From 322650927bec37d850a3ab72f82bda1cd49b09e4 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 12 Nov 1999 11:33:04 +1100 Subject: - Merged changes from OpenBSD CVS - [sshd.c] session_key_int may be zero - [auth-rh-rsa.c servconf.c servconf.h ssh.h sshd.8 sshd.c sshd_config] IgnoreUserKnownHosts(default=no), used for RhostRSAAuth, ok deraadt,millert - Brought default sshd_config more in line with OpenBSDs --- ChangeLog | 4 ++++ auth-rh-rsa.c | 19 ++++++++++--------- servconf.c | 16 ++++++++++++---- servconf.h | 3 ++- ssh.h | 9 ++++----- sshd.8 | 11 ++++++++++- sshd.c | 7 ++----- sshd_config | 14 ++++++++++++-- 8 files changed, 56 insertions(+), 27 deletions(-) diff --git a/ChangeLog b/ChangeLog index 2d702dca4..a1e2cac87 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,10 @@ 19991112 - Merged changes from OpenBSD CVS - [sshd.c] session_key_int may be zero + - [auth-rh-rsa.c servconf.c servconf.h ssh.h sshd.8 sshd.c sshd_config] + IgnoreUserKnownHosts(default=no), used for RhostRSAAuth, ok + deraadt,millert + - Brought default sshd_config more in line with OpenBSD's 19991111 - Added (untested) Entropy Gathering Daemon (EGD) support diff --git a/auth-rh-rsa.c b/auth-rh-rsa.c index ee6af218c..b6f1d6c73 100644 --- a/auth-rh-rsa.c +++ b/auth-rh-rsa.c @@ -15,22 +15,22 @@ authentication. */ #include "includes.h" -RCSID("$Id: auth-rh-rsa.c,v 1.2 1999/11/11 00:43:13 damien Exp $"); +RCSID("$Id: auth-rh-rsa.c,v 1.3 1999/11/12 00:33:04 damien Exp $"); #include "packet.h" #include "ssh.h" #include "xmalloc.h" #include "uidswap.h" +#include "servconf.h" /* Tries to authenticate the user using the .rhosts file and the host using - its host key. Returns true if authentication succeeds. - .rhosts and .shosts will be ignored if ignore_rhosts is non-zero. */ + its host key. Returns true if authentication succeeds. */ int auth_rhosts_rsa(struct passwd *pw, const char *client_user, unsigned int client_host_key_bits, - BIGNUM *client_host_key_e, BIGNUM *client_host_key_n, - int ignore_rhosts, int strict_modes) + BIGNUM *client_host_key_e, BIGNUM *client_host_key_n) { + extern ServerOptions options; const char *canonical_hostname; HostStatus host_status; BIGNUM *ke, *kn; @@ -38,7 +38,7 @@ int auth_rhosts_rsa(struct passwd *pw, const char *client_user, debug("Trying rhosts with RSA host authentication for %.100s", client_user); /* Check if we would accept it using rhosts authentication. */ - if (!auth_rhosts(pw, client_user, ignore_rhosts, strict_modes)) + if (!auth_rhosts(pw, client_user, options.ignore_rhosts, options.strict_modes)) return 0; canonical_hostname = get_canonical_hostname(); @@ -53,13 +53,14 @@ int auth_rhosts_rsa(struct passwd *pw, const char *client_user, host_status = check_host_in_hostfile(SSH_SYSTEM_HOSTFILE, canonical_hostname, client_host_key_bits, client_host_key_e, client_host_key_n, ke, kn); - /* Check user host file. */ - if (host_status != HOST_OK) { + + /* Check user host file unless ignored. */ + if (host_status != HOST_OK && !options.ignore_user_known_hosts) { struct stat st; char *user_hostfile = tilde_expand_filename(SSH_USER_HOSTFILE, pw->pw_uid); /* Check file permissions of SSH_USER_HOSTFILE, auth_rsa() did already check pw->pw_dir, but there is a race XXX */ - if (strict_modes && + if (options.strict_modes && (stat(user_hostfile, &st) == 0) && ((st.st_uid != 0 && st.st_uid != pw->pw_uid) || (st.st_mode & 022) != 0)) { diff --git a/servconf.c b/servconf.c index d7f54a62f..b1e52638c 100644 --- a/servconf.c +++ b/servconf.c @@ -12,7 +12,7 @@ Created: Mon Aug 21 15:48:58 1995 ylo */ #include "includes.h" -RCSID("$Id: servconf.c,v 1.2 1999/11/11 06:57:39 damien Exp $"); +RCSID("$Id: servconf.c,v 1.3 1999/11/12 00:33:04 damien Exp $"); #include "ssh.h" #include "servconf.h" @@ -31,6 +31,7 @@ void initialize_server_options(ServerOptions *options) options->key_regeneration_time = -1; options->permit_root_login = -1; options->ignore_rhosts = -1; + options->ignore_user_known_hosts = -1; options->print_motd = -1; options->check_mail = -1; options->x11_forwarding = -1; @@ -88,6 +89,8 @@ void fill_default_server_options(ServerOptions *options) options->permit_root_login = 1; /* yes */ if (options->ignore_rhosts == -1) options->ignore_rhosts = 0; + if (options->ignore_user_known_hosts == -1) + options->ignore_user_known_hosts = 0; if (options->check_mail == -1) options->check_mail = 0; if (options->print_motd == -1) @@ -156,8 +159,8 @@ typedef enum sPasswordAuthentication, sListenAddress, sPrintMotd, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset, sStrictModes, sEmptyPasswd, sRandomSeedFile, sKeepAlives, sCheckMail, - sUseLogin, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups - + sUseLogin, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, + sIgnoreUserKnownHosts } ServerOpCodes; /* Textual representation of the tokens. */ @@ -195,6 +198,7 @@ static struct { "listenaddress", sListenAddress }, { "printmotd", sPrintMotd }, { "ignorerhosts", sIgnoreRhosts }, + { "ignoreuserknownhosts", sIgnoreUserKnownHosts }, { "x11forwarding", sX11Forwarding }, { "x11displayoffset", sX11DisplayOffset }, { "strictmodes", sStrictModes }, @@ -402,7 +406,11 @@ void read_server_config(ServerOptions *options, const char *filename) if (*intptr == -1) *intptr = value; break; - + + case sIgnoreUserKnownHosts: + intptr = &options->ignore_user_known_hosts; + goto parse_int; + case sRhostsAuthentication: intptr = &options->rhosts_authentication; goto parse_flag; diff --git a/servconf.h b/servconf.h index 584935bad..e16f3d044 100644 --- a/servconf.h +++ b/servconf.h @@ -13,7 +13,7 @@ Definitions for server configuration data and for the functions reading it. */ -/* RCSID("$Id: servconf.h,v 1.2 1999/11/11 06:57:40 damien Exp $"); */ +/* RCSID("$Id: servconf.h,v 1.3 1999/11/12 00:33:04 damien Exp $"); */ #ifndef SERVCONF_H #define SERVCONF_H @@ -33,6 +33,7 @@ typedef struct int key_regeneration_time; /* Server key lifetime (seconds). */ int permit_root_login; /* If true, permit root login. */ int ignore_rhosts; /* Ignore .rhosts and .shosts. */ + int ignore_user_known_hosts; /* Ignore ~/.ssh/known_hosts for RhostsRsaAuth */ int print_motd; /* If true, print /etc/motd. */ int check_mail; /* If true, check for new mail. */ int x11_forwarding; /* If true, permit inet (spoofing) X11 fwd. */ diff --git a/ssh.h b/ssh.h index da818b225..f33621320 100644 --- a/ssh.h +++ b/ssh.h @@ -13,7 +13,7 @@ Generic header file for ssh. */ -/* RCSID("$Id: ssh.h,v 1.10 1999/11/11 06:57:40 damien Exp $"); */ +/* RCSID("$Id: ssh.h,v 1.11 1999/11/12 00:33:04 damien Exp $"); */ #ifndef SSH_H #define SSH_H @@ -138,8 +138,8 @@ only by root, whereas ssh_config should be world-readable. */ #define SSH_AUTHSOCKET_ENV_NAME "SSH_AUTH_SOCK" /* Name of the environment variable containing the pathname of the - authentication socket. */ -#define SSH_AGENTPID_ENV_NAME "SSH_AGENT_PID" + authentication socket. */ +#define SSH_AGENTPID_ENV_NAME "SSH_AGENT_PID" /* Force host key length and server key length to differ by at least this many bits. This is to make double encryption with rsaref work. */ @@ -334,8 +334,7 @@ int auth_rhosts(struct passwd *pw, const char *client_user, its host key. Returns true if authentication succeeds. */ int auth_rhosts_rsa(struct passwd *pw, const char *client_user, unsigned int bits, BIGNUM *client_host_key_e, - BIGNUM *client_host_key_n, int ignore_rhosts, - int strict_modes); + BIGNUM *client_host_key_n); /* Tries to authenticate the user using password. Returns true if authentication succeeds. */ diff --git a/sshd.8 b/sshd.8 index 20e9712a5..e9a09f439 100644 --- a/sshd.8 +++ b/sshd.8 @@ -9,7 +9,7 @@ .\" .\" Created: Sat Apr 22 21:55:14 1995 ylo .\" -.\" $Id: sshd.8,v 1.6 1999/11/11 06:57:40 damien Exp $ +.\" $Id: sshd.8,v 1.7 1999/11/12 00:33:04 damien Exp $ .\" .Dd September 25, 1999 .Dt SSHD 8 @@ -245,6 +245,15 @@ and .Pa /etc/ssh/shosts.equiv are still used. The default is .Dq no . +.It Cm IgnoreUserKnownHosts +Specifies whether +.Nm +should ignore the user's +.Pa $HOME/.ssh/known_hosts +during +.Cm RhostsRSAAuthentication . +The default is +.Dq no . .It Cm KeepAlive Specifies whether the system should send keepalive messages to the other side. If they are sent, death of the connection or crash of one diff --git a/sshd.c b/sshd.c index 59526007e..7cc24cd1a 100644 --- a/sshd.c +++ b/sshd.c @@ -18,7 +18,7 @@ agent connections. */ #include "includes.h" -RCSID("$Id: sshd.c,v 1.15 1999/11/11 21:49:09 damien Exp $"); +RCSID("$Id: sshd.c,v 1.16 1999/11/12 00:33:04 damien Exp $"); #include "xmalloc.h" #include "rsa.h" @@ -1394,11 +1394,8 @@ do_authentication(char *user, int privileged_port) packet_integrity_check(plen, (4 + ulen) + 4 + elen + nlen, type); } - /* Try to authenticate using /etc/hosts.equiv and .rhosts. */ if (auth_rhosts_rsa(pw, client_user, - client_host_key_bits, client_host_key_e, - client_host_key_n, options.ignore_rhosts, - options.strict_modes)) + client_host_key_bits, client_host_key_e, client_host_key_n)) { /* Authentication accepted. */ authenticated = 1; diff --git a/sshd_config b/sshd_config index 42c3244b6..791fd13bd 100644 --- a/sshd_config +++ b/sshd_config @@ -11,13 +11,13 @@ PermitRootLogin yes # # Loglevel replaces QuietMode and FascistLogging # +SyslogFacility AUTH LogLevel INFO # # Don't read ~/.rhosts and ~/.shosts files -IgnoreRhosts yes StrictModes yes -X11Forwarding yes +X11Forwarding no X11DisplayOffset 10 FascistLogging no PrintMotd yes @@ -32,6 +32,16 @@ RhostsAuthentication no # RhostsRSAAuthentication no +# +# Don't read ~/.rhosts and ~/.shosts files +# +IgnoreRhosts yes + +# +# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication +# +#IgnoreUserKnownHosts yes + RSAAuthentication yes # To disable tunneled clear text passwords, change to no here! -- cgit v1.2.3