From 5a4456c6a592143a0a25ad925279eaf9ff620cc4 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 26 Oct 2007 14:27:22 +1000 Subject: - markus@cvs.openbsd.org 2007/10/22 19:10:24 [readconf.c] make sure that both the local and remote port are correct when parsing -L; Jan Pechanec (bz #1378) --- readconf.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'readconf.c') diff --git a/readconf.c b/readconf.c index d57d4551d..df058d35a 100644 --- a/readconf.c +++ b/readconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.c,v 1.162 2007/03/20 03:56:12 tedu Exp $ */ +/* $OpenBSD: readconf.c,v 1.163 2007/10/22 19:10:24 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1255,7 +1255,7 @@ parse_forward(Forward *fwd, const char *fwdspec) xfree(p); - if (fwd->listen_port == 0 && fwd->connect_port == 0) + if (fwd->listen_port == 0 || fwd->connect_port == 0) goto fail_free; if (fwd->connect_host != NULL && -- cgit v1.2.3 From 1e44c5ded38b59ab6bdb8d5c5e85583628b9971c Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Tue, 1 Jan 2008 20:32:26 +1100 Subject: - (dtucker) OpenBSD CVS Sync - dtucker@cvs.openbsd.org 2007/12/31 10:41:31 [readconf.c servconf.c] Prevent strict-aliasing warnings on newer gcc versions. bz #1355, patch from Dmitry V. Levin, ok djm@ --- ChangeLog | 9 ++++++++- readconf.c | 9 +++++---- servconf.c | 16 +++++++++------- 3 files changed, 22 insertions(+), 12 deletions(-) (limited to 'readconf.c') diff --git a/ChangeLog b/ChangeLog index 2f51c21e1..934c81772 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,10 @@ +20080101 + - (dtucker) OpenBSD CVS Sync + - dtucker@cvs.openbsd.org 2007/12/31 10:41:31 + [readconf.c servconf.c] + Prevent strict-aliasing warnings on newer gcc versions. bz #1355, patch + from Dmitry V. Levin, ok djm@ + 20071231 - (dtucker) [configure.ac openbsd-compat/glob.{c,h}] Bug #1407: force use of builtin glob implementation on Mac OS X. Based on a patch from @@ -3487,4 +3494,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4811 2007/12/31 10:29:26 dtucker Exp $ +$Id: ChangeLog,v 1.4812 2008/01/01 09:32:26 dtucker Exp $ diff --git a/readconf.c b/readconf.c index df058d35a..1d6409fdb 100644 --- a/readconf.c +++ b/readconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.c,v 1.163 2007/10/22 19:10:24 markus Exp $ */ +/* $OpenBSD: readconf.c,v 1.164 2007/12/31 10:41:31 dtucker Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -326,6 +326,7 @@ process_config_line(Options *options, const char *host, { char *s, **charptr, *endofnumber, *keyword, *arg, *arg2, fwdarg[256]; int opcode, *intptr, value, value2, scale; + LogLevel *log_level_ptr; long long orig, val64; size_t len; Forward fwd; @@ -692,14 +693,14 @@ parse_int: break; case oLogLevel: - intptr = (int *) &options->log_level; + log_level_ptr = &options->log_level; arg = strdelim(&s); value = log_level_number(arg); if (value == SYSLOG_LEVEL_NOT_SET) fatal("%.200s line %d: unsupported log level '%s'", filename, linenum, arg ? arg : ""); - if (*activep && (LogLevel) *intptr == SYSLOG_LEVEL_NOT_SET) - *intptr = (LogLevel) value; + if (*activep && *log_level_ptr == SYSLOG_LEVEL_NOT_SET) + *log_level_ptr = (LogLevel) value; break; case oLocalForward: diff --git a/servconf.c b/servconf.c index d4c01f7ff..4e3140fe3 100644 --- a/servconf.c +++ b/servconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.c,v 1.173 2007/12/27 14:22:08 dtucker Exp $ */ +/* $OpenBSD: servconf.c,v 1.174 2007/12/31 10:41:31 dtucker Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -621,6 +621,8 @@ process_server_config_line(ServerOptions *options, char *line, { char *cp, **charptr, *arg, *p; int cmdline = 0, *intptr, value, n; + SyslogFacility *log_facility_ptr; + LogLevel *log_level_ptr; ServerOpCodes opcode; u_short port; u_int i, flags = 0; @@ -976,25 +978,25 @@ parse_flag: goto parse_flag; case sLogFacility: - intptr = (int *) &options->log_facility; + log_facility_ptr = &options->log_facility; arg = strdelim(&cp); value = log_facility_number(arg); if (value == SYSLOG_FACILITY_NOT_SET) fatal("%.200s line %d: unsupported log facility '%s'", filename, linenum, arg ? arg : ""); - if (*intptr == -1) - *intptr = (SyslogFacility) value; + if (*log_facility_ptr == -1) + *log_facility_ptr = (SyslogFacility) value; break; case sLogLevel: - intptr = (int *) &options->log_level; + log_level_ptr = &options->log_level; arg = strdelim(&cp); value = log_level_number(arg); if (value == SYSLOG_LEVEL_NOT_SET) fatal("%.200s line %d: unsupported log level '%s'", filename, linenum, arg ? arg : ""); - if (*intptr == -1) - *intptr = (LogLevel) value; + if (*log_level_ptr == -1) + *log_level_ptr = (LogLevel) value; break; case sAllowTcpForwarding: -- cgit v1.2.3 From 3dff176ed9509b5bd92947b9504545495a2052cc Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 10 Feb 2008 22:25:52 +1100 Subject: - djm@cvs.openbsd.org 2008/01/19 23:09:49 [readconf.c readconf.h sshconnect2.c] promote rekeylimit to a int64 so it can hold the maximum useful limit of 2^32; report and patch from Jan.Pechanec AT Sun.COM, ok dtucker@ --- ChangeLog | 6 +++++- readconf.c | 9 ++++----- readconf.h | 4 ++-- sshconnect2.c | 4 ++-- 4 files changed, 13 insertions(+), 10 deletions(-) (limited to 'readconf.c') diff --git a/ChangeLog b/ChangeLog index 3843aeee9..3c5a374dc 100644 --- a/ChangeLog +++ b/ChangeLog @@ -40,6 +40,10 @@ and v6 addresses when connected to a server with this quirk, despite having set 0.0.0.0 as a bind_address. report and patch from Jan.Pechanec AT Sun.COM; ok dtucker@ + - djm@cvs.openbsd.org 2008/01/19 23:09:49 + [readconf.c readconf.h sshconnect2.c] + promote rekeylimit to a int64 so it can hold the maximum useful limit + of 2^32; report and patch from Jan.Pechanec AT Sun.COM, ok dtucker@ 20080119 - (djm) Silence noice from expr in ssh-copy-id; patch from @@ -3568,4 +3572,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4827 2008/02/10 11:25:24 djm Exp $ +$Id: ChangeLog,v 1.4828 2008/02/10 11:25:52 djm Exp $ diff --git a/readconf.c b/readconf.c index 1d6409fdb..3ddb4d392 100644 --- a/readconf.c +++ b/readconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.c,v 1.164 2007/12/31 10:41:31 dtucker Exp $ */ +/* $OpenBSD: readconf.c,v 1.165 2008/01/19 23:09:49 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -499,7 +499,6 @@ parse_yesnoask: goto parse_int; case oRekeyLimit: - intptr = &options->rekey_limit; arg = strdelim(&s); if (!arg || *arg == '\0') fatal("%.200s line %d: Missing argument.", filename, linenum); @@ -527,14 +526,14 @@ parse_yesnoask: } val64 *= scale; /* detect integer wrap and too-large limits */ - if ((val64 / scale) != orig || val64 > INT_MAX) + if ((val64 / scale) != orig || val64 > UINT_MAX) fatal("%.200s line %d: RekeyLimit too large", filename, linenum); if (val64 < 16) fatal("%.200s line %d: RekeyLimit too small", filename, linenum); - if (*activep && *intptr == -1) - *intptr = (int)val64; + if (*activep && options->rekey_limit == -1) + options->rekey_limit = (u_int32_t)val64; break; case oIdentityFile: diff --git a/readconf.h b/readconf.h index d484f258e..6257f4b2f 100644 --- a/readconf.h +++ b/readconf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.h,v 1.71 2006/08/03 03:34:42 deraadt Exp $ */ +/* $OpenBSD: readconf.h,v 1.72 2008/01/19 23:09:49 djm Exp $ */ /* * Author: Tatu Ylonen @@ -100,7 +100,7 @@ typedef struct { int clear_forwardings; int enable_ssh_keysign; - int rekey_limit; + int64_t rekey_limit; int no_host_authentication_for_localhost; int identities_only; int server_alive_interval; diff --git a/sshconnect2.c b/sshconnect2.c index 208df078c..5bb772368 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect2.c,v 1.164 2007/05/17 23:53:41 jolan Exp $ */ +/* $OpenBSD: sshconnect2.c,v 1.165 2008/01/19 23:09:49 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -130,7 +130,7 @@ ssh_kex2(char *host, struct sockaddr *hostaddr) options.hostkeyalgorithms; if (options.rekey_limit) - packet_set_rekey_limit(options.rekey_limit); + packet_set_rekey_limit((u_int32_t)options.rekey_limit); /* start key