From 2bca8a43e7dd9b04d7070824ffebb823c72587b2 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Fri, 11 Sep 2015 03:13:36 +0000 Subject: upstream commit more clarity on what AuthorizedKeysFile=none does; based on diff by Thiebaud Weksteen Upstream-ID: 78ab87f069080f0cc3bc353bb04eddd9e8ad3704 --- sshd.8 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'sshd.8') diff --git a/sshd.8 b/sshd.8 index 213b5fc43..3b20d9f32 100644 --- a/sshd.8 +++ b/sshd.8 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.280 2015/07/03 03:49:45 djm Exp $ -.Dd $Mdocdate: July 3 2015 $ +.\" $OpenBSD: sshd.8,v 1.281 2015/09/11 03:13:36 djm Exp $ +.Dd $Mdocdate: September 11 2015 $ .Dt SSHD 8 .Os .Sh NAME @@ -470,7 +470,7 @@ does not exist either, xauth is used to add the cookie. .Cm AuthorizedKeysFile specifies the files containing public keys for public key authentication; -if none is specified, the default is +if this option is not specified, the default is .Pa ~/.ssh/authorized_keys and .Pa ~/.ssh/authorized_keys2 . -- cgit v1.2.3 From 383f10fb84a0fee3c01f9d97594f3e22aa3cd5e0 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Mon, 16 Nov 2015 00:30:02 +0000 Subject: upstream commit Add a new authorized_keys option "restrict" that includes all current and future key restrictions (no-*-forwarding, etc). Also add permissive versions of the existing restrictions, e.g. "no-pty" -> "pty". This simplifies the task of setting up restricted keys and ensures they are maximally-restricted, regardless of any permissions we might implement in the future. Example: restrict,pty,command="nethack" ssh-ed25519 AAAAC3NzaC1lZDI1... Idea from Jann Horn; ok markus@ Upstream-ID: 04ceb9d448e46e67e13887a7ae5ea45b4f1719d0 --- auth-options.c | 87 ++++++++++++++++++++++++++++++++++++++-------------------- sshd.8 | 36 ++++++++++++++++++++++-- 2 files changed, 91 insertions(+), 32 deletions(-) (limited to 'sshd.8') diff --git a/auth-options.c b/auth-options.c index e387697d3..cb68802de 100644 --- a/auth-options.c +++ b/auth-options.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth-options.c,v 1.68 2015/07/03 03:43:18 djm Exp $ */ +/* $OpenBSD: auth-options.c,v 1.69 2015/11/16 00:30:02 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -87,6 +87,36 @@ auth_clear_options(void) channel_clear_permitted_opens(); } +/* + * Match flag 'opt' in *optsp, and if allow_negate is set then also match + * 'no-opt'. Returns -1 if option not matched, 1 if option matches or 0 + * if negated option matches. + * If the option or negated option matches, then *optsp is updated to + * point to the first character after the option and, if 'msg' is not NULL + * then a message based on it added via auth_debug_add(). + */ +static int +match_flag(const char *opt, int allow_negate, char **optsp, const char *msg) +{ + size_t opt_len = strlen(opt); + char *opts = *optsp; + int negate = 0; + + if (allow_negate && strncasecmp(opts, "no-", 3) == 0) { + opts += 3; + negate = 1; + } + if (strncasecmp(opts, opt, opt_len) == 0) { + *optsp = opts + opt_len; + if (msg != NULL) { + auth_debug_add("%s %s.", msg, + negate ? "disabled" : "enabled"); + } + return negate ? 0 : 1; + } + return -1; +} + /* * return 1 if access is granted, 0 if not. * side effect: sets key option flags @@ -95,7 +125,7 @@ int auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) { const char *cp; - int i; + int i, r; /* reset options */ auth_clear_options(); @@ -104,45 +134,42 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) return 1; while (*opts && *opts != ' ' && *opts != '\t') { - cp = "cert-authority"; - if (strncasecmp(opts, cp, strlen(cp)) == 0) { - key_is_cert_authority = 1; - opts += strlen(cp); + if ((r = match_flag("cert-authority", 0, &opts, NULL)) != -1) { + key_is_cert_authority = r; goto next_option; } - cp = "no-port-forwarding"; - if (strncasecmp(opts, cp, strlen(cp)) == 0) { - auth_debug_add("Port forwarding disabled."); + if ((r = match_flag("restrict", 0, &opts, NULL)) != -1) { + auth_debug_add("Key is restricted."); no_port_forwarding_flag = 1; - opts += strlen(cp); + no_agent_forwarding_flag = 1; + no_x11_forwarding_flag = 1; + no_pty_flag = 1; + no_user_rc = 1; goto next_option; } - cp = "no-agent-forwarding"; - if (strncasecmp(opts, cp, strlen(cp)) == 0) { - auth_debug_add("Agent forwarding disabled."); - no_agent_forwarding_flag = 1; - opts += strlen(cp); + if ((r = match_flag("port-forwarding", 1, &opts, + "Port forwarding")) != -1) { + no_port_forwarding_flag = r != 1; goto next_option; } - cp = "no-X11-forwarding"; - if (strncasecmp(opts, cp, strlen(cp)) == 