diff options
Diffstat (limited to 'debian/patches/ssh-vulnkey.patch')
-rw-r--r-- | debian/patches/ssh-vulnkey.patch | 90 |
1 files changed, 45 insertions, 45 deletions
diff --git a/debian/patches/ssh-vulnkey.patch b/debian/patches/ssh-vulnkey.patch index 81c225a7f..444aef251 100644 --- a/debian/patches/ssh-vulnkey.patch +++ b/debian/patches/ssh-vulnkey.patch | |||
@@ -32,7 +32,7 @@ Index: b/Makefile.in | |||
32 | 32 | ||
33 | CC=@CC@ | 33 | CC=@CC@ |
34 | LD=@LD@ | 34 | LD=@LD@ |
35 | @@ -62,7 +64,7 @@ | 35 | @@ -63,7 +65,7 @@ |
36 | INSTALL_SSH_PRNG_CMDS=@INSTALL_SSH_PRNG_CMDS@ | 36 | INSTALL_SSH_PRNG_CMDS=@INSTALL_SSH_PRNG_CMDS@ |
37 | INSTALL_SSH_RAND_HELPER=@INSTALL_SSH_RAND_HELPER@ | 37 | INSTALL_SSH_RAND_HELPER=@INSTALL_SSH_RAND_HELPER@ |
38 | 38 | ||
@@ -41,8 +41,8 @@ Index: b/Makefile.in | |||
41 | 41 | ||
42 | LIBSSH_OBJS=acss.o authfd.o authfile.o bufaux.o bufbn.o buffer.o \ | 42 | LIBSSH_OBJS=acss.o authfd.o authfile.o bufaux.o bufbn.o buffer.o \ |
43 | canohost.o channels.o cipher.o cipher-acss.o cipher-aes.o \ | 43 | canohost.o channels.o cipher.o cipher-acss.o cipher-aes.o \ |
44 | @@ -93,8 +95,8 @@ | 44 | @@ -95,8 +97,8 @@ |
45 | audit.o audit-bsm.o platform.o sftp-server.o sftp-common.o \ | 45 | sftp-server.o sftp-common.o \ |
46 | roaming_common.o roaming_serv.o | 46 | roaming_common.o roaming_serv.o |
47 | 47 | ||
48 | -MANPAGES = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-rand-helper.8.out ssh-keysign.8.out ssh-pkcs11-helper.8.out sshd_config.5.out ssh_config.5.out | 48 | -MANPAGES = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-rand-helper.8.out ssh-keysign.8.out ssh-pkcs11-helper.8.out sshd_config.5.out ssh_config.5.out |
@@ -52,7 +52,7 @@ Index: b/Makefile.in | |||
52 | MANTYPE = @MANTYPE@ | 52 | MANTYPE = @MANTYPE@ |
53 | 53 | ||
54 | CONFIGFILES=sshd_config.out ssh_config.out moduli.out | 54 | CONFIGFILES=sshd_config.out ssh_config.out moduli.out |
55 | @@ -174,6 +176,9 @@ | 55 | @@ -177,6 +179,9 @@ |
56 | ssh-rand-helper${EXEEXT}: $(LIBCOMPAT) libssh.a ssh-rand-helper.o | 56 | ssh-rand-helper${EXEEXT}: $(LIBCOMPAT) libssh.a ssh-rand-helper.o |
57 | $(LD) -o $@ ssh-rand-helper.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) | 57 | $(LD) -o $@ ssh-rand-helper.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) |
58 | 58 | ||
@@ -62,7 +62,7 @@ Index: b/Makefile.in | |||
62 | # test driver for the loginrec code - not built by default | 62 | # test driver for the loginrec code - not built by default |
63 | logintest: logintest.o $(LIBCOMPAT) libssh.a loginrec.o | 63 | logintest: logintest.o $(LIBCOMPAT) libssh.a loginrec.o |
64 | $(LD) -o $@ logintest.o $(LDFLAGS) loginrec.o -lopenbsd-compat -lssh $(LIBS) | 64 | $(LD) -o $@ logintest.o $(LDFLAGS) loginrec.o -lopenbsd-compat -lssh $(LIBS) |
65 | @@ -268,6 +273,7 @@ | 65 | @@ -271,6 +276,7 @@ |
66 | $(INSTALL) -m 0755 $(STRIP_OPT) ssh-pkcs11-helper$(EXEEXT) $(DESTDIR)$(SSH_PKCS11_HELPER)$(EXEEXT) | 66 | $(INSTALL) -m 0755 $(STRIP_OPT) ssh-pkcs11-helper$(EXEEXT) $(DESTDIR)$(SSH_PKCS11_HELPER)$(EXEEXT) |