exchange */ kex = kex_setup(myproposal); -- cgit v1.2.3 From 9c16ac926376ad87084ae78bac44a813ae5db21f Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 13 Jun 2008 04:40:35 +1000 Subject: - grunk@cvs.openbsd.org 2008/06/11 21:01:35 [ssh_config.5 key.h readconf.c readconf.h ssh-keygen.1 ssh-keygen.c key.c sshconnect.c] Introduce SSH Fingerprint ASCII Visualization, a technique inspired by the graphical hash visualization schemes known as "random art", and by Dan Kaminsky's musings on the subject during a BlackOp talk at the 23C3 in Berlin. Scientific publication (original paper): "Hash Visualization: a New Technique to improve Real-World Security", Perrig A. and Song D., 1999, International Workshop on Cryptographic Techniques and E-Commerce (CrypTEC '99) http://sparrow.ece.cmu.edu/~adrian/projects/validation/validation.pdf The algorithm used here is a worm crawling over a discrete plane, leaving a trace (augmenting the field) everywhere it goes. Movement is taken from dgst_raw 2bit-wise. Bumping into walls makes the respective movement vector be ignored for this turn, thus switching to the other color of the chessboard. Graphs are not unambiguous for now, because circles in graphs can be walked in either direction. discussions with several people, help, corrections and ok markus@ djm@ --- ChangeLog | 23 ++++++++++++- key.c | 105 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++- key.h | 5 +-- readconf.c | 20 ++++++++++-- readconf.h | 6 +++- ssh-keygen.1 | 9 ++--- ssh-keygen.c | 21 +++++++++--- ssh_config.5 | 8 +++-- sshconnect.c | 26 +++++++++++---- 9 files changed, 199 insertions(+), 24 deletions(-) (limited to 'readconf.c') diff --git a/ChangeLog b/ChangeLog index 14eb11514..70d5baa58 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,6 +3,27 @@ - jmc@cvs.openbsd.org 2008/06/11 07:30:37 [sshd.8] kill trailing whitespace; + - grunk@cvs.openbsd.org 2008/06/11 21:01:35 + [ssh_config.5 key.h readconf.c readconf.h ssh-keygen.1 ssh-keygen.c key.c + sshconnect.c] + Introduce SSH Fingerprint ASCII Visualization, a technique inspired by the + graphical hash visualization schemes known as "random art", and by + Dan Kaminsky's musings on the subject during a BlackOp talk at the + 23C3 in Berlin. + Scientific publication (original paper): + "Hash Visualization: a New Technique to improve Real-World Security", + Perrig A. and Song D., 1999, International Workshop on Cryptographic + Techniques and E-Commerce (CrypTEC '99) + http://sparrow.ece.cmu.edu/~adrian/projects/validation/validation.pdf + The algorithm used here is a worm crawling over a discrete plane, + leaving a trace (augmenting the field) everywhere it goes. + Movement is taken from dgst_raw 2bit-wise. Bumping into walls + makes the respective movement vector be ignored for this turn, + thus switching to the other color of the chessboard. + Graphs are not unambiguous for now, because circles in graphs can be + walked in either direction. + discussions with several people, + help, corrections and ok markus@ djm@ 20080611 - (djm) [channels.c configure.ac] @@ -4165,4 +4186,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4968 2008/06/12 18:32:00 dtucker Exp $ +$Id: ChangeLog,v 1.4969 2008/06/12 18:40:35 dtucker Exp $ diff --git a/key.c b/key.c index 62bf8361d..5d357a8d6 100644 --- a/key.c +++ b/key.c @@ -1,4 +1,4 @@ -/* $OpenBSD: key.c,v 1.69 2007/07/12 05:48:05 ray Exp $ */ +/* $OpenBSD: key.c,v 1.70 2008/06/11 21:01:35 grunk Exp $ */ /* * read_bignum(): * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -35,6 +35,7 @@ #include "includes.h" +#include #include #include @@ -295,6 +296,105 @@ key_fingerprint_bubblebabble(u_char *dgst_raw, u_int dgst_raw_len) return retval; } +/* + * Draw an ASCII-Art representing the fingerprint so human brain can + * profit from its built-in pattern recognition ability. + * This technique is called "random art" and can be found in some + * scientific publications like this original paper: + * + * "Hash Visualization: a New Technique to improve