0) { - auth_debug_add("X11 forwarding disabled."); - no_x11_forwarding_flag = 1; - opts += strlen(cp); + if ((r = match_flag("agent-forwarding", 1, &opts, + "Agent forwarding")) != -1) { + no_agent_forwarding_flag = r != 1; goto next_option; } - cp = "no-pty"; - if (strncasecmp(opts, cp, strlen(cp)) == 0) { - auth_debug_add("Pty allocation disabled."); - no_pty_flag = 1; - opts += strlen(cp); + if ((r = match_flag("x11-forwarding", 1, &opts, + "X11 forwarding")) != -1) { + no_x11_forwarding_flag = r != 1; goto next_option; } - cp = "no-user-rc"; - if (strncasecmp(opts, cp, strlen(cp)) == 0) { - auth_debug_add("User rc file execution disabled."); - no_user_rc = 1; - opts += strlen(cp); + if ((r = match_flag("pty", 1, &opts, + "PTY allocation")) != -1) { + no_pty_flag = r != 1; + goto next_option; + } + if ((r = match_flag("user-rc", 1, &opts, + "User rc execution")) != -1) { + no_user_rc = r != 1; goto next_option; } cp = "command=\""; diff --git a/sshd.8 b/sshd.8 index 3b20d9f32..9bf3d5bb2 100644 --- a/sshd.8 +++ b/sshd.8 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.281 2015/09/11 03:13:36 djm Exp $ -.Dd $Mdocdate: September 11 2015 $ +.\" $OpenBSD: sshd.8,v 1.282 2015/11/16 00:30:02 djm Exp $ +.Dd $Mdocdate: November 16 2015 $ .Dt SSHD 8 .Os .Sh NAME @@ -522,6 +522,10 @@ No spaces are permitted, except within double quotes. The following option specifications are supported (note that option keywords are case-insensitive): .Bl -tag -width Ds +.It Cm agent-forwarding +Enable authentication agent forwarding previously disabled by the +.Cm restrict +option. .It Cm cert-authority Specifies that the listed key is a certification authority (CA) that is trusted to validate signed certificates for user authentication. @@ -616,6 +620,9 @@ they must be literal domains or addresses. A port specification of .Cm * matches any port. +.It Cm port-forwarding +Enable port forwarding previously disabled by the +.Cm restrict .It Cm principals="principals" On a .Cm cert-authority @@ -627,12 +634,33 @@ This option is ignored for keys that are not marked as trusted certificate signers using the .Cm cert-authority option. +.It Cm pty +Permits tty allocation previously disabled by the +.Cm restrict +option. +.It Cm restrict +Enable all restrictions, i.e. disable port, agent and X11 forwarding, +as well as disabling PTY allocation +and execution of +.Pa ~/.ssh/rc . +If any future restriction capabilities are added to authorized_keys files +they will be included in this set. .It Cm tunnel="n" Force a .Xr tun 4 device on the server. Without this option, the next available device will be used if the client requests a tunnel. +.It Cm user-rc +Enables execution of +.Pa ~/.ssh/rc +previously disabled by the +.Cm restrict +option. +.It Cm X11-forwarding +Permits X11 forwarding previously disabled by the +.Cm restrict +option. .El .Pp An example authorized_keys file: @@ -647,6 +675,10 @@ permitopen="192.0.2.1:80",permitopen="192.0.2.2:25" ssh-dss AAAAB5...21S== tunnel="0",command="sh /etc/netstart tun0" ssh-rsa AAAA...== jane@example.net +restrict,command="uptime" ssh-rsa AAAA1C8...32Tv== +user@example.net +restrict,pty,command="nethack" ssh-rsa AAAA1f8...IrrC5== +user@example.net .Ed .Sh SSH_KNOWN_HOSTS FILE FORMAT The -- cgit v1.2.3 From deae7d52d59c5019c528f977360d87fdda15d20b Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Fri, 5 Feb 2016 03:07:06 +0000 Subject: upstream commit mention internal DH-GEX fallback groups; bz#2302 Upstream-ID: e7b395fcca3122cd825515f45a2e41c9a157e09e --- sshd.8 | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) (limited to 'sshd.8') diff --git a/sshd.8 b/sshd.8 index 9bf3d5bb2..e658523a5 100644 --- a/sshd.8 +++ b/sshd.8 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.282 2015/11/16 00:30:02 djm Exp $ -.Dd $Mdocdate: November 16 2015 $ +.\" $OpenBSD: sshd.8,v 1.283 2016/02/05 03:07:06 djm Exp $ +.Dd $Mdocdate: February 5 2016 $ .Dt SSHD 8 .Os .Sh NAME @@ -888,9 +888,12 @@ This file is for host-based authentication (see It should only be writable by root. .Pp .It Pa /etc/moduli -Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange". +Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange" +key exchange method. The file format is described in .Xr moduli 5 . +If no usable groups are found in this file then fixed internal groups will +be used. .Pp .It Pa /etc/motd See -- cgit v1.2.3 From a685ae8d1c24fb7c712c55a4f3280ee76f5f1e4b Mon Sep 17 00:00:00 2001 From: "jmc@openbsd.org" Date: Wed, 17 Feb 2016 07:38:19 +0000 Subject: upstream commit since these pages now clearly tell folks to avoid v1, normalise the docs from a v2 perspective (i.e. stop pointing out which bits are v2 only); ok/tweaks djm ok markus Upstream-ID: eb474f8c36fb6a532dc05c282f7965e38dcfa129 --- ssh-keygen.1 | 14 ++++++++----- ssh-keysign.8 | 6 +++--- ssh.1 | 66 ++++++++++++++++++++++------------------------------------- ssh_config.5 | 23 +++++---------------- sshd.8 | 16 +++++++-------- sshd_config.5 | 27 +++++++----------------- 6 files changed, 55 insertions(+), 97 deletions(-) (limited to 'sshd.8') diff --git a/ssh-keygen.1 b/ssh-keygen.1 index 74b3124f5..37a4fc2b2 100644 --- a/ssh-keygen.1 +++ b/ssh-keygen.