67 | $(INSTALL) -m 0755 $(STRIP_OPT) sftp$(EXEEXT) $(DESTDIR)$(bindir)/sftp$(EXEEXT) | 67 | $(INSTALL) -m 0755 $(STRIP_OPT) sftp$(EXEEXT) $(DESTDIR)$(bindir)/sftp$(EXEEXT) |
68 | $(INSTALL) -m 0755 $(STRIP_OPT) sftp-server$(EXEEXT) $(DESTDIR)$(SFTP_SERVER)$(EXEEXT) | 68 | $(INSTALL) -m 0755 $(STRIP_OPT) sftp-server$(EXEEXT) $(DESTDIR)$(SFTP_SERVER)$(EXEEXT) |
@@ -70,7 +70,7 @@ Index: b/Makefile.in | |||
70 | $(INSTALL) -m 644 ssh.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1 | 70 | $(INSTALL) -m 644 ssh.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1 |
71 | $(INSTALL) -m 644 scp.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/scp.1 | 71 | $(INSTALL) -m 644 scp.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/scp.1 |
72 | $(INSTALL) -m 644 ssh-add.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-add.1 | 72 | $(INSTALL) -m 644 ssh-add.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-add.1 |
73 | @@ -285,6 +291,7 @@ | 73 | @@ -288,6 +294,7 @@ |
74 | $(INSTALL) -m 644 sftp-server.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8 | 74 | $(INSTALL) -m 644 sftp-server.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8 |
75 | $(INSTALL) -m 644 ssh-keysign.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8 | 75 | $(INSTALL) -m 644 ssh-keysign.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8 |
76 | $(INSTALL) -m 644 ssh-pkcs11-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8 | 76 | $(INSTALL) -m 644 ssh-pkcs11-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8 |
@@ -78,7 +78,7 @@ Index: b/Makefile.in | |||
78 | -rm -f $(DESTDIR)$(bindir)/slogin | 78 | -rm -f $(DESTDIR)$(bindir)/slogin |
79 | ln -s ./ssh$(EXEEXT) $(DESTDIR)$(bindir)/slogin | 79 | ln -s ./ssh$(EXEEXT) $(DESTDIR)$(bindir)/slogin |
80 | -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1 | 80 | -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1 |
81 | @@ -366,6 +373,7 @@ | 81 | @@ -377,6 +384,7 @@ |
82 | -rm -f $(DESTDIR)$(bindir)/ssh-agent$(EXEEXT) | 82 | -rm -f $(DESTDIR)$(bindir)/ssh-agent$(EXEEXT) |
83 | -rm -f $(DESTDIR)$(bindir)/ssh-keygen$(EXEEXT) | 83 | -rm -f $(DESTDIR)$(bindir)/ssh-keygen$(EXEEXT) |
84 | -rm -f $(DESTDIR)$(bindir)/ssh-keyscan$(EXEEXT) | 84 | -rm -f $(DESTDIR)$(bindir)/ssh-keyscan$(EXEEXT) |
@@ -86,7 +86,7 @@ Index: b/Makefile.in | |||
86 | -rm -f $(DESTDIR)$(bindir)/sftp$(EXEEXT) | 86 | -rm -f $(DESTDIR)$(bindir)/sftp$(EXEEXT) |
87 | -rm -f $(DESTDIR)$(sbindir)/sshd$(EXEEXT) | 87 | -rm -f $(DESTDIR)$(sbindir)/sshd$(EXEEXT) |
88 | -rm -r $(DESTDIR)$(SFTP_SERVER)$(EXEEXT) | 88 | -rm -r $(DESTDIR)$(SFTP_SERVER)$(EXEEXT) |
89 | @@ -379,6 +387,7 @@ | 89 | @@ -390,6 +398,7 @@ |
90 | -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keygen.1 | 90 | -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keygen.1 |
91 | -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/sftp.1 | 91 | -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/sftp.1 |
92 | -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keyscan.1 | 92 | -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keyscan.1 |
@@ -111,15 +111,15 @@ Index: b/auth-rsa.c | |||