Real-World Security", + * Perrig A. and Song D., 1999, International Workshop on Cryptographic + * Techniques and E-Commerce (CrypTEC '99) + * sparrow.ece.cmu.edu/~adrian/projects/validation/validation.pdf + * + * The subject came up in a talk by Dan Kaminsky, too. + * + * If you see the picture is different, the key is different. + * If the picture looks the same, you still know nothing. + * + * The algorithm used here is a worm crawling over a discrete plane, + * leaving a trace (augmenting the field) everywhere it goes. + * Movement is taken from dgst_raw 2bit-wise. Bumping into walls + * makes the respective movement vector be ignored for this turn. + * Graphs are not unambiguous, because circles in graphs can be + * walked in either direction. + */ +#define FLDSIZE_Y 8 +#define FLDSIZE_X FLDSIZE_Y * 2 +static char * +key_fingerprint_randomart(u_char *dgst_raw, u_int dgst_raw_len) +{ + /* + * Chars to be used after each other every time the worm + * intersects with itself. Matter of taste. + */ + char *augmentation_string = " .o+=*BOX@%&#/^"; + char *retval, *p; + char field[FLDSIZE_X][FLDSIZE_Y]; + u_int i, b; + int x, y; + + retval = xcalloc(1, (FLDSIZE_X + 3) * (FLDSIZE_Y + 2)); + + /* initialize field */ + memset(field, ' ', FLDSIZE_X * FLDSIZE_Y * sizeof(char)); + x = FLDSIZE_X / 2; + y = FLDSIZE_Y / 2; + field[x][y] = '.'; + + /* process raw key */ + for (i = 0; i < dgst_raw_len; i++) { + int input; + /* each byte conveys four 2-bit move commands */ + input = dgst_raw[i]; + for (b = 0; b < 4; b++) { + /* evaluate 2 bit, rest is shifted later */ + x += (input & 0x1) ? 1 : -1; + y += (input & 0x2) ? 1 : -1; + + /* assure we are still in bounds */ + x = MAX(x, 0); + y = MAX(y, 0); + x = MIN(x, FLDSIZE_X - 1); + y = MIN(y, FLDSIZE_Y - 1); + + /* augment the field */ + p = strchr(augmentation_string, field[x][y]); + if (*++p != '\0') + field[x][y] = *p; + + input = input >> 2; + } + } + + /* fill in retval */ + p = retval; + + /* output upper border */ + *p++ = '+'; + for (i = 0; i < FLDSIZE_X; i++) + *p++ = '-'; + *p++ = '+'; + *p++ = '\n'; + + /* output content */ + for (y = 0; y < FLDSIZE_Y; y++) { + *p++ = '|'; + for (x = 0; x < FLDSIZE_X; x++) + *p++ = field[x][y]; + *p++ = '|'; + *p++ = '\n'; + } + + /* output lower border */ + *p++ = '+'; + for (i = 0; i < FLDSIZE_X; i++) + *p++ = '-'; + *p++ = '+'; + + return retval; +} + char * key_fingerprint(const Key *k, enum fp_type dgst_type, enum fp_rep dgst_rep) { @@ -312,6 +412,9 @@ key_fingerprint(const Key *k, enum fp_type dgst_type, enum fp_rep dgst_rep) case SSH_FP_BUBBLEBABBLE: retval = key_fingerprint_bubblebabble(dgst_raw, dgst_raw_len); break; + case SSH_FP_RANDOMART: + retval = key_fingerprint_randomart(dgst_raw, dgst_raw_len); + break; default: fatal("key_fingerprint_ex: bad digest representation %d", dgst_rep); diff --git a/key.h b/key.h index 6873dd793..14aac79c2 100644 --- a/key.h +++ b/key.h @@ -1,4 +1,4 @@ -/* $OpenBSD: key.h,v 1.26 2006/08/03 03:34:42 deraadt Exp $ */ +/* $OpenBSD: key.h,v 1.27 2008/06/11 21:01:35 grunk Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -42,7 +42,8 @@ enum fp_type { }; enum fp_rep { SSH_FP_HEX, - SSH_FP_BUBBLEBABBLE + SSH_FP_BUBBLEBABBLE, + SSH_FP_RANDOMART }; /* key is stored in external hardware */ diff --git a/readconf.c b/readconf.c index 3ddb4d392..1d61145c4 100644 --- a/readconf.c +++ b/readconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.c,v 1.165 2008/01/19 23:09:49 djm Exp $ */ +/* $OpenBSD: readconf.c,v 1.166 2008/06/11 21:01:35 grunk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -452,7 +452,23 @@ parse_flag: case oCheckHostIP: intptr = &options->check_host_ip; - goto parse_flag; + arg = strdelim(&s); + if (!arg || *arg == '\0') + fatal("%.200s line %d: Missing CheckHostIP argument.", + filename, linenum); + value = 0; /* To avoid compiler warning... */ + if (strcmp(arg, "yes") == 0 || strcmp(arg, "true") == 0) + value = SSHCTL_CHECKHOSTIP_YES; + else if (strcmp(arg, "no") == 0 || strcmp(arg, "false") == 