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-keygen.1,v 1.129 2015/11/13 04:34:15 djm Exp $ +.\" $OpenBSD: ssh-keygen.1,v 1.130 2016/02/17 07:38:19 jmc Exp $ .\" .\" Author: Tatu Ylonen .\" Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -35,7 +35,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: November 13 2015 $ +.Dd $Mdocdate: February 17 2016 $ .Dt SSH-KEYGEN 1 .Os .Sh NAME @@ -141,8 +141,12 @@ generates, manages and converts authentication keys for .Xr ssh 1 . .Nm -can create RSA keys for use by SSH protocol version 1 and -DSA, ECDSA, Ed25519 or RSA keys for use by SSH protocol version 2. +can create keys for use by SSH protocol versions 1 and 2. +Protocol 1 should not be used +and is only offered to support legacy devices. +It suffers from a number of cryptographic weaknesses +and doesn't support many of the advanced features available for protocol 2. +.Pp The type of key to be generated is specified with the .Fl t option. @@ -474,7 +478,7 @@ At present, no options are valid for host keys. .It Fl o Causes .Nm -to save SSH protocol 2 private keys using the new OpenSSH format rather than +to save private keys using the new OpenSSH format rather than the more compatible PEM format. The new format has increased resistance to brute-force password cracking but is not supported by versions of OpenSSH prior to 6.5. diff --git a/ssh-keysign.8 b/ssh-keysign.8 index 69d082954..19b0dbc53 100644 --- a/ssh-keysign.8 +++ b/ssh-keysign.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-keysign.8,v 1.14 2013/12/07 11:58:46 naddy Exp $ +.\" $OpenBSD: ssh-keysign.8,v 1.15 2016/02/17 07:38:19 jmc Exp $ .\" .\" Copyright (c) 2002 Markus Friedl. All rights reserved. .\" @@ -22,7 +22,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: December 7 2013 $ +.Dd $Mdocdate: February 17 2016 $ .Dt SSH-KEYSIGN 8 .Os .Sh NAME @@ -35,7 +35,7 @@ is used by .Xr ssh 1 to access the local host keys and generate the digital signature -required during host-based authentication with SSH protocol version 2. +required during host-based authentication. .Pp .Nm is disabled by default and can only be enabled in the diff --git a/ssh.1 b/ssh.1 index afc3537b0..cc5334338 100644 --- a/ssh.1 +++ b/ssh.1 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.368 2016/02/16 07:47:54 jmc Exp $ -.Dd $Mdocdate: February 16 2016 $ +.\" $OpenBSD: ssh.1,v 1.369 2016/02/17 07:38:19 jmc Exp $ +.Dd $Mdocdate: February 17 2016 $ .Dt SSH 1 .Os .Sh NAME @@ -402,17 +402,15 @@ in for details. .Pp .It Fl m Ar mac_spec -Additionally, for protocol version 2 a comma-separated list of MAC -(message authentication code) algorithms can -be specified in order of preference. +A comma-separated list of MAC (message authentication code) algorithms, +specified in order of preference. See the .Cm MACs keyword for more information. .Pp .It Fl N Do not execute a remote command. -This is useful for just forwarding ports -(protocol version 2 only). +This is useful for just forwarding ports. .Pp .It Fl n Redirects stdin from @@ -664,8 +662,8 @@ for details. .Pp .It Fl s May be used to request invocation of a subsystem on the remote system. -Subsystems are a feature of the SSH2 protocol which facilitate the use -of SSH as a secure transport for other applications (eg.\& +Subsystems facilitate the use of SSH +as a secure transport for other applications (e.g.