From 33e511edb33a5c17e088b5475191c46650e1692d Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Thu, 11 Nov 1999 11:43:13 +1100 Subject: - [auth-rh-rsa.c] user/958: check ~/.ssh/known_hosts for rhosts-rsa, too - [ssh.1] user/958: check ~/.ssh/known_hosts for rhosts-rsa, too - [sshd.8] user/958: check ~/.ssh/known_hosts for rhosts-rsa, too --- ChangeLog | 5 ++++- auth-rh-rsa.c | 25 ++++++++++++++++++++++++- ssh.1 | 4 +++- sshd.8 | 11 ++++------- 4 files changed, 35 insertions(+), 10 deletions(-) diff --git a/ChangeLog b/ChangeLog index 4fed0720f..8088670c9 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,7 +1,10 @@ 19991111 - Added (untested) Entropy Gathering Daemon (EGD) support - Fixed fd leak - + - Merged OpenBSD CVS changes: + - [auth-rh-rsa.c] user/958: check ~/.ssh/known_hosts for rhosts-rsa, too + - [ssh.1] user/958: check ~/.ssh/known_hosts for rhosts-rsa, too + - [sshd.8] user/958: check ~/.ssh/known_hosts for rhosts-rsa, too 19991110 - Merged several minor fixed: - ssh-agent commandline parsing diff --git a/auth-rh-rsa.c b/auth-rh-rsa.c index c433578bf..ee6af218c 100644 --- a/auth-rh-rsa.c +++ b/auth-rh-rsa.c @@ -15,7 +15,7 @@ authentication. */ #include "includes.h" -RCSID("$Id: auth-rh-rsa.c,v 1.1 1999/10/27 03:42:43 damien Exp $"); +RCSID("$Id: auth-rh-rsa.c,v 1.2 1999/11/11 00:43:13 damien Exp $"); #include "packet.h" #include "ssh.h" @@ -53,8 +53,31 @@ int auth_rhosts_rsa(struct passwd *pw, const char *client_user, host_status = check_host_in_hostfile(SSH_SYSTEM_HOSTFILE, canonical_hostname, client_host_key_bits, client_host_key_e, client_host_key_n, ke, kn); + /* Check user host file. */ + if (host_status != HOST_OK) { + struct stat st; + char *user_hostfile = tilde_expand_filename(SSH_USER_HOSTFILE, pw->pw_uid); + /* Check file permissions of SSH_USER_HOSTFILE, + auth_rsa() did already check pw->pw_dir, but there is a race XXX */ + if (strict_modes && + (stat(user_hostfile, &st) == 0) && + ((st.st_uid != 0 && st.st_uid != pw->pw_uid) || + (st.st_mode & 022) != 0)) { + log("Rhosts RSA authentication refused for %.100s: bad owner or modes for %.200s", + pw->pw_name, user_hostfile); + } else { + /* XXX race between stat and the following open() */ + temporarily_use_uid(pw->pw_uid); + host_status = check_host_in_hostfile(user_hostfile, canonical_hostname, + client_host_key_bits, client_host_key_e, + client_host_key_n, ke, kn); + restore_uid(); + } + xfree(user_hostfile); + } BN_free(ke); BN_free(kn); + if (host_status != HOST_OK) { /* The host key was not found. */ debug("Rhosts with RSA host authentication denied: unknown or invalid host key"); diff --git a/ssh.1 b/ssh.1 index 10054445c..3ea1c27b6 100644 --- a/ssh.1 +++ b/ssh.1 @@ -9,7 +9,7 @@ .\" .\" Created: Sat Apr 22 21:55:14 1995 ylo .\" -.\" $Id: ssh.1,v 1.4 1999/10/28 23:17:36 damien Exp $ +.\" $Id: ssh.1,v 1.5 1999/11/11 00:43:13 damien Exp $ .\" .Dd September 25, 1999 .Dt SSH 1 @@ -93,6 +93,8 @@ or and if additionally the server can verify the client's host key (see .Pa /etc/ssh/ssh_known_hosts +and +.Pa $HOME/.ssh/known_hosts in the .Sx FILES section), only then login is diff --git a/sshd.8 b/sshd.8 index b19880f0e..fd1f7f02b 100644 --- a/sshd.8 +++ b/sshd.8 @@ -9,7 +9,7 @@ .\" .\" Created: Sat Apr 22 21:55:14 1995 ylo .\" -.\" $Id: sshd.8,v 1.4 1999/10/28 23:17:36 damien Exp $ +.\" $Id: sshd.8,v 1.5 1999/11/11 00:43:13 damien Exp $ .\" .Dd September 25, 1999 .Dt SSHD 8 @@ -622,14 +622,11 @@ This file must be readable by root (which may on some machines imply it being world-readable if the user's home directory resides on an NFS volume). It is recommended that it not be accessible by others. The format of this file is described above. -.It Pa /etc/ssh/ssh_known_hosts +.It Pa "/etc/ssh/ssh_known_hosts" and "$HOME/.ssh/known_hosts" This file is consulted when using rhosts with RSA host authentication to check the public key of the host. The key must be -listed in this file to be accepted. -.It Pa $HOME/.ssh/known_hosts -The client uses this file -and -.Pa /etc/ssh/ssh_known_hosts +listed in one of these files to be accepted. +The client uses the same files to verify that the remote host is the one we intended to connect. These files should be writable only by root/the owner. .Pa /etc/ssh/ssh_known_hosts -- cgit v1.2.3