0) + value = SSHCTL_CHECKHOSTIP_NO; + else if (strcmp(arg, "fingerprint") == 0) + value = SSHCTL_CHECKHOSTIP_FPR; + else + fatal("%.200s line %d: Bad CheckHostIP argument.", + filename, linenum); + if (*activep && *intptr == -1) + *intptr = value; + break; case oVerifyHostKeyDNS: intptr = &options->verify_host_key_dns; diff --git a/readconf.h b/readconf.h index 6257f4b2f..5c16a0ba6 100644 --- a/readconf.h +++ b/readconf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.h,v 1.72 2008/01/19 23:09:49 djm Exp $ */ +/* $OpenBSD: readconf.h,v 1.73 2008/06/11 21:01:35 grunk Exp $ */ /* * Author: Tatu Ylonen @@ -123,6 +123,10 @@ typedef struct { } Options; +#define SSHCTL_CHECKHOSTIP_NO 0 +#define SSHCTL_CHECKHOSTIP_YES 1 +#define SSHCTL_CHECKHOSTIP_FPR 2 + #define SSHCTL_MASTER_NO 0 #define SSHCTL_MASTER_YES 1 #define SSHCTL_MASTER_AUTO 2 diff --git a/ssh-keygen.1 b/ssh-keygen.1 index 877935053..36249b288 100644 --- a/ssh-keygen.1 +++ b/ssh-keygen.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-keygen.1,v 1.75 2007/05/31 19:20:16 jmc Exp $ +.\" $OpenBSD: ssh-keygen.1,v 1.76 2008/06/11 21:01:35 grunk Exp $ .\" .\" -*- nroff -*- .\" @@ -37,7 +37,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: May 31 2007 $ +.Dd $Mdocdate: June 11 2008 $ .Dt SSH-KEYGEN 1 .Os .Sh NAME @@ -257,11 +257,12 @@ RFC 4716 SSH Public Key File Format. This option allows importing keys from several commercial SSH implementations. .It Fl l -Show fingerprint of specified public key file. +Show fingerprint and ASCII art representation of specified public key file. Private RSA1 keys are also supported. For RSA and DSA keys .Nm -tries to find the matching public key file and prints its fingerprint. +tries to find the matching public key file and prints its fingerprint +and representation. .It Fl M Ar memory Specify the amount of memory to use (in megabytes) when generating candidate moduli for DH-GEX. diff --git a/ssh-keygen.c b/ssh-keygen.c index a03c6575d..c22e814da 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.166 2008/05/19 15:46:31 djm Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.167 2008/06/11 21:01:35 grunk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1994 Tatu Ylonen , Espoo, Finland @@ -504,7 +504,7 @@ do_fingerprint(struct passwd *pw) { FILE *f; Key *public; - char *comment = NULL, *cp, *ep, line[16*1024], *fp; + char *comment = NULL, *cp, *ep, line[16*1024], *fp, *ra; int i, skip = 0, num = 0, invalid = 1; enum fp_rep rep; enum fp_type fptype; @@ -522,9 +522,12 @@ do_fingerprint(struct passwd *pw) public = key_load_public(identity_file, &comment); if (public != NULL) { fp = key_fingerprint(public, fptype, rep); + ra = key_fingerprint(public, fptype, rep); printf("%u %s %s\n", key_size(public), fp, comment); + verbose("%s\n", ra); key_free(public); xfree(comment); + xfree(ra); xfree(fp); exit(0); } @@ -582,8 +585,11 @@ do_fingerprint(struct passwd *pw) } comment = *cp ? cp : comment; fp = key_fingerprint(public, fptype, rep); + ra = key_fingerprint(public, fptype, SSH_FP_RANDOMART); printf("%u %s %s\n", key_size(public), fp, comment ? comment : "no comment"); + verbose("%s\n", ra); + xfree(ra); xfree(fp); key_free(public); invalid = 0; @@ -603,12 +609,14 @@ print_host(FILE *f, const char *name, Key *public, int hash) if (print_fingerprint) { enum fp_rep rep; enum fp_type fptype; - char *fp; + char *fp, *ra; fptype = print_bubblebabble ? SSH_FP_SHA1 : SSH_FP_MD5; rep = print_bubblebabble ? SSH_FP_BUBBLEBABBLE : SSH_FP_HEX; fp = key_fingerprint(public, fptype, rep); - printf("%u %s %s\n", key_size(public), fp, name); + ra = key_fingerprint(public, fptype, SSH_FP_RANDOMART); + printf("%u %s %s\n%s\n", key_size(public), fp, name, ra); + xfree(ra); xfree(fp); } else { if (hash && (name = host_hash(name, NULL, 0)) == NULL) @@ -1451,10 +1459,15 @@ passphrase_again: if (!quiet) { char *fp = key_fingerprint(public, SSH_FP_MD5, SSH_FP_HEX); + char *ra = key_fingerprint(public, SSH_FP_MD5, + SSH_FP_RANDOMART); printf("Your public key has been saved in %s.