20001229
- (bal) Fixed spelling of 'authorized_keys' in ssh-copy-id.1 by Christian
Kurz <shorty@debain.org>
+ - (bal) OpenBSD CVS Update
+ - markus@cvs.openbsd.org 2000/12/28 14:25:51
+ [auth.h auth2.c]
+ count authentication failures only
+ - markus@cvs.openbsd.org 2000/12/28 14:25:03
+ [sshconnect.c]
+ fingerprint for MITM attacks, too.
+ - markus@cvs.openbsd.org 2000/12/28 12:03:57
+ [sshd.8 sshd.c]
+ document -D
+ - markus@cvs.openbsd.org 2000/12/27 14:19:21
+ [serverloop.c]
+ less chatty
+ - markus@cvs.openbsd.org 2000/12/27 12:34
+ [auth1.c sshconnect2.c sshd.c]
+ typo
+ - markus@cvs.openbsd.org 2000/12/27 12:30:19
+ [readconf.c readconf.h ssh.1 sshconnect.c]
+ new option: HostKeyAlias: allow the user to record the host key
+ under a different name. This is useful for ssh tunneling over
+ forwarded connections or if you run multiple sshd's on different
+ ports on the same machine.
+ - markus@cvs.openbsd.org 2000/12/27 11:51:53
+ [ssh.1 ssh.c]
+ multiple -t force pty allocation, document ORIGINAL_COMMAND
+ - markus@cvs.openbsd.org 2000/12/27 11:41:31
+ [sshd.8]
+ update for ssh-2
20001228
- (bal) Patch to add libutil.h to loginrec.c only if the platform has
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * $OpenBSD: auth.h,v 1.8 2000/12/28 14:25:51 markus Exp $
*/
#ifndef AUTH_H
#define AUTH_H
int success;
int valid;
int attempt;
+ int failures;
char *user;
char *service;
struct passwd *pw;
*/
#include "includes.h"
-RCSID("$OpenBSD: auth1.c,v 1.8 2000/12/19 23:17:55 markus Exp $");
+RCSID("$OpenBSD: auth1.c,v 1.9 2000/12/27 12:34:49 markus Exp $");
#ifdef HAVE_OSF_SIA
# include <sia.h>
/*
* read packets and try to authenticate local user 'luser'.
- * return if authentication is successfull. not that pw == NULL
+ * return if authentication is successful. not that pw == NULL
* if the user does not exists or is not allowed to login.
* each auth method has to 'fake' authentication for nonexisting
* users.
} else {
/* Loop until the user has been authenticated or the
connection is closed, do_authloop() returns only if
- authentication is successfull */
+ authentication is successful */
do_authloop(pw, user);
}
if (pw == NULL)
- fatal("internal error, authentication successfull for user '%.100s'", user);
+ fatal("internal error, authentication successful for user '%.100s'", user);
/* The user has been authenticated and accepted. */
packet_start(SSH_SMSG_SUCCESS);
*/
#include "includes.h"
-RCSID("$OpenBSD: auth2.c,v 1.23 2000/12/19 23:17:55 markus Exp $");
+RCSID("$OpenBSD: auth2.c,v 1.24 2000/12/28 14:25:51 markus Exp $");
#ifdef HAVE_OSF_SIA
# include <sia.h>
memset(authctxt, 'a', sizeof(*authctxt));
authctxt->valid = 0;
authctxt->attempt = 0;
+ authctxt->failures = 0;
authctxt->success = 0;
x_authctxt = authctxt; /*XXX*/
if (authctxt == NULL)
fatal("input_userauth_request: no authctxt");
- if (authctxt->attempt++ >= AUTH_FAIL_MAX) {
-#ifdef WITH_AIXAUTHENTICATE
- loginfailed(authctxt->user?authctxt->user:"NOUSER",
- get_canonical_hostname(), "ssh");
-#endif /* WITH_AIXAUTHENTICATE */
- packet_disconnect("too many failed userauth_requests");
- }
user = packet_get_string(NULL);
service = packet_get_string(NULL);
method = packet_get_string(NULL);
debug("userauth-request for user %s service %s method %s", user, service, method);
- debug("attempt #%d", authctxt->attempt);
+ debug("attempt %d failures %d", authctxt->attempt, authctxt->failures);
- if (authctxt->attempt == 1) {
+ if (authctxt->attempt++ == 0) {
/* setup auth context */
struct passwd *pw = NULL;
setproctitle("%s", user);
/* Raise logging level */
if (authenticated == 1 ||
!authctxt->valid ||
- authctxt->attempt >= AUTH_FAIL_LOG ||
+ authctxt->failures >= AUTH_FAIL_LOG ||
strcmp(method, "password") == 0)
authlog = log;
void
userauth_reply(Authctxt *authctxt, int authenticated)
{
+ char *methods;
/* XXX todo: check if multiple auth methods are needed */