111 | =================================================================== | 111 | =================================================================== |
112 | --- a/auth-rsa.c | 112 | --- a/auth-rsa.c |
113 | +++ b/auth-rsa.c | 113 | +++ b/auth-rsa.c |
114 | @@ -94,7 +94,7 @@ | 114 | @@ -247,7 +247,7 @@ |
115 | MD5_CTX md; | 115 | file, linenum, BN_num_bits(key->rsa->n), bits); |
116 | int len; | ||
117 | 116 | ||
118 | - if (auth_key_is_revoked(key)) | 117 | /* Never accept a revoked key */ |
119 | + if (auth_key_is_revoked(key, 0)) | 118 | - if (auth_key_is_revoked(key)) |
120 | return 0; | 119 | + if (auth_key_is_revoked(key, 0)) |
120 | break; | ||
121 | 121 | ||
122 | /* don't allow short keys */ | 122 | /* We have found the desired key. */ |
123 | Index: b/auth.c | 123 | Index: b/auth.c |
124 | =================================================================== | 124 | =================================================================== |
125 | --- a/auth.c | 125 | --- a/auth.c |
@@ -132,7 +132,7 @@ Index: b/auth.c | |||
132 | #include "auth.h" | 132 | #include "auth.h" |
133 | #include "auth-options.h" | 133 | #include "auth-options.h" |
134 | #include "canohost.h" | 134 | #include "canohost.h" |
135 | @@ -615,10 +616,34 @@ | 135 | @@ -621,10 +622,34 @@ |
136 | 136 | ||
137 | /* Returns 1 if key is revoked by revoked_keys_file, 0 otherwise */ | 137 | /* Returns 1 if key is revoked by revoked_keys_file, 0 otherwise */ |
138 | int | 138 | int |
@@ -223,7 +223,7 @@ Index: b/authfile.c | |||
223 | 223 | ||
224 | /* Version identification string for SSH v1 identity files. */ | 224 | /* Version identification string for SSH v1 identity files. */ |
225 | static const char authfile_id_string[] = | 225 | static const char authfile_id_string[] = |
226 | @@ -814,3 +815,140 @@ | 226 | @@ -906,3 +907,140 @@ |
227 | return ret; | 227 | return ret; |
228 | } | 228 | } |
229 | 229 | ||
@@ -390,7 +390,7 @@ Index: b/pathnames.h | |||
390 | #ifndef _PATH_SSH_PIDDIR | 390 | #ifndef _PATH_SSH_PIDDIR |
391 | #define _PATH_SSH_PIDDIR "/var/run" | 391 | #define _PATH_SSH_PIDDIR "/var/run" |
392 | #endif | 392 | #endif |
393 | @@ -43,6 +47,9 @@ | 393 | @@ -44,6 +48,9 @@ |
394 | /* Backwards compatibility */ | 394 | /* Backwards compatibility */ |
395 | #define _PATH_DH_PRIMES SSHDIR "/primes" | 395 | #define _PATH_DH_PRIMES SSHDIR "/primes" |
396 | 396 | ||
@@ -404,7 +404,7 @@ Index: b/readconf.c | |||
404 | =================================================================== | 404 | =================================================================== |
405 | --- a/readconf.c | 405 | --- a/readconf.c |
406 | +++ b/readconf.c | 406 | +++ b/readconf.c |
407 | @@ -123,6 +123,7 @@ | 407 | @@ -125,6 +125,7 @@ |
408 | oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication, | 408 | oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication, |
409 | oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias, | 409 | oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias, |
410 | oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication, | 410 | oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication, |
@@ -412,7 +412,7 @@ Index: b/readconf.c | |||