\n", identity_file); printf("The key fingerprint is:\n"); printf("%s %s\n", fp, comment); + printf("The key's randomart image is:\n"); + printf("%s\n", ra); + xfree(ra); xfree(fp); } diff --git a/ssh_config.5 b/ssh_config.5 index d6f3fbf80..28ac724c8 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -34,8 +34,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.106 2008/06/10 18:21:24 dtucker Exp $ -.Dd $Mdocdate: June 10 2008 $ +.\" $OpenBSD: ssh_config.5,v 1.107 2008/06/11 21:01:35 grunk Exp $ +.Dd $Mdocdate: June 11 2008 $ .Dt SSH_CONFIG 5 .Os .Sh NAME @@ -161,6 +161,10 @@ will additionally check the host IP address in the file. This allows ssh to detect if a host key changed due to DNS spoofing. If the option is set to +.Dq fingerprint , +not only the host IP address will be checked, but also an ASCII art +representation of the key will be printed. +If the option is set to .Dq no , the check will not be executed. The default is diff --git a/sshconnect.c b/sshconnect.c index a604c9724..151299614 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.c,v 1.203 2007/12/27 14:22:08 dtucker Exp $ */ +/* $OpenBSD: sshconnect.c,v 1.204 2008/06/11 21:01:35 grunk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -602,7 +602,7 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, Key *file_key; const char *type = key_type(host_key); char *ip = NULL, *host = NULL; - char hostline[1000], *hostp, *fp; + char hostline[1000], *hostp, *fp, *ra; HostStatus host_status; HostStatus ip_status; int r, local = 0, host_ip_differ = 0; @@ -740,6 +740,13 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, logit("Warning: Permanently added the %s host " "key for IP address '%.128s' to the list " "of known hosts.", type, ip); + } else if (options.check_host_ip == SSHCTL_CHECKHOSTIP_FPR) { + fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX); + ra = key_fingerprint(host_key, SSH_FP_MD5, + SSH_FP_RANDOMART); + logit("Host key fingerprint is %s\n%s\n", fp, ra); + xfree(ra); + xfree(fp); } break; case HOST_NEW: @@ -775,6 +782,8 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, snprintf(msg1, sizeof(msg1), "."); /* The default */ fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX); + ra = key_fingerprint(host_key, SSH_FP_MD5, + SSH_FP_RANDOMART); msg2[0] = '\0'; if (options.verify_host_key_dns) { if (matching_host_key_dns) @@ -789,10 +798,11 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, snprintf(msg, sizeof(msg), "The authenticity of host '%.200s (%s)' can't be " "established%s\n" - "%s key fingerprint is %s.\n%s" + "%s key fingerprint is %s.\n%s\n%s" "Are you sure you want to continue connecting " "(yes/no)? ", - host, ip, msg1, type, fp, msg2); + host, ip, msg1, type, fp, ra, msg2); + xfree(ra); xfree(fp); if (!confirm(msg)) goto fail; @@ -1063,18 +1073,20 @@ static int show_key_from_file(const char *file, const char *host, int keytype) { Key *found; - char *fp; + char *fp, *ra; int line, ret; found = key_new(keytype); if ((ret = lookup_key_in_hostfile_by_type(file, host, keytype, found, &line))) { fp = key_fingerprint(found, SSH_FP_MD5, SSH_FP_HEX); + ra = key_fingerprint(found, SSH_FP_MD5, SSH_FP_RANDOMART); logit("WARNING: %s key found for host %s\n" "in %s:%d\n" - "%s key fingerprint %s.", + "%s key fingerprint %s.\n%s\n", key_type(found), host, file, line, - key_type(found), fp); + key_type(found), fp, ra); + xfree(ra); xfree(fp); } key_free(found); -- cgit v1.2.3 From 1028824e5c456dc3d8a57fe5bae539beb4a95432 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 30 Jun 2008 00:04:03 +1000 Subject: - grunk@cvs.openbsd.org 2008/06/26 11:46:31 [readconf.c readconf.h ssh.1 ssh_config.5 sshconnect.c] Move SSH Fingerprint Visualization away from sharing the config option CheckHostIP to an own config option named VisualHostKey. While there, fix the behaviour that ssh would draw a random art picture on every newly seen host even when the option was not enabled. prodded by deraadt@, discussions, help and ok markus@ djm@ dtucker@ --- ChangeLog | 10 +++++++++- readconf.c | 29 +++++++++++------------------ readconf.h | 7 ++----- ssh.1 | 8 ++++---- ssh_config.5 | 18 ++++++++++++------ sshconnect.c | 18 +++++++----------- 6 files changed, 45 insertions(+), 45 deletions(-) (limited to 'readconf.c') diff --git a/ChangeLog b/ChangeLog index 70c06d785..5df3f91d6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -20,6 +20,14 @@ are of the expected "safe prime" structure and have had appropriate primality tests performed; feedback and ok dtucker@ + - grunk@cvs.openbsd.org 2008/06/26 11:46:31 + [readconf.c readconf.h ssh.1 ssh_config.5 sshconnect.c] + Move SSH Fingerprint Visualization away from sharing the config option + CheckHostIP to an own config option named VisualHostKey. + While there, fix the behaviour that ssh would draw a random art picture + on every newly seen host even when the option was not enabled. + prodded by deraadt@, discussions, + help and ok markus@ djm@ dtucker@ 20080628 - (djm) [RFC.nroff contrib/cygwin/Makefile contrib/suse/openssh.spec] @@ -4440,4 +4448,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.5028 2008/06/29 12:47:04 djm Exp $ +$Id: ChangeLog,v 1.5029 2008/06/29 14:04:03 djm Exp $ diff --git a/readconf.c b/readconf.c index 1d61145c4..73f6eb361 100644 --- a/readconf.c +++ b/readconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.c,v 1.166 2008/06/11 21:01:35 grunk Exp $ */ +/* $OpenBSD: readconf.c,v 1.167 2008/06/26 11:46:31 grunk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -130,6 +130,7 @@ typedef enum { oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, oSendEnv, oControlPath, oControlMaster, oHashKnownHosts, oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand, + oVisualHostKey, oDeprecated, oUnsupported } OpCodes; @@ -226,6 +227,7 @@ static struct { { "tunneldevice", oTunnelDevice }, { "localcommand", oLocalCommand }, { "permitlocalcommand", oPermitLocalCommand }, + { "visualhostkey", oVisualHostKey }, { NULL, oBadOption } }; @@ -452,23 +454,7 @@ parse_flag: case oCheckHostIP: intptr = &options->check_host_ip; - arg = strdelim(&s); - if (!arg || *arg == '\0') - fatal("%.200s line %d: Missing CheckHostIP argument.", - filename, linenum); - value = 0; /* To avoid compiler warning... */ - if (strcmp(arg, "yes") == 0 || strcmp(arg, "true") == 0) - value = SSHCTL_CHECKHOSTIP_YES; - else if (strcmp(arg, "no") == 0 || strcmp(arg, "false") == 0) - value = SSHCTL_CHECKHOSTIP_NO; - else if (strcmp(arg, "fingerprint") == 0) - value = SSHCTL_CHECKHOSTIP_FPR; - else - fatal("%.200s line %d: Bad CheckHostIP argument.", - filename, linenum); - if (*activep && *intptr == -1) - *intptr = value; - break; + goto parse_flag; case oVerifyHostKeyDNS: intptr = &options->verify_host_key_dns; @@ -931,6 +917,10 @@ parse_int: intptr = &options->permit_local_command; goto parse_flag; + case oVisualHostKey: + intptr = &options->visual_host_key; + goto parse_flag; + case oDeprecated: debug("%s line %d: Deprecated option \"%s\"", filename, linenum, keyword); @@ -1081,6 +1071,7 @@ initialize_options(Options * options) options->tun_remote = -1; options->local_command = NULL; options->permit_local_command = -1; + options->visual_host_key = -1; } /* @@ -1215,6 +1206,8 @@ fill_default_options(Options * options) options->tun_remote = SSH_TUNID_ANY; if (options->permit_local_command == -1) options->permit_local_command = 0; + if (options->visual_host_key == -1) + options->visual_host_key = 0; /* options->local_command should not be set by default */ /* options->proxy_command should not be set by default */ /* options->user will be set in the main program if appropriate */ diff --git a/readconf.h b/readconf.h index 5c16a0ba6..47c7aef4e 100644 --- a/readconf.h +++ b/readconf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.h,v 1.73 2008/06/11 21:01:35 grunk Exp $ */ +/* $OpenBSD: readconf.h,v 1.74 2008/06/26 11:46:31 grunk Exp $ */ /* * Author: Tatu Ylonen @@ -120,13 +120,10 @@ typedef struct { char *local_command; int permit_local_command; + int visual_host_key; } Options; -#define SSHCTL_CHECKHOSTIP_NO 0 -#define SSHCTL_CHECKHOSTIP_YES 1 -#define SSHCTL_CHECKHOSTIP_FPR 2 - #define SSHCTL_MASTER_NO 0 #define SSHCTL_MASTER_YES 1 #define SSHCTL_MASTER_AUTO 2 diff --git a/ssh.1 b/ssh.1 index e975dae01..6165e2f73 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,8 +34,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.274 2008/06/13 20:13:26 grunk Exp $ -.Dd $Mdocdate: June 13 2008 +.