
56 | $SUDO kill `cat $PIDFILE` | 56 | $SUDO kill `$SUDO cat $PIDFILE` |
57 | rm -f $PIDFILE | 57 | rm -f $PIDFILE |
58 | 58 | ||
59 | verbose "test reexec fallback without privsep" | 59 | verbose "test reexec fallback without privsep" |
@@ -66,7 +66,7 @@ rm -f $SSHD_COPY | |||
66 | 66 | ||
67 | copy_tests | 67 | copy_tests |
68 | 68 | ||
69 | $SUDO kill `cat $PIDFILE` | 69 | $SUDO kill `$SUDO cat $PIDFILE` |
70 | rm -f $PIDFILE | 70 | rm -f $PIDFILE |
71 | 71 | ||
72 | 72 | ||
diff --git a/regress/test-exec.sh b/regress/test-exec.sh index b3a19389d..b64dcdbcf 100644 --- a/regress/test-exec.sh +++ b/regress/test-exec.sh | |||
@@ -167,7 +167,7 @@ have_prog() | |||
167 | cleanup () | 167 | cleanup () |
168 | { | 168 | { |
169 | if [ -f $PIDFILE ]; then | 169 | if [ -f $PIDFILE ]; then |
170 | pid=`cat $PIDFILE` | 170 | pid=`$SUDO cat $PIDFILE` |
171 | if [ "X$pid" = "X" ]; then | 171 | if [ "X$pid" = "X" ]; then |
172 | echo no sshd running | 172 | echo no sshd running |
173 | else | 173 | else |
@@ -6,7 +6,7 @@ NAME | |||
6 | SYNOPSIS | 6 | SYNOPSIS |
7 | scp [-1246BCpqrv] [-c cipher] [-F ssh_config] [-i identity_file] | 7 | scp [-1246BCpqrv] [-c cipher] [-F ssh_config] [-i identity_file] |
8 | [-l limit] [-o ssh_option] [-P port] [-S program] | 8 | [-l limit] [-o ssh_option] [-P port] [-S program] |
9 | [[user@]host1:]file1 ... [[user@]host2:]file2 | 9 | [[user@]host1:]file1 ... [[user@]host2:]file2 |
10 | 10 | ||
11 | DESCRIPTION | 11 | DESCRIPTION |
12 | scp copies files between hosts on a network. It uses ssh(1) for data | 12 | scp copies files between hosts on a network. It uses ssh(1) for data |
@@ -15,8 +15,8 @@ DESCRIPTION | |||
15 | they are needed for authentication. | 15 | they are needed for authentication. |
16 | 16 | ||
17 | File names may contain a user and host specification to indicate that the | 17 | File names may contain a user and host specification to indicate that the |
18 | file is to be copied to/from that host. Local file names can be made ex- | 18 | file is to be copied to/from that host. Local file names can be made |
19 | plicit using absolute or relative pathnames to avoid scp treating file | 19 | explicit using absolute or relative pathnames to avoid scp treating file |
20 | names containing `:' as host specifiers. Copies between two remote hosts | 20 | names containing `:' as host specifiers. Copies between two remote hosts |
21 | are also permitted. | 21 | are also permitted. |
22 | 22 | ||
@@ -30,11 +30,11 @@ DESCRIPTION | |||
30 | 30 | ||
31 | -6 Forces scp to use IPv6 addresses only. | 31 | -6 Forces scp to use IPv6 addresses only. |
32 | 32 | ||
33 | -B Selects batch mode (prevents asking for passwords or passphras- | 33 | -B Selects batch mode (prevents asking for passwords or |
34 | es). | 34 | passphrases). |
35 | 35 | ||
36 | -C Compression enable. Passes the -C flag to ssh(1) to enable com- | 36 | -C Compression enable. Passes the -C flag to ssh(1) to enable |
37 | pression. | 37 | compression. |
38 | 38 | ||
39 | -c cipher | 39 | -c cipher |
40 | Selects the cipher to use for encrypting the data transfer. This | 40 | Selects the cipher to use for encrypting the data transfer. This |
@@ -120,8 +120,8 @@ DESCRIPTION | |||
120 | -q Quiet mode: disables the progress meter as well as warning and | 120 | -q Quiet mode: disables the progress meter as well as warning and |
121 | diagnostic messages from ssh(1). | 121 | diagnostic messages from ssh(1). |
122 | 122 | ||
123 | -r Recursively copy entire directories. Note that scp follows sym- | 123 | -r Recursively copy entire directories. Note that scp follows |
124 | bolic links encountered in the tree traversal. | 124 | symbolic links encountered in the tree traversal. |
125 | 125 | ||
126 | -S program | 126 | -S program |
127 | Name of program to use for the encrypted connection. The program | 127 | Name of program to use for the encrypted connection. The program |
@@ -145,4 +145,4 @@ AUTHORS | |||
145 | Timo Rinne <tri@iki.fi> | 145 | Timo Rinne <tri@iki.fi> |
146 | Tatu Ylonen <ylo@cs.hut.fi> | 146 | Tatu Ylonen <ylo@cs.hut.fi> |
147 | 147 | ||
148 | OpenBSD 4.7 February 8, 2010 3 | 148 | OpenBSD 4.8 February 8, 2010 OpenBSD 4.8 |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: scp.c,v 1.165 2009/12/20 07:28:36 guenther Exp $ */ | 1 | /* $OpenBSD: scp.c,v 1.166 2010/07/01 13:06:59 millert Exp $ */ |
2 | /* | 2 | /* |
3 | * scp - secure remote copy. This is basically patched BSD rcp which | 3 | * scp - secure remote copy. This is basically patched BSD rcp which |
4 | * uses ssh to do the data transfer (instead of using rcmd). | 4 | * uses ssh to do the data transfer (instead of using rcmd). |
@@ -156,6 +156,20 @@ killchild(int signo) | |||
156 | exit(1); | 156 | exit(1); |
157 | } | 157 | } |
158 | 158 | ||
159 | static void | ||
160 | suspchild(int signo) | ||
161 | { | ||
162 | int status; | ||
163 | |||
164 | if (do_cmd_pid > 1) { | ||
165 | kill(do_cmd_pid, signo); | ||
166 | while (waitpid(do_cmd_pid, &status, WUNTRACED) == -1 && | ||
167 | errno == EINTR) | ||
168 | ; | ||
169 | kill(getpid(), SIGSTOP); | ||
170 | } | ||
171 | } | ||
172 | |||
159 | static int | 173 | static int |
160 | do_local_cmd(arglist *a) | 174 | do_local_cmd(arglist *a) |
161 | { | 175 | { |
@@ -240,6 +254,10 @@ do_cmd(char *host, char *remuser, char *cmd, int *fdin, int *fdout) | |||
240 | close(reserved[0]); | 254 | close(reserved[0]); |
241 | close(reserved[1]); | 255 | close(reserved[1]); |
242 | 256 | ||
257 | signal(SIGTSTP, suspchild); | ||
258 | signal(SIGTTIN, suspchild); | ||
259 | signal(SIGTTOU, suspchild); | ||
260 | |||
243 | /* Fork a child to execute the command on the remote host using ssh. */ | 261 | /* Fork a child to execute the command on the remote host using ssh. */ |
244 | do_cmd_pid = fork(); | 262 | do_cmd_pid = fork(); |
245 | if (do_cmd_pid == 0) { | 263 | if (do_cmd_pid == 0) { |
diff --git a/servconf.c b/servconf.c index d42dd527b..c843c97c5 100644 --- a/servconf.c +++ b/servconf.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: servconf.c,v 1.207 2010/03/25 23:38:28 djm Exp $ */ | 1 | /* $OpenBSD: servconf.c,v 1.209 2010/06/22 04:22:59 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
4 | * All rights reserved | 4 | * All rights reserved |
@@ -135,6 +135,7 @@ initialize_server_options(ServerOptions *options) | |||
135 | options->zero_knowledge_password_authentication = -1; | 135 | options->zero_knowledge_password_authentication = -1; |
136 | options->revoked_keys_file = NULL; | 136 | options->revoked_keys_file = NULL; |
137 | options->trusted_user_ca_keys = NULL; | 137 | options->trusted_user_ca_keys = NULL; |
138 | options->authorized_principals_file = NULL; | ||
138 | options->debian_banner = -1; | 139 | options->debian_banner = -1; |
139 | } | 140 | } |
140 | 141 | ||
@@ -327,7 +328,7 @@ typedef enum { | |||
327 | sMatch, sPermitOpen, sForceCommand, sChrootDirectory, | 328 | sMatch, sPermitOpen, sForceCommand, sChrootDirectory, |
328 | sUsePrivilegeSeparation, sAllowAgentForwarding, | 329 | sUsePrivilegeSeparation, sAllowAgentForwarding, |
329 | sZeroKnowledgePasswordAuthentication, sHostCertificate, | 330 | sZeroKnowledgePasswordAuthentication, sHostCertificate, |
330 | sRevokedKeys, sTrustedUserCAKeys, | 331 | sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, |
331 | sDebianBanner, | 332 | sDebianBanner, |
332 | sDeprecated, sUnsupported | 333 | sDeprecated, sUnsupported |
333 | } ServerOpCodes; | 334 | } ServerOpCodes; |
@@ -363,7 +364,7 @@ static struct { | |||
363 | { "rhostsauthentication", sDeprecated, SSHCFG_GLOBAL }, | 364 | { "rhostsauthentication", sDeprecated, SSHCFG_GLOBAL }, |
364 | { "rhostsrsaauthentication", sRhostsRSAAuthentication, SSHCFG_ALL }, | 365 | { "rhostsrsaauthentication", sRhostsRSAAuthentication, SSHCFG_ALL }, |
365 | { "hostbasedauthentication", sHostbasedAuthentication, SSHCFG_ALL }, | 366 | { "hostbasedauthentication", sHostbasedAuthentication, SSHCFG_ALL }, |
366 | { "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly, SSHCFG_GLOBAL }, | 367 | { "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly, SSHCFG_ALL }, |
367 | { "rsaauthentication", sRSAAuthentication, SSHCFG_ALL }, | 368 | { "rsaauthentication", sRSAAuthentication, SSHCFG_ALL }, |
368 | { "pubkeyauthentication", sPubkeyAuthentication, SSHCFG_ALL }, | 369 | { "pubkeyauthentication", sPubkeyAuthentication, SSHCFG_ALL }, |
369 | { "dsaauthentication", sPubkeyAuthentication, SSHCFG_GLOBAL }, /* alias */ | 370 | { "dsaauthentication", sPubkeyAuthentication, SSHCFG_GLOBAL }, /* alias */ |
@@ -449,11 +450,11 @@ static struct { | |||
449 | { "reversemappingcheck", sDeprecated, SSHCFG_GLOBAL }, | 450 | { "reversemappingcheck", sDeprecated, SSHCFG_GLOBAL }, |
450 | { "clientaliveinterval", sClientAliveInterval, SSHCFG_GLOBAL }, | 451 | { "clientaliveinterval", sClientAliveInterval, SSHCFG_GLOBAL }, |
451 | { "clientalivecountmax", sClientAliveCountMax, SSHCFG_GLOBAL }, | 452 | { "clientalivecountmax", sClientAliveCountMax, SSHCFG_GLOBAL }, |
452 | { "authorizedkeysfile", sAuthorizedKeysFile, SSHCFG_GLOBAL }, | 453 | { "authorizedkeysfile", sAuthorizedKeysFile, SSHCFG_ALL }, |
453 | { "authorizedkeysfile2", sAuthorizedKeysFile2, SSHCFG_GLOBAL }, | 454 | { "authorizedkeysfile2", sAuthorizedKeysFile2, SSHCFG_ALL }, |
454 | { "useprivilegeseparation", sUsePrivilegeSeparation, SSHCFG_GLOBAL}, | 455 | { "useprivilegeseparation", sUsePrivilegeSeparation, SSHCFG_GLOBAL}, |
455 | { "acceptenv", sAcceptEnv, SSHCFG_GLOBAL }, | 456 | { "acceptenv", sAcceptEnv, SSHCFG_GLOBAL }, |
456 | { "permittunnel", sPermitTunnel, SSHCFG_GLOBAL }, | 457 | { "permittunnel", sPermitTunnel, SSHCFG_ALL }, |
457 | { "match", sMatch, SSHCFG_ALL }, | 458 | { "match", sMatch, SSHCFG_ALL }, |
458 | { "permitopen", sPermitOpen, SSHCFG_ALL }, | 459 | { "permitopen", sPermitOpen, SSHCFG_ALL }, |
459 | { "forcecommand", sForceCommand, SSHCFG_ALL }, | 460 | { "forcecommand", sForceCommand, SSHCFG_ALL }, |
@@ -461,6 +462,7 @@ static struct { | |||
461 | { "hostcertificate", sHostCertificate, SSHCFG_GLOBAL }, | 462 | { "hostcertificate", sHostCertificate, SSHCFG_GLOBAL }, |
462 | { "revokedkeys", sRevokedKeys, SSHCFG_ALL }, | 463 | { "revokedkeys", sRevokedKeys, SSHCFG_ALL }, |
463 | { "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL }, | 464 | { "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL }, |
465 | { "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL }, | ||
464 | { "debianbanner", sDebianBanner, SSHCFG_GLOBAL }, | 466 | { "debianbanner", sDebianBanner, SSHCFG_GLOBAL }, |
465 | { NULL, sBadOption, 0 } | 467 | { NULL, sBadOption, 0 } |
466 | }; | 468 | }; |
@@ -1264,10 +1266,14 @@ process_server_config_line(ServerOptions *options, char *line, | |||
1264 | * AuthorizedKeysFile /etc/ssh_keys/%u | 1266 | * AuthorizedKeysFile /etc/ssh_keys/%u |
1265 | */ | 1267 | */ |
1266 | case sAuthorizedKeysFile: | 1268 | case sAuthorizedKeysFile: |
1269 | charptr = &options->authorized_keys_file; | ||
1270 | goto parse_tilde_filename; | ||
1267 | case sAuthorizedKeysFile2: | 1271 | case sAuthorizedKeysFile2: |
1268 | charptr = (opcode == sAuthorizedKeysFile) ? | 1272 | charptr = &options->authorized_keys_file2; |
1269 | &options->authorized_keys_file : | 1273 | goto parse_tilde_filename; |
1270 | &options->authorized_keys_file2; | 1274 | case sAuthorizedPrincipalsFile: |
1275 | charptr = &options->authorized_principals_file; | ||
1276 | parse_tilde_filename: | ||
1271 | arg = strdelim(&cp); | 1277 | arg = strdelim(&cp); |
1272 | if (!arg || *arg == '\0') | 1278 | if (!arg || *arg == '\0') |
1273 | fatal("%s line %d: missing file name.", | 1279 | fatal("%s line %d: missing file name.", |
@@ -1490,6 +1496,7 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth) | |||
1490 | M_CP_INTOPT(pubkey_authentication); | 1496 | M_CP_INTOPT(pubkey_authentication); |
1491 | M_CP_INTOPT(kerberos_authentication); | 1497 | M_CP_INTOPT(kerberos_authentication); |
1492 | M_CP_INTOPT(hostbased_authentication); | 1498 | M_CP_INTOPT(hostbased_authentication); |
1499 | M_CP_INTOPT(hostbased_uses_name_from_packet_only); | ||
1493 | M_CP_INTOPT(kbd_interactive_authentication); | 1500 | M_CP_INTOPT(kbd_interactive_authentication); |
1494 | M_CP_INTOPT(zero_knowledge_password_authentication); | 1501 | M_CP_INTOPT(zero_knowledge_password_authentication); |
1495 | M_CP_INTOPT(permit_root_login); | 1502 | M_CP_INTOPT(permit_root_login); |
@@ -1497,6 +1504,7 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth) | |||
1497 | 1504 | ||
1498 | M_CP_INTOPT(allow_tcp_forwarding); | 1505 | M_CP_INTOPT(allow_tcp_forwarding); |
1499 | M_CP_INTOPT(allow_agent_forwarding); | 1506 | M_CP_INTOPT(allow_agent_forwarding); |
1507 | M_CP_INTOPT(permit_tun); | ||
1500 | M_CP_INTOPT(gateway_ports); | 1508 | M_CP_INTOPT(gateway_ports); |
1501 | M_CP_INTOPT(x11_display_offset); | 1509 | M_CP_INTOPT(x11_display_offset); |
1502 | M_CP_INTOPT(x11_forwarding); | 1510 | M_CP_INTOPT(x11_forwarding); |
@@ -1511,6 +1519,9 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth) | |||
1511 | M_CP_STROPT(chroot_directory); | 1519 | M_CP_STROPT(chroot_directory); |
1512 | M_CP_STROPT(trusted_user_ca_keys); | 1520 | M_CP_STROPT(trusted_user_ca_keys); |
1513 | M_CP_STROPT(revoked_keys_file); | 1521 | M_CP_STROPT(revoked_keys_file); |
1522 | M_CP_STROPT(authorized_keys_file); | ||
1523 | M_CP_STROPT(authorized_keys_file2); | ||
1524 | M_CP_STROPT(authorized_principals_file); | ||
1514 | } | 1525 | } |
1515 | 1526 | ||
1516 | #undef M_CP_INTOPT | 1527 | #undef M_CP_INTOPT |
@@ -1736,6 +1747,8 @@ dump_config(ServerOptions *o) | |||
1736 | dump_cfg_string(sChrootDirectory, o->chroot_directory); | 1747 | dump_cfg_string(sChrootDirectory, o->chroot_directory); |
1737 | dump_cfg_string(sTrustedUserCAKeys, o->trusted_user_ca_keys); | 1748 | dump_cfg_string(sTrustedUserCAKeys, o->trusted_user_ca_keys); |
1738 | dump_cfg_string(sRevokedKeys, o->revoked_keys_file); | 1749 | dump_cfg_string(sRevokedKeys, o->revoked_keys_file); |
1750 | dump_cfg_string(sAuthorizedPrincipalsFile, | ||
1751 | o->authorized_principals_file); | ||
1739 | 1752 | ||
1740 | /* string arguments requiring a lookup */ | 1753 | /* string arguments requiring a lookup */ |
1741 | dump_cfg_string(sLogLevel, log_level_name(o->log_level)); | 1754 | dump_cfg_string(sLogLevel, log_level_name(o->log_level)); |
diff --git a/servconf.h b/servconf.h index 4f20ad595..1250d23d6 100644 --- a/servconf.h +++ b/servconf.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: servconf.h,v 1.92 2010/03/04 10:36:03 djm Exp $ */ | 1 | /* $OpenBSD: servconf.h,v 1.93 2010/05/07 11:30:30 djm Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
@@ -162,6 +162,7 @@ typedef struct { | |||
162 | char *chroot_directory; | 162 | char *chroot_directory; |
163 | char *revoked_keys_file; | 163 | char *revoked_keys_file; |
164 | char *trusted_user_ca_keys; | 164 | char *trusted_user_ca_keys; |
165 | char *authorized_principals_file; | ||
165 | } ServerOptions; | 166 | } ServerOptions; |
166 | 167 | ||
167 | void initialize_server_options(ServerOptions *); | 168 | void initialize_server_options(ServerOptions *); |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: session.c,v 1.252 2010/03/07 11:57:13 dtucker Exp $ */ | 1 | /* $OpenBSD: session.c,v 1.256 2010/06/25 07:20:04 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
4 | * All rights reserved | 4 | * All rights reserved |
@@ -47,6 +47,7 @@ | |||
47 | #include <arpa/inet.h> | 47 | #include <arpa/inet.h> |
48 | 48 | ||
49 | #include <errno.h> | 49 | #include <errno.h> |
50 | #include <fcntl.h> | ||
50 | #include <grp.h> | 51 | #include <grp.h> |
51 | #ifdef HAVE_PATHS_H | 52 | #ifdef HAVE_PATHS_H |
52 | #include <paths.h> | 53 | #include <paths.h> |
@@ -104,7 +105,7 @@ | |||
104 | /* func */ | 105 | /* func */ |
105 | 106 | ||
106 | Session *session_new(void); | 107 | Session *session_new(void); |
107 | void session_set_fds(Session *, int, int, int, int); | 108 | void session_set_fds(Session *, int, int, int, int, int); |
108 | void session_pty_cleanup(Session *); | 109 | void session_pty_cleanup(Session *); |
109 | void session_proctitle(Session *); | 110 | void session_proctitle(Session *); |
110 | int session_setup_x11fwd(Session *); | 111 | int session_setup_x11fwd(Session *); |
@@ -447,6 +448,9 @@ do_exec_no_pty(Session *s, const char *command) | |||
447 | #ifdef USE_PIPES | 448 | #ifdef USE_PIPES |
448 | int pin[2], pout[2], perr[2]; | 449 | int pin[2], pout[2], perr[2]; |
449 | 450 | ||
451 | if (s == NULL) | ||
452 | fatal("do_exec_no_pty: no session"); | ||
453 | |||
450 | /* Allocate pipes for communicating with the program. */ | 454 | /* Allocate pipes for communicating with the program. */ |
451 | if (pipe(pin) < 0) { | 455 | if (pipe(pin) < 0) { |
452 | error("%s: pipe in: %.100s", __func__, strerror(errno)); | 456 | error("%s: pipe in: %.100s", __func__, strerror(errno)); |
@@ -459,7 +463,8 @@ do_exec_no_pty(Session *s, const char *command) | |||
459 | return -1; | 463 | return -1; |
460 | } | 464 | } |
461 | if (pipe(perr) < 0) { | 465 | if (pipe(perr) < 0) { |
462 | error("%s: pipe err: %.100s", __func__, strerror(errno)); | 466 | error("%s: pipe err: %.100s", __func__, |
467 | strerror(errno)); | ||
463 | close(pin[0]); | 468 | close(pin[0]); |
464 | close(pin[1]); | 469 | close(pin[1]); |
465 | close(pout[0]); | 470 | close(pout[0]); |
@@ -469,22 +474,23 @@ do_exec_no_pty(Session *s, const char *command) | |||
469 | #else | 474 | #else |
470 | int inout[2], err[2]; | 475 | int inout[2], err[2]; |
471 | 476 | ||
477 | if (s == NULL) | ||
478 | fatal("do_exec_no_pty: no session"); | ||
479 | |||
472 | /* Uses socket pairs to communicate with the program. */ | 480 | /* Uses socket pairs to communicate with the program. */ |
473 | if (socketpair(AF_UNIX, SOCK_STREAM, 0, inout) < 0) { | 481 | if (socketpair(AF_UNIX, SOCK_STREAM, 0, inout) < 0) { |
474 | error("%s: socketpair #1: %.100s", __func__, strerror(errno)); | 482 | error("%s: socketpair #1: %.100s", __func__, strerror(errno)); |
475 | return -1; | 483 | return -1; |
476 | } | 484 | } |
477 | if (socketpair(AF_UNIX, SOCK_STREAM, 0, err) < 0) { | 485 | if (socketpair(AF_UNIX, SOCK_STREAM, 0, err) < 0) { |
478 | error("%s: socketpair #2: %.100s", __func__, strerror(errno)); | 486 | error("%s: socketpair #2: %.100s", __func__, |
487 | strerror(errno)); | ||
479 | close(inout[0]); | 488 | close(inout[0]); |
480 | close(inout[1]); | 489 | close(inout[1]); |
481 | return -1; | 490 | return -1; |
482 | } | 491 | } |
483 | #endif | 492 | #endif |
484 | 493 | ||
485 | if (s == NULL) | ||
486 | fatal("do_exec_no_pty: no session"); | ||
487 | |||
488 | session_proctitle(s); | 494 | session_proctitle(s); |
489 | 495 | ||
490 | /* Fork the child. */ | 496 | /* Fork the child. */ |
@@ -595,11 +601,8 @@ do_exec_no_pty(Session *s, const char *command) | |||
595 | close(perr[1]); | 601 | close(perr[1]); |
596 | 602 | ||
597 | if (compat20) { | 603 | if (compat20) { |
598 | if (s->is_subsystem) { | 604 | session_set_fds(s, pin[1], pout[0], perr[0], |
599 | close(perr[0]); | 605 | s->is_subsystem, 0); |
600 | perr[0] = -1; | ||
601 | } | ||
602 | session_set_fds(s, pin[1], pout[0], perr[0], 0); | ||
603 | } else { | 606 | } else { |
604 | /* Enter the interactive session. */ | 607 | /* Enter the interactive session. */ |
605 | server_loop(pid, pin[1], pout[0], perr[0]); | 608 | server_loop(pid, pin[1], pout[0], perr[0]); |
@@ -615,10 +618,8 @@ do_exec_no_pty(Session *s, const char *command) | |||
615 | * handle the case that fdin and fdout are the same. | 618 | * handle the case that fdin and fdout are the same. |
616 | */ | 619 | */ |
617 | if (compat20) { | 620 | if (compat20) { |
618 | session_set_fds(s, inout[1], inout[1], | 621 | session_set_fds(s, inout[1], inout[1], err[1], |
619 | s->is_subsystem ? -1 : err[1], 0); | 622 | s->is_subsystem, 0); |
620 | if (s->is_subsystem) | ||
621 | close(err[1]); | ||
622 | } else { | 623 | } else { |
623 | server_loop(pid, inout[1], inout[1], err[1]); | 624 | server_loop(pid, inout[1], inout[1], err[1]); |
624 | /* server_loop has closed inout[1] and err[1]. */ | 625 | /* server_loop has closed inout[1] and err[1]. */ |
@@ -740,7 +741,7 @@ do_exec_pty(Session *s, const char *command) | |||
740 | s->ptymaster = ptymaster; | 741 | s->ptymaster = ptymaster; |
741 | packet_set_interactive(1); | 742 | packet_set_interactive(1); |
742 | if (compat20) { | 743 | if (compat20) { |
743 | session_set_fds(s, ptyfd, fdout, -1, 1); | 744 | session_set_fds(s, ptyfd, fdout, -1, 1, 1); |
744 | } else { | 745 | } else { |
745 | server_loop(pid, ptyfd, fdout, -1); | 746 | server_loop(pid, ptyfd, fdout, -1); |
746 | /* server_loop _has_ closed ptyfd and fdout. */ | 747 | /* server_loop _has_ closed ptyfd and fdout. */ |
@@ -1792,7 +1793,8 @@ do_child(Session *s, const char *command) | |||
1792 | #ifdef HAVE_LOGIN_CAP | 1793 | #ifdef HAVE_LOGIN_CAP |
1793 | r = login_getcapbool(lc, "requirehome", 0); | 1794 | r = login_getcapbool(lc, "requirehome", 0); |
1794 | #endif | 1795 | #endif |
1795 | if (r || options.chroot_directory == NULL) | 1796 | if (r || options.chroot_directory == NULL || |
1797 | strcasecmp(options.chroot_directory, "none") == 0) | ||
1796 | fprintf(stderr, "Could not chdir to home " | 1798 | fprintf(stderr, "Could not chdir to home " |
1797 | "directory %s: %s\n", pw->pw_dir, | 1799 | "directory %s: %s\n", pw->pw_dir, |
1798 | strerror(errno)); | 1800 | strerror(errno)); |
@@ -2137,7 +2139,8 @@ session_subsystem_req(Session *s) | |||
2137 | u_int i; | 2139 | u_int i; |
2138 | 2140 | ||
2139 | packet_check_eom(); | 2141 | packet_check_eom(); |
2140 | logit("subsystem request for %.100s", subsys); | 2142 | logit("subsystem request for %.100s by user %s", subsys, |
2143 | s->pw->pw_name); | ||
2141 | 2144 | ||
2142 | for (i = 0; i < options.num_subsystems; i++) { | 2145 | for (i = 0; i < options.num_subsystems; i++) { |
2143 | if (strcmp(subsys, options.subsystem_name[i]) == 0) { | 2146 | if (strcmp(subsys, options.subsystem_name[i]) == 0) { |
@@ -2319,7 +2322,8 @@ session_input_channel_req(Channel *c, const char *rtype) | |||
2319 | } | 2322 | } |
2320 | 2323 | ||
2321 | void | 2324 | void |
2322 | session_set_fds(Session *s, int fdin, int fdout, int fderr, int is_tty) | 2325 | session_set_fds(Session *s, int fdin, int fdout, int fderr, int ignore_fderr, |
2326 | int is_tty) | ||
2323 | { | 2327 | { |
2324 | if (!compat20) | 2328 | if (!compat20) |
2325 | fatal("session_set_fds: called for proto != 2.0"); | 2329 | fatal("session_set_fds: called for proto != 2.0"); |
@@ -2331,7 +2335,7 @@ session_set_fds(Session *s, int fdin, int fdout, int fderr, int is_tty) | |||
2331 | fatal("no channel for session %d", s->self); | 2335 | fatal("no channel for session %d", s->self); |
2332 | channel_set_fds(s->chanid, | 2336 | channel_set_fds(s->chanid, |
2333 | fdout, fdin, fderr, | 2337 | fdout, fdin, fderr, |
2334 | fderr == -1 ? CHAN_EXTENDED_IGNORE : CHAN_EXTENDED_READ, | 2338 | ignore_fderr ? CHAN_EXTENDED_IGNORE : CHAN_EXTENDED_READ, |
2335 | 1, is_tty, CHAN_SES_WINDOW_DEFAULT); | 2339 | 1, is_tty, CHAN_SES_WINDOW_DEFAULT); |
2336 | } | 2340 | } |
2337 | 2341 | ||
diff --git a/sftp-client.c b/sftp-client.c index 6124c0f40..9dab47780 100644 --- a/sftp-client.c +++ b/sftp-client.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sftp-client.c,v 1.90 2009/10/11 10:41:26 dtucker Exp $ */ | 1 | /* $OpenBSD: sftp-client.c,v 1.92 2010/07/19 03:16:33 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org> | 3 | * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org> |
4 | * | 4 | * |
@@ -713,7 +713,8 @@ do_realpath(struct sftp_conn *conn, char *path) | |||
713 | u_int status = buffer_get_int(&msg); | 713 | u_int status = buffer_get_int(&msg); |
714 | 714 | ||
715 | error("Couldn't canonicalise: %s", fx2txt(status)); | 715 | error("Couldn't canonicalise: %s", fx2txt(status)); |
716 | return(NULL); | 716 | buffer_free(&msg); |
717 | return NULL; | ||
717 | } else if (type != SSH2_FXP_NAME) | 718 | } else if (type != SSH2_FXP_NAME) |
718 | fatal("Expected SSH2_FXP_NAME(%u) packet, got %u", | 719 | fatal("Expected SSH2_FXP_NAME(%u) packet, got %u", |
719 | SSH2_FXP_NAME, type); | 720 | SSH2_FXP_NAME, type); |
@@ -1522,7 +1523,7 @@ upload_dir_internal(struct sftp_conn *conn, char *src, char *dst, | |||
1522 | continue; | 1523 | continue; |
1523 | 1524 | ||
1524 | if (upload_dir_internal(conn, new_src, new_dst, | 1525 | if (upload_dir_internal(conn, new_src, new_dst, |
1525 | pflag, depth + 1, printflag) == -1) | 1526 | pflag, printflag, depth + 1) == -1) |
1526 | ret = -1; | 1527 | ret = -1; |
1527 | } else if (S_ISREG(sb.st_mode)) { | 1528 | } else if (S_ISREG(sb.st_mode)) { |
1528 | if (do_upload(conn, new_src, new_dst, pflag) == -1) { | 1529 | if (do_upload(conn, new_src, new_dst, pflag) == -1) { |
diff --git a/sftp-server.0 b/sftp-server.0 index 0c2654c8d..05b9ddc9c 100644 --- a/sftp-server.0 +++ b/sftp-server.0 | |||
@@ -8,9 +8,9 @@ SYNOPSIS | |||
8 | 8 | ||
9 | DESCRIPTION | 9 | DESCRIPTION |
10 | sftp-server is a program that speaks the server side of SFTP protocol to | 10 | sftp-server is a program that speaks the server side of SFTP protocol to |
11 | stdout and expects client requests from stdin. sftp-server is not in- | 11 | stdout and expects client requests from stdin. sftp-server is not |
12 | tended to be called directly, but from sshd(8) using the Subsystem op- | 12 | intended to be called directly, but from sshd(8) using the Subsystem |
13 | tion. | 13 | option. |
14 | 14 | ||
15 | Command-line flags to sftp-server should be specified in the Subsystem | 15 | Command-line flags to sftp-server should be specified in the Subsystem |
16 | declaration. See sshd_config(5) for more information. | 16 | declaration. See sshd_config(5) for more information. |
@@ -29,15 +29,15 @@ DESCRIPTION | |||
29 | -h Displays sftp-server usage information. | 29 | -h Displays sftp-server usage information. |
30 | 30 | ||
31 | -l log_level | 31 | -l log_level |
32 | Specifies which messages will be logged by sftp-server. The pos- | 32 | Specifies which messages will be logged by sftp-server. The |
33 | sible values are: QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DE- | 33 | possible values are: QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, |
34 | BUG1, DEBUG2, and DEBUG3. INFO and VERBOSE log transactions that | 34 | DEBUG1, DEBUG2, and DEBUG3. INFO and VERBOSE log transactions |
35 | sftp-server performs on behalf of the client. DEBUG and DEBUG1 | 35 | that sftp-server performs on behalf of the client. DEBUG and |
36 | are equivalent. DEBUG2 and DEBUG3 each specify higher levels of | 36 | DEBUG1 are equivalent. DEBUG2 and DEBUG3 each specify higher |
37 | debugging output. The default is ERROR. | 37 | levels of debugging output. The default is ERROR. |
38 | 38 | ||
39 | -R Places this instance of sftp-server into a read-only mode. At- | 39 | -R Places this instance of sftp-server into a read-only mode. |
40 | tempts to open files for writing, as well as other operations | 40 | Attempts to open files for writing, as well as other operations |
41 | that change the state of the filesystem, will be denied. | 41 | that change the state of the filesystem, will be denied. |
42 | 42 | ||
43 | -u umask | 43 | -u umask |
@@ -51,8 +51,9 @@ DESCRIPTION | |||
51 | SEE ALSO | 51 | SEE ALSO |
52 | sftp(1), ssh(1), sshd_config(5), sshd(8) | 52 | sftp(1), ssh(1), sshd_config(5), sshd(8) |
53 | 53 | ||
54 | T. Ylonen and S. Lehtinen, SSH File Transfer Protocol, draft-ietf-secsh- | 54 | T. Ylonen, S. Lehtinen, SSH File Transfer Protocol, |
55 | filexfer-00.txt, January 2001, work in progress material. | 55 | draft-ietf-secsh-filexfer-00.txt, January 2001, work in progress |
56 | material. | ||
56 | 57 | ||
57 | HISTORY | 58 | HISTORY |
58 | sftp-server first appeared in OpenBSD 2.8. | 59 | sftp-server first appeared in OpenBSD 2.8. |
@@ -60,4 +61,4 @@ HISTORY | |||
60 | AUTHORS | 61 | AUTHORS |
61 | Markus Friedl <markus@openbsd.org> | 62 | Markus Friedl <markus@openbsd.org> |
62 | 63 | ||
63 | OpenBSD 4.7 January 9, 2010 1 | 64 | OpenBSD 4.8 January 9, 2010 OpenBSD 4.8 |
@@ -15,20 +15,20 @@ SYNOPSIS | |||
15 | DESCRIPTION | 15 | DESCRIPTION |
16 | sftp is an interactive file transfer program, similar to ftp(1), which | 16 | sftp is an interactive file transfer program, similar to ftp(1), which |
17 | performs all operations over an encrypted ssh(1) transport. It may also | 17 | performs all operations over an encrypted ssh(1) transport. It may also |
18 | use many features of ssh, such as public key authentication and compres- | 18 | use many features of ssh, such as public key authentication and |
19 | sion. sftp connects and logs into the specified host, then enters an in- | 19 | compression. sftp connects and logs into the specified host, then enters |
20 | teractive command mode. | 20 | an interactive command mode. |
21 | 21 | ||
22 | The second usage format will retrieve files automatically if a non-inter- | 22 | The second usage format will retrieve files automatically if a non- |
23 | active authentication method is used; otherwise it will do so after suc- | 23 | interactive authentication method is used; otherwise it will do so after |
24 | cessful interactive authentication. | 24 | successful interactive authentication. |
25 | 25 | ||
26 | The third usage format allows sftp to start in a remote directory. | 26 | The third usage format allows sftp to start in a remote directory. |
27 | 27 | ||
28 | The final usage format allows for automated sessions using the -b option. | 28 | The final usage format allows for automated sessions using the -b option. |
29 | In such cases, it is necessary to configure non-interactive authentica- | 29 | In such cases, it is necessary to configure non-interactive |
30 | tion to obviate the need to enter a password at connection time (see | 30 | authentication to obviate the need to enter a password at connection time |
31 | sshd(8) and ssh-keygen(1) for details). The options are as follows: | 31 | (see sshd(8) and ssh-keygen(1) for details). The options are as follows: |
32 | 32 | ||
33 | -1 Specify the use of protocol version 1. | 33 | -1 Specify the use of protocol version 1. |
34 | 34 | ||
@@ -44,8 +44,8 @@ DESCRIPTION | |||
44 | higher memory consumption. The default is 32768 bytes. | 44 | higher memory consumption. The default is 32768 bytes. |
45 | 45 | ||
46 | -b batchfile | 46 | -b batchfile |
47 | Batch mode reads a series of commands from an input batchfile in- | 47 | Batch mode reads a series of commands from an input batchfile |
48 | stead of stdin. Since it lacks user interaction it should be | 48 | instead of stdin. Since it lacks user interaction it should be |
49 | used in conjunction with non-interactive authentication. A | 49 | used in conjunction with non-interactive authentication. A |
50 | batchfile of `-' may be used to indicate standard input. sftp | 50 | batchfile of `-' may be used to indicate standard input. sftp |
51 | will abort if any of the following commands fail: get, put, | 51 | will abort if any of the following commands fail: get, put, |
@@ -144,9 +144,9 @@ DESCRIPTION | |||
144 | Increasing this may slightly improve file transfer speed but will | 144 | Increasing this may slightly improve file transfer speed but will |
145 | increase memory usage. The default is 64 outstanding requests. | 145 | increase memory usage. The default is 64 outstanding requests. |
146 | 146 | ||
147 | -r Recursively copy entire directories when uploading and download- | 147 | -r Recursively copy entire directories when uploading and |
148 | ing. Note that sftp does not follow symbolic links encountered | 148 | downloading. Note that sftp does not follow symbolic links |
149 | in the tree traversal. | 149 | encountered in the tree traversal. |
150 | 150 | ||
151 | -S program | 151 | -S program |
152 | Name of the program to use for the encrypted connection. The | 152 | Name of the program to use for the encrypted connection. The |
@@ -155,8 +155,8 @@ DESCRIPTION | |||
155 | -s subsystem | sftp_server | 155 | -s subsystem | sftp_server |
156 | Specifies the SSH2 subsystem or the path for an sftp server on | 156 | Specifies the SSH2 subsystem or the path for an sftp server on |
157 | the remote host. A path is useful for using sftp over protocol | 157 | the remote host. A path is useful for using sftp over protocol |
158 | version 1, or when the remote sshd(8) does not have an sftp sub- | 158 | version 1, or when the remote sshd(8) does not have an sftp |
159 | system configured. | 159 | subsystem configured. |
160 | 160 | ||
161 | -v Raise logging level. This option is also passed to ssh. | 161 | -v Raise logging level. This option is also passed to ssh. |
162 | 162 | ||
@@ -173,16 +173,18 @@ INTERACTIVE COMMANDS | |||
173 | Change remote directory to path. | 173 | Change remote directory to path. |
174 | 174 | ||
175 | chgrp grp path | 175 | chgrp grp path |
176 | Change group of file path to grp. path may contain glob(3) char- | 176 | Change group of file path to grp. path may contain glob(3) |
177 | acters and may match multiple files. grp must be a numeric GID. | 177 | characters and may match multiple files. grp must be a numeric |
178 | GID. | ||
178 | 179 | ||
179 | chmod mode path | 180 | chmod mode path |
180 | Change permissions of file path to mode. path may contain | 181 | Change permissions of file path to mode. path may contain |
181 | glob(3) characters and may match multiple files. | 182 | glob(3) characters and may match multiple files. |
182 | 183 | ||
183 | chown own path | 184 | chown own path |
184 | Change owner of file path to own. path may contain glob(3) char- | 185 | Change owner of file path to own. path may contain glob(3) |
185 | acters and may match multiple files. own must be a numeric UID. | 186 | characters and may match multiple files. own must be a numeric |
187 | UID. | ||
186 | 188 | ||
187 | df [-hi] [path] | 189 | df [-hi] [path] |
188 | Display usage information for the filesystem holding the current | 190 | Display usage information for the filesystem holding the current |
@@ -198,14 +200,15 @@ INTERACTIVE COMMANDS | |||
198 | Retrieve the remote-path and store it on the local machine. If | 200 | Retrieve the remote-path and store it on the local machine. If |
199 | the local path name is not specified, it is given the same name | 201 | the local path name is not specified, it is given the same name |
200 | it has on the remote machine. remote-path may contain glob(3) | 202 | it has on the remote machine. remote-path may contain glob(3) |
201 | characters and may match multiple files. If it does and local- | 203 | characters and may match multiple files. If it does and |
202 | path is specified, then local-path must specify a directory. | 204 | local-path is specified, then local-path must specify a |
205 | directory. | ||
203 | 206 | ||
204 | If either the -P or -p flag is specified, then full file permis- | 207 | If either the -P or -p flag is specified, then full file |
205 | sions and access times are copied too. | 208 | permissions and access times are copied too. |
206 | 209 | ||
207 | If the -r flag is specified then directories will be copied re- | 210 | If the -r flag is specified then directories will be copied |
208 | cursively. Note that sftp does not follow symbolic links when | 211 | recursively. Note that sftp does not follow symbolic links when |
209 | performing recursive transfers. | 212 | performing recursive transfers. |
210 | 213 | ||
211 | help Display help text. | 214 | help Display help text. |
@@ -214,10 +217,10 @@ INTERACTIVE COMMANDS | |||
214 | Change local directory to path. | 217 | Change local directory to path. |
215 | 218 | ||
216 | lls [ls-options [path]] | 219 | lls [ls-options [path]] |
217 | Display local directory listing of either path or current direc- | 220 | Display local directory listing of either path or current |
218 | tory if path is not specified. ls-options may contain any flags | 221 | directory if path is not specified. ls-options may contain any |
219 | supported by the local system's ls(1) command. path may contain | 222 | flags supported by the local system's ls(1) command. path may |
220 | glob(3) characters and may match multiple files. | 223 | contain glob(3) characters and may match multiple files. |
221 | 224 | ||
222 | lmkdir path | 225 | lmkdir path |
223 | Create local directory specified by path. | 226 | Create local directory specified by path. |
@@ -239,8 +242,8 @@ INTERACTIVE COMMANDS | |||
239 | 242 | ||
240 | -a List files beginning with a dot (`.'). | 243 | -a List files beginning with a dot (`.'). |
241 | 244 | ||
242 | -f Do not sort the listing. The default sort order is lexi- | 245 | -f Do not sort the listing. The default sort order is |
243 | cographical. | 246 | lexicographical. |
244 | 247 | ||
245 | -h When used with a long format option, use unit suffixes: | 248 | -h When used with a long format option, use unit suffixes: |
246 | Byte, Kilobyte, Megabyte, Gigabyte, Terabyte, Petabyte, | 249 | Byte, Kilobyte, Megabyte, Gigabyte, Terabyte, Petabyte, |
@@ -248,8 +251,8 @@ INTERACTIVE COMMANDS | |||
248 | four or fewer using powers of 2 for sizes (K=1024, | 251 | four or fewer using powers of 2 for sizes (K=1024, |
249 | M=1048576, etc.). | 252 | M=1048576, etc.). |
250 | 253 | ||
251 | -l Display additional details including permissions and own- | 254 | -l Display additional details including permissions and |
252 | ership information. | 255 | ownership information. |
253 | 256 | ||
254 | -n Produce a long listing with user and group information | 257 | -n Produce a long listing with user and group information |
255 | presented numerically. | 258 | presented numerically. |
@@ -270,17 +273,18 @@ INTERACTIVE COMMANDS | |||
270 | Toggle display of progress meter. | 273 | Toggle display of progress meter. |
271 | 274 | ||
272 | put [-Ppr] local-path [remote-path] | 275 | put [-Ppr] local-path [remote-path] |
273 | Upload local-path and store it on the remote machine. If the re- | 276 | Upload local-path and store it on the remote machine. If the |
274 | mote path name is not specified, it is given the same name it has | 277 | remote path name is not specified, it is given the same name it |
275 | on the local machine. local-path may contain glob(3) characters | 278 | has on the local machine. local-path may contain glob(3) |
276 | and may match multiple files. If it does and remote-path is | 279 | characters and may match multiple files. If it does and |
277 | specified, then remote-path must specify a directory. | 280 | remote-path is specified, then remote-path must specify a |
278 | 281 | directory. | |
279 | If ether the -P or -p flag is specified, then full file permis- | 282 | |
280 | sions and access times are copied too. | 283 | If ether the -P or -p flag is specified, then full file |
281 | 284 | permissions and access times are copied too. | |
282 | If the -r flag is specified then directories will be copied re- | 285 | |
283 | cursively. Note that sftp does not follow symbolic links when | 286 | If the -r flag is specified then directories will be copied |
287 | recursively. Note that sftp does not follow symbolic links when | ||
284 | performing recursive transfers. | 288 | performing recursive transfers. |
285 | 289 | ||
286 | pwd Display remote working directory. | 290 | pwd Display remote working directory. |
@@ -313,7 +317,8 @@ SEE ALSO | |||
313 | ftp(1), ls(1), scp(1), ssh(1), ssh-add(1), ssh-keygen(1), glob(3), | 317 | ftp(1), ls(1), scp(1), ssh(1), ssh-add(1), ssh-keygen(1), glob(3), |
314 | ssh_config(5), sftp-server(8), sshd(8) | 318 | ssh_config(5), sftp-server(8), sshd(8) |
315 | 319 | ||
316 | T. Ylonen and S. Lehtinen, SSH File Transfer Protocol, draft-ietf-secsh- | 320 | T. Ylonen, S. Lehtinen, SSH File Transfer Protocol, |
317 | filexfer-00.txt, January 2001, work in progress material. | 321 | draft-ietf-secsh-filexfer-00.txt, January 2001, work in progress |
322 | material. | ||
318 | 323 | ||
319 | OpenBSD 4.7 February 8, 2010 5 | 324 | OpenBSD 4.8 February 8, 2010 OpenBSD 4.8 |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sftp.c,v 1.123 2010/01/27 19:21:39 djm Exp $ */ | 1 | /* $OpenBSD: sftp.c,v 1.125 2010/06/18 00:58:39 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org> | 3 | * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org> |
4 | * | 4 | * |
@@ -181,6 +181,8 @@ static const struct CMD cmds[] = { | |||
181 | { "ls", I_LS, REMOTE }, | 181 | { "ls", I_LS, REMOTE }, |
182 | { "lumask", I_LUMASK, NOARGS }, | 182 | { "lumask", I_LUMASK, NOARGS }, |
183 | { "mkdir", I_MKDIR, REMOTE }, | 183 | { "mkdir", I_MKDIR, REMOTE }, |
184 | { "mget", I_GET, REMOTE }, | ||
185 | { "mput", I_PUT, LOCAL }, | ||
184 | { "progress", I_PROGRESS, NOARGS }, | 186 | { "progress", I_PROGRESS, NOARGS }, |
185 | { "put", I_PUT, LOCAL }, | 187 | { "put", I_PUT, LOCAL }, |
186 | { "pwd", I_PWD, REMOTE }, | 188 | { "pwd", I_PWD, REMOTE }, |
@@ -1366,7 +1368,7 @@ parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd, | |||
1366 | break; | 1368 | break; |
1367 | case I_LS: | 1369 | case I_LS: |
1368 | if (!path1) { | 1370 | if (!path1) { |
1369 | do_globbed_ls(conn, *pwd, *pwd, lflag); | 1371 | do_ls_dir(conn, *pwd, *pwd, lflag); |
1370 | break; | 1372 | break; |
1371 | } | 1373 | } |
1372 | 1374 | ||
@@ -11,31 +11,33 @@ SYNOPSIS | |||
11 | DESCRIPTION | 11 | DESCRIPTION |
12 | ssh-add adds RSA or DSA identities to the authentication agent, | 12 | ssh-add adds RSA or DSA identities to the authentication agent, |
13 | ssh-agent(1). When run without arguments, it adds the files | 13 | ssh-agent(1). When run without arguments, it adds the files |
14 | ~/.ssh/id_rsa, ~/.ssh/id_dsa and ~/.ssh/identity. After loading a pri- | 14 | ~/.ssh/id_rsa, ~/.ssh/id_dsa and ~/.ssh/identity. After loading a |
15 | vate key, ssh-add will try to load corresponding certificate information | 15 | private key, ssh-add will try to load corresponding certificate |
16 | from the filename obtained by appending -cert.pub to the name of the pri- | 16 | information from the filename obtained by appending -cert.pub to the name |
17 | vate key file. Alternative file names can be given on the command line. | 17 | of the private key file. Alternative file names can be given on the |
18 | command line. | ||
18 | 19 | ||
19 | If any file requires a passphrase, ssh-add asks for the passphrase from | 20 | If any file requires a passphrase, ssh-add asks for the passphrase from |
20 | the user. The passphrase is read from the user's tty. ssh-add retries | 21 | the user. The passphrase is read from the user's tty. ssh-add retries |
21 | the last passphrase if multiple identity files are given. | 22 | the last passphrase if multiple identity files are given. |
22 | 23 | ||
23 | The authentication agent must be running and the SSH_AUTH_SOCK environ- | 24 | The authentication agent must be running and the SSH_AUTH_SOCK |
24 | ment variable must contain the name of its socket for ssh-add to work. | 25 | environment variable must contain the name of its socket for ssh-add to |
26 | work. | ||
25 | 27 | ||
26 | The options are as follows: | 28 | The options are as follows: |
27 | 29 | ||
28 | -c Indicates that added identities should be subject to confirmation | 30 | -c Indicates that added identities should be subject to confirmation |
29 | before being used for authentication. Confirmation is performed | 31 | before being used for authentication. Confirmation is performed |
30 | by the SSH_ASKPASS program mentioned below. Successful confirma- | 32 | by the SSH_ASKPASS program mentioned below. Successful |
31 | tion is signaled by a zero exit status from the SSH_ASKPASS pro- | 33 | confirmation is signaled by a zero exit status from the |
32 | gram, rather than text entered into the requester. | 34 | SSH_ASKPASS program, rather than text entered into the requester. |
33 | 35 | ||
34 | -D Deletes all identities from the agent. | 36 | -D Deletes all identities from the agent. |
35 | 37 | ||
36 | -d Instead of adding identities, removes identities from the agent. | 38 | -d Instead of adding identities, removes identities from the agent. |
37 | If ssh-add has been run without arguments, the keys for the de- | 39 | If ssh-add has been run without arguments, the keys for the |
38 | fault identities will be removed. Otherwise, the argument list | 40 | default identities will be removed. Otherwise, the argument list |
39 | will be interpreted as a list of paths to public key files and | 41 | will be interpreted as a list of paths to public key files and |
40 | matching keys will be removed from the agent. If no public key | 42 | matching keys will be removed from the agent. If no public key |
41 | is found at a given path, ssh-add will append .pub and retry. | 43 | is found at a given path, ssh-add will append .pub and retry. |
@@ -43,8 +45,8 @@ DESCRIPTION | |||
43 | -e pkcs11 | 45 | -e pkcs11 |
44 | Remove keys provided by the PKCS#11 shared library pkcs11. | 46 | Remove keys provided by the PKCS#11 shared library pkcs11. |
45 | 47 | ||
46 | -L Lists public key parameters of all identities currently repre- | 48 | -L Lists public key parameters of all identities currently |
47 | sented by the agent. | 49 | represented by the agent. |
48 | 50 | ||
49 | -l Lists fingerprints of all identities currently represented by the | 51 | -l Lists fingerprints of all identities currently represented by the |
50 | agent. | 52 | agent. |
@@ -54,8 +56,8 @@ DESCRIPTION | |||
54 | 56 | ||
55 | -t life | 57 | -t life |
56 | Set a maximum lifetime when adding identities to an agent. The | 58 | Set a maximum lifetime when adding identities to an agent. The |
57 | lifetime may be specified in seconds or in a time format speci- | 59 | lifetime may be specified in seconds or in a time format |
58 | fied in sshd_config(5). | 60 | specified in sshd_config(5). |
59 | 61 | ||
60 | -X Unlock the agent. | 62 | -X Unlock the agent. |
61 | 63 | ||
@@ -102,8 +104,8 @@ SEE ALSO | |||
102 | AUTHORS | 104 | AUTHORS |
103 | OpenSSH is a derivative of the original and free ssh 1.2.12 release by | 105 | OpenSSH is a derivative of the original and free ssh 1.2.12 release by |
104 | Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo | 106 | Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo |
105 | de Raadt and Dug Song removed many bugs, re-added newer features and cre- | 107 | de Raadt and Dug Song removed many bugs, re-added newer features and |
106 | ated OpenSSH. Markus Friedl contributed the support for SSH protocol | 108 | created OpenSSH. Markus Friedl contributed the support for SSH protocol |
107 | versions 1.5 and 2.0. | 109 | versions 1.5 and 2.0. |
108 | 110 | ||
109 | OpenBSD 4.7 March 5, 2010 2 | 111 | OpenBSD 4.8 March 5, 2010 OpenBSD 4.8 |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-add.c,v 1.94 2010/03/01 11:07:06 otto Exp $ */ | 1 | /* $OpenBSD: ssh-add.c,v 1.96 2010/05/14 00:47:22 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -202,7 +202,7 @@ add_file(AuthenticationConnection *ac, const char *filename) | |||
202 | "Lifetime set to %d seconds\n", lifetime); | 202 | "Lifetime set to %d seconds\n", lifetime); |
203 | if (confirm != 0) | 203 | if (confirm != 0) |
204 | fprintf(stderr, | 204 | fprintf(stderr, |
205 | "The user has to confirm each use of the key\n"); | 205 | "The user must confirm each use of the key\n"); |
206 | } else { | 206 | } else { |
207 | fprintf(stderr, "Could not add identity: %s\n", filename); | 207 | fprintf(stderr, "Could not add identity: %s\n", filename); |
208 | } | 208 | } |
@@ -210,29 +210,37 @@ add_file(AuthenticationConnection *ac, const char *filename) | |||
210 | 210 | ||
211 | /* Now try to add the certificate flavour too */ | 211 | /* Now try to add the certificate flavour too */ |
212 | xasprintf(&certpath, "%s-cert.pub", filename); | 212 | xasprintf(&certpath, "%s-cert.pub", filename); |
213 | if ((cert = key_load_public(certpath, NULL)) != NULL) { | 213 | if ((cert = key_load_public(certpath, NULL)) == NULL) |
214 | /* Graft with private bits */ | 214 | goto out; |
215 | if (key_to_certified(private) != 0) | 215 | |
216 | fatal("%s: key_to_certified failed", __func__); | 216 | if (!key_equal_public(cert, private)) { |
217 | key_cert_copy(cert, private); | 217 | error("Certificate %s does not match private key %s", |
218 | certpath, filename); | ||
218 | key_free(cert); | 219 | key_free(cert); |
220 | goto out; | ||
221 | } | ||
219 | 222 | ||
220 | if (ssh_add_identity_constrained(ac, private, comment, | 223 | /* Graft with private bits */ |
221 | lifetime, confirm)) { | 224 | if (key_to_certified(private, key_cert_is_legacy(cert)) != 0) { |
222 | fprintf(stderr, "Certificate added: %s (%s)\n", | 225 | error("%s: key_to_certified failed", __func__); |
223 | certpath, private->cert->key_id); | 226 | key_free(cert); |
224 | if (lifetime != 0) | 227 | goto out; |
225 | fprintf(stderr, "Lifetime set to %d seconds\n", | ||
226 | lifetime); | ||
227 | if (confirm != 0) | ||
228 | fprintf(stderr, "The user has to confirm each " | ||
229 | "use of the key\n"); | ||
230 | } else { | ||
231 | error("Certificate %s (%s) add failed", certpath, | ||
232 | private->cert->key_id); | ||
233 | } | ||
234 | } | 228 | } |
229 | key_cert_copy(cert, private); | ||
230 | key_free(cert); | ||
235 | 231 | ||
232 | if (!ssh_add_identity_constrained(ac, private, comment, | ||
233 | lifetime, confirm)) { | ||
234 | error("Certificate %s (%s) add failed", certpath, | ||
235 | private->cert->key_id); | ||
236 | } | ||
237 | fprintf(stderr, "Certificate added: %s (%s)\n", certpath, | ||
238 | private->cert->key_id); | ||
239 | if (lifetime != 0) | ||
240 | fprintf(stderr, "Lifetime set to %d seconds\n", lifetime); | ||
241 | if (confirm != 0) | ||
242 | fprintf(stderr, "The user must confirm each use of the key\n"); | ||
243 | out: | ||
236 | xfree(certpath); | 244 | xfree(certpath); |
237 | xfree(comment); | 245 | xfree(comment); |
238 | key_free(private); | 246 | key_free(private); |
diff --git a/ssh-agent.0 b/ssh-agent.0 index 536eac756..dfc82a966 100644 --- a/ssh-agent.0 +++ b/ssh-agent.0 | |||
@@ -8,18 +8,18 @@ SYNOPSIS | |||
8 | ssh-agent [-c | -s] -k | 8 | ssh-agent [-c | -s] -k |
9 | 9 | ||
10 | DESCRIPTION | 10 | DESCRIPTION |
11 | ssh-agent is a program to hold private keys used for public key authenti- | 11 | ssh-agent is a program to hold private keys used for public key |
12 | cation (RSA, DSA). The idea is that ssh-agent is started in the begin- | 12 | authentication (RSA, DSA). The idea is that ssh-agent is started in the |
13 | ning of an X-session or a login session, and all other windows or pro- | 13 | beginning of an X-session or a login session, and all other windows or |
14 | grams are started as clients to the ssh-agent program. Through use of | 14 | programs are started as clients to the ssh-agent program. Through use of |
15 | environment variables the agent can be located and automatically used for | 15 | environment variables the agent can be located and automatically used for |
16 | authentication when logging in to other machines using ssh(1). | 16 | authentication when logging in to other machines using ssh(1). |
17 | 17 | ||
18 | The options are as follows: | 18 | The options are as follows: |
19 | 19 | ||
20 | -a bind_address | 20 | -a bind_address |
21 | Bind the agent to the UNIX-domain socket bind_address. The de- | 21 | Bind the agent to the UNIX-domain socket bind_address. The |
22 | fault is /tmp/ssh-XXXXXXXXXX/agent.<ppid>. | 22 | default is /tmp/ssh-XXXXXXXXXX/agent.<ppid>. |
23 | 23 | ||
24 | -c Generate C-shell commands on stdout. This is the default if | 24 | -c Generate C-shell commands on stdout. This is the default if |
25 | SHELL looks like it's a csh style of shell. | 25 | SHELL looks like it's a csh style of shell. |
@@ -50,15 +50,15 @@ DESCRIPTION | |||
50 | one or from a small X11 program if running under X11. If neither of | 50 | one or from a small X11 program if running under X11. If neither of |
51 | these is the case then the authentication will fail. It then sends the | 51 | these is the case then the authentication will fail. It then sends the |
52 | identity to the agent. Several identities can be stored in the agent; | 52 | identity to the agent. Several identities can be stored in the agent; |
53 | the agent can automatically use any of these identities. ssh-add -l dis- | 53 | the agent can automatically use any of these identities. ssh-add -l |
54 | plays the identities currently held by the agent. | 54 | displays the identities currently held by the agent. |
55 | 55 | ||
56 | The idea is that the agent is run in the user's local PC, laptop, or ter- | 56 | The idea is that the agent is run in the user's local PC, laptop, or |
57 | minal. Authentication data need not be stored on any other machine, and | 57 | terminal. Authentication data need not be stored on any other machine, |
58 | authentication passphrases never go over the network. However, the con- | 58 | and authentication passphrases never go over the network. However, the |
59 | nection to the agent is forwarded over SSH remote logins, and the user | 59 | connection to the agent is forwarded over SSH remote logins, and the user |
60 | can thus use the privileges given by the identities anywhere in the net- | 60 | can thus use the privileges given by the identities anywhere in the |
61 | work in a secure way. | 61 | network in a secure way. |
62 | 62 | ||
63 | There are two main ways to get an agent set up: The first is that the | 63 | There are two main ways to get an agent set up: The first is that the |
64 | agent starts a new subcommand into which some environment variables are | 64 | agent starts a new subcommand into which some environment variables are |
@@ -68,18 +68,18 @@ DESCRIPTION | |||
68 | Bourne-type shells such as sh(1) or ksh(1) and eval `ssh-agent -c` for | 68 | Bourne-type shells such as sh(1) or ksh(1) and eval `ssh-agent -c` for |
69 | csh(1) and derivatives. | 69 | csh(1) and derivatives. |
70 | 70 | ||
71 | Later ssh(1) looks at these variables and uses them to establish a con- | 71 | Later ssh(1) looks at these variables and uses them to establish a |
72 | nection to the agent. | 72 | connection to the agent. |
73 | 73 | ||
74 | The agent will never send a private key over its request channel. In- | 74 | The agent will never send a private key over its request channel. |
75 | stead, operations that require a private key will be performed by the | 75 | Instead, operations that require a private key will be performed by the |
76 | agent, and the result will be returned to the requester. This way, pri- | 76 | agent, and the result will be returned to the requester. This way, |
77 | vate keys are not exposed to clients using the agent. | 77 | private keys are not exposed to clients using the agent. |
78 | 78 | ||
79 | A UNIX-domain socket is created and the name of this socket is stored in | 79 | A UNIX-domain socket is created and the name of this socket is stored in |
80 | the SSH_AUTH_SOCK environment variable. The socket is made accessible | 80 | the SSH_AUTH_SOCK environment variable. The socket is made accessible |
81 | only to the current user. This method is easily abused by root or anoth- | 81 | only to the current user. This method is easily abused by root or |
