*/
#include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.171 2001/03/04 01:46:30 djm Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.178 2001/03/23 14:28:32 markus Exp $");
#include <openssl/dh.h>
#include <openssl/bn.h>
* not very useful. Currently, memory locking is not implemented.
*/
struct {
- Key *server_key; /* empheral server key */
+ Key *server_key; /* ephemeral server key */
Key *ssh1_host_key; /* ssh1 host key */
Key **host_keys; /* all private host keys */
int have_ssh1_key;
* problems.
*/
void
-generate_empheral_server_key(void)
+generate_ephemeral_server_key(void)
{
u_int32_t rand = 0;
int i;
fatal_cleanup();
}
if (buf[i] == '\r') {
- buf[i] = '\n';
- buf[i + 1] = 0;
+ buf[i] = 0;
/* Kludge for F-Secure Macintosh < 1.0.2 */
if (i == 12 &&
strncmp(buf, "SSH-1.5-W1.0", 12) == 0)
continue;
}
if (buf[i] == '\n') {
- /* buf[i] == '\n' */
- buf[i + 1] = 0;
+ buf[i] = 0;
break;
}
}
compat_datafellows(remote_version);
+ if (datafellows & SSH_BUG_SCANNER) {
+ log("scanned from %s with %s. Don't panic.",
+ get_remote_ipaddr(), client_version_string);
+ fatal_cleanup();
+ }
+
mismatch = 0;
switch(remote_major) {
case 1:
break;
}
chop(server_version_string);
- chop(client_version_string);
debug("Local version string %.200s", server_version_string);
if (mismatch) {
options.log_facility == -1 ? SYSLOG_FACILITY_AUTH : options.log_facility,
!inetd_flag);
+ seed_rng();
+
/* Read server configuration options from the configuration file. */
read_server_config(&options, config_file_name);
options.protocol &= ~SSH_PROTO_2;
}
if (!(options.protocol & (SSH_PROTO_1|SSH_PROTO_2))) {
- log("sshd: no hostkeys available -- exiting.\n");
+ log("sshd: no hostkeys available -- exiting.");
exit(1);
}
/* Chdir to the root directory so that the current disk can be
unmounted if desired. */
chdir("/");
+
+ /* ignore SIGPIPE */
+ signal(SIGPIPE, SIG_IGN);
/* Start listening for a socket, unless started from inetd. */
if (inetd_flag) {
*/
debug("inetd sockets after dupping: %d, %d", sock_in, sock_out);
if (options.protocol & SSH_PROTO_1)
- generate_empheral_server_key();
+ generate_ephemeral_server_key();
} else {
for (ai = options.listen_addrs; ai; ai = ai->ai_next) {
if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
}
}
if (options.protocol & SSH_PROTO_1)
- generate_empheral_server_key();
+ generate_ephemeral_server_key();
/* Arrange to restart on SIGHUP. The handler needs listen_sock. */
signal(SIGHUP, sighup_handler);
if (ret < 0 && errno != EINTR)
error("select: %.100s", strerror(errno));
if (key_used && key_do_regen) {
- generate_empheral_server_key();
+ generate_ephemeral_server_key();
key_used = 0;
key_do_regen = 0;
}
}
myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = list_hostkey_types();
+ myproposal[PROPOSAL_ENC_ALGS_STOC] =
+ compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_STOC]);
+
server_kexinit = kex_init(myproposal);
client_kexinit = xmalloc(sizeof(*client_kexinit));
buffer_init(client_kexinit);
/* KEXDH */
/* generate DH key */
dh = dh_new_group1(); /* XXX depends on 'kex' */
- dh_gen_key(dh);
+ dh_gen_key(dh, kex->we_need * 8);
debug("Wait SSH2_MSG_KEXDH_INIT.");
packet_read_expect(&payload_len, SSH2_MSG_KEXDH_INIT);
/* Compute our exchange value in parallel with the client */
- dh_gen_key(dh);
+ dh_gen_key(dh, kex->we_need * 8);
debug("Wait SSH2_MSG_KEX_DH_GEX_INIT.");
packet_read_expect(&payload_len, SSH2_MSG_KEX_DH_GEX_INIT);