\& .Xr sftp 1 ) . The subsystem is specified as the remote command. .Pp @@ -710,7 +708,6 @@ Implies .Cm ExitOnForwardFailure and .Cm ClearAllForwardings . -Works with Protocol version 2 only. .Pp .It Fl w Xo .Ar local_tun Ns Op : Ns Ar remote_tun @@ -795,8 +792,10 @@ or the and .Fl 2 options (see above). -Protocol 1 should not be used - it suffers from a number of cryptographic -weaknesses and is only offered to support legacy devices. +Protocol 1 should not be used +and is only offered to support legacy devices. +It suffers from a number of cryptographic weaknesses +and doesn't support many of the advanced features available for protocol 2. .Pp The methods available for authentication are: GSSAPI-based authentication, @@ -805,8 +804,9 @@ public key authentication, challenge-response authentication, and password authentication. Authentication methods are tried in the order specified above, -though protocol 2 has a configuration option to change the default order: -.Cm PreferredAuthentications . +though +.Cm PreferredAuthentications +can be used to change the default order. .Pp Host-based authentication works as follows: If the machine the user logs in from is listed in @@ -850,8 +850,6 @@ The server knows the public key, and only the user knows the private key. .Nm implements public key authentication protocol automatically, using one of the DSA, ECDSA, Ed25519 or RSA algorithms. -Protocol 1 is restricted to using only RSA keys, -but protocol 2 may use any. The HISTORY section of .Xr ssl 8 contains a brief discussion of the DSA and RSA algorithms. @@ -873,26 +871,26 @@ This stores the private key in .Pa ~/.ssh/identity (protocol 1), .Pa ~/.ssh/id_dsa -(protocol 2 DSA), +(DSA), .Pa ~/.ssh/id_ecdsa -(protocol 2 ECDSA), +(ECDSA), .Pa ~/.ssh/id_ed25519 -(protocol 2 Ed25519), +(Ed25519), or .Pa ~/.ssh/id_rsa -(protocol 2 RSA) +(RSA) and stores the public key in .Pa ~/.ssh/identity.pub (protocol 1), .Pa ~/.ssh/id_dsa.pub -(protocol 2 DSA), +(DSA), .Pa ~/.ssh/id_ecdsa.pub -(protocol 2 ECDSA), +(ECDSA), .Pa ~/.ssh/id_ed25519.pub -(protocol 2 Ed25519), +(Ed25519), or .Pa ~/.ssh/id_rsa.pub -(protocol 2 RSA) +(RSA) in the user's home directory. The user should then copy the public key to @@ -930,8 +928,6 @@ Challenge-response authentication works as follows: The server sends an arbitrary .Qq challenge text, and prompts for a response. -Protocol 2 allows multiple challenges and responses; -protocol 1 is restricted to just one challenge/response. Examples of challenge-response authentication include .Bx Authentication (see @@ -1030,7 +1026,7 @@ at logout when waiting for forwarded connection / X11 sessions to terminate. Display a list of escape characters. .It Cm ~B Send a BREAK to the remote system -(only useful for SSH protocol version 2 and if the peer supports it). +(only useful if the peer supports it). .It Cm ~C Open command line. Currently this allows the addition of port forwardings using the @@ -1063,7 +1059,7 @@ Basic help is available, using the option. .It Cm ~R Request rekeying of the connection -(only useful for SSH protocol version 2 and if the peer supports it). +(only useful if the peer supports it). .It Cm ~V Decrease the verbosity .Pq Ic LogLevel @@ -1531,20 +1527,6 @@ The file format and configuration options are described in .It Pa /etc/ssh/ssh_host_rsa_key These files contain the private parts of the host keys and are used for host-based authentication. -If protocol version 1 is used, -.Nm -must be setuid root, since the host key is readable only by root. -For protocol version 2, -.Nm -uses -.Xr ssh-keysign 8 -to access the host keys, -eliminating the requirement that -.Nm -be setuid root when host-based authentication is used. -By default -.Nm -is not setuid root. .Pp .It Pa /etc/ssh/ssh_known_hosts Systemwide list of known host keys. diff --git a/ssh_config.5 b/ssh_config.5 index c8ccfecb4..fcd538066 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.225 2016/02/16 05:11:04 djm Exp $ -.Dd $Mdocdate: February 16 2016 $ +.\" $OpenBSD: ssh_config.5,v 1.226 2016/02/17 07:38:19 jmc Exp $ +.Dd $Mdocdate: February 17 2016 $ .Dt SSH_CONFIG 5 .Os .Sh NAME @@ -824,12 +824,10 @@ The default is Specifies whether user authentication based on GSSAPI is allowed. The default is .Dq no . -Note that this option applies to protocol version 2 only. .It Cm GSSAPIDelegateCredentials Forward (delegate) credentials to the server. The default is .Dq no . -Note that this option applies to protocol version 2 only. .It Cm HashKnownHosts Indicates that .Xr ssh 1 @@ -856,9 +854,6 @@ or .Dq no . The default is .Dq no . -This option applies to protocol version 2 only and -is similar to -.Cm RhostsRSAAuthentication . .It Cm HostbasedKeyTypes Specifies the key types that will be used for hostbased authentication as a comma-separated pattern list. @@ -883,7 +878,7 @@ option of .Xr ssh 1 may be used to list supported key types. .It Cm HostKeyAlgorithms -Specifies the protocol version 2 host key algorithms +Specifies the host key algorithms that the client wants to use in order of preference. Alternately if the specified value begins with a .Sq + @@ -1170,8 +1165,7 @@ DEBUG2 and DEBUG3 each specify higher levels of verbose output. .It Cm MACs Specifies the MAC (message authentication code) algorithms in order of preference. -The MAC algorithm is used in protocol version 2 -for data integrity protection. +The MAC algorithm is used for data integrity protection. Multiple algorithms must be comma-separated. If the specified value begins with a .Sq + @@ -1243,8 +1237,7 @@ private RSA key. Specifies the port number to connect on the remote host. The default is 22. .It Cm PreferredAuthentications -Specifies the order in which the client should try protocol 2 -authentication methods. +Specifies the order in which the client should try authentication methods. This allows a client to prefer one method (e.g.