if (authenticated == 1) {
#ifdef WITH_AIXAUTHENTICATE
/* now we can break out */
authctxt->success = 1;
} else if (authenticated == 0) {
- char *methods = authmethods_get();
+ if (authctxt->failures++ >= AUTH_FAIL_MAX)
+ packet_disconnect("too many failed userauth_requests");
+ methods = authmethods_get();
packet_start(SSH2_MSG_USERAUTH_FAILURE);
packet_put_cstring(methods);
packet_put_char(0); /* XXX partial success, unused */
*/
#include "includes.h"
-RCSID("$OpenBSD: readconf.c,v 1.51 2000/12/19 23:17:57 markus Exp $");
+RCSID("$OpenBSD: readconf.c,v 1.52 2000/12/27 12:30:19 markus Exp $");
#include "ssh.h"
#include "readconf.h"
oCompressionLevel, oKeepAlives, oNumberOfPasswordPrompts, oTISAuthentication,
oUsePrivilegedPort, oLogLevel, oCiphers, oProtocol,
oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication,
- oKbdInteractiveAuthentication, oKbdInteractiveDevices
+ oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias
} OpCodes;
/* Textual representations of the tokens. */
{ "identityfile", oIdentityFile },
{ "identityfile2", oIdentityFile }, /* alias */
{ "hostname", oHostName },
+ { "hostkeyalias", oHostKeyAlias },
{ "proxycommand", oProxyCommand },
{ "port", oPort },
{ "cipher", oCipher },
charptr = &options->hostname;
goto parse_string;
+ case oHostKeyAlias:
+ charptr = &options->host_key_alias;
+ goto parse_string;
+
case oProxyCommand:
charptr = &options->proxy_command;
string = xstrdup("");
options->protocol = SSH_PROTO_UNKNOWN;
options->num_identity_files = 0;
options->hostname = NULL;
+ options->host_key_alias = NULL;
options->proxy_command = NULL;
options->user = NULL;
options->escape_char = -1;
/* options->proxy_command should not be set by default */
/* options->user will be set in the main program if appropriate */
/* options->hostname will be set in the main program if appropriate */
+ /* options->host_key_alias should not be set by default */
}
* called by a name other than "ssh" or "Secure Shell".
*/
-/* RCSID("$OpenBSD: readconf.h,v 1.23 2000/11/12 19:50:37 markus Exp $"); */
+/* RCSID("$OpenBSD: readconf.h,v 1.24 2000/12/27 12:30:20 markus Exp $"); */
#ifndef READCONF_H
#define READCONF_H
char *ciphers; /* SSH2 ciphers in order of preference. */
int protocol; /* Protocol in order of preference. */
char *hostname; /* Real host to connect. */
+ char *host_key_alias; /* hostname alias for .ssh/known_hosts */
char *proxy_command; /* Proxy command for connecting the host. */
char *user; /* User to log in as. */
int escape_char; /* Escape character; -2 = none */
*/
#include "includes.h"
-RCSID("$OpenBSD: serverloop.c,v 1.38 2000/12/19 23:17:58 markus Exp $");
+RCSID("$OpenBSD: serverloop.c,v 1.39 2000/12/27 14:19:21 markus Exp $");
#include "xmalloc.h"
#include "ssh.h"
tvp = &tv;
}
if (tvp!=NULL)
- debug("tvp!=NULL kid %d mili %d", child_terminated, max_time_milliseconds);
+ debug2("tvp!=NULL kid %d mili %d", child_terminated, max_time_milliseconds);
/* Wait for something to happen, or the timeout to expire. */
ret = select(max_fd + 1, readset, writeset, NULL, tvp);
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: ssh.1,v 1.72 2000/12/12 23:11:48 markus Exp $
+.\" $OpenBSD: ssh.1,v 1.74 2000/12/27 12:30:20 markus Exp $
.Dd September 25, 1999
.Dt SSH 1
.Os
This can be used to execute arbitrary
screen-based programs on a remote machine, which can be very useful,
e.g., when implementing menu services.
+Multiple
+.Fl t
+options force tty allocation, even if
+.Nm
+has no local tty.
.It Fl T
Disable pseudo-tty allocation.
.It Fl v
to print debugging messages about its progress.
This is helpful in
debugging connection, authentication, and configuration problems.
-The verbose mode is also used to display
-.Xr skey 1
-challenges, if the user entered "s/key" as password.
-Multiple -v options increases the verbosity.
+Multiple
+.Fl v
+options increases the verbosity.
Maximum is 3.