\" $OpenBSD: ssh.1,v 1.275 2008/06/26 11:46:31 grunk Exp $ +.Dd $Mdocdate: June 26 2008 $ .Dt SSH 1 .Os .Sh NAME @@ -1035,9 +1035,9 @@ there is also support to compare host keys visually, using .Em random art . By setting the -.Cm CheckHostIP +.Cm VisualHostKey option to -.Dq fingerprint , +.Dq yes , a small ASCII graphic gets displayed on every login to a server, no matter if the session itself is interactive or not. By learning the pattern a known server produces, a user can easily diff --git a/ssh_config.5 b/ssh_config.5 index 53b3b6f1f..85e7ba06d 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -34,8 +34,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.110 2008/06/12 19:10:09 jmc Exp $ -.Dd $Mdocdate: June 12 2008 $ +.\" $OpenBSD: ssh_config.5,v 1.111 2008/06/26 11:46:31 grunk Exp $ +.Dd $Mdocdate: June 26 2008 $ .Dt SSH_CONFIG 5 .Os .Sh NAME @@ -161,10 +161,6 @@ will additionally check the host IP address in the file. This allows ssh to detect if a host key changed due to DNS spoofing. If the option is set to -.Dq fingerprint , -a fingerprint and an ASCII art representation of the key are printed, -in addition to the host IP address check. -If the option is set to .Dq no , the check will not be executed. The default is @@ -1064,6 +1060,16 @@ See also .Sx VERIFYING HOST KEYS in .Xr ssh 1 . +.It Cm VisualHostKey +If this flag is set to +.Dq yes , +an ASCII art representation of the remote host key fingerprint is +printed additionally to the hex fingerprint string. +If this flag is set to +.Dq no , +only the hex fingerprint string will be printed. +The default is +.Dq no . .It Cm XAuthLocation Specifies the full pathname of the .Xr xauth 1 diff --git a/sshconnect.c b/sshconnect.c index 267670771..9c1550a96 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.c,v 1.208 2008/06/12 23:24:58 ian Exp $ */ +/* $OpenBSD: sshconnect.c,v 1.209 2008/06/26 11:46:31 grunk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -598,7 +598,6 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, char msg[1024]; int len, host_line, ip_line; const char *host_file = NULL, *ip_file = NULL; - int display_randomart; /* * Force accepting of the host key for loopback/localhost. The @@ -645,12 +644,6 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, ip = xstrdup(""); } - /* - * check_host_ip may be set to zero in the next step, so if it - * conveys a request to display the random art, save it away. - */ - display_randomart = (options.check_host_ip == SSHCTL_CHECKHOSTIP_FPR); - /* * Turn off check_host_ip if the connection is to localhost, via proxy * command or if we don't have a hostname to compare with @@ -735,7 +728,7 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, logit("Warning: Permanently added the %s host " "key for IP address '%.128s' to the list " "of known hosts.", type, ip); - } else if (display_randomart) { + } else if (options.visual_host_key) { fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX); ra = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_RANDOMART); @@ -793,10 +786,13 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, snprintf(msg, sizeof(msg), "The authenticity of host '%.200s (%s)' can't be " "established%s\n" - "%s key fingerprint is %s.\n%s\n%s" + "%s key fingerprint is %s.%s%s\n%s" "Are you sure you want to continue connecting " "(yes/no)? ", - host, ip, msg1, type, fp, ra, msg2); + host, ip, msg1, type, fp, + options.visual_host_key ? "\n" : "", + options.visual_host_key ? ra : "", + msg2); xfree(ra); xfree(fp); if (!confirm(msg)) -- cgit v1.2.3