82 | er instance of the same user. | 82 | another instance of the same user. |
83 | 83 | ||
84 | The SSH_AGENT_PID environment variable holds the agent's process ID. | 84 | The SSH_AGENT_PID environment variable holds the agent's process ID. |
85 | 85 | ||
@@ -100,9 +100,9 @@ FILES | |||
100 | the user. | 100 | the user. |
101 | 101 | ||
102 | /tmp/ssh-XXXXXXXXXX/agent.<ppid> | 102 | /tmp/ssh-XXXXXXXXXX/agent.<ppid> |
103 | UNIX-domain sockets used to contain the connection to the authen- | 103 | UNIX-domain sockets used to contain the connection to the |
104 | tication agent. These sockets should only be readable by the | 104 | authentication agent. These sockets should only be readable by |
105 | owner. The sockets should get automatically removed when the | 105 | the owner. The sockets should get automatically removed when the |
106 | agent exits. | 106 | agent exits. |
107 | 107 | ||
108 | SEE ALSO | 108 | SEE ALSO |
@@ -111,8 +111,8 @@ SEE ALSO | |||
111 | AUTHORS | 111 | AUTHORS |
112 | OpenSSH is a derivative of the original and free ssh 1.2.12 release by | 112 | OpenSSH is a derivative of the original and free ssh 1.2.12 release by |
113 | Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo | 113 | Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo |
114 | de Raadt and Dug Song removed many bugs, re-added newer features and cre- | 114 | de Raadt and Dug Song removed many bugs, re-added newer features and |
115 | ated OpenSSH. Markus Friedl contributed the support for SSH protocol | 115 | created OpenSSH. Markus Friedl contributed the support for SSH protocol |
116 | versions 1.5 and 2.0. | 116 | versions 1.5 and 2.0. |
117 | 117 | ||
118 | OpenBSD 4.7 January 17, 2010 2 | 118 | OpenBSD 4.8 January 17, 2010 OpenBSD 4.8 |
diff --git a/ssh-agent.c b/ssh-agent.c index b5c565271..2c0e28696 100644 --- a/ssh-agent.c +++ b/ssh-agent.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-agent.c,v 1.165 2010/02/26 20:29:54 djm Exp $ */ | 1 | /* $OpenBSD: ssh-agent.c,v 1.166 2010/04/16 01:47:26 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -500,6 +500,7 @@ process_add_identity(SocketEntry *e, int version) | |||
500 | buffer_get_bignum2(&e->request, k->dsa->pub_key); | 500 | buffer_get_bignum2(&e->request, k->dsa->pub_key); |
501 | buffer_get_bignum2(&e->request, k->dsa->priv_key); | 501 | buffer_get_bignum2(&e->request, k->dsa->priv_key); |
502 | break; | 502 | break; |
503 | case KEY_DSA_CERT_V00: | ||
503 | case KEY_DSA_CERT: | 504 | case KEY_DSA_CERT: |
504 | cert = buffer_get_string(&e->request, &len); | 505 | cert = buffer_get_string(&e->request, &len); |
505 | if ((k = key_from_blob(cert, len)) == NULL) | 506 | if ((k = key_from_blob(cert, len)) == NULL) |
@@ -520,6 +521,7 @@ process_add_identity(SocketEntry *e, int version) | |||
520 | /* Generate additional parameters */ | 521 | /* Generate additional parameters */ |
521 | rsa_generate_additional_parameters(k->rsa); | 522 | rsa_generate_additional_parameters(k->rsa); |
522 | break; | 523 | break; |
524 | case KEY_RSA_CERT_V00: | ||
523 | case KEY_RSA_CERT: | 525 | case KEY_RSA_CERT: |
524 | cert = buffer_get_string(&e->request, &len); | 526 | cert = buffer_get_string(&e->request, &len); |
525 | if ((k = key_from_blob(cert, len)) == NULL) | 527 | if ((k = key_from_blob(cert, len)) == NULL) |
@@ -540,6 +542,7 @@ process_add_identity(SocketEntry *e, int version) | |||
540 | /* enable blinding */ | 542 | /* enable blinding */ |
541 | switch (k->type) { | 543 | switch (k->type) { |
542 | case KEY_RSA: | 544 | case KEY_RSA: |
545 | case KEY_RSA_CERT_V00: | ||
543 | case KEY_RSA_CERT: | 546 | case KEY_RSA_CERT: |
544 | case KEY_RSA1: | 547 | case KEY_RSA1: |
545 | if (RSA_blinding_on(k->rsa, NULL) != 1) { | 548 | if (RSA_blinding_on(k->rsa, NULL) != 1) { |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-dss.c,v 1.25 2010/02/26 20:29:54 djm Exp $ */ | 1 | /* $OpenBSD: ssh-dss.c,v 1.26 2010/04/16 01:47:26 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -53,9 +53,8 @@ ssh_dss_sign(const Key *key, u_char **sigp, u_int *lenp, | |||
53 | u_int rlen, slen, len, dlen; | 53 | u_int rlen, slen, len, dlen; |
54 | Buffer b; | 54 | Buffer b; |
55 | 55 | ||
56 | if (key == NULL || | 56 | if (key == NULL || key->dsa == NULL || (key->type != KEY_DSA && |
57 | (key->type != KEY_DSA && key->type != KEY_DSA_CERT) || | 57 | key->type != KEY_DSA_CERT && key->type != KEY_DSA_CERT_V00)) { |
58 | key->dsa == NULL) { | ||
59 | error("ssh_dss_sign: no DSA key"); | 58 | error("ssh_dss_sign: no DSA key"); |
60 | return -1; | 59 | return -1; |
61 | } | 60 | } |
@@ -118,9 +117,8 @@ ssh_dss_verify(const Key *key, const u_char *signature, u_int signaturelen, | |||
118 | int rlen, ret; | 117 | int rlen, ret; |
119 | Buffer b; | 118 | Buffer b; |
120 | 119 | ||
121 | if (key == NULL || | 120 | if (key == NULL || key->dsa == NULL || (key->type != KEY_DSA && |
122 | (key->type != KEY_DSA && key->type != KEY_DSA_CERT) || | 121 | key->type != KEY_DSA_CERT && key->type != KEY_DSA_CERT_V00)) { |
123 | key->dsa == NULL) { | ||
124 | error("ssh_dss_verify: no DSA key"); | 122 | error("ssh_dss_verify: no DSA key"); |
125 | return -1; | 123 | return -1; |
126 | } | 124 | } |
diff --git a/ssh-keygen.0 b/ssh-keygen.0 index aed4a14ad..fb7838724 100644 --- a/ssh-keygen.0 +++ b/ssh-keygen.0 | |||
@@ -7,8 +7,8 @@ SYNOPSIS | |||
7 | ssh-keygen [-q] [-b bits] -t type [-N new_passphrase] [-C comment] | 7 | ssh-keygen [-q] [-b bits] -t type [-N new_passphrase] [-C comment] |
8 | [-f output_keyfile] | 8 | [-f output_keyfile] |
9 | ssh-keygen -p [-P old_passphrase] [-N new_passphrase] [-f keyfile] | 9 | ssh-keygen -p [-P old_passphrase] [-N new_passphrase] [-f keyfile] |
10 | ssh-keygen -i [-f input_keyfile] | 10 | ssh-keygen -i [-m key_format] [-f input_keyfile] |
11 | ssh-keygen -e [-f input_keyfile] | 11 | ssh-keygen -e [-m key_format] [-f input_keyfile] |
12 | ssh-keygen -y [-f input_keyfile] | 12 | ssh-keygen -y [-f input_keyfile] |
13 | ssh-keygen -c [-P passphrase] [-C comment] [-f keyfile] | 13 | ssh-keygen -c [-P passphrase] [-C comment] [-f keyfile] |
14 | ssh-keygen -l [-f input_keyfile] | 14 | ssh-keygen -l [-f input_keyfile] |
@@ -22,7 +22,7 @@ SYNOPSIS | |||
22 | ssh-keygen -T output_file -f input_file [-v] [-a num_trials] | 22 | ssh-keygen -T output_file -f input_file [-v] [-a num_trials] |
23 | [-W generator] | 23 | [-W generator] |
24 | ssh-keygen -s ca_key -I certificate_identity [-h] [-n principals] | 24 | ssh-keygen -s ca_key -I certificate_identity [-h] [-n principals] |
25 | [-O constraint] [-V validity_interval] file ... | 25 | [-O option] [-V validity_interval] [-z serial_number] file ... |
26 | ssh-keygen -L [-f input_keyfile] | 26 | ssh-keygen -L [-f input_keyfile] |
27 | 27 | ||
28 | DESCRIPTION | 28 | DESCRIPTION |
@@ -46,14 +46,14 @@ DESCRIPTION | |||
46 | name but ``.pub'' appended. The program also asks for a passphrase. The | 46 | name but ``.pub'' appended. The program also asks for a passphrase. The |
47 | passphrase may be empty to indicate no passphrase (host keys must have an | 47 | passphrase may be empty to indicate no passphrase (host keys must have an |
48 | empty passphrase), or it may be a string of arbitrary length. A | 48 | empty passphrase), or it may be a string of arbitrary length. A |
49 | passphrase is similar to a password, except it can be a phrase with a se- | 49 | passphrase is similar to a password, except it can be a phrase with a |
50 | ries of words, punctuation, numbers, whitespace, or any string of charac- | 50 | series of words, punctuation, numbers, whitespace, or any string of |
51 | ters you want. Good passphrases are 10-30 characters long, are not sim- | 51 | characters you want. Good passphrases are 10-30 characters long, are not |
52 | ple sentences or otherwise easily guessable (English prose has only 1-2 | 52 | simple sentences or otherwise easily guessable (English prose has only 1- |
53 | bits of entropy per character, and provides very bad passphrases), and | 53 | 2 bits of entropy per character, and provides very bad passphrases), and |
54 | contain a mix of upper and lowercase letters, numbers, and non-alphanu- | 54 | contain a mix of upper and lowercase letters, numbers, and non- |
55 | meric characters. The passphrase can be changed later by using the -p | 55 | alphanumeric characters. The passphrase can be changed later by using |
56 | option. | 56 | the -p option. |
57 | 57 | ||
58 | There is no way to recover a lost passphrase. If the passphrase is lost | 58 | There is no way to recover a lost passphrase. If the passphrase is lost |
59 | or forgotten, a new key must be generated and copied to the corresponding | 59 | or forgotten, a new key must be generated and copied to the corresponding |
@@ -61,9 +61,9 @@ DESCRIPTION | |||
61 | 61 | ||
62 | For RSA1 keys, there is also a comment field in the key file that is only | 62 | For RSA1 keys, there is also a comment field in the key file that is only |
63 | for convenience to the user to help identify the key. The comment can | 63 | for convenience to the user to help identify the key. The comment can |
64 | tell what the key is for, or whatever is useful. The comment is initial- | 64 | tell what the key is for, or whatever is useful. The comment is |
65 | ized to ``user@host'' when the key is created, but can be changed using | 65 | initialized to ``user@host'' when the key is created, but can be changed |
66 | the -c option. | 66 | using the -c option. |
67 | 67 | ||
68 | After a key is generated, instructions below detail where the keys should | 68 | After a key is generated, instructions below detail where the keys should |
69 | be placed to be activated. | 69 | be placed to be activated. |
@@ -79,26 +79,29 @@ DESCRIPTION | |||
79 | 79 | ||
80 | -b bits | 80 | -b bits |
81 | Specifies the number of bits in the key to create. For RSA keys, | 81 | Specifies the number of bits in the key to create. For RSA keys, |
82 | the minimum size is 768 bits and the default is 2048 bits. Gen- | 82 | the minimum size is 768 bits and the default is 2048 bits. |
83 | erally, 2048 bits is considered sufficient. DSA keys must be ex- | 83 | Generally, 2048 bits is considered sufficient. DSA keys must be |
84 | actly 1024 bits as specified by FIPS 186-2. | 84 | exactly 1024 bits as specified by FIPS 186-2. |
85 | 85 | ||
86 | -C comment | 86 | -C comment |
87 | Provides a new comment. | 87 | Provides a new comment. |
88 | 88 | ||
89 | -c Requests changing the comment in the private and public key | 89 | -c Requests changing the comment in the private and public key |
90 | files. This operation is only supported for RSA1 keys. The pro- | 90 | files. This operation is only supported for RSA1 keys. The |
91 | gram will prompt for the file containing the private keys, for | 91 | program will prompt for the file containing the private keys, for |
92 | the passphrase if the key has one, and for the new comment. | 92 | the passphrase if the key has one, and for the new comment. |
93 | 93 | ||
94 | -D pkcs11 | 94 | -D pkcs11 |
95 | Download the RSA public keys provided by the PKCS#11 shared li- | 95 | Download the RSA public keys provided by the PKCS#11 shared |
96 | brary pkcs11. | 96 | library pkcs11. When used in combination with -s, this option |
97 | indicates that a CA key resides in a PKCS#11 token (see the | ||
98 | CERTIFICATES section for details). | ||
97 | 99 | ||
98 | -e This option will read a private or public OpenSSH key file and | 100 | -e This option will read a private or public OpenSSH key file and |
99 | print the key in RFC 4716 SSH Public Key File Format to stdout. | 101 | print to stdout the key in one of the formats specified by the -m |
100 | This option allows exporting keys for use by several commercial | 102 | option. The default export format is ``RFC4716''. This option |
101 | SSH implementations. | 103 | allows exporting OpenSSH keys for use by other programs, |
104 | including several commercial SSH implementations. | ||
102 | 105 | ||
103 | -F hostname | 106 | -F hostname |
104 | Search for the specified hostname in a known_hosts file, listing | 107 | Search for the specified hostname in a known_hosts file, listing |
@@ -116,8 +119,8 @@ DESCRIPTION | |||
116 | -g Use generic DNS format when printing fingerprint resource records | 119 | -g Use generic DNS format when printing fingerprint resource records |
117 | using the -r command. | 120 | using the -r command. |
118 | 121 | ||
119 | -H Hash a known_hosts file. This replaces all hostnames and ad- | 122 | -H Hash a known_hosts file. This replaces all hostnames and |
120 | dresses with hashed representations within the specified file; | 123 | addresses with hashed representations within the specified file; |
121 | the original content is moved to a file with a .old suffix. | 124 | the original content is moved to a file with a .old suffix. |
122 | These hashes may be used normally by ssh and sshd, but they do | 125 | These hashes may be used normally by ssh and sshd, but they do |
123 | not reveal identifying information should the file's contents be | 126 | not reveal identifying information should the file's contents be |
@@ -133,41 +136,48 @@ DESCRIPTION | |||
133 | the CERTIFICATES section for details. | 136 | the CERTIFICATES section for details. |
134 | 137 | ||
135 | -i This option will read an unencrypted private (or public) key file | 138 | -i This option will read an unencrypted private (or public) key file |
136 | in SSH2-compatible format and print an OpenSSH compatible private | 139 | in the format specified by the -m option and print an OpenSSH |
137 | (or public) key to stdout. ssh-keygen also reads the RFC 4716 | 140 | compatible private (or public) key to stdout. This option allows |
138 | SSH Public Key File Format. This option allows importing keys | 141 | importing keys from other software, including several commercial |
139 | from several commercial SSH implementations. | 142 | SSH implementations. The default import format is ``RFC4716''. |
140 | 143 | ||
141 | -L Prints the contents of a certificate. | 144 | -L Prints the contents of a certificate. |
142 | 145 | ||
143 | -l Show fingerprint of specified public key file. Private RSA1 keys | 146 | -l Show fingerprint of specified public key file. Private RSA1 keys |
144 | are also supported. For RSA and DSA keys ssh-keygen tries to | 147 | are also supported. For RSA and DSA keys ssh-keygen tries to |
145 | find the matching public key file and prints its fingerprint. If | 148 | find the matching public key file and prints its fingerprint. If |
146 | combined with -v, an ASCII art representation of the key is sup- | 149 | combined with -v, an ASCII art representation of the key is |
147 | plied with the fingerprint. | 150 | supplied with the fingerprint. |
148 | 151 | ||
149 | -M memory | 152 | -M memory |
150 | Specify the amount of memory to use (in megabytes) when generat- | 153 | Specify the amount of memory to use (in megabytes) when |
151 | ing candidate moduli for DH-GEX. | 154 | generating candidate moduli for DH-GEX. |
155 | |||
156 | -m key_format | ||
157 | Specify a key format for the -i (import) or -e (export) | ||
158 | conversion options. The supported key formats are: ``RFC4716'' | ||
159 | (RFC 4716/SSH2 public or private key), ``PKCS8'' (PEM PKCS8 | ||
160 | public key) or ``PEM'' (PEM public key). The default conversion | ||
161 | format is ``RFC4716''. | ||
152 | 162 | ||
153 | -N new_passphrase | 163 | -N new_passphrase |
154 | Provides the new passphrase. | 164 | Provides the new passphrase. |
155 | 165 | ||
156 | -n principals | 166 | -n principals |
157 | Specify one or more principals (user or host names) to be includ- | 167 | Specify one or more principals (user or host names) to be |
158 | ed in a certificate when signing a key. Multiple principals may | 168 | included in a certificate when signing a key. Multiple |
159 | be specified, separated by commas. Please see the CERTIFICATES | 169 | principals may be specified, separated by commas. Please see the |
160 | section for details. | 170 | CERTIFICATES section for details. |
161 | 171 | ||
162 | -O constraint | 172 | -O option |
163 | Specify a certificate constraint when signing a key. This option | 173 | Specify a certificate option when signing a key. This option may |
164 | may be specified multiple times. Please see the CERTIFICATES | 174 | be specified multiple times. Please see the CERTIFICATES section |
165 | section for details. The constraints that are valid for user | 175 | for details. The options that are valid for user certificates |
166 | certificates are: | 176 | are: |
167 | 177 | ||
168 | clear Clear all enabled permissions. This is useful for clear- | 178 | clear Clear all enabled permissions. This is useful for |
169 | ing the default set of permissions so permissions may be | 179 | clearing the default set of permissions so permissions |
170 | added individually. | 180 | may be added individually. |
171 | 181 | ||
172 | force-command=command | 182 | force-command=command |
173 | Forces the execution of command instead of any shell or | 183 | Forces the execution of command instead of any shell or |
@@ -206,11 +216,11 @@ DESCRIPTION | |||
206 | 216 | ||
207 | source-address=address_list | 217 | source-address=address_list |
208 | Restrict the source addresses from which the certificate | 218 | Restrict the source addresses from which the certificate |
209 | is considered valid. The address_list is a comma-sepa- | 219 | is considered valid. The address_list is a comma- |
210 | rated list of one or more address/netmask pairs in CIDR | 220 | separated list of one or more address/netmask pairs in |
211 | format. | 221 | CIDR format. |
212 | 222 | ||
213 | At present, no constraints are valid for host keys. | 223 | At present, no options are valid for host keys. |
214 | 224 | ||
215 | -P passphrase | 225 | -P passphrase |
216 | Provides the (old) passphrase. | 226 | Provides the (old) passphrase. |
@@ -245,21 +255,21 @@ DESCRIPTION | |||
245 | 255 | ||
246 | -t type | 256 | -t type |
247 | Specifies the type of key to create. The possible values are | 257 | Specifies the type of key to create. The possible values are |
248 | ``rsa1'' for protocol version 1 and ``rsa'' or ``dsa'' for proto- | 258 | ``rsa1'' for protocol version 1 and ``rsa'' or ``dsa'' for |
249 | col version 2. | 259 | protocol version 2. |
250 | 260 | ||
251 | -V validity_interval | 261 | -V validity_interval |
252 | Specify a validity interval when signing a certificate. A valid- | 262 | Specify a validity interval when signing a certificate. A |
253 | ity interval may consist of a single time, indicating that the | 263 | validity interval may consist of a single time, indicating that |
254 | certificate is valid beginning now and expiring at that time, or | 264 | the certificate is valid beginning now and expiring at that time, |
255 | may consist of two times separated by a colon to indicate an ex- | 265 | or may consist of two times separated by a colon to indicate an |
256 | plicit time interval. The start time may be specified as a date | 266 | explicit time interval. The start time may be specified as a |
257 | in YYYYMMDD format, a time in YYYYMMDDHHMMSS format or a relative | 267 | date in YYYYMMDD format, a time in YYYYMMDDHHMMSS format or a |
258 | time (to the current time) consisting of a minus sign followed by | 268 | relative time (to the current time) consisting of a minus sign |
259 | a relative time in the format described in the TIME FORMATS sec- | 269 | followed by a relative time in the format described in the TIME |
260 | tion of sshd_config(5). The end time may be specified as a | 270 | FORMATS section of sshd_config(5). The end time may be specified |
261 | YYYYMMDD date, a YYYYMMDDHHMMSS time or a relative time starting | 271 | as a YYYYMMDD date, a YYYYMMDDHHMMSS time or a relative time |
262 | with a plus character. | 272 | starting with a plus character. |
263 | 273 | ||
264 | For example: ``+52w1d'' (valid from now to 52 weeks and one day | 274 | For example: ``+52w1d'' (valid from now to 52 weeks and one day |
265 | from now), ``-4w:+4w'' (valid from four weeks ago to four weeks | 275 | from now), ``-4w:+4w'' (valid from four weeks ago to four weeks |
@@ -269,9 +279,9 @@ DESCRIPTION | |||
269 | 2011). | 279 | 2011). |
270 | 280 | ||
271 | -v Verbose mode. Causes ssh-keygen to print debugging messages | 281 | -v Verbose mode. Causes ssh-keygen to print debugging messages |
272 | about its progress. This is helpful for debugging moduli genera- | 282 | about its progress. This is helpful for debugging moduli |
273 | tion. Multiple -v options increase the verbosity. The maximum | 283 | generation. Multiple -v options increase the verbosity. The |
274 | is 3. | 284 | maximum is 3. |
275 | 285 | ||
276 | -W generator | 286 | -W generator |
277 | Specify desired generator when testing candidate moduli for DH- | 287 | Specify desired generator when testing candidate moduli for DH- |
@@ -280,12 +290,17 @@ DESCRIPTION | |||
280 | -y This option will read a private OpenSSH format file and print an | 290 | -y This option will read a private OpenSSH format file and print an |
281 | OpenSSH public key to stdout. | 291 | OpenSSH public key to stdout. |
282 | 292 | ||
293 | -z serial_number | ||
294 | Specifies a serial number to be embedded in the certificate to | ||
295 | distinguish this certificate from others from the same CA. The | ||
296 | default serial number is zero. | ||
297 | |||
283 | MODULI GENERATION | 298 | MODULI GENERATION |
284 | ssh-keygen may be used to generate groups for the Diffie-Hellman Group | 299 | ssh-keygen may be used to generate groups for the Diffie-Hellman Group |
285 | Exchange (DH-GEX) protocol. Generating these groups is a two-step pro- | 300 | Exchange (DH-GEX) protocol. Generating these groups is a two-step |
286 | cess: first, candidate primes are generated using a fast, but memory in- | 301 | process: first, candidate primes are generated using a fast, but memory |
287 | tensive process. These candidate primes are then tested for suitability | 302 | intensive process. These candidate primes are then tested for |
288 | (a CPU-intensive process). | 303 | suitability (a CPU-intensive process). |
289 | 304 | ||
290 | Generation of primes is performed using the -G option. The desired | 305 | Generation of primes is performed using the -G option. The desired |
291 | length of the primes may be specified by the -b option. For example: | 306 | length of the primes may be specified by the -b option. For example: |
@@ -293,8 +308,8 @@ MODULI GENERATION | |||
293 | # ssh-keygen -G moduli-2048.candidates -b 2048 | 308 | # ssh-keygen -G moduli-2048.candidates -b 2048 |
294 | 309 | ||
295 | By default, the search for primes begins at a random point in the desired | 310 | By default, the search for primes begins at a random point in the desired |
296 | length range. This may be overridden using the -S option, which speci- | 311 | length range. This may be overridden using the -S option, which |
297 | fies a different start point (in hex). | 312 | specifies a different start point (in hex). |
298 | 313 | ||
299 | Once a set of candidates have been generated, they must be tested for | 314 | Once a set of candidates have been generated, they must be tested for |
300 | suitability. This may be performed using the -T option. In this mode | 315 | suitability. This may be performed using the -T option. In this mode |
@@ -317,15 +332,15 @@ CERTIFICATES | |||
317 | ssh-keygen supports signing of keys to produce certificates that may be | 332 | ssh-keygen supports signing of keys to produce certificates that may be |
318 | used for user or host authentication. Certificates consist of a public | 333 | used for user or host authentication. Certificates consist of a public |
319 | key, some identity information, zero or more principal (user or host) | 334 | key, some identity information, zero or more principal (user or host) |
320 | names and an optional set of constraints that are signed by a Certifica- | 335 | names and a set of options that are signed by a Certification Authority |
321 | tion Authority (CA) key. Clients or servers may then trust only the CA | 336 | (CA) key. Clients or servers may then trust only the CA key and verify |
322 | key and verify its signature on a certificate rather than trusting many | 337 | its signature on a certificate rather than trusting many user/host keys. |
323 | user/host keys. Note that OpenSSH certificates are a different, and much | 338 | Note that OpenSSH certificates are a different, and much simpler, format |
324 | simpler, format to the X.509 certificates used in ssl(8). | 339 | to the X.509 certificates used in ssl(8). |
325 | 340 | ||
326 | ssh-keygen supports two types of certificates: user and host. User cer- | 341 | ssh-keygen supports two types of certificates: user and host. User |
327 | tificates authenticate users to servers, whereas host certificates au- | 342 | certificates authenticate users to servers, whereas host certificates |
328 | thenticate server hosts to users. To generate a user certificate: | 343 | authenticate server hosts to users. To generate a user certificate: |
329 | 344 | ||
330 | $ ssh-keygen -s /path/to/ca_key -I key_id /path/to/user_key.pub | 345 | $ ssh-keygen -s /path/to/ca_key -I key_id /path/to/user_key.pub |
331 | 346 | ||
@@ -334,83 +349,90 @@ CERTIFICATES | |||
334 | 349 | ||
335 | $ ssh-keygen -s /path/to/ca_key -I key_id -h /path/to/host_key.pub | 350 | $ ssh-keygen -s /path/to/ca_key -I key_id -h /path/to/host_key.pub |
336 | 351 | ||
337 | The host certificate will be output to /path/to/host_key-cert.pub. In | 352 | The host certificate will be output to /path/to/host_key-cert.pub. |
338 | both cases, key_id is a "key identifier" that is logged by the server | 353 | |
354 | It is possible to sign using a CA key stored in a PKCS#11 token by | ||
355 | providing the token library using -D and identifying the CA key by | ||
356 | providing its public half as an argument to -s: | ||
357 | |||
358 | $ ssh-keygen -s ca_key.pub -D libpkcs11.so -I key_id host_key.pub | ||
359 | |||
360 | In all cases, key_id is a "key identifier" that is logged by the server | ||
339 | when the certificate is used for authentication. | 361 | when the certificate is used for authentication. |
340 | 362 | ||
341 | Certificates may be limited to be valid for a set of principal (us- | 363 | Certificates may be limited to be valid for a set of principal |
342 | er/host) names. By default, generated certificates are valid for all | 364 | (user/host) names. By default, generated certificates are valid for all |
343 | users or hosts. To generate a certificate for a specified set of princi- | 365 | users or hosts. To generate a certificate for a specified set of |
344 | pals: | 366 | principals: |
345 | 367 | ||
346 | $ ssh-keygen -s ca_key -I key_id -n user1,user2 user_key.pub | 368 | $ ssh-keygen -s ca_key -I key_id -n user1,user2 user_key.pub |
347 | $ ssh-keygen -s ca_key -I key_id -h -n host.domain user_key.pub | 369 | $ ssh-keygen -s ca_key -I key_id -h -n host.domain user_key.pub |
348 | 370 | ||
349 | Additional limitations on the validity and use of user certificates may | 371 | Additional limitations on the validity and use of user certificates may |
350 | be specified through certificate constraints. A constrained certificate | 372 | be specified through certificate options. A certificate option may |
351 | may disable features of the SSH session, may be valid only when presented | 373 | disable features of the SSH session, may be valid only when presented |
352 | from particular source addresses or may force the use of a specific com- | 374 | from particular source addresses or may force the use of a specific |
353 | mand. For a list of valid certificate constraints, see the documentation | 375 | command. For a list of valid certificate options, see the documentation |
354 | for the -O option above. | 376 | for the -O option above. |
355 | 377 | ||
356 | Finally, certificates may be defined with a validity lifetime. The -V | 378 | Finally, certificates may be defined with a validity lifetime. The -V |
357 | option allows specification of certificate start and end times. A cer- | 379 | option allows specification of certificate start and end times. A |
358 | tificate that is presented at a time outside this range will not be con- | 380 | certificate that is presented at a time outside this range will not be |
359 | sidered valid. By default, certificates have a maximum validity inter- | 381 | considered valid. By default, certificates have a maximum validity |
360 | val. | 382 | interval. |
361 | 383 | ||
362 | For certificates to be used for user or host authentication, the CA pub- | 384 | For certificates to be used for user or host authentication, the CA |
363 | lic key must be trusted by sshd(8) or ssh(1). Please refer to those man- | 385 | public key must be trusted by sshd(8) or ssh(1). Please refer to those |
364 | ual pages for details. | 386 | manual pages for details. |
365 | 387 | ||
366 | FILES | 388 | FILES |
367 | ~/.ssh/identity | 389 | ~/.ssh/identity |
368 | Contains the protocol version 1 RSA authentication identity of | 390 | Contains the protocol version 1 RSA authentication identity of |
369 | the user. This file should not be readable by anyone but the us- | 391 | the user. This file should not be readable by anyone but the |
370 | er. It is possible to specify a passphrase when generating the | 392 | user. It is possible to specify a passphrase when generating the |
371 | key; that passphrase will be used to encrypt the private part of | 393 | key; that passphrase will be used to encrypt the private part of |
372 | this file using 128-bit AES. This file is not automatically ac- | 394 | this file using 128-bit AES. This file is not automatically |
373 | cessed by ssh-keygen but it is offered as the default file for | 395 | accessed by ssh-keygen but it is offered as the default file for |
374 | the private key. ssh(1) will read this file when a login attempt | 396 | the private key. ssh(1) will read this file when a login attempt |
375 | is made. | 397 | is made. |
376 | 398 | ||
377 | ~/.ssh/identity.pub | 399 | ~/.ssh/identity.pub |
378 | Contains the protocol version 1 RSA public key for authentica- | 400 | Contains the protocol version 1 RSA public key for |
379 | tion. The contents of this file should be added to | 401 | authentication. The contents of this file should be added to |
380 | ~/.ssh/authorized_keys on all machines where the user wishes to | 402 | ~/.ssh/authorized_keys on all machines where the user wishes to |
381 | log in using RSA authentication. There is no need to keep the | 403 | log in using RSA authentication. There is no need to keep the |
382 | contents of this file secret. | 404 | contents of this file secret. |
383 | 405 | ||
384 | ~/.ssh/id_dsa | 406 | ~/.ssh/id_dsa |
385 | Contains the protocol version 2 DSA authentication identity of | 407 | Contains the protocol version 2 DSA authentication identity of |
386 | the user. This file should not be readable by anyone but the us- | 408 | the user. This file should not be readable by anyone but the |
387 | er. It is possible to specify a passphrase when generating the | 409 | user. It is possible to specify a passphrase when generating the |
388 | key; that passphrase will be used to encrypt the private part of | 410 | key; that passphrase will be used to encrypt the private part of |
389 | this file using 128-bit AES. This file is not automatically ac- | 411 | this file using 128-bit AES. This file is not automatically |
390 | cessed by ssh-keygen but it is offered as the default file for | 412 | accessed by ssh-keygen but it is offered as the default file for |
391 | the private key. ssh(1) will read this file when a login attempt | 413 | the private key. ssh(1) will read this file when a login attempt |
392 | is made. | 414 | is made. |
393 | 415 | ||
394 | ~/.ssh/id_dsa.pub | 416 | ~/.ssh/id_dsa.pub |
395 | Contains the protocol version 2 DSA public key for authentica- | 417 | Contains the protocol version 2 DSA public key for |
396 | tion. The contents of this file should be added to | 418 | authentication. The contents of this file should be added to |
397 | ~/.ssh/authorized_keys on all machines where the user wishes to | 419 | ~/.ssh/authorized_keys on all machines where the user wishes to |
398 | log in using public key authentication. There is no need to keep | 420 | log in using public key authentication. There is no need to keep |
399 | the contents of this file secret. | 421 | the contents of this file secret. |
400 | 422 | ||
401 | ~/.ssh/id_rsa | 423 | ~/.ssh/id_rsa |
402 | Contains the protocol version 2 RSA authentication identity of | 424 | Contains the protocol version 2 RSA authentication identity of |
403 | the user. This file should not be readable by anyone but the us- | 425 | the user. This file should not be readable by anyone but the |
404 | er. It is possible to specify a passphrase when generating the | 426 | user. It is possible to specify a passphrase when generating the |
405 | key; that passphrase will be used to encrypt the private part of | 427 | key; that passphrase will be used to encrypt the private part of |
406 | this file using 128-bit AES. This file is not automatically ac- | 428 | this file using 128-bit AES. This file is not automatically |
407 | cessed by ssh-keygen but it is offered as the default file for | 429 | accessed by ssh-keygen but it is offered as the default file for |
408 | the private key. ssh(1) will read this file when a login attempt | 430 | the private key. ssh(1) will read this file when a login attempt |
409 | is made. | 431 | is made. |
410 | 432 | ||
411 | ~/.ssh/id_rsa.pub | 433 | ~/.ssh/id_rsa.pub |
412 | Contains the protocol version 2 RSA public key for authentica- | 434 | Contains the protocol version 2 RSA public key for |
413 | tion. The contents of this file should be added to | 435 | authentication. The contents of this file should be added to |
414 | ~/.ssh/authorized_keys on all machines where the user wishes to | 436 | ~/.ssh/authorized_keys on all machines where the user wishes to |
415 | log in using public key authentication. There is no need to keep | 437 | log in using public key authentication. There is no need to keep |
416 | the contents of this file secret. | 438 | the contents of this file secret. |
@@ -431,4 +453,4 @@ AUTHORS | |||
431 | created OpenSSH. Markus Friedl contributed the support for SSH protocol | 453 | created OpenSSH. Markus Friedl contributed the support for SSH protocol |
432 | versions 1.5 and 2.0. | 454 | versions 1.5 and 2.0. |
433 | 455 | ||
434 | OpenBSD 4.7 March 13, 2010 7 | 456 | OpenBSD 4.8 August 4, 2010 OpenBSD 4.8 |
diff --git a/ssh-keygen.1 b/ssh-keygen.1 index 64638aa9c..0845b4066 100644 --- a/ssh-keygen.1 +++ b/ssh-keygen.1 | |||
@@ -1,4 +1,4 @@ | |||
1 | .\" $OpenBSD: ssh-keygen.1,v 1.92 2010/03/13 23:38:13 jmc Exp $ | 1 | .\" $OpenBSD: ssh-keygen.1,v 1.98 2010/08/04 06:07:11 djm Exp $ |
2 | .\" | 2 | .\" |
3 | .\" -*- nroff -*- | 3 | .\" -*- nroff -*- |
4 | .\" | 4 | .\" |
@@ -37,15 +37,15 @@ | |||
37 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 37 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
38 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 38 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
39 | .\" | 39 | .\" |
40 | .Dd $Mdocdate: March 13 2010 $ | 40 | .Dd $Mdocdate: August 4 2010 $ |
41 | .Dt SSH-KEYGEN 1 | 41 | .Dt SSH-KEYGEN 1 |
42 | .Os | 42 | .Os |
43 | .Sh NAME | 43 | .Sh NAME |
44 | .Nm ssh-keygen | 44 | .Nm ssh-keygen |
45 | .Nd authentication key generation, management and conversion | 45 | .Nd authentication key generation, management and conversion |
46 | .Sh SYNOPSIS | 46 | .Sh SYNOPSIS |
47 | .Nm ssh-keygen | ||
48 | .Bk -words | 47 | .Bk -words |
48 | .Nm ssh-keygen | ||
49 | .Op Fl q | 49 | .Op Fl q |
50 | .Op Fl b Ar bits | 50 | .Op Fl b Ar bits |
51 | .Fl t Ar type | 51 | .Fl t Ar type |
@@ -59,9 +59,11 @@ | |||
59 | .Op Fl f Ar keyfile | 59 | .Op Fl f Ar keyfile |
60 | .Nm ssh-keygen | 60 | .Nm ssh-keygen |
61 | .Fl i | 61 | .Fl i |
62 | .Op Fl m Ar key_format | ||
62 | .Op Fl f Ar input_keyfile | 63 | .Op Fl f Ar input_keyfile |
63 | .Nm ssh-keygen | 64 | .Nm ssh-keygen |
64 | .Fl e | 65 | .Fl e |
66 | .Op Fl m Ar key_format | ||
65 | .Op Fl f Ar input_keyfile | 67 | .Op Fl f Ar input_keyfile |
66 | .Nm ssh-keygen | 68 | .Nm ssh-keygen |
67 | .Fl y | 69 | .Fl y |
@@ -110,8 +112,9 @@ | |||
110 | .Fl I Ar certificate_identity | 112 | .Fl I Ar certificate_identity |
111 | .Op Fl h | 113 | .Op Fl h |
112 | .Op Fl n Ar principals | 114 | .Op Fl n Ar principals |
113 | .Op Fl O Ar constraint | 115 | .Op Fl O Ar option |
114 | .Op Fl V Ar validity_interval | 116 | .Op Fl V Ar validity_interval |
117 | .Op Fl z Ar serial_number | ||
115 | .Ar | 118 | .Ar |
116 | .Nm ssh-keygen | 119 | .Nm ssh-keygen |
117 | .Fl L | 120 | .Fl L |
@@ -210,13 +213,20 @@ the passphrase if the key has one, and for the new comment. | |||
210 | .It Fl D Ar pkcs11 | 213 | .It Fl D Ar pkcs11 |
211 | Download the RSA public keys provided by the PKCS#11 shared library | 214 | Download the RSA public keys provided by the PKCS#11 shared library |
212 | .Ar pkcs11 . | 215 | .Ar pkcs11 . |
216 | When used in combination with | ||
217 | .Fl s , | ||
218 | this option indicates that a CA key resides in a PKCS#11 token (see the | ||
219 | .Sx CERTIFICATES | ||
220 | section for details). | ||
213 | .It Fl e | 221 | .It Fl e |
214 | This option will read a private or public OpenSSH key file and | 222 | This option will read a private or public OpenSSH key file and |
215 | print the key in | 223 | print to stdout the key in one of the formats specified by the |
216 | RFC 4716 SSH Public Key File Format | 224 | .Fl m |
217 | to stdout. | 225 | option. |
218 | This option allows exporting keys for use by several commercial | 226 | The default export format is |
219 | SSH implementations. | 227 | .Dq RFC4716 . |
228 | This option allows exporting OpenSSH keys for use by other programs, including | ||
229 | several commercial SSH implementations. | ||
220 | .It Fl F Ar hostname | 230 | .It Fl F Ar hostname |
221 | Search for the specified | 231 | Search for the specified |
222 | .Ar hostname | 232 | .Ar hostname |
@@ -267,13 +277,14 @@ Please see the | |||
267 | section for details. | 277 | section for details. |
268 | .It Fl i | 278 | .It Fl i |
269 | This option will read an unencrypted private (or public) key file | 279 | This option will read an unencrypted private (or public) key file |
270 | in SSH2-compatible format and print an OpenSSH compatible private | 280 | in the format specified by the |
281 | .Fl m | ||
282 | option and print an OpenSSH compatible private | ||
271 | (or public) key to stdout. | 283 | (or public) key to stdout. |
272 | .Nm | 284 | This option allows importing keys from other software, including several |
273 | also reads the | 285 | commercial SSH implementations. |
274 | RFC 4716 SSH Public Key File Format. | 286 | The default import format is |
275 | This option allows importing keys from several commercial | 287 | .Dq RFC4716 . |
276 | SSH implementations. | ||
277 | .It Fl L | 288 | .It Fl L |
278 | Prints the contents of a certificate. | 289 | Prints the contents of a certificate. |
279 | .It Fl l | 290 | .It Fl l |
@@ -288,6 +299,22 @@ an ASCII art representation of the key is supplied with the fingerprint. | |||
288 | .It Fl M Ar memory | 299 | .It Fl M Ar memory |
289 | Specify the amount of memory to use (in megabytes) when generating | 300 | Specify the amount of memory to use (in megabytes) when generating |
290 | candidate moduli for DH-GEX. | 301 | candidate moduli for DH-GEX. |
302 | .It Fl m Ar key_format | ||
303 | Specify a key format for the | ||
304 | .Fl i | ||
305 | (import) or | ||
306 | .Fl e | ||
307 | (export) conversion options. | ||
308 | The supported key formats are: | ||
309 | .Dq RFC4716 | ||
310 | (RFC 4716/SSH2 public or private key), | ||
311 | .Dq PKCS8 | ||
312 | (PEM PKCS8 public key) | ||
313 | or | ||
314 | .Dq PEM | ||
315 | (PEM public key). | ||
316 | The default conversion format is | ||
317 | .Dq RFC4716 . | ||
291 | .It Fl N Ar new_passphrase | 318 | .It Fl N Ar new_passphrase |
292 | Provides the new passphrase. | 319 | Provides the new passphrase. |
293 | .It Fl n Ar principals | 320 | .It Fl n Ar principals |
@@ -297,13 +324,13 @@ Multiple principals may be specified, separated by commas. | |||
297 | Please see the | 324 | Please see the |
298 | .Sx CERTIFICATES | 325 | .Sx CERTIFICATES |
299 | section for details. | 326 | section for details. |
300 | .It Fl O Ar constraint | 327 | .It Fl O Ar option |
301 | Specify a certificate constraint when signing a key. | 328 | Specify a certificate option when signing a key. |
302 | This option may be specified multiple times. | 329 | This option may be specified multiple times. |
303 | Please see the | 330 | Please see the |
304 | .Sx CERTIFICATES | 331 | .Sx CERTIFICATES |
305 | section for details. | 332 | section for details. |
306 | The constraints that are valid for user certificates are: | 333 | The options that are valid for user certificates are: |
307 | .Bl -tag -width Ds | 334 | .Bl -tag -width Ds |
308 | .It Ic clear | 335 | .It Ic clear |
309 | Clear all enabled permissions. | 336 | Clear all enabled permissions. |
@@ -353,7 +380,7 @@ is a comma-separated list of one or more address/netmask pairs in CIDR | |||
353 | format. | 380 | format. |
354 | .El | 381 | .El |
355 | .Pp | 382 | .Pp |
356 | At present, no constraints are valid for host keys. | 383 | At present, no options are valid for host keys. |
357 | .It Fl P Ar passphrase | 384 | .It Fl P Ar passphrase |
358 | Provides the (old) passphrase. | 385 | Provides the (old) passphrase. |
359 | .It Fl p | 386 | .It Fl p |
@@ -437,6 +464,10 @@ Specify desired generator when testing candidate moduli for DH-GEX. | |||
437 | .It Fl y | 464 | .It Fl y |
438 | This option will read a private | 465 | This option will read a private |
439 | OpenSSH format file and print an OpenSSH public key to stdout. | 466 | OpenSSH format file and print an OpenSSH public key to stdout. |
467 | .It Fl z Ar serial_number | ||
468 | Specifies a serial number to be embedded in the certificate to distinguish | ||
469 | this certificate from others from the same CA. | ||
470 | The default serial number is zero. | ||
440 | .El | 471 | .El |
441 | .Sh MODULI GENERATION | 472 | .Sh MODULI GENERATION |
442 | .Nm | 473 | .Nm |
@@ -497,7 +528,7 @@ that both ends of a connection share common moduli. | |||
497 | supports signing of keys to produce certificates that may be used for | 528 | supports signing of keys to produce certificates that may be used for |
498 | user or host authentication. | 529 | user or host authentication. |
499 | Certificates consist of a public key, some identity information, zero or | 530 | Certificates consist of a public key, some identity information, zero or |
500 | more principal (user or host) names and an optional set of constraints that | 531 | more principal (user or host) names and a set of options that |
501 | are signed by a Certification Authority (CA) key. | 532 | are signed by a Certification Authority (CA) key. |
502 | Clients or servers may then trust only the CA key and verify its signature | 533 | Clients or servers may then trust only the CA key and verify its signature |
503 | on a certificate rather than trusting many user/host keys. | 534 | on a certificate rather than trusting many user/host keys. |
@@ -523,7 +554,17 @@ option: | |||
523 | .Pp | 554 | .Pp |
524 | The host certificate will be output to | 555 | The host certificate will be output to |
525 | .Pa /path/to/host_key-cert.pub . | 556 | .Pa /path/to/host_key-cert.pub . |
526 | In both cases, | 557 | .Pp |
558 | It is possible to sign using a CA key stored in a PKCS#11 token by | ||
559 | providing the token library using | ||
560 | .Fl D | ||
561 | and identifying the CA key by providing its public half as an argument | ||
562 | to | ||
563 | .Fl s : | ||
564 | .Pp | ||
565 | .Dl $ ssh-keygen -s ca_key.pub -D libpkcs11.so -I key_id host_key.pub | ||
566 | .Pp | ||
567 | In all cases, | ||
527 | .Ar key_id | 568 | .Ar key_id |
528 | is a "key identifier" that is logged by the server when the certificate | 569 | is a "key identifier" that is logged by the server when the certificate |
529 | is used for authentication. | 570 | is used for authentication. |
@@ -537,11 +578,11 @@ To generate a certificate for a specified set of principals: | |||
537 | .Dl "$ ssh-keygen -s ca_key -I key_id -h -n host.domain user_key.pub" | 578 | .Dl "$ ssh-keygen -s ca_key -I key_id -h -n host.domain user_key.pub" |
538 | .Pp | 579 | .Pp |
539 | Additional limitations on the validity and use of user certificates may | 580 | Additional limitations on the validity and use of user certificates may |
540 | be specified through certificate constraints. | 581 | be specified through certificate options. |
541 | A constrained certificate may disable features of the SSH session, may be | 582 | A certificate option may disable features of the SSH session, may be |
542 | valid only when presented from particular source addresses or may | 583 | valid only when presented from particular source addresses or may |
543 | force the use of a specific command. | 584 | force the use of a specific command. |
544 | For a list of valid certificate constraints, see the documentation for the | 585 | For a list of valid certificate options, see the documentation for the |
545 | .Fl O | 586 | .Fl O |
546 | option above. | 587 | option above. |
547 | .Pp | 588 | .Pp |
diff --git a/ssh-keygen.c b/ssh-keygen.c index 37e516ff2..d90b1dfdd 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-keygen.c,v 1.185 2010/03/15 19:40:02 stevesk Exp $ */ | 1 | /* $OpenBSD: ssh-keygen.c,v 1.197 2010/08/04 06:07:11 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -105,6 +105,9 @@ char *identity_comment = NULL; | |||
105 | /* Path to CA key when certifying keys. */ | 105 | /* Path to CA key when certifying keys. */ |
106 | char *ca_key_path = NULL; | 106 | char *ca_key_path = NULL; |
107 | 107 | ||
108 | /* Certificate serial number */ | ||
109 | long long cert_serial = 0; | ||
110 | |||
108 | /* Key type when certifying */ | 111 | /* Key type when certifying */ |
109 | u_int cert_key_type = SSH2_CERT_TYPE_USER; | 112 | u_int cert_key_type = SSH2_CERT_TYPE_USER; |
110 | 113 | ||
@@ -118,27 +121,34 @@ char *cert_principals = NULL; | |||
118 | u_int64_t cert_valid_from = 0; | 121 | u_int64_t cert_valid_from = 0; |
119 | u_int64_t cert_valid_to = ~0ULL; | 122 | u_int64_t cert_valid_to = ~0ULL; |
120 | 123 | ||
121 | /* Certificate constraints */ | 124 | /* Certificate options */ |
122 | #define CONSTRAINT_X_FWD (1) | 125 | #define CERTOPT_X_FWD (1) |
123 | #define CONSTRAINT_AGENT_FWD (1<<1) | 126 | #define CERTOPT_AGENT_FWD (1<<1) |
124 | #define CONSTRAINT_PORT_FWD (1<<2) | 127 | #define CERTOPT_PORT_FWD (1<<2) |
125 | #define CONSTRAINT_PTY (1<<3) | 128 | #define CERTOPT_PTY (1<<3) |
126 | #define CONSTRAINT_USER_RC (1<<4) | 129 | #define CERTOPT_USER_RC (1<<4) |
127 | #define CONSTRAINT_DEFAULT (CONSTRAINT_X_FWD|CONSTRAINT_AGENT_FWD| \ | 130 | #define CERTOPT_DEFAULT (CERTOPT_X_FWD|CERTOPT_AGENT_FWD| \ |
128 | CONSTRAINT_PORT_FWD|CONSTRAINT_PTY| \ | 131 | CERTOPT_PORT_FWD|CERTOPT_PTY|CERTOPT_USER_RC) |
129 | CONSTRAINT_USER_RC) | 132 | u_int32_t certflags_flags = CERTOPT_DEFAULT; |
130 | u_int32_t constraint_flags = CONSTRAINT_DEFAULT; | 133 | char *certflags_command = NULL; |
131 | char *constraint_command = NULL; | 134 | char *certflags_src_addr = NULL; |
132 | char *constraint_src_addr = NULL; | 135 | |
133 | 136 | /* Conversion to/from various formats */ | |
134 | /* Dump public key file in format used by real and the original SSH 2 */ | 137 | int convert_to = 0; |
135 | int convert_to_ssh2 = 0; | 138 | int convert_from = 0; |
136 | int convert_from_ssh2 = 0; | 139 | enum { |
140 | FMT_RFC4716, | ||
141 | FMT_PKCS8, | ||
142 | FMT_PEM | ||
143 | } convert_format = FMT_RFC4716; | ||
137 | int print_public = 0; | 144 | int print_public = 0; |
138 | int print_generic = 0; | 145 | int print_generic = 0; |
139 | 146 | ||
140 | char *key_type_name = NULL; | 147 | char *key_type_name = NULL; |
141 | 148 | ||
149 | /* Load key from this PKCS#11 provider */ | ||
150 | char *pkcs11provider = NULL; | ||
151 | |||
142 | /* argv0 */ | 152 | /* argv0 */ |
143 | extern char *__progname; | 153 | extern char *__progname; |
144 | 154 | ||
@@ -161,9 +171,13 @@ ask_filename(struct passwd *pw, const char *prompt) | |||
161 | case KEY_RSA1: | 171 | case KEY_RSA1: |
162 | name = _PATH_SSH_CLIENT_IDENTITY; | 172 | name = _PATH_SSH_CLIENT_IDENTITY; |
163 | break; | 173 | break; |
174 | case KEY_DSA_CERT: | ||
175 | case KEY_DSA_CERT_V00: | ||
164 | case KEY_DSA: | 176 | case KEY_DSA: |
165 | name = _PATH_SSH_CLIENT_ID_DSA; | 177 | name = _PATH_SSH_CLIENT_ID_DSA; |
166 | break; | 178 | break; |
179 | case KEY_RSA_CERT: | ||
180 | case KEY_RSA_CERT_V00: | ||
167 | case KEY_RSA: | 181 | case KEY_RSA: |
168 | name = _PATH_SSH_CLIENT_ID_RSA; | 182 | name = _PATH_SSH_CLIENT_ID_RSA; |
169 | break; | 183 | break; |
@@ -209,30 +223,12 @@ load_identity(char *filename) | |||
209 | #define SSH_COM_PRIVATE_KEY_MAGIC 0x3f6ff9eb | 223 | #define SSH_COM_PRIVATE_KEY_MAGIC 0x3f6ff9eb |
210 | 224 | ||
211 | static void | 225 | static void |
212 | do_convert_to_ssh2(struct passwd *pw) | 226 | do_convert_to_ssh2(struct passwd *pw, Key *k) |
213 | { | 227 | { |
214 | Key *k; | ||
215 | u_int len; | 228 | u_int len; |
216 | u_char *blob; | 229 | u_char *blob; |
217 | char comment[61]; | 230 | char comment[61]; |
218 | struct stat st; | ||
219 | 231 | ||
220 | if (!have_identity) | ||
221 | ask_filename(pw, "Enter file in which the key is"); | ||
222 | if (stat(identity_file, &st) < 0) { | ||
223 | perror(identity_file); | ||
224 | exit(1); | ||
225 | } | ||
226 | if ((k = key_load_public(identity_file, NULL)) == NULL) { | ||
227 | if ((k = load_identity(identity_file)) == NULL) { | ||
228 | fprintf(stderr, "load failed\n"); | ||
229 | exit(1); | ||
230 | } | ||
231 | } | ||
232 | if (k->type == KEY_RSA1) { | ||
233 | fprintf(stderr, "version 1 keys are not supported\n"); | ||
234 | exit(1); | ||
235 | } | ||
236 | if (key_to_blob(k, &blob, &len) <= 0) { | 232 | if (key_to_blob(k, &blob, &len) <= 0) { |
237 | fprintf(stderr, "key_to_blob failed\n"); | 233 | fprintf(stderr, "key_to_blob failed\n"); |
238 | exit(1); | 234 | exit(1); |
@@ -253,6 +249,81 @@ do_convert_to_ssh2(struct passwd *pw) | |||
253 | } | 249 | } |
254 | 250 | ||
255 | static void | 251 | static void |
252 | do_convert_to_pkcs8(Key *k) | ||
253 | { | ||
254 | switch (key_type_plain(k->type)) { | ||
255 | case KEY_RSA: | ||
256 | if (!PEM_write_RSA_PUBKEY(stdout, k->rsa)) | ||
257 | fatal("PEM_write_RSA_PUBKEY failed"); | ||
258 | break; | ||
259 | case KEY_DSA: | ||
260 | if (!PEM_write_DSA_PUBKEY(stdout, k->dsa)) | ||
261 | fatal("PEM_write_DSA_PUBKEY failed"); | ||
262 | break; | ||
263 | default: | ||
264 | fatal("%s: unsupported key type %s", __func__, key_type(k)); | ||
265 | } | ||
266 | exit(0); | ||
267 | } | ||
268 | |||
269 | static void | ||
270 | do_convert_to_pem(Key *k) | ||
271 | { | ||
272 | switch (key_type_plain(k->type)) { | ||
273 | case KEY_RSA: | ||
274 | if (!PEM_write_RSAPublicKey(stdout, k->rsa)) | ||
275 | fatal("PEM_write_RSAPublicKey failed"); | ||
276 | break; | ||
277 | #if notyet /* OpenSSH 0.9.8 lacks this function */ | ||
278 | case KEY_DSA: | ||
279 | if (!PEM_write_DSAPublicKey(stdout, k->dsa)) | ||
280 | fatal("PEM_write_DSAPublicKey failed"); | ||
281 | break; | ||
282 | #endif | ||
283 | default: | ||
284 | fatal("%s: unsupported key type %s", __func__, key_type(k)); | ||
285 | } | ||
286 | exit(0); | ||
287 | } | ||
288 | |||
289 | static void | ||
290 | do_convert_to(struct passwd *pw) | ||
291 | { | ||
292 | Key *k; | ||
293 | struct stat st; | ||
294 | |||
295 | if (!have_identity) | ||
296 | ask_filename(pw, "Enter file in which the key is"); | ||
297 | if (stat(identity_file, &st) < 0) | ||
298 | fatal("%s: %s: %s", __progname, identity_file, strerror(errno)); | ||
299 | if ((k = key_load_public(identity_file, NULL)) == NULL) { | ||
300 | if ((k = load_identity(identity_file)) == NULL) { | ||
301 | fprintf(stderr, "load failed\n"); | ||
302 | exit(1); | ||
303 | } | ||
304 | } | ||
305 | if (k->type == KEY_RSA1) { | ||
306 | fprintf(stderr, "version 1 keys are not supported\n"); | ||
307 | exit(1); | ||
308 | } | ||
309 | |||
310 | switch (convert_format) { | ||
311 | case FMT_RFC4716: | ||
312 | do_convert_to_ssh2(pw, k); | ||
313 | break; | ||
314 | case FMT_PKCS8: | ||
315 | do_convert_to_pkcs8(k); | ||
316 | break; | ||
317 | case FMT_PEM: | ||
318 | do_convert_to_pem(k); | ||
319 | break; | ||
320 | default: | ||
321 | fatal("%s: unknown key format %d", __func__, convert_format); | ||
322 | } | ||
323 | exit(0); | ||
324 | } | ||
325 | |||
326 | static void | ||
256 | buffer_get_bignum_bits(Buffer *b, BIGNUM *value) | 327 | buffer_get_bignum_bits(Buffer *b, BIGNUM *value) |
257 | { | 328 | { |
258 | u_int bignum_bits = buffer_get_int(b); | 329 | u_int bignum_bits = buffer_get_int(b); |
@@ -390,29 +461,18 @@ get_line(FILE *fp, char *line, size_t len) | |||
390 | } | 461 | } |
391 | 462 | ||
392 | static void | 463 | static void |
393 | do_convert_from_ssh2(struct passwd *pw) | 464 | do_convert_from_ssh2(struct passwd *pw, Key **k, int *private) |
394 | { | 465 | { |
395 | Key *k; | ||
396 | int blen; | 466 | int blen; |
397 | u_int len; | 467 | u_int len; |
398 | char line[1024]; | 468 | char line[1024]; |
399 | u_char blob[8096]; | 469 | u_char blob[8096]; |
400 | char encoded[8096]; | 470 | char encoded[8096]; |
401 | struct stat st; | 471 | int escaped = 0; |
402 | int escaped = 0, private = 0, ok; | ||
403 | FILE *fp; | 472 | FILE *fp; |
404 | 473 | ||
405 | if (!have_identity) | 474 | if ((fp = fopen(identity_file, "r")) == NULL) |
406 | ask_filename(pw, "Enter file in which the key is"); | 475 | fatal("%s: %s: %s", __progname, identity_file, strerror(errno)); |
407 | if (stat(identity_file, &st) < 0) { | ||
408 | perror(identity_file); | ||
409 | exit(1); | ||
410 | } | ||
411 | fp = fopen(identity_file, "r"); | ||
412 | if (fp == NULL) { | ||
413 | perror(identity_file); | ||
414 | exit(1); | ||
415 | } | ||
416 | encoded[0] = '\0'; | 476 | encoded[0] = '\0'; |
417 | while ((blen = get_line(fp, line, sizeof(line))) != -1) { | 477 | while ((blen = get_line(fp, line, sizeof(line))) != -1) { |
418 | if (line[blen - 1] == '\\') | 478 | if (line[blen - 1] == '\\') |
@@ -420,7 +480,7 @@ do_convert_from_ssh2(struct passwd *pw) | |||
420 | if (strncmp(line, "----", 4) == 0 || | 480 | if (strncmp(line, "----", 4) == 0 || |
421 | strstr(line, ": ") != NULL) { | 481 | strstr(line, ": ") != NULL) { |
422 | if (strstr(line, SSH_COM_PRIVATE_BEGIN) != NULL) | 482 | if (strstr(line, SSH_COM_PRIVATE_BEGIN) != NULL) |
423 | private = 1; | 483 | *private = 1; |
424 | if (strstr(line, " END ") != NULL) { | 484 | if (strstr(line, " END ") != NULL) { |
425 | break; | 485 | break; |