.It Fl x
Disables X11 forwarding.
.It Cm GlobalKnownHostsFile
Specifies a file to use instead of
.Pa /etc/ssh_known_hosts .
+.It Cm HostKeyAlias
+Specifies an alias that should be used instead of the
+real host name when looking up or saving the host key
+the kown_hosts files.
+This option is useful for tunneling ssh connection
+or if you have multiple servers running on a single host.
.It Cm HostName
Specifies the real host name to log into.
This can be used to specify nicknames or abbreviations for hosts.
The variable contains
three space-separated values: client ip-address, client port number,
and server port number.
+.It Ev SSH_ORIGINAL_COMMAND
+The variable contains the original command line if a forced command
+is executed.
+It can be used to extract the original arguments.
.It Ev SSH_TTY
This is set to the name of the tty (path to the device) associated
with the current shell or command.
*/
#include "includes.h"
-RCSID("$OpenBSD: ssh.c,v 1.78 2000/12/19 23:17:58 markus Exp $");
+RCSID("$OpenBSD: ssh.c,v 1.79 2000/12/27 11:51:54 markus Exp $");
#include <openssl/evp.h>
#include <openssl/dsa.h>
/* Flag indicating whether a tty should be allocated */
int tty_flag = 0;
+int no_tty_flag = 0;
+int force_tty_flag = 0;
/* don't exec a shell */
int no_shell_flag = 0;
-int no_tty_flag = 0;
/*
* Flag indicating that nothing should be read from stdin. This can be set
options.identity_files[options.num_identity_files++] = xstrdup(optarg);
break;
case 't':
+ if (tty_flag)
+ force_tty_flag = 1;
tty_flag = 1;
break;
case 'v':
if (no_tty_flag)
tty_flag = 0;
/* Do not allocate a tty if stdin is not a tty. */
- if (!isatty(fileno(stdin))) {
+ if (!isatty(fileno(stdin)) && !force_tty_flag) {
if (tty_flag)
fprintf(stderr, "Pseudo-terminal will not be allocated because stdin is not a terminal.\n");
tty_flag = 0;
*/
#include "includes.h"
-RCSID("$OpenBSD: sshconnect.c,v 1.85 2000/12/21 15:10:17 markus Exp $");
+RCSID("$OpenBSD: sshconnect.c,v 1.87 2000/12/28 14:25:03 markus Exp $");
#include <openssl/bn.h>
#include <openssl/dsa.h>
break;
}
if (local) {
- debug("Forcing accepting of host key for loopback/localhost.");
- return;
+ if (options.host_key_alias == NULL) {
+ debug("Forcing accepting of host key for "
+ "loopback/localhost.");
+ return;
+ }
+ if (options.check_host_ip)
+ options.check_host_ip = 0;
}
/*
if (options.proxy_command == NULL) {
if (getnameinfo(hostaddr, salen, ntop, sizeof(ntop),
- NULL, 0, NI_NUMERICHOST) != 0)
+ NULL, 0, NI_NUMERICHOST) != 0)
fatal("check_host_key: getnameinfo failed");
ip = xstrdup(ntop);
} else {
ip = xstrdup("<no hostip for proxy command>");
}
+ /*
+ * Allow the user to record the key under a different name. This is
+ * useful for ssh tunneling over forwarded connections or if you run
+ * multiple sshd's on different ports on the same machine.
+ */
+ if (options.host_key_alias != NULL) {
+ host = options.host_key_alias;
+ debug("using hostkeyalias: %s", host);
+ }
+
/*
* Store the host key from the known host file in here so that we can
* compare it with the key for the IP address.
