summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--debian/changelog4
-rw-r--r--readconf.c9
-rw-r--r--readconf.h1
-rw-r--r--ssh-add.c10
-rw-r--r--ssh.c18
-rw-r--r--ssh_config.517
-rw-r--r--sshconnect2.c4
7 files changed, 60 insertions, 3 deletions
diff --git a/debian/changelog b/debian/changelog
index d3651d9c0..cb05066eb 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,6 +2,10 @@ openssh (1:4.7p1-13) UNRELEASED; urgency=low
2 2
3 * Add some helpful advice to the end of ssh-vulnkey's output if there are 3 * Add some helpful advice to the end of ssh-vulnkey's output if there are
4 unknown or compromised keys (thanks, Dan Jacobson; closes: #483756). 4 unknown or compromised keys (thanks, Dan Jacobson; closes: #483756).
5 * Check compromised key blacklist in ssh or ssh-add, as well as in the
6 server (LP: #232391). To override the blacklist check in ssh
7 temporarily, use 'ssh -o UseBlacklistedKeys=yes'; there is no override
8 for the blacklist check in ssh-add.
5 9
6 -- Colin Watson <cjwatson@debian.org> Fri, 30 May 2008 23:26:25 +0100 10 -- Colin Watson <cjwatson@debian.org> Fri, 30 May 2008 23:26:25 +0100
7 11
diff --git a/readconf.c b/readconf.c
index 0999f28e3..07f5775d5 100644
--- a/readconf.c
+++ b/readconf.c
@@ -125,6 +125,7 @@ typedef enum {
125 oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication, 125 oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication,
126 oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias, 126 oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias,
127 oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication, 127 oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,
128 oUseBlacklistedKeys,
128 oHostKeyAlgorithms, oBindAddress, oSmartcardDevice, 129 oHostKeyAlgorithms, oBindAddress, oSmartcardDevice,
129 oClearAllForwardings, oNoHostAuthenticationForLocalhost, 130 oClearAllForwardings, oNoHostAuthenticationForLocalhost,
130 oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout, 131 oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout,
@@ -155,6 +156,7 @@ static struct {
155 { "passwordauthentication", oPasswordAuthentication }, 156 { "passwordauthentication", oPasswordAuthentication },
156 { "kbdinteractiveauthentication", oKbdInteractiveAuthentication }, 157 { "kbdinteractiveauthentication", oKbdInteractiveAuthentication },
157 { "kbdinteractivedevices", oKbdInteractiveDevices }, 158 { "kbdinteractivedevices", oKbdInteractiveDevices },
159 { "useblacklistedkeys", oUseBlacklistedKeys },
158 { "rsaauthentication", oRSAAuthentication }, 160 { "rsaauthentication", oRSAAuthentication },
159 { "pubkeyauthentication", oPubkeyAuthentication }, 161 { "pubkeyauthentication", oPubkeyAuthentication },
160 { "dsaauthentication", oPubkeyAuthentication }, /* alias */ 162 { "dsaauthentication", oPubkeyAuthentication }, /* alias */
@@ -448,6 +450,10 @@ parse_flag:
448 intptr = &options->challenge_response_authentication; 450 intptr = &options->challenge_response_authentication;
449 goto parse_flag; 451 goto parse_flag;
450 452
453 case oUseBlacklistedKeys:
454 intptr = &options->use_blacklisted_keys;
455 goto parse_flag;
456
451 case oGssAuthentication: 457 case oGssAuthentication:
452 intptr = &options->gss_authentication; 458 intptr = &options->gss_authentication;
453 goto parse_flag; 459 goto parse_flag;
@@ -1061,6 +1067,7 @@ initialize_options(Options * options)
1061 options->kbd_interactive_devices = NULL; 1067 options->kbd_interactive_devices = NULL;