412 | oHostKeyAlgorithms, oBindAddress, oPKCS11Provider, | 412 | oHostKeyAlgorithms, oBindAddress, oPKCS11Provider, |
413 | oClearAllForwardings, oNoHostAuthenticationForLocalhost, | 413 | oClearAllForwardings, oNoHostAuthenticationForLocalhost, |
414 | oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout, | 414 | oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout, |
415 | @@ -154,6 +155,7 @@ | 415 | @@ -158,6 +159,7 @@ |
416 | { "passwordauthentication", oPasswordAuthentication }, | 416 | { "passwordauthentication", oPasswordAuthentication }, |
417 | { "kbdinteractiveauthentication", oKbdInteractiveAuthentication }, | 417 | { "kbdinteractiveauthentication", oKbdInteractiveAuthentication }, |
418 | { "kbdinteractivedevices", oKbdInteractiveDevices }, | 418 | { "kbdinteractivedevices", oKbdInteractiveDevices }, |
@@ -420,7 +420,7 @@ Index: b/readconf.c | |||
420 | { "rsaauthentication", oRSAAuthentication }, | 420 | { "rsaauthentication", oRSAAuthentication }, |
421 | { "pubkeyauthentication", oPubkeyAuthentication }, | 421 | { "pubkeyauthentication", oPubkeyAuthentication }, |
422 | { "dsaauthentication", oPubkeyAuthentication }, /* alias */ | 422 | { "dsaauthentication", oPubkeyAuthentication }, /* alias */ |
423 | @@ -479,6 +481,10 @@ | 423 | @@ -486,6 +488,10 @@ |
424 | intptr = &options->challenge_response_authentication; | 424 | intptr = &options->challenge_response_authentication; |
425 | goto parse_flag; | 425 | goto parse_flag; |
426 | 426 | ||
@@ -431,7 +431,7 @@ Index: b/readconf.c | |||
431 | case oGssAuthentication: | 431 | case oGssAuthentication: |
432 | intptr = &options->gss_authentication; | 432 | intptr = &options->gss_authentication; |
433 | goto parse_flag; | 433 | goto parse_flag; |
434 | @@ -1093,6 +1099,7 @@ | 434 | @@ -1134,6 +1140,7 @@ |
435 | options->kbd_interactive_devices = NULL; | 435 | options->kbd_interactive_devices = NULL; |
436 | options->rhosts_rsa_authentication = -1; | 436 | options->rhosts_rsa_authentication = -1; |
437 | options->hostbased_authentication = -1; | 437 | options->hostbased_authentication = -1; |
@@ -439,7 +439,7 @@ Index: b/readconf.c | |||
439 | options->batch_mode = -1; | 439 | options->batch_mode = -1; |
440 | options->check_host_ip = -1; | 440 | options->check_host_ip = -1; |
441 | options->strict_host_key_checking = -1; | 441 | options->strict_host_key_checking = -1; |
442 | @@ -1201,6 +1208,8 @@ | 442 | @@ -1245,6 +1252,8 @@ |
443 | options->rhosts_rsa_authentication = 0; | 443 | options->rhosts_rsa_authentication = 0; |
444 | if (options->hostbased_authentication == -1) | 444 | if (options->hostbased_authentication == -1) |
445 | options->hostbased_authentication = 0; | 445 | options->hostbased_authentication = 0; |
@@ -452,7 +452,7 @@ Index: b/readconf.h | |||
452 | =================================================================== | 452 | =================================================================== |
453 | --- a/readconf.h | 453 | --- a/readconf.h |
454 | +++ b/readconf.h | 454 | +++ b/readconf.h |
455 | @@ -56,6 +56,7 @@ | 455 | @@ -57,6 +57,7 @@ |