426 | } | 486 | } |
@@ -445,26 +505,130 @@ do_convert_from_ssh2(struct passwd *pw) | |||
445 | fprintf(stderr, "uudecode failed.\n"); | 505 | fprintf(stderr, "uudecode failed.\n"); |
446 | exit(1); | 506 | exit(1); |
447 | } | 507 | } |
448 | k = private ? | 508 | *k = *private ? |
449 | do_convert_private_ssh2_from_blob(blob, blen) : | 509 | do_convert_private_ssh2_from_blob(blob, blen) : |
450 | key_from_blob(blob, blen); | 510 | key_from_blob(blob, blen); |
451 | if (k == NULL) { | 511 | if (*k == NULL) { |
452 | fprintf(stderr, "decode blob failed.\n"); | 512 | fprintf(stderr, "decode blob failed.\n"); |
453 | exit(1); | 513 | exit(1); |
454 | } | 514 | } |
455 | ok = private ? | 515 | fclose(fp); |
456 | (k->type == KEY_DSA ? | 516 | } |
457 | PEM_write_DSAPrivateKey(stdout, k->dsa, NULL, NULL, 0, NULL, NULL) : | 517 | |
458 | PEM_write_RSAPrivateKey(stdout, k->rsa, NULL, NULL, 0, NULL, NULL)) : | 518 | static void |
459 | key_write(k, stdout); | 519 | do_convert_from_pkcs8(Key **k, int *private) |
520 | { | ||
521 | EVP_PKEY *pubkey; | ||
522 | FILE *fp; | ||
523 | |||
524 | if ((fp = fopen(identity_file, "r")) == NULL) | ||
525 | fatal("%s: %s: %s", __progname, identity_file, strerror(errno)); | ||
526 | if ((pubkey = PEM_read_PUBKEY(fp, NULL, NULL, NULL)) == NULL) { | ||
527 | fatal("%s: %s is not a recognised public key format", __func__, | ||
528 | identity_file); | ||
529 | } | ||
530 | fclose(fp); | ||
531 | switch (EVP_PKEY_type(pubkey->type)) { | ||
532 | case EVP_PKEY_RSA: | ||
533 | *k = key_new(KEY_UNSPEC); | ||
534 | (*k)->type = KEY_RSA; | ||
535 | (*k)->rsa = EVP_PKEY_get1_RSA(pubkey); | ||
536 | break; | ||
537 | case EVP_PKEY_DSA: | ||
538 | *k = key_new(KEY_UNSPEC); | ||
539 | (*k)->type = KEY_DSA; | ||
540 | (*k)->dsa = EVP_PKEY_get1_DSA(pubkey); | ||
541 | break; | ||
542 | default: | ||
543 | fatal("%s: unsupported pubkey type %d", __func__, | ||
544 | EVP_PKEY_type(pubkey->type)); | ||
545 | } | ||
546 | EVP_PKEY_free(pubkey); | ||
547 | return; | ||
548 | } | ||
549 | |||
550 | static void | ||
551 | do_convert_from_pem(Key **k, int *private) | ||
552 | { | ||
553 | FILE *fp; | ||
554 | RSA *rsa; | ||
555 | #ifdef notyet | ||
556 | DSA *dsa; | ||
557 | #endif | ||
558 | |||
559 | if ((fp = fopen(identity_file, "r")) == NULL) | ||
560 | fatal("%s: %s: %s", __progname, identity_file, strerror(errno)); | ||
561 | if ((rsa = PEM_read_RSAPublicKey(fp, NULL, NULL, NULL)) != NULL) { | ||
562 | *k = key_new(KEY_UNSPEC); | ||
563 | (*k)->type = KEY_RSA; | ||
564 | (*k)->rsa = rsa; | ||
565 | fclose(fp); | ||
566 | return; | ||
567 | } | ||
568 | #if notyet /* OpenSSH 0.9.8 lacks this function */ | ||
569 | rewind(fp); | ||
570 | if ((dsa = PEM_read_DSAPublicKey(fp, NULL, NULL, NULL)) != NULL) { | ||
571 | *k = key_new(KEY_UNSPEC); | ||
572 | (*k)->type = KEY_DSA; | ||
573 | (*k)->dsa = dsa; | ||
574 | fclose(fp); | ||
575 | return; | ||
576 | } | ||
577 | #endif | ||
578 | fatal("%s: unrecognised raw private key format", __func__); | ||
579 | } | ||
580 | |||
581 | static void | ||
582 | do_convert_from(struct passwd *pw) | ||
583 | { | ||
584 | Key *k = NULL; | ||
585 | int private = 0, ok = 0; | ||
586 | struct stat st; | ||
587 | |||
588 | if (!have_identity) | ||
589 | ask_filename(pw, "Enter file in which the key is"); | ||
590 | if (stat(identity_file, &st) < 0) | ||
591 | fatal("%s: %s: %s", __progname, identity_file, strerror(errno)); | ||
592 | |||
593 | switch (convert_format) { | ||
594 | case FMT_RFC4716: | ||
595 | do_convert_from_ssh2(pw, &k, &private); | ||
596 | break; | ||
597 | case FMT_PKCS8: | ||
598 | do_convert_from_pkcs8(&k, &private); | ||
599 | break; | ||
600 | case FMT_PEM: | ||
601 | do_convert_from_pem(&k, &private); | ||
602 | break; | ||
603 | default: | ||
604 | fatal("%s: unknown key format %d", __func__, convert_format); | ||
605 | } | ||
606 | |||
607 | if (!private) | ||
608 | ok = key_write(k, stdout); | ||
609 | if (ok) | ||
610 | fprintf(stdout, "\n"); | ||
611 | else { | ||
612 | switch (k->type) { | ||
613 | case KEY_DSA: | ||
614 | ok = PEM_write_DSAPrivateKey(stdout, k->dsa, NULL, | ||
615 | NULL, 0, NULL, NULL); | ||
616 | break; | ||
617 | case KEY_RSA: | ||
618 | ok = PEM_write_RSAPrivateKey(stdout, k->rsa, NULL, | ||
619 | NULL, 0, NULL, NULL); | ||
620 | break; | ||
621 | default: | ||
622 | fatal("%s: unsupported key type %s", __func__, | ||
623 | key_type(k)); | ||
624 | } | ||
625 | } | ||
626 | |||
460 | if (!ok) { | 627 | if (!ok) { |
461 | fprintf(stderr, "key write failed\n"); | 628 | fprintf(stderr, "key write failed\n"); |
462 | exit(1); | 629 | exit(1); |
463 | } | 630 | } |
464 | key_free(k); | 631 | key_free(k); |
465 | if (!private) | ||
466 | fprintf(stdout, "\n"); | ||
467 | fclose(fp); | ||
468 | exit(0); | 632 | exit(0); |
469 | } | 633 | } |
470 | 634 | ||
@@ -493,7 +657,7 @@ do_print_public(struct passwd *pw) | |||
493 | } | 657 | } |
494 | 658 | ||
495 | static void | 659 | static void |
496 | do_download(struct passwd *pw, char *pkcs11provider) | 660 | do_download(struct passwd *pw) |
497 | { | 661 | { |
498 | #ifdef ENABLE_PKCS11 | 662 | #ifdef ENABLE_PKCS11 |
499 | Key **keys = NULL; | 663 | Key **keys = NULL; |
@@ -555,67 +719,68 @@ do_fingerprint(struct passwd *pw) | |||
555 | comment = NULL; | 719 | comment = NULL; |
556 | } | 720 | } |
557 | 721 | ||
558 | f = fopen(identity_file, "r"); | 722 | if ((f = fopen(identity_file, "r")) == NULL) |
559 | if (f != NULL) { | 723 | fatal("%s: %s: %s", __progname, identity_file, strerror(errno)); |
560 | while (fgets(line, sizeof(line), f)) { | ||
561 | if ((cp = strchr(line, '\n')) == NULL) { | ||
562 | error("line %d too long: %.40s...", | ||
563 | num + 1, line); | ||
564 | skip = 1; | ||
565 | continue; | ||
566 | } | ||
567 | num++; | ||
568 | if (skip) { | ||
569 | skip = 0; | ||
570 | continue; | ||
571 | } | ||
572 | *cp = '\0'; | ||
573 | 724 | ||
574 | /* Skip leading whitespace, empty and comment lines. */ | 725 | while (fgets(line, sizeof(line), f)) { |
575 | for (cp = line; *cp == ' ' || *cp == '\t'; cp++) | 726 | if ((cp = strchr(line, '\n')) == NULL) { |
576 | ; | 727 | error("line %d too long: %.40s...", |
577 | if (!*cp || *cp == '\n' || *cp == '#') | 728 | num + 1, line); |
578 | continue; | 729 | skip = 1; |
579 | i = strtol(cp, &ep, 10); | 730 | continue; |
580 | if (i == 0 || ep == NULL || (*ep != ' ' && *ep != '\t')) { | 731 | } |
581 | int quoted = 0; | 732 | num++; |
582 | comment = cp; | 733 | if (skip) { |
583 | for (; *cp && (quoted || (*cp != ' ' && | 734 | skip = 0; |
584 | *cp != '\t')); cp++) { | 735 | continue; |
585 | if (*cp == '\\' && cp[1] == '"') | 736 | } |
586 | cp++; /* Skip both */ | 737 | *cp = '\0'; |
587 | else if (*cp == '"') | 738 | |
588 | quoted = !quoted; | 739 | /* Skip leading whitespace, empty and comment lines. */ |
589 | } | 740 | for (cp = line; *cp == ' ' || *cp == '\t'; cp++) |
590 | if (!*cp) | 741 | ; |
591 | continue; | 742 | if (!*cp || *cp == '\n' || *cp == '#') |
592 | *cp++ = '\0'; | 743 | continue; |
744 | i = strtol(cp, &ep, 10); | ||
745 | if (i == 0 || ep == NULL || (*ep != ' ' && *ep != '\t')) { | ||
746 | int quoted = 0; | ||
747 | comment = cp; | ||
748 | for (; *cp && (quoted || (*cp != ' ' && | ||
749 | *cp != '\t')); cp++) { | ||
750 | if (*cp == '\\' && cp[1] == '"') | ||
751 | cp++; /* Skip both */ | ||
752 | else if (*cp == '"') | ||
753 | quoted = !quoted; | ||
593 | } | 754 | } |
594 | ep = cp; | 755 | if (!*cp) |
595 | public = key_new(KEY_RSA1); | 756 | continue; |
757 | *cp++ = '\0'; | ||
758 | } | ||
759 | ep = cp; | ||
760 | public = key_new(KEY_RSA1); | ||
761 | if (key_read(public, &cp) != 1) { | ||
762 | cp = ep; | ||
763 | key_free(public); | ||
764 | public = key_new(KEY_UNSPEC); | ||
596 | if (key_read(public, &cp) != 1) { | 765 | if (key_read(public, &cp) != 1) { |
597 | cp = ep; | ||
598 | key_free(public); | 766 | key_free(public); |
599 | public = key_new(KEY_UNSPEC); | 767 | continue; |
600 | if (key_read(public, &cp) != 1) { | ||
601 | key_free(public); | ||
602 | continue; | ||
603 | } | ||
604 | } | 768 | } |
605 | comment = *cp ? cp : comment; | ||
606 | fp = key_fingerprint(public, fptype, rep); | ||
607 | ra = key_fingerprint(public, SSH_FP_MD5, SSH_FP_RANDOMART); | ||
608 | printf("%u %s %s (%s)\n", key_size(public), fp, | ||
609 | comment ? comment : "no comment", key_type(public)); | ||
610 | if (log_level >= SYSLOG_LEVEL_VERBOSE) | ||
611 | printf("%s\n", ra); | ||
612 | xfree(ra); | ||
613 | xfree(fp); | ||
614 | key_free(public); | ||
615 | invalid = 0; | ||
616 | } | 769 | } |
617 | fclose(f); | 770 | comment = *cp ? cp : comment; |
771 | fp = key_fingerprint(public, fptype, rep); | ||
772 | ra = key_fingerprint(public, SSH_FP_MD5, SSH_FP_RANDOMART); | ||
773 | printf("%u %s %s (%s)\n", key_size(public), fp, | ||
774 | comment ? comment : "no comment", key_type(public)); | ||
775 | if (log_level >= SYSLOG_LEVEL_VERBOSE) | ||
776 | printf("%s\n", ra); | ||
777 | xfree(ra); | ||
778 | xfree(fp); | ||
779 | key_free(public); | ||
780 | invalid = 0; | ||
618 | } | 781 | } |
782 | fclose(f); | ||
783 | |||
619 | if (invalid) { | 784 | if (invalid) { |
620 | printf("%s is not a public key file.\n", identity_file); | 785 | printf("%s is not a public key file.\n", identity_file); |
621 | exit(1); | 786 | exit(1); |
@@ -670,7 +835,7 @@ do_known_hosts(struct passwd *pw, const char *name) | |||
670 | have_identity = 1; | 835 | have_identity = 1; |
671 | } | 836 | } |
672 | if ((in = fopen(identity_file, "r")) == NULL) | 837 | if ((in = fopen(identity_file, "r")) == NULL) |
673 | fatal("fopen: %s", strerror(errno)); | 838 | fatal("%s: %s: %s", __progname, identity_file, strerror(errno)); |
674 | 839 | ||
675 | /* | 840 | /* |
676 | * Find hosts goes to stdout, hash and deletions happen in-place | 841 | * Find hosts goes to stdout, hash and deletions happen in-place |
@@ -1104,7 +1269,7 @@ fmt_validity(u_int64_t valid_from, u_int64_t valid_to) | |||
1104 | } | 1269 | } |
1105 | 1270 | ||
1106 | static void | 1271 | static void |
1107 | add_flag_constraint(Buffer *c, const char *name) | 1272 | add_flag_option(Buffer *c, const char *name) |
1108 | { | 1273 | { |
1109 | debug3("%s: %s", __func__, name); | 1274 | debug3("%s: %s", __func__, name); |
1110 | buffer_put_cstring(c, name); | 1275 | buffer_put_cstring(c, name); |
@@ -1112,7 +1277,7 @@ add_flag_constraint(Buffer *c, const char *name) | |||
1112 | } | 1277 | } |
1113 | 1278 | ||
1114 | static void | 1279 | static void |
1115 | add_string_constraint(Buffer *c, const char *name, const char *value) | 1280 | add_string_option(Buffer *c, const char *name, const char *value) |
1116 | { | 1281 | { |
1117 | Buffer b; | 1282 | Buffer b; |
1118 | 1283 | ||
@@ -1126,25 +1291,62 @@ add_string_constraint(Buffer *c, const char *name, const char *value) | |||
1126 | buffer_free(&b); | 1291 | buffer_free(&b); |
1127 | } | 1292 | } |
1128 | 1293 | ||
1294 | #define OPTIONS_CRITICAL 1 | ||
1295 | #define OPTIONS_EXTENSIONS 2 | ||
1129 | static void | 1296 | static void |
1130 | prepare_constraint_buf(Buffer *c) | 1297 | prepare_options_buf(Buffer *c, int which) |
1131 | { | 1298 | { |
1132 | |||
1133 | buffer_clear(c); | 1299 | buffer_clear(c); |
1134 | if ((constraint_flags & CONSTRAINT_X_FWD) != 0) | 1300 | if ((which & OPTIONS_CRITICAL) != 0 && |
1135 | add_flag_constraint(c, "permit-X11-forwarding"); | 1301 | certflags_command != NULL) |
1136 | if ((constraint_flags & CONSTRAINT_AGENT_FWD) != 0) | 1302 | add_string_option(c, "force-command", certflags_command); |
1137 | add_flag_constraint(c, "permit-agent-forwarding"); | 1303 | if ((which & OPTIONS_EXTENSIONS) != 0 && |
1138 | if ((constraint_flags & CONSTRAINT_PORT_FWD) != 0) | 1304 | (certflags_flags & CERTOPT_AGENT_FWD) != 0) |
1139 | add_flag_constraint(c, "permit-port-forwarding"); | 1305 | add_flag_option(c, "permit-agent-forwarding"); |
1140 | if ((constraint_flags & CONSTRAINT_PTY) != 0) | 1306 | if ((which & OPTIONS_EXTENSIONS) != 0 && |
1141 | add_flag_constraint(c, "permit-pty"); | 1307 | (certflags_flags & CERTOPT_PORT_FWD) != 0) |
1142 | if ((constraint_flags & CONSTRAINT_USER_RC) != 0) | 1308 | add_flag_option(c, "permit-port-forwarding"); |
1143 | add_flag_constraint(c, "permit-user-rc"); | 1309 | if ((which & OPTIONS_EXTENSIONS) != 0 && |
1144 | if (constraint_command != NULL) | 1310 | (certflags_flags & CERTOPT_PTY) != 0) |
1145 | add_string_constraint(c, "force-command", constraint_command); | 1311 | add_flag_option(c, "permit-pty"); |
1146 | if (constraint_src_addr != NULL) | 1312 | if ((which & OPTIONS_EXTENSIONS) != 0 && |
1147 | add_string_constraint(c, "source-address", constraint_src_addr); | 1313 | (certflags_flags & CERTOPT_USER_RC) != 0) |
1314 | add_flag_option(c, "permit-user-rc"); | ||
1315 | if ((which & OPTIONS_EXTENSIONS) != 0 && | ||
1316 | (certflags_flags & CERTOPT_X_FWD) != 0) | ||
1317 | add_flag_option(c, "permit-X11-forwarding"); | ||
1318 | if ((which & OPTIONS_CRITICAL) != 0 && | ||
1319 | certflags_src_addr != NULL) | ||
1320 | add_string_option(c, "source-address", certflags_src_addr); | ||
1321 | } | ||
1322 | |||
1323 | static Key * | ||
1324 | load_pkcs11_key(char *path) | ||
1325 | { | ||
1326 | #ifdef ENABLE_PKCS11 | ||
1327 | Key **keys = NULL, *public, *private = NULL; | ||
1328 | int i, nkeys; | ||
1329 | |||
1330 | if ((public = key_load_public(path, NULL)) == NULL) | ||
1331 | fatal("Couldn't load CA public key \"%s\"", path); | ||
1332 | |||
1333 | nkeys = pkcs11_add_provider(pkcs11provider, identity_passphrase, &keys); | ||
1334 | debug3("%s: %d keys", __func__, nkeys); | ||
1335 | if (nkeys <= 0) | ||
1336 | fatal("cannot read public key from pkcs11"); | ||
1337 | for (i = 0; i < nkeys; i++) { | ||
1338 | if (key_equal_public(public, keys[i])) { | ||
1339 | private = keys[i]; | ||
1340 | continue; | ||
1341 | } | ||
1342 | key_free(keys[i]); | ||
1343 | } | ||
1344 | xfree(keys); | ||
1345 | key_free(public); | ||
1346 | return private; | ||
1347 | #else | ||
1348 | fatal("no pkcs11 support"); | ||
1349 | #endif /* ENABLE_PKCS11 */ | ||
1148 | } | 1350 | } |
1149 | 1351 | ||
1150 | static void | 1352 | static void |
@@ -1155,9 +1357,33 @@ do_ca_sign(struct passwd *pw, int argc, char **argv) | |||
1155 | Key *ca, *public; | 1357 | Key *ca, *public; |
1156 | char *otmp, *tmp, *cp, *out, *comment, **plist = NULL; | 1358 | char *otmp, *tmp, *cp, *out, *comment, **plist = NULL; |
1157 | FILE *f; | 1359 | FILE *f; |
1360 | int v00 = 0; /* legacy keys */ | ||
1361 | |||
1362 | if (key_type_name != NULL) { | ||
1363 | switch (key_type_from_name(key_type_name)) { | ||
1364 | case KEY_RSA_CERT_V00: | ||
1365 | case KEY_DSA_CERT_V00: | ||
1366 | v00 = 1; | ||
1367 | break; | ||
1368 | case KEY_UNSPEC: | ||
1369 | if (strcasecmp(key_type_name, "v00") == 0) { | ||
1370 | v00 = 1; | ||
1371 | break; | ||
1372 | } else if (strcasecmp(key_type_name, "v01") == 0) | ||
1373 | break; | ||
1374 | /* FALLTHROUGH */ | ||
1375 | default: | ||
1376 | fprintf(stderr, "unknown key type %s\n", key_type_name); | ||
1377 | exit(1); | ||
1378 | } | ||
1379 | } | ||
1158 | 1380 | ||
1381 | pkcs11_init(1); | ||
1159 | tmp = tilde_expand_filename(ca_key_path, pw->pw_uid); | 1382 | tmp = tilde_expand_filename(ca_key_path, pw->pw_uid); |
1160 | if ((ca = load_identity(tmp)) == NULL) | 1383 | if (pkcs11provider != NULL) { |
1384 | if ((ca = load_pkcs11_key(tmp)) == NULL) | ||
1385 | fatal("No PKCS#11 key matching %s found", ca_key_path); | ||
1386 | } else if ((ca = load_identity(tmp)) == NULL) | ||
1161 | fatal("Couldn't load CA key \"%s\"", tmp); | 1387 | fatal("Couldn't load CA key \"%s\"", tmp); |
1162 | xfree(tmp); | 1388 | xfree(tmp); |
1163 | 1389 | ||
@@ -1183,15 +1409,24 @@ do_ca_sign(struct passwd *pw, int argc, char **argv) | |||
1183 | __func__, tmp, key_type(public)); | 1409 | __func__, tmp, key_type(public)); |
1184 | 1410 | ||
1185 | /* Prepare certificate to sign */ | 1411 | /* Prepare certificate to sign */ |
1186 | if (key_to_certified(public) != 0) | 1412 | if (key_to_certified(public, v00) != 0) |
1187 | fatal("Could not upgrade key %s to certificate", tmp); | 1413 | fatal("Could not upgrade key %s to certificate", tmp); |
1188 | public->cert->type = cert_key_type; | 1414 | public->cert->type = cert_key_type; |
1415 | public->cert->serial = (u_int64_t)cert_serial; | ||
1189 | public->cert->key_id = xstrdup(cert_key_id); | 1416 | public->cert->key_id = xstrdup(cert_key_id); |
1190 | public->cert->nprincipals = n; | 1417 | public->cert->nprincipals = n; |
1191 | public->cert->principals = plist; | 1418 | public->cert->principals = plist; |
1192 | public->cert->valid_after = cert_valid_from; | 1419 | public->cert->valid_after = cert_valid_from; |
1193 | public->cert->valid_before = cert_valid_to; | 1420 | public->cert->valid_before = cert_valid_to; |
1194 | prepare_constraint_buf(&public->cert->constraints); | 1421 | if (v00) { |
1422 | prepare_options_buf(&public->cert->critical, | ||
1423 | OPTIONS_CRITICAL|OPTIONS_EXTENSIONS); | ||
1424 | } else { | ||
1425 | prepare_options_buf(&public->cert->critical, | ||
1426 | OPTIONS_CRITICAL); | ||
1427 | prepare_options_buf(&public->cert->extensions, | ||
1428 | OPTIONS_EXTENSIONS); | ||
1429 | } | ||
1195 | public->cert->signature_key = key_from_private(ca); | 1430 | public->cert->signature_key = key_from_private(ca); |
1196 | 1431 | ||
1197 | if (key_certify(public, ca) != 0) | 1432 | if (key_certify(public, ca) != 0) |
@@ -1212,17 +1447,19 @@ do_ca_sign(struct passwd *pw, int argc, char **argv) | |||
1212 | fprintf(f, " %s\n", comment); | 1447 | fprintf(f, " %s\n", comment); |
1213 | fclose(f); | 1448 | fclose(f); |
1214 | 1449 | ||
1215 | if (!quiet) | 1450 | if (!quiet) { |
1216 | logit("Signed %s key %s: id \"%s\"%s%s valid %s", | 1451 | logit("Signed %s key %s: id \"%s\" serial %llu%s%s " |
1217 | cert_key_type == SSH2_CERT_TYPE_USER?"user":"host", | 1452 | "valid %s", key_cert_type(public), |
1218 | out, cert_key_id, | 1453 | out, public->cert->key_id, public->cert->serial, |
1219 | cert_principals != NULL ? " for " : "", | 1454 | cert_principals != NULL ? " for " : "", |
1220 | cert_principals != NULL ? cert_principals : "", | 1455 | cert_principals != NULL ? cert_principals : "", |
1221 | fmt_validity(cert_valid_from, cert_valid_to)); | 1456 | fmt_validity(cert_valid_from, cert_valid_to)); |
1457 | } | ||
1222 | 1458 | ||
1223 | key_free(public); | 1459 | key_free(public); |
1224 | xfree(out); | 1460 | xfree(out); |
1225 | } | 1461 | } |
1462 | pkcs11_terminate(); | ||
1226 | exit(0); | 1463 | exit(0); |
1227 | } | 1464 | } |
1228 | 1465 | ||
@@ -1321,50 +1558,92 @@ parse_cert_times(char *timespec) | |||
1321 | } | 1558 | } |
1322 | 1559 | ||
1323 | static void | 1560 | static void |
1324 | add_cert_constraint(char *opt) | 1561 | add_cert_option(char *opt) |
1325 | { | 1562 | { |
1326 | char *val; | 1563 | char *val; |
1327 | 1564 | ||
1328 | if (strcmp(opt, "clear") == 0) | 1565 | if (strcmp(opt, "clear") == 0) |
1329 | constraint_flags = 0; | 1566 | certflags_flags = 0; |
1330 | else if (strcasecmp(opt, "no-x11-forwarding") == 0) | 1567 | else if (strcasecmp(opt, "no-x11-forwarding") == 0) |
1331 | constraint_flags &= ~CONSTRAINT_X_FWD; | 1568 | certflags_flags &= ~CERTOPT_X_FWD; |
1332 | else if (strcasecmp(opt, "permit-x11-forwarding") == 0) | 1569 | else if (strcasecmp(opt, "permit-x11-forwarding") == 0) |
1333 | constraint_flags |= CONSTRAINT_X_FWD; | 1570 | certflags_flags |= CERTOPT_X_FWD; |
1334 | else if (strcasecmp(opt, "no-agent-forwarding") == 0) | 1571 | else if (strcasecmp(opt, "no-agent-forwarding") == 0) |
1335 | constraint_flags &= ~CONSTRAINT_AGENT_FWD; | 1572 | certflags_flags &= ~CERTOPT_AGENT_FWD; |
1336 | else if (strcasecmp(opt, "permit-agent-forwarding") == 0) | 1573 | else if (strcasecmp(opt, "permit-agent-forwarding") == 0) |
1337 | constraint_flags |= CONSTRAINT_AGENT_FWD; | 1574 | certflags_flags |= CERTOPT_AGENT_FWD; |
1338 | else if (strcasecmp(opt, "no-port-forwarding") == 0) | 1575 | else if (strcasecmp(opt, "no-port-forwarding") == 0) |
1339 | constraint_flags &= ~CONSTRAINT_PORT_FWD; | 1576 | certflags_flags &= ~CERTOPT_PORT_FWD; |
1340 | else if (strcasecmp(opt, "permit-port-forwarding") == 0) | 1577 | else if (strcasecmp(opt, "permit-port-forwarding") == 0) |
1341 | constraint_flags |= CONSTRAINT_PORT_FWD; | 1578 | certflags_flags |= CERTOPT_PORT_FWD; |
1342 | else if (strcasecmp(opt, "no-pty") == 0) | 1579 | else if (strcasecmp(opt, "no-pty") == 0) |
1343 | constraint_flags &= ~CONSTRAINT_PTY; | 1580 | certflags_flags &= ~CERTOPT_PTY; |
1344 | else if (strcasecmp(opt, "permit-pty") == 0) | 1581 | else if (strcasecmp(opt, "permit-pty") == 0) |
1345 | constraint_flags |= CONSTRAINT_PTY; | 1582 | certflags_flags |= CERTOPT_PTY; |
1346 | else if (strcasecmp(opt, "no-user-rc") == 0) | 1583 | else if (strcasecmp(opt, "no-user-rc") == 0) |
1347 | constraint_flags &= ~CONSTRAINT_USER_RC; | 1584 | certflags_flags &= ~CERTOPT_USER_RC; |
1348 | else if (strcasecmp(opt, "permit-user-rc") == 0) | 1585 | else if (strcasecmp(opt, "permit-user-rc") == 0) |
1349 | constraint_flags |= CONSTRAINT_USER_RC; | 1586 | certflags_flags |= CERTOPT_USER_RC; |
1350 | else if (strncasecmp(opt, "force-command=", 14) == 0) { | 1587 | else if (strncasecmp(opt, "force-command=", 14) == 0) { |
1351 | val = opt + 14; | 1588 | val = opt + 14; |
1352 | if (*val == '\0') | 1589 | if (*val == '\0') |
1353 | fatal("Empty force-command constraint"); | 1590 | fatal("Empty force-command option"); |
1354 | if (constraint_command != NULL) | 1591 | if (certflags_command != NULL) |
1355 | fatal("force-command already specified"); | 1592 | fatal("force-command already specified"); |
1356 | constraint_command = xstrdup(val); | 1593 | certflags_command = xstrdup(val); |
1357 | } else if (strncasecmp(opt, "source-address=", 15) == 0) { | 1594 | } else if (strncasecmp(opt, "source-address=", 15) == 0) { |
1358 | val = opt + 15; | 1595 | val = opt + 15; |
1359 | if (*val == '\0') | 1596 | if (*val == '\0') |
1360 | fatal("Empty source-address constraint"); | 1597 | fatal("Empty source-address option"); |
1361 | if (constraint_src_addr != NULL) | 1598 | if (certflags_src_addr != NULL) |
1362 | fatal("source-address already specified"); | 1599 | fatal("source-address already specified"); |
1363 | if (addr_match_cidr_list(NULL, val) != 0) | 1600 | if (addr_match_cidr_list(NULL, val) != 0) |
1364 | fatal("Invalid source-address list"); | 1601 | fatal("Invalid source-address list"); |
1365 | constraint_src_addr = xstrdup(val); | 1602 | certflags_src_addr = xstrdup(val); |
1366 | } else | 1603 | } else |
1367 | fatal("Unsupported certificate constraint \"%s\"", opt); | 1604 | fatal("Unsupported certificate option \"%s\"", opt); |
1605 | } | ||
1606 | |||
1607 | static void | ||
1608 | show_options(const Buffer *optbuf, int v00, int in_critical) | ||
1609 | { | ||
1610 | u_char *name, *data; | ||
1611 | u_int dlen; | ||
1612 | Buffer options, option; | ||
1613 | |||
1614 | buffer_init(&options); | ||
1615 | buffer_append(&options, buffer_ptr(optbuf), buffer_len(optbuf)); | ||
1616 | |||
1617 | buffer_init(&option); | ||
1618 | while (buffer_len(&options) != 0) { | ||
1619 | name = buffer_get_string(&options, NULL); | ||
1620 | data = buffer_get_string_ptr(&options, &dlen); | ||
1621 | buffer_append(&option, data, dlen); | ||
1622 | printf(" %s", name); | ||
1623 | if ((v00 || !in_critical) && | ||
1624 | (strcmp(name, "permit-X11-forwarding") == 0 || | ||
1625 | strcmp(name, "permit-agent-forwarding") == 0 || | ||
1626 | strcmp(name, "permit-port-forwarding") == 0 || | ||
1627 | strcmp(name, "permit-pty") == 0 || | ||
1628 | strcmp(name, "permit-user-rc") == 0)) | ||
1629 | printf("\n"); | ||
1630 | else if ((v00 || in_critical) && | ||
1631 | (strcmp(name, "force-command") == 0 || | ||
1632 | strcmp(name, "source-address") == 0)) { | ||
1633 | data = buffer_get_string(&option, NULL); | ||
1634 | printf(" %s\n", data); | ||
1635 | xfree(data); | ||
1636 | } else { | ||
1637 | printf(" UNKNOWN OPTION (len %u)\n", | ||
1638 | buffer_len(&option)); | ||
1639 | buffer_clear(&option); | ||
1640 | } | ||
1641 | xfree(name); | ||
1642 | if (buffer_len(&option) != 0) | ||
1643 | fatal("Option corrupt: extra data at end"); | ||
1644 | } | ||
1645 | buffer_free(&option); | ||
1646 | buffer_free(&options); | ||
1368 | } | 1647 | } |
1369 | 1648 | ||
1370 | static void | 1649 | static void |
@@ -1373,31 +1652,31 @@ do_show_cert(struct passwd *pw) | |||
1373 | Key *key; | 1652 | Key *key; |
1374 | struct stat st; | 1653 | struct stat st; |
1375 | char *key_fp, *ca_fp; | 1654 | char *key_fp, *ca_fp; |
1376 | Buffer constraints, constraint; | 1655 | u_int i, v00; |
1377 | u_char *name, *data; | ||
1378 | u_int i, dlen; | ||
1379 | 1656 | ||
1380 | if (!have_identity) | 1657 | if (!have_identity) |
1381 | ask_filename(pw, "Enter file in which the key is"); | 1658 | ask_filename(pw, "Enter file in which the key is"); |
1382 | if (stat(identity_file, &st) < 0) { | 1659 | if (stat(identity_file, &st) < 0) |
1383 | perror(identity_file); | 1660 | fatal("%s: %s: %s", __progname, identity_file, strerror(errno)); |
1384 | exit(1); | ||
1385 | } | ||
1386 | if ((key = key_load_public(identity_file, NULL)) == NULL) | 1661 | if ((key = key_load_public(identity_file, NULL)) == NULL) |
1387 | fatal("%s is not a public key", identity_file); | 1662 | fatal("%s is not a public key", identity_file); |
1388 | if (!key_is_cert(key)) | 1663 | if (!key_is_cert(key)) |
1389 | fatal("%s is not a certificate", identity_file); | 1664 | fatal("%s is not a certificate", identity_file); |
1390 | 1665 | v00 = key->type == KEY_RSA_CERT_V00 || key->type == KEY_DSA_CERT_V00; | |
1666 | |||
1391 | key_fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); | 1667 | key_fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); |
1392 | ca_fp = key_fingerprint(key->cert->signature_key, | 1668 | ca_fp = key_fingerprint(key->cert->signature_key, |
1393 | SSH_FP_MD5, SSH_FP_HEX); | 1669 | SSH_FP_MD5, SSH_FP_HEX); |
1394 | 1670 | ||
1395 | printf("%s:\n", identity_file); | 1671 | printf("%s:\n", identity_file); |
1396 | printf(" %s %s certificate %s\n", key_type(key), | 1672 | printf(" Type: %s %s certificate\n", key_ssh_name(key), |
1397 | key_cert_type(key), key_fp); | 1673 | key_cert_type(key)); |
1398 | printf(" Signed by %s CA %s\n", | 1674 | printf(" Public key: %s %s\n", key_type(key), key_fp); |
1675 | printf(" Signing CA: %s %s\n", | ||
1399 | key_type(key->cert->signature_key), ca_fp); | 1676 | key_type(key->cert->signature_key), ca_fp); |
1400 | printf(" Key ID \"%s\"\n", key->cert->key_id); | 1677 | printf(" Key ID: \"%s\"\n", key->cert->key_id); |
1678 | if (!v00) | ||
1679 | printf(" Serial: %llu\n", key->cert->serial); | ||
1401 | printf(" Valid: %s\n", | 1680 | printf(" Valid: %s\n", |
1402 | fmt_validity(key->cert->valid_after, key->cert->valid_before)); | 1681 | fmt_validity(key->cert->valid_after, key->cert->valid_before)); |
1403 | printf(" Principals: "); | 1682 | printf(" Principals: "); |
@@ -1409,45 +1688,22 @@ do_show_cert(struct passwd *pw) | |||
1409 | key->cert->principals[i]); | 1688 | key->cert->principals[i]); |
1410 | printf("\n"); | 1689 | printf("\n"); |
1411 | } | 1690 | } |
1412 | printf(" Constraints: "); | 1691 | printf(" Critical Options: "); |
1413 | if (buffer_len(&key->cert->constraints) == 0) | 1692 | if (buffer_len(&key->cert->critical) == 0) |
1414 | printf("(none)\n"); | 1693 | printf("(none)\n"); |
1415 | else { | 1694 | else { |
1416 | printf("\n"); | 1695 | printf("\n"); |
1417 | buffer_init(&constraints); | 1696 | show_options(&key->cert->critical, v00, 1); |
1418 | buffer_append(&constraints, | 1697 | } |
1419 | buffer_ptr(&key->cert->constraints), | 1698 | if (!v00) { |
1420 | buffer_len(&key->cert->constraints)); | 1699 | printf(" Extensions: "); |
1421 | buffer_init(&constraint); | 1700 | if (buffer_len(&key->cert->extensions) == 0) |
1422 | while (buffer_len(&constraints) != 0) { | 1701 | printf("(none)\n"); |
1423 | name = buffer_get_string(&constraints, NULL); | 1702 | else { |
1424 | data = buffer_get_string_ptr(&constraints, &dlen); | 1703 | printf("\n"); |
1425 | buffer_append(&constraint, data, dlen); | 1704 | show_options(&key->cert->extensions, v00, 0); |
1426 | printf(" %s", name); | ||
1427 | if (strcmp(name, "permit-X11-forwarding") == 0 || | ||
1428 | strcmp(name, "permit-agent-forwarding") == 0 || | ||
1429 | strcmp(name, "permit-port-forwarding") == 0 || | ||
1430 | strcmp(name, "permit-pty") == 0 || | ||
1431 | strcmp(name, "permit-user-rc") == 0) | ||
1432 | printf("\n"); | ||
1433 | else if (strcmp(name, "force-command") == 0 || | ||
1434 | strcmp(name, "source-address") == 0) { | ||
1435 | data = buffer_get_string(&constraint, NULL); | ||
1436 | printf(" %s\n", data); | ||
1437 | xfree(data); | ||
1438 | } else { | ||
1439 | printf(" UNKNOWN CONSTRAINT (len %u)\n", | ||
1440 | buffer_len(&constraint)); | ||
1441 | buffer_clear(&constraint); | ||
1442 | } | ||
1443 | xfree(name); | ||
1444 | if (buffer_len(&constraint) != 0) | ||
1445 | fatal("Constraint corrupt: extra data at end"); | ||
1446 | } | 1705 | } |
1447 | buffer_free(&constraint); | ||
1448 | buffer_free(&constraints); | ||
1449 | } | 1706 | } |
1450 | |||
1451 | exit(0); | 1707 | exit(0); |
1452 | } | 1708 | } |
1453 | 1709 | ||
@@ -1464,7 +1720,7 @@ usage(void) | |||
1464 | #ifdef ENABLE_PKCS11 | 1720 | #ifdef ENABLE_PKCS11 |
1465 | fprintf(stderr, " -D pkcs11 Download public key from pkcs11 token.\n"); | 1721 | fprintf(stderr, " -D pkcs11 Download public key from pkcs11 token.\n"); |
1466 | #endif | 1722 | #endif |
1467 | fprintf(stderr, " -e Convert OpenSSH to RFC 4716 key file.\n"); | 1723 | fprintf(stderr, " -e Export OpenSSH to foreign format key file.\n"); |
1468 | fprintf(stderr, " -F hostname Find hostname in known hosts file.\n"); | 1724 | fprintf(stderr, " -F hostname Find hostname in known hosts file.\n"); |
1469 | fprintf(stderr, " -f filename Filename of the key file.\n"); | 1725 | fprintf(stderr, " -f filename Filename of the key file.\n"); |
1470 | fprintf(stderr, " -G file Generate candidates for DH-GEX moduli.\n"); | 1726 | fprintf(stderr, " -G file Generate candidates for DH-GEX moduli.\n"); |
@@ -1472,26 +1728,28 @@ usage(void) | |||
1472 | fprintf(stderr, " -H Hash names in known_hosts file.\n"); | 1728 | fprintf(stderr, " -H Hash names in known_hosts file.\n"); |
1473 | fprintf(stderr, " -h Generate host certificate instead of a user certificate.\n"); | 1729 | fprintf(stderr, " -h Generate host certificate instead of a user certificate.\n"); |
1474 | fprintf(stderr, " -I key_id Key identifier to include in certificate.\n"); | 1730 | fprintf(stderr, " -I key_id Key identifier to include in certificate.\n"); |
1475 | fprintf(stderr, " -i Convert RFC 4716 to OpenSSH key file.\n"); | 1731 | fprintf(stderr, " -i Import foreign format to OpenSSH key file.\n"); |
1476 | fprintf(stderr, " -L Print the contents of a certificate.\n"); | 1732 | fprintf(stderr, " -L Print the contents of a certificate.\n"); |
1477 | fprintf(stderr, " -l Show fingerprint of key file.\n"); | 1733 | fprintf(stderr, " -l Show fingerprint of key file.\n"); |
1478 | fprintf(stderr, " -M memory Amount of memory (MB) to use for generating DH-GEX moduli.\n"); | 1734 | fprintf(stderr, " -M memory Amount of memory (MB) to use for generating DH-GEX moduli.\n"); |
1479 | fprintf(stderr, " -n name,... User/host principal names to include in certificate\n"); | 1735 | fprintf(stderr, " -m key_fmt Conversion format for -e/-i (PEM|PKCS8|RFC4716).\n"); |
1480 | fprintf(stderr, " -N phrase Provide new passphrase.\n"); | 1736 | fprintf(stderr, " -N phrase Provide new passphrase.\n"); |
1481 | fprintf(stderr, " -O cnstr Specify a certificate constraint.\n"); | 1737 | fprintf(stderr, " -n name,... User/host principal names to include in certificate\n"); |
1738 | fprintf(stderr, " -O option Specify a certificate option.\n"); | ||
1482 | fprintf(stderr, " -P phrase Provide old passphrase.\n"); | 1739 | fprintf(stderr, " -P phrase Provide old passphrase.\n"); |
1483 | fprintf(stderr, " -p Change passphrase of private key file.\n"); | 1740 | fprintf(stderr, " -p Change passphrase of private key file.\n"); |
1484 | fprintf(stderr, " -q Quiet.\n"); | 1741 | fprintf(stderr, " -q Quiet.\n"); |
1485 | fprintf(stderr, " -R hostname Remove host from known_hosts file.\n"); | 1742 | fprintf(stderr, " -R hostname Remove host from known_hosts file.\n"); |
1486 | fprintf(stderr, " -r hostname Print DNS resource record.\n"); | 1743 | fprintf(stderr, " -r hostname Print DNS resource record.\n"); |
1487 | fprintf(stderr, " -s ca_key Certify keys with CA key.\n"); | ||
1488 | fprintf(stderr, " -S start Start point (hex) for generating DH-GEX moduli.\n"); | 1744 | fprintf(stderr, " -S start Start point (hex) for generating DH-GEX moduli.\n"); |
1745 | fprintf(stderr, " -s ca_key Certify keys with CA key.\n"); | ||
1489 | fprintf(stderr, " -T file Screen candidates for DH-GEX moduli.\n"); | 1746 | fprintf(stderr, " -T file Screen candidates for DH-GEX moduli.\n"); |
1490 | fprintf(stderr, " -t type Specify type of key to create.\n"); | 1747 | fprintf(stderr, " -t type Specify type of key to create.\n"); |
1491 | fprintf(stderr, " -V from:to Specify certificate validity interval.\n"); | 1748 | fprintf(stderr, " -V from:to Specify certificate validity interval.\n"); |
1492 | fprintf(stderr, " -v Verbose.\n"); | 1749 | fprintf(stderr, " -v Verbose.\n"); |
1493 | fprintf(stderr, " -W gen Generator to use for generating DH-GEX moduli.\n"); | 1750 | fprintf(stderr, " -W gen Generator to use for generating DH-GEX moduli.\n"); |
1494 | fprintf(stderr, " -y Read private key file and print public key.\n"); | 1751 | fprintf(stderr, " -y Read private key file and print public key.\n"); |
1752 | fprintf(stderr, " -z serial Specify a serial number.\n"); | ||
1495 | 1753 | ||
1496 | exit(1); | 1754 | exit(1); |
1497 | } | 1755 | } |
@@ -1503,12 +1761,12 @@ int | |||
1503 | main(int argc, char **argv) | 1761 | main(int argc, char **argv) |
1504 | { | 1762 | { |
1505 | char dotsshdir[MAXPATHLEN], comment[1024], *passphrase1, *passphrase2; | 1763 | char dotsshdir[MAXPATHLEN], comment[1024], *passphrase1, *passphrase2; |
1506 | char out_file[MAXPATHLEN], *pkcs11provider = NULL; | 1764 | char out_file[MAXPATHLEN], *rr_hostname = NULL; |
1507 | char *rr_hostname = NULL; | ||
1508 | Key *private, *public; | 1765 | Key *private, *public; |
1509 | struct passwd *pw; | 1766 | struct passwd *pw; |
1510 | struct stat st; | 1767 | struct stat st; |
1511 | int opt, type, fd; | 1768 | int opt, type, fd; |
1769 | u_int maxbits; | ||
1512 | u_int32_t memory = 0, generator_wanted = 0, trials = 100; | 1770 | u_int32_t memory = 0, generator_wanted = 0, trials = 100; |
1513 | int do_gen_candidates = 0, do_screen_candidates = 0; | 1771 | int do_gen_candidates = 0, do_screen_candidates = 0; |
1514 | BIGNUM *start = NULL; | 1772 | BIGNUM *start = NULL; |
@@ -1540,8 +1798,8 @@ main(int argc, char **argv) | |||
1540 | exit(1); | 1798 | exit(1); |
1541 | } | 1799 | } |
1542 | 1800 | ||
1543 | while ((opt = getopt(argc, argv, "degiqpclBHLhvxXyF:b:f:t:D:I:P:N:n:" | 1801 | while ((opt = getopt(argc, argv, "degiqpclBHLhvxXyF:b:f:t:D:I:P:m:N:n:" |
1544 | "O:C:r:g:R:T:G:M:S:s:a:V:W:")) != -1) { | 1802 | "O:C:r:g:R:T:G:M:S:s:a:V:W:z:")) != -1) { |
1545 | switch (opt) { | 1803 | switch (opt) { |
1546 | case 'b': | 1804 | case 'b': |
1547 | bits = (u_int32_t)strtonum(optarg, 768, 32768, &errstr); | 1805 | bits = (u_int32_t)strtonum(optarg, 768, 32768, &errstr); |
@@ -1572,6 +1830,21 @@ main(int argc, char **argv) | |||
1572 | case 'B': | 1830 | case 'B': |
1573 | print_bubblebabble = 1; | 1831 | print_bubblebabble = 1; |
1574 | break; | 1832 | break; |
1833 | case 'm': | ||
1834 | if (strcasecmp(optarg, "RFC4716") == 0 || | ||
1835 | strcasecmp(optarg, "ssh2") == 0) { | ||
1836 | convert_format = FMT_RFC4716; | ||
1837 | break; | ||
1838 | } | ||
1839 | if (strcasecmp(optarg, "PKCS8") == 0) { | ||
1840 | convert_format = FMT_PKCS8; | ||
1841 | break; | ||
1842 | } | ||
1843 | if (strcasecmp(optarg, "PEM") == 0) { | ||
1844 | convert_format = FMT_PEM; | ||
1845 | break; | ||
1846 | } | ||
1847 | fatal("Unsupported conversion format \"%s\"", optarg); | ||
1575 | case 'n': | 1848 | case 'n': |
1576 | cert_principals = optarg; | 1849 | cert_principals = optarg; |
1577 | break; | 1850 | break; |
@@ -1597,7 +1870,7 @@ main(int argc, char **argv) | |||
1597 | identity_new_passphrase = optarg; | 1870 | identity_new_passphrase = optarg; |
1598 | break; | 1871 | break; |
1599 | case 'O': | 1872 | case 'O': |
1600 | add_cert_constraint(optarg); | 1873 | add_cert_option(optarg); |
1601 | break; | 1874 | break; |
1602 | case 'C': | 1875 | case 'C': |
1603 | identity_comment = optarg; | 1876 | identity_comment = optarg; |
@@ -1608,16 +1881,16 @@ main(int argc, char **argv) | |||
1608 | case 'e': | 1881 | case 'e': |
1609 | case 'x': | 1882 | case 'x': |
1610 | /* export key */ | 1883 | /* export key */ |
1611 | convert_to_ssh2 = 1; | 1884 | convert_to = 1; |
1612 | break; | 1885 | break; |
1613 | case 'h': | 1886 | case 'h': |
1614 | cert_key_type = SSH2_CERT_TYPE_HOST; | 1887 | cert_key_type = SSH2_CERT_TYPE_HOST; |
1615 | constraint_flags = 0; | 1888 | certflags_flags = 0; |
1616 | break; | 1889 | break; |
1617 | case 'i': | 1890 | case 'i': |
1618 | case 'X': | 1891 | case 'X': |
1619 | /* import key */ | 1892 | /* import key */ |
1620 | convert_from_ssh2 = 1; | 1893 | convert_from = 1; |
1621 | break; | 1894 | break; |
1622 | case 'y': | 1895 | case 'y': |
1623 | print_public = 1; | 1896 | print_public = 1; |
@@ -1661,9 +1934,8 @@ main(int argc, char **argv) | |||
1661 | break; | 1934 | break; |
1662 | case 'M': | 1935 | case 'M': |
1663 | memory = (u_int32_t)strtonum(optarg, 1, UINT_MAX, &errstr); | 1936 | memory = (u_int32_t)strtonum(optarg, 1, UINT_MAX, &errstr); |
1664 | if (errstr) { | 1937 | if (errstr) |
1665 | fatal("Memory limit is %s: %s", errstr, optarg); | 1938 | fatal("Memory limit is %s: %s", errstr, optarg); |
1666 | } | ||
1667 | break; | 1939 | break; |
1668 | case 'G': | 1940 | case 'G': |
1669 | do_gen_candidates = 1; | 1941 | do_gen_candidates = 1; |
@@ -1685,6 +1957,11 @@ main(int argc, char **argv) | |||
1685 | case 'V': | 1957 | case 'V': |
1686 | parse_cert_times(optarg); | 1958 | parse_cert_times(optarg); |
1687 | break; | 1959 | break; |
1960 | case 'z': | ||
1961 | cert_serial = strtonum(optarg, 0, LLONG_MAX, &errstr); | ||
1962 | if (errstr) | ||
1963 | fatal("Invalid serial number: %s", errstr); | ||
1964 | break; | ||
1688 | case '?': | 1965 | case '?': |
1689 | default: | 1966 | default: |
1690 | usage(); | 1967 | usage(); |
@@ -1729,10 +2006,10 @@ main(int argc, char **argv) | |||
1729 | do_change_passphrase(pw); | 2006 | do_change_passphrase(pw); |
1730 | if (change_comment) | 2007 | if (change_comment) |
1731 | do_change_comment(pw); | 2008 | do_change_comment(pw); |
1732 | if (convert_to_ssh2) | 2009 | if (convert_to) |
1733 | do_convert_to_ssh2(pw); | 2010 | do_convert_to(pw); |
1734 | if (convert_from_ssh2) | 2011 | if (convert_from) |
1735 | do_convert_from_ssh2(pw); | 2012 | do_convert_from(pw); |
1736 | if (print_public) | 2013 | if (print_public) |
1737 | do_print_public(pw); | 2014 | do_print_public(pw); |
1738 | if (rr_hostname != NULL) { | 2015 | if (rr_hostname != NULL) { |
@@ -1759,7 +2036,7 @@ main(int argc, char **argv) | |||
1759 | } | 2036 | } |
1760 | } | 2037 | } |
1761 | if (pkcs11provider != NULL) | 2038 | if (pkcs11provider != NULL) |
1762 | do_download(pw, pkcs11provider); | 2039 | do_download(pw); |
1763 | 2040 | ||
1764 | if (do_gen_candidates) { | 2041 | if (do_gen_candidates) { |
1765 | FILE *out = fopen(out_file, "w"); | 2042 | FILE *out = fopen(out_file, "w"); |
@@ -1811,6 +2088,12 @@ main(int argc, char **argv) | |||
1811 | } | 2088 | } |
1812 | if (bits == 0) | 2089 | if (bits == 0) |
1813 | bits = (type == KEY_DSA) ? DEFAULT_BITS_DSA : DEFAULT_BITS; | 2090 | bits = (type == KEY_DSA) ? DEFAULT_BITS_DSA : DEFAULT_BITS; |
2091 | maxbits = (type == KEY_DSA) ? | ||
2092 | OPENSSL_DSA_MAX_MODULUS_BITS : OPENSSL_RSA_MAX_MODULUS_BITS; | ||
2093 | if (bits > maxbits) { | ||
2094 | fprintf(stderr, "key bits exceeds maximum %d\n", maxbits); | ||
2095 | exit(1); | ||
2096 | } | ||
1814 | if (type == KEY_DSA && bits != 1024) | 2097 | if (type == KEY_DSA && bits != 1024) |
1815 | fatal("DSA keys must be 1024 bits"); | 2098 | fatal("DSA keys must be 1024 bits"); |
1816 | if (!quiet) | 2099 | if (!quiet) |
@@ -1826,13 +2109,19 @@ main(int argc, char **argv) | |||
1826 | ask_filename(pw, "Enter file in which to save the key"); | 2109 | ask_filename(pw, "Enter file in which to save the key"); |
1827 | 2110 | ||
1828 | /* Create ~/.ssh directory if it doesn't already exist. */ | 2111 | /* Create ~/.ssh directory if it doesn't already exist. */ |
1829 | snprintf(dotsshdir, sizeof dotsshdir, "%s/%s", pw->pw_dir, _PATH_SSH_USER_DIR); | 2112 | snprintf(dotsshdir, sizeof dotsshdir, "%s/%s", |
1830 | if (strstr(identity_file, dotsshdir) != NULL && | 2113 | pw->pw_dir, _PATH_SSH_USER_DIR); |
1831 | stat(dotsshdir, &st) < 0) { | 2114 | if (strstr(identity_file, dotsshdir) != NULL) { |
1832 | if (mkdir(dotsshdir, 0700) < 0) | 2115 | if (stat(dotsshdir, &st) < 0) { |
1833 | error("Could not create directory '%s'.", dotsshdir); | 2116 | if (errno != ENOENT) { |
1834 | else if (!quiet) | 2117 | error("Could not stat %s: %s", dotsshdir, |
1835 | printf("Created directory '%s'.\n", dotsshdir); | 2118 | strerror(errno)); |
2119 | } else if (mkdir(dotsshdir, 0700) < 0) { | ||
2120 | error("Could not create directory '%s': %s", | ||
2121 | dotsshdir, strerror(errno)); | ||
2122 | } else if (!quiet) | ||
2123 | printf("Created directory '%s'.\n", dotsshdir); | ||
2124 | } | ||
1836 | } | 2125 | } |
1837 | /* If the file already exists, ask the user to confirm. */ | 2126 | /* If the file already exists, ask the user to confirm. */ |
1838 | if (stat(identity_file, &st) >= 0) { | 2127 | if (stat(identity_file, &st) >= 0) { |
diff --git a/ssh-keyscan.0 b/ssh-keyscan.0 index 8a0ef60e4..9bf4cc252 100644 --- a/ssh-keyscan.0 +++ b/ssh-keyscan.0 | |||
@@ -8,17 +8,17 @@ SYNOPSIS | |||
8 | [host | addrlist namelist] ... | 8 | [host | addrlist namelist] ... |
9 | 9 | ||
10 | DESCRIPTION | 10 | DESCRIPTION |
11 | ssh-keyscan is a utility for gathering the public ssh host keys of a num- | 11 | ssh-keyscan is a utility for gathering the public ssh host keys of a |
12 | ber of hosts. It was designed to aid in building and verifying | 12 | number of hosts. It was designed to aid in building and verifying |
13 | ssh_known_hosts files. ssh-keyscan provides a minimal interface suitable | 13 | ssh_known_hosts files. ssh-keyscan provides a minimal interface suitable |
14 | for use by shell and perl scripts. | 14 | for use by shell and perl scripts. |
15 | 15 | ||
16 | ssh-keyscan uses non-blocking socket I/O to contact as many hosts as pos- | 16 | ssh-keyscan uses non-blocking socket I/O to contact as many hosts as |
17 | sible in parallel, so it is very efficient. The keys from a domain of | 17 | possible in parallel, so it is very efficient. The keys from a domain of |
18 | 1,000 hosts can be collected in tens of seconds, even when some of those | 18 | 1,000 hosts can be collected in tens of seconds, even when some of those |
19 | hosts are down or do not run ssh. For scanning, one does not need login | 19 | hosts are down or do not run ssh. For scanning, one does not need login |
20 | access to the machines that are being scanned, nor does the scanning pro- | 20 | access to the machines that are being scanned, nor does the scanning |
21 | cess involve any encryption. | 21 | process involve any encryption. |
22 | 22 | ||
23 | The options are as follows: | 23 | The options are as follows: |
24 | 24 | ||
@@ -32,8 +32,8 @@ DESCRIPTION | |||
32 | read hosts or addrlist namelist pairs from the standard input. | 32 | read hosts or addrlist namelist pairs from the standard input. |
33 | 33 | ||
34 | -H Hash all hostnames and addresses in the output. Hashed names may | 34 | -H Hash all hostnames and addresses in the output. Hashed names may |
35 | be used normally by ssh and sshd, but they do not reveal identi- | 35 | be used normally by ssh and sshd, but they do not reveal |
36 | fying information should the file's contents be disclosed. | 36 | identifying information should the file's contents be disclosed. |
37 | 37 | ||
38 | -p port | 38 | -p port |
39 | Port to connect to on the remote host. | 39 | Port to connect to on the remote host. |
@@ -42,8 +42,8 @@ DESCRIPTION | |||
42 | Set the timeout for connection attempts. If timeout seconds have | 42 | Set the timeout for connection attempts. If timeout seconds have |
43 | elapsed since a connection was initiated to a host or since the | 43 | elapsed since a connection was initiated to a host or since the |
44 | last time anything was read from that host, then the connection | 44 | last time anything was read from that host, then the connection |
45 | is closed and the host in question considered unavailable. De- | 45 | is closed and the host in question considered unavailable. |
46 | fault is 5 seconds. | 46 | Default is 5 seconds. |
47 | 47 | ||
48 | -t type | 48 | -t type |
49 | Specifies the type of the key to fetch from the scanned hosts. | 49 | Specifies the type of the key to fetch from the scanned hosts. |
@@ -56,11 +56,12 @@ DESCRIPTION | |||
56 | about its progress. | 56 | about its progress. |
57 | 57 | ||
58 | SECURITY | 58 | SECURITY |
59 | If an ssh_known_hosts file is constructed using ssh-keyscan without veri- | 59 | If an ssh_known_hosts file is constructed using ssh-keyscan without |
60 | fying the keys, users will be vulnerable to man in the middle attacks. | 60 | verifying the keys, users will be vulnerable to man in the middle |
61 | On the other hand, if the security model allows such a risk, ssh-keyscan | 61 | attacks. On the other hand, if the security model allows such a risk, |
62 | can help in the detection of tampered keyfiles or man in the middle at- | 62 | ssh-keyscan can help in the detection of tampered keyfiles or man in the |
63 | tacks which have begun after the ssh_known_hosts file was created. | 63 | middle attacks which have begun after the ssh_known_hosts file was |
64 | created. | ||
64 | 65 | ||
65 | FILES | 66 | FILES |
66 | Input format: | 67 | Input format: |
@@ -104,4 +105,4 @@ BUGS | |||
104 | This is because it opens a connection to the ssh port, reads the public | 105 | This is because it opens a connection to the ssh port, reads the public |
105 | key, and drops the connection as soon as it gets the key. | 106 | key, and drops the connection as soon as it gets the key. |
106 | 107 | ||
107 | OpenBSD 4.7 January 9, 2010 2 | 108 | OpenBSD 4.8 January 9, 2010 OpenBSD 4.8 |
diff --git a/ssh-keyscan.c b/ssh-keyscan.c index 7afe446ae..b6cf427cd 100644 --- a/ssh-keyscan.c +++ b/ssh-keyscan.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-keyscan.c,v 1.81 2010/01/09 23:04:13 dtucker Exp $ */ | 1 | /* $OpenBSD: ssh-keyscan.c,v 1.82 2010/06/22 04:54:30 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>. | 3 | * Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>. |
4 | * | 4 | * |
@@ -104,122 +104,6 @@ typedef struct Connection { | |||
104 | TAILQ_HEAD(conlist, Connection) tq; /* Timeout Queue */ | 104 | TAILQ_HEAD(conlist, Connection) tq; /* Timeout Queue */ |
105 | con *fdcon; | 105 | con *fdcon; |
106 | 106 | ||
107 | /* | ||
108 | * This is just a wrapper around fgets() to make it usable. | ||
109 | */ | ||
110 | |||
111 | /* Stress-test. Increase this later. */ | ||
112 | #define LINEBUF_SIZE 16 | ||
113 | |||
114 | typedef struct { | ||
115 | char *buf; | ||
116 | u_int size; | ||
117 | int lineno; | ||
118 | const char *filename; | ||
119 | FILE *stream; | ||
120 | void (*errfun) (const char *,...); | ||
121 | } Linebuf; | ||
122 | |||
123 | static Linebuf * | ||
124 | Linebuf_alloc(const char *filename, void (*errfun) (const char *,...)) | ||
125 | { | ||
126 | Linebuf *lb; | ||
127 | |||
128 | if (!(lb = malloc(sizeof(*lb)))) { | ||
129 | if (errfun) | ||
130 | (*errfun) ("linebuf (%s): malloc failed\n", | ||
131 | filename ? filename : "(stdin)"); | ||
132 | return (NULL); | ||
133 | } | ||
134 | if (filename) { | ||
135 | lb->filename = filename; | ||
136 | if (!(lb->stream = fopen(filename, "r"))) { | ||
137 | xfree(lb); | ||
138 | if (errfun) | ||
139 | (*errfun) ("%s: %s\n", filename, strerror(errno)); | ||
140 | return (NULL); | ||
141 | } | ||
142 | } else { | ||
143 | lb->filename = "(stdin)"; | ||
144 | lb->stream = stdin; | ||
145 | } | ||
146 | |||
147 | if (!(lb->buf = malloc((lb->size = LINEBUF_SIZE)))) { | ||
148 | if (errfun) | ||
149 | (*errfun) ("linebuf (%s): malloc failed\n", lb->filename); | ||
150 | xfree(lb); | ||
151 | return (NULL); | ||
152 | } | ||
153 | lb->errfun = errfun; | ||
154 | lb->lineno = 0; | ||
155 | return (lb); | ||
156 | } | ||
157 | |||
158 | static void | ||
159 | Linebuf_free(Linebuf * lb) | ||
160 | { | ||
161 | fclose(lb->stream); | ||
162 | xfree(lb->buf); | ||
163 | xfree(lb); | ||
164 | } | ||
165 | |||
166 | #if 0 | ||
167 | static void | ||
168 | Linebuf_restart(Linebuf * lb) | ||
169 | { | ||
170 | clearerr(lb->stream); | ||
171 | rewind(lb->stream); | ||
172 | lb->lineno = 0; | ||
173 | } | ||
174 | |||
175 | static int | ||
176 | Linebuf_lineno(Linebuf * lb) | ||
177 | { | ||
178 | return (lb->lineno); | ||
179 | } | ||
180 | #endif | ||
181 | |||
182 | static char * | ||
183 | Linebuf_getline(Linebuf * lb) | ||
184 | { | ||
185 | size_t n = 0; | ||
186 | void *p; | ||
187 | |||
188 | lb->lineno++; | ||
189 | for (;;) { | ||
190 | /* Read a line */ | ||
191 | if (!fgets(&lb->buf[n], lb->size - n, lb->stream)) { | ||
192 | if (ferror(lb->stream) && lb->errfun) | ||
193 | (*lb->errfun)("%s: %s\n", lb->filename, | ||
194 | strerror(errno)); | ||
195 | return (NULL); | ||
196 | } | ||
197 | n = strlen(lb->buf); | ||
198 | |||
199 | /* Return it or an error if it fits */ | ||
200 | if (n > 0 && lb->buf[n - 1] == '\n') { | ||
201 | lb->buf[n - 1] = '\0'; | ||
202 | return (lb->buf); | ||
203 | } | ||
204 | if (n != lb->size - 1) { | ||
205 | if (lb->errfun) | ||
206 | (*lb->errfun)("%s: skipping incomplete last line\n", | ||
207 | lb->filename); | ||
208 | return (NULL); | ||
209 | } | ||
210 | /* Double the buffer if we need more space */ | ||
211 | lb->size *= 2; | ||
212 | if ((p = realloc(lb->buf, lb->size)) == NULL) { | ||
213 | lb->size /= 2; | ||
214 | if (lb->errfun) | ||
215 | (*lb->errfun)("linebuf (%s): realloc failed\n", | ||
216 | lb->filename); | ||
217 | return (NULL); | ||
218 | } | ||
219 | lb->buf = p; | ||
220 | } | ||
221 | } | ||
222 | |||
223 | static int | 107 | static int |
224 | fdlim_get(int hard) | 108 | fdlim_get(int hard) |
225 | { | 109 | { |
@@ -724,8 +608,10 @@ int | |||
724 | main(int argc, char **argv) | 608 | main(int argc, char **argv) |
725 | { | 609 | { |
726 | int debug_flag = 0, log_level = SYSLOG_LEVEL_INFO; | 610 | int debug_flag = 0, log_level = SYSLOG_LEVEL_INFO; |
727 | int opt, fopt_count = 0; | 611 | int opt, fopt_count = 0, j; |
728 | char *tname; | 612 | char *tname, *cp, line[NI_MAXHOST]; |
613 | FILE *fp; | ||
614 | u_long linenum; | ||
729 | 615 | ||
730 | extern int optind; | 616 | extern int optind; |
731 | extern char *optarg; | 617 | extern char *optarg; |
@@ -826,19 +712,40 @@ main(int argc, char **argv) | |||
826 | read_wait_nfdset = howmany(maxfd, NFDBITS); | 712 | read_wait_nfdset = howmany(maxfd, NFDBITS); |
827 | read_wait = xcalloc(read_wait_nfdset, sizeof(fd_mask)); | 713 | read_wait = xcalloc(read_wait_nfdset, sizeof(fd_mask)); |
828 | 714 | ||
829 | if (fopt_count) { | 715 | for (j = 0; j < fopt_count; j++) { |
830 | Linebuf *lb; | 716 | if (argv[j] == NULL) |
831 | char *line; | 717 | fp = stdin; |
832 | int j; | 718 | else if ((fp = fopen(argv[j], "r")) == NULL) |
719 | fatal("%s: %s: %s", __progname, argv[j], | ||
720 | strerror(errno)); | ||
721 | linenum = 0; | ||
722 | |||
723 | while (read_keyfile_line(fp, | ||
724 | argv[j] == NULL ? "(stdin)" : argv[j], line, sizeof(line), | ||
725 | &linenum) != -1) { | ||
726 | /* Chomp off trailing whitespace and comments */ | ||
727 | if ((cp = strchr(line, '#')) == NULL) | ||
728 | cp = line + strlen(line) - 1; | ||
729 | while (cp >= line) { | ||
730 | if (*cp == ' ' || *cp == '\t' || | ||
731 | *cp == '\n' || *cp == '#') | ||
732 | *cp-- = '\0'; | ||
733 | else | ||
734 | break; | ||
735 | } | ||
833 | 736 | ||
834 | for (j = 0; j < fopt_count; j++) { | 737 | /* Skip empty lines */ |
835 | lb = Linebuf_alloc(argv[j], error); | 738 | if (*line == '\0') |
836 | if (!lb) | ||
837 | continue; | 739 | continue; |
838 | while ((line = Linebuf_getline(lb)) != NULL) | 740 | |
839 | do_host(line); | 741 | do_host(line); |
840 | Linebuf_free(lb); | ||
841 | } | 742 | } |
743 | |||
744 | if (ferror(fp)) | ||
745 | fatal("%s: %s: %s", __progname, argv[j], | ||
746 | strerror(errno)); | ||
747 | |||
748 | fclose(fp); | ||
842 | } | 749 | } |
843 | 750 | ||
844 | while (optind < argc) | 751 | while (optind < argc) |
diff --git a/ssh-keysign.0 b/ssh-keysign.0 index 20a8eaa87..cd119139f 100644 --- a/ssh-keysign.0 +++ b/ssh-keysign.0 | |||
@@ -16,8 +16,8 @@ DESCRIPTION | |||
16 | to ``yes''. | 16 | to ``yes''. |
17 | 17 | ||
18 | ssh-keysign is not intended to be invoked by the user, but from ssh(1). | 18 | ssh-keysign is not intended to be invoked by the user, but from ssh(1). |
19 | See ssh(1) and sshd(8) for more information about host-based authentica- | 19 | See ssh(1) and sshd(8) for more information about host-based |
20 | tion. | 20 | authentication. |
21 | 21 | ||
22 | FILES | 22 | FILES |
23 | /etc/ssh/ssh_config | 23 | /etc/ssh/ssh_config |
@@ -30,6 +30,11 @@ FILES | |||
30 | are readable only by root, ssh-keysign must be set-uid root if | 30 | are readable only by root, ssh-keysign must be set-uid root if |
31 | host-based authentication is used. | 31 | host-based authentication is used. |
32 | 32 | ||
33 | /etc/ssh/ssh_host_dsa_key-cert.pub, /etc/ssh/ssh_host_rsa_key-cert.pub | ||
34 | If these files exist they are assumed to contain public | ||
35 | certificate information corresponding with the private keys | ||
36 | above. | ||
37 | |||
33 | SEE ALSO | 38 | SEE ALSO |
34 | ssh(1), ssh-keygen(1), ssh_config(5), sshd(8) | 39 | ssh(1), ssh-keygen(1), ssh_config(5), sshd(8) |
35 | 40 | ||
@@ -39,4 +44,4 @@ HISTORY | |||
39 | AUTHORS | 44 | AUTHORS |
40 | Markus Friedl <markus@openbsd.org> | 45 | Markus Friedl <markus@openbsd.org> |
41 | 46 | ||
42 | OpenBSD 4.7 May 31, 2007 1 | 47 | OpenBSD 4.8 August 4, 2010 OpenBSD 4.8 |
diff --git a/ssh-keysign.8 b/ssh-keysign.8 index 3ba54b935..46c0ee9cd 100644 --- a/ssh-keysign.8 +++ b/ssh-keysign.8 | |||
@@ -1,4 +1,4 @@ | |||
1 | .\" $OpenBSD: ssh-keysign.8,v 1.9 2007/05/31 19:20:16 jmc Exp $ | 1 | .\" $OpenBSD: ssh-keysign.8,v 1.10 2010/08/04 05:42:47 djm Exp $ |
2 | .\" | 2 | .\" |
3 | .\" Copyright (c) 2002 Markus Friedl. All rights reserved. | 3 | .\" Copyright (c) 2002 Markus Friedl. All rights reserved. |
4 | .\" | 4 | .\" |
@@ -22,7 +22,7 @@ | |||
22 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 22 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
23 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 23 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