1062 options->rhosts_rsa_authentication = -1; 1068 options->rhosts_rsa_authentication = -1;
1063 options->hostbased_authentication = -1; 1069 options->hostbased_authentication = -1;
1070 options->use_blacklisted_keys = -1;
1064 options->batch_mode = -1; 1071 options->batch_mode = -1;
1065 options->check_host_ip = -1; 1072 options->check_host_ip = -1;
1066 options->strict_host_key_checking = -1; 1073 options->strict_host_key_checking = -1;
@@ -1159,6 +1166,8 @@ fill_default_options(Options * options)
1159 options->rhosts_rsa_authentication = 0; 1166 options->rhosts_rsa_authentication = 0;
1160 if (options->hostbased_authentication == -1) 1167 if (options->hostbased_authentication == -1)
1161 options->hostbased_authentication = 0; 1168 options->hostbased_authentication = 0;
1169 if (options->use_blacklisted_keys == -1)
1170 options->use_blacklisted_keys = 0;
1162 if (options->batch_mode == -1) 1171 if (options->batch_mode == -1)
1163 options->batch_mode = 0; 1172 options->batch_mode = 0;
1164 if (options->check_host_ip == -1) 1173 if (options->check_host_ip == -1)
diff --git a/readconf.h b/readconf.h
index a7d9200b5..eb236fc5c 100644
--- a/readconf.h
+++ b/readconf.h
@@ -51,6 +51,7 @@ typedef struct {
51 * authentication. */ 51 * authentication. */
52 int kbd_interactive_authentication; /* Try keyboard-interactive auth. */ 52 int kbd_interactive_authentication; /* Try keyboard-interactive auth. */
53 char *kbd_interactive_devices; /* Keyboard-interactive auth devices. */ 53 char *kbd_interactive_devices; /* Keyboard-interactive auth devices. */
54 int use_blacklisted_keys; /* If true, send */
54 int batch_mode; /* Batch mode: do not ask for passwords. */ 55 int batch_mode; /* Batch mode: do not ask for passwords. */
55 int check_host_ip; /* Also keep track of keys for IP address */ 56 int check_host_ip; /* Also keep track of keys for IP address */
56 int strict_host_key_checking; /* Strict host key checking. */ 57 int strict_host_key_checking; /* Strict host key checking. */
diff --git a/ssh-add.c b/ssh-add.c
index 4dc46f6db..f3e30a24d 100644
--- a/ssh-add.c
+++ b/ssh-add.c
@@ -138,7 +138,7 @@ static int
138add_file(AuthenticationConnection *ac, const char *filename) 138add_file(AuthenticationConnection *ac, const char *filename)
139{ 139{
140 Key *private; 140 Key *private;
141 char *comment = NULL; 141 char *comment = NULL, *fp;
142 char msg[1024]; 142 char msg[1024];
143 int fd, perms_ok, ret = -1; 143 int fd, perms_ok, ret = -1;
144 144
@@ -183,6 +183,14 @@ add_file(AuthenticationConnection *ac, const char *filename)
183 "Bad passphrase, try again for %.200s: ", comment); 183 "Bad passphrase, try again for %.200s: ", comment);
184 } 184 }
185 } 185 }
186 if (blacklisted_key(private, &fp) == 1) {
187 fprintf(stderr, "Public key %s blacklisted (see "
188 "ssh-vulnkey(1)); refusing to add it\n", fp);
189 xfree(fp);
190 key_free(private);
191 xfree(comment);
192 return -1;
193 }
186 194
187 if (ssh_add_identity_constrained(ac, private, comment, lifetime, 195 if (ssh_add_identity_constrained(ac, private, comment, lifetime,
188 confirm)) { 196 confirm)) {
diff --git a/ssh.c b/ssh.c
index a7f448bb6..0f4756ef2 100644
--- a/ssh.c
+++ b/ssh.c
@@ -1218,7 +1218,7 @@ ssh_session2(void)
1218static void 1218static void
1219load_public_identity_files(void) 1219load_public_identity_files(void)
1220{ 1220{
1221 char *filename, *cp, thishost[NI_MAXHOST]; 1221 char *filename, *cp, thishost[NI_MAXHOST], *fp;
1222 int i = 0; 1222 int i = 0;
1223 Key *public; 1223 Key *public;
1224 struct passwd *pw; 1224 struct passwd *pw;
@@ -1260,6 +1260,22 @@ load_public_identity_files(void)
1260 public = key_load_public(filename, NULL); 1260 public = key_load_public(filename, NULL);
1261 debug("identity file %s type %d", filename, 1261 debug("identity file %s type %d", filename,
1262 public ? public->type : -1); 1262 public ? public->type : -1);
1263 if (blacklisted_key(public, &fp) == 1) {
1264 if (options.use_blacklisted_keys)
1265 logit("Public key %s blacklisted (see "
1266 "ssh-vulnkey(1)); continuing anyway", fp);
1267 else
1268 logit("Public key %s blacklisted (see "
1269 "ssh-vulnkey(1)); refusing to send it",
1270 fp);
1271 xfree(fp);
1272 if (!options.use_blacklisted_keys) {
1273 key_free(public);
1274 xfree(filename);
1275 filename = NULL;
1276 public = NULL;
1277 }
1278 }
1263 xfree(options.identity_files[i]); 1279 xfree(options.identity_files[i]);
1264 options.identity_files[i] = filename; 1280 options.identity_files[i] = filename;
1265 options.identity_keys[i] = public; 1281 options.identity_keys[i] = public;
diff --git a/ssh_config.5 b/ssh_config.5
index b048a54f5..411e9fd34 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -1056,6 +1056,23 @@ is not specified, it defaults to
1056.Dq any . 1056.Dq any .
1057The default is 1057The default is
1058.Dq any:any . 1058.Dq any:any .
1059.It Cm UseBlacklistedKeys
1060Specifies whether
1061.Xr ssh 1
1062should use keys recorded in its blacklist of known-compromised keys (see
1063.Xr ssh-vulnkey 1 )
1064for authentication.
1065If
1066.Dq yes ,
1067then attempts to use compromised keys for authentication will be logged but
1068accepted.
1069It is strongly recommended that this be used only to install new authorized
1070keys on the remote system, and even then only with the utmost care.
1071If
1072.Dq no ,
1073then attempts to use compromised keys for authentication will be prevented.
1074The default is
1075.Dq no .
1059.It Cm UsePrivilegedPort 1076.It Cm UsePrivilegedPort
1060Specifies whether to use a privileged port for outgoing connections. 1077Specifies whether to use a privileged port for outgoing connections.
1061The argument must be 1078The argument must be
diff --git a/sshconnect2.c b/sshconnect2.c
index e11cfaa00..97073e401 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -1156,6 +1156,8 @@ pubkey_prepare(Authctxt *authctxt)
1156 1156
1157 /* list of keys stored in the filesystem */ 1157 /* list of keys stored in the filesystem */
1158 for (i = 0; i < options.num_identity_files; i++) { 1158 for (i = 0; i < options.num_identity_files; i++) {
1159 if (options.identity_files[i] == NULL)
1160 continue;
1159 key = options.identity_keys[i]; 1161 key = options.identity_keys[i];
1160 if (key && key->type == KEY_RSA1) 1162 if (key && key->type == KEY_RSA1)
1161 continue; 1163 continue;
@@ -1246,7 +1248,7 @@ userauth_pubkey(Authctxt *authctxt)
1246 if (id->key && id->key->type != KEY_RSA1) { 1248 if (id->key && id->key->type != KEY_RSA1) {
1247 debug("Offering public key: %s", id->filename); 1249 debug("Offering public key: %s", id->filename);
1248 sent = send_pubkey_test(authctxt, id); 1250 sent = send_pubkey_test(authctxt, id);
1249 } else if (id->key == NULL) { 1251 } else if (id->key == NULL && id->filename) {
1250 debug("Trying private key: %s", id->filename); 1252 debug("Trying private key: %s", id->filename);
1251 id->key = load_identity_file(id->filename); 1253 id->key = load_identity_file(id->filename);
1252 if (id->key != NULL) { 1254 if (id->key != NULL) {