\& .Cm keyboard-interactive ) over another method (e.g.\& @@ -1353,7 +1346,6 @@ or .Dq no . The default is .Dq yes . -This option applies to protocol version 2 only. .It Cm RekeyLimit Specifies the maximum amount of data that may be transmitted before the session key is renegotiated, optionally followed a maximum amount of @@ -1379,7 +1371,6 @@ is .Dq default none , which means that rekeying is performed after the cipher's default amount of data has been sent or received and no time based rekeying is done. -This option applies to protocol version 2 only. .It Cm RemoteForward Specifies that a TCP port on the remote machine be forwarded over the secure channel to the specified host and port from the local machine. @@ -1472,7 +1463,6 @@ Note that this option applies to protocol version 1 only. Specifies what variables from the local .Xr environ 7 should be sent to the server. -Note that environment passing is only supported for protocol 2. The server must also support it, and the server must be configured to accept these environment variables. Note that the @@ -1520,7 +1510,6 @@ If, for example, .Cm ServerAliveCountMax is left at the default, if the server becomes unresponsive, ssh will disconnect after approximately 45 seconds. -This option applies to protocol version 2 only. .It Cm ServerAliveInterval Sets a timeout interval in seconds after which if no data has been received from the server, @@ -1529,7 +1518,6 @@ will send a message through the encrypted channel to request a response from the server. The default is 0, indicating that these messages will not be sent to the server. -This option applies to protocol version 2 only. .It Cm StreamLocalBindMask Sets the octal file creation mode mask .Pq umask @@ -1726,7 +1714,6 @@ or .Dq ask . The default is .Dq no . -Note that this option applies to protocol version 2 only. .Pp See also VERIFYING HOST KEYS in .Xr ssh 1 . diff --git a/sshd.8 b/sshd.8 index e658523a5..6c521f23e 100644 --- a/sshd.8 +++ b/sshd.8 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.283 2016/02/05 03:07:06 djm Exp $ -.Dd $Mdocdate: February 5 2016 $ +.\" $OpenBSD: sshd.8,v 1.284 2016/02/17 07:38:19 jmc Exp $ +.Dd $Mdocdate: February 17 2016 $ .Dt SSHD 8 .Os .Sh NAME @@ -275,14 +275,12 @@ though this can be changed via the .Cm Protocol option in .Xr sshd_config 5 . -Protocol 2 supports DSA, ECDSA, Ed25519 and RSA keys; -protocol 1 only supports RSA keys. -For both protocols, -each host has a host-specific key, -normally 2048 bits, -used to identify the host. +Protocol 1 should not be used +and is only offered to support legacy devices. .Pp -Forward security for protocol 1 is provided through +Each host has a host-specific key, +used to identify the host. +Partial forward security for protocol 1 is provided through an additional server key, normally 1024 bits, generated when the server starts. diff --git a/sshd_config.5 b/sshd_config.5 index 711a02524..ef9190568 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.218 2016/02/16 05:11:04 djm Exp $ -.Dd $Mdocdate: February 16 2016 $ +.\" $OpenBSD: sshd_config.5,v 1.219 2016/02/17 07:38:19 jmc Exp $ +.Dd $Mdocdate: February 17 2016 $ .Dt SSHD_CONFIG 5 .Os .Sh NAME @@ -70,8 +70,7 @@ See in .Xr ssh_config 5 for how to configure the client. -Note that environment passing is only supported for protocol 2, and -that the +The .Ev TERM environment variable is always sent whenever the client requests a pseudo-terminal as it is required by the protocol. @@ -226,7 +225,7 @@ of .Dq publickey,publickey will require successful authentication using two different public keys. .Pp -This option is only available for SSH protocol 2 and will yield a fatal +This option will yield a fatal error if enabled if protocol 1 is also enabled. Note that each authentication method listed should also be explicitly enabled in the configuration. @@ -373,7 +372,6 @@ authentication is allowed. If the argument is .Dq none then