} else if (options.strict_host_key_checking == 2) {
/* The default */
char prompt[1024];
- char *fp = key_fingerprint(host_key);
snprintf(prompt, sizeof(prompt),
"The authenticity of host '%.200s (%s)' can't be established.\n"
"%s key fingerprint is %s.\n"
"Are you sure you want to continue connecting (yes/no)? ",
- host, ip, type, fp);
+ host, ip, type, key_fingerprint(host_key));
if (!read_yes_or_no(prompt, -1))
fatal("Aborted by user!\n");
}
error("IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!");
error("Someone could be eavesdropping on you right now (man-in-the-middle attack)!");
error("It is also possible that the %s host key has just been changed.", type);
+ error("The fingerprint for the %s key sent by the remote host is\n%s.",
+ type, key_fingerprint(host_key));
error("Please contact your system administrator.");
error("Add correct host key in %.100s to get rid of this message.",
- user_hostfile);
+ user_hostfile);
error("Offending key in %s:%d", host_file, host_line);
/*
*/
#include "includes.h"
-RCSID("$OpenBSD: sshconnect2.c,v 1.33 2000/12/20 19:37:22 markus Exp $");
+RCSID("$OpenBSD: sshconnect2.c,v 1.34 2000/12/27 12:34:50 markus Exp $");
#include <openssl/bn.h>
#include <openssl/rsa.h>
if (authctxt.agent != NULL)
ssh_close_authentication_connection(authctxt.agent);
- debug("ssh-userauth2 successfull: method %s", authctxt.method->name);
+ debug("ssh-userauth2 successful: method %s", authctxt.method->name);
}
void
input_userauth_error(int type, int plen, void *ctxt)
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: sshd.8,v 1.73 2000/11/22 15:38:30 provos Exp $
+.\" $OpenBSD: sshd.8,v 1.76 2000/12/28 12:03:57 markus Exp $
.Dd September 25, 1999
.Dt SSHD 8
.Os
.Nd secure shell daemon
.Sh SYNOPSIS
.Nm sshd
-.Op Fl diqQ46
+.Op Fl diqDQ46
.Op Fl b Ar bits
.Op Fl f Ar config_file
.Op Fl g Ar login_grace_time
this many seconds, the server disconnects and exits.
A value of zero indicates no limit.
.It Fl h Ar host_key_file
-Specifies the file from which the RSA host key is read (default
+Specifies the file from which the host key is read (default
.Pa /etc/ssh_host_key ) .
This option must be given if
.Nm
is not run as root (as the normal
host file is normally not readable by anyone but root).
+It is possible to have multiple host key files for
+the different protocol versions.
.It Fl i
Specifies that
.Nm
should be put into the
.Pa utmp
file.
+.It Fl D
+When this option is specified
+.Nm
+will not detach and does not become a daemon.
+This allows easy monitoring of
+.Nm sshd .
.It Fl Q
Do not print an error message if RSA support is missing.
.It Fl V Ar client_protocol_id
permitted for RSA authentication in SSH protocols 1.3 and 1.5
Similarly, the
.Pa $HOME/.ssh/authorized_keys2
-file lists the DSA keys that are
-permitted for DSA authentication in SSH protocol 2.0.
+file lists the DSA and RSA keys that are
+permitted for public key authentication (PubkeyAuthentication)
+in SSH protocol 2.0.
+.Pp
Each line of the file contains one
key (empty lines and lines starting with a
.Ql #
are ignored as
comments).
-Each line consists of the following fields, separated by
+Each RSA public key consists of the following fields, separated by
spaces: options, bits, exponent, modulus, comment.
-The options field
-is optional; its presence is determined by whether the line starts
+Each protocol version 2 public key consists of:
+options, keytype, base64 encoded key, comment.
+The options fields
+are optional; its presence is determined by whether the line starts
with a number or not (the option field never starts with a number).
-The bits, exponent, modulus and comment fields give the RSA key; the
+The bits, exponent, modulus and comment fields give the RSA key for
+protocol version 1; the
comment field is not used for anything (but may be convenient for the
user to identify the key).
+For protocol version 2 the keytype is
+.Dq ssh-dss
+or
+.Dq ssh-rsa .
.Pp
Note that lines in this file are usually several hundred bytes long
(because of the size of the RSA key modulus).
You don't want to type them in; instead, copy the
.Pa identity.pub
+or the
+.Pa id_dsa.pub
file and edit it.
.Pp
The options (if present) consist of comma-separated option
.Bl -bullet
.It
has all components of a restrictive nature (i.e., patents, see
-.Xr crypto 3 )
+.Xr ssl 8 )
directly removed from the source code; any licensed or patented components
are chosen from
external libraries.
.Xr ssh-add 1 ,
.Xr ssh-agent 1 ,
.Xr ssh-keygen 1 ,
-.Xr crypto 3 ,
+.Xr ssl 8 ,
.Xr rlogin 1 ,
.Xr rsh 1
*/
#include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.142 2000/12/20 19:37:22 markus Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.144 2000/12/28 12:03:58 markus Exp $");
#include "xmalloc.h"
#include "rsa.h"
fprintf(stderr, " -f file Configuration file (default %s)\n", SERVER_CONFIG_FILE);
fprintf(stderr, " -d Debugging mode (multiple -d means more debugging)\n");
fprintf(stderr, " -i Started from inetd\n");
+ fprintf(stderr, " -D Do not fork into daemon mode\n");
fprintf(stderr, " -q Quiet (no logging)\n");
fprintf(stderr, " -p port Listen on the specified port (default: 22)\n");
fprintf(stderr, " -k seconds Regenerate server key every this many seconds (default: 3600)\n");
/*
* the read end of the pipe is ready
* if the child has closed the pipe
- * after successfull authentication
+ * