[session.c]
use more portable tcsendbreak(3) and ignore break_length;
ok deraadt, millert
+ - markus@cvs.openbsd.org 2003/08/13 08:46:31
+ [auth1.c readconf.c readconf.h servconf.c servconf.h ssh.c ssh_config
+ ssh_config.5 sshconnect1.c sshd.8 sshd.c sshd_config sshd_config.5]
+ remove RhostsAuthentication; suggested by djm@ before; ok djm@, deraadt@,
+ fgsch@, miod@, henning@, jakob@ and others
20030811
- (dtucker) OpenBSD CVS Sync
*/
#include "includes.h"
-RCSID("$OpenBSD: auth1.c,v 1.49 2003/07/22 13:35:22 markus Exp $");
+RCSID("$OpenBSD: auth1.c,v 1.50 2003/08/13 08:46:30 markus Exp $");
#include "xmalloc.h"
#include "rsa.h"
break;
#endif
- case SSH_CMSG_AUTH_RHOSTS:
- if (!options.rhosts_authentication) {
- verbose("Rhosts authentication disabled.");
- break;
- }
- /*
- * Get client user name. Note that we just have to
- * trust the client; this is one reason why rhosts
- * authentication is insecure. (Another is
- * IP-spoofing on a local network.)
- */
- client_user = packet_get_string(&ulen);
- packet_check_eom();
-
- /* Try to authenticate using /etc/hosts.equiv and .rhosts. */
- authenticated = auth_rhosts(pw, client_user);
-
- snprintf(info, sizeof info, " ruser %.100s", client_user);
- break;
-
case SSH_CMSG_AUTH_RHOSTS_RSA:
if (!options.rhosts_rsa_authentication) {
verbose("Rhosts with RSA authentication disabled.");
*/
#include "includes.h"
-RCSID("$OpenBSD: readconf.c,v 1.115 2003/07/22 13:35:22 markus Exp $");
+RCSID("$OpenBSD: readconf.c,v 1.116 2003/08/13 08:46:30 markus Exp $");
#include "ssh.h"
#include "xmalloc.h"
Host fascist.blob.com
Port 23123
User tylonen
- RhostsAuthentication no
PasswordAuthentication no
Host puukko.hut.fi
Host *
ForwardAgent no
ForwardX11 no
- RhostsAuthentication yes
PasswordAuthentication yes
RSAAuthentication yes
RhostsRSAAuthentication yes
typedef enum {
oBadOption,
- oForwardAgent, oForwardX11, oGatewayPorts, oRhostsAuthentication,
+ oForwardAgent, oForwardX11, oGatewayPorts,
oPasswordAuthentication, oRSAAuthentication,
oChallengeResponseAuthentication, oXAuthLocation,
oKerberosAuthentication, oKerberosTgtPassing,
{ "xauthlocation", oXAuthLocation },
{ "gatewayports", oGatewayPorts },
{ "useprivilegedport", oUsePrivilegedPort },
- { "rhostsauthentication", oRhostsAuthentication },
+ { "rhostsauthentication", oDeprecated },
{ "passwordauthentication", oPasswordAuthentication },
{ "kbdinteractiveauthentication", oKbdInteractiveAuthentication },
{ "kbdinteractivedevices", oKbdInteractiveDevices },
intptr = &options->use_privileged_port;
goto parse_flag;
- case oRhostsAuthentication:
- intptr = &options->rhosts_authentication;
- goto parse_flag;
-
case oPasswordAuthentication:
intptr = &options->password_authentication;
goto parse_flag;
options->xauth_location = NULL;
options->gateway_ports = -1;
options->use_privileged_port = -1;
- options->rhosts_authentication = -1;
options->rsa_authentication = -1;
options->pubkey_authentication = -1;
options->challenge_response_authentication = -1;
options->gateway_ports = 0;
if (options->use_privileged_port == -1)
options->use_privileged_port = 0;
- if (options->rhosts_authentication == -1)
- options->rhosts_authentication = 0;
if (options->rsa_authentication == -1)
options->rsa_authentication = 1;
if (options->pubkey_authentication == -1)
-/* $OpenBSD: readconf.h,v 1.52 2003/07/22 13:35:22 markus Exp $ */
+/* $OpenBSD: readconf.h,v 1.53 2003/08/13 08:46:30 markus Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
char *xauth_location; /* Location for xauth program */
int gateway_ports; /* Allow remote connects to forwarded ports. */
int use_privileged_port; /* Don't use privileged port if false. */
- int rhosts_authentication; /* Try rhosts authentication. */
int rhosts_rsa_authentication; /* Try rhosts with RSA
* authentication. */
int rsa_authentication; /* Try RSA authentication. */
*/
#include "includes.h"
-RCSID("$OpenBSD: servconf.c,v 1.123 2003/07/22 13:35:22 markus Exp $");
+RCSID("$OpenBSD: servconf.c,v 1.124 2003/08/13 08:46:30 markus Exp $");
#include "ssh.h"
#include "log.h"
options->keepalives = -1;
options->log_facility = SYSLOG_FACILITY_NOT_SET;
options->log_level = SYSLOG_LEVEL_NOT_SET;
- options->rhosts_authentication = -1;
options->rhosts_rsa_authentication = -1;
options->hostbased_authentication = -1;
options->hostbased_uses_name_from_packet_only = -1;
options->log_facility = SYSLOG_FACILITY_AUTH;
if (options->log_level == SYSLOG_LEVEL_NOT_SET)
options->log_level = SYSLOG_LEVEL_INFO;
- if (options->rhosts_authentication == -1)
- options->rhosts_authentication = 0;
if (options->rhosts_rsa_authentication == -1)
options->rhosts_rsa_authentication = 0;
if (options->hostbased_authentication == -1)
/* Standard Options */
sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
sPermitRootLogin, sLogFacility, sLogLevel,
- sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication,
+ sRhostsRSAAuthentication, sRSAAuthentication,
sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
sKerberosTgtPassing, sChallengeResponseAuthentication,
sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress,
{ "permitrootlogin", sPermitRootLogin },
{ "syslogfacility", sLogFacility },
{ "loglevel", sLogLevel },
- { "rhostsauthentication", sRhostsAuthentication },
+ { "rhostsauthentication", sDeprecated },
{ "rhostsrsaauthentication", sRhostsRSAAuthentication },
{ "hostbasedauthentication", sHostbasedAuthentication },
{ "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly },
intptr = &options->ignore_user_known_hosts;
goto parse_flag;
- case sRhostsAuthentication:
- intptr = &options->rhosts_authentication;
- goto parse_flag;
-
case sRhostsRSAAuthentication:
intptr = &options->rhosts_rsa_authentication;
goto parse_flag;
-/* $OpenBSD: servconf.h,v 1.62 2003/07/22 13:35:22 markus Exp $ */
+/* $OpenBSD: servconf.h,v 1.63 2003/08/13 08:46:30 markus Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
int gateway_ports; /* If true, allow remote connects to forwarded ports. */
SyslogFacility log_facility; /* Facility for system logging. */
LogLevel log_level; /* Level for system logging. */
- int rhosts_authentication; /* If true, permit rhosts
- * authentication. */
int rhosts_rsa_authentication; /* If true, permit rhosts RSA
* authentication. */
int hostbased_authentication; /* If true, permit ssh2 hostbased auth */
*/
#include "includes.h"
-RCSID("$OpenBSD: ssh.c,v 1.198 2003/07/22 13:35:22 markus Exp $");
+RCSID("$OpenBSD: ssh.c,v 1.199 2003/08/13 08:46:30 markus Exp $");
#include <openssl/evp.h>
#include <openssl/err.h>
strcmp(options.proxy_command, "none") == 0)
options.proxy_command = NULL;
- /* Disable rhosts authentication if not running as root. */
-#ifdef HAVE_CYGWIN
- /* Ignore uid if running under Windows */
- if (!options.use_privileged_port) {
-#else
- if (original_effective_uid != 0 || !options.use_privileged_port) {
-#endif
- debug("Rhosts Authentication disabled, "
- "originating port will not be trusted.");
- options.rhosts_authentication = 0;
- }
/* Open a connection to the remote host. */
-
if (ssh_connect(host, &hostaddr, options.port,
options.address_family, options.connection_attempts,
#ifdef HAVE_CYGWIN
-# $OpenBSD: ssh_config,v 1.18 2003/05/16 03:27:12 djm Exp $
+# $OpenBSD: ssh_config,v 1.19 2003/08/13 08:46:31 markus Exp $
# This is the ssh client system-wide configuration file. See
# ssh_config(5) for more information. This file provides defaults for
# Host *
# ForwardAgent no
# ForwardX11 no
-# RhostsAuthentication no
# RhostsRSAAuthentication no
# RSAAuthentication yes
# PasswordAuthentication yes
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: ssh_config.5,v 1.16 2003/07/22 13:35:22 markus Exp $
+.\" $OpenBSD: ssh_config.5,v 1.17 2003/08/13 08:46:31 markus Exp $
.Dd September 25, 1999
.Dt SSH_CONFIG 5
.Os
Multiple forwardings may be specified, and additional
forwardings can be given on the command line.
Only the superuser can forward privileged ports.
-.It Cm RhostsAuthentication
-Specifies whether to try rhosts based authentication.
-Note that this
-declaration only affects the client side and has no effect whatsoever
-on security.
-Most servers do not permit RhostsAuthentication because it
-is not secure (see
-.Cm RhostsRSAAuthentication ) .
-The argument to this keyword must be
-.Dq yes
-or
-.Dq no .
-The default is
-.Dq no .
-This option applies to protocol version 1 only and requires
-.Nm ssh
-to be setuid root and
-.Cm UsePrivilegedPort
-to be set to
-.Dq yes .
.It Cm RhostsRSAAuthentication
Specifies whether to try rhosts based authentication with RSA host
authentication.
must be setuid root.
Note that this option must be set to
.Dq yes
-if
-.Cm RhostsAuthentication
-and
+for
.Cm RhostsRSAAuthentication
-authentications are needed with older servers.
+with older servers.
.It Cm User
Specifies the user to log in as.
This can be useful when a different user name is used on different machines.
*/
#include "includes.h"
-RCSID("$OpenBSD: sshconnect1.c,v 1.54 2003/07/22 13:35:22 markus Exp $");
+RCSID("$OpenBSD: sshconnect1.c,v 1.55 2003/08/13 08:46:31 markus Exp $");
#include <openssl/bn.h>
#include <openssl/md5.h>
}
#endif /* KRB5 */
- /*
- * Use rhosts authentication if running in privileged socket and we
- * do not wish to remain anonymous.
- */
- if ((supported_authentications & (1 << SSH_AUTH_RHOSTS)) &&
- options.rhosts_authentication) {
- debug("Trying rhosts authentication.");
- packet_start(SSH_CMSG_AUTH_RHOSTS);
- packet_put_cstring(local_user);
- packet_send();
- packet_write_wait();
-
- /* The server should respond with success or failure. */
- type = packet_read();
- if (type == SSH_SMSG_SUCCESS)
- goto success;
- if (type != SSH_SMSG_FAILURE)
- packet_disconnect("Protocol error: got %d in response to rhosts auth",
- type);
- }
/*
* Try .rhosts or /etc/hosts.equiv authentication with RSA host
* authentication.
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: sshd.8,v 1.198 2003/06/10 09:12:12 jmc Exp $
+.\" $OpenBSD: sshd.8,v 1.199 2003/08/13 08:46:31 markus Exp $
.Dd September 25, 1999
.Dt SSHD 8
.Os
from making DNS requests unless the authentication
mechanism or configuration requires it.
Authentication mechanisms that may require DNS include
-.Cm RhostsAuthentication ,
.Cm RhostsRSAAuthentication ,
.Cm HostbasedAuthentication
and using a
*/
#include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.274 2003/07/22 13:35:22 markus Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.275 2003/08/13 08:46:31 markus Exp $");
#include <openssl/dh.h>
#include <openssl/bn.h>
alarm(options.login_grace_time);
sshd_exchange_identification(sock_in, sock_out);
- /*
- * Check that the connection comes from a privileged port.
- * Rhosts-Authentication only makes sense from privileged
- * programs. Of course, if the intruder has root access on his local
- * machine, he can connect from any port. So do not use these
- * authentication methods from machines that you do not trust.
- */
- if (options.rhosts_authentication &&
- (remote_port >= IPPORT_RESERVED ||
- remote_port < IPPORT_RESERVED / 2)) {
- debug("Rhosts Authentication disabled, "
- "originating port %d not trusted.", remote_port);
- options.rhosts_authentication = 0;
- }
+
#ifdef KRB5
if (!packet_connection_is_ipv4() &&
options.kerberos_authentication) {
/* Declare supported authentication types. */
auth_mask = 0;
- if (options.rhosts_authentication)
- auth_mask |= 1 << SSH_AUTH_RHOSTS;
if (options.rhosts_rsa_authentication)
auth_mask |= 1 << SSH_AUTH_RHOSTS_RSA;
if (options.rsa_authentication)
-# $OpenBSD: sshd_config,v 1.62 2003/07/23 07:42:43 markus Exp $
+# $OpenBSD: sshd_config,v 1.63 2003/08/13 08:46:31 markus Exp $
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
#PubkeyAuthentication yes
#AuthorizedKeysFile .ssh/authorized_keys
-# rhosts authentication should not be used
-#RhostsAuthentication no
-# Don't read the user's ~/.rhosts and ~/.shosts files
-#IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
+# Don't read the user's ~/.rhosts and ~/.shosts files
+#IgnoreRhosts yes
# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: sshd_config.5,v 1.21 2003/07/22 13:35:22 markus Exp $
+.\" $OpenBSD: sshd_config.5,v 1.22 2003/08/13 08:46:31 markus Exp $
.Dd September 25, 1999
.Dt SSHD_CONFIG 5
.Os
and
.Pa .shosts
files will not be used in
-.Cm RhostsAuthentication ,
.Cm RhostsRSAAuthentication
or
.Cm HostbasedAuthentication .
The default is
.Dq yes .
Note that this option applies to protocol version 2 only.
-.It Cm RhostsAuthentication
-Specifies whether authentication using rhosts or /etc/hosts.equiv
-files is sufficient.
-Normally, this method should not be permitted because it is insecure.
.Cm RhostsRSAAuthentication
should be used
instead, because it performs RSA-based host authentication in addition