no banner is displayed. -This option is only available for protocol version 2. By default, no banner is displayed. .It Cm ChallengeResponseAuthentication Specifies whether challenge-response authentication is allowed (e.g. via @@ -437,7 +435,7 @@ The default is indicating not to .Xr chroot 2 . .It Cm Ciphers -Specifies the ciphers allowed for protocol version 2. +Specifies the ciphers allowed. Multiple ciphers must be comma-separated. If the specified value begins with a .Sq + @@ -518,7 +516,6 @@ If .Cm ClientAliveCountMax is left at the default, unresponsive SSH clients will be disconnected after approximately 45 seconds. -This option applies to protocol version 2 only. .It Cm ClientAliveInterval Sets a timeout interval in seconds after which if no data has been received from the client, @@ -527,7 +524,6 @@ will send a message through the encrypted channel to request a response from the client. The default is 0, indicating that these messages will not be sent to the client. -This option applies to protocol version 2 only. .It Cm Compression Specifies whether compression is allowed, or delayed until the user has authenticated successfully. @@ -627,13 +623,11 @@ The default is Specifies whether user authentication based on GSSAPI is allowed. The default is .Dq no . -Note that this option applies to protocol version 2 only. .It Cm GSSAPICleanupCredentials Specifies whether to automatically destroy the user's credentials cache on logout. The default is .Dq yes . -Note that this option applies to protocol version 2 only. .It Cm GSSAPIStrictAcceptorCheck Determines whether to be strict about the identity of the GSSAPI acceptor a client authenticates against. @@ -676,9 +670,6 @@ may be used to list supported key types. Specifies whether rhosts or /etc/hosts.equiv authentication together with successful public key client host authentication is allowed (host-based authentication). -This option is similar to -.Cm RhostsRSAAuthentication -and applies to protocol version 2 only. The default is .Dq no . .It Cm HostbasedUsesNameFromPacketOnly @@ -749,7 +740,7 @@ is specified, the location of the socket will be read from the .Ev SSH_AUTH_SOCK environment variable. .It Cm HostKeyAlgorithms -Specifies the protocol version 2 host key algorithms +Specifies the host key algorithms that the server offers. The default for this option is: .Bd -literal -offset 3n @@ -970,8 +961,7 @@ DEBUG2 and DEBUG3 each specify higher levels of debugging output. Logging with a DEBUG level violates the privacy of users and is not recommended. .It Cm MACs Specifies the available MAC (message authentication code) algorithms. -The MAC algorithm is used in protocol version 2 -for data integrity protection. +The MAC algorithm is used for data integrity protection. Multiple algorithms must be comma-separated. If the specified value begins with a .Sq + @@ -1380,7 +1370,6 @@ may be used to list supported key types. Specifies whether public key authentication is allowed. The default is .Dq yes . -Note that this option applies to protocol version 2 only. .It Cm RekeyLimit Specifies the maximum amount of data that may be transmitted before the session key is renegotiated, optionally followed a maximum amount of @@ -1406,7 +1395,6 @@ is .Dq default none , which means that rekeying is performed after the cipher's default amount of data has been sent or received and no time based rekeying is done. -This option applies to protocol version 2 only. .It Cm RevokedKeys Specifies revoked public keys file, or .Dq none @@ -1493,7 +1481,6 @@ This may simplify configurations using to force a different filesystem root on clients. .Pp By default no subsystems are defined. -Note that this option applies to protocol version 2 only. .It Cm SyslogFacility Gives the facility code that is used when logging messages from .Xr sshd 8 . -- cgit v1.2.3 From 9496f70a8203592158275489519996476b2356af Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Tue, 7 Oct 2014 13:22:41 +0100 Subject: Restore TCP wrappers support Support for TCP wrappers was dropped in OpenSSH 6.7. See this message and thread: https://lists.mindrot.org/pipermail/openssh-unix-dev/2014-April/032497.html It is true that this reduces preauth attack surface in sshd. On the other hand, this support seems to be quite widely used, and abruptly dropping it (from the perspective of users who don't read openssh-unix-dev) could easily cause more serious problems in practice. It's not entirely clear what the right long-term answer for Debian is, but it at least probably doesn't involve dropping this feature shortly before a freeze. Forwarded: not-needed Last-Update: 2014-10-07 Patch-Name: restore-tcp-wrappers.patch --- configure.ac | 57 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ sshd.8 | 7 +++++++ sshd.c | 25 +++++++++++++++++++++++++ 3 files changed, 89 insertions(+) (limited to 'sshd.8') diff --git a/configure.ac b/configure.ac index 5f1ff740f..5d720f77a 100644 --- a/configure.ac +++ b/configure.ac @@ -1481,6 +1481,62 @@ AC_ARG_WITH([skey], ] ) +# Check whether user wants TCP wrappers support +TCPW_MSG="no" +AC_ARG_WITH([tcp-wrappers], + [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)], + [ + if test "x$withval" != "xno" ; then + saved_LIBS="$LIBS" + saved_LDFLAGS="$LDFLAGS" + saved_CPPFLAGS="$CPPFLAGS" + if test -n "${withval}" && \ + test "x${withval}" != "xyes"; then + if test -d "${withval}/lib"; then + if test -n "${need_dash_r}"; then + LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" + else + LDFLAGS="-L${withval}/lib ${LDFLAGS}" + fi + else + if test -n "${need_dash_r}"; then + LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}" + else + LDFLAGS="-L${withval} ${LDFLAGS}" + fi + fi + if test -d "${withval}/include"; then + CPPFLAGS="-I${withval}/include ${CPPFLAGS}" + else + CPPFLAGS="-I${withval} ${CPPFLAGS}" + fi + fi + LIBS="-lwrap $LIBS" + AC_MSG_CHECKING([for libwrap]) + AC_LINK_IFELSE([AC_LANG_PROGRAM([[ +#include +#include +#include +#include +int deny_severity = 0, allow_severity = 0; + ]], [[ + hosts_access(0); + ]])], [ + AC_MSG_RESULT([yes]) + AC_DEFINE([LIBWRAP], [1], + [Define if you want + TCP Wrappers support]) + SSHDLIBS="$SSHDLIBS -lwrap" + TCPW_MSG="yes" + ], [ + AC_MSG_ERROR([*** libwrap missing]) + + ]) + LIBS="$saved_LIBS" + fi + ] +) + # Check whether user wants to use ldns LDNS_MSG="no" AC_ARG_WITH(ldns, @@ -5003,6 +5059,7 @@ echo " KerberosV support: $KRB5_MSG" echo " SELinux support: $SELINUX_MSG" echo " Smartcard support: $SCARD_MSG" echo " S/KEY support: $SKEY_MSG" +echo " TCP Wrappers support: $TCPW_MSG" echo " MD5 password support: $MD5_MSG" echo " libedit support: $LIBEDIT_MSG" echo " Solaris process contract support: $SPC_MSG" diff --git a/sshd.8 b/sshd.8 index 6c521f23e..589841fcc 100644 --- a/sshd.8 +++ b/sshd.8 @@ -880,6 +880,12 @@ the user's home directory becomes accessible. This file should be writable only by the user, and need not be readable by anyone else. .Pp +.It Pa /etc/hosts.allow +.It Pa /etc/hosts.deny +Access controls that should be enforced by tcp-wrappers are defined here. +Further details are described in +.Xr hosts_access 5 . +.Pp .It Pa /etc/hosts.equiv This file is for host-based authentication (see .Xr ssh 1 ) . @@ -986,6 +992,7 @@ The content of this file is not sensitive; it can be world-readable. .Xr ssh-keygen 1 , .Xr ssh-keyscan 1 , .Xr chroot 2 , +.Xr hosts_access 5 , .Xr login.conf 5 , .Xr moduli 5 , .Xr sshd_config 5 , diff --git a/sshd.c b/sshd.c index 5cd9129d0..d1dd711fc 100644 --- a/sshd.c +++ b/sshd.c @@ -129,6 +129,13 @@ #include #endif +#ifdef LIBWRAP +#include +#include +int allow_severity; +int deny_severity; +#endif /* LIBWRAP */ + #ifndef O_NOCTTY #define O_NOCTTY 0 #endif @@ -2151,6 +2158,24 @@ main(int ac, char **av) #ifdef SSH_AUDIT_EVENTS audit_connection_from(remote_ip, remote_port); #endif +#ifdef LIBWRAP + allow_severity = options.log_facility|LOG_INFO; + deny_severity = options.log_facility|LOG_WARNING; + /* Check whether logins are denied from this host. */ + if (packet_connection_is_on_socket()) { + struct request_info req; + + request_init(&req, RQ_DAEMON, __progname, RQ_FILE, sock_in, 0); + fromhost(&req); + + if (!hosts_access(&req)) { + debug("Connection refused by tcp wrapper"); + refuse(&req); + /* NOTREACHED */ + fatal("libwrap refuse returns"); + } + } +#endif /* LIBWRAP */ /* Log the connection. */ laddr = get_local_ipaddr(sock_in); -- cgit v1.2.3 From 5a19d59c0b76162929545ad1bc92e7de69ce9a7b Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Sun, 9 Feb 2014 16:10:09 +0000 Subject: Adjust various OpenBSD-specific references in manual pages No single bug reference for this patch, but history includes: http://bugs.debian.org/154434 (login.conf(5)) http://bugs.debian.org/513417 (/etc/rc) http://bugs.debian.org/530692 (ssl(8)) https://bugs.launchpad.net/bugs/456660 (ssl(8)) Forwarded: not-needed Last-Update: 2014-10-07 Patch-Name: openbsd-docs.patch --- moduli.5 | 4 ++-- ssh-keygen.1 | 12 ++++-------- ssh.1 | 4 ++++ sshd.8 | 5 ++--- sshd_config.5 | 3 +-- 5 files changed, 13 insertions(+), 15 deletions(-) (limited to 'sshd.8') diff --git a/moduli.5 b/moduli.5 index ef0de0850..149846c8c 100644 --- a/moduli.5 +++ b/moduli.5 @@ -21,7 +21,7 @@ .Nd Diffie-Hellman moduli .Sh DESCRIPTION The -.Pa /etc/moduli +.Pa /etc/ssh/moduli file contains prime numbers and generators for use by .Xr sshd 8 in the Diffie-Hellman Group Exchange key exchange method. @@ -110,7 +110,7 @@ first estimates the size of the modulus required to produce enough Diffie-Hellman output to sufficiently key the selected symmetric cipher. .Xr sshd 8 then randomly selects a modulus from -.Fa /etc/moduli +.Fa /etc/ssh/moduli that best meets the size requirement. .Sh SEE ALSO .Xr ssh-keygen 1 , diff --git a/ssh-keygen.1 b/ssh-keygen.1 index 37a4fc2b2..24bed5f61 100644 --- a/ssh-keygen.1 +++ b/ssh-keygen.1 @@ -178,9 +178,7 @@ key in .Pa ~/.ssh/id_ed25519 or .Pa ~/.ssh/id_rsa . -Additionally, the system administrator may use this to generate host keys, -as seen in -.Pa /etc/rc . +Additionally, the system administrator may use this to generate host keys. .Pp Normally this program generates the key and asks for a file in which to store the private key. @@ -227,9 +225,7 @@ For each of the key types (rsa1, rsa, dsa, ecdsa and ed25519) for which host keys do not exist, generate the host keys with the default key file path, an empty passphrase, default bits for the key type, and default comment. -This is used by -.Pa /etc/rc -to generate new host keys. +This is used by system administration scripts to generate new host keys. .It Fl a Ar rounds When saving a new-format private key (i.e. an ed25519 key or any SSH protocol 2 key when the @@ -642,7 +638,7 @@ option. Valid generator values are 2, 3, and 5. .Pp Screened DH groups may be installed in -.Pa /etc/moduli . +.Pa /etc/ssh/moduli . It is important that this file contains moduli of a range of bit lengths and that both ends of a connection share common moduli. .Sh CERTIFICATES @@ -841,7 +837,7 @@ on all machines where the user wishes to log in using public key authentication. There is no need to keep the contents of this file secret. .Pp -.It Pa /etc/moduli +.It Pa /etc/ssh/moduli Contains Diffie-Hellman groups used for DH-GEX. The file format is described in .Xr moduli 5 . diff --git a/ssh.1 b/ssh.1 index feb0e8919..41e0aabd2 100644 --- a/ssh.1 +++ b/ssh.1 @@ -852,6 +852,10 @@ implements public key authentication protocol automatically, using one of the DSA, ECDSA, Ed25519 or RSA algorithms. The HISTORY section of .Xr ssl 8 +(on non-OpenBSD systems, see +.nh +http://www.openbsd.org/cgi\-bin/man.cgi?query=ssl&sektion=8#HISTORY) +.hy contains a brief discussion of the DSA and RSA algorithms. .Pp The file diff --git a/sshd.8 b/sshd.8 index 589841fcc..58eefe911 100644 --- a/sshd.8 +++ b/sshd.8 @@ -67,7 +67,7 @@ over an insecure network. .Nm listens for connections from clients. It is normally started at boot from -.Pa /etc/rc . +.Pa /etc/init.d/ssh . It forks a new daemon for each incoming connection. The forked daemons handle @@ -891,7 +891,7 @@ This file is for host-based authentication (see .Xr ssh 1 ) . It should only be writable by root. .Pp -.It Pa /etc/moduli +.It Pa /etc/ssh/moduli Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange" key exchange method. The file format is described in @@ -993,7 +993,6 @@ The content of this file is not sensitive; it can be world-readable. .Xr ssh-keyscan 1 , .Xr chroot 2 , .Xr hosts_access 5 , -.Xr login.conf 5 , .Xr moduli 5 , .Xr sshd_config 5 , .Xr inetd 8 , diff --git a/sshd_config.5 b/sshd_config.5 index b56564044..4d255e5ce 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -375,8 +375,7 @@ then no banner is displayed. By default, no banner is displayed. .It Cm ChallengeResponseAuthentication Specifies whether challenge-response authentication is allowed (e.g. via -PAM or through authentication styles supported in -.Xr login.conf 5 ) +PAM). The default is .Dq yes . .It Cm ChrootDirectory -- cgit v1.2.3 From 2c7520d8d6245868704cf01dd572cce744663173 Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Sun, 9 Feb 2014 16:10:12 +0000 Subject: Refer to ssh's Upstart job as well as its init script Forwarded: not-needed Last-Update: 2013-09-14 Patch-Name: doc-upstart.patch --- sshd.8 | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'sshd.8') diff --git a/sshd.8 b/sshd.8 index 58eefe911..4e7556736 100644 --- a/sshd.8 +++ b/sshd.8 @@ -67,7 +67,10 @@ over an insecure network. .Nm listens for connections from clients. It is normally started at boot from -.Pa /etc/init.d/ssh . +.Pa /etc/init.d/ssh +(or +.Pa /etc/init/ssh.conf +on systems using the Upstart init daemon). It forks a new daemon for each incoming connection. The forked daemons handle -- cgit v1.2.3