24 | .\" | 24 | .\" |
25 | .Dd $Mdocdate: May 31 2007 $ | 25 | .Dd $Mdocdate: August 4 2010 $ |
26 | .Dt SSH-KEYSIGN 8 | 26 | .Dt SSH-KEYSIGN 8 |
27 | .Os | 27 | .Os |
28 | .Sh NAME | 28 | .Sh NAME |
@@ -68,6 +68,9 @@ accessible to others. | |||
68 | Since they are readable only by root, | 68 | Since they are readable only by root, |
69 | .Nm | 69 | .Nm |
70 | must be set-uid root if host-based authentication is used. | 70 | must be set-uid root if host-based authentication is used. |
71 | .It Pa /etc/ssh/ssh_host_dsa_key-cert.pub, /etc/ssh/ssh_host_rsa_key-cert.pub | ||
72 | If these files exist they are assumed to contain public certificate | ||
73 | information corresponding with the private keys above. | ||
71 | .El | 74 | .El |
72 | .Sh SEE ALSO | 75 | .Sh SEE ALSO |
73 | .Xr ssh 1 , | 76 | .Xr ssh 1 , |
diff --git a/ssh-keysign.c b/ssh-keysign.c index 0fdcebbd2..0c7077050 100644 --- a/ssh-keysign.c +++ b/ssh-keysign.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-keysign.c,v 1.30 2010/01/13 01:20:20 dtucker Exp $ */ | 1 | /* $OpenBSD: ssh-keysign.c,v 1.32 2010/08/04 06:08:40 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2002 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2002 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -232,7 +232,7 @@ main(int argc, char **argv) | |||
232 | found = 0; | 232 | found = 0; |
233 | for (i = 0; i < 2; i++) { | 233 | for (i = 0; i < 2; i++) { |
234 | if (keys[i] != NULL && | 234 | if (keys[i] != NULL && |
235 | key_equal(key, keys[i])) { | 235 | key_equal_public(key, keys[i])) { |
236 | found = 1; | 236 | found = 1; |
237 | break; | 237 | break; |
238 | } | 238 | } |
diff --git a/ssh-pkcs11-helper.0 b/ssh-pkcs11-helper.0 index 9eb2bc96a..664ec971f 100644 --- a/ssh-pkcs11-helper.0 +++ b/ssh-pkcs11-helper.0 | |||
@@ -22,4 +22,4 @@ HISTORY | |||
22 | AUTHORS | 22 | AUTHORS |
23 | Markus Friedl <markus@openbsd.org> | 23 | Markus Friedl <markus@openbsd.org> |
24 | 24 | ||
25 | OpenBSD 4.7 February 10, 2010 1 | 25 | OpenBSD 4.8 February 10, 2010 OpenBSD 4.8 |
diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c index f0192dcf1..286c232c7 100644 --- a/ssh-pkcs11.c +++ b/ssh-pkcs11.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-pkcs11.c,v 1.4 2010/02/24 06:12:53 djm Exp $ */ | 1 | /* $OpenBSD: ssh-pkcs11.c,v 1.6 2010/06/08 21:32:19 markus Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2010 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2010 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -187,6 +187,34 @@ pkcs11_rsa_finish(RSA *rsa) | |||
187 | return (rv); | 187 | return (rv); |
188 | } | 188 | } |
189 | 189 | ||
190 | /* find a single 'obj' for given attributes */ | ||
191 | static int | ||
192 | pkcs11_find(struct pkcs11_provider *p, CK_ULONG slotidx, CK_ATTRIBUTE *attr, | ||
193 | CK_ULONG nattr, CK_OBJECT_HANDLE *obj) | ||
194 | { | ||
195 | CK_FUNCTION_LIST *f; | ||
196 | CK_SESSION_HANDLE session; | ||
197 | CK_ULONG nfound = 0; | ||
198 | CK_RV rv; | ||
199 | int ret = -1; | ||
200 | |||
201 | f = p->function_list; | ||
202 | session = p->slotinfo[slotidx].session; | ||
203 | if ((rv = f->C_FindObjectsInit(session, attr, nattr)) != CKR_OK) { | ||
204 | error("C_FindObjectsInit failed (nattr %lu): %lu", nattr, rv); | ||
205 | return (-1); | ||
206 | } | ||
207 | if ((rv = f->C_FindObjects(session, obj, 1, &nfound)) != CKR_OK || | ||
208 | nfound != 1) { | ||
209 | debug("C_FindObjects failed (nfound %lu nattr %lu): %lu", | ||
210 | nfound, nattr, rv); | ||
211 | } else | ||
212 | ret = 0; | ||
213 | if ((rv = f->C_FindObjectsFinal(session)) != CKR_OK) | ||
214 | error("C_FindObjectsFinal failed: %lu", rv); | ||
215 | return (ret); | ||
216 | } | ||
217 | |||
190 | /* openssl callback doing the actual signing operation */ | 218 | /* openssl callback doing the actual signing operation */ |
191 | static int | 219 | static int |
192 | pkcs11_rsa_private_encrypt(int flen, const u_char *from, u_char *to, RSA *rsa, | 220 | pkcs11_rsa_private_encrypt(int flen, const u_char *from, u_char *to, RSA *rsa, |
@@ -196,7 +224,7 @@ pkcs11_rsa_private_encrypt(int flen, const u_char *from, u_char *to, RSA *rsa, | |||
196 | struct pkcs11_slotinfo *si; | 224 | struct pkcs11_slotinfo *si; |
197 | CK_FUNCTION_LIST *f; | 225 | CK_FUNCTION_LIST *f; |
198 | CK_OBJECT_HANDLE obj; | 226 | CK_OBJECT_HANDLE obj; |
199 | CK_ULONG tlen = 0, nfound = 0; | 227 | CK_ULONG tlen = 0; |
200 | CK_RV rv; | 228 | CK_RV rv; |
201 | CK_OBJECT_CLASS private_key_class = CKO_PRIVATE_KEY; | 229 | CK_OBJECT_CLASS private_key_class = CKO_PRIVATE_KEY; |
202 | CK_BBOOL true_val = CK_TRUE; | 230 | CK_BBOOL true_val = CK_TRUE; |
@@ -247,13 +275,10 @@ pkcs11_rsa_private_encrypt(int flen, const u_char *from, u_char *to, RSA *rsa, | |||
247 | } | 275 | } |
248 | key_filter[1].pValue = k11->keyid; | 276 | key_filter[1].pValue = k11->keyid; |
249 | key_filter[1].ulValueLen = k11->keyid_len; | 277 | key_filter[1].ulValueLen = k11->keyid_len; |
250 | if ((rv = f->C_FindObjectsInit(si->session, key_filter, 3)) != CKR_OK) { | 278 | /* try to find object w/CKA_SIGN first, retry w/o */ |
251 | error("C_FindObjectsInit failed: %lu", rv); | 279 | if (pkcs11_find(k11->provider, k11->slotidx, key_filter, 3, &obj) < 0 && |
252 | return (-1); | 280 | pkcs11_find(k11->provider, k11->slotidx, key_filter, 2, &obj) < 0) { |
253 | } | 281 | error("cannot find private key"); |
254 | if ((rv = f->C_FindObjects(si->session, &obj, 1, &nfound)) != CKR_OK || | ||
255 | nfound != 1) { | ||
256 | error("C_FindObjects failed (%lu nfound): %lu", nfound, rv); | ||
257 | } else if ((rv = f->C_SignInit(si->session, &mech, obj)) != CKR_OK) { | 282 | } else if ((rv = f->C_SignInit(si->session, &mech, obj)) != CKR_OK) { |
258 | error("C_SignInit failed: %lu", rv); | 283 | error("C_SignInit failed: %lu", rv); |
259 | } else { | 284 | } else { |
@@ -265,8 +290,6 @@ pkcs11_rsa_private_encrypt(int flen, const u_char *from, u_char *to, RSA *rsa, | |||
265 | else | 290 | else |
266 | error("C_Sign failed: %lu", rv); | 291 | error("C_Sign failed: %lu", rv); |
267 | } | 292 | } |
268 | if ((rv = f->C_FindObjectsFinal(si->session)) != CKR_OK) | ||
269 | error("C_FindObjectsFinal failed: %lu", rv); | ||
270 | return (rval); | 293 | return (rval); |
271 | } | 294 | } |
272 | 295 | ||
@@ -410,7 +433,13 @@ pkcs11_fetch_keys(struct pkcs11_provider *p, CK_ULONG slotidx, Key ***keysp, | |||
410 | error("C_GetAttributeValue failed: %lu", rv); | 433 | error("C_GetAttributeValue failed: %lu", rv); |
411 | continue; | 434 | continue; |
412 | } | 435 | } |
413 | /* allocate buffers for attributes, XXX check ulValueLen? */ | 436 | /* check that none of the attributes are zero length */ |
437 | if (attribs[0].ulValueLen == 0 || | ||
438 | attribs[1].ulValueLen == 0 || | ||
439 | attribs[2].ulValueLen == 0) { | ||
440 | continue; | ||
441 | } | ||
442 | /* allocate buffers for attributes */ | ||
414 | for (i = 0; i < 3; i++) | 443 | for (i = 0; i < 3; i++) |
415 | attribs[i].pValue = xmalloc(attribs[i].ulValueLen); | 444 | attribs[i].pValue = xmalloc(attribs[i].ulValueLen); |
416 | /* retrieve ID, modulus and public exponent of RSA key */ | 445 | /* retrieve ID, modulus and public exponent of RSA key */ |
diff --git a/ssh-rand-helper.0 b/ssh-rand-helper.0 index 51b6f5571..5bc19e8a7 100644 --- a/ssh-rand-helper.0 +++ b/ssh-rand-helper.0 | |||
@@ -27,8 +27,8 @@ DESCRIPTION | |||
27 | random numbers from a EGD/PRNGd server via a unix domain or localhost tcp | 27 | random numbers from a EGD/PRNGd server via a unix domain or localhost tcp |
28 | socket. | 28 | socket. |
29 | 29 | ||
30 | This program is not intended to be run by the end-user, so the few com- | 30 | This program is not intended to be run by the end-user, so the few |
31 | mandline options are for debugging purposes only. | 31 | commandline options are for debugging purposes only. |
32 | 32 | ||
33 | -b bytes | 33 | -b bytes |
34 | Specify the number of random bytes to include in the output. | 34 | Specify the number of random bytes to include in the output. |
@@ -48,4 +48,4 @@ AUTHORS | |||
48 | SEE ALSO | 48 | SEE ALSO |
49 | ssh(1), ssh-add(1), ssh-keygen(1), sshd(8) | 49 | ssh(1), ssh-add(1), ssh-keygen(1), sshd(8) |
50 | 50 | ||
51 | OpenBSD 4.7 April 14, 2002 1 | 51 | OpenBSD 4.8 April 14, 2002 OpenBSD 4.8 |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-rsa.c,v 1.40 2010/02/26 20:29:54 djm Exp $ */ | 1 | /* $OpenBSD: ssh-rsa.c,v 1.44 2010/07/16 14:07:35 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000, 2003 Markus Friedl <markus@openbsd.org> | 3 | * Copyright (c) 2000, 2003 Markus Friedl <markus@openbsd.org> |
4 | * | 4 | * |
@@ -30,6 +30,7 @@ | |||
30 | #include "buffer.h" | 30 | #include "buffer.h" |
31 | #include "key.h" | 31 | #include "key.h" |
32 | #include "compat.h" | 32 | #include "compat.h" |
33 | #include "misc.h" | ||
33 | #include "ssh.h" | 34 | #include "ssh.h" |
34 | 35 | ||
35 | static int openssh_RSA_verify(int, u_char *, u_int, u_char *, u_int, RSA *); | 36 | static int openssh_RSA_verify(int, u_char *, u_int, u_char *, u_int, RSA *); |
@@ -46,9 +47,8 @@ ssh_rsa_sign(const Key *key, u_char **sigp, u_int *lenp, | |||
46 | int ok, nid; | 47 | int ok, nid; |
47 | Buffer b; | 48 | Buffer b; |
48 | 49 | ||
49 | if (key == NULL || | 50 | if (key == NULL || key->rsa == NULL || (key->type != KEY_RSA && |
50 | (key->type != KEY_RSA && key->type != KEY_RSA_CERT) || | 51 | key->type != KEY_RSA_CERT && key->type != KEY_RSA_CERT_V00)) { |
51 | key->rsa == NULL) { | ||
52 | error("ssh_rsa_sign: no RSA key"); | 52 | error("ssh_rsa_sign: no RSA key"); |
53 | return -1; | 53 | return -1; |
54 | } | 54 | } |
@@ -115,9 +115,8 @@ ssh_rsa_verify(const Key *key, const u_char *signature, u_int signaturelen, | |||
115 | u_int len, dlen, modlen; | 115 | u_int len, dlen, modlen; |
116 | int rlen, ret, nid; | 116 | int rlen, ret, nid; |
117 | 117 | ||
118 | if (key == NULL || | 118 | if (key == NULL || key->rsa == NULL || (key->type != KEY_RSA && |
119 | (key->type != KEY_RSA && key->type != KEY_RSA_CERT) || | 119 | key->type != KEY_RSA_CERT && key->type != KEY_RSA_CERT_V00)) { |
120 | key->rsa == NULL) { | ||
121 | error("ssh_rsa_verify: no RSA key"); | 120 | error("ssh_rsa_verify: no RSA key"); |
122 | return -1; | 121 | return -1; |
123 | } | 122 | } |
@@ -212,7 +211,7 @@ openssh_RSA_verify(int type, u_char *hash, u_int hashlen, | |||
212 | u_char *sigbuf, u_int siglen, RSA *rsa) | 211 | u_char *sigbuf, u_int siglen, RSA *rsa) |
213 | { | 212 | { |
214 | u_int ret, rsasize, oidlen = 0, hlen = 0; | 213 | u_int ret, rsasize, oidlen = 0, hlen = 0; |
215 | int len; | 214 | int len, oidmatch, hashmatch; |
216 | const u_char *oid = NULL; | 215 | const u_char *oid = NULL; |
217 | u_char *decrypted = NULL; | 216 | u_char *decrypted = NULL; |
218 | 217 | ||
@@ -251,11 +250,13 @@ openssh_RSA_verify(int type, u_char *hash, u_int hashlen, | |||
251 | error("bad decrypted len: %d != %d + %d", len, hlen, oidlen); | 250 | error("bad decrypted len: %d != %d + %d", len, hlen, oidlen); |
252 | goto done; | 251 | goto done; |
253 | } | 252 | } |
254 | if (memcmp(decrypted, oid, oidlen) != 0) { | 253 | oidmatch = timingsafe_bcmp(decrypted, oid, oidlen) == 0; |
254 | hashmatch = timingsafe_bcmp(decrypted + oidlen, hash, hlen) == 0; | ||
255 | if (!oidmatch) { | ||
255 | error("oid mismatch"); | 256 | error("oid mismatch"); |
256 | goto done; | 257 | goto done; |
257 | } | 258 | } |
258 | if (memcmp(decrypted + oidlen, hash, hlen) != 0) { | 259 | if (!hashmatch) { |
259 | error("hash mismatch"); | 260 | error("hash mismatch"); |
260 | goto done; | 261 | goto done; |
261 | } | 262 | } |
@@ -14,14 +14,14 @@ SYNOPSIS | |||
14 | DESCRIPTION | 14 | DESCRIPTION |
15 | ssh (SSH client) is a program for logging into a remote machine and for | 15 | ssh (SSH client) is a program for logging into a remote machine and for |
16 | executing commands on a remote machine. It is intended to replace rlogin | 16 | executing commands on a remote machine. It is intended to replace rlogin |
17 | and rsh, and provide secure encrypted communications between two untrust- | 17 | and rsh, and provide secure encrypted communications between two |
18 | ed hosts over an insecure network. X11 connections and arbitrary TCP | 18 | untrusted hosts over an insecure network. X11 connections and arbitrary |
19 | ports can also be forwarded over the secure channel. | 19 | TCP ports can also be forwarded over the secure channel. |
20 | 20 | ||
21 | ssh connects and logs into the specified hostname (with optional user | 21 | ssh connects and logs into the specified hostname (with optional user |
22 | name). The user must prove his/her identity to the remote machine using | 22 | name). The user must prove his/her identity to the remote machine using |
23 | one of several methods depending on the protocol version used (see be- | 23 | one of several methods depending on the protocol version used (see |
24 | low). | 24 | below). |
25 | 25 | ||
26 | If command is specified, it is executed on the remote host instead of a | 26 | If command is specified, it is executed on the remote host instead of a |
27 | login shell. | 27 | login shell. |
@@ -52,8 +52,8 @@ DESCRIPTION | |||
52 | 52 | ||
53 | -b bind_address | 53 | -b bind_address |
54 | Use bind_address on the local machine as the source address of | 54 | Use bind_address on the local machine as the source address of |
55 | the connection. Only useful on systems with more than one ad- | 55 | the connection. Only useful on systems with more than one |
56 | dress. | 56 | address. |
57 | 57 | ||
58 | -C Requests compression of all data (including stdin, stdout, | 58 | -C Requests compression of all data (including stdin, stdout, |
59 | stderr, and data for forwarded X11 and TCP connections). The | 59 | stderr, and data for forwarded X11 and TCP connections). The |
@@ -69,17 +69,17 @@ DESCRIPTION | |||
69 | 69 | ||
70 | Protocol version 1 allows specification of a single cipher. The | 70 | Protocol version 1 allows specification of a single cipher. The |
71 | supported values are ``3des'', ``blowfish'', and ``des''. 3des | 71 | supported values are ``3des'', ``blowfish'', and ``des''. 3des |
72 | (triple-des) is an encrypt-decrypt-encrypt triple with three dif- | 72 | (triple-des) is an encrypt-decrypt-encrypt triple with three |
73 | ferent keys. It is believed to be secure. blowfish is a fast | 73 | different keys. It is believed to be secure. blowfish is a fast |
74 | block cipher; it appears very secure and is much faster than | 74 | block cipher; it appears very secure and is much faster than |
75 | 3des. des is only supported in the ssh client for interoperabil- | 75 | 3des. des is only supported in the ssh client for |
76 | ity with legacy protocol 1 implementations that do not support | 76 | interoperability with legacy protocol 1 implementations that do |
77 | the 3des cipher. Its use is strongly discouraged due to crypto- | 77 | not support the 3des cipher. Its use is strongly discouraged due |
78 | graphic weaknesses. The default is ``3des''. | 78 | to cryptographic weaknesses. The default is ``3des''. |
79 | 79 | ||
80 | For protocol version 2, cipher_spec is a comma-separated list of | 80 | For protocol version 2, cipher_spec is a comma-separated list of |
81 | ciphers listed in order of preference. See the Ciphers keyword | 81 | ciphers listed in order of preference. See the Ciphers keyword |
82 | for more information. | 82 | in ssh_config(5) for more information. |
83 | 83 | ||
84 | -D [bind_address:]port | 84 | -D [bind_address:]port |
85 | Specifies a local ``dynamic'' application-level port forwarding. | 85 | Specifies a local ``dynamic'' application-level port forwarding. |
@@ -89,19 +89,18 @@ DESCRIPTION | |||
89 | the secure channel, and the application protocol is then used to | 89 | the secure channel, and the application protocol is then used to |
90 | determine where to connect to from the remote machine. Currently | 90 | determine where to connect to from the remote machine. Currently |
91 | the SOCKS4 and SOCKS5 protocols are supported, and ssh will act | 91 | the SOCKS4 and SOCKS5 protocols are supported, and ssh will act |
92 | as a SOCKS server. Only root can forward privileged ports. Dy- | 92 | as a SOCKS server. Only root can forward privileged ports. |
93 | namic port forwardings can also be specified in the configuration | 93 | Dynamic port forwardings can also be specified in the |
94 | file. | 94 | configuration file. |
95 | 95 | ||
96 | IPv6 addresses can be specified with an alternative syntax: | 96 | IPv6 addresses can be specified by enclosing the address in |
97 | [bind_address/]port or by enclosing the address in square brack- | 97 | square brackets. Only the superuser can forward privileged |
98 | ets. Only the superuser can forward privileged ports. By de- | 98 | ports. By default, the local port is bound in accordance with |
99 | fault, the local port is bound in accordance with the | 99 | the GatewayPorts setting. However, an explicit bind_address may |
100 | GatewayPorts setting. However, an explicit bind_address may be | 100 | be used to bind the connection to a specific address. The |
101 | used to bind the connection to a specific address. The | ||
102 | bind_address of ``localhost'' indicates that the listening port | 101 | bind_address of ``localhost'' indicates that the listening port |
103 | be bound for local use only, while an empty address or `*' indi- | 102 | be bound for local use only, while an empty address or `*' |
104 | cates that the port should be available from all interfaces. | 103 | indicates that the port should be available from all interfaces. |
105 | 104 | ||
106 | -e escape_char | 105 | -e escape_char |
107 | Sets the escape character for sessions with a pty (default: `~'). | 106 | Sets the escape character for sessions with a pty (default: `~'). |
@@ -113,21 +112,21 @@ DESCRIPTION | |||
113 | fully transparent. | 112 | fully transparent. |
114 | 113 | ||
115 | -F configfile | 114 | -F configfile |
116 | Specifies an alternative per-user configuration file. If a con- | 115 | Specifies an alternative per-user configuration file. If a |
117 | figuration file is given on the command line, the system-wide | 116 | configuration file is given on the command line, the system-wide |
118 | configuration file (/etc/ssh/ssh_config) will be ignored. The | 117 | configuration file (/etc/ssh/ssh_config) will be ignored. The |
119 | default for the per-user configuration file is ~/.ssh/config. | 118 | default for the per-user configuration file is ~/.ssh/config. |
120 | 119 | ||
121 | -f Requests ssh to go to background just before command execution. | 120 | -f Requests ssh to go to background just before command execution. |
122 | This is useful if ssh is going to ask for passwords or passphras- | 121 | This is useful if ssh is going to ask for passwords or |
123 | es, but the user wants it in the background. This implies -n. | 122 | passphrases, but the user wants it in the background. This |
124 | The recommended way to start X11 programs at a remote site is | 123 | implies -n. The recommended way to start X11 programs at a |
125 | with something like ssh -f host xterm. | 124 | remote site is with something like ssh -f host xterm. |
126 | 125 | ||
127 | If the ExitOnForwardFailure configuration option is set to | 126 | If the ExitOnForwardFailure configuration option is set to |
128 | ``yes'', then a client started with -f will wait for all remote | 127 | ``yes'', then a client started with -f will wait for all remote |
129 | port forwards to be successfully established before placing it- | 128 | port forwards to be successfully established before placing |
130 | self in the background. | 129 | itself in the background. |
131 | 130 | ||
132 | -g Allows remote hosts to connect to local forwarded ports. | 131 | -g Allows remote hosts to connect to local forwarded ports. |
133 | 132 | ||
@@ -138,13 +137,13 @@ DESCRIPTION | |||
138 | -i identity_file | 137 | -i identity_file |
139 | Selects a file from which the identity (private key) for RSA or | 138 | Selects a file from which the identity (private key) for RSA or |
140 | DSA authentication is read. The default is ~/.ssh/identity for | 139 | DSA authentication is read. The default is ~/.ssh/identity for |
141 | protocol version 1, and ~/.ssh/id_rsa and ~/.ssh/id_dsa for pro- | 140 | protocol version 1, and ~/.ssh/id_rsa and ~/.ssh/id_dsa for |
142 | tocol version 2. Identity files may also be specified on a per- | 141 | protocol version 2. Identity files may also be specified on a |
143 | host basis in the configuration file. It is possible to have | 142 | per-host basis in the configuration file. It is possible to have |
144 | multiple -i options (and multiple identities specified in config- | 143 | multiple -i options (and multiple identities specified in |
145 | uration files). ssh will also try to load certificate informa- | 144 | configuration files). ssh will also try to load certificate |
146 | tion from the filename obtained by appending -cert.pub to identi- | 145 | information from the filename obtained by appending -cert.pub to |
147 | ty filenames. | 146 | identity filenames. |
148 | 147 | ||
149 | -K Enables GSSAPI-based authentication and forwarding (delegation) | 148 | -K Enables GSSAPI-based authentication and forwarding (delegation) |
150 | of GSSAPI credentials to the server. | 149 | of GSSAPI credentials to the server. |
@@ -156,60 +155,62 @@ DESCRIPTION | |||
156 | Specifies that the given port on the local (client) host is to be | 155 | Specifies that the given port on the local (client) host is to be |
157 | forwarded to the given host and port on the remote side. This | 156 | forwarded to the given host and port on the remote side. This |
158 | works by allocating a socket to listen to port on the local side, | 157 | works by allocating a socket to listen to port on the local side, |
159 | optionally bound to the specified bind_address. Whenever a con- | 158 | optionally bound to the specified bind_address. Whenever a |
160 | nection is made to this port, the connection is forwarded over | 159 | connection is made to this port, the connection is forwarded over |
161 | the secure channel, and a connection is made to host port | 160 | the secure channel, and a connection is made to host port |
162 | hostport from the remote machine. Port forwardings can also be | 161 | hostport from the remote machine. Port forwardings can also be |
163 | specified in the configuration file. IPv6 addresses can be spec- | 162 | specified in the configuration file. IPv6 addresses can be |
164 | ified with an alternative syntax: [bind_address/]port/host/host- | 163 | specified by enclosing the address in square brackets. Only the |
165 | port or by enclosing the address in square brackets. Only the | ||
166 | superuser can forward privileged ports. By default, the local | 164 | superuser can forward privileged ports. By default, the local |
167 | port is bound in accordance with the GatewayPorts setting. How- | 165 | port is bound in accordance with the GatewayPorts setting. |
168 | ever, an explicit bind_address may be used to bind the connection | 166 | However, an explicit bind_address may be used to bind the |
169 | to a specific address. The bind_address of ``localhost'' indi- | 167 | connection to a specific address. The bind_address of |
170 | cates that the listening port be bound for local use only, while | 168 | ``localhost'' indicates that the listening port be bound for |
171 | an empty address or `*' indicates that the port should be avail- | 169 | local use only, while an empty address or `*' indicates that the |
172 | able from all interfaces. | 170 | port should be available from all interfaces. |
173 | 171 | ||
174 | -l login_name | 172 | -l login_name |
175 | Specifies the user to log in as on the remote machine. This also | 173 | Specifies the user to log in as on the remote machine. This also |
176 | may be specified on a per-host basis in the configuration file. | 174 | may be specified on a per-host basis in the configuration file. |
177 | 175 | ||
178 | -M Places the ssh client into ``master'' mode for connection shar- | 176 | -M Places the ssh client into ``master'' mode for connection |
179 | ing. Multiple -M options places ssh into ``master'' mode with | 177 | sharing. Multiple -M options places ssh into ``master'' mode |
180 | confirmation required before slave connections are accepted. Re- | 178 | with confirmation required before slave connections are accepted. |
181 | fer to the description of ControlMaster in ssh_config(5) for de- | 179 | Refer to the description of ControlMaster in ssh_config(5) for |
182 | tails. | 180 | details. |
183 | 181 | ||
184 | -m mac_spec | 182 | -m mac_spec |
185 | Additionally, for protocol version 2 a comma-separated list of | 183 | Additionally, for protocol version 2 a comma-separated list of |
186 | MAC (message authentication code) algorithms can be specified in | 184 | MAC (message authentication code) algorithms can be specified in |
187 | order of preference. See the MACs keyword for more information. | 185 | order of preference. See the MACs keyword for more information. |
188 | 186 | ||
189 | -N Do not execute a remote command. This is useful for just for- | 187 | -N Do not execute a remote command. This is useful for just |
190 | warding ports (protocol version 2 only). | 188 | forwarding ports (protocol version 2 only). |
191 | 189 | ||
192 | -n Redirects stdin from /dev/null (actually, prevents reading from | 190 | -n Redirects stdin from /dev/null (actually, prevents reading from |
193 | stdin). This must be used when ssh is run in the background. A | 191 | stdin). This must be used when ssh is run in the background. A |
194 | common trick is to use this to run X11 programs on a remote ma- | 192 | common trick is to use this to run X11 programs on a remote |
195 | chine. For example, ssh -n shadows.cs.hut.fi emacs & will start | 193 | machine. For example, ssh -n shadows.cs.hut.fi emacs & will |
196 | an emacs on shadows.cs.hut.fi, and the X11 connection will be au- | 194 | start an emacs on shadows.cs.hut.fi, and the X11 connection will |
197 | tomatically forwarded over an encrypted channel. The ssh program | 195 | be automatically forwarded over an encrypted channel. The ssh |
198 | will be put in the background. (This does not work if ssh needs | 196 | program will be put in the background. (This does not work if |
199 | to ask for a password or passphrase; see also the -f option.) | 197 | ssh needs to ask for a password or passphrase; see also the -f |
198 | option.) | ||
200 | 199 | ||
201 | -O ctl_cmd | 200 | -O ctl_cmd |
202 | Control an active connection multiplexing master process. When | 201 | Control an active connection multiplexing master process. When |
203 | the -O option is specified, the ctl_cmd argument is interpreted | 202 | the -O option is specified, the ctl_cmd argument is interpreted |
204 | and passed to the master process. Valid commands are: ``check'' | 203 | and passed to the master process. Valid commands are: ``check'' |
205 | (check that the master process is running) and ``exit'' (request | 204 | (check that the master process is running), ``forward'' (request |
206 | the master to exit). | 205 | forwardings without command execution) and ``exit'' (request the |
206 | master to exit). | ||
207 | 207 | ||
208 | -o option | 208 | -o option |
209 | Can be used to give options in the format used in the configura- | 209 | Can be used to give options in the format used in the |
210 | tion file. This is useful for specifying options for which there | 210 | configuration file. This is useful for specifying options for |
211 | is no separate command-line flag. For full details of the op- | 211 | which there is no separate command-line flag. For full details |
212 | tions listed below, and their possible values, see ssh_config(5). | 212 | of the options listed below, and their possible values, see |
213 | ssh_config(5). | ||
213 | 214 | ||
214 | AddressFamily | 215 | AddressFamily |
215 | BatchMode | 216 | BatchMode |
@@ -287,61 +288,64 @@ DESCRIPTION | |||
287 | Specifies that the given port on the remote (server) host is to | 288 | Specifies that the given port on the remote (server) host is to |
288 | be forwarded to the given host and port on the local side. This | 289 | be forwarded to the given host and port on the local side. This |
289 | works by allocating a socket to listen to port on the remote | 290 | works by allocating a socket to listen to port on the remote |
290 | side, and whenever a connection is made to this port, the connec- | 291 | side, and whenever a connection is made to this port, the |
291 | tion is forwarded over the secure channel, and a connection is | 292 | connection is forwarded over the secure channel, and a connection |
292 | made to host port hostport from the local machine. | 293 | is made to host port hostport from the local machine. |
293 | 294 | ||
294 | Port forwardings can also be specified in the configuration file. | 295 | Port forwardings can also be specified in the configuration file. |
295 | Privileged ports can be forwarded only when logging in as root on | 296 | Privileged ports can be forwarded only when logging in as root on |
296 | the remote machine. IPv6 addresses can be specified by enclosing | 297 | the remote machine. IPv6 addresses can be specified by enclosing |
297 | the address in square braces or using an alternative syntax: | 298 | the address in square braces. |
298 | [bind_address/]host/port/hostport. | ||
299 | 299 | ||
300 | By default, the listening socket on the server will be bound to | 300 | By default, the listening socket on the server will be bound to |
301 | the loopback interface only. This may be overridden by specify- | 301 | the loopback interface only. This may be overridden by |
302 | ing a bind_address. An empty bind_address, or the address `*', | 302 | specifying a bind_address. An empty bind_address, or the address |
303 | indicates that the remote socket should listen on all interfaces. | 303 | `*', indicates that the remote socket should listen on all |
304 | Specifying a remote bind_address will only succeed if the serv- | 304 | interfaces. Specifying a remote bind_address will only succeed |
305 | er's GatewayPorts option is enabled (see sshd_config(5)). | 305 | if the server's GatewayPorts option is enabled (see |
306 | sshd_config(5)). | ||
306 | 307 | ||
307 | If the port argument is `0', the listen port will be dynamically | 308 | If the port argument is `0', the listen port will be dynamically |
308 | allocated on the server and reported to the client at run time. | 309 | allocated on the server and reported to the client at run time. |
310 | When used together with -O forward the allocated port will be | ||
311 | printed to the standard output. | ||
309 | 312 | ||
310 | -S ctl_path | 313 | -S ctl_path |
311 | Specifies the location of a control socket for connection sharing | 314 | Specifies the location of a control socket for connection |
312 | or the string ``none'' to disable connection sharing. Refer to | 315 | sharing, or the string ``none'' to disable connection sharing. |
313 | the description of ControlPath and ControlMaster in ssh_config(5) | 316 | Refer to the description of ControlPath and ControlMaster in |
314 | for details. | 317 | ssh_config(5) for details. |
315 | 318 | ||
316 | -s May be used to request invocation of a subsystem on the remote | 319 | -s May be used to request invocation of a subsystem on the remote |
317 | system. Subsystems are a feature of the SSH2 protocol which fa- | 320 | system. Subsystems are a feature of the SSH2 protocol which |
318 | cilitate the use of SSH as a secure transport for other applica- | 321 | facilitate the use of SSH as a secure transport for other |
319 | tions (eg. sftp(1)). The subsystem is specified as the remote | 322 | applications (eg. sftp(1)). The subsystem is specified as the |
320 | command. | 323 | remote command. |
321 | 324 | ||
322 | -T Disable pseudo-tty allocation. | 325 | -T Disable pseudo-tty allocation. |
323 | 326 | ||
324 | -t Force pseudo-tty allocation. This can be used to execute arbi- | 327 | -t Force pseudo-tty allocation. This can be used to execute |
325 | trary screen-based programs on a remote machine, which can be | 328 | arbitrary screen-based programs on a remote machine, which can be |
326 | very useful, e.g. when implementing menu services. Multiple -t | 329 | very useful, e.g. when implementing menu services. Multiple -t |
327 | options force tty allocation, even if ssh has no local tty. | 330 | options force tty allocation, even if ssh has no local tty. |
328 | 331 | ||
329 | -V Display the version number and exit. | 332 | -V Display the version number and exit. |
330 | 333 | ||
331 | -v Verbose mode. Causes ssh to print debugging messages about its | 334 | -v Verbose mode. Causes ssh to print debugging messages about its |
332 | progress. This is helpful in debugging connection, authentica- | 335 | progress. This is helpful in debugging connection, |
333 | tion, and configuration problems. Multiple -v options increase | 336 | authentication, and configuration problems. Multiple -v options |
334 | the verbosity. The maximum is 3. | 337 | increase the verbosity. The maximum is 3. |
335 | 338 | ||
336 | -W host:port | 339 | -W host:port |
337 | Requests that standard input and output on the client be forward- | 340 | Requests that standard input and output on the client be |
338 | ed to host on port over the secure channel. Implies -N, -T, | 341 | forwarded to host on port over the secure channel. Implies -N, |
339 | ExitOnForwardFailure and ClearAllForwardings and works with Pro- | 342 | -T, ExitOnForwardFailure and ClearAllForwardings and works with |
340 | tocol version 2 only. | 343 | Protocol version 2 only. |
341 | 344 | ||
342 | -w local_tun[:remote_tun] | 345 | -w local_tun[:remote_tun] |
343 | Requests tunnel device forwarding with the specified tun(4) de- | 346 | Requests tunnel device forwarding with the specified tun(4) |
344 | vices between the client (local_tun) and the server (remote_tun). | 347 | devices between the client (local_tun) and the server |
348 | (remote_tun). | ||
345 | 349 | ||
346 | The devices may be specified by numerical ID or the keyword | 350 | The devices may be specified by numerical ID or the keyword |
347 | ``any'', which uses the next available tunnel device. If | 351 | ``any'', which uses the next available tunnel device. If |
@@ -359,9 +363,9 @@ DESCRIPTION | |||
359 | through the forwarded connection. An attacker may then be able | 363 | through the forwarded connection. An attacker may then be able |
360 | to perform activities such as keystroke monitoring. | 364 | to perform activities such as keystroke monitoring. |
361 | 365 | ||
362 | For this reason, X11 forwarding is subjected to X11 SECURITY ex- | 366 | For this reason, X11 forwarding is subjected to X11 SECURITY |
363 | tension restrictions by default. Please refer to the ssh -Y op- | 367 | extension restrictions by default. Please refer to the ssh -Y |
364 | tion and the ForwardX11Trusted directive in ssh_config(5) for | 368 | option and the ForwardX11Trusted directive in ssh_config(5) for |
365 | more information. | 369 | more information. |
366 | 370 | ||
367 | -x Disables X11 forwarding. | 371 | -x Disables X11 forwarding. |
@@ -369,12 +373,12 @@ DESCRIPTION | |||
369 | -Y Enables trusted X11 forwarding. Trusted X11 forwardings are not | 373 | -Y Enables trusted X11 forwarding. Trusted X11 forwardings are not |
370 | subjected to the X11 SECURITY extension controls. | 374 | subjected to the X11 SECURITY extension controls. |
371 | 375 | ||
372 | -y Send log information using the syslog(3) system module. By de- | 376 | -y Send log information using the syslog(3) system module. By |
373 | fault this information is sent to stderr. | 377 | default this information is sent to stderr. |
374 | 378 | ||
375 | ssh may additionally obtain configuration data from a per-user configura- | 379 | ssh may additionally obtain configuration data from a per-user |
376 | tion file and a system-wide configuration file. The file format and con- | 380 | configuration file and a system-wide configuration file. The file format |
377 | figuration options are described in ssh_config(5). | 381 | and configuration options are described in ssh_config(5). |
378 | 382 | ||
379 | ssh exits with the exit status of the remote command or with 255 if an | 383 | ssh exits with the exit status of the remote command or with 255 if an |
380 | error occurred. | 384 | error occurred. |
@@ -385,15 +389,16 @@ AUTHENTICATION | |||
385 | in ssh_config(5) or the -1 and -2 options (see above). Both protocols | 389 | in ssh_config(5) or the -1 and -2 options (see above). Both protocols |
386 | support similar authentication methods, but protocol 2 is the default | 390 | support similar authentication methods, but protocol 2 is the default |
387 | since it provides additional mechanisms for confidentiality (the traffic | 391 | since it provides additional mechanisms for confidentiality (the traffic |
388 | is encrypted using AES, 3DES, Blowfish, CAST128, or Arcfour) and integri- | 392 | is encrypted using AES, 3DES, Blowfish, CAST128, or Arcfour) and |
389 | ty (hmac-md5, hmac-sha1, umac-64, hmac-ripemd160). Protocol 1 lacks a | 393 | integrity (hmac-md5, hmac-sha1, umac-64, hmac-ripemd160). Protocol 1 |
390 | strong mechanism for ensuring the integrity of the connection. | 394 | lacks a strong mechanism for ensuring the integrity of the connection. |
391 | 395 | ||
392 | The methods available for authentication are: GSSAPI-based authentica- | 396 | The methods available for authentication are: GSSAPI-based |
393 | tion, host-based authentication, public key authentication, challenge-re- | 397 | authentication, host-based authentication, public key authentication, |
394 | sponse authentication, and password authentication. Authentication meth- | 398 | challenge-response authentication, and password authentication. |
395 | ods are tried in the order specified above, though protocol 2 has a con- | 399 | Authentication methods are tried in the order specified above, though |
396 | figuration option to change the default order: PreferredAuthentications. | 400 | protocol 2 has a configuration option to change the default order: |
401 | PreferredAuthentications. | ||
397 | 402 | ||
398 | Host-based authentication works as follows: If the machine the user logs | 403 | Host-based authentication works as follows: If the machine the user logs |
399 | in from is listed in /etc/hosts.equiv or /etc/shosts.equiv on the remote | 404 | in from is listed in /etc/hosts.equiv or /etc/shosts.equiv on the remote |
@@ -403,22 +408,22 @@ AUTHENTICATION | |||
403 | the name of the user on that machine, the user is considered for login. | 408 | the name of the user on that machine, the user is considered for login. |
404 | Additionally, the server must be able to verify the client's host key | 409 | Additionally, the server must be able to verify the client's host key |
405 | (see the description of /etc/ssh/ssh_known_hosts and ~/.ssh/known_hosts, | 410 | (see the description of /etc/ssh/ssh_known_hosts and ~/.ssh/known_hosts, |
406 | below) for login to be permitted. This authentication method closes se- | 411 | below) for login to be permitted. This authentication method closes |
407 | curity holes due to IP spoofing, DNS spoofing, and routing spoofing. | 412 | security holes due to IP spoofing, DNS spoofing, and routing spoofing. |
408 | [Note to the administrator: /etc/hosts.equiv, ~/.rhosts, and the | 413 | [Note to the administrator: /etc/hosts.equiv, ~/.rhosts, and the |
409 | rlogin/rsh protocol in general, are inherently insecure and should be | 414 | rlogin/rsh protocol in general, are inherently insecure and should be |
410 | disabled if security is desired.] | 415 | disabled if security is desired.] |
411 | 416 | ||
412 | Public key authentication works as follows: The scheme is based on pub- | 417 | Public key authentication works as follows: The scheme is based on |
413 | lic-key cryptography, using cryptosystems where encryption and decryption | 418 | public-key cryptography, using cryptosystems where encryption and |
414 | are done using separate keys, and it is unfeasible to derive the decryp- | 419 | decryption are done using separate keys, and it is unfeasible to derive |
415 | tion key from the encryption key. The idea is that each user creates a | 420 | the decryption key from the encryption key. The idea is that each user |
416 | public/private key pair for authentication purposes. The server knows | 421 | creates a public/private key pair for authentication purposes. The |
417 | the public key, and only the user knows the private key. ssh implements | 422 | server knows the public key, and only the user knows the private key. |
418 | public key authentication protocol automatically, using either the RSA or | 423 | ssh implements public key authentication protocol automatically, using |
419 | DSA algorithms. Protocol 1 is restricted to using only RSA keys, but | 424 | either the RSA or DSA algorithms. Protocol 1 is restricted to using only |
420 | protocol 2 may use either. The HISTORY section of ssl(8) contains a | 425 | RSA keys, but protocol 2 may use either. The HISTORY section of ssl(8) |
421 | brief discussion of the two algorithms. | 426 | contains a brief discussion of the two algorithms. |
422 | 427 | ||
423 | The file ~/.ssh/authorized_keys lists the public keys that are permitted | 428 | The file ~/.ssh/authorized_keys lists the public keys that are permitted |
424 | for logging in. When the user logs in, the ssh program tells the server | 429 | for logging in. When the user logs in, the ssh program tells the server |
@@ -430,48 +435,49 @@ AUTHENTICATION | |||
430 | the private key in ~/.ssh/identity (protocol 1), ~/.ssh/id_dsa (protocol | 435 | the private key in ~/.ssh/identity (protocol 1), ~/.ssh/id_dsa (protocol |
431 | 2 DSA), or ~/.ssh/id_rsa (protocol 2 RSA) and stores the public key in | 436 | 2 DSA), or ~/.ssh/id_rsa (protocol 2 RSA) and stores the public key in |
432 | ~/.ssh/identity.pub (protocol 1), ~/.ssh/id_dsa.pub (protocol 2 DSA), or | 437 | ~/.ssh/identity.pub (protocol 1), ~/.ssh/id_dsa.pub (protocol 2 DSA), or |
433 | ~/.ssh/id_rsa.pub (protocol 2 RSA) in the user's home directory. The us- | 438 | ~/.ssh/id_rsa.pub (protocol 2 RSA) in the user's home directory. The |
434 | er should then copy the public key to ~/.ssh/authorized_keys in his/her | 439 | user should then copy the public key to ~/.ssh/authorized_keys in his/her |
435 | home directory on the remote machine. The authorized_keys file corre- | 440 | home directory on the remote machine. The authorized_keys file |
436 | sponds to the conventional ~/.rhosts file, and has one key per line, | 441 | corresponds to the conventional ~/.rhosts file, and has one key per line, |
437 | though the lines can be very long. After this, the user can log in with- | 442 | though the lines can be very long. After this, the user can log in |
438 | out giving the password. | 443 | without giving the password. |
439 | 444 | ||
440 | A variation on public key authentication is available in the form of cer- | 445 | A variation on public key authentication is available in the form of |
441 | tificate authentication: instead of a set of public/private keys, signed | 446 | certificate authentication: instead of a set of public/private keys, |
442 | certificates are used. This has the advantage that a single trusted cer- | 447 | signed certificates are used. This has the advantage that a single |
443 | tification authority can be used in place of many public/private keys. | 448 | trusted certification authority can be used in place of many |
444 | See the CERTIFICATES section of ssh-keygen(1) for more information. | 449 | public/private keys. See the CERTIFICATES section of ssh-keygen(1) for |
450 | more information. | ||
445 | 451 | ||
446 | The most convenient way to use public key or certificate authentication | 452 | The most convenient way to use public key or certificate authentication |
447 | may be with an authentication agent. See ssh-agent(1) for more informa- | 453 | may be with an authentication agent. See ssh-agent(1) for more |
448 | tion. | 454 | information. |
449 | 455 | ||
450 | Challenge-response authentication works as follows: The server sends an | 456 | Challenge-response authentication works as follows: The server sends an |
451 | arbitrary "challenge" text, and prompts for a response. Protocol 2 al- | 457 | arbitrary "challenge" text, and prompts for a response. Protocol 2 |
452 | lows multiple challenges and responses; protocol 1 is restricted to just | 458 | allows multiple challenges and responses; protocol 1 is restricted to |
453 | one challenge/response. Examples of challenge-response authentication | 459 | just one challenge/response. Examples of challenge-response |
454 | include BSD Authentication (see login.conf(5)) and PAM (some non-OpenBSD | 460 | authentication include BSD Authentication (see login.conf(5)) and PAM |
455 | systems). | 461 | (some non-OpenBSD systems). |
456 | 462 | ||
457 | Finally, if other authentication methods fail, ssh prompts the user for a | 463 | Finally, if other authentication methods fail, ssh prompts the user for a |
458 | password. The password is sent to the remote host for checking; however, | 464 | password. The password is sent to the remote host for checking; however, |
459 | since all communications are encrypted, the password cannot be seen by | 465 | since all communications are encrypted, the password cannot be seen by |
460 | someone listening on the network. | 466 | someone listening on the network. |
461 | 467 | ||
462 | ssh automatically maintains and checks a database containing identifica- | 468 | ssh automatically maintains and checks a database containing |
463 | tion for all hosts it has ever been used with. Host keys are stored in | 469 | identification for all hosts it has ever been used with. Host keys are |
464 | ~/.ssh/known_hosts in the user's home directory. Additionally, the file | 470 | stored in ~/.ssh/known_hosts in the user's home directory. Additionally, |
465 | /etc/ssh/ssh_known_hosts is automatically checked for known hosts. Any | 471 | the file /etc/ssh/ssh_known_hosts is automatically checked for known |
466 | new hosts are automatically added to the user's file. If a host's iden- | 472 | hosts. Any new hosts are automatically added to the user's file. If a |
467 | tification ever changes, ssh warns about this and disables password au- | 473 | host's identification ever changes, ssh warns about this and disables |
468 | thentication to prevent server spoofing or man-in-the-middle attacks, | 474 | password authentication to prevent server spoofing or man-in-the-middle |
469 | which could otherwise be used to circumvent the encryption. The | 475 | attacks, which could otherwise be used to circumvent the encryption. The |
470 | StrictHostKeyChecking option can be used to control logins to machines | 476 | StrictHostKeyChecking option can be used to control logins to machines |
471 | whose host key is not known or has changed. | 477 | whose host key is not known or has changed. |
472 | 478 | ||
473 | When the user's identity has been accepted by the server, the server ei- | 479 | When the user's identity has been accepted by the server, the server |
474 | ther executes the given command, or logs into the machine and gives the | 480 | either executes the given command, or logs into the machine and gives the |
475 | user a normal shell on the remote machine. All communication with the | 481 | user a normal shell on the remote machine. All communication with the |
476 | remote command or shell will be automatically encrypted. | 482 | remote command or shell will be automatically encrypted. |
477 | 483 | ||
@@ -487,14 +493,14 @@ AUTHENTICATION | |||
487 | exits and all X11 and TCP connections have been closed. | 493 | exits and all X11 and TCP connections have been closed. |
488 | 494 | ||
489 | ESCAPE CHARACTERS | 495 | ESCAPE CHARACTERS |
490 | When a pseudo-terminal has been requested, ssh supports a number of func- | 496 | When a pseudo-terminal has been requested, ssh supports a number of |
491 | tions through the use of an escape character. | 497 | functions through the use of an escape character. |
492 | 498 | ||
493 | A single tilde character can be sent as ~~ or by following the tilde by a | 499 | A single tilde character can be sent as ~~ or by following the tilde by a |
494 | character other than those described below. The escape character must | 500 | character other than those described below. The escape character must |
495 | always follow a newline to be interpreted as special. The escape charac- | 501 | always follow a newline to be interpreted as special. The escape |
496 | ter can be changed in configuration files using the EscapeChar configura- | 502 | character can be changed in configuration files using the EscapeChar |
497 | tion directive or on the command line by the -e option. | 503 | configuration directive or on the command line by the -e option. |
498 | 504 | ||
499 | The supported escapes (assuming the default `~') are: | 505 | The supported escapes (assuming the default `~') are: |
500 | 506 | ||
@@ -531,8 +537,8 @@ TCP FORWARDING | |||
531 | In the example below, we look at encrypting communication between an IRC | 537 | In the example below, we look at encrypting communication between an IRC |
532 | client and server, even though the IRC server does not directly support | 538 | client and server, even though the IRC server does not directly support |
533 | encrypted communications. This works as follows: the user connects to | 539 | encrypted communications. This works as follows: the user connects to |
534 | the remote host using ssh, specifying a port to be used to forward con- | 540 | the remote host using ssh, specifying a port to be used to forward |
535 | nections to the remote server. After that it is possible to start the | 541 | connections to the remote server. After that it is possible to start the |
536 | service which is to be encrypted on the client machine, connecting to the | 542 | service which is to be encrypted on the client machine, connecting to the |
537 | same local port, and ssh will encrypt and forward the connection. | 543 | same local port, and ssh will encrypt and forward the connection. |
538 | 544 | ||
@@ -543,11 +549,11 @@ TCP FORWARDING | |||
543 | $ irc -c '#users' -p 1234 pinky 127.0.0.1 | 549 | $ irc -c '#users' -p 1234 pinky 127.0.0.1 |
544 | 550 | ||
545 | This tunnels a connection to IRC server ``server.example.com'', joining | 551 | This tunnels a connection to IRC server ``server.example.com'', joining |
546 | channel ``#users'', nickname ``pinky'', using port 1234. It doesn't mat- | 552 | channel ``#users'', nickname ``pinky'', using port 1234. It doesn't |
547 | ter which port is used, as long as it's greater than 1023 (remember, only | 553 | matter which port is used, as long as it's greater than 1023 (remember, |
548 | root can open sockets on privileged ports) and doesn't conflict with any | 554 | only root can open sockets on privileged ports) and doesn't conflict with |
549 | ports already in use. The connection is forwarded to port 6667 on the | 555 | any ports already in use. The connection is forwarded to port 6667 on |
550 | remote server, since that's the standard port for IRC services. | 556 | the remote server, since that's the standard port for IRC services. |
551 | 557 | ||
552 | The -f option backgrounds ssh and the remote command ``sleep 10'' is | 558 | The -f option backgrounds ssh and the remote command ``sleep 10'' is |
553 | specified to allow an amount of time (10 seconds, in the example) to | 559 | specified to allow an amount of time (10 seconds, in the example) to |
@@ -557,13 +563,13 @@ TCP FORWARDING | |||
557 | X11 FORWARDING | 563 | X11 FORWARDING |
558 | If the ForwardX11 variable is set to ``yes'' (or see the description of | 564 | If the ForwardX11 variable is set to ``yes'' (or see the description of |
559 | the -X, -x, and -Y options above) and the user is using X11 (the DISPLAY | 565 | the -X, -x, and -Y options above) and the user is using X11 (the DISPLAY |
560 | environment variable is set), the connection to the X11 display is auto- | 566 | environment variable is set), the connection to the X11 display is |
561 | matically forwarded to the remote side in such a way that any X11 pro- | 567 | automatically forwarded to the remote side in such a way that any X11 |
562 | grams started from the shell (or command) will go through the encrypted | 568 | programs started from the shell (or command) will go through the |
563 | channel, and the connection to the real X server will be made from the | 569 | encrypted channel, and the connection to the real X server will be made |
564 | local machine. The user should not manually set DISPLAY. Forwarding of | 570 | from the local machine. The user should not manually set DISPLAY. |
565 | X11 connections can be configured on the command line or in configuration | 571 | Forwarding of X11 connections can be configured on the command line or in |
566 | files. | 572 | configuration files. |
567 | 573 | ||
568 | The DISPLAY value set by ssh will point to the server machine, but with a | 574 | The DISPLAY value set by ssh will point to the server machine, but with a |
569 | display number greater than zero. This is normal, and happens because | 575 | display number greater than zero. This is normal, and happens because |
@@ -579,8 +585,8 @@ X11 FORWARDING | |||
579 | 585 | ||
580 | If the ForwardAgent variable is set to ``yes'' (or see the description of | 586 | If the ForwardAgent variable is set to ``yes'' (or see the description of |
581 | the -A and -a options above) and the user is using an authentication | 587 | the -A and -a options above) and the user is using an authentication |
582 | agent, the connection to the agent is automatically forwarded to the re- | 588 | agent, the connection to the agent is automatically forwarded to the |
583 | mote side. | 589 | remote side. |
584 | 590 | ||
585 | VERIFYING HOST KEYS | 591 | VERIFYING HOST KEYS |
586 | When connecting to a server for the first time, a fingerprint of the | 592 | When connecting to a server for the first time, a fingerprint of the |
@@ -597,8 +603,8 @@ VERIFYING HOST KEYS | |||
597 | ``yes'', a small ASCII graphic gets displayed on every login to a server, | 603 | ``yes'', a small ASCII graphic gets displayed on every login to a server, |
598 | no matter if the session itself is interactive or not. By learning the | 604 | no matter if the session itself is interactive or not. By learning the |
599 | pattern a known server produces, a user can easily find out that the host | 605 | pattern a known server produces, a user can easily find out that the host |
600 | key has changed when a completely different pattern is displayed. Be- | 606 | key has changed when a completely different pattern is displayed. |
601 | cause these patterns are not unambiguous however, a pattern that looks | 607 | Because these patterns are not unambiguous however, a pattern that looks |
602 | similar to the pattern remembered only gives a good probability that the | 608 | similar to the pattern remembered only gives a good probability that the |
603 | host key is the same, not guaranteed proof. | 609 | host key is the same, not guaranteed proof. |
604 | 610 | ||
@@ -634,15 +640,15 @@ VERIFYING HOST KEYS | |||
634 | 640 | ||
635 | SSH-BASED VIRTUAL PRIVATE NETWORKS | 641 | SSH-BASED VIRTUAL PRIVATE NETWORKS |
636 | ssh contains support for Virtual Private Network (VPN) tunnelling using | 642 | ssh contains support for Virtual Private Network (VPN) tunnelling using |
637 | the tun(4) network pseudo-device, allowing two networks to be joined se- | 643 | the tun(4) network pseudo-device, allowing two networks to be joined |
638 | curely. The sshd_config(5) configuration option PermitTunnel controls | 644 | securely. The sshd_config(5) configuration option PermitTunnel controls |
639 | whether the server supports this, and at what level (layer 2 or 3 traf- | 645 | whether the server supports this, and at what level (layer 2 or 3 |
640 | fic). | 646 | traffic). |
641 | 647 | ||
642 | The following example would connect client network 10.0.50.0/24 with re- | 648 | The following example would connect client network 10.0.50.0/24 with |
643 | mote network 10.0.99.0/24 using a point-to-point connection from 10.1.1.1 | 649 | remote network 10.0.99.0/24 using a point-to-point connection from |
644 | to 10.1.1.2, provided that the SSH server running on the gateway to the | 650 | 10.1.1.1 to 10.1.1.2, provided that the SSH server running on the gateway |
645 | remote network, at 192.168.1.15, allows it. | 651 | to the remote network, at 192.168.1.15, allows it. |
646 | 652 | ||
647 | On the client: | 653 | On the client: |
648 | 654 | ||
@@ -665,8 +671,8 @@ SSH-BASED VIRTUAL PRIVATE NETWORKS | |||
665 | tunnel="2",command="sh /etc/netstart tun2" ssh-rsa ... john | 671 | tunnel="2",command="sh /etc/netstart tun2" ssh-rsa ... john |
666 | 672 | ||
667 | Since an SSH-based setup entails a fair amount of overhead, it may be | 673 | Since an SSH-based setup entails a fair amount of overhead, it may be |
668 | more suited to temporary setups, such as for wireless VPNs. More perma- | 674 | more suited to temporary setups, such as for wireless VPNs. More |
669 | nent VPNs are better provided by tools such as ipsecctl(8) and | 675 | permanent VPNs are better provided by tools such as ipsecctl(8) and |
670 | isakmpd(8). | 676 | isakmpd(8). |
671 | 677 | ||
672 | ENVIRONMENT | 678 | ENVIRONMENT |
@@ -685,13 +691,13 @@ ENVIRONMENT | |||
685 | 691 | ||
686 | HOME Set to the path of the user's home directory. | 692 | HOME Set to the path of the user's home directory. |
687 | 693 | ||
688 | LOGNAME Synonym for USER; set for compatibility with sys- | 694 | LOGNAME Synonym for USER; set for compatibility with |
689 | tems that use this variable. | 695 | systems that use this variable. |
690 | 696 | ||
691 | MAIL Set to the path of the user's mailbox. | 697 | MAIL Set to the path of the user's mailbox. |
692 | 698 | ||
693 | PATH Set to the default PATH, as specified when compil- | 699 | PATH Set to the default PATH, as specified when |
694 | ing ssh. | 700 | compiling ssh. |
695 | 701 | ||
696 | SSH_ASKPASS If ssh needs a passphrase, it will read the | 702 | SSH_ASKPASS If ssh needs a passphrase, it will read the |
697 | passphrase from the current terminal if it was run | 703 | passphrase from the current terminal if it was run |
@@ -699,49 +705,50 @@ ENVIRONMENT | |||
699 | associated with it but DISPLAY and SSH_ASKPASS are | 705 | associated with it but DISPLAY and SSH_ASKPASS are |
700 | set, it will execute the program specified by | 706 | set, it will execute the program specified by |
701 | SSH_ASKPASS and open an X11 window to read the | 707 | SSH_ASKPASS and open an X11 window to read the |
702 | passphrase. This is particularly useful when call- | 708 | passphrase. This is particularly useful when |
703 | ing ssh from a .xsession or related script. (Note | 709 | calling ssh from a .xsession or related script. |
704 | that on some machines it may be necessary to redi- | 710 | (Note that on some machines it may be necessary to |
705 | rect the input from /dev/null to make this work.) | 711 | redirect the input from /dev/null to make this |
712 | work.) | ||
706 | 713 | ||
707 | SSH_AUTH_SOCK Identifies the path of a UNIX-domain socket used to | 714 | SSH_AUTH_SOCK Identifies the path of a UNIX-domain socket used to |
708 | communicate with the agent. | 715 | communicate with the agent. |
709 | 716 | ||
710 | SSH_CONNECTION Identifies the client and server ends of the con- | 717 | SSH_CONNECTION Identifies the client and server ends of the |
711 | nection. The variable contains four space-separat- | 718 | connection. The variable contains four space- |
712 | ed values: client IP address, client port number, | 719 | separated values: client IP address, client port |
713 | server IP address, and server port number. | 720 | number, server IP address, and server port number. |
714 | 721 | ||
715 | SSH_ORIGINAL_COMMAND This variable contains the original command line if | 722 | SSH_ORIGINAL_COMMAND This variable contains the original command line if |
716 | a forced command is executed. It can be used to | 723 | a forced command is executed. It can be used to |
717 | extract the original arguments. | 724 | extract the original arguments. |
718 | 725 | ||
719 | SSH_TTY This is set to the name of the tty (path to the de- | 726 | SSH_TTY This is set to the name of the tty (path to the |
720 | vice) associated with the current shell or command. | 727 | device) associated with the current shell or |
721 | If the current session has no tty, this variable is | 728 | command. If the current session has no tty, this |
722 | not set. | 729 | variable is not set. |
723 | 730 | ||
724 | TZ This variable is set to indicate the present time | 731 | TZ This variable is set to indicate the present time |
725 | zone if it was set when the daemon was started | 732 | zone if it was set when the daemon was started |
726 | (i.e. the daemon passes the value on to new connec- | 733 | (i.e. the daemon passes the value on to new |
727 | tions). | 734 | connections). |
728 | 735 | ||
729 | USER Set to the name of the user logging in. | 736 | USER Set to the name of the user logging in. |
730 | 737 | ||
731 | Additionally, ssh reads ~/.ssh/environment, and adds lines of the format | 738 | Additionally, ssh reads ~/.ssh/environment, and adds lines of the format |
732 | ``VARNAME=value'' to the environment if the file exists and users are al- | 739 | ``VARNAME=value'' to the environment if the file exists and users are |
733 | lowed to change their environment. For more information, see the | 740 | allowed to change their environment. For more information, see the |
734 | PermitUserEnvironment option in sshd_config(5). | 741 | PermitUserEnvironment option in sshd_config(5). |
735 | 742 | ||
736 | FILES | 743 | FILES |
737 | ~/.rhosts | 744 | ~/.rhosts |
738 | This file is used for host-based authentication (see above). On | 745 | This file is used for host-based authentication (see above). On |
739 | some machines this file may need to be world-readable if the us- | 746 | some machines this file may need to be world-readable if the |
740 | er's home directory is on an NFS partition, because sshd(8) reads | 747 | user's home directory is on an NFS partition, because sshd(8) |
741 | it as root. Additionally, this file must be owned by the user, | 748 | reads it as root. Additionally, this file must be owned by the |
742 | and must not have write permissions for anyone else. The recom- | 749 | user, and must not have write permissions for anyone else. The |
743 | mended permission for most machines is read/write for the user, | 750 | recommended permission for most machines is read/write for the |
744 | and not accessible by others. | 751 | user, and not accessible by others. |
745 | 752 | ||
746 | ~/.shosts | 753 | ~/.shosts |
747 | This file is used in exactly the same way as .rhosts, but allows | 754 | This file is used in exactly the same way as .rhosts, but allows |
@@ -749,18 +756,18 @@ FILES | |||
749 | rlogin/rsh. | 756 | rlogin/rsh. |
750 | 757 | ||
751 | ~/.ssh/ | 758 | ~/.ssh/ |
752 | This directory is the default location for all user-specific con- | 759 | This directory is the default location for all user-specific |
753 | figuration and authentication information. There is no general | 760 | configuration and authentication information. There is no |
754 | requirement to keep the entire contents of this directory secret, | 761 | general requirement to keep the entire contents of this directory |
755 | but the recommended permissions are read/write/execute for the | 762 | secret, but the recommended permissions are read/write/execute |
756 | user, and not accessible by others. | 763 | for the user, and not accessible by others. |
757 | 764 | ||
758 | ~/.ssh/authorized_keys | 765 | ~/.ssh/authorized_keys |
759 | Lists the public keys (RSA/DSA) that can be used for logging in | 766 | Lists the public keys (RSA/DSA) that can be used for logging in |
760 | as this user. The format of this file is described in the | 767 | as this user. The format of this file is described in the |
761 | sshd(8) manual page. This file is not highly sensitive, but the | 768 | sshd(8) manual page. This file is not highly sensitive, but the |
762 | recommended permissions are read/write for the user, and not ac- | 769 | recommended permissions are read/write for the user, and not |
763 | cessible by others. | 770 | accessible by others. |
764 | 771 | ||
765 | ~/.ssh/config | 772 | ~/.ssh/config |
766 | This is the per-user configuration file. The file format and | 773 | This is the per-user configuration file. The file format and |
@@ -776,11 +783,12 @@ FILES | |||
776 | ~/.ssh/id_dsa | 783 | ~/.ssh/id_dsa |
777 | ~/.ssh/id_rsa | 784 | ~/.ssh/id_rsa |
778 | Contains the private key for authentication. These files contain | 785 | Contains the private key for authentication. These files contain |
779 | sensitive data and should be readable by the user but not acces- | 786 | sensitive data and should be readable by the user but not |
780 | sible by others (read/write/execute). ssh will simply ignore a | 787 | accessible by others (read/write/execute). ssh will simply |
781 | private key file if it is accessible by others. It is possible | 788 | ignore a private key file if it is accessible by others. It is |
782 | to specify a passphrase when generating the key which will be | 789 | possible to specify a passphrase when generating the key which |
783 | used to encrypt the sensitive part of this file using 3DES. | 790 | will be used to encrypt the sensitive part of this file using |
791 | 3DES. | ||
784 | 792 | ||
785 | ~/.ssh/identity.pub | 793 | ~/.ssh/identity.pub |
786 | ~/.ssh/id_dsa.pub | 794 | ~/.ssh/id_dsa.pub |
@@ -804,8 +812,8 @@ FILES | |||
804 | should only be writable by root. | 812 | should only be writable by root. |
805 | 813 | ||
806 | /etc/shosts.equiv | 814 | /etc/shosts.equiv |
807 | This file is used in exactly the same way as hosts.equiv, but al- | 815 | This file is used in exactly the same way as hosts.equiv, but |
808 | lows host-based authentication without permitting login with | 816 | allows host-based authentication without permitting login with |
809 | rlogin/rsh. | 817 | rlogin/rsh. |
810 | 818 | ||
811 | /etc/ssh/ssh_config | 819 | /etc/ssh/ssh_config |
@@ -817,11 +825,11 @@ FILES | |||
817 | /etc/ssh/ssh_host_rsa_key | 825 | /etc/ssh/ssh_host_rsa_key |
818 | These three files contain the private parts of the host keys and | 826 | These three files contain the private parts of the host keys and |
819 | are used for host-based authentication. If protocol version 1 is | 827 | are used for host-based authentication. If protocol version 1 is |
820 | used, ssh must be setuid root, since the host key is readable on- | 828 | used, ssh must be setuid root, since the host key is readable |
821 | ly by root. For protocol version 2, ssh uses ssh-keysign(8) to | 829 | only by root. For protocol version 2, ssh uses ssh-keysign(8) to |
822 | access the host keys, eliminating the requirement that ssh be se- | 830 | access the host keys, eliminating the requirement that ssh be |
823 | tuid root when host-based authentication is used. By default ssh | 831 | setuid root when host-based authentication is used. By default |
824 | is not setuid root. | 832 | ssh is not setuid root. |
825 | 833 | ||
826 | /etc/ssh/ssh_known_hosts | 834 | /etc/ssh/ssh_known_hosts |
827 | Systemwide list of known host keys. This file should be prepared | 835 | Systemwide list of known host keys. This file should be prepared |
@@ -866,7 +874,7 @@ SEE ALSO | |||
866 | 874 | ||
867 | The Secure Shell (SSH) Public Key File Format, RFC 4716, 2006. | 875 | The Secure Shell (SSH) Public Key File Format, RFC 4716, 2006. |
868 | 876 | ||
869 | A. Perrig and D. Song, Hash Visualization: a New Technique to improve | 877 | A. Perrig, D. Song, Hash Visualization: a New Technique to improve |
870 | Real-World Security, 1999, International Workshop on Cryptographic | 878 | Real-World Security, 1999, International Workshop on Cryptographic |
871 | Techniques and E-Commerce (CrypTEC '99). | 879 | Techniques and E-Commerce (CrypTEC '99). |
872 | 880 | ||
@@ -877,4 +885,4 @@ AUTHORS | |||
877 | created OpenSSH. Markus Friedl contributed the support for SSH protocol | 885 | created OpenSSH. Markus Friedl contributed the support for SSH protocol |
878 | versions 1.5 and 2.0. | 886 | versions 1.5 and 2.0. |
879 | 887 | ||
880 | OpenBSD 4.7 March 26, 2010 14 | 888 | OpenBSD 4.8 August 4, 2010 OpenBSD 4.8 |
@@ -34,8 +34,8 @@ | |||
34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
36 | .\" | 36 | .\" |
37 | .\" $OpenBSD: ssh.1,v 1.303 2010/03/26 00:26:58 djm Exp $ | 37 | .\" $OpenBSD: ssh.1,v 1.308 2010/08/04 05:37:01 djm Exp $ |
38 | .Dd $Mdocdate: March 26 2010 $ | 38 | .Dd $Mdocdate: August 4 2010 $ |
39 | .Dt SSH 1 | 39 | .Dt SSH 1 |
40 | .Os | 40 | .Os |
41 | .Sh NAME | 41 | .Sh NAME |
@@ -43,46 +43,28 @@ | |||
43 | .Nd OpenSSH SSH client (remote login program) | 43 | .Nd OpenSSH SSH client (remote login program) |
44 | .Sh SYNOPSIS | 44 | .Sh SYNOPSIS |
45 | .Nm ssh | 45 | .Nm ssh |
46 | .Bk -words | ||
46 | .Op Fl 1246AaCfgKkMNnqsTtVvXxYy | 47 | .Op Fl 1246AaCfgKkMNnqsTtVvXxYy |
47 | .Op Fl b Ar bind_address | 48 | .Op Fl b Ar bind_address |
48 | .Op Fl c Ar cipher_spec | 49 | .Op Fl c Ar cipher_spec |
49 | .Oo Fl D\ \& | 50 | .Op Fl D Oo Ar bind_address : Oc Ns Ar port |
50 | .Sm off | ||
51 | .Oo Ar bind_address : Oc | ||
52 | .Ar port | ||
53 | .Sm on | ||
54 | .Oc | ||
55 | .Op Fl e Ar escape_char | 51 | .Op Fl e Ar escape_char |
56 | .Op Fl F Ar configfile | 52 | .Op Fl F Ar configfile |
57 | .Op Fl I Ar pkcs11 | 53 | .Op Fl I Ar pkcs11 |
58 | .Bk -words | ||
59 | .Op Fl i Ar identity_file | 54 | .Op Fl i Ar identity_file |
60 | .Ek | 55 | .Op Fl L Oo Ar bind_address : Oc Ns Ar port : Ns Ar host : Ns Ar hostport |
61 | .Oo Fl L\ \& | ||
62 | .Sm off | ||
63 | .Oo Ar bind_address : Oc | ||
64 | .Ar port : host : hostport | ||
65 | .Sm on | ||
66 | .Oc | ||
67 | .Bk -words | ||
68 | .Op Fl l Ar login_name | 56 | .Op Fl l Ar login_name |
69 | .Ek | ||
70 | .Op Fl m Ar mac_spec | 57 | .Op Fl m Ar mac_spec |
71 | .Op Fl O Ar ctl_cmd | 58 | .Op Fl O Ar ctl_cmd |
72 | .Op Fl o Ar option | 59 | .Op Fl o Ar option |
73 | .Op Fl p Ar port | 60 | .Op Fl p Ar port |
74 | .Oo Fl R\ \& | 61 | .Op Fl R Oo Ar bind_address : Oc Ns Ar port : Ns Ar host : Ns Ar hostport |
75 | .Sm off | ||
76 | .Oo Ar bind_address : Oc | ||
77 | .Ar port : host : hostport | ||
78 | .Sm on | ||
79 | .Oc | ||
80 | .Op Fl S Ar ctl_path | 62 | .Op Fl S Ar ctl_path |
81 | .Op Fl W Ar host : Ns Ar port | 63 | .Op Fl W Ar host : Ns Ar port |
82 | .Oo Fl w Ar local_tun Ns | 64 | .Op Fl w Ar local_tun Ns Op : Ns Ar remote_tun |
83 | .Op : Ns Ar remote_tun Oc | ||
84 | .Oo Ar user Ns @ Oc Ns Ar hostname | 65 | .Oo Ar user Ns @ Oc Ns Ar hostname |
85 | .Op Ar command | 66 | .Op Ar command |
67 | .Ek | ||
86 | .Sh DESCRIPTION | 68 | .Sh DESCRIPTION |
87 | .Nm | 69 | .Nm |
88 | (SSH client) is a program for logging into a remote machine and for | 70 | (SSH client) is a program for logging into a remote machine and for |
@@ -194,7 +176,9 @@ is a comma-separated list of ciphers | |||
194 | listed in order of preference. | 176 | listed in order of preference. |
195 | See the | 177 | See the |
196 | .Cm Ciphers | 178 | .Cm Ciphers |
197 | keyword for more information. | 179 | keyword in |
180 | .Xr ssh_config 5 | ||
181 | for more information. | ||
198 | .It Fl D Xo | 182 | .It Fl D Xo |
199 | .Sm off | 183 | .Sm off |
200 | .Oo Ar bind_address : Oc | 184 | .Oo Ar bind_address : Oc |
@@ -218,14 +202,7 @@ will act as a SOCKS server. | |||
218 | Only root can forward privileged ports. | 202 | Only root can forward privileged ports. |
219 | Dynamic port forwardings can also be specified in the configuration file. | 203 | Dynamic port forwardings can also be specified in the configuration file. |
220 | .Pp | 204 | .Pp |
221 | IPv6 addresses can be specified with an alternative syntax: | 205 | IPv6 addresses can be specified by enclosing the address in square brackets. |
222 | .Sm off | ||
223 | .Xo | ||
224 | .Op Ar bind_address No / | ||
225 | .Ar port | ||
226 | .Xc | ||
227 | .Sm on | ||
228 | or by enclosing the address in square brackets. | ||
229 | Only the superuser can forward privileged ports. | 206 | Only the superuser can forward privileged ports. |
230 | By default, the local port is bound in accordance with the | 207 | By default, the local port is bound in accordance with the |
231 | .Cm GatewayPorts | 208 | .Cm GatewayPorts |
@@ -336,15 +313,7 @@ port | |||
336 | .Ar hostport | 313 | .Ar hostport |
337 | from the remote machine. | 314 | from the remote machine. |
338 | Port forwardings can also be specified in the configuration file. | 315 | Port forwardings can also be specified in the configuration file. |
339 | IPv6 addresses can be specified with an alternative syntax: | 316 | IPv6 addresses can be specified by enclosing the address in square brackets. |
340 | .Sm off | ||
341 | .Xo | ||
342 | .Op Ar bind_address No / | ||
343 | .Ar port No / Ar host No / | ||
344 | .Ar hostport | ||
345 | .Xc | ||
346 | .Sm on | ||
347 | or by enclosing the address in square brackets. | ||
348 | Only the superuser can forward privileged ports. | 317 | Only the superuser can forward privileged ports. |
349 | By default, the local port is bound in accordance with the | 318 | By default, the local port is bound in accordance with the |
350 | .Cm GatewayPorts | 319 | .Cm GatewayPorts |
@@ -421,7 +390,9 @@ option is specified, the | |||
421 | argument is interpreted and passed to the master process. | 390 | argument is interpreted and passed to the master process. |
422 | Valid commands are: | 391 | Valid commands are: |
423 | .Dq check | 392 | .Dq check |
424 | (check that the master process is running) and | 393 | (check that the master process is running), |
394 | .Dq forward | ||
395 | (request forwardings without command execution) and | ||
425 | .Dq exit | 396 | .Dq exit |
426 | (request the master to exit). | 397 | (request the master to exit). |
427 | .It Fl o Ar option | 398 | .It Fl o Ar option |
@@ -525,15 +496,7 @@ from the local machine. | |||
525 | Port forwardings can also be specified in the configuration file. | 496 | Port forwardings can also be specified in the configuration file. |
526 | Privileged ports can be forwarded only when | 497 | Privileged ports can be forwarded only when |
527 | logging in as root on the remote machine. | 498 | logging in as root on the remote machine. |
528 | IPv6 addresses can be specified by enclosing the address in square braces or | 499 | IPv6 addresses can be specified by enclosing the address in square braces. |
529 | using an alternative syntax: | ||
530 | .Sm off | ||
531 | .Xo | ||
532 | .Op Ar bind_address No / | ||
533 | .Ar host No / Ar port No / | ||
534 | .Ar hostport | ||
535 | .Xc . | ||
536 | .Sm on | ||
537 | .Pp | 500 | .Pp |
538 | By default, the listening socket on the server will be bound to the loopback | 501 | By default, the listening socket on the server will be bound to the loopback |
539 | interface only. | 502 | interface only. |
@@ -557,8 +520,11 @@ argument is | |||
557 | .Ql 0 , | 520 | .Ql 0 , |
558 | the listen port will be dynamically allocated on the server and reported | 521 | the listen port will be dynamically allocated on the server and reported |
559 | to the client at run time. | 522 | to the client at run time. |
523 | When used together with | ||
524 | .Ic -O forward | ||
525 | the allocated port will be printed to the standard output. | ||
560 | .It Fl S Ar ctl_path | 526 | .It Fl S Ar ctl_path |
561 | Specifies the location of a control socket for connection sharing | 527 | Specifies the location of a control socket for connection sharing, |
562 | or the string | 528 | or the string |
563 | .Dq none | 529 | .Dq none |
564 | to disable connection sharing. | 530 | to disable connection sharing. |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh.c,v 1.335 2010/02/26 20:29:54 djm Exp $ */ | 1 | /* $OpenBSD: ssh.c,v 1.346 2010/08/12 21:49:44 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -79,6 +79,7 @@ | |||
79 | #include "ssh.h" | 79 | #include "ssh.h" |
80 | #include "ssh1.h" | 80 | #include "ssh1.h" |
81 | #include "ssh2.h" | 81 | #include "ssh2.h" |
82 | #include "canohost.h" | ||
82 | #include "compat.h" | 83 | #include "compat.h" |
83 | #include "cipher.h" | 84 | #include "cipher.h" |
84 | #include "packet.h" | 85 | #include "packet.h" |
@@ -127,6 +128,15 @@ int no_shell_flag = 0; | |||
127 | int stdin_null_flag = 0; | 128 | int stdin_null_flag = 0; |
128 | 129 | ||
129 | /* | 130 | /* |
131 | * Flag indicating that the current process should be backgrounded and | ||
132 | * a new slave launched in the foreground for ControlPersist. | ||
133 | */ | ||
134 | int need_controlpersist_detach = 0; | ||
135 | |||
136 | /* Copies of flags for ControlPersist foreground slave */ | ||
137 | int ostdin_null_flag, ono_shell_flag, ono_tty_flag, otty_flag; | ||
138 | |||
139 | /* | ||
130 | * Flag indicating that ssh should fork after authentication. This is useful | 140 | * Flag indicating that ssh should fork after authentication. This is useful |
131 | * so that the passphrase can be entered manually, and then ssh goes to the | 141 | * so that the passphrase can be entered manually, and then ssh goes to the |
132 | * background. | 142 | * background. |
@@ -228,6 +238,12 @@ main(int ac, char **av) | |||
228 | init_rng(); | 238 | init_rng(); |
229 | 239 | ||
230 | /* | 240 | /* |
241 | * Discard other fds that are hanging around. These can cause problem | ||
242 | * with backgrounded ssh processes started by ControlPersist. | ||
243 | */ | ||
244 | closefrom(STDERR_FILENO + 1); | ||
245 | |||
246 | /* | ||
231 | * Save the original real uid. It will be needed later (uid-swapping | 247 | * Save the original real uid. It will be needed later (uid-swapping |
232 | * may clobber the real uid). | 248 | * may clobber the real uid). |
233 | */ | 249 | */ |
@@ -327,6 +343,8 @@ main(int ac, char **av) | |||
327 | fatal("Multiplexing command already specified"); | 343 | fatal("Multiplexing command already specified"); |
328 | if (strcmp(optarg, "check") == 0) | 344 | if (strcmp(optarg, "check") == 0) |
329 | muxclient_command = SSHMUX_COMMAND_ALIVE_CHECK; | 345 | muxclient_command = SSHMUX_COMMAND_ALIVE_CHECK; |
346 | else if (strcmp(optarg, "forward") == 0) | ||
347 | muxclient_command = SSHMUX_COMMAND_FORWARD; | ||
330 | else if (strcmp(optarg, "exit") == 0) | 348 | else if (strcmp(optarg, "exit") == 0) |
331 | muxclient_command = SSHMUX_COMMAND_TERMINATE; | 349 | muxclient_command = SSHMUX_COMMAND_TERMINATE; |
332 | else | 350 | else |
@@ -620,7 +638,7 @@ main(int ac, char **av) | |||
620 | tty_flag = 1; | 638 | tty_flag = 1; |
621 | 639 | ||
622 | /* Force no tty */ | 640 | /* Force no tty */ |
623 | if (no_tty_flag) | 641 | if (no_tty_flag || muxclient_command != 0) |
624 | tty_flag = 0; | 642 | tty_flag = 0; |
625 | /* Do not allocate a tty if stdin is not a tty. */ | 643 | /* Do not allocate a tty if stdin is not a tty. */ |
626 | if ((!isatty(fileno(stdin)) || stdin_null_flag) && !force_tty_flag) { | 644 | if ((!isatty(fileno(stdin)) || stdin_null_flag) && !force_tty_flag) { |
@@ -676,6 +694,11 @@ main(int ac, char **av) | |||
676 | options.port = sp ? ntohs(sp->s_port) : SSH_DEFAULT_PORT; | 694 | options.port = sp ? ntohs(sp->s_port) : SSH_DEFAULT_PORT; |
677 | } | 695 | } |
678 | 696 | ||
697 | if (options.hostname != NULL) { | ||
698 | host = percent_expand(options.hostname, | ||
699 | "h", host, (char *)NULL); | ||
700 | } | ||
701 | |||
679 | if (options.local_command != NULL) { | 702 | if (options.local_command != NULL) { |
680 | char thishost[NI_MAXHOST]; | 703 | char thishost[NI_MAXHOST]; |
681 | 704 | ||
@@ -685,16 +708,12 @@ main(int ac, char **av) | |||
685 | debug3("expanding LocalCommand: %s", options.local_command); | 708 | debug3("expanding LocalCommand: %s", options.local_command); |
686 | cp = options.local_command; | 709 | cp = options.local_command; |
687 | options.local_command = percent_expand(cp, "d", pw->pw_dir, | 710 | options.local_command = percent_expand(cp, "d", pw->pw_dir, |
688 | "h", options.hostname? options.hostname : host, | 711 | "h", host, "l", thishost, "n", host, "r", options.user, |
689 | "l", thishost, "n", host, "r", options.user, "p", buf, | 712 | "p", buf, "u", pw->pw_name, (char *)NULL); |
690 | "u", pw->pw_name, (char *)NULL); | ||
691 | debug3("expanded LocalCommand: %s", options.local_command); | 713 | debug3("expanded LocalCommand: %s", options.local_command); |
692 | xfree(cp); | 714 | xfree(cp); |
693 | } | 715 | } |
694 | 716 | ||
695 | if (options.hostname != NULL) | ||
696 | host = options.hostname; | ||
697 | |||
698 | /* force lowercase for hostkey matching */ | 717 | /* force lowercase for hostkey matching */ |
699 | if (options.host_key_alias != NULL) { | 718 | if (options.host_key_alias != NULL) { |
700 | for (p = options.host_key_alias; *p; p++) | 719 | for (p = options.host_key_alias; *p; p++) |
@@ -761,26 +780,34 @@ main(int ac, char **av) | |||
761 | sensitive_data.external_keysign = 0; | 780 | sensitive_data.external_keysign = 0; |
762 | if (options.rhosts_rsa_authentication || | 781 | if (options.rhosts_rsa_authentication || |
763 | options.hostbased_authentication) { | 782 | options.hostbased_authentication) { |
764 | sensitive_data.nkeys = 3; | 783 | sensitive_data.nkeys = 5; |
765 | sensitive_data.keys = xcalloc(sensitive_data.nkeys, | 784 | sensitive_data.keys = xcalloc(sensitive_data.nkeys, |
766 | sizeof(Key)); | 785 | sizeof(Key)); |
767 | 786 | ||
768 | PRIV_START; | 787 | PRIV_START; |
769 | sensitive_data.keys[0] = key_load_private_type(KEY_RSA1, | 788 | sensitive_data.keys[0] = key_load_private_type(KEY_RSA1, |
770 | _PATH_HOST_KEY_FILE, "", NULL, NULL); | 789 | _PATH_HOST_KEY_FILE, "", NULL, NULL); |
771 | sensitive_data.keys[1] = key_load_private_type(KEY_DSA, | 790 | sensitive_data.keys[1] = key_load_private_cert(KEY_DSA, |
791 | _PATH_HOST_DSA_KEY_FILE, "", NULL); | ||
792 | sensitive_data.keys[2] = key_load_private_cert(KEY_RSA, | ||
793 | _PATH_HOST_RSA_KEY_FILE, "", NULL); | ||
794 | sensitive_data.keys[3] = key_load_private_type(KEY_DSA, | ||
772 | _PATH_HOST_DSA_KEY_FILE, "", NULL, NULL); | 795 | _PATH_HOST_DSA_KEY_FILE, "", NULL, NULL); |
773 | sensitive_data.keys[2] = key_load_private_type(KEY_RSA, | 796 | sensitive_data.keys[4] = key_load_private_type(KEY_RSA, |
774 | _PATH_HOST_RSA_KEY_FILE, "", NULL, NULL); | 797 | _PATH_HOST_RSA_KEY_FILE, "", NULL, NULL); |
775 | PRIV_END; | 798 | PRIV_END; |
776 | 799 | ||
777 | if (options.hostbased_authentication == 1 && | 800 | if (options.hostbased_authentication == 1 && |
778 | sensitive_data.keys[0] == NULL && | 801 | sensitive_data.keys[0] == NULL && |
779 | sensitive_data.keys[1] == NULL && | 802 | sensitive_data.keys[3] == NULL && |
780 | sensitive_data.keys[2] == NULL) { | 803 | sensitive_data.keys[4] == NULL) { |
781 | sensitive_data.keys[1] = key_load_public( | 804 | sensitive_data.keys[1] = key_load_cert( |
805 | _PATH_HOST_DSA_KEY_FILE); | ||
806 | sensitive_data.keys[2] = key_load_cert( | ||
807 | _PATH_HOST_RSA_KEY_FILE); | ||
808 | sensitive_data.keys[3] = key_load_public( | ||
782 | _PATH_HOST_DSA_KEY_FILE, NULL); | 809 | _PATH_HOST_DSA_KEY_FILE, NULL); |
783 | sensitive_data.keys[2] = key_load_public( | 810 | sensitive_data.keys[4] = key_load_public( |
784 | _PATH_HOST_RSA_KEY_FILE, NULL); | 811 | _PATH_HOST_RSA_KEY_FILE, NULL); |
785 | sensitive_data.external_keysign = 1; | 812 | sensitive_data.external_keysign = 1; |
786 | } | 813 | } |
@@ -827,6 +854,13 @@ main(int ac, char **av) | |||
827 | ssh_login(&sensitive_data, host, (struct sockaddr *)&hostaddr, | 854 | ssh_login(&sensitive_data, host, (struct sockaddr *)&hostaddr, |
828 | pw, timeout_ms); | 855 | pw, timeout_ms); |
829 | 856 | ||
857 | if (packet_connection_is_on_socket()) { | ||
858 | verbose("Authenticated to %s ([%s]:%d).", host, | ||
859 | get_remote_ipaddr(), get_remote_port()); | ||
860 | } else { | ||
861 | verbose("Authenticated to %s (via proxy).", host); | ||
862 | } | ||
863 | |||
830 | /* We no longer need the private host keys. Clear them now. */ | 864 | /* We no longer need the private host keys. Clear them now. */ |
831 | if (sensitive_data.nkeys != 0) { | 865 | if (sensitive_data.nkeys != 0) { |
832 | for (i = 0; i < sensitive_data.nkeys; i++) { | 866 | for (i = 0; i < sensitive_data.nkeys; i++) { |
@@ -866,6 +900,61 @@ main(int ac, char **av) | |||
866 | return exit_status; | 900 | return exit_status; |
867 | } | 901 | } |
868 | 902 | ||
903 | static void | ||
904 | control_persist_detach(void) | ||
905 | { | ||
906 | pid_t pid; | ||
907 | int devnull; | ||
908 | |||
909 | debug("%s: backgrounding master process", __func__); | ||
910 | |||
911 | /* | ||
912 | * master (current process) into the background, and make the | ||
913 | * foreground process a client of the backgrounded master. | ||
914 | */ | ||
915 | switch ((pid = fork())) { | ||
916 | case -1: | ||
917 | fatal("%s: fork: %s", __func__, strerror(errno)); | ||
918 | case 0: | ||
919 | /* Child: master process continues mainloop */ | ||
920 | break; | ||
921 | default: | ||
922 | /* Parent: set up mux slave to connect to backgrounded master */ | ||
923 | debug2("%s: background process is %ld", __func__, (long)pid); | ||
924 | stdin_null_flag = ostdin_null_flag; | ||
925 | no_shell_flag = ono_shell_flag; | ||
926 | no_tty_flag = ono_tty_flag; | ||
927 | tty_flag = otty_flag; | ||
928 | close(muxserver_sock); | ||
929 | muxserver_sock = -1; | ||
930 | muxclient(options.control_path); | ||
931 | /* muxclient() doesn't return on success. */ | ||
932 | fatal("Failed to connect to new control master"); | ||
933 | } | ||
934 | if ((devnull = open(_PATH_DEVNULL, O_RDWR)) == -1) { | ||
935 | error("%s: open(\"/dev/null\"): %s", __func__, | ||
936 | strerror(errno)); | ||
937 | } else { | ||
938 | if (dup2(devnull, STDIN_FILENO) == -1 || | ||
939 | dup2(devnull, STDOUT_FILENO) == -1) | ||
940 | error("%s: dup2: %s", __func__, strerror(errno)); | ||
941 | if (devnull > STDERR_FILENO) | ||
942 | close(devnull); | ||
943 | } | ||
944 | } | ||
945 | |||
946 | /* Do fork() after authentication. Used by "ssh -f" */ | ||
947 | static void | ||
948 | fork_postauth(void) | ||
949 | { | ||
950 | if (need_controlpersist_detach) | ||
951 | control_persist_detach(); | ||
952 | debug("forking to background"); | ||
953 | fork_after_authentication_flag = 0; | ||
954 | if (daemon(1, 1) < 0) | ||
955 | fatal("daemon() failed: %.200s", strerror(errno)); | ||
956 | } | ||
957 | |||
869 | /* Callback for remote forward global requests */ | 958 | /* Callback for remote forward global requests */ |
870 | static void | 959 | static void |
871 | ssh_confirm_remote_forward(int type, u_int32_t seq, void *ctxt) | 960 | ssh_confirm_remote_forward(int type, u_int32_t seq, void *ctxt) |
@@ -877,9 +966,10 @@ ssh_confirm_remote_forward(int type, u_int32_t seq, void *ctxt) | |||
877 | type == SSH2_MSG_REQUEST_SUCCESS ? "success" : "failure", | 966 | type == SSH2_MSG_REQUEST_SUCCESS ? "success" : "failure", |
878 | rfwd->listen_port, rfwd->connect_host, rfwd->connect_port); | 967 | rfwd->listen_port, rfwd->connect_host, rfwd->connect_port); |
879 | if (type == SSH2_MSG_REQUEST_SUCCESS && rfwd->listen_port == 0) { | 968 | if (type == SSH2_MSG_REQUEST_SUCCESS && rfwd->listen_port == 0) { |
969 | rfwd->allocated_port = packet_get_int(); | ||
880 | logit("Allocated port %u for remote forward to %s:%d", | 970 | logit("Allocated port %u for remote forward to %s:%d", |
881 | packet_get_int(), | 971 | rfwd->allocated_port, |
882 | rfwd->connect_host, rfwd->connect_port); | 972 | rfwd->connect_host, rfwd->connect_port); |
883 | } | 973 | } |
884 | 974 | ||
885 | if (type == SSH2_MSG_REQUEST_FAILURE) { | 975 | if (type == SSH2_MSG_REQUEST_FAILURE) { |
@@ -892,12 +982,8 @@ ssh_confirm_remote_forward(int type, u_int32_t seq, void *ctxt) | |||
892 | } | 982 | } |
893 | if (++remote_forward_confirms_received == options.num_remote_forwards) { | 983 | if (++remote_forward_confirms_received == options.num_remote_forwards) { |
894 | debug("All remote forwarding requests processed"); | 984 | debug("All remote forwarding requests processed"); |
895 | if (fork_after_authentication_flag) { | 985 | if (fork_after_authentication_flag) |
896 | fork_after_authentication_flag = 0; | 986 | fork_postauth(); |
897 | if (daemon(1, 1) < 0) | ||
898 | fatal("daemon() failed: %.200s", | ||
899 | strerror(errno)); | ||
900 | } | ||
901 | } | 987 | } |
902 | } | 988 | } |
903 | 989 | ||
@@ -1093,7 +1179,9 @@ ssh_session(void) | |||
1093 | char *proto, *data; | 1179 | char *proto, *data; |
1094 | /* Get reasonable local authentication information. */ | 1180 | /* Get reasonable local authentication information. */ |
1095 | client_x11_get_proto(display, options.xauth_location, | 1181 | client_x11_get_proto(display, options.xauth_location, |
1096 | options.forward_x11_trusted, &proto, &data); | 1182 | options.forward_x11_trusted, |
1183 | options.forward_x11_timeout, | ||
1184 | &proto, &data); | ||
1097 | /* Request forwarding with authentication spoofing. */ | 1185 | /* Request forwarding with authentication spoofing. */ |
1098 | debug("Requesting X11 forwarding with authentication " | 1186 | debug("Requesting X11 forwarding with authentication " |
1099 | "spoofing."); | 1187 | "spoofing."); |
@@ -1139,12 +1227,13 @@ ssh_session(void) | |||
1139 | * If requested and we are not interested in replies to remote | 1227 | * If requested and we are not interested in replies to remote |
1140 | * forwarding requests, then let ssh continue in the background. | 1228 | * forwarding requests, then let ssh continue in the background. |
1141 | */ | 1229 | */ |
1142 | if (fork_after_authentication_flag && | 1230 | if (fork_after_authentication_flag) { |
1143 | (!options.exit_on_forward_failure || | 1231 | if (options.exit_on_forward_failure && |
1144 | options.num_remote_forwards == 0)) { | 1232 | options.num_remote_forwards > 0) { |
1145 | fork_after_authentication_flag = 0; | 1233 | debug("deferring postauth fork until remote forward " |
1146 | if (daemon(1, 1) < 0) | 1234 | "confirmation received"); |
1147 | fatal("daemon() failed: %.200s", strerror(errno)); | 1235 | } else |
1236 | fork_postauth(); | ||
1148 | } | 1237 | } |
1149 | 1238 | ||
1150 | /* | 1239 | /* |
@@ -1175,18 +1264,22 @@ ssh_session(void) | |||
1175 | 1264 | ||
1176 | /* request pty/x11/agent/tcpfwd/shell for channel */ | 1265 | /* request pty/x11/agent/tcpfwd/shell for channel */ |
1177 | static void | 1266 | static void |
1178 | ssh_session2_setup(int id, void *arg) | 1267 | ssh_session2_setup(int id, int success, void *arg) |
1179 | { | 1268 | { |
1180 | extern char **environ; | 1269 | extern char **environ; |
1181 | const char *display; | 1270 | const char *display; |
1182 | int interactive = tty_flag; | 1271 | int interactive = tty_flag; |
1183 | 1272 | ||
1273 | if (!success) | ||
1274 | return; /* No need for error message, channels code sens one */ | ||
1275 | |||
1184 | display = getenv("DISPLAY"); | 1276 | display = getenv("DISPLAY"); |
1185 | if (options.forward_x11 && display != NULL) { | 1277 | if (options.forward_x11 && display != NULL) { |
1186 | char *proto, *data; | 1278 | char *proto, *data; |
1187 | /* Get reasonable local authentication information. */ | 1279 | /* Get reasonable local authentication information. */ |
1188 | client_x11_get_proto(display, options.xauth_location, | 1280 | client_x11_get_proto(display, options.xauth_location, |
1189 | options.forward_x11_trusted, &proto, &data); | 1281 | options.forward_x11_trusted, |
1282 | options.forward_x11_timeout, &proto, &data); | ||
1190 | /* Request forwarding with authentication spoofing. */ | 1283 | /* Request forwarding with authentication spoofing. */ |
1191 | debug("Requesting X11 forwarding with authentication " | 1284 | debug("Requesting X11 forwarding with authentication " |
1192 | "spoofing."); | 1285 | "spoofing."); |
@@ -1263,6 +1356,31 @@ ssh_session2(void) | |||
1263 | /* XXX should be pre-session */ | 1356 | /* XXX should be pre-session */ |
1264 | ssh_init_forwarding(); | 1357 | ssh_init_forwarding(); |
1265 | 1358 | ||
1359 | /* Start listening for multiplex clients */ | ||
1360 | muxserver_listen(); | ||
1361 | |||
1362 | /* | ||
1363 | * If we are in control persist mode, then prepare to background | ||
1364 | * ourselves and have a foreground client attach as a control | ||
1365 | * slave. NB. we must save copies of the flags that we override for | ||
1366 | * the backgrounding, since we defer attachment of the slave until | ||
1367 | * after the connection is fully established (in particular, | ||
1368 | * async rfwd replies have been received for ExitOnForwardFailure). | ||
1369 | */ | ||
1370 | if (options.control_persist && muxserver_sock != -1) { | ||
1371 | ostdin_null_flag = stdin_null_flag; | ||
1372 | ono_shell_flag = no_shell_flag; | ||
1373 | ono_tty_flag = no_tty_flag; | ||
1374 | otty_flag = tty_flag; | ||
1375 | stdin_null_flag = 1; | ||
1376 | no_shell_flag = 1; | ||
1377 | no_tty_flag = 1; | ||
1378 | tty_flag = 0; | ||
1379 | if (!fork_after_authentication_flag) | ||
1380 | need_controlpersist_detach = 1; | ||
1381 | fork_after_authentication_flag = 1; | ||
1382 | } | ||
1383 | |||
1266 | if (!no_shell_flag || (datafellows & SSH_BUG_DUMMYCHAN)) | 1384 | if (!no_shell_flag || (datafellows & SSH_BUG_DUMMYCHAN)) |
1267 | id = ssh_session2_open(); | 1385 | id = ssh_session2_open(); |
1268 | 1386 | ||
@@ -1281,14 +1399,17 @@ ssh_session2(void) | |||
1281 | options.permit_local_command) | 1399 | options.permit_local_command) |
1282 | ssh_local_cmd(options.local_command); | 1400 | ssh_local_cmd(options.local_command); |
1283 | 1401 | ||
1284 | /* Start listening for multiplex clients */ | 1402 | /* |
1285 | muxserver_listen(); | 1403 | * If requested and we are not interested in replies to remote |
1286 | 1404 | * forwarding requests, then let ssh continue in the background. | |
1287 | /* If requested, let ssh continue in the background. */ | 1405 | */ |
1288 | if (fork_after_authentication_flag) { | 1406 | if (fork_after_authentication_flag) { |
1289 | fork_after_authentication_flag = 0; | 1407 | if (options.exit_on_forward_failure && |
1290 | if (daemon(1, 1) < 0) | 1408 | options.num_remote_forwards > 0) { |
1291 | fatal("daemon() failed: %.200s", strerror(errno)); | 1409 | debug("deferring postauth fork until remote forward " |
1410 | "confirmation received"); | ||
1411 | } else | ||
1412 | fork_postauth(); | ||
1292 | } | 1413 | } |
1293 | 1414 | ||
1294 | if (options.use_roaming) | 1415 | if (options.use_roaming) |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh.h,v 1.78 2006/08/03 03:34:42 deraadt Exp $ */ | 1 | /* $OpenBSD: ssh.h,v 1.79 2010/06/25 07:14:46 djm Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
@@ -18,9 +18,6 @@ | |||
18 | /* Default port number. */ | 18 | /* Default port number. */ |
19 | #define SSH_DEFAULT_PORT 22 | 19 | #define SSH_DEFAULT_PORT 22 |
20 | 20 | ||
21 | /* Maximum number of TCP/IP ports forwarded per direction. */ | ||
22 | #define SSH_MAX_FORWARDS_PER_DIRECTION 100 | ||
23 | |||
24 | /* | 21 | /* |
25 | * Maximum number of RSA authentication identity files that can be specified | 22 | * Maximum number of RSA authentication identity files that can be specified |
26 | * in configuration files or on the command line. | 23 | * in configuration files or on the command line. |
diff --git a/ssh_config.0 b/ssh_config.0 index 1a2c64ce1..6c19de765 100644 --- a/ssh_config.0 +++ b/ssh_config.0 | |||
@@ -8,21 +8,21 @@ SYNOPSIS | |||
8 | /etc/ssh/ssh_config | 8 | /etc/ssh/ssh_config |
9 | 9 | ||
10 | DESCRIPTION | 10 | DESCRIPTION |
11 | ssh(1) obtains configuration data from the following sources in the fol- | 11 | ssh(1) obtains configuration data from the following sources in the |
12 | lowing order: | 12 | following order: |
13 | 13 | ||
14 | 1. command-line options | 14 | 1. command-line options |
15 | 2. user's configuration file (~/.ssh/config) | 15 | 2. user's configuration file (~/.ssh/config) |
16 | 3. system-wide configuration file (/etc/ssh/ssh_config) | 16 | 3. system-wide configuration file (/etc/ssh/ssh_config) |
17 | 17 | ||
18 | For each parameter, the first obtained value will be used. The configu- | 18 | For each parameter, the first obtained value will be used. The |
19 | ration files contain sections separated by ``Host'' specifications, and | 19 | configuration files contain sections separated by ``Host'' |
20 | that section is only applied for hosts that match one of the patterns | 20 | specifications, and that section is only applied for hosts that match one |
21 | given in the specification. The matched host name is the one given on | 21 | of the patterns given in the specification. The matched host name is the |
22 | the command line. | 22 | one given on the command line. |
23 | 23 | ||
24 | Since the first obtained value for each parameter is used, more host-spe- | 24 | Since the first obtained value for each parameter is used, more host- |
25 | cific declarations should be given near the beginning of the file, and | 25 | specific declarations should be given near the beginning of the file, and |
26 | general defaults at the end. | 26 | general defaults at the end. |
27 | 27 | ||
28 | The configuration file has the following format: | 28 | The configuration file has the following format: |
@@ -30,29 +30,29 @@ DESCRIPTION | |||
30 | Empty lines and lines starting with `#' are comments. Otherwise a line | 30 | Empty lines and lines starting with `#' are comments. Otherwise a line |
31 | is of the format ``keyword arguments''. Configuration options may be | 31 | is of the format ``keyword arguments''. Configuration options may be |
32 | separated by whitespace or optional whitespace and exactly one `='; the | 32 | separated by whitespace or optional whitespace and exactly one `='; the |
33 | latter format is useful to avoid the need to quote whitespace when speci- | 33 | latter format is useful to avoid the need to quote whitespace when |
34 | fying configuration options using the ssh, scp, and sftp -o option. Ar- | 34 | specifying configuration options using the ssh, scp, and sftp -o option. |
35 | guments may optionally be enclosed in double quotes (") in order to rep- | 35 | Arguments may optionally be enclosed in double quotes (") in order to |
36 | resent arguments containing spaces. | 36 | represent arguments containing spaces. |
37 | 37 | ||
38 | The possible keywords and their meanings are as follows (note that key- | 38 | The possible keywords and their meanings are as follows (note that |
39 | words are case-insensitive and arguments are case-sensitive): | 39 | keywords are case-insensitive and arguments are case-sensitive): |
40 | 40 | ||
41 | Host Restricts the following declarations (up to the next Host key- | 41 | Host Restricts the following declarations (up to the next Host |
42 | word) to be only for those hosts that match one of the patterns | 42 | keyword) to be only for those hosts that match one of the |
43 | given after the keyword. If more than one pattern is provided, | 43 | patterns given after the keyword. If more than one pattern is |
44 | they should be separated by whitespace. A single `*' as a pat- | 44 | provided, they should be separated by whitespace. A single `*' |
45 | tern can be used to provide global defaults for all hosts. The | 45 | as a pattern can be used to provide global defaults for all |
46 | host is the hostname argument given on the command line (i.e. the | 46 | hosts. The host is the hostname argument given on the command |
47 | name is not converted to a canonicalized host name before match- | 47 | line (i.e. the name is not converted to a canonicalized host name |
48 | ing). | 48 | before matching). |
49 | 49 | ||
50 | See PATTERNS for more information on patterns. | 50 | See PATTERNS for more information on patterns. |
51 | 51 | ||
52 | AddressFamily | 52 | AddressFamily |
53 | Specifies which address family to use when connecting. Valid ar- | 53 | Specifies which address family to use when connecting. Valid |
54 | guments are ``any'', ``inet'' (use IPv4 only), or ``inet6'' (use | 54 | arguments are ``any'', ``inet'' (use IPv4 only), or ``inet6'' |
55 | IPv6 only). | 55 | (use IPv6 only). |
56 | 56 | ||
57 | BatchMode | 57 | BatchMode |
58 | If set to ``yes'', passphrase/password querying will be disabled. | 58 | If set to ``yes'', passphrase/password querying will be disabled. |
@@ -61,8 +61,8 @@ DESCRIPTION | |||
61 | ``yes'' or ``no''. The default is ``no''. | 61 | ``yes'' or ``no''. The default is ``no''. |
62 | 62 | ||
63 | BindAddress | 63 | BindAddress |
64 | Use the specified address on the local machine as the source ad- | 64 | Use the specified address on the local machine as the source |
65 | dress of the connection. Only useful on systems with more than | 65 | address of the connection. Only useful on systems with more than |
66 | one address. Note that this option does not work if | 66 | one address. Note that this option does not work if |
67 | UsePrivilegedPort is set to ``yes''. | 67 | UsePrivilegedPort is set to ``yes''. |
68 | 68 | ||
@@ -78,20 +78,21 @@ DESCRIPTION | |||
78 | is set to ``no'', the check will not be executed. The default is | 78 | is set to ``no'', the check will not be executed. The default is |
79 | ``yes''. | 79 | ``yes''. |
80 | 80 | ||
81 | Cipher Specifies the cipher to use for encrypting the session in proto- | 81 | Cipher Specifies the cipher to use for encrypting the session in |
82 | col version 1. Currently, ``blowfish'', ``3des'', and ``des'' | 82 | protocol version 1. Currently, ``blowfish'', ``3des'', and |
83 | are supported. des is only supported in the ssh(1) client for | 83 | ``des'' are supported. des is only supported in the ssh(1) |
84 | interoperability with legacy protocol 1 implementations that do | 84 | client for interoperability with legacy protocol 1 |
85 | not support the 3des cipher. Its use is strongly discouraged due | 85 | implementations that do not support the 3des cipher. Its use is |
86 | to cryptographic weaknesses. The default is ``3des''. | 86 | strongly discouraged due to cryptographic weaknesses. The |
87 | default is ``3des''. | ||
87 | 88 | ||
88 | Ciphers | 89 | Ciphers |
89 | Specifies the ciphers allowed for protocol version 2 in order of | 90 | Specifies the ciphers allowed for protocol version 2 in order of |
90 | preference. Multiple ciphers must be comma-separated. The sup- | 91 | preference. Multiple ciphers must be comma-separated. The |
91 | ported ciphers are ``3des-cbc'', ``aes128-cbc'', ``aes192-cbc'', | 92 | supported ciphers are ``3des-cbc'', ``aes128-cbc'', |
92 | ``aes256-cbc'', ``aes128-ctr'', ``aes192-ctr'', ``aes256-ctr'', | 93 | ``aes192-cbc'', ``aes256-cbc'', ``aes128-ctr'', ``aes192-ctr'', |
93 | ``arcfour128'', ``arcfour256'', ``arcfour'', ``blowfish-cbc'', | 94 | ``aes256-ctr'', ``arcfour128'', ``arcfour256'', ``arcfour'', |
94 | and ``cast128-cbc''. The default is: | 95 | ``blowfish-cbc'', and ``cast128-cbc''. The default is: |
95 | 96 | ||
96 | aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128, | 97 | aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128, |
97 | aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc, | 98 | aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc, |
@@ -101,9 +102,10 @@ DESCRIPTION | |||
101 | Specifies that all local, remote, and dynamic port forwardings | 102 | Specifies that all local, remote, and dynamic port forwardings |
102 | specified in the configuration files or on the command line be | 103 | specified in the configuration files or on the command line be |
103 | cleared. This option is primarily useful when used from the | 104 | cleared. This option is primarily useful when used from the |
104 | ssh(1) command line to clear port forwardings set in configura- | 105 | ssh(1) command line to clear port forwardings set in |
105 | tion files, and is automatically set by scp(1) and sftp(1). The | 106 | configuration files, and is automatically set by scp(1) and |
106 | argument must be ``yes'' or ``no''. The default is ``no''. | 107 | sftp(1). The argument must be ``yes'' or ``no''. The default is |
108 | ``no''. | ||
107 | 109 | ||
108 | Compression | 110 | Compression |
109 | Specifies whether to use compression. The argument must be | 111 | Specifies whether to use compression. The argument must be |
@@ -117,37 +119,37 @@ DESCRIPTION | |||
117 | option applies to protocol version 1 only. | 119 | option applies to protocol version 1 only. |
118 | 120 | ||
119 | ConnectionAttempts | 121 | ConnectionAttempts |
120 | Specifies the number of tries (one per second) to make before ex- | 122 | Specifies the number of tries (one per second) to make before |
121 | iting. The argument must be an integer. This may be useful in | 123 | exiting. The argument must be an integer. This may be useful in |
122 | scripts if the connection sometimes fails. The default is 1. | 124 | scripts if the connection sometimes fails. The default is 1. |
123 | 125 | ||
124 | ConnectTimeout | 126 | ConnectTimeout |
125 | Specifies the timeout (in seconds) used when connecting to the | 127 | Specifies the timeout (in seconds) used when connecting to the |
126 | SSH server, instead of using the default system TCP timeout. | 128 | SSH server, instead of using the default system TCP timeout. |
127 | This value is used only when the target is down or really un- | 129 | This value is used only when the target is down or really |
128 | reachable, not when it refuses the connection. | 130 | unreachable, not when it refuses the connection. |
129 | 131 | ||
130 | ControlMaster | 132 | ControlMaster |
131 | Enables the sharing of multiple sessions over a single network | 133 | Enables the sharing of multiple sessions over a single network |
132 | connection. When set to ``yes'', ssh(1) will listen for connec- | 134 | connection. When set to ``yes'', ssh(1) will listen for |
133 | tions on a control socket specified using the ControlPath argu- | 135 | connections on a control socket specified using the ControlPath |
134 | ment. Additional sessions can connect to this socket using the | 136 | argument. Additional sessions can connect to this socket using |
135 | same ControlPath with ControlMaster set to ``no'' (the default). | 137 | the same ControlPath with ControlMaster set to ``no'' (the |
136 | These sessions will try to reuse the master instance's network | 138 | default). These sessions will try to reuse the master instance's |
137 | connection rather than initiating new ones, but will fall back to | 139 | network connection rather than initiating new ones, but will fall |
138 | connecting normally if the control socket does not exist, or is | 140 | back to connecting normally if the control socket does not exist, |
139 | not listening. | 141 | or is not listening. |
140 | 142 | ||
141 | Setting this to ``ask'' will cause ssh to listen for control con- | 143 | Setting this to ``ask'' will cause ssh to listen for control |
142 | nections, but require confirmation using the SSH_ASKPASS program | 144 | connections, but require confirmation using the SSH_ASKPASS |
143 | before they are accepted (see ssh-add(1) for details). If the | 145 | program before they are accepted (see ssh-add(1) for details). |
144 | ControlPath cannot be opened, ssh will continue without connect- | 146 | If the ControlPath cannot be opened, ssh will continue without |
145 | ing to a master instance. | 147 | connecting to a master instance. |
146 | 148 | ||
147 | X11 and ssh-agent(1) forwarding is supported over these multi- | 149 | X11 and ssh-agent(1) forwarding is supported over these |
148 | plexed connections, however the display and agent forwarded will | 150 | multiplexed connections, however the display and agent forwarded |
149 | be the one belonging to the master connection i.e. it is not pos- | 151 | will be the one belonging to the master connection i.e. it is not |
150 | sible to forward multiple displays or agents. | 152 | possible to forward multiple displays or agents. |
151 | 153 | ||
152 | Two additional options allow for opportunistic multiplexing: try | 154 | Two additional options allow for opportunistic multiplexing: try |
153 | to use a master connection but fall back to creating a new one if | 155 | to use a master connection but fall back to creating a new one if |
@@ -156,14 +158,30 @@ DESCRIPTION | |||
156 | option. | 158 | option. |
157 | 159 | ||
158 | ControlPath | 160 | ControlPath |
159 | Specify the path to the control socket used for connection shar- | 161 | Specify the path to the control socket used for connection |
160 | ing as described in the ControlMaster section above or the string | 162 | sharing as described in the ControlMaster section above or the |
161 | ``none'' to disable connection sharing. In the path, `%l' will | 163 | string ``none'' to disable connection sharing. In the path, `%l' |
162 | be substituted by the local host name, `%h' will be substituted | 164 | will be substituted by the local host name, `%h' will be |
163 | by the target host name, `%p' the port, and `%r' by the remote | 165 | substituted by the target host name, `%p' the port, and `%r' by |
164 | login username. It is recommended that any ControlPath used for | 166 | the remote login username. It is recommended that any |
165 | opportunistic connection sharing include at least %h, %p, and %r. | 167 | ControlPath used for opportunistic connection sharing include at |
166 | This ensures that shared connections are uniquely identified. | 168 | least %h, %p, and %r. This ensures that shared connections are |
169 | uniquely identified. | ||
170 | |||
171 | ControlPersist | ||
172 | When used in conjunction with ControlMaster, specifies that the | ||
173 | master connection should remain open in the background (waiting | ||
174 | for future client connections) after the initial client | ||
175 | connection has been closed. If set to ``no'', then the master | ||
176 | connection will not be placed into the background, and will close | ||
177 | as soon as the initial client connection is closed. If set to | ||
178 | ``yes'', then the master connection will remain in the background | ||
179 | indefinitely (until killed or closed via a mechanism such as the | ||
180 | ssh(1) ``-O exit'' option). If set to a time in seconds, or a | ||
181 | time in any of the formats documented in sshd_config(5), then the | ||
182 | backgrounded master connection will automatically terminate after | ||
183 | it has remained idle (with no client connections) for the | ||
184 | specified time. | ||
167 | 185 | ||
168 | DynamicForward | 186 | DynamicForward |
169 | Specifies that a TCP port on the local machine be forwarded over | 187 | Specifies that a TCP port on the local machine be forwarded over |
@@ -171,14 +189,13 @@ DESCRIPTION | |||
171 | determine where to connect to from the remote machine. | 189 | determine where to connect to from the remote machine. |
172 | 190 | ||
173 | The argument must be [bind_address:]port. IPv6 addresses can be | 191 | The argument must be [bind_address:]port. IPv6 addresses can be |
174 | specified by enclosing addresses in square brackets or by using | 192 | specified by enclosing addresses in square brackets. By default, |
175 | an alternative syntax: [bind_address/]port. By default, the lo- | 193 | the local port is bound in accordance with the GatewayPorts |
176 | cal port is bound in accordance with the GatewayPorts setting. | 194 | setting. However, an explicit bind_address may be used to bind |
177 | However, an explicit bind_address may be used to bind the connec- | 195 | the connection to a specific address. The bind_address of |
178 | tion to a specific address. The bind_address of ``localhost'' | 196 | ``localhost'' indicates that the listening port be bound for |
179 | indicates that the listening port be bound for local use only, | 197 | local use only, while an empty address or `*' indicates that the |
180 | while an empty address or `*' indicates that the port should be | 198 | port should be available from all interfaces. |
181 | available from all interfaces. | ||
182 | 199 | ||
183 | Currently the SOCKS4 and SOCKS5 protocols are supported, and | 200 | Currently the SOCKS4 and SOCKS5 protocols are supported, and |
184 | ssh(1) will act as a SOCKS server. Multiple forwardings may be | 201 | ssh(1) will act as a SOCKS server. Multiple forwardings may be |
@@ -196,9 +213,9 @@ DESCRIPTION | |||
196 | EscapeChar | 213 | EscapeChar |
197 | Sets the escape character (default: `~'). The escape character | 214 | Sets the escape character (default: `~'). The escape character |
198 | can also be set on the command line. The argument should be a | 215 | can also be set on the command line. The argument should be a |
199 | single character, `^' followed by a letter, or ``none'' to dis- | 216 | single character, `^' followed by a letter, or ``none'' to |
200 | able the escape character entirely (making the connection trans- | 217 | disable the escape character entirely (making the connection |
201 | parent for binary data). | 218 | transparent for binary data). |
202 | 219 | ||
203 | ExitOnForwardFailure | 220 | ExitOnForwardFailure |
204 | Specifies whether ssh(1) should terminate the connection if it | 221 | Specifies whether ssh(1) should terminate the connection if it |
@@ -220,26 +237,34 @@ DESCRIPTION | |||
220 | the agent. | 237 | the agent. |
221 | 238 | ||
222 | ForwardX11 | 239 | ForwardX11 |
223 | Specifies whether X11 connections will be automatically redirect- | 240 | Specifies whether X11 connections will be automatically |
224 | ed over the secure channel and DISPLAY set. The argument must be | 241 | redirected over the secure channel and DISPLAY set. The argument |
225 | ``yes'' or ``no''. The default is ``no''. | 242 | must be ``yes'' or ``no''. The default is ``no''. |
226 | 243 | ||
227 | X11 forwarding should be enabled with caution. Users with the | 244 | X11 forwarding should be enabled with caution. Users with the |
228 | ability to bypass file permissions on the remote host (for the | 245 | ability to bypass file permissions on the remote host (for the |
229 | user's X11 authorization database) can access the local X11 dis- | 246 | user's X11 authorization database) can access the local X11 |
230 | play through the forwarded connection. An attacker may then be | 247 | display through the forwarded connection. An attacker may then |
231 | able to perform activities such as keystroke monitoring if the | 248 | be able to perform activities such as keystroke monitoring if the |
232 | ForwardX11Trusted option is also enabled. | 249 | ForwardX11Trusted option is also enabled. |
233 | 250 | ||
251 | ForwardX11Timeout | ||
252 | Specify a timeout for untrusted X11 forwarding using the format | ||
253 | described in the TIME FORMATS section of sshd_config(5). X11 | ||
254 | connections received by ssh(1) after this time will be refused. | ||
255 | The default is to disable untrusted X11 forwarding after twenty | ||
256 | minutes has elapsed. | ||
257 | |||
234 | ForwardX11Trusted | 258 | ForwardX11Trusted |
235 | If this option is set to ``yes'', remote X11 clients will have | 259 | If this option is set to ``yes'', remote X11 clients will have |
236 | full access to the original X11 display. | 260 | full access to the original X11 display. |
237 | 261 | ||
238 | If this option is set to ``no'', remote X11 clients will be con- | 262 | If this option is set to ``no'', remote X11 clients will be |
239 | sidered untrusted and prevented from stealing or tampering with | 263 | considered untrusted and prevented from stealing or tampering |
240 | data belonging to trusted X11 clients. Furthermore, the xauth(1) | 264 | with data belonging to trusted X11 clients. Furthermore, the |
241 | token used for the session will be set to expire after 20 min- | 265 | xauth(1) token used for the session will be set to expire after |
242 | utes. Remote clients will be refused access after this time. | 266 | 20 minutes. Remote clients will be refused access after this |
267 | time. | ||
243 | 268 | ||
244 | The default is ``no''. | 269 | The default is ``no''. |
245 | 270 | ||
@@ -250,11 +275,11 @@ DESCRIPTION | |||
250 | Specifies whether remote hosts are allowed to connect to local | 275 | Specifies whether remote hosts are allowed to connect to local |
251 | forwarded ports. By default, ssh(1) binds local port forwardings | 276 | forwarded ports. By default, ssh(1) binds local port forwardings |
252 | to the loopback address. This prevents other remote hosts from | 277 | to the loopback address. This prevents other remote hosts from |
253 | connecting to forwarded ports. GatewayPorts can be used to spec- | 278 | connecting to forwarded ports. GatewayPorts can be used to |
254 | ify that ssh should bind local port forwardings to the wildcard | 279 | specify that ssh should bind local port forwardings to the |
255 | address, thus allowing remote hosts to connect to forwarded | 280 | wildcard address, thus allowing remote hosts to connect to |
256 | ports. The argument must be ``yes'' or ``no''. The default is | 281 | forwarded ports. The argument must be ``yes'' or ``no''. The |
257 | ``no''. | 282 | default is ``no''. |
258 | 283 | ||
259 | GlobalKnownHostsFile | 284 | GlobalKnownHostsFile |
260 | Specifies a file to use for the global host key database instead | 285 | Specifies a file to use for the global host key database instead |
@@ -267,23 +292,23 @@ DESCRIPTION | |||
267 | 292 | ||
268 | GSSAPIDelegateCredentials | 293 | GSSAPIDelegateCredentials |
269 | Forward (delegate) credentials to the server. The default is | 294 | Forward (delegate) credentials to the server. The default is |
270 | ``no''. Note that this option applies to protocol version 2 on- | 295 | ``no''. Note that this option applies to protocol version 2 |
271 | ly. | 296 | only. |
272 | 297 | ||
273 | HashKnownHosts | 298 | HashKnownHosts |
274 | Indicates that ssh(1) should hash host names and addresses when | 299 | Indicates that ssh(1) should hash host names and addresses when |
275 | they are added to ~/.ssh/known_hosts. These hashed names may be | 300 | they are added to ~/.ssh/known_hosts. These hashed names may be |
276 | used normally by ssh(1) and sshd(8), but they do not reveal iden- | 301 | used normally by ssh(1) and sshd(8), but they do not reveal |
277 | tifying information should the file's contents be disclosed. The | 302 | identifying information should the file's contents be disclosed. |
278 | default is ``no''. Note that existing names and addresses in | 303 | The default is ``no''. Note that existing names and addresses in |
279 | known hosts files will not be converted automatically, but may be | 304 | known hosts files will not be converted automatically, but may be |
280 | manually hashed using ssh-keygen(1). | 305 | manually hashed using ssh-keygen(1). |
281 | 306 | ||
282 | HostbasedAuthentication | 307 | HostbasedAuthentication |
283 | Specifies whether to try rhosts based authentication with public | 308 | Specifies whether to try rhosts based authentication with public |
284 | key authentication. The argument must be ``yes'' or ``no''. The | 309 | key authentication. The argument must be ``yes'' or ``no''. The |
285 | default is ``no''. This option applies to protocol version 2 on- | 310 | default is ``no''. This option applies to protocol version 2 |
286 | ly and is similar to RhostsRSAAuthentication. | 311 | only and is similar to RhostsRSAAuthentication. |
287 | 312 | ||
288 | HostKeyAlgorithms | 313 | HostKeyAlgorithms |
289 | Specifies the protocol version 2 host key algorithms that the | 314 | Specifies the protocol version 2 host key algorithms that the |
@@ -293,15 +318,18 @@ DESCRIPTION | |||
293 | HostKeyAlias | 318 | HostKeyAlias |
294 | Specifies an alias that should be used instead of the real host | 319 | Specifies an alias that should be used instead of the real host |
295 | name when looking up or saving the host key in the host key | 320 | name when looking up or saving the host key in the host key |
296 | database files. This option is useful for tunneling SSH connec- | 321 | database files. This option is useful for tunneling SSH |
297 | tions or for multiple servers running on a single host. | 322 | connections or for multiple servers running on a single host. |
298 | 323 | ||
299 | HostName | 324 | HostName |
300 | Specifies the real host name to log into. This can be used to | 325 | Specifies the real host name to log into. This can be used to |
301 | specify nicknames or abbreviations for hosts. The default is the | 326 | specify nicknames or abbreviations for hosts. If the hostname |
302 | name given on the command line. Numeric IP addresses are also | 327 | contains the character sequence `%h', then this will be replaced |
303 | permitted (both on the command line and in HostName specifica- | 328 | with the host name specified on the commandline (this is useful |
304 | tions). | 329 | for manipulating unqualified names). The default is the name |
330 | given on the command line. Numeric IP addresses are also | ||
331 | permitted (both on the command line and in HostName | ||
332 | specifications). | ||
305 | 333 | ||
306 | IdentitiesOnly | 334 | IdentitiesOnly |
307 | Specifies that ssh(1) should only use the authentication identity | 335 | Specifies that ssh(1) should only use the authentication identity |
@@ -314,90 +342,91 @@ DESCRIPTION | |||
314 | IdentityFile | 342 | IdentityFile |
315 | Specifies a file from which the user's RSA or DSA authentication | 343 | Specifies a file from which the user's RSA or DSA authentication |
316 | identity is read. The default is ~/.ssh/identity for protocol | 344 | identity is read. The default is ~/.ssh/identity for protocol |
317 | version 1, and ~/.ssh/id_rsa and ~/.ssh/id_dsa for protocol ver- | 345 | version 1, and ~/.ssh/id_rsa and ~/.ssh/id_dsa for protocol |
318 | sion 2. Additionally, any identities represented by the authen- | 346 | version 2. Additionally, any identities represented by the |
319 | tication agent will be used for authentication. ssh(1) will try | 347 | authentication agent will be used for authentication. ssh(1) |
320 | to load certificate information from the filename obtained by ap- | 348 | will try to load certificate information from the filename |
321 | pending -cert.pub to the path of a specified IdentityFile. | 349 | obtained by appending -cert.pub to the path of a specified |
350 | IdentityFile. | ||
322 | 351 | ||
323 | The file name may use the tilde syntax to refer to a user's home | 352 | The file name may use the tilde syntax to refer to a user's home |
324 | directory or one of the following escape characters: `%d' (local | 353 | directory or one of the following escape characters: `%d' (local |
325 | user's home directory), `%u' (local user name), `%l' (local host | 354 | user's home directory), `%u' (local user name), `%l' (local host |
326 | name), `%h' (remote host name) or `%r' (remote user name). | 355 | name), `%h' (remote host name) or `%r' (remote user name). |
327 | 356 | ||
328 | It is possible to have multiple identity files specified in con- | 357 | It is possible to have multiple identity files specified in |
329 | figuration files; all these identities will be tried in sequence. | 358 | configuration files; all these identities will be tried in |
359 | sequence. | ||
330 | 360 | ||
331 | KbdInteractiveAuthentication | 361 | KbdInteractiveAuthentication |
332 | Specifies whether to use keyboard-interactive authentication. | 362 | Specifies whether to use keyboard-interactive authentication. |
333 | The argument to this keyword must be ``yes'' or ``no''. The de- | 363 | The argument to this keyword must be ``yes'' or ``no''. The |
334 | fault is ``yes''. | 364 | default is ``yes''. |
335 | 365 | ||
336 | KbdInteractiveDevices | 366 | KbdInteractiveDevices |
337 | Specifies the list of methods to use in keyboard-interactive au- | 367 | Specifies the list of methods to use in keyboard-interactive |
338 | thentication. Multiple method names must be comma-separated. | 368 | authentication. Multiple method names must be comma-separated. |
339 | The default is to use the server specified list. The methods | 369 | The default is to use the server specified list. The methods |
340 | available vary depending on what the server supports. For an | 370 | available vary depending on what the server supports. For an |
341 | OpenSSH server, it may be zero or more of: ``bsdauth'', ``pam'', | 371 | OpenSSH server, it may be zero or more of: ``bsdauth'', ``pam'', |
342 | and ``skey''. | 372 | and ``skey''. |
343 | 373 | ||
344 | LocalCommand | 374 | LocalCommand |
345 | Specifies a command to execute on the local machine after suc- | 375 | Specifies a command to execute on the local machine after |
346 | cessfully connecting to the server. The command string extends | 376 | successfully connecting to the server. The command string |
347 | to the end of the line, and is executed with the user's shell. | 377 | extends to the end of the line, and is executed with the user's |
348 | The following escape character substitutions will be performed: | 378 | shell. The following escape character substitutions will be |
349 | `%d' (local user's home directory), `%h' (remote host name), `%l' | 379 | performed: `%d' (local user's home directory), `%h' (remote host |
350 | (local host name), `%n' (host name as provided on the command | 380 | name), `%l' (local host name), `%n' (host name as provided on the |
351 | line), `%p' (remote port), `%r' (remote user name) or `%u' (local | 381 | command line), `%p' (remote port), `%r' (remote user name) or |
352 | user name). | 382 | `%u' (local user name). |
353 | 383 | ||
354 | The command is run synchronously and does not have access to the | 384 | The command is run synchronously and does not have access to the |
355 | session of the ssh(1) that spawned it. It should not be used for | 385 | session of the ssh(1) that spawned it. It should not be used for |
356 | interactive commands. | 386 | interactive commands. |
357 | 387 | ||
358 | This directive is ignored unless PermitLocalCommand has been en- | 388 | This directive is ignored unless PermitLocalCommand has been |
359 | abled. | 389 | enabled. |
360 | 390 | ||
361 | LocalForward | 391 | LocalForward |
362 | Specifies that a TCP port on the local machine be forwarded over | 392 | Specifies that a TCP port on the local machine be forwarded over |
363 | the secure channel to the specified host and port from the remote | 393 | the secure channel to the specified host and port from the remote |
364 | machine. The first argument must be [bind_address:]port and the | 394 | machine. The first argument must be [bind_address:]port and the |
365 | second argument must be host:hostport. IPv6 addresses can be | 395 | second argument must be host:hostport. IPv6 addresses can be |
366 | specified by enclosing addresses in square brackets or by using | 396 | specified by enclosing addresses in square brackets. Multiple |
367 | an alternative syntax: [bind_address/]port and host/hostport. | 397 | forwardings may be specified, and additional forwardings can be |
368 | Multiple forwardings may be specified, and additional forwardings | 398 | given on the command line. Only the superuser can forward |
369 | can be given on the command line. Only the superuser can forward | 399 | privileged ports. By default, the local port is bound in |
370 | privileged ports. By default, the local port is bound in accor- | 400 | accordance with the GatewayPorts setting. However, an explicit |
371 | dance with the GatewayPorts setting. However, an explicit | 401 | bind_address may be used to bind the connection to a specific |
372 | bind_address may be used to bind the connection to a specific ad- | 402 | address. The bind_address of ``localhost'' indicates that the |
373 | dress. The bind_address of ``localhost'' indicates that the lis- | 403 | listening port be bound for local use only, while an empty |
374 | tening port be bound for local use only, while an empty address | 404 | address or `*' indicates that the port should be available from |
375 | or `*' indicates that the port should be available from all in- | 405 | all interfaces. |
376 | terfaces. | ||
377 | 406 | ||
378 | LogLevel | 407 | LogLevel |
379 | Gives the verbosity level that is used when logging messages from | 408 | Gives the verbosity level that is used when logging messages from |
380 | ssh(1). The possible values are: QUIET, FATAL, ERROR, INFO, VER- | 409 | ssh(1). The possible values are: QUIET, FATAL, ERROR, INFO, |
381 | BOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3. The default is INFO. | 410 | VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3. The default is INFO. |
382 | DEBUG and DEBUG1 are equivalent. DEBUG2 and DEBUG3 each specify | 411 | DEBUG and DEBUG1 are equivalent. DEBUG2 and DEBUG3 each specify |
383 | higher levels of verbose output. | 412 | higher levels of verbose output. |
384 | 413 | ||
385 | MACs Specifies the MAC (message authentication code) algorithms in or- | 414 | MACs Specifies the MAC (message authentication code) algorithms in |
386 | der of preference. The MAC algorithm is used in protocol version | 415 | order of preference. The MAC algorithm is used in protocol |
387 | 2 for data integrity protection. Multiple algorithms must be | 416 | version 2 for data integrity protection. Multiple algorithms |
388 | comma-separated. The default is: | 417 | must be comma-separated. The default is: |
389 | 418 | ||
390 | hmac-md5,hmac-sha1,umac-64@openssh.com, | 419 | hmac-md5,hmac-sha1,umac-64@openssh.com, |
391 | hmac-ripemd160,hmac-sha1-96,hmac-md5-96 | 420 | hmac-ripemd160,hmac-sha1-96,hmac-md5-96 |
392 | 421 | ||
393 | NoHostAuthenticationForLocalhost | 422 | NoHostAuthenticationForLocalhost |
394 | This option can be used if the home directory is shared across | 423 | This option can be used if the home directory is shared across |
395 | machines. In this case localhost will refer to a different ma- | 424 | machines. In this case localhost will refer to a different |
396 | chine on each of the machines and the user will get many warnings | 425 | machine on each of the machines and the user will get many |
397 | about changed host keys. However, this option disables host au- | 426 | warnings about changed host keys. However, this option disables |
398 | thentication for localhost. The argument to this keyword must be | 427 | host authentication for localhost. The argument to this keyword |
399 | ``yes'' or ``no''. The default is to check the host key for lo- | 428 | must be ``yes'' or ``no''. The default is to check the host key |
400 | calhost. | 429 | for localhost. |
401 | 430 | ||
402 | NumberOfPasswordPrompts | 431 | NumberOfPasswordPrompts |
403 | Specifies the number of password prompts before giving up. The | 432 | Specifies the number of password prompts before giving up. The |
@@ -409,43 +438,47 @@ DESCRIPTION | |||
409 | ``yes''. | 438 | ``yes''. |
410 | 439 | ||
411 | PermitLocalCommand | 440 | PermitLocalCommand |
412 | Allow local command execution via the LocalCommand option or us- | 441 | Allow local command execution via the LocalCommand option or |
413 | ing the !command escape sequence in ssh(1). The argument must be | 442 | using the !command escape sequence in ssh(1). The argument must |
414 | ``yes'' or ``no''. The default is ``no''. | 443 | be ``yes'' or ``no''. The default is ``no''. |
415 | 444 | ||
416 | PKCS11Provider | 445 | PKCS11Provider |
417 | Specifies which PKCS#11 provider to use. The argument to this | 446 | Specifies which PKCS#11 provider to use. The argument to this |
418 | keyword is the PKCS#11 shared libary ssh(1) should use to commu- | 447 | keyword is the PKCS#11 shared libary ssh(1) should use to |
419 | nicate with a PKCS#11 token providing the user's private RSA key. | 448 | communicate with a PKCS#11 token providing the user's private RSA |
449 | key. | ||
420 | 450 | ||
421 | Port Specifies the port number to connect on the remote host. The de- | 451 | Port Specifies the port number to connect on the remote host. The |
422 | fault is 22. | 452 | default is 22. |
423 | 453 | ||
424 | PreferredAuthentications | 454 | PreferredAuthentications |
425 | Specifies the order in which the client should try protocol 2 au- | 455 | Specifies the order in which the client should try protocol 2 |
426 | thentication methods. This allows a client to prefer one method | 456 | authentication methods. This allows a client to prefer one |
427 | (e.g. keyboard-interactive) over another method (e.g. password) | 457 | method (e.g. keyboard-interactive) over another method (e.g. |
428 | The default for this option is: ``gssapi-with- | 458 | password). The default is: |
429 | mic,hostbased,publickey,keyboard-interactive,password''. | 459 | |
460 | gssapi-with-mic,hostbased,publickey, | ||
461 | keyboard-interactive,password | ||
430 | 462 | ||
431 | Protocol | 463 | Protocol |
432 | Specifies the protocol versions ssh(1) should support in order of | 464 | Specifies the protocol versions ssh(1) should support in order of |
433 | preference. The possible values are `1' and `2'. Multiple ver- | 465 | preference. The possible values are `1' and `2'. Multiple |
434 | sions must be comma-separated. When this option is set to | 466 | versions must be comma-separated. When this option is set to |
435 | ``2,1'' ssh will try version 2 and fall back to version 1 if ver- | 467 | ``2,1'' ssh will try version 2 and fall back to version 1 if |
436 | sion 2 is not available. The default is `2'. | 468 | version 2 is not available. The default is `2'. |
437 | 469 | ||
438 | ProxyCommand | 470 | ProxyCommand |
439 | Specifies the command to use to connect to the server. The com- | 471 | Specifies the command to use to connect to the server. The |
440 | mand string extends to the end of the line, and is executed with | 472 | command string extends to the end of the line, and is executed |
441 | the user's shell. In the command string, `%h' will be substitut- | 473 | with the user's shell. In the command string, any occurrence of |
442 | ed by the host name to connect and `%p' by the port. The command | 474 | `%h' will be substituted by the host name to connect, `%p' by the |
443 | can be basically anything, and should read from its standard in- | 475 | port, and `%r' by the remote user name. The command can be |
444 | put and write to its standard output. It should eventually con- | 476 | basically anything, and should read from its standard input and |
445 | nect an sshd(8) server running on some machine, or execute sshd | 477 | write to its standard output. It should eventually connect an |
446 | -i somewhere. Host key management will be done using the Host- | 478 | sshd(8) server running on some machine, or execute sshd -i |
447 | Name of the host being connected (defaulting to the name typed by | 479 | somewhere. Host key management will be done using the HostName |
448 | the user). Setting the command to ``none'' disables this option | 480 | of the host being connected (defaulting to the name typed by the |
481 | user). Setting the command to ``none'' disables this option | ||
449 | entirely. Note that CheckHostIP is not available for connects | 482 | entirely. Note that CheckHostIP is not available for connects |
450 | with a proxy command. | 483 | with a proxy command. |
451 | 484 | ||
@@ -461,32 +494,32 @@ DESCRIPTION | |||
461 | ``yes''. This option applies to protocol version 2 only. | 494 | ``yes''. This option applies to protocol version 2 only. |
462 | 495 | ||
463 | RekeyLimit | 496 | RekeyLimit |
464 | Specifies the maximum amount of data that may be transmitted be- | 497 | Specifies the maximum amount of data that may be transmitted |
465 | fore the session key is renegotiated. The argument is the number | 498 | before the session key is renegotiated. The argument is the |
466 | of bytes, with an optional suffix of `K', `M', or `G' to indicate | 499 | number of bytes, with an optional suffix of `K', `M', or `G' to |
467 | Kilobytes, Megabytes, or Gigabytes, respectively. The default is | 500 | indicate Kilobytes, Megabytes, or Gigabytes, respectively. The |
468 | between `1G' and `4G', depending on the cipher. This option ap- | 501 | default is between `1G' and `4G', depending on the cipher. This |
469 | plies to protocol version 2 only. | 502 | option applies to protocol version 2 only. |
470 | 503 | ||
471 | RemoteForward | 504 | RemoteForward |
472 | Specifies that a TCP port on the remote machine be forwarded over | 505 | Specifies that a TCP port on the remote machine be forwarded over |
473 | the secure channel to the specified host and port from the local | 506 | the secure channel to the specified host and port from the local |
474 | machine. The first argument must be [bind_address:]port and the | 507 | machine. The first argument must be [bind_address:]port and the |
475 | second argument must be host:hostport. IPv6 addresses can be | 508 | second argument must be host:hostport. IPv6 addresses can be |
476 | specified by enclosing addresses in square brackets or by using | 509 | specified by enclosing addresses in square brackets. Multiple |
477 | an alternative syntax: [bind_address/]port and host/hostport. | 510 | forwardings may be specified, and additional forwardings can be |
478 | Multiple forwardings may be specified, and additional forwardings | 511 | given on the command line. Privileged ports can be forwarded |
479 | can be given on the command line. Privileged ports can be for- | 512 | only when logging in as root on the remote machine. |
480 | warded only when logging in as root on the remote machine. | ||
481 | 513 | ||
482 | If the port argument is `0', the listen port will be dynamically | 514 | If the port argument is `0', the listen port will be dynamically |
483 | allocated on the server and reported to the client at run time. | 515 | allocated on the server and reported to the client at run time. |
484 | 516 | ||
485 | If the bind_address is not specified, the default is to only bind | 517 | If the bind_address is not specified, the default is to only bind |
486 | to loopback addresses. If the bind_address is `*' or an empty | 518 | to loopback addresses. If the bind_address is `*' or an empty |
487 | string, then the forwarding is requested to listen on all inter- | 519 | string, then the forwarding is requested to listen on all |
488 | faces. Specifying a remote bind_address will only succeed if the | 520 | interfaces. Specifying a remote bind_address will only succeed |
489 | server's GatewayPorts option is enabled (see sshd_config(5)). | 521 | if the server's GatewayPorts option is enabled (see |
522 | sshd_config(5)). | ||
490 | 523 | ||
491 | RhostsRSAAuthentication | 524 | RhostsRSAAuthentication |
492 | Specifies whether to try rhosts based authentication with RSA | 525 | Specifies whether to try rhosts based authentication with RSA |
@@ -497,9 +530,9 @@ DESCRIPTION | |||
497 | RSAAuthentication | 530 | RSAAuthentication |
498 | Specifies whether to try RSA authentication. The argument to | 531 | Specifies whether to try RSA authentication. The argument to |
499 | this keyword must be ``yes'' or ``no''. RSA authentication will | 532 | this keyword must be ``yes'' or ``no''. RSA authentication will |
500 | only be attempted if the identity file exists, or an authentica- | 533 | only be attempted if the identity file exists, or an |
501 | tion agent is running. The default is ``yes''. Note that this | 534 | authentication agent is running. The default is ``yes''. Note |
502 | option applies to protocol version 1 only. | 535 | that this option applies to protocol version 1 only. |
503 | 536 | ||
504 | SendEnv | 537 | SendEnv |
505 | Specifies what variables from the local environ(7) should be sent | 538 | Specifies what variables from the local environ(7) should be sent |
@@ -507,25 +540,25 @@ DESCRIPTION | |||
507 | for protocol 2. The server must also support it, and the server | 540 | for protocol 2. The server must also support it, and the server |
508 | must be configured to accept these environment variables. Refer | 541 | must be configured to accept these environment variables. Refer |
509 | to AcceptEnv in sshd_config(5) for how to configure the server. | 542 | to AcceptEnv in sshd_config(5) for how to configure the server. |
510 | Variables are specified by name, which may contain wildcard char- | 543 | Variables are specified by name, which may contain wildcard |
511 | acters. Multiple environment variables may be separated by | 544 | characters. Multiple environment variables may be separated by |
512 | whitespace or spread across multiple SendEnv directives. The de- | 545 | whitespace or spread across multiple SendEnv directives. The |
513 | fault is not to send any environment variables. | 546 | default is not to send any environment variables. |
514 | 547 | ||
515 | See PATTERNS for more information on patterns. | 548 | See PATTERNS for more information on patterns. |
516 | 549 | ||
517 | ServerAliveCountMax | 550 | ServerAliveCountMax |
518 | Sets the number of server alive messages (see below) which may be | 551 | Sets the number of server alive messages (see below) which may be |
519 | sent without ssh(1) receiving any messages back from the server. | 552 | sent without ssh(1) receiving any messages back from the server. |
520 | If this threshold is reached while server alive messages are be- | 553 | If this threshold is reached while server alive messages are |
521 | ing sent, ssh will disconnect from the server, terminating the | 554 | being sent, ssh will disconnect from the server, terminating the |
522 | session. It is important to note that the use of server alive | 555 | session. It is important to note that the use of server alive |
523 | messages is very different from TCPKeepAlive (below). The server | 556 | messages is very different from TCPKeepAlive (below). The server |
524 | alive messages are sent through the encrypted channel and there- | 557 | alive messages are sent through the encrypted channel and |
525 | fore will not be spoofable. The TCP keepalive option enabled by | 558 | therefore will not be spoofable. The TCP keepalive option |
526 | TCPKeepAlive is spoofable. The server alive mechanism is valu- | 559 | enabled by TCPKeepAlive is spoofable. The server alive mechanism |
527 | able when the client or server depend on knowing when a connec- | 560 | is valuable when the client or server depend on knowing when a |
528 | tion has become inactive. | 561 | connection has become inactive. |
529 | 562 | ||
530 | The default value is 3. If, for example, ServerAliveInterval | 563 | The default value is 3. If, for example, ServerAliveInterval |
531 | (see below) is set to 15 and ServerAliveCountMax is left at the | 564 | (see below) is set to 15 and ServerAliveCountMax is left at the |
@@ -542,27 +575,27 @@ DESCRIPTION | |||
542 | 575 | ||
543 | StrictHostKeyChecking | 576 | StrictHostKeyChecking |
544 | If this flag is set to ``yes'', ssh(1) will never automatically | 577 | If this flag is set to ``yes'', ssh(1) will never automatically |
545 | add host keys to the ~/.ssh/known_hosts file, and refuses to con- | 578 | add host keys to the ~/.ssh/known_hosts file, and refuses to |
546 | nect to hosts whose host key has changed. This provides maximum | 579 | connect to hosts whose host key has changed. This provides |
547 | protection against trojan horse attacks, though it can be annoy- | 580 | maximum protection against trojan horse attacks, though it can be |
548 | ing when the /etc/ssh/ssh_known_hosts file is poorly maintained | 581 | annoying when the /etc/ssh/ssh_known_hosts file is poorly |
549 | or when connections to new hosts are frequently made. This op- | 582 | maintained or when connections to new hosts are frequently made. |
550 | tion forces the user to manually add all new hosts. If this flag | 583 | This option forces the user to manually add all new hosts. If |
551 | is set to ``no'', ssh will automatically add new host keys to the | 584 | this flag is set to ``no'', ssh will automatically add new host |
552 | user known hosts files. If this flag is set to ``ask'', new host | 585 | keys to the user known hosts files. If this flag is set to |
553 | keys will be added to the user known host files only after the | 586 | ``ask'', new host keys will be added to the user known host files |
554 | user has confirmed that is what they really want to do, and ssh | 587 | only after the user has confirmed that is what they really want |
555 | will refuse to connect to hosts whose host key has changed. The | 588 | to do, and ssh will refuse to connect to hosts whose host key has |
556 | host keys of known hosts will be verified automatically in all | 589 | changed. The host keys of known hosts will be verified |
557 | cases. The argument must be ``yes'', ``no'', or ``ask''. The | 590 | automatically in all cases. The argument must be ``yes'', |
558 | default is ``ask''. | 591 | ``no'', or ``ask''. The default is ``ask''. |
559 | 592 | ||
560 | TCPKeepAlive | 593 | TCPKeepAlive |
561 | Specifies whether the system should send TCP keepalive messages | 594 | Specifies whether the system should send TCP keepalive messages |
562 | to the other side. If they are sent, death of the connection or | 595 | to the other side. If they are sent, death of the connection or |
563 | crash of one of the machines will be properly noticed. However, | 596 | crash of one of the machines will be properly noticed. However, |
564 | this means that connections will die if the route is down tem- | 597 | this means that connections will die if the route is down |
565 | porarily, and some people find it annoying. | 598 | temporarily, and some people find it annoying. |
566 | 599 | ||
567 | The default is ``yes'' (to send TCP keepalive messages), and the | 600 | The default is ``yes'' (to send TCP keepalive messages), and the |
568 | client will notice if the network goes down or the remote host | 601 | client will notice if the network goes down or the remote host |
@@ -571,32 +604,32 @@ DESCRIPTION | |||
571 | To disable TCP keepalive messages, the value should be set to | 604 | To disable TCP keepalive messages, the value should be set to |
572 | ``no''. | 605 | ``no''. |
573 | 606 | ||
574 | Tunnel Request tun(4) device forwarding between the client and the serv- | 607 | Tunnel Request tun(4) device forwarding between the client and the |
575 | er. The argument must be ``yes'', ``point-to-point'' (layer 3), | 608 | server. The argument must be ``yes'', ``point-to-point'' (layer |
576 | ``ethernet'' (layer 2), or ``no''. Specifying ``yes'' requests | 609 | 3), ``ethernet'' (layer 2), or ``no''. Specifying ``yes'' |
577 | the default tunnel mode, which is ``point-to-point''. The de- | 610 | requests the default tunnel mode, which is ``point-to-point''. |
578 | fault is ``no''. | 611 | The default is ``no''. |
579 | 612 | ||
580 | TunnelDevice | 613 | TunnelDevice |
581 | Specifies the tun(4) devices to open on the client (local_tun) | 614 | Specifies the tun(4) devices to open on the client (local_tun) |
582 | and the server (remote_tun). | 615 | and the server (remote_tun). |
583 | 616 | ||
584 | The argument must be local_tun[:remote_tun]. The devices may be | 617 | The argument must be local_tun [:remote_tun]. The devices may be |
585 | specified by numerical ID or the keyword ``any'', which uses the | 618 | specified by numerical ID or the keyword ``any'', which uses the |
586 | next available tunnel device. If remote_tun is not specified, it | 619 | next available tunnel device. If remote_tun is not specified, it |
587 | defaults to ``any''. The default is ``any:any''. | 620 | defaults to ``any''. The default is ``any:any''. |
588 | 621 | ||
589 | UsePrivilegedPort | 622 | UsePrivilegedPort |
590 | Specifies whether to use a privileged port for outgoing connec- | 623 | Specifies whether to use a privileged port for outgoing |
591 | tions. The argument must be ``yes'' or ``no''. The default is | 624 | connections. The argument must be ``yes'' or ``no''. The |
592 | ``no''. If set to ``yes'', ssh(1) must be setuid root. Note | 625 | default is ``no''. If set to ``yes'', ssh(1) must be setuid |
593 | that this option must be set to ``yes'' for | 626 | root. Note that this option must be set to ``yes'' for |
594 | RhostsRSAAuthentication with older servers. | 627 | RhostsRSAAuthentication with older servers. |
595 | 628 | ||
596 | User Specifies the user to log in as. This can be useful when a dif- | 629 | User Specifies the user to log in as. This can be useful when a |
597 | ferent user name is used on different machines. This saves the | 630 | different user name is used on different machines. This saves |
598 | trouble of having to remember to give the user name on the com- | 631 | the trouble of having to remember to give the user name on the |
599 | mand line. | 632 | command line. |
600 | 633 | ||
601 | UserKnownHostsFile | 634 | UserKnownHostsFile |
602 | Specifies a file to use for the user host key database instead of | 635 | Specifies a file to use for the user host key database instead of |
@@ -620,9 +653,9 @@ DESCRIPTION | |||
620 | If this flag is set to ``yes'', an ASCII art representation of | 653 | If this flag is set to ``yes'', an ASCII art representation of |
621 | the remote host key fingerprint is printed in addition to the hex | 654 | the remote host key fingerprint is printed in addition to the hex |
622 | fingerprint string at login and for unknown host keys. If this | 655 | fingerprint string at login and for unknown host keys. If this |
623 | flag is set to ``no'', no fingerprint strings are printed at lo- | 656 | flag is set to ``no'', no fingerprint strings are printed at |
624 | gin and only the hex fingerprint string will be printed for un- | 657 | login and only the hex fingerprint string will be printed for |
625 | known host keys. The default is ``no''. | 658 | unknown host keys. The default is ``no''. |
626 | 659 | ||
627 | XAuthLocation | 660 | XAuthLocation |
628 | Specifies the full pathname of the xauth(1) program. The default | 661 | Specifies the full pathname of the xauth(1) program. The default |
@@ -631,9 +664,9 @@ DESCRIPTION | |||
631 | PATTERNS | 664 | PATTERNS |
632 | A pattern consists of zero or more non-whitespace characters, `*' (a | 665 | A pattern consists of zero or more non-whitespace characters, `*' (a |
633 | wildcard that matches zero or more characters), or `?' (a wildcard that | 666 | wildcard that matches zero or more characters), or `?' (a wildcard that |
634 | matches exactly one character). For example, to specify a set of decla- | 667 | matches exactly one character). For example, to specify a set of |
635 | rations for any host in the ``.co.uk'' set of domains, the following pat- | 668 | declarations for any host in the ``.co.uk'' set of domains, the following |
636 | tern could be used: | 669 | pattern could be used: |
637 | 670 | ||
638 | Host *.co.uk | 671 | Host *.co.uk |
639 | 672 | ||
@@ -645,17 +678,18 @@ PATTERNS | |||
645 | A pattern-list is a comma-separated list of patterns. Patterns within | 678 | A pattern-list is a comma-separated list of patterns. Patterns within |
646 | pattern-lists may be negated by preceding them with an exclamation mark | 679 | pattern-lists may be negated by preceding them with an exclamation mark |
647 | (`!'). For example, to allow a key to be used from anywhere within an | 680 | (`!'). For example, to allow a key to be used from anywhere within an |
648 | organisation except from the ``dialup'' pool, the following entry (in au- | 681 | organisation except from the ``dialup'' pool, the following entry (in |
649 | thorized_keys) could be used: | 682 | authorized_keys) could be used: |
650 | 683 | ||
651 | from="!*.dialup.example.com,*.example.com" | 684 | from="!*.dialup.example.com,*.example.com" |
652 | 685 | ||
653 | FILES | 686 | FILES |
654 | ~/.ssh/config | 687 | ~/.ssh/config |
655 | This is the per-user configuration file. The format of this file | 688 | This is the per-user configuration file. The format of this file |
656 | is described above. This file is used by the SSH client. Be- | 689 | is described above. This file is used by the SSH client. |
657 | cause of the potential for abuse, this file must have strict per- | 690 | Because of the potential for abuse, this file must have strict |
658 | missions: read/write for the user, and not accessible by others. | 691 | permissions: read/write for the user, and not accessible by |
692 | others. | ||
659 | 693 | ||
660 | /etc/ssh/ssh_config | 694 | /etc/ssh/ssh_config |
661 | Systemwide configuration file. This file provides defaults for | 695 | Systemwide configuration file. This file provides defaults for |
@@ -669,8 +703,8 @@ SEE ALSO | |||
669 | AUTHORS | 703 | AUTHORS |
670 | OpenSSH is a derivative of the original and free ssh 1.2.12 release by | 704 | OpenSSH is a derivative of the original and free ssh 1.2.12 release by |
671 | Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo | 705 | Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo |
672 | de Raadt and Dug Song removed many bugs, re-added newer features and cre- | 706 | de Raadt and Dug Song removed many bugs, re-added newer features and |
673 | ated OpenSSH. Markus Friedl contributed the support for SSH protocol | 707 | created OpenSSH. Markus Friedl contributed the support for SSH protocol |
674 | versions 1.5 and 2.0. | 708 | versions 1.5 and 2.0. |
675 | 709 | ||
676 | OpenBSD 4.7 March 26, 2010 11 | 710 | OpenBSD 4.8 August 4, 2010 OpenBSD 4.8 |
diff --git a/ssh_config.5 b/ssh_config.5 index 45496cfbc..2f0cd8c83 100644 --- a/ssh_config.5 +++ b/ssh_config.5 | |||
@@ -34,8 +34,8 @@ | |||
34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
36 | .\" | 36 | .\" |
37 | .\" $OpenBSD: ssh_config.5,v 1.130 2010/03/26 01:06:13 dtucker Exp $ | 37 | .\" $OpenBSD: ssh_config.5,v 1.138 2010/08/04 05:37:01 djm Exp $ |
38 | .Dd $Mdocdate: March 26 2010 $ | 38 | .Dd $Mdocdate: August 4 2010 $ |
39 | .Dt SSH_CONFIG 5 | 39 | .Dt SSH_CONFIG 5 |
40 | .Os | 40 | .Os |
41 | .Sh NAME | 41 | .Sh NAME |
@@ -339,6 +339,28 @@ It is recommended that any | |||
339 | used for opportunistic connection sharing include | 339 | used for opportunistic connection sharing include |
340 | at least %h, %p, and %r. | 340 | at least %h, %p, and %r. |
341 | This ensures that shared connections are uniquely identified. | 341 | This ensures that shared connections are uniquely identified. |
342 | .It Cm ControlPersist | ||
343 | When used in conjunction with | ||
344 | .Cm ControlMaster , | ||
345 | specifies that the master connection should remain open | ||
346 | in the background (waiting for future client connections) | ||
347 | after the initial client connection has been closed. | ||
348 | If set to | ||
349 | .Dq no , | ||
350 | then the master connection will not be placed into the background, | ||
351 | and will close as soon as the initial client connection is closed. | ||
352 | If set to | ||
353 | .Dq yes , | ||
354 | then the master connection will remain in the background indefinitely | ||
355 | (until killed or closed via a mechanism such as the | ||
356 | .Xr ssh 1 | ||
357 | .Dq Fl O No exit | ||
358 | option). | ||
359 | If set to a time in seconds, or a time in any of the formats documented in | ||
360 | .Xr sshd_config 5 , | ||
361 | then the backgrounded master connection will automatically terminate | ||
362 | after it has remained idle (with no client connections) for the | ||
363 | specified time. | ||
342 | .It Cm DynamicForward | 364 | .It Cm DynamicForward |
343 | Specifies that a TCP port on the local machine be forwarded | 365 | Specifies that a TCP port on the local machine be forwarded |
344 | over the secure channel, and the application | 366 | over the secure channel, and the application |
@@ -349,9 +371,7 @@ The argument must be | |||
349 | .Sm off | 371 | .Sm off |
350 | .Oo Ar bind_address : Oc Ar port . | 372 | .Oo Ar bind_address : Oc Ar port . |
351 | .Sm on | 373 | .Sm on |
352 | IPv6 addresses can be specified by enclosing addresses in square brackets or | 374 | IPv6 addresses can be specified by enclosing addresses in square brackets. |
353 | by using an alternative syntax: | ||
354 | .Oo Ar bind_address Ns / Oc Ns Ar port . | ||
355 | By default, the local port is bound in accordance with the | 375 | By default, the local port is bound in accordance with the |
356 | .Cm GatewayPorts | 376 | .Cm GatewayPorts |
357 | setting. | 377 | setting. |
@@ -452,6 +472,17 @@ An attacker may then be able to perform activities such as keystroke monitoring | |||
452 | if the | 472 | if the |
453 | .Cm ForwardX11Trusted | 473 | .Cm ForwardX11Trusted |
454 | option is also enabled. | 474 | option is also enabled. |
475 | .It Cm ForwardX11Timeout | ||
476 | Specify a timeout for untrusted X11 forwarding | ||
477 | using the format described in the | ||
478 | .Sx TIME FORMATS | ||
479 | section of | ||
480 | .Xr sshd_config 5 . | ||
481 | X11 connections received by | ||
482 | .Xr ssh 1 | ||
483 | after this time will be refused. | ||
484 | The default is to disable untrusted X11 forwarding after twenty minutes has | ||
485 | elapsed. | ||
455 | .It Cm ForwardX11Trusted | 486 | .It Cm ForwardX11Trusted |
456 | If this option is set to | 487 | If this option is set to |
457 | .Dq yes , | 488 | .Dq yes , |
@@ -577,6 +608,10 @@ or for multiple servers running on a single host. | |||
577 | .It Cm HostName | 608 | .It Cm HostName |
578 | Specifies the real host name to log into. | 609 | Specifies the real host name to log into. |
579 | This can be used to specify nicknames or abbreviations for hosts. | 610 | This can be used to specify nicknames or abbreviations for hosts. |
611 | If the hostname contains the character sequence | ||
612 | .Ql %h , | ||
613 | then this will be replaced with the host name specified on the commandline | ||
614 | (this is useful for manipulating unqualified names). | ||
580 | The default is the name given on the command line. | 615 | The default is the name given on the command line. |
581 | Numeric IP addresses are also permitted (both on the command line and in | 616 | Numeric IP addresses are also permitted (both on the command line and in |
582 | .Cm HostName | 617 | .Cm HostName |
@@ -692,11 +727,7 @@ The first argument must be | |||
692 | .Sm on | 727 | .Sm on |
693 | and the second argument must be | 728 | and the second argument must be |
694 | .Ar host : Ns Ar hostport . | 729 | .Ar host : Ns Ar hostport . |
695 | IPv6 addresses can be specified by enclosing addresses in square brackets or | 730 | IPv6 addresses can be specified by enclosing addresses in square brackets. |
696 | by using an alternative syntax: | ||
697 | .Oo Ar bind_address Ns / Oc Ns Ar port | ||
698 | and | ||
699 | .Ar host Ns / Ns Ar hostport . | ||
700 | Multiple forwardings may be specified, and additional forwardings can be | 731 | Multiple forwardings may be specified, and additional forwardings can be |
701 | given on the command line. | 732 | given on the command line. |
702 | Only the superuser can forward privileged ports. | 733 | Only the superuser can forward privileged ports. |
@@ -783,10 +814,12 @@ authentication methods. | |||
783 | This allows a client to prefer one method (e.g.\& | 814 | This allows a client to prefer one method (e.g.\& |
784 | .Cm keyboard-interactive ) | 815 | .Cm keyboard-interactive ) |
785 | over another method (e.g.\& | 816 | over another method (e.g.\& |
786 | .Cm password ) | 817 | .Cm password ) . |
787 | The default for this option is: | 818 | The default is: |
788 | .Do gssapi-with-mic,hostbased,publickey,keyboard-interactive,password | 819 | .Bd -literal -offset indent |
789 | .Dc . | 820 | gssapi-with-mic,hostbased,publickey, |
821 | keyboard-interactive,password | ||
822 | .Ed | ||
790 | .It Cm Protocol | 823 | .It Cm Protocol |
791 | Specifies the protocol versions | 824 | Specifies the protocol versions |
792 | .Xr ssh 1 | 825 | .Xr ssh 1 |
@@ -808,12 +841,14 @@ Specifies the command to use to connect to the server. | |||
808 | The command | 841 | The command |
809 | string extends to the end of the line, and is executed with | 842 | string extends to the end of the line, and is executed with |
810 | the user's shell. | 843 | the user's shell. |
811 | In the command string, | 844 | In the command string, any occurrence of |
812 | .Ql %h | 845 | .Ql %h |
813 | will be substituted by the host name to | 846 | will be substituted by the host name to |
814 | connect and | 847 | connect, |
815 | .Ql %p | 848 | .Ql %p |
816 | by the port. | 849 | by the port, and |
850 | .Ql %r | ||
851 | by the remote user name. | ||
817 | The command can be basically anything, | 852 | The command can be basically anything, |
818 | and should read from its standard input and write to its standard output. | 853 | and should read from its standard input and write to its standard output. |
819 | It should eventually connect an | 854 | It should eventually connect an |
@@ -872,11 +907,7 @@ The first argument must be | |||
872 | .Sm on | 907 | .Sm on |
873 | and the second argument must be | 908 | and the second argument must be |
874 | .Ar host : Ns Ar hostport . | 909 | .Ar host : Ns Ar hostport . |
875 | IPv6 addresses can be specified by enclosing addresses in square brackets | 910 | IPv6 addresses can be specified by enclosing addresses in square brackets. |
876 | or by using an alternative syntax: | ||
877 | .Oo Ar bind_address Ns / Oc Ns Ar port | ||
878 | and | ||
879 | .Ar host Ns / Ns Ar hostport . | ||
880 | Multiple forwardings may be specified, and additional | 911 | Multiple forwardings may be specified, and additional |
881 | forwardings can be given on the command line. | 912 | forwardings can be given on the command line. |
882 | Privileged ports can be forwarded only when | 913 | Privileged ports can be forwarded only when |
diff --git a/sshconnect.c b/sshconnect.c index b6fea4d7e..5b2da9136 100644 --- a/sshconnect.c +++ b/sshconnect.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sshconnect.c,v 1.220 2010/03/04 10:36:03 djm Exp $ */ | 1 | /* $OpenBSD: sshconnect.c,v 1.224 2010/04/16 21:14:27 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -101,8 +101,8 @@ ssh_proxy_connect(const char *host, u_short port, const char *proxy_command) | |||
101 | * (e.g. Solaris) | 101 | * (e.g. Solaris) |
102 | */ | 102 | */ |
103 | xasprintf(&tmp, "exec %s", proxy_command); | 103 | xasprintf(&tmp, "exec %s", proxy_command); |
104 | command_string = percent_expand(tmp, "h", host, | 104 | command_string = percent_expand(tmp, "h", host, "p", strport, |
105 | "p", strport, (char *)NULL); | 105 | "r", options.user, (char *)NULL); |
106 | xfree(tmp); | 106 | xfree(tmp); |
107 | 107 | ||
108 | /* Create pipes for communicating with the proxy. */ | 108 | /* Create pipes for communicating with the proxy. */ |
@@ -586,9 +586,9 @@ check_host_cert(const char *host, const Key *host_key) | |||
586 | error("%s", reason); | 586 | error("%s", reason); |
587 | return 0; | 587 | return 0; |
588 | } | 588 | } |
589 | if (buffer_len(&host_key->cert->constraints) != 0) { | 589 | if (buffer_len(&host_key->cert->critical) != 0) { |
590 | error("Certificate for %s contains unsupported constraint(s)", | 590 | error("Certificate for %s contains unsupported " |
591 | host); | 591 | "critical options(s)", host); |
592 | return 0; | 592 | return 0; |
593 | } | 593 | } |
594 | return 1; | 594 | return 1; |
@@ -739,7 +739,7 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, | |||
739 | debug("Host '%.200s' is known and matches the %s host %s.", | 739 | debug("Host '%.200s' is known and matches the %s host %s.", |
740 | host, type, want_cert ? "certificate" : "key"); | 740 | host, type, want_cert ? "certificate" : "key"); |
741 | debug("Found %s in %s:%d", | 741 | debug("Found %s in %s:%d", |
742 | want_cert ? "certificate" : "key", host_file, host_line); | 742 | want_cert ? "CA key" : "key", host_file, host_line); |
743 | if (want_cert && !check_host_cert(hostname, host_key)) | 743 | if (want_cert && !check_host_cert(hostname, host_key)) |
744 | goto fail; | 744 | goto fail; |
745 | if (options.check_host_ip && ip_status == HOST_NEW) { | 745 | if (options.check_host_ip && ip_status == HOST_NEW) { |
diff --git a/sshconnect2.c b/sshconnect2.c index f10f6bf8c..8a9887a2e 100644 --- a/sshconnect2.c +++ b/sshconnect2.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sshconnect2.c,v 1.180 2010/02/26 20:29:54 djm Exp $ */ | 1 | /* $OpenBSD: sshconnect2.c,v 1.183 2010/04/26 22:28:24 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
4 | * Copyright (c) 2008 Damien Miller. All rights reserved. | 4 | * Copyright (c) 2008 Damien Miller. All rights reserved. |
@@ -247,7 +247,7 @@ struct Authctxt { | |||
247 | const char *host; | 247 | const char *host; |
248 | const char *service; | 248 | const char *service; |
249 | Authmethod *method; | 249 | Authmethod *method; |
250 | int success; | 250 | sig_atomic_t success; |
251 | char *authlist; | 251 | char *authlist; |
252 | /* pubkey */ | 252 | /* pubkey */ |
253 | Idlist keys; | 253 | Idlist keys; |
@@ -1250,8 +1250,11 @@ sign_and_send_pubkey(Authctxt *authctxt, Identity *id) | |||
1250 | u_int skip = 0; | 1250 | u_int skip = 0; |
1251 | int ret = -1; | 1251 | int ret = -1; |
1252 | int have_sig = 1; | 1252 | int have_sig = 1; |
1253 | char *fp; | ||
1253 | 1254 | ||
1254 | debug3("sign_and_send_pubkey"); | 1255 | fp = key_fingerprint(id->key, SSH_FP_MD5, SSH_FP_HEX); |
1256 | debug3("sign_and_send_pubkey: %s %s", key_type(id->key), fp); | ||
1257 | xfree(fp); | ||
1255 | 1258 | ||
1256 | if (key_to_blob(id->key, &blob, &bloblen) == 0) { | 1259 | if (key_to_blob(id->key, &blob, &bloblen) == 0) { |
1257 | /* we cannot handle this key */ | 1260 | /* we cannot handle this key */ |
@@ -1510,7 +1513,8 @@ userauth_pubkey(Authctxt *authctxt) | |||
1510 | * private key instead | 1513 | * private key instead |
1511 | */ | 1514 | */ |
1512 | if (id->key && id->key->type != KEY_RSA1) { | 1515 | if (id->key && id->key->type != KEY_RSA1) { |
1513 | debug("Offering public key: %s", id->filename); | 1516 | debug("Offering %s public key: %s", key_type(id->key), |
1517 | id->filename); | ||
1514 | sent = send_pubkey_test(authctxt, id); | 1518 | sent = send_pubkey_test(authctxt, id); |
1515 | } else if (id->key == NULL && id->filename) { | 1519 | } else if (id->key == NULL && id->filename) { |
1516 | debug("Trying private key: %s", id->filename); | 1520 | debug("Trying private key: %s", id->filename); |
@@ -10,19 +10,19 @@ SYNOPSIS | |||
10 | 10 | ||
11 | DESCRIPTION | 11 | DESCRIPTION |
12 | sshd (OpenSSH Daemon) is the daemon program for ssh(1). Together these | 12 | sshd (OpenSSH Daemon) is the daemon program for ssh(1). Together these |
13 | programs replace rlogin(1) and rsh(1), and provide secure encrypted com- | 13 | programs replace rlogin(1) and rsh(1), and provide secure encrypted |
14 | munications between two untrusted hosts over an insecure network. | 14 | communications between two untrusted hosts over an insecure network. |
15 | 15 | ||
16 | sshd listens for connections from clients. It is normally started at | 16 | sshd listens for connections from clients. It is normally started at |
17 | boot from /etc/rc. It forks a new daemon for each incoming connection. | 17 | boot from /etc/rc. It forks a new daemon for each incoming connection. |
18 | The forked daemons handle key exchange, encryption, authentication, com- | 18 | The forked daemons handle key exchange, encryption, authentication, |
19 | mand execution, and data exchange. | 19 | command execution, and data exchange. |
20 | 20 | ||
21 | sshd can be configured using command-line options or a configuration file | 21 | sshd can be configured using command-line options or a configuration file |
22 | (by default sshd_config(5)); command-line options override values speci- | 22 | (by default sshd_config(5)); command-line options override values |
23 | fied in the configuration file. sshd rereads its configuration file when | 23 | specified in the configuration file. sshd rereads its configuration file |
24 | it receives a hangup signal, SIGHUP, by executing itself with the name | 24 | when it receives a hangup signal, SIGHUP, by executing itself with the |
25 | and options it was started with, e.g. /usr/sbin/sshd. | 25 | name and options it was started with, e.g. /usr/sbin/sshd. |
26 | 26 | ||
27 | The options are as follows: | 27 | The options are as follows: |
28 | 28 | ||
@@ -38,87 +38,89 @@ DESCRIPTION | |||
38 | Specify the connection parameters to use for the -T extended test | 38 | Specify the connection parameters to use for the -T extended test |
39 | mode. If provided, any Match directives in the configuration | 39 | mode. If provided, any Match directives in the configuration |
40 | file that would apply to the specified user, host, and address | 40 | file that would apply to the specified user, host, and address |
41 | will be set before the configuration is written to standard out- | 41 | will be set before the configuration is written to standard |
42 | put. The connection parameters are supplied as keyword=value | 42 | output. The connection parameters are supplied as keyword=value |
43 | pairs. The keywords are ``user'', ``host'', and ``addr''. All | 43 | pairs. The keywords are ``user'', ``host'', and ``addr''. All |
44 | are required and may be supplied in any order, either with multi- | 44 | are required and may be supplied in any order, either with |
45 | ple -C options or as a comma-separated list. | 45 | multiple -C options or as a comma-separated list. |
46 | 46 | ||
47 | -c host_certificate_file | 47 | -c host_certificate_file |
48 | Specifies a path to a certificate file to identify sshd during | 48 | Specifies a path to a certificate file to identify sshd during |
49 | key exchange. The certificate file must match a host key file | 49 | key exchange. The certificate file must match a host key file |
50 | specified using the -h option or the HostKey configuration direc- | 50 | specified using the -h option or the HostKey configuration |
51 | tive. | 51 | directive. |
52 | 52 | ||
53 | -D When this option is specified, sshd will not detach and does not | 53 | -D When this option is specified, sshd will not detach and does not |
54 | become a daemon. This allows easy monitoring of sshd. | 54 | become a daemon. This allows easy monitoring of sshd. |
55 | 55 | ||
56 | -d Debug mode. The server sends verbose debug output to standard | 56 | -d Debug mode. The server sends verbose debug output to standard |
57 | error, and does not put itself in the background. The server al- | 57 | error, and does not put itself in the background. The server |
58 | so will not fork and will only process one connection. This op- | 58 | also will not fork and will only process one connection. This |
59 | tion is only intended for debugging for the server. Multiple -d | 59 | option is only intended for debugging for the server. Multiple |
60 | options increase the debugging level. Maximum is 3. | 60 | -d options increase the debugging level. Maximum is 3. |
61 | 61 | ||
62 | -e When this option is specified, sshd will send the output to the | 62 | -e When this option is specified, sshd will send the output to the |
63 | standard error instead of the system log. | 63 | standard error instead of the system log. |
64 | 64 | ||
65 | -f config_file | 65 | -f config_file |
66 | Specifies the name of the configuration file. The default is | 66 | Specifies the name of the configuration file. The default is |
67 | /etc/ssh/sshd_config. sshd refuses to start if there is no con- | 67 | /etc/ssh/sshd_config. sshd refuses to start if there is no |
68 | figuration file. | 68 | configuration file. |
69 | 69 | ||
70 | -g login_grace_time | 70 | -g login_grace_time |
71 | Gives the grace time for clients to authenticate themselves (de- | 71 | Gives the grace time for clients to authenticate themselves |
72 | fault 120 seconds). If the client fails to authenticate the user | 72 | (default 120 seconds). If the client fails to authenticate the |
73 | within this many seconds, the server disconnects and exits. A | 73 | user within this many seconds, the server disconnects and exits. |
74 | value of zero indicates no limit. | 74 | A value of zero indicates no limit. |
75 | 75 | ||
76 | -h host_key_file | 76 | -h host_key_file |
77 | Specifies a file from which a host key is read. This option must | 77 | Specifies a file from which a host key is read. This option must |
78 | be given if sshd is not run as root (as the normal host key files | 78 | be given if sshd is not run as root (as the normal host key files |
79 | are normally not readable by anyone but root). The default is | 79 | are normally not readable by anyone but root). The default is |
80 | /etc/ssh/ssh_host_key for protocol version 1, and | 80 | /etc/ssh/ssh_host_key for protocol version 1, and |
81 | /etc/ssh/ssh_host_rsa_key and /etc/ssh/ssh_host_dsa_key for pro- | 81 | /etc/ssh/ssh_host_rsa_key and /etc/ssh/ssh_host_dsa_key for |
82 | tocol version 2. It is possible to have multiple host key files | 82 | protocol version 2. It is possible to have multiple host key |
83 | for the different protocol versions and host key algorithms. | 83 | files for the different protocol versions and host key |
84 | algorithms. | ||
84 | 85 | ||
85 | -i Specifies that sshd is being run from inetd(8). sshd is normally | 86 | -i Specifies that sshd is being run from inetd(8). sshd is normally |
86 | not run from inetd because it needs to generate the server key | 87 | not run from inetd because it needs to generate the server key |
87 | before it can respond to the client, and this may take tens of | 88 | before it can respond to the client, and this may take tens of |
88 | seconds. Clients would have to wait too long if the key was re- | 89 | seconds. Clients would have to wait too long if the key was |
89 | generated every time. However, with small key sizes (e.g. 512) | 90 | regenerated every time. However, with small key sizes (e.g. 512) |
90 | using sshd from inetd may be feasible. | 91 | using sshd from inetd may be feasible. |
91 | 92 | ||
92 | -k key_gen_time | 93 | -k key_gen_time |
93 | Specifies how often the ephemeral protocol version 1 server key | 94 | Specifies how often the ephemeral protocol version 1 server key |
94 | is regenerated (default 3600 seconds, or one hour). The motiva- | 95 | is regenerated (default 3600 seconds, or one hour). The |
95 | tion for regenerating the key fairly often is that the key is not | 96 | motivation for regenerating the key fairly often is that the key |
96 | stored anywhere, and after about an hour it becomes impossible to | 97 | is not stored anywhere, and after about an hour it becomes |
97 | recover the key for decrypting intercepted communications even if | 98 | impossible to recover the key for decrypting intercepted |
98 | the machine is cracked into or physically seized. A value of ze- | 99 | communications even if the machine is cracked into or physically |
99 | ro indicates that the key will never be regenerated. | 100 | seized. A value of zero indicates that the key will never be |
101 | regenerated. | ||
100 | 102 | ||
101 | -o option | 103 | -o option |
102 | Can be used to give options in the format used in the configura- | 104 | Can be used to give options in the format used in the |
103 | tion file. This is useful for specifying options for which there | 105 | configuration file. This is useful for specifying options for |
104 | is no separate command-line flag. For full details of the op- | 106 | which there is no separate command-line flag. For full details |
105 | tions, and their values, see sshd_config(5). | 107 | of the options, and their values, see sshd_config(5). |
106 | 108 | ||
107 | -p port | 109 | -p port |
108 | Specifies the port on which the server listens for connections | 110 | Specifies the port on which the server listens for connections |
109 | (default 22). Multiple port options are permitted. Ports speci- | 111 | (default 22). Multiple port options are permitted. Ports |
110 | fied in the configuration file with the Port option are ignored | 112 | specified in the configuration file with the Port option are |
111 | when a command-line port is specified. Ports specified using the | 113 | ignored when a command-line port is specified. Ports specified |
112 | ListenAddress option override command-line ports. | 114 | using the ListenAddress option override command-line ports. |
113 | 115 | ||
114 | -q Quiet mode. Nothing is sent to the system log. Normally the be- | 116 | -q Quiet mode. Nothing is sent to the system log. Normally the |
115 | ginning, authentication, and termination of each connection is | 117 | beginning, authentication, and termination of each connection is |
116 | logged. | 118 | logged. |
117 | 119 | ||
118 | -T Extended test mode. Check the validity of the configuration | 120 | -T Extended test mode. Check the validity of the configuration |
119 | file, output the effective configuration to stdout and then exit. | 121 | file, output the effective configuration to stdout and then exit. |
120 | Optionally, Match rules may be applied by specifying the connec- | 122 | Optionally, Match rules may be applied by specifying the |
121 | tion parameters using one or more -C options. | 123 | connection parameters using one or more -C options. |
122 | 124 | ||
123 | -t Test mode. Only check the validity of the configuration file and | 125 | -t Test mode. Only check the validity of the configuration file and |
124 | sanity of the keys. This is useful for updating sshd reliably as | 126 | sanity of the keys. This is useful for updating sshd reliably as |
@@ -127,76 +129,76 @@ DESCRIPTION | |||
127 | -u len This option is used to specify the size of the field in the utmp | 129 | -u len This option is used to specify the size of the field in the utmp |
128 | structure that holds the remote host name. If the resolved host | 130 | structure that holds the remote host name. If the resolved host |
129 | name is longer than len, the dotted decimal value will be used | 131 | name is longer than len, the dotted decimal value will be used |
130 | instead. This allows hosts with very long host names that over- | 132 | instead. This allows hosts with very long host names that |
131 | flow this field to still be uniquely identified. Specifying -u0 | 133 | overflow this field to still be uniquely identified. Specifying |
132 | indicates that only dotted decimal addresses should be put into | 134 | -u0 indicates that only dotted decimal addresses should be put |
133 | the utmp file. -u0 may also be used to prevent sshd from making | 135 | into the utmp file. -u0 may also be used to prevent sshd from |
134 | DNS requests unless the authentication mechanism or configuration | 136 | making DNS requests unless the authentication mechanism or |
135 | requires it. Authentication mechanisms that may require DNS in- | 137 | configuration requires it. Authentication mechanisms that may |
136 | clude RhostsRSAAuthentication, HostbasedAuthentication, and using | 138 | require DNS include RhostsRSAAuthentication, |
137 | a from="pattern-list" option in a key file. Configuration op- | 139 | HostbasedAuthentication, and using a from="pattern-list" option |
138 | tions that require DNS include using a USER@HOST pattern in | 140 | in a key file. Configuration options that require DNS include |
139 | AllowUsers or DenyUsers. | 141 | using a USER@HOST pattern in AllowUsers or DenyUsers. |
140 | 142 | ||
141 | AUTHENTICATION | 143 | AUTHENTICATION |
142 | The OpenSSH SSH daemon supports SSH protocols 1 and 2. The default is to | 144 | The OpenSSH SSH daemon supports SSH protocols 1 and 2. The default is to |
143 | use protocol 2 only, though this can be changed via the Protocol option | 145 | use protocol 2 only, though this can be changed via the Protocol option |
144 | in sshd_config(5). Protocol 2 supports both RSA and DSA keys; protocol 1 | 146 | in sshd_config(5). Protocol 2 supports both RSA and DSA keys; protocol 1 |
145 | only supports RSA keys. For both protocols, each host has a host-specif- | 147 | only supports RSA keys. For both protocols, each host has a host- |
146 | ic key, normally 2048 bits, used to identify the host. | 148 | specific key, normally 2048 bits, used to identify the host. |
147 | 149 | ||
148 | Forward security for protocol 1 is provided through an additional server | 150 | Forward security for protocol 1 is provided through an additional server |
149 | key, normally 768 bits, generated when the server starts. This key is | 151 | key, normally 768 bits, generated when the server starts. This key is |
150 | normally regenerated every hour if it has been used, and is never stored | 152 | normally regenerated every hour if it has been used, and is never stored |
151 | on disk. Whenever a client connects, the daemon responds with its public | 153 | on disk. Whenever a client connects, the daemon responds with its public |
152 | host and server keys. The client compares the RSA host key against its | 154 | host and server keys. The client compares the RSA host key against its |
153 | own database to verify that it has not changed. The client then gener- | 155 | own database to verify that it has not changed. The client then |
154 | ates a 256-bit random number. It encrypts this random number using both | 156 | generates a 256-bit random number. It encrypts this random number using |
155 | the host key and the server key, and sends the encrypted number to the | 157 | both the host key and the server key, and sends the encrypted number to |
156 | server. Both sides then use this random number as a session key which is | 158 | the server. Both sides then use this random number as a session key |
157 | used to encrypt all further communications in the session. The rest of | 159 | which is used to encrypt all further communications in the session. The |
158 | the session is encrypted using a conventional cipher, currently Blowfish | 160 | rest of the session is encrypted using a conventional cipher, currently |
159 | or 3DES, with 3DES being used by default. The client selects the encryp- | 161 | Blowfish or 3DES, with 3DES being used by default. The client selects |
160 | tion algorithm to use from those offered by the server. | 162 | the encryption algorithm to use from those offered by the server. |
161 | 163 | ||
162 | For protocol 2, forward security is provided through a Diffie-Hellman key | 164 | For protocol 2, forward security is provided through a Diffie-Hellman key |
163 | agreement. This key agreement results in a shared session key. The rest | 165 | agreement. This key agreement results in a shared session key. The rest |
164 | of the session is encrypted using a symmetric cipher, currently 128-bit | 166 | of the session is encrypted using a symmetric cipher, currently 128-bit |
165 | AES, Blowfish, 3DES, CAST128, Arcfour, 192-bit AES, or 256-bit AES. The | 167 | AES, Blowfish, 3DES, CAST128, Arcfour, 192-bit AES, or 256-bit AES. The |
166 | client selects the encryption algorithm to use from those offered by the | 168 | client selects the encryption algorithm to use from those offered by the |
167 | server. Additionally, session integrity is provided through a crypto- | 169 | server. Additionally, session integrity is provided through a |
168 | graphic message authentication code (hmac-md5, hmac-sha1, umac-64 or | 170 | cryptographic message authentication code (hmac-md5, hmac-sha1, umac-64 |
169 | hmac-ripemd160). | 171 | or hmac-ripemd160). |
170 | 172 | ||
171 | Finally, the server and the client enter an authentication dialog. The | 173 | Finally, the server and the client enter an authentication dialog. The |
172 | client tries to authenticate itself using host-based authentication, pub- | 174 | client tries to authenticate itself using host-based authentication, |
173 | lic key authentication, challenge-response authentication, or password | 175 | public key authentication, challenge-response authentication, or password |
174 | authentication. | 176 | authentication. |
175 | 177 | ||
176 | Regardless of the authentication type, the account is checked to ensure | 178 | Regardless of the authentication type, the account is checked to ensure |
177 | that it is accessible. An account is not accessible if it is locked, | 179 | that it is accessible. An account is not accessible if it is locked, |
178 | listed in DenyUsers or its group is listed in DenyGroups . The defini- | 180 | listed in DenyUsers or its group is listed in DenyGroups . The |
179 | tion of a locked account is system dependant. Some platforms have their | 181 | definition of a locked account is system dependant. Some platforms have |
180 | own account database (eg AIX) and some modify the passwd field ( `*LK*' | 182 | their own account database (eg AIX) and some modify the passwd field ( |
181 | on Solaris and UnixWare, `*' on HP-UX, containing `Nologin' on Tru64, a | 183 | `*LK*' on Solaris and UnixWare, `*' on HP-UX, containing `Nologin' on |
182 | leading `*LOCKED*' on FreeBSD and a leading `!' on most Linuxes). If | 184 | Tru64, a leading `*LOCKED*' on FreeBSD and a leading `!' on most |
183 | there is a requirement to disable password authentication for the account | 185 | Linuxes). If there is a requirement to disable password authentication |
184 | while allowing still public-key, then the passwd field should be set to | 186 | for the account while allowing still public-key, then the passwd field |
185 | something other than these values (eg `NP' or `*NP*' ). | 187 | should be set to something other than these values (eg `NP' or `*NP*' ). |
186 | 188 | ||
187 | If the client successfully authenticates itself, a dialog for preparing | 189 | If the client successfully authenticates itself, a dialog for preparing |
188 | the session is entered. At this time the client may request things like | 190 | the session is entered. At this time the client may request things like |
189 | allocating a pseudo-tty, forwarding X11 connections, forwarding TCP con- | 191 | allocating a pseudo-tty, forwarding X11 connections, forwarding TCP |
190 | nections, or forwarding the authentication agent connection over the se- | 192 | connections, or forwarding the authentication agent connection over the |
191 | cure channel. | 193 | secure channel. |
192 | 194 | ||
193 | After this, the client either requests a shell or execution of a command. | 195 | After this, the client either requests a shell or execution of a command. |
194 | The sides then enter session mode. In this mode, either side may send | 196 | The sides then enter session mode. In this mode, either side may send |
195 | data at any time, and such data is forwarded to/from the shell or command | 197 | data at any time, and such data is forwarded to/from the shell or command |
196 | on the server side, and the user terminal in the client side. | 198 | on the server side, and the user terminal in the client side. |
197 | 199 | ||
198 | When the user program terminates and all forwarded X11 and other connec- | 200 | When the user program terminates and all forwarded X11 and other |
199 | tions have been closed, the server sends command exit status to the | 201 | connections have been closed, the server sends command exit status to the |
200 | client, and both sides exit. | 202 | client, and both sides exit. |
201 | 203 | ||
202 | LOGIN PROCESS | 204 | LOGIN PROCESS |
@@ -230,11 +232,12 @@ LOGIN PROCESS | |||
230 | 232 | ||
231 | SSHRC | 233 | SSHRC |
232 | If the file ~/.ssh/rc exists, sh(1) runs it after reading the environment | 234 | If the file ~/.ssh/rc exists, sh(1) runs it after reading the environment |
233 | files but before starting the user's shell or command. It must not pro- | 235 | files but before starting the user's shell or command. It must not |
234 | duce any output on stdout; stderr must be used instead. If X11 forward- | 236 | produce any output on stdout; stderr must be used instead. If X11 |
235 | ing is in use, it will receive the "proto cookie" pair in its standard | 237 | forwarding is in use, it will receive the "proto cookie" pair in its |
236 | input (and DISPLAY in its environment). The script must call xauth(1) | 238 | standard input (and DISPLAY in its environment). The script must call |
237 | because sshd will not run xauth automatically to add X11 cookies. | 239 | xauth(1) because sshd will not run xauth automatically to add X11 |
240 | cookies. | ||
238 | 241 | ||
239 | The primary purpose of this file is to run any initialization routines | 242 | The primary purpose of this file is to run any initialization routines |
240 | which may be needed before the user's home directory becomes accessible; | 243 | which may be needed before the user's home directory becomes accessible; |
@@ -263,33 +266,33 @@ AUTHORIZED_KEYS FILE FORMAT | |||
263 | ~/.ssh/authorized_keys. Each line of the file contains one key (empty | 266 | ~/.ssh/authorized_keys. Each line of the file contains one key (empty |
264 | lines and lines starting with a `#' are ignored as comments). Protocol 1 | 267 | lines and lines starting with a `#' are ignored as comments). Protocol 1 |
265 | public keys consist of the following space-separated fields: options, | 268 | public keys consist of the following space-separated fields: options, |
266 | bits, exponent, modulus, comment. Protocol 2 public key consist of: op- | 269 | bits, exponent, modulus, comment. Protocol 2 public key consist of: |
267 | tions, keytype, base64-encoded key, comment. The options field is op- | 270 | options, keytype, base64-encoded key, comment. The options field is |
268 | tional; its presence is determined by whether the line starts with a num- | 271 | optional; its presence is determined by whether the line starts with a |
269 | ber or not (the options field never starts with a number). The bits, ex- | 272 | number or not (the options field never starts with a number). The bits, |
270 | ponent, modulus, and comment fields give the RSA key for protocol version | 273 | exponent, modulus, and comment fields give the RSA key for protocol |
271 | 1; the comment field is not used for anything (but may be convenient for | 274 | version 1; the comment field is not used for anything (but may be |
272 | the user to identify the key). For protocol version 2 the keytype is | 275 | convenient for the user to identify the key). For protocol version 2 the |
273 | ``ssh-dss'' or ``ssh-rsa''. | 276 | keytype is ``ssh-dss'' or ``ssh-rsa''. |
274 | 277 | ||
275 | Note that lines in this file are usually several hundred bytes long (be- | 278 | Note that lines in this file are usually several hundred bytes long |
276 | cause of the size of the public key encoding) up to a limit of 8 kilo- | 279 | (because of the size of the public key encoding) up to a limit of 8 |
277 | bytes, which permits DSA keys up to 8 kilobits and RSA keys up to 16 | 280 | kilobytes, which permits DSA keys up to 8 kilobits and RSA keys up to 16 |
278 | kilobits. You don't want to type them in; instead, copy the | 281 | kilobits. You don't want to type them in; instead, copy the |
279 | identity.pub, id_dsa.pub, or the id_rsa.pub file and edit it. | 282 | identity.pub, id_dsa.pub, or the id_rsa.pub file and edit it. |
280 | 283 | ||
281 | sshd enforces a minimum RSA key modulus size for protocol 1 and protocol | 284 | sshd enforces a minimum RSA key modulus size for protocol 1 and protocol |
282 | 2 keys of 768 bits. | 285 | 2 keys of 768 bits. |
283 | 286 | ||
284 | The options (if present) consist of comma-separated option specifica- | 287 | The options (if present) consist of comma-separated option |
285 | tions. No spaces are permitted, except within double quotes. The fol- | 288 | specifications. No spaces are permitted, except within double quotes. |
286 | lowing option specifications are supported (note that option keywords are | 289 | The following option specifications are supported (note that option |
287 | case-insensitive): | 290 | keywords are case-insensitive): |
288 | 291 | ||
289 | cert-authority | 292 | cert-authority |
290 | Specifies that the listed key is a certification authority (CA) | 293 | Specifies that the listed key is a certification authority (CA) |
291 | that is trusted to validate signed certificates for user authen- | 294 | that is trusted to validate signed certificates for user |
292 | tication. | 295 | authentication. |
293 | 296 | ||
294 | Certificates may encode access restrictions similar to these key | 297 | Certificates may encode access restrictions similar to these key |
295 | options. If both certificate restrictions and key options are | 298 | options. If both certificate restrictions and key options are |
@@ -299,19 +302,19 @@ AUTHORIZED_KEYS FILE FORMAT | |||
299 | Specifies that the command is executed whenever this key is used | 302 | Specifies that the command is executed whenever this key is used |
300 | for authentication. The command supplied by the user (if any) is | 303 | for authentication. The command supplied by the user (if any) is |
301 | ignored. The command is run on a pty if the client requests a | 304 | ignored. The command is run on a pty if the client requests a |
302 | pty; otherwise it is run without a tty. If an 8-bit clean chan- | 305 | pty; otherwise it is run without a tty. If an 8-bit clean |
303 | nel is required, one must not request a pty or should specify no- | 306 | channel is required, one must not request a pty or should specify |
304 | pty. A quote may be included in the command by quoting it with a | 307 | no-pty. A quote may be included in the command by quoting it |
305 | backslash. This option might be useful to restrict certain pub- | 308 | with a backslash. This option might be useful to restrict |
306 | lic keys to perform just a specific operation. An example might | 309 | certain public keys to perform just a specific operation. An |
307 | be a key that permits remote backups but nothing else. Note that | 310 | example might be a key that permits remote backups but nothing |
308 | the client may specify TCP and/or X11 forwarding unless they are | 311 | else. Note that the client may specify TCP and/or X11 forwarding |
309 | explicitly prohibited. The command originally supplied by the | 312 | unless they are explicitly prohibited. The command originally |
310 | client is available in the SSH_ORIGINAL_COMMAND environment vari- | 313 | supplied by the client is available in the SSH_ORIGINAL_COMMAND |
311 | able. Note that this option applies to shell, command or subsys- | 314 | environment variable. Note that this option applies to shell, |
312 | tem execution. Also note that this command may be superseded by | 315 | command or subsystem execution. Also note that this command may |
313 | either a sshd_config(5) ForceCommand directive or a command em- | 316 | be superseded by either a sshd_config(5) ForceCommand directive |
314 | bedded in a certificate. | 317 | or a command embedded in a certificate. |
315 | 318 | ||
316 | environment="NAME=value" | 319 | environment="NAME=value" |
317 | Specifies that the string is to be added to the environment when | 320 | Specifies that the string is to be added to the environment when |
@@ -327,9 +330,9 @@ AUTHORIZED_KEYS FILE FORMAT | |||
327 | present in the comma-separated list of patterns. See PATTERNS in | 330 | present in the comma-separated list of patterns. See PATTERNS in |
328 | ssh_config(5) for more information on patterns. | 331 | ssh_config(5) for more information on patterns. |
329 | 332 | ||
330 | In addition to the wildcard matching that may be applied to host- | 333 | In addition to the wildcard matching that may be applied to |
331 | names or addresses, a from stanza may match IP addresses using | 334 | hostnames or addresses, a from stanza may match IP addresses |
332 | CIDR address/masklen notation. | 335 | using CIDR address/masklen notation. |
333 | 336 | ||
334 | The purpose of this option is to optionally increase security: | 337 | The purpose of this option is to optionally increase security: |
335 | public key authentication by itself does not trust the network or | 338 | public key authentication by itself does not trust the network or |
@@ -358,17 +361,25 @@ AUTHORIZED_KEYS FILE FORMAT | |||
358 | Any X11 forward requests by the client will return an error. | 361 | Any X11 forward requests by the client will return an error. |
359 | 362 | ||
360 | permitopen="host:port" | 363 | permitopen="host:port" |
361 | Limit local ``ssh -L'' port forwarding such that it may only con- | 364 | Limit local ``ssh -L'' port forwarding such that it may only |
362 | nect to the specified host and port. IPv6 addresses can be spec- | 365 | connect to the specified host and port. IPv6 addresses can be |
363 | ified with an alternative syntax: host/port. Multiple permitopen | 366 | specified by enclosing the address in square brackets. Multiple |
364 | options may be applied separated by commas. No pattern matching | 367 | permitopen options may be applied separated by commas. No |
365 | is performed on the specified hostnames, they must be literal do- | 368 | pattern matching is performed on the specified hostnames, they |
366 | mains or addresses. | 369 | must be literal domains or addresses. |
370 | |||
371 | principals="principals" | ||
372 | On a cert-authority line, specifies allowed principals for | ||
373 | certificate authentication as a comma-separated list. At least | ||
374 | one name from the list must appear in the certificate's list of | ||
375 | principals for the certificate to be accepted. This option is | ||
376 | ignored for keys that are not marked as trusted certificate | ||
377 | signers using the cert-authority option. | ||
367 | 378 | ||
368 | tunnel="n" | 379 | tunnel="n" |
369 | Force a tun(4) device on the server. Without this option, the | 380 | Force a tun(4) device on the server. Without this option, the |
370 | next available device will be used if the client requests a tun- | 381 | next available device will be used if the client requests a |
371 | nel. | 382 | tunnel. |
372 | 383 | ||
373 | An example authorized_keys file: | 384 | An example authorized_keys file: |
374 | 385 | ||
@@ -386,13 +397,13 @@ AUTHORIZED_KEYS FILE FORMAT | |||
386 | SSH_KNOWN_HOSTS FILE FORMAT | 397 | SSH_KNOWN_HOSTS FILE FORMAT |
387 | The /etc/ssh/ssh_known_hosts and ~/.ssh/known_hosts files contain host | 398 | The /etc/ssh/ssh_known_hosts and ~/.ssh/known_hosts files contain host |
388 | public keys for all known hosts. The global file should be prepared by | 399 | public keys for all known hosts. The global file should be prepared by |
389 | the administrator (optional), and the per-user file is maintained auto- | 400 | the administrator (optional), and the per-user file is maintained |
390 | matically: whenever the user connects from an unknown host, its key is | 401 | automatically: whenever the user connects from an unknown host, its key |
391 | added to the per-user file. | 402 | is added to the per-user file. |
392 | 403 | ||
393 | Each line in these files contains the following fields: markers (option- | 404 | Each line in these files contains the following fields: markers |
394 | al), hostnames, bits, exponent, modulus, comment. The fields are sepa- | 405 | (optional), hostnames, bits, exponent, modulus, comment. The fields are |
395 | rated by spaces. | 406 | separated by spaces. |
396 | 407 | ||
397 | The marker is optional, but if it is present then it must be one of | 408 | The marker is optional, but if it is present then it must be one of |
398 | ``@cert-authority'', to indicate that the line contains a certification | 409 | ``@cert-authority'', to indicate that the line contains a certification |
@@ -400,20 +411,20 @@ SSH_KNOWN_HOSTS FILE FORMAT | |||
400 | on the line is revoked and must not ever be accepted. Only one marker | 411 | on the line is revoked and must not ever be accepted. Only one marker |
401 | should be used on a key line. | 412 | should be used on a key line. |
402 | 413 | ||
403 | Hostnames is a comma-separated list of patterns (`*' and `?' act as wild- | 414 | Hostnames is a comma-separated list of patterns (`*' and `?' act as |
404 | cards); each pattern in turn is matched against the canonical host name | 415 | wildcards); each pattern in turn is matched against the canonical host |
405 | (when authenticating a client) or against the user-supplied name (when | 416 | name (when authenticating a client) or against the user-supplied name |
406 | authenticating a server). A pattern may also be preceded by `!' to indi- | 417 | (when authenticating a server). A pattern may also be preceded by `!' to |
407 | cate negation: if the host name matches a negated pattern, it is not ac- | 418 | indicate negation: if the host name matches a negated pattern, it is not |
408 | cepted (by that line) even if it matched another pattern on the line. A | 419 | accepted (by that line) even if it matched another pattern on the line. |
409 | hostname or address may optionally be enclosed within `[' and `]' brack- | 420 | A hostname or address may optionally be enclosed within `[' and `]' |
410 | ets then followed by `:' and a non-standard port number. | 421 | brackets then followed by `:' and a non-standard port number. |
411 | 422 | ||
412 | Alternately, hostnames may be stored in a hashed form which hides host | 423 | Alternately, hostnames may be stored in a hashed form which hides host |
413 | names and addresses should the file's contents be disclosed. Hashed | 424 | names and addresses should the file's contents be disclosed. Hashed |
414 | hostnames start with a `|' character. Only one hashed hostname may ap- | 425 | hostnames start with a `|' character. Only one hashed hostname may |
415 | pear on a single line and none of the above negation or wildcard opera- | 426 | appear on a single line and none of the above negation or wildcard |
416 | tors may be applied. | 427 | operators may be applied. |
417 | 428 | ||
418 | Bits, exponent, and modulus are taken directly from the RSA host key; | 429 | Bits, exponent, and modulus are taken directly from the RSA host key; |
419 | they can be obtained, for example, from /etc/ssh/ssh_host_key.pub. The | 430 | they can be obtained, for example, from /etc/ssh/ssh_host_key.pub. The |
@@ -431,23 +442,24 @@ SSH_KNOWN_HOSTS FILE FORMAT | |||
431 | The known hosts file also provides a facility to mark keys as revoked, | 442 | The known hosts file also provides a facility to mark keys as revoked, |
432 | for example when it is known that the associated private key has been | 443 | for example when it is known that the associated private key has been |
433 | stolen. Revoked keys are specified by including the ``@revoked'' marker | 444 | stolen. Revoked keys are specified by including the ``@revoked'' marker |
434 | at the beginning of the key line, and are never accepted for authentica- | 445 | at the beginning of the key line, and are never accepted for |
435 | tion or as certification authorities, but instead will produce a warning | 446 | authentication or as certification authorities, but instead will produce |
436 | from ssh(1) when they are encountered. | 447 | a warning from ssh(1) when they are encountered. |
437 | 448 | ||
438 | It is permissible (but not recommended) to have several lines or differ- | 449 | It is permissible (but not recommended) to have several lines or |
439 | ent host keys for the same names. This will inevitably happen when short | 450 | different host keys for the same names. This will inevitably happen when |
440 | forms of host names from different domains are put in the file. It is | 451 | short forms of host names from different domains are put in the file. It |
441 | possible that the files contain conflicting information; authentication | 452 | is possible that the files contain conflicting information; |
442 | is accepted if valid information can be found from either file. | 453 | authentication is accepted if valid information can be found from either |
454 | file. | ||
443 | 455 | ||
444 | Note that the lines in these files are typically hundreds of characters | 456 | Note that the lines in these files are typically hundreds of characters |
445 | long, and you definitely don't want to type in the host keys by hand. | 457 | long, and you definitely don't want to type in the host keys by hand. |
446 | Rather, generate them by a script, ssh-keyscan(1) or by taking | 458 | Rather, generate them by a script, ssh-keyscan(1) or by taking |
447 | /etc/ssh/ssh_host_key.pub and adding the host names at the front. | 459 | /etc/ssh/ssh_host_key.pub and adding the host names at the front. |
448 | ssh-keygen(1) also offers some basic automated editing for | 460 | ssh-keygen(1) also offers some basic automated editing for |
449 | ~/.ssh/known_hosts including removing hosts matching a host name and con- | 461 | ~/.ssh/known_hosts including removing hosts matching a host name and |
450 | verting all host names to their hashed representations. | 462 | converting all host names to their hashed representations. |
451 | 463 | ||
452 | An example ssh_known_hosts file: | 464 | An example ssh_known_hosts file: |
453 | 465 | ||
@@ -465,18 +477,19 @@ SSH_KNOWN_HOSTS FILE FORMAT | |||
465 | FILES | 477 | FILES |
466 | ~/.hushlogin | 478 | ~/.hushlogin |
467 | This file is used to suppress printing the last login time and | 479 | This file is used to suppress printing the last login time and |
468 | /etc/motd, if PrintLastLog and PrintMotd, respectively, are en- | 480 | /etc/motd, if PrintLastLog and PrintMotd, respectively, are |
469 | abled. It does not suppress printing of the banner specified by | 481 | enabled. It does not suppress printing of the banner specified |
470 | Banner. | 482 | by Banner. |
471 | 483 | ||
472 | ~/.rhosts | 484 | ~/.rhosts |
473 | This file is used for host-based authentication (see ssh(1) for | 485 | This file is used for host-based authentication (see ssh(1) for |
474 | more information). On some machines this file may need to be | 486 | more information). On some machines this file may need to be |
475 | world-readable if the user's home directory is on an NFS parti- | 487 | world-readable if the user's home directory is on an NFS |
476 | tion, because sshd reads it as root. Additionally, this file | 488 | partition, because sshd reads it as root. Additionally, this |
477 | must be owned by the user, and must not have write permissions | 489 | file must be owned by the user, and must not have write |
478 | for anyone else. The recommended permission for most machines is | 490 | permissions for anyone else. The recommended permission for most |
479 | read/write for the user, and not accessible by others. | 491 | machines is read/write for the user, and not accessible by |
492 | others. | ||
480 | 493 | ||
481 | ~/.shosts | 494 | ~/.shosts |
482 | This file is used in exactly the same way as .rhosts, but allows | 495 | This file is used in exactly the same way as .rhosts, but allows |
@@ -484,11 +497,11 @@ FILES | |||
484 | rlogin/rsh. | 497 | rlogin/rsh. |
485 | 498 | ||
486 | ~/.ssh/ | 499 | ~/.ssh/ |
487 | This directory is the default location for all user-specific con- | 500 | This directory is the default location for all user-specific |
488 | figuration and authentication information. There is no general | 501 | configuration and authentication information. There is no |
489 | requirement to keep the entire contents of this directory secret, | 502 | general requirement to keep the entire contents of this directory |
490 | but the recommended permissions are read/write/execute for the | 503 | secret, but the recommended permissions are read/write/execute |
491 | user, and not accessible by others. | 504 | for the user, and not accessible by others. |
492 | 505 | ||
493 | ~/.ssh/authorized_keys | 506 | ~/.ssh/authorized_keys |
494 | Lists the public keys (RSA/DSA) that can be used for logging in | 507 | Lists the public keys (RSA/DSA) that can be used for logging in |
@@ -499,8 +512,8 @@ FILES | |||
499 | 512 | ||
500 | If this file, the ~/.ssh directory, or the user's home directory | 513 | If this file, the ~/.ssh directory, or the user's home directory |
501 | are writable by other users, then the file could be modified or | 514 | are writable by other users, then the file could be modified or |
502 | replaced by unauthorized users. In this case, sshd will not al- | 515 | replaced by unauthorized users. In this case, sshd will not |
503 | low it to be used unless the StrictModes option has been set to | 516 | allow it to be used unless the StrictModes option has been set to |
504 | ``no''. | 517 | ``no''. |
505 | 518 | ||
506 | ~/.ssh/environment | 519 | ~/.ssh/environment |
@@ -525,8 +538,8 @@ FILES | |||
525 | 538 | ||
526 | /etc/hosts.allow | 539 | /etc/hosts.allow |
527 | /etc/hosts.deny | 540 | /etc/hosts.deny |
528 | Access controls that should be enforced by tcp-wrappers are de- | 541 | Access controls that should be enforced by tcp-wrappers are |
529 | fined here. Further details are described in hosts_access(5). | 542 | defined here. Further details are described in hosts_access(5). |
530 | 543 | ||
531 | /etc/hosts.equiv | 544 | /etc/hosts.equiv |
532 | This file is for host-based authentication (see ssh(1)). It | 545 | This file is for host-based authentication (see ssh(1)). It |
@@ -546,8 +559,8 @@ FILES | |||
546 | world-readable. | 559 | world-readable. |
547 | 560 | ||
548 | /etc/shosts.equiv | 561 | /etc/shosts.equiv |
549 | This file is used in exactly the same way as hosts.equiv, but al- | 562 | This file is used in exactly the same way as hosts.equiv, but |
550 | lows host-based authentication without permitting login with | 563 | allows host-based authentication without permitting login with |
551 | rlogin/rsh. | 564 | rlogin/rsh. |
552 | 565 | ||
553 | /etc/ssh/ssh_host_key | 566 | /etc/ssh/ssh_host_key |
@@ -571,13 +584,13 @@ FILES | |||
571 | /etc/ssh/ssh_known_hosts | 584 | /etc/ssh/ssh_known_hosts |
572 | Systemwide list of known host keys. This file should be prepared | 585 | Systemwide list of known host keys. This file should be prepared |
573 | by the system administrator to contain the public host keys of | 586 | by the system administrator to contain the public host keys of |
574 | all machines in the organization. The format of this file is de- | 587 | all machines in the organization. The format of this file is |
575 | scribed above. This file should be writable only by root/the | 588 | described above. This file should be writable only by root/the |
576 | owner and should be world-readable. | 589 | owner and should be world-readable. |
577 | 590 | ||
578 | /etc/ssh/sshd_config | 591 | /etc/ssh/sshd_config |
579 | Contains configuration data for sshd. The file format and con- | 592 | Contains configuration data for sshd. The file format and |
580 | figuration options are described in sshd_config(5). | 593 | configuration options are described in sshd_config(5). |
581 | 594 | ||
582 | /etc/ssh/sshrc | 595 | /etc/ssh/sshrc |
583 | Similar to ~/.ssh/rc, it can be used to specify machine-specific | 596 | Similar to ~/.ssh/rc, it can be used to specify machine-specific |
@@ -594,8 +607,8 @@ FILES | |||
594 | Contains the process ID of the sshd listening for connections (if | 607 | Contains the process ID of the sshd listening for connections (if |
595 | there are several daemons running concurrently for different | 608 | there are several daemons running concurrently for different |
596 | ports, this contains the process ID of the one started last). | 609 | ports, this contains the process ID of the one started last). |
597 | The content of this file is not sensitive; it can be world-read- | 610 | The content of this file is not sensitive; it can be world- |
598 | able. | 611 | readable. |
599 | 612 | ||
600 | SEE ALSO | 613 | SEE ALSO |
601 | scp(1), sftp(1), ssh(1), ssh-add(1), ssh-agent(1), ssh-keygen(1), | 614 | scp(1), sftp(1), ssh(1), ssh-add(1), ssh-agent(1), ssh-keygen(1), |
@@ -605,13 +618,13 @@ SEE ALSO | |||
605 | AUTHORS | 618 | AUTHORS |
606 | OpenSSH is a derivative of the original and free ssh 1.2.12 release by | 619 | OpenSSH is a derivative of the original and free ssh 1.2.12 release by |
607 | Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo | 620 | Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo |
608 | de Raadt and Dug Song removed many bugs, re-added newer features and cre- | 621 | de Raadt and Dug Song removed many bugs, re-added newer features and |
609 | ated OpenSSH. Markus Friedl contributed the support for SSH protocol | 622 | created OpenSSH. Markus Friedl contributed the support for SSH protocol |
610 | versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support | 623 | versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support |
611 | for privilege separation. | 624 | for privilege separation. |
612 | 625 | ||
613 | CAVEATS | 626 | CAVEATS |
614 | System security is not improved unless rshd, rlogind, and rexecd are dis- | 627 | System security is not improved unless rshd, rlogind, and rexecd are |
615 | abled (thus completely disabling rlogin and rsh into the machine). | 628 | disabled (thus completely disabling rlogin and rsh into the machine). |
616 | 629 | ||
617 | OpenBSD 4.7 March 5, 2010 10 | 630 | OpenBSD 4.8 August 4, 2010 OpenBSD 4.8 |
@@ -34,8 +34,8 @@ | |||
34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
36 | .\" | 36 | .\" |
37 | .\" $OpenBSD: sshd.8,v 1.255 2010/03/05 06:50:35 jmc Exp $ | 37 | .\" $OpenBSD: sshd.8,v 1.257 2010/08/04 05:37:01 djm Exp $ |
38 | .Dd $Mdocdate: March 5 2010 $ | 38 | .Dd $Mdocdate: August 4 2010 $ |
39 | .Dt SSHD 8 | 39 | .Dt SSHD 8 |
40 | .Os | 40 | .Os |
41 | .Sh NAME | 41 | .Sh NAME |
@@ -595,13 +595,23 @@ Limit local | |||
595 | .Li ``ssh -L'' | 595 | .Li ``ssh -L'' |
596 | port forwarding such that it may only connect to the specified host and | 596 | port forwarding such that it may only connect to the specified host and |
597 | port. | 597 | port. |
598 | IPv6 addresses can be specified with an alternative syntax: | 598 | IPv6 addresses can be specified by enclosing the address in square brackets. |
599 | .Ar host Ns / Ns Ar port . | ||
600 | Multiple | 599 | Multiple |
601 | .Cm permitopen | 600 | .Cm permitopen |
602 | options may be applied separated by commas. | 601 | options may be applied separated by commas. |
603 | No pattern matching is performed on the specified hostnames, | 602 | No pattern matching is performed on the specified hostnames, |
604 | they must be literal domains or addresses. | 603 | they must be literal domains or addresses. |
604 | .It Cm principals="principals" | ||
605 | On a | ||
606 | .Cm cert-authority | ||
607 | line, specifies allowed principals for certificate authentication as a | ||
608 | comma-separated list. | ||
609 | At least one name from the list must appear in the certificate's | ||
610 | list of principals for the certificate to be accepted. | ||
611 | This option is ignored for keys that are not marked as trusted certificate | ||
612 | signers using the | ||
613 | .Cm cert-authority | ||
614 | option. | ||
605 | .It Cm tunnel="n" | 615 | .It Cm tunnel="n" |
606 | Force a | 616 | Force a |
607 | .Xr tun 4 | 617 | .Xr tun 4 |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sshd.c,v 1.374 2010/03/07 11:57:13 dtucker Exp $ */ | 1 | /* $OpenBSD: sshd.c,v 1.375 2010/04/16 01:47:26 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -749,6 +749,8 @@ list_hostkey_types(void) | |||
749 | if (key == NULL) | 749 | if (key == NULL) |
750 | continue; | 750 | continue; |
751 | switch (key->type) { | 751 | switch (key->type) { |
752 | case KEY_RSA_CERT_V00: | ||
753 | case KEY_DSA_CERT_V00: | ||
752 | case KEY_RSA_CERT: | 754 | case KEY_RSA_CERT: |
753 | case KEY_DSA_CERT: | 755 | case KEY_DSA_CERT: |
754 | if (buffer_len(&b) > 0) | 756 | if (buffer_len(&b) > 0) |
@@ -772,10 +774,17 @@ get_hostkey_by_type(int type, int need_private) | |||
772 | Key *key; | 774 | Key *key; |
773 | 775 | ||
774 | for (i = 0; i < options.num_host_key_files; i++) { | 776 | for (i = 0; i < options.num_host_key_files; i++) { |
775 | if (type == KEY_RSA_CERT || type == KEY_DSA_CERT) | 777 | switch (type) { |
778 | case KEY_RSA_CERT_V00: | ||
779 | case KEY_DSA_CERT_V00: | ||
780 | case KEY_RSA_CERT: | ||
781 | case KEY_DSA_CERT: | ||
776 | key = sensitive_data.host_certificates[i]; | 782 | key = sensitive_data.host_certificates[i]; |
777 | else | 783 | break; |
784 | default: | ||
778 | key = sensitive_data.host_keys[i]; | 785 | key = sensitive_data.host_keys[i]; |
786 | break; | ||
787 | } | ||
779 | if (key != NULL && key->type == type) | 788 | if (key != NULL && key->type == type) |
780 | return need_private ? | 789 | return need_private ? |
781 | sensitive_data.host_keys[i] : key; | 790 | sensitive_data.host_keys[i] : key; |
diff --git a/sshd_config.0 b/sshd_config.0 index 94935c07f..a49953851 100644 --- a/sshd_config.0 +++ b/sshd_config.0 | |||
@@ -8,21 +8,21 @@ SYNOPSIS | |||
8 | 8 | ||
9 | DESCRIPTION | 9 | DESCRIPTION |
10 | sshd(8) reads configuration data from /etc/ssh/sshd_config (or the file | 10 | sshd(8) reads configuration data from /etc/ssh/sshd_config (or the file |
11 | specified with -f on the command line). The file contains keyword-argu- | 11 | specified with -f on the command line). The file contains keyword- |
12 | ment pairs, one per line. Lines starting with `#' and empty lines are | 12 | argument pairs, one per line. Lines starting with `#' and empty lines |
13 | interpreted as comments. Arguments may optionally be enclosed in double | 13 | are interpreted as comments. Arguments may optionally be enclosed in |
14 | quotes (") in order to represent arguments containing spaces. | 14 | double quotes (") in order to represent arguments containing spaces. |
15 | 15 | ||
16 | The possible keywords and their meanings are as follows (note that key- | 16 | The possible keywords and their meanings are as follows (note that |
17 | words are case-insensitive and arguments are case-sensitive): | 17 | keywords are case-insensitive and arguments are case-sensitive): |
18 | 18 | ||
19 | AcceptEnv | 19 | AcceptEnv |
20 | Specifies what environment variables sent by the client will be | 20 | Specifies what environment variables sent by the client will be |
21 | copied into the session's environ(7). See SendEnv in | 21 | copied into the session's environ(7). See SendEnv in |
22 | ssh_config(5) for how to configure the client. Note that envi- | 22 | ssh_config(5) for how to configure the client. Note that |
23 | ronment passing is only supported for protocol 2. Variables are | 23 | environment passing is only supported for protocol 2. Variables |
24 | specified by name, which may contain the wildcard characters `*' | 24 | are specified by name, which may contain the wildcard characters |
25 | and `?'. Multiple environment variables may be separated by | 25 | `*' and `?'. Multiple environment variables may be separated by |
26 | whitespace or spread across multiple AcceptEnv directives. Be | 26 | whitespace or spread across multiple AcceptEnv directives. Be |
27 | warned that some environment variables could be used to bypass | 27 | warned that some environment variables could be used to bypass |
28 | restricted user environments. For this reason, care should be | 28 | restricted user environments. For this reason, care should be |
@@ -35,10 +35,10 @@ DESCRIPTION | |||
35 | (use IPv6 only). The default is ``any''. | 35 | (use IPv6 only). The default is ``any''. |
36 | 36 | ||
37 | AllowAgentForwarding | 37 | AllowAgentForwarding |
38 | Specifies whether ssh-agent(1) forwarding is permitted. The de- | 38 | Specifies whether ssh-agent(1) forwarding is permitted. The |
39 | fault is ``yes''. Note that disabling agent forwarding does not | 39 | default is ``yes''. Note that disabling agent forwarding does |
40 | improve security unless users are also denied shell access, as | 40 | not improve security unless users are also denied shell access, |
41 | they can always install their own forwarders. | 41 | as they can always install their own forwarders. |
42 | 42 | ||
43 | AllowGroups | 43 | AllowGroups |
44 | This keyword can be followed by a list of group name patterns, | 44 | This keyword can be followed by a list of group name patterns, |
@@ -54,17 +54,17 @@ DESCRIPTION | |||
54 | 54 | ||
55 | AllowTcpForwarding | 55 | AllowTcpForwarding |
56 | Specifies whether TCP forwarding is permitted. The default is | 56 | Specifies whether TCP forwarding is permitted. The default is |
57 | ``yes''. Note that disabling TCP forwarding does not improve se- | 57 | ``yes''. Note that disabling TCP forwarding does not improve |
58 | curity unless users are also denied shell access, as they can al- | 58 | security unless users are also denied shell access, as they can |
59 | ways install their own forwarders. | 59 | always install their own forwarders. |
60 | 60 | ||
61 | AllowUsers | 61 | AllowUsers |
62 | This keyword can be followed by a list of user name patterns, | 62 | This keyword can be followed by a list of user name patterns, |
63 | separated by spaces. If specified, login is allowed only for us- | 63 | separated by spaces. If specified, login is allowed only for |
64 | er names that match one of the patterns. Only user names are | 64 | user names that match one of the patterns. Only user names are |
65 | valid; a numerical user ID is not recognized. By default, login | 65 | valid; a numerical user ID is not recognized. By default, login |
66 | is allowed for all users. If the pattern takes the form US- | 66 | is allowed for all users. If the pattern takes the form |
67 | ER@HOST then USER and HOST are separately checked, restricting | 67 | USER@HOST then USER and HOST are separately checked, restricting |
68 | logins to particular users from particular hosts. The allow/deny | 68 | logins to particular users from particular hosts. The allow/deny |
69 | directives are processed in the following order: DenyUsers, | 69 | directives are processed in the following order: DenyUsers, |
70 | AllowUsers, DenyGroups, and finally AllowGroups. | 70 | AllowUsers, DenyGroups, and finally AllowGroups. |
@@ -73,14 +73,42 @@ DESCRIPTION | |||
73 | 73 | ||
74 | AuthorizedKeysFile | 74 | AuthorizedKeysFile |
75 | Specifies the file that contains the public keys that can be used | 75 | Specifies the file that contains the public keys that can be used |
76 | for user authentication. AuthorizedKeysFile may contain tokens | 76 | for user authentication. The format is described in the |
77 | of the form %T which are substituted during connection setup. | 77 | AUTHORIZED_KEYS FILE FORMAT section of sshd(8). |
78 | The following tokens are defined: %% is replaced by a literal | 78 | AuthorizedKeysFile may contain tokens of the form %T which are |
79 | '%', %h is replaced by the home directory of the user being au- | 79 | substituted during connection setup. The following tokens are |
80 | thenticated, and %u is replaced by the username of that user. | 80 | defined: %% is replaced by a literal '%', %h is replaced by the |
81 | After expansion, AuthorizedKeysFile is taken to be an absolute | 81 | home directory of the user being authenticated, and %u is |
82 | path or one relative to the user's home directory. The default | 82 | replaced by the username of that user. After expansion, |
83 | is ``.ssh/authorized_keys''. | 83 | AuthorizedKeysFile is taken to be an absolute path or one |
84 | relative to the user's home directory. The default is | ||
85 | ``.ssh/authorized_keys''. | ||
86 | |||
87 | AuthorizedPrincipalsFile | ||
88 | Specifies a file that lists principal names that are accepted for | ||
89 | certificate authentication. When using certificates signed by a | ||
90 | key listed in TrustedUserCAKeys, this file lists names, one of | ||
91 | which must appear in the certificate for it to be accepted for | ||
92 | authentication. Names are listed one per line preceded by key | ||
93 | options (as described in AUTHORIZED_KEYS FILE FORMAT in sshd(8)). | ||
94 | Empty lines and comments starting with `#' are ignored. | ||
95 | |||
96 | AuthorizedPrincipalsFile may contain tokens of the form %T which | ||
97 | are substituted during connection setup. The following tokens | ||
98 | are defined: %% is replaced by a literal '%', %h is replaced by | ||
99 | the home directory of the user being authenticated, and %u is | ||
100 | replaced by the username of that user. After expansion, | ||
101 | AuthorizedPrincipalsFile is taken to be an absolute path or one | ||
102 | relative to the user's home directory. | ||
103 | |||
104 | The default is not to use a principals file - in this case, the | ||
105 | username of the user must appear in a certificate's principals | ||
106 | list for it to be accepted. Note that AuthorizedPrincipalsFile | ||
107 | is only used when authentication proceeds using a CA listed in | ||
108 | TrustedUserCAKeys and is not consulted for certification | ||
109 | authorities trusted via ~/.ssh/authorized_keys, though the | ||
110 | principals= key option offers a similar facility (see sshd(8) for | ||
111 | details). | ||
84 | 112 | ||
85 | Banner The contents of the specified file are sent to the remote user | 113 | Banner The contents of the specified file are sent to the remote user |
86 | before authentication is allowed. If the argument is ``none'' | 114 | before authentication is allowed. If the argument is ``none'' |
@@ -93,27 +121,27 @@ DESCRIPTION | |||
93 | login.conf(5)) The default is ``yes''. | 121 | login.conf(5)) The default is ``yes''. |
94 | 122 | ||
95 | ChrootDirectory | 123 | ChrootDirectory |
96 | Specifies the pathname of a directory to chroot(2) to after au- | 124 | Specifies the pathname of a directory to chroot(2) to after |
97 | thentication. All components of the pathname must be root-owned | 125 | authentication. All components of the pathname must be root- |
98 | directories that are not writable by any other user or group. | 126 | owned directories that are not writable by any other user or |
99 | After the chroot, sshd(8) changes the working directory to the | 127 | group. After the chroot, sshd(8) changes the working directory |
100 | user's home directory. | 128 | to the user's home directory. |
101 | 129 | ||
102 | The pathname may contain the following tokens that are expanded | 130 | The pathname may contain the following tokens that are expanded |
103 | at runtime once the connecting user has been authenticated: %% is | 131 | at runtime once the connecting user has been authenticated: %% is |
104 | replaced by a literal '%', %h is replaced by the home directory | 132 | replaced by a literal '%', %h is replaced by the home directory |
105 | of the user being authenticated, and %u is replaced by the user- | 133 | of the user being authenticated, and %u is replaced by the |
106 | name of that user. | 134 | username of that user. |
107 | 135 | ||
108 | The ChrootDirectory must contain the necessary files and directo- | 136 | The ChrootDirectory must contain the necessary files and |
109 | ries to support the user's session. For an interactive session | 137 | directories to support the user's session. For an interactive |
110 | this requires at least a shell, typically sh(1), and basic /dev | 138 | session this requires at least a shell, typically sh(1), and |
111 | nodes such as null(4), zero(4), stdin(4), stdout(4), stderr(4), | 139 | basic /dev nodes such as null(4), zero(4), stdin(4), stdout(4), |
112 | arandom(4) and tty(4) devices. For file transfer sessions using | 140 | stderr(4), arandom(4) and tty(4) devices. For file transfer |
113 | ``sftp'', no additional configuration of the environment is nec- | 141 | sessions using ``sftp'', no additional configuration of the |
114 | essary if the in-process sftp server is used, though sessions | 142 | environment is necessary if the in-process sftp server is used, |
115 | which use logging do require /dev/log inside the chroot directory | 143 | though sessions which use logging do require /dev/log inside the |
116 | (see sftp-server(8) for details). | 144 | chroot directory (see sftp-server(8) for details). |
117 | 145 | ||
118 | The default is not to chroot(2). | 146 | The default is not to chroot(2). |
119 | 147 | ||
@@ -132,28 +160,28 @@ DESCRIPTION | |||
132 | ClientAliveCountMax | 160 | ClientAliveCountMax |
133 | Sets the number of client alive messages (see below) which may be | 161 | Sets the number of client alive messages (see below) which may be |
134 | sent without sshd(8) receiving any messages back from the client. | 162 | sent without sshd(8) receiving any messages back from the client. |
135 | If this threshold is reached while client alive messages are be- | 163 | If this threshold is reached while client alive messages are |
136 | ing sent, sshd will disconnect the client, terminating the ses- | 164 | being sent, sshd will disconnect the client, terminating the |
137 | sion. It is important to note that the use of client alive mes- | 165 | session. It is important to note that the use of client alive |
138 | sages is very different from TCPKeepAlive (below). The client | 166 | messages is very different from TCPKeepAlive (below). The client |
139 | alive messages are sent through the encrypted channel and there- | 167 | alive messages are sent through the encrypted channel and |
140 | fore will not be spoofable. The TCP keepalive option enabled by | 168 | therefore will not be spoofable. The TCP keepalive option |
141 | TCPKeepAlive is spoofable. The client alive mechanism is valu- | 169 | enabled by TCPKeepAlive is spoofable. The client alive mechanism |
142 | able when the client or server depend on knowing when a connec- | 170 | is valuable when the client or server depend on knowing when a |
143 | tion has become inactive. | 171 | connection has become inactive. |
144 | 172 | ||
145 | The default value is 3. If ClientAliveInterval (see below) is | 173 | The default value is 3. If ClientAliveInterval (see below) is |
146 | set to 15, and ClientAliveCountMax is left at the default, unre- | 174 | set to 15, and ClientAliveCountMax is left at the default, |
147 | sponsive SSH clients will be disconnected after approximately 45 | 175 | unresponsive SSH clients will be disconnected after approximately |
148 | seconds. This option applies to protocol version 2 only. | 176 | 45 seconds. This option applies to protocol version 2 only. |
149 | 177 | ||
150 | ClientAliveInterval | 178 | ClientAliveInterval |
151 | Sets a timeout interval in seconds after which if no data has | 179 | Sets a timeout interval in seconds after which if no data has |
152 | been received from the client, sshd(8) will send a message | 180 | been received from the client, sshd(8) will send a message |
153 | through the encrypted channel to request a response from the | 181 | through the encrypted channel to request a response from the |
154 | client. The default is 0, indicating that these messages will | 182 | client. The default is 0, indicating that these messages will |
155 | not be sent to the client. This option applies to protocol ver- | 183 | not be sent to the client. This option applies to protocol |
156 | sion 2 only. | 184 | version 2 only. |
157 | 185 | ||
158 | Compression | 186 | Compression |
159 | Specifies whether compression is allowed, or delayed until the | 187 | Specifies whether compression is allowed, or delayed until the |
@@ -164,9 +192,9 @@ DESCRIPTION | |||
164 | This keyword can be followed by a list of group name patterns, | 192 | This keyword can be followed by a list of group name patterns, |
165 | separated by spaces. Login is disallowed for users whose primary | 193 | separated by spaces. Login is disallowed for users whose primary |
166 | group or supplementary group list matches one of the patterns. | 194 | group or supplementary group list matches one of the patterns. |
167 | Only group names are valid; a numerical group ID is not recog- | 195 | Only group names are valid; a numerical group ID is not |
168 | nized. By default, login is allowed for all groups. The al- | 196 | recognized. By default, login is allowed for all groups. The |
169 | low/deny directives are processed in the following order: | 197 | allow/deny directives are processed in the following order: |
170 | DenyUsers, AllowUsers, DenyGroups, and finally AllowGroups. | 198 | DenyUsers, AllowUsers, DenyGroups, and finally AllowGroups. |
171 | 199 | ||
172 | See PATTERNS in ssh_config(5) for more information on patterns. | 200 | See PATTERNS in ssh_config(5) for more information on patterns. |
@@ -174,20 +202,20 @@ DESCRIPTION | |||
174 | DenyUsers | 202 | DenyUsers |
175 | This keyword can be followed by a list of user name patterns, | 203 | This keyword can be followed by a list of user name patterns, |
176 | separated by spaces. Login is disallowed for user names that | 204 | separated by spaces. Login is disallowed for user names that |
177 | match one of the patterns. Only user names are valid; a numeri- | 205 | match one of the patterns. Only user names are valid; a |
178 | cal user ID is not recognized. By default, login is allowed for | 206 | numerical user ID is not recognized. By default, login is |
179 | all users. If the pattern takes the form USER@HOST then USER and | 207 | allowed for all users. If the pattern takes the form USER@HOST |
180 | HOST are separately checked, restricting logins to particular | 208 | then USER and HOST are separately checked, restricting logins to |
181 | users from particular hosts. The allow/deny directives are pro- | 209 | particular users from particular hosts. The allow/deny |
182 | cessed in the following order: DenyUsers, AllowUsers, DenyGroups, | 210 | directives are processed in the following order: DenyUsers, |
183 | and finally AllowGroups. | 211 | AllowUsers, DenyGroups, and finally AllowGroups. |
184 | 212 | ||
185 | See PATTERNS in ssh_config(5) for more information on patterns. | 213 | See PATTERNS in ssh_config(5) for more information on patterns. |
186 | 214 | ||
187 | ForceCommand | 215 | ForceCommand |
188 | Forces the execution of the command specified by ForceCommand, | 216 | Forces the execution of the command specified by ForceCommand, |
189 | ignoring any command supplied by the client and ~/.ssh/rc if pre- | 217 | ignoring any command supplied by the client and ~/.ssh/rc if |
190 | sent. The command is invoked by using the user's login shell | 218 | present. The command is invoked by using the user's login shell |
191 | with the -c option. This applies to shell, command, or subsystem | 219 | with the -c option. This applies to shell, command, or subsystem |
192 | execution. It is most useful inside a Match block. The command | 220 | execution. It is most useful inside a Match block. The command |
193 | originally supplied by the client is available in the | 221 | originally supplied by the client is available in the |
@@ -202,10 +230,10 @@ DESCRIPTION | |||
202 | forwardings to the loopback address. This prevents other remote | 230 | forwardings to the loopback address. This prevents other remote |
203 | hosts from connecting to forwarded ports. GatewayPorts can be | 231 | hosts from connecting to forwarded ports. GatewayPorts can be |
204 | used to specify that sshd should allow remote port forwardings to | 232 | used to specify that sshd should allow remote port forwardings to |
205 | bind to non-loopback addresses, thus allowing other hosts to con- | 233 | bind to non-loopback addresses, thus allowing other hosts to |
206 | nect. The argument may be ``no'' to force remote port forward- | 234 | connect. The argument may be ``no'' to force remote port |
207 | ings to be available to the local host only, ``yes'' to force re- | 235 | forwardings to be available to the local host only, ``yes'' to |
208 | mote port forwardings to bind to the wildcard address, or | 236 | force remote port forwardings to bind to the wildcard address, or |
209 | ``clientspecified'' to allow the client to select the address to | 237 | ``clientspecified'' to allow the client to select the address to |
210 | which the forwarding is bound. The default is ``no''. | 238 | which the forwarding is bound. The default is ``no''. |
211 | 239 | ||
@@ -220,15 +248,15 @@ DESCRIPTION | |||
220 | applies to protocol version 2 only. | 248 | applies to protocol version 2 only. |
221 | 249 | ||
222 | HostbasedAuthentication | 250 | HostbasedAuthentication |
223 | Specifies whether rhosts or /etc/hosts.equiv authentication to- | 251 | Specifies whether rhosts or /etc/hosts.equiv authentication |
224 | gether with successful public key client host authentication is | 252 | together with successful public key client host authentication is |
225 | allowed (host-based authentication). This option is similar to | 253 | allowed (host-based authentication). This option is similar to |
226 | RhostsRSAAuthentication and applies to protocol version 2 only. | 254 | RhostsRSAAuthentication and applies to protocol version 2 only. |
227 | The default is ``no''. | 255 | The default is ``no''. |
228 | 256 | ||
229 | HostbasedUsesNameFromPacketOnly | 257 | HostbasedUsesNameFromPacketOnly |
230 | Specifies whether or not the server will attempt to perform a re- | 258 | Specifies whether or not the server will attempt to perform a |
231 | verse name lookup when matching the name in the ~/.shosts, | 259 | reverse name lookup when matching the name in the ~/.shosts, |
232 | ~/.rhosts, and /etc/hosts.equiv files during | 260 | ~/.rhosts, and /etc/hosts.equiv files during |
233 | HostbasedAuthentication. A setting of ``yes'' means that sshd(8) | 261 | HostbasedAuthentication. A setting of ``yes'' means that sshd(8) |
234 | uses the name supplied by the client rather than attempting to | 262 | uses the name supplied by the client rather than attempting to |
@@ -236,17 +264,17 @@ DESCRIPTION | |||
236 | ``no''. | 264 | ``no''. |
237 | 265 | ||
238 | HostCertificate | 266 | HostCertificate |
239 | Specifies a file containing a public host certificate. The cer- | 267 | Specifies a file containing a public host certificate. The |
240 | tificate's public key must match a private host key already spec- | 268 | certificate's public key must match a private host key already |
241 | ified by HostKey. The default behaviour of sshd(8) is not to | 269 | specified by HostKey. The default behaviour of sshd(8) is not to |
242 | load any certificates. | 270 | load any certificates. |
243 | 271 | ||
244 | HostKey | 272 | HostKey |
245 | Specifies a file containing a private host key used by SSH. The | 273 | Specifies a file containing a private host key used by SSH. The |
246 | default is /etc/ssh/ssh_host_key for protocol version 1, and | 274 | default is /etc/ssh/ssh_host_key for protocol version 1, and |
247 | /etc/ssh/ssh_host_rsa_key and /etc/ssh/ssh_host_dsa_key for pro- | 275 | /etc/ssh/ssh_host_rsa_key and /etc/ssh/ssh_host_dsa_key for |
248 | tocol version 2. Note that sshd(8) will refuse to use a file if | 276 | protocol version 2. Note that sshd(8) will refuse to use a file |
249 | it is group/world-accessible. It is possible to have multiple | 277 | if it is group/world-accessible. It is possible to have multiple |
250 | host key files. ``rsa1'' keys are used for version 1 and ``dsa'' | 278 | host key files. ``rsa1'' keys are used for version 1 and ``dsa'' |
251 | or ``rsa'' are used for version 2 of the SSH protocol. | 279 | or ``rsa'' are used for version 2 of the SSH protocol. |
252 | 280 | ||
@@ -254,8 +282,8 @@ DESCRIPTION | |||
254 | Specifies that .rhosts and .shosts files will not be used in | 282 | Specifies that .rhosts and .shosts files will not be used in |
255 | RhostsRSAAuthentication or HostbasedAuthentication. | 283 | RhostsRSAAuthentication or HostbasedAuthentication. |
256 | 284 | ||
257 | /etc/hosts.equiv and /etc/shosts.equiv are still used. The de- | 285 | /etc/hosts.equiv and /etc/shosts.equiv are still used. The |
258 | fault is ``yes''. | 286 | default is ``yes''. |
259 | 287 | ||
260 | IgnoreUserKnownHosts | 288 | IgnoreUserKnownHosts |
261 | Specifies whether sshd(8) should ignore the user's | 289 | Specifies whether sshd(8) should ignore the user's |
@@ -275,9 +303,9 @@ DESCRIPTION | |||
275 | The default is ``no''. | 303 | The default is ``no''. |
276 | 304 | ||
277 | KerberosOrLocalPasswd | 305 | KerberosOrLocalPasswd |
278 | If password authentication through Kerberos fails then the pass- | 306 | If password authentication through Kerberos fails then the |
279 | word will be validated via any additional local mechanism such as | 307 | password will be validated via any additional local mechanism |
280 | /etc/passwd. The default is ``yes''. | 308 | such as /etc/passwd. The default is ``yes''. |
281 | 309 | ||
282 | KerberosTicketCleanup | 310 | KerberosTicketCleanup |
283 | Specifies whether to automatically destroy the user's ticket | 311 | Specifies whether to automatically destroy the user's ticket |
@@ -286,17 +314,17 @@ DESCRIPTION | |||
286 | KeyRegenerationInterval | 314 | KeyRegenerationInterval |
287 | In protocol version 1, the ephemeral server key is automatically | 315 | In protocol version 1, the ephemeral server key is automatically |
288 | regenerated after this many seconds (if it has been used). The | 316 | regenerated after this many seconds (if it has been used). The |
289 | purpose of regeneration is to prevent decrypting captured ses- | 317 | purpose of regeneration is to prevent decrypting captured |
290 | sions by later breaking into the machine and stealing the keys. | 318 | sessions by later breaking into the machine and stealing the |
291 | The key is never stored anywhere. If the value is 0, the key is | 319 | keys. The key is never stored anywhere. If the value is 0, the |
292 | never regenerated. The default is 3600 (seconds). | 320 | key is never regenerated. The default is 3600 (seconds). |
293 | 321 | ||
294 | ListenAddress | 322 | ListenAddress |
295 | Specifies the local addresses sshd(8) should listen on. The fol- | 323 | Specifies the local addresses sshd(8) should listen on. The |
296 | lowing forms may be used: | 324 | following forms may be used: |
297 | 325 | ||
298 | ListenAddress host|IPv4_addr|IPv6_addr | 326 | ListenAddress host | IPv4_addr | IPv6_addr |
299 | ListenAddress host|IPv4_addr:port | 327 | ListenAddress host | IPv4_addr:port |
300 | ListenAddress [host|IPv6_addr]:port | 328 | ListenAddress [host|IPv6_addr]:port |
301 | 329 | ||
302 | If port is not specified, sshd will listen on the address and all | 330 | If port is not specified, sshd will listen on the address and all |
@@ -306,9 +334,9 @@ DESCRIPTION | |||
306 | port qualified addresses. | 334 | port qualified addresses. |
307 | 335 | ||
308 | LoginGraceTime | 336 | LoginGraceTime |
309 | The server disconnects after this time if the user has not suc- | 337 | The server disconnects after this time if the user has not |
310 | cessfully logged in. If the value is 0, there is no time limit. | 338 | successfully logged in. If the value is 0, there is no time |
311 | The default is 120 seconds. | 339 | limit. The default is 120 seconds. |
312 | 340 | ||
313 | LogLevel | 341 | LogLevel |
314 | Gives the verbosity level that is used when logging messages from | 342 | Gives the verbosity level that is used when logging messages from |
@@ -318,18 +346,18 @@ DESCRIPTION | |||
318 | higher levels of debugging output. Logging with a DEBUG level | 346 | higher levels of debugging output. Logging with a DEBUG level |
319 | violates the privacy of users and is not recommended. | 347 | violates the privacy of users and is not recommended. |
320 | 348 | ||
321 | MACs Specifies the available MAC (message authentication code) algo- | 349 | MACs Specifies the available MAC (message authentication code) |
322 | rithms. The MAC algorithm is used in protocol version 2 for data | 350 | algorithms. The MAC algorithm is used in protocol version 2 for |
323 | integrity protection. Multiple algorithms must be comma-separat- | 351 | data integrity protection. Multiple algorithms must be comma- |
324 | ed. The default is: | 352 | separated. The default is: |
325 | 353 | ||
326 | hmac-md5,hmac-sha1,umac-64@openssh.com, | 354 | hmac-md5,hmac-sha1,umac-64@openssh.com, |
327 | hmac-ripemd160,hmac-sha1-96,hmac-md5-96 | 355 | hmac-ripemd160,hmac-sha1-96,hmac-md5-96 |
328 | 356 | ||
329 | Match Introduces a conditional block. If all of the criteria on the | 357 | Match Introduces a conditional block. If all of the criteria on the |
330 | Match line are satisfied, the keywords on the following lines | 358 | Match line are satisfied, the keywords on the following lines |
331 | override those set in the global section of the config file, un- | 359 | override those set in the global section of the config file, |
332 | til either another Match line or the end of the file. | 360 | until either another Match line or the end of the file. |
333 | 361 | ||
334 | The arguments to Match are one or more criteria-pattern pairs. | 362 | The arguments to Match are one or more criteria-pattern pairs. |
335 | The available criteria are User, Group, Host, and Address. The | 363 | The available criteria are User, Group, Host, and Address. The |
@@ -337,8 +365,8 @@ DESCRIPTION | |||
337 | lists and may use the wildcard and negation operators described | 365 | lists and may use the wildcard and negation operators described |
338 | in the PATTERNS section of ssh_config(5). | 366 | in the PATTERNS section of ssh_config(5). |
339 | 367 | ||
340 | The patterns in an Address criteria may additionally contain ad- | 368 | The patterns in an Address criteria may additionally contain |
341 | dresses to match in CIDR address/masklen format, e.g. | 369 | addresses to match in CIDR address/masklen format, e.g. |
342 | ``192.0.2.0/24'' or ``3ffe:ffff::/32''. Note that the mask | 370 | ``192.0.2.0/24'' or ``3ffe:ffff::/32''. Note that the mask |
343 | length provided must be consistent with the address - it is an | 371 | length provided must be consistent with the address - it is an |
344 | error to specify a mask length that is too long for the address | 372 | error to specify a mask length that is too long for the address |
@@ -347,13 +375,15 @@ DESCRIPTION | |||
347 | 375 | ||
348 | Only a subset of keywords may be used on the lines following a | 376 | Only a subset of keywords may be used on the lines following a |
349 | Match keyword. Available keywords are AllowAgentForwarding, | 377 | Match keyword. Available keywords are AllowAgentForwarding, |
350 | AllowTcpForwarding, Banner, ChrootDirectory, ForceCommand, | 378 | AllowTcpForwarding, AuthorizedKeysFile, AuthorizedPrincipalsFile, |
351 | GatewayPorts, GSSAPIAuthentication, HostbasedAuthentication, | 379 | Banner, ChrootDirectory, ForceCommand, GatewayPorts, |
352 | KbdInteractiveAuthentication, KerberosAuthentication, | 380 | GSSAPIAuthentication, HostbasedAuthentication, |
353 | MaxAuthTries, MaxSessions, PasswordAuthentication, | 381 | HostbasedUsesNameFromPacketOnly, KbdInteractiveAuthentication, |
354 | PermitEmptyPasswords, PermitOpen, PermitRootLogin, | 382 | KerberosAuthentication, MaxAuthTries, MaxSessions, |
355 | PubkeyAuthentication, RhostsRSAAuthentication, RSAAuthentication, | 383 | PasswordAuthentication, PermitEmptyPasswords, PermitOpen, |
356 | X11DisplayOffset, X11Forwarding and X11UseLocalHost. | 384 | PermitRootLogin, PermitTunnel, PubkeyAuthentication, |
385 | RhostsRSAAuthentication, RSAAuthentication, X11DisplayOffset, | ||
386 | X11Forwarding and X11UseLocalHost. | ||
357 | 387 | ||
358 | MaxAuthTries | 388 | MaxAuthTries |
359 | Specifies the maximum number of authentication attempts permitted | 389 | Specifies the maximum number of authentication attempts permitted |
@@ -361,26 +391,26 @@ DESCRIPTION | |||
361 | value, additional failures are logged. The default is 6. | 391 | value, additional failures are logged. The default is 6. |
362 | 392 | ||
363 | MaxSessions | 393 | MaxSessions |
364 | Specifies the maximum number of open sessions permitted per net- | 394 | Specifies the maximum number of open sessions permitted per |
365 | work connection. The default is 10. | 395 | network connection. The default is 10. |
366 | 396 | ||
367 | MaxStartups | 397 | MaxStartups |
368 | Specifies the maximum number of concurrent unauthenticated con- | 398 | Specifies the maximum number of concurrent unauthenticated |
369 | nections to the SSH daemon. Additional connections will be | 399 | connections to the SSH daemon. Additional connections will be |
370 | dropped until authentication succeeds or the LoginGraceTime ex- | 400 | dropped until authentication succeeds or the LoginGraceTime |
371 | pires for a connection. The default is 10. | 401 | expires for a connection. The default is 10. |
372 | 402 | ||
373 | Alternatively, random early drop can be enabled by specifying the | 403 | Alternatively, random early drop can be enabled by specifying the |
374 | three colon separated values ``start:rate:full'' (e.g. | 404 | three colon separated values ``start:rate:full'' (e.g. |
375 | "10:30:60"). sshd(8) will refuse connection attempts with a | 405 | "10:30:60"). sshd(8) will refuse connection attempts with a |
376 | probability of ``rate/100'' (30%) if there are currently | 406 | probability of ``rate/100'' (30%) if there are currently |
377 | ``start'' (10) unauthenticated connections. The probability in- | 407 | ``start'' (10) unauthenticated connections. The probability |
378 | creases linearly and all connection attempts are refused if the | 408 | increases linearly and all connection attempts are refused if the |
379 | number of unauthenticated connections reaches ``full'' (60). | 409 | number of unauthenticated connections reaches ``full'' (60). |
380 | 410 | ||
381 | PasswordAuthentication | 411 | PasswordAuthentication |
382 | Specifies whether password authentication is allowed. The de- | 412 | Specifies whether password authentication is allowed. The |
383 | fault is ``yes''. | 413 | default is ``yes''. |
384 | 414 | ||
385 | PermitEmptyPasswords | 415 | PermitEmptyPasswords |
386 | When password authentication is allowed, it specifies whether the | 416 | When password authentication is allowed, it specifies whether the |
@@ -388,17 +418,17 @@ DESCRIPTION | |||
388 | default is ``no''. | 418 | default is ``no''. |
389 | 419 | ||
390 | PermitOpen | 420 | PermitOpen |
391 | Specifies the destinations to which TCP port forwarding is per- | 421 | Specifies the destinations to which TCP port forwarding is |
392 | mitted. The forwarding specification must be one of the follow- | 422 | permitted. The forwarding specification must be one of the |
393 | ing forms: | 423 | following forms: |
394 | 424 | ||
395 | PermitOpen host:port | 425 | PermitOpen host:port |
396 | PermitOpen IPv4_addr:port | 426 | PermitOpen IPv4_addr:port |
397 | PermitOpen [IPv6_addr]:port | 427 | PermitOpen [ IPv6_addr ]:port |
398 | 428 | ||
399 | Multiple forwards may be specified by separating them with | 429 | Multiple forwards may be specified by separating them with |
400 | whitespace. An argument of ``any'' can be used to remove all re- | 430 | whitespace. An argument of ``any'' can be used to remove all |
401 | strictions and permit any forwarding requests. By default all | 431 | restrictions and permit any forwarding requests. By default all |
402 | port forwarding requests are permitted. | 432 | port forwarding requests are permitted. |
403 | 433 | ||
404 | PermitRootLogin | 434 | PermitRootLogin |
@@ -406,8 +436,8 @@ DESCRIPTION | |||
406 | must be ``yes'', ``without-password'', ``forced-commands-only'', | 436 | must be ``yes'', ``without-password'', ``forced-commands-only'', |
407 | or ``no''. The default is ``yes''. | 437 | or ``no''. The default is ``yes''. |
408 | 438 | ||
409 | If this option is set to ``without-password'', password authenti- | 439 | If this option is set to ``without-password'', password |
410 | cation is disabled for root. | 440 | authentication is disabled for root. |
411 | 441 | ||
412 | If this option is set to ``forced-commands-only'', root login | 442 | If this option is set to ``forced-commands-only'', root login |
413 | with public key authentication will be allowed, but only if the | 443 | with public key authentication will be allowed, but only if the |
@@ -418,21 +448,21 @@ DESCRIPTION | |||
418 | If this option is set to ``no'', root is not allowed to log in. | 448 | If this option is set to ``no'', root is not allowed to log in. |
419 | 449 | ||
420 | PermitTunnel | 450 | PermitTunnel |
421 | Specifies whether tun(4) device forwarding is allowed. The argu- | 451 | Specifies whether tun(4) device forwarding is allowed. The |
422 | ment must be ``yes'', ``point-to-point'' (layer 3), ``ethernet'' | 452 | argument must be ``yes'', ``point-to-point'' (layer 3), |
423 | (layer 2), or ``no''. Specifying ``yes'' permits both ``point- | 453 | ``ethernet'' (layer 2), or ``no''. Specifying ``yes'' permits |
424 | to-point'' and ``ethernet''. The default is ``no''. | 454 | both ``point-to-point'' and ``ethernet''. The default is ``no''. |
425 | 455 | ||
426 | PermitUserEnvironment | 456 | PermitUserEnvironment |
427 | Specifies whether ~/.ssh/environment and environment= options in | 457 | Specifies whether ~/.ssh/environment and environment= options in |
428 | ~/.ssh/authorized_keys are processed by sshd(8). The default is | 458 | ~/.ssh/authorized_keys are processed by sshd(8). The default is |
429 | ``no''. Enabling environment processing may enable users to by- | 459 | ``no''. Enabling environment processing may enable users to |
430 | pass access restrictions in some configurations using mechanisms | 460 | bypass access restrictions in some configurations using |
431 | such as LD_PRELOAD. | 461 | mechanisms such as LD_PRELOAD. |
432 | 462 | ||
433 | PidFile | 463 | PidFile |
434 | Specifies the file that contains the process ID of the SSH dae- | 464 | Specifies the file that contains the process ID of the SSH |
435 | mon. The default is /var/run/sshd.pid. | 465 | daemon. The default is /var/run/sshd.pid. |
436 | 466 | ||
437 | Port Specifies the port number that sshd(8) listens on. The default | 467 | Port Specifies the port number that sshd(8) listens on. The default |
438 | is 22. Multiple options of this type are permitted. See also | 468 | is 22. Multiple options of this type are permitted. See also |
@@ -450,16 +480,16 @@ DESCRIPTION | |||
450 | 480 | ||
451 | Protocol | 481 | Protocol |
452 | Specifies the protocol versions sshd(8) supports. The possible | 482 | Specifies the protocol versions sshd(8) supports. The possible |
453 | values are `1' and `2'. Multiple versions must be comma-separat- | 483 | values are `1' and `2'. Multiple versions must be comma- |
454 | ed. The default is `2'. Note that the order of the protocol | 484 | separated. The default is `2'. Note that the order of the |
455 | list does not indicate preference, because the client selects | 485 | protocol list does not indicate preference, because the client |
456 | among multiple protocol versions offered by the server. Specify- | 486 | selects among multiple protocol versions offered by the server. |
457 | ing ``2,1'' is identical to ``1,2''. | 487 | Specifying ``2,1'' is identical to ``1,2''. |
458 | 488 | ||
459 | PubkeyAuthentication | 489 | PubkeyAuthentication |
460 | Specifies whether public key authentication is allowed. The de- | 490 | Specifies whether public key authentication is allowed. The |
461 | fault is ``yes''. Note that this option applies to protocol ver- | 491 | default is ``yes''. Note that this option applies to protocol |
462 | sion 2 only. | 492 | version 2 only. |
463 | 493 | ||
464 | RevokedKeys | 494 | RevokedKeys |
465 | Specifies a list of revoked public keys. Keys listed in this | 495 | Specifies a list of revoked public keys. Keys listed in this |
@@ -468,15 +498,15 @@ DESCRIPTION | |||
468 | refused for all users. | 498 | refused for all users. |
469 | 499 | ||
470 | RhostsRSAAuthentication | 500 | RhostsRSAAuthentication |
471 | Specifies whether rhosts or /etc/hosts.equiv authentication to- | 501 | Specifies whether rhosts or /etc/hosts.equiv authentication |
472 | gether with successful RSA host authentication is allowed. The | 502 | together with successful RSA host authentication is allowed. The |
473 | default is ``no''. This option applies to protocol version 1 on- | 503 | default is ``no''. This option applies to protocol version 1 |
474 | ly. | 504 | only. |
475 | 505 | ||
476 | RSAAuthentication | 506 | RSAAuthentication |
477 | Specifies whether pure RSA authentication is allowed. The de- | 507 | Specifies whether pure RSA authentication is allowed. The |
478 | fault is ``yes''. This option applies to protocol version 1 on- | 508 | default is ``yes''. This option applies to protocol version 1 |
479 | ly. | 509 | only. |
480 | 510 | ||
481 | ServerKeyBits | 511 | ServerKeyBits |
482 | Defines the number of bits in the ephemeral protocol version 1 | 512 | Defines the number of bits in the ephemeral protocol version 1 |
@@ -502,24 +532,24 @@ DESCRIPTION | |||
502 | ``sftp'' server. This may simplify configurations using | 532 | ``sftp'' server. This may simplify configurations using |
503 | ChrootDirectory to force a different filesystem root on clients. | 533 | ChrootDirectory to force a different filesystem root on clients. |
504 | 534 | ||
505 | By default no subsystems are defined. Note that this option ap- | 535 | By default no subsystems are defined. Note that this option |
506 | plies to protocol version 2 only. | 536 | applies to protocol version 2 only. |
507 | 537 | ||
508 | SyslogFacility | 538 | SyslogFacility |
509 | Gives the facility code that is used when logging messages from | 539 | Gives the facility code that is used when logging messages from |
510 | sshd(8). The possible values are: DAEMON, USER, AUTH, LOCAL0, | 540 | sshd(8). The possible values are: DAEMON, USER, AUTH, LOCAL0, |
511 | LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. The de- | 541 | LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. The |
512 | fault is AUTH. | 542 | default is AUTH. |
513 | 543 | ||
514 | TCPKeepAlive | 544 | TCPKeepAlive |
515 | Specifies whether the system should send TCP keepalive messages | 545 | Specifies whether the system should send TCP keepalive messages |
516 | to the other side. If they are sent, death of the connection or | 546 | to the other side. If they are sent, death of the connection or |
517 | crash of one of the machines will be properly noticed. However, | 547 | crash of one of the machines will be properly noticed. However, |
518 | this means that connections will die if the route is down tem- | 548 | this means that connections will die if the route is down |
519 | porarily, and some people find it annoying. On the other hand, | 549 | temporarily, and some people find it annoying. On the other |
520 | if TCP keepalives are not sent, sessions may hang indefinitely on | 550 | hand, if TCP keepalives are not sent, sessions may hang |
521 | the server, leaving ``ghost'' users and consuming server re- | 551 | indefinitely on the server, leaving ``ghost'' users and consuming |
522 | sources. | 552 | server resources. |
523 | 553 | ||
524 | The default is ``yes'' (to send TCP keepalive messages), and the | 554 | The default is ``yes'' (to send TCP keepalive messages), and the |
525 | server will notice if the network goes down or the client host | 555 | server will notice if the network goes down or the client host |
@@ -529,34 +559,34 @@ DESCRIPTION | |||
529 | ``no''. | 559 | ``no''. |
530 | 560 | ||
531 | TrustedUserCAKeys | 561 | TrustedUserCAKeys |
532 | Specifies a file containing public keys of certificate authori- | 562 | Specifies a file containing public keys of certificate |
533 | ties that are trusted to sign user certificates for authentica- | 563 | authorities that are trusted to sign user certificates for |
534 | tion. Keys are listed one per line; empty lines and comments | 564 | authentication. Keys are listed one per line; empty lines and |
535 | starting with `#' are allowed. If a certificate is presented for | 565 | comments starting with `#' are allowed. If a certificate is |
536 | authentication and has its signing CA key listed in this file, | 566 | presented for authentication and has its signing CA key listed in |
537 | then it may be used for authentication for any user listed in the | 567 | this file, then it may be used for authentication for any user |
538 | certificate's principals list. Note that certificates that lack | 568 | listed in the certificate's principals list. Note that |
539 | a list of principals will not be permitted for authentication us- | 569 | certificates that lack a list of principals will not be permitted |
540 | ing TrustedUserCAKeys. For more details on certificates, see the | 570 | for authentication using TrustedUserCAKeys. For more details on |
541 | CERTIFICATES section in ssh-keygen(1). | 571 | certificates, see the CERTIFICATES section in ssh-keygen(1). |
542 | 572 | ||
543 | UseDNS Specifies whether sshd(8) should look up the remote host name and | 573 | UseDNS Specifies whether sshd(8) should look up the remote host name and |
544 | check that the resolved host name for the remote IP address maps | 574 | check that the resolved host name for the remote IP address maps |
545 | back to the very same IP address. The default is ``yes''. | 575 | back to the very same IP address. The default is ``yes''. |
546 | 576 | ||
547 | UseLogin | 577 | UseLogin |
548 | Specifies whether login(1) is used for interactive login ses- | 578 | Specifies whether login(1) is used for interactive login |
549 | sions. The default is ``no''. Note that login(1) is never used | 579 | sessions. The default is ``no''. Note that login(1) is never |
550 | for remote command execution. Note also, that if this is en- | 580 | used for remote command execution. Note also, that if this is |
551 | abled, X11Forwarding will be disabled because login(1) does not | 581 | enabled, X11Forwarding will be disabled because login(1) does not |
552 | know how to handle xauth(1) cookies. If UsePrivilegeSeparation | 582 | know how to handle xauth(1) cookies. If UsePrivilegeSeparation |
553 | is specified, it will be disabled after authentication. | 583 | is specified, it will be disabled after authentication. |
554 | 584 | ||
555 | UsePAM Enables the Pluggable Authentication Module interface. If set to | 585 | UsePAM Enables the Pluggable Authentication Module interface. If set to |
556 | ``yes'' this will enable PAM authentication using | 586 | ``yes'' this will enable PAM authentication using |
557 | ChallengeResponseAuthentication and PasswordAuthentication in ad- | 587 | ChallengeResponseAuthentication and PasswordAuthentication in |
558 | dition to PAM account and session module processing for all au- | 588 | addition to PAM account and session module processing for all |
559 | thentication types. | 589 | authentication types. |
560 | 590 | ||
561 | Because PAM challenge-response authentication usually serves an | 591 | Because PAM challenge-response authentication usually serves an |
562 | equivalent role to password authentication, you should disable | 592 | equivalent role to password authentication, you should disable |
@@ -566,12 +596,12 @@ DESCRIPTION | |||
566 | non-root user. The default is ``no''. | 596 | non-root user. The default is ``no''. |
567 | 597 | ||
568 | UsePrivilegeSeparation | 598 | UsePrivilegeSeparation |
569 | Specifies whether sshd(8) separates privileges by creating an un- | 599 | Specifies whether sshd(8) separates privileges by creating an |
570 | privileged child process to deal with incoming network traffic. | 600 | unprivileged child process to deal with incoming network traffic. |
571 | After successful authentication, another process will be created | 601 | After successful authentication, another process will be created |
572 | that has the privilege of the authenticated user. The goal of | 602 | that has the privilege of the authenticated user. The goal of |
573 | privilege separation is to prevent privilege escalation by con- | 603 | privilege separation is to prevent privilege escalation by |
574 | taining any corruption within the unprivileged processes. The | 604 | containing any corruption within the unprivileged processes. The |
575 | default is ``yes''. | 605 | default is ``yes''. |
576 | 606 | ||
577 | X11DisplayOffset | 607 | X11DisplayOffset |
@@ -586,15 +616,16 @@ DESCRIPTION | |||
586 | When X11 forwarding is enabled, there may be additional exposure | 616 | When X11 forwarding is enabled, there may be additional exposure |
587 | to the server and to client displays if the sshd(8) proxy display | 617 | to the server and to client displays if the sshd(8) proxy display |
588 | is configured to listen on the wildcard address (see | 618 | is configured to listen on the wildcard address (see |
589 | X11UseLocalhost below), though this is not the default. Addi- | 619 | X11UseLocalhost below), though this is not the default. |
590 | tionally, the authentication spoofing and authentication data | 620 | Additionally, the authentication spoofing and authentication data |
591 | verification and substitution occur on the client side. The se- | 621 | verification and substitution occur on the client side. The |
592 | curity risk of using X11 forwarding is that the client's X11 dis- | 622 | security risk of using X11 forwarding is that the client's X11 |
593 | play server may be exposed to attack when the SSH client requests | 623 | display server may be exposed to attack when the SSH client |
594 | forwarding (see the warnings for ForwardX11 in ssh_config(5)). A | 624 | requests forwarding (see the warnings for ForwardX11 in |
595 | system administrator may have a stance in which they want to pro- | 625 | ssh_config(5)). A system administrator may have a stance in |
596 | tect clients that may expose themselves to attack by unwittingly | 626 | which they want to protect clients that may expose themselves to |
597 | requesting X11 forwarding, which can warrant a ``no'' setting. | 627 | attack by unwittingly requesting X11 forwarding, which can |
628 | warrant a ``no'' setting. | ||
598 | 629 | ||
599 | Note that disabling X11 forwarding does not prevent users from | 630 | Note that disabling X11 forwarding does not prevent users from |
600 | forwarding X11 traffic, as users can always install their own | 631 | forwarding X11 traffic, as users can always install their own |
@@ -609,19 +640,19 @@ DESCRIPTION | |||
609 | ``localhost''. This prevents remote hosts from connecting to the | 640 | ``localhost''. This prevents remote hosts from connecting to the |
610 | proxy display. However, some older X11 clients may not function | 641 | proxy display. However, some older X11 clients may not function |
611 | with this configuration. X11UseLocalhost may be set to ``no'' to | 642 | with this configuration. X11UseLocalhost may be set to ``no'' to |
612 | specify that the forwarding server should be bound to the wild- | 643 | specify that the forwarding server should be bound to the |
613 | card address. The argument must be ``yes'' or ``no''. The de- | 644 | wildcard address. The argument must be ``yes'' or ``no''. The |
614 | fault is ``yes''. | 645 | default is ``yes''. |
615 | 646 | ||
616 | XAuthLocation | 647 | XAuthLocation |
617 | Specifies the full pathname of the xauth(1) program. The default | 648 | Specifies the full pathname of the xauth(1) program. The default |
618 | is /usr/X11R6/bin/xauth. | 649 | is /usr/X11R6/bin/xauth. |
619 | 650 | ||
620 | TIME FORMATS | 651 | TIME FORMATS |
621 | sshd(8) command-line arguments and configuration file options that speci- | 652 | sshd(8) command-line arguments and configuration file options that |
622 | fy time may be expressed using a sequence of the form: time[qualifier], | 653 | specify time may be expressed using a sequence of the form: time |
623 | where time is a positive integer value and qualifier is one of the fol- | 654 | [qualifier], where time is a positive integer value and qualifier is one |
624 | lowing: | 655 | of the following: |
625 | 656 | ||
626 | <none> seconds | 657 | <none> seconds |
627 | s | S seconds | 658 | s | S seconds |
@@ -642,8 +673,8 @@ TIME FORMATS | |||
642 | FILES | 673 | FILES |
643 | /etc/ssh/sshd_config | 674 | /etc/ssh/sshd_config |
644 | Contains configuration data for sshd(8). This file should be | 675 | Contains configuration data for sshd(8). This file should be |
645 | writable by root only, but it is recommended (though not neces- | 676 | writable by root only, but it is recommended (though not |
646 | sary) that it be world-readable. | 677 | necessary) that it be world-readable. |
647 | 678 | ||
648 | SEE ALSO | 679 | SEE ALSO |
649 | sshd(8) | 680 | sshd(8) |
@@ -651,9 +682,9 @@ SEE ALSO | |||
651 | AUTHORS | 682 | AUTHORS |
652 | OpenSSH is a derivative of the original and free ssh 1.2.12 release by | 683 | OpenSSH is a derivative of the original and free ssh 1.2.12 release by |
653 | Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo | 684 | Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo |
654 | de Raadt and Dug Song removed many bugs, re-added newer features and cre- | 685 | de Raadt and Dug Song removed many bugs, re-added newer features and |
655 | ated OpenSSH. Markus Friedl contributed the support for SSH protocol | 686 | created OpenSSH. Markus Friedl contributed the support for SSH protocol |
656 | versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support | 687 | versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support |
657 | for privilege separation. | 688 | for privilege separation. |
658 | 689 | ||
659 | OpenBSD 4.7 March 4, 2010 10 | 690 | OpenBSD 4.8 June 30, 2010 OpenBSD 4.8 |
diff --git a/sshd_config.5 b/sshd_config.5 index de447bce5..a5e20d1e8 100644 --- a/sshd_config.5 +++ b/sshd_config.5 | |||
@@ -34,8 +34,8 @@ | |||
34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
36 | .\" | 36 | .\" |
37 | .\" $OpenBSD: sshd_config.5,v 1.120 2010/03/04 23:17:25 djm Exp $ | 37 | .\" $OpenBSD: sshd_config.5,v 1.125 2010/06/30 07:28:34 jmc Exp $ |
38 | .Dd $Mdocdate: March 4 2010 $ | 38 | .Dd $Mdocdate: June 30 2010 $ |
39 | .Dt SSHD_CONFIG 5 | 39 | .Dt SSHD_CONFIG 5 |
40 | .Os | 40 | .Os |
41 | .Sh NAME | 41 | .Sh NAME |
@@ -182,6 +182,10 @@ for more information on patterns. | |||
182 | .It Cm AuthorizedKeysFile | 182 | .It Cm AuthorizedKeysFile |
183 | Specifies the file that contains the public keys that can be used | 183 | Specifies the file that contains the public keys that can be used |
184 | for user authentication. | 184 | for user authentication. |
185 | The format is described in the | ||
186 | .Sx AUTHORIZED_KEYS FILE FORMAT | ||
187 | section of | ||
188 | .Xr sshd 8 . | ||
185 | .Cm AuthorizedKeysFile | 189 | .Cm AuthorizedKeysFile |
186 | may contain tokens of the form %T which are substituted during connection | 190 | may contain tokens of the form %T which are substituted during connection |
187 | setup. | 191 | setup. |
@@ -194,6 +198,47 @@ is taken to be an absolute path or one relative to the user's home | |||
194 | directory. | 198 | directory. |
195 | The default is | 199 | The default is |
196 | .Dq .ssh/authorized_keys . | 200 | .Dq .ssh/authorized_keys . |
201 | .It Cm AuthorizedPrincipalsFile | ||
202 | Specifies a file that lists principal names that are accepted for | ||
203 | certificate authentication. | ||
204 | When using certificates signed by a key listed in | ||
205 | .Cm TrustedUserCAKeys , | ||
206 | this file lists names, one of which must appear in the certificate for it | ||
207 | to be accepted for authentication. | ||
208 | Names are listed one per line preceded by key options (as described | ||
209 | in | ||
210 | .Sx AUTHORIZED_KEYS FILE FORMAT | ||
211 | in | ||
212 | .Xr sshd 8 ) . | ||
213 | Empty lines and comments starting with | ||
214 | .Ql # | ||
215 | are ignored. | ||
216 | .Pp | ||
217 | .Cm AuthorizedPrincipalsFile | ||
218 | may contain tokens of the form %T which are substituted during connection | ||
219 | setup. | ||
220 | The following tokens are defined: %% is replaced by a literal '%', | ||
221 | %h is replaced by the home directory of the user being authenticated, and | ||
222 | %u is replaced by the username of that user. | ||
223 | After expansion, | ||
224 | .Cm AuthorizedPrincipalsFile | ||
225 | is taken to be an absolute path or one relative to the user's home | ||
226 | directory. | ||
227 | .Pp | ||
228 | The default is not to use a principals file \(en in this case, the username | ||
229 | of the user must appear in a certificate's principals list for it to be | ||
230 | accepted. | ||
231 | Note that | ||
232 | .Cm AuthorizedPrincipalsFile | ||
233 | is only used when authentication proceeds using a CA listed in | ||
234 | .Cm TrustedUserCAKeys | ||
235 | and is not consulted for certification authorities trusted via | ||
236 | .Pa ~/.ssh/authorized_keys , | ||
237 | though the | ||
238 | .Cm principals= | ||
239 | key option offers a similar facility (see | ||
240 | .Xr sshd 8 | ||
241 | for details). | ||
197 | .It Cm Banner | 242 | .It Cm Banner |
198 | The contents of the specified file are sent to the remote user before | 243 | The contents of the specified file are sent to the remote user before |
199 | authentication is allowed. | 244 | authentication is allowed. |
@@ -667,12 +712,15 @@ keyword. | |||
667 | Available keywords are | 712 | Available keywords are |
668 | .Cm AllowAgentForwarding , | 713 | .Cm AllowAgentForwarding , |
669 | .Cm AllowTcpForwarding , | 714 | .Cm AllowTcpForwarding , |
715 | .Cm AuthorizedKeysFile , | ||
716 | .Cm AuthorizedPrincipalsFile , | ||
670 | .Cm Banner , | 717 | .Cm Banner , |
671 | .Cm ChrootDirectory , | 718 | .Cm ChrootDirectory , |
672 | .Cm ForceCommand , | 719 | .Cm ForceCommand , |
673 | .Cm GatewayPorts , | 720 | .Cm GatewayPorts , |
674 | .Cm GSSAPIAuthentication , | 721 | .Cm GSSAPIAuthentication , |
675 | .Cm HostbasedAuthentication , | 722 | .Cm HostbasedAuthentication , |
723 | .Cm HostbasedUsesNameFromPacketOnly , | ||
676 | .Cm KbdInteractiveAuthentication , | 724 | .Cm KbdInteractiveAuthentication , |
677 | .Cm KerberosAuthentication , | 725 | .Cm KerberosAuthentication , |
678 | .Cm MaxAuthTries , | 726 | .Cm MaxAuthTries , |
@@ -681,6 +729,7 @@ Available keywords are | |||
681 | .Cm PermitEmptyPasswords , | 729 | .Cm PermitEmptyPasswords , |
682 | .Cm PermitOpen , | 730 | .Cm PermitOpen , |
683 | .Cm PermitRootLogin , | 731 | .Cm PermitRootLogin , |
732 | .Cm PermitTunnel , | ||
684 | .Cm PubkeyAuthentication , | 733 | .Cm PubkeyAuthentication , |
685 | .Cm RhostsRSAAuthentication , | 734 | .Cm RhostsRSAAuthentication , |
686 | .Cm RSAAuthentication , | 735 | .Cm RSAAuthentication , |
@@ -1,6 +1,6 @@ | |||
1 | /* $OpenBSD: version.h,v 1.58 2010/03/16 16:36:49 djm Exp $ */ | 1 | /* $OpenBSD: version.h,v 1.59 2010/08/08 16:26:42 djm Exp $ */ |
2 | 2 | ||
3 | #define SSH_VERSION "OpenSSH_5.5" | 3 | #define SSH_VERSION "OpenSSH_5.6" |
4 | 4 | ||
5 | #define SSH_PORTABLE "p1" | 5 | #define SSH_PORTABLE "p1" |
6 | #define SSH_RELEASE_MINIMUM SSH_VERSION SSH_PORTABLE | 6 | #define SSH_RELEASE_MINIMUM SSH_VERSION SSH_PORTABLE |