456 | int kbd_interactive_authentication; /* Try keyboard-interactive auth. */ | 456 | int kbd_interactive_authentication; /* Try keyboard-interactive auth. */ |
457 | char *kbd_interactive_devices; /* Keyboard-interactive auth devices. */ | 457 | char *kbd_interactive_devices; /* Keyboard-interactive auth devices. */ |
458 | int zero_knowledge_password_authentication; /* Try jpake */ | 458 | int zero_knowledge_password_authentication; /* Try jpake */ |
@@ -464,7 +464,7 @@ Index: b/servconf.c | |||
464 | =================================================================== | 464 | =================================================================== |
465 | --- a/servconf.c | 465 | --- a/servconf.c |
466 | +++ b/servconf.c | 466 | +++ b/servconf.c |
467 | @@ -100,6 +100,7 @@ | 467 | @@ -104,6 +104,7 @@ |
468 | options->password_authentication = -1; | 468 | options->password_authentication = -1; |
469 | options->kbd_interactive_authentication = -1; | 469 | options->kbd_interactive_authentication = -1; |
470 | options->challenge_response_authentication = -1; | 470 | options->challenge_response_authentication = -1; |
@@ -472,7 +472,7 @@ Index: b/servconf.c | |||
472 | options->permit_empty_passwd = -1; | 472 | options->permit_empty_passwd = -1; |
473 | options->permit_user_env = -1; | 473 | options->permit_user_env = -1; |
474 | options->use_login = -1; | 474 | options->use_login = -1; |
475 | @@ -232,6 +233,8 @@ | 475 | @@ -243,6 +244,8 @@ |
476 | options->kbd_interactive_authentication = 0; | 476 | options->kbd_interactive_authentication = 0; |
477 | if (options->challenge_response_authentication == -1) | 477 | if (options->challenge_response_authentication == -1) |
478 | options->challenge_response_authentication = 1; | 478 | options->challenge_response_authentication = 1; |
@@ -481,7 +481,7 @@ Index: b/servconf.c | |||
481 | if (options->permit_empty_passwd == -1) | 481 | if (options->permit_empty_passwd == -1) |
482 | options->permit_empty_passwd = 0; | 482 | options->permit_empty_passwd = 0; |
483 | if (options->permit_user_env == -1) | 483 | if (options->permit_user_env == -1) |
484 | @@ -307,7 +310,7 @@ | 484 | @@ -322,7 +325,7 @@ |
485 | sListenAddress, sAddressFamily, | 485 | sListenAddress, sAddressFamily, |
486 | sPrintMotd, sPrintLastLog, sIgnoreRhosts, | 486 | sPrintMotd, sPrintLastLog, sIgnoreRhosts, |
487 | sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost, | 487 | sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost, |
@@ -490,7 +490,7 @@ Index: b/servconf.c | |||
490 | sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression, | 490 | sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression, |
491 | sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, | 491 | sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, |
492 | sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile, | 492 | sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile, |
493 | @@ -416,6 +419,7 @@ | 493 | @@ -432,6 +435,7 @@ |
494 | { "x11uselocalhost", sX11UseLocalhost, SSHCFG_ALL }, | 494 | { "x11uselocalhost", sX11UseLocalhost, SSHCFG_ALL }, |
495 | { "xauthlocation", sXAuthLocation, SSHCFG_GLOBAL }, | 495 | { "xauthlocation", sXAuthLocation, SSHCFG_GLOBAL }, |
496 | { "strictmodes", sStrictModes, SSHCFG_GLOBAL }, | 496 | { "strictmodes", sStrictModes, SSHCFG_GLOBAL }, |
@@ -498,7 +498,7 @@ Index: b/servconf.c | |||
498 | { "permitemptypasswords", sEmptyPasswd, SSHCFG_ALL }, | 498 | { "permitemptypasswords", sEmptyPasswd, SSHCFG_ALL }, |
499 | { "permituserenvironment", sPermitUserEnvironment, SSHCFG_GLOBAL }, | 499 | { "permituserenvironment", sPermitUserEnvironment, SSHCFG_GLOBAL }, |
500 | { "uselogin", sUseLogin, SSHCFG_GLOBAL }, | 500 | { "uselogin", sUseLogin, SSHCFG_GLOBAL }, |
501 | @@ -1011,6 +1015,10 @@ | 501 | @@ -1029,6 +1033,10 @@ |
502 | intptr = &options->tcp_keep_alive; | 502 | intptr = &options->tcp_keep_alive; |
503 | goto parse_flag; | 503 | goto parse_flag; |
504 | 504 | ||
@@ -509,7 +509,7 @@ Index: b/servconf.c | |||
509 | case sEmptyPasswd: | 509 | case sEmptyPasswd: |
510 | intptr = &options->permit_empty_passwd; | 510 | intptr = &options->permit_empty_passwd; |
511 | goto parse_flag; | 511 | goto parse_flag; |
512 | @@ -1708,6 +1716,7 @@ | 512 | @@ -1757,6 +1765,7 @@ |
513 | dump_cfg_fmtint(sX11UseLocalhost, o->x11_use_localhost); | 513 | dump_cfg_fmtint(sX11UseLocalhost, o->x11_use_localhost); |
514 | dump_cfg_fmtint(sStrictModes, o->strict_modes); | 514 | dump_cfg_fmtint(sStrictModes, o->strict_modes); |
515 | dump_cfg_fmtint(sTCPKeepAlive, o->tcp_keep_alive); | 515 | dump_cfg_fmtint(sTCPKeepAlive, o->tcp_keep_alive); |
@@ -521,7 +521,7 @@ Index: b/servconf.h | |||
521 | =================================================================== | 521 | =================================================================== |
522 | --- a/servconf.h | 522 | --- a/servconf.h |
523 | +++ b/servconf.h | 523 | +++ b/servconf.h |
524 | @@ -104,6 +104,7 @@ | 524 | @@ -107,6 +107,7 @@ |
525 | int challenge_response_authentication; | 525 | int challenge_response_authentication; |
526 | int zero_knowledge_password_authentication; | 526 | int zero_knowledge_password_authentication; |
527 | /* If true, permit jpake auth */ | 527 | /* If true, permit jpake auth */ |
@@ -533,7 +533,7 @@ Index: b/ssh-add.1 | |||
533 | =================================================================== | 533 | =================================================================== |
534 | --- a/ssh-add.1 | 534 | --- a/ssh-add.1 |
535 | +++ b/ssh-add.1 | 535 | +++ b/ssh-add.1 |
536 | @@ -82,6 +82,10 @@ | 536 | @@ -81,6 +81,10 @@ |
537 | .Nm | 537 | .Nm |
538 | to work. | 538 | to work. |
539 | .Pp | 539 | .Pp |
@@ -544,7 +544,7 @@ Index: b/ssh-add.1 | |||
544 | The options are as follows: | 544 | The options are as follows: |
545 | .Bl -tag -width Ds | 545 | .Bl -tag -width Ds |
546 | .It Fl c | 546 | .It Fl c |
547 | @@ -182,6 +186,7 @@ | 547 | @@ -183,6 +187,7 @@ |
548 | .Xr ssh 1 , | 548 | .Xr ssh 1 , |
549 | .Xr ssh-agent 1 , | 549 | .Xr ssh-agent 1 , |
550 | .Xr ssh-keygen 1 , | 550 | .Xr ssh-keygen 1 , |
@@ -556,7 +556,7 @@ Index: b/ssh-add.c | |||
556 | =================================================================== | 556 | =================================================================== |
557 | --- a/ssh-add.c | 557 | --- a/ssh-add.c |
558 | +++ b/ssh-add.c | 558 | +++ b/ssh-add.c |
559 | @@ -139,7 +139,7 @@ | 559 | @@ -142,7 +142,7 @@ |
560 | add_file(AuthenticationConnection *ac, const char *filename) | 560 | add_file(AuthenticationConnection *ac, const char *filename) |
561 | { | 561 | { |
562 | Key *private, *cert; | 562 | Key *private, *cert; |
@@ -565,7 +565,7 @@ Index: b/ssh-add.c | |||
565 | char msg[1024], *certpath; | 565 | char msg[1024], *certpath; |
566 | int fd, perms_ok, ret = -1; | 566 | int fd, perms_ok, ret = -1; |
567 | 567 | ||
568 | @@ -184,6 +184,14 @@ | 568 | @@ -187,6 +187,14 @@ |
569 | "Bad passphrase, try again for %.200s: ", comment); | 569 | "Bad passphrase, try again for %.200s: ", comment); |
570 | } | 570 | } |
571 | } | 571 | } |
@@ -584,7 +584,7 @@ Index: b/ssh-keygen.1 | |||
584 | =================================================================== | 584 | =================================================================== |
585 | --- a/ssh-keygen.1 | 585 | --- a/ssh-keygen.1 |
586 | +++ b/ssh-keygen.1 | 586 | +++ b/ssh-keygen.1 |
587 | @@ -669,6 +669,7 @@ | 587 | @@ -659,6 +659,7 @@ |
588 | .Xr ssh 1 , | 588 | .Xr ssh 1 , |
589 | .Xr ssh-add 1 , | 589 | .Xr ssh-add 1 , |
590 | .Xr ssh-agent 1 , | 590 | .Xr ssh-agent 1 , |
@@ -1236,7 +1236,7 @@ Index: b/ssh.1 | |||
1236 | =================================================================== | 1236 | =================================================================== |
1237 | --- a/ssh.1 | 1237 | --- a/ssh.1 |
1238 | +++ b/ssh.1 | 1238 | +++ b/ssh.1 |
1239 | @@ -1392,6 +1392,7 @@ | 1239 | @@ -1402,6 +1402,7 @@ |
1240 | .Xr ssh-agent 1 , | 1240 | .Xr ssh-agent 1 , |
1241 | .Xr ssh-keygen 1 , | 1241 | .Xr ssh-keygen 1 , |
1242 | .Xr ssh-keyscan 1 , | 1242 | .Xr ssh-keyscan 1 , |
@@ -1248,7 +1248,7 @@ Index: b/ssh.c | |||
1248 | =================================================================== | 1248 | =================================================================== |
1249 | --- a/ssh.c | 1249 | --- a/ssh.c |
1250 | +++ b/ssh.c | 1250 | +++ b/ssh.c |
1251 | @@ -1422,7 +1422,7 @@ | 1251 | @@ -1448,7 +1448,7 @@ |
1252 | static void | 1252 | static void |
1253 | load_public_identity_files(void) | 1253 | load_public_identity_files(void) |
1254 | { | 1254 | { |
@@ -1257,7 +1257,7 @@ Index: b/ssh.c | |||
1257 | char *pwdir = NULL, *pwname = NULL; | 1257 | char *pwdir = NULL, *pwname = NULL; |
1258 | int i = 0; | 1258 | int i = 0; |
1259 | Key *public; | 1259 | Key *public; |
1260 | @@ -1479,6 +1479,22 @@ | 1260 | @@ -1505,6 +1505,22 @@ |
1261 | public = key_load_public(filename, NULL); | 1261 | public = key_load_public(filename, NULL); |
1262 | debug("identity file %s type %d", filename, | 1262 | debug("identity file %s type %d", filename, |
1263 | public ? public->type : -1); | 1263 | public ? public->type : -1); |
@@ -1284,7 +1284,7 @@ Index: b/ssh_config.5 | |||
1284 | =================================================================== | 1284 | =================================================================== |
1285 | --- a/ssh_config.5 | 1285 | --- a/ssh_config.5 |
1286 | +++ b/ssh_config.5 | 1286 | +++ b/ssh_config.5 |
1287 | @@ -1082,6 +1082,23 @@ | 1287 | @@ -1146,6 +1146,23 @@ |
1288 | .Dq any . | 1288 | .Dq any . |
1289 | The default is | 1289 | The default is |
1290 | .Dq any:any . | 1290 | .Dq any:any . |
@@ -1312,7 +1312,7 @@ Index: b/sshconnect2.c | |||
1312 | =================================================================== | 1312 | =================================================================== |
1313 | --- a/sshconnect2.c | 1313 | --- a/sshconnect2.c |
1314 | +++ b/sshconnect2.c | 1314 | +++ b/sshconnect2.c |
1315 | @@ -1421,6 +1421,8 @@ | 1315 | @@ -1488,6 +1488,8 @@ |
1316 | 1316 | ||
1317 | /* list of keys stored in the filesystem */ | 1317 | /* list of keys stored in the filesystem */ |
1318 | for (i = 0; i < options.num_identity_files; i++) { | 1318 | for (i = 0; i < options.num_identity_files; i++) { |
@@ -1321,7 +1321,7 @@ Index: b/sshconnect2.c | |||
1321 | key = options.identity_keys[i]; | 1321 | key = options.identity_keys[i]; |
1322 | if (key && key->type == KEY_RSA1) | 1322 | if (key && key->type == KEY_RSA1) |
1323 | continue; | 1323 | continue; |
1324 | @@ -1514,7 +1516,7 @@ | 1324 | @@ -1581,7 +1583,7 @@ |
1325 | debug("Offering %s public key: %s", key_type(id->key), | 1325 | debug("Offering %s public key: %s", key_type(id->key), |
1326 | id->filename); | 1326 | id->filename); |
1327 | sent = send_pubkey_test(authctxt, id); | 1327 | sent = send_pubkey_test(authctxt, id); |
@@ -1334,7 +1334,7 @@ Index: b/sshd.8 | |||
1334 | =================================================================== | 1334 | =================================================================== |
1335 | --- a/sshd.8 | 1335 | --- a/sshd.8 |
1336 | +++ b/sshd.8 | 1336 | +++ b/sshd.8 |
1337 | @@ -938,6 +938,7 @@ | 1337 | @@ -945,6 +945,7 @@ |
1338 | .Xr ssh-agent 1 , | 1338 | .Xr ssh-agent 1 , |
1339 | .Xr ssh-keygen 1 , | 1339 | .Xr ssh-keygen 1 , |
1340 | .Xr ssh-keyscan 1 , | 1340 | .Xr ssh-keyscan 1 , |
@@ -1346,7 +1346,7 @@ Index: b/sshd.c | |||
1346 | =================================================================== | 1346 | =================================================================== |
1347 | --- a/sshd.c | 1347 | --- a/sshd.c |
1348 | +++ b/sshd.c | 1348 | +++ b/sshd.c |
1349 | @@ -1573,6 +1573,11 @@ | 1349 | @@ -1576,6 +1576,11 @@ |
1350 | sensitive_data.host_keys[i] = NULL; | 1350 | sensitive_data.host_keys[i] = NULL; |
1351 | continue; | 1351 | continue; |
1352 | } | 1352 | } |
@@ -1362,7 +1362,7 @@ Index: b/sshd_config.5 | |||
1362 | =================================================================== | 1362 | =================================================================== |
1363 | --- a/sshd_config.5 | 1363 | --- a/sshd_config.5 |
1364 | +++ b/sshd_config.5 | 1364 | +++ b/sshd_config.5 |
1365 | @@ -743,6 +743,20 @@ | 1365 | @@ -792,6 +792,20 @@ |
1366 | Specifies whether password authentication is allowed. | 1366 | Specifies whether password authentication is allowed. |
1367 | The default is | 1367 | The default is |
1368 | .Dq yes . | 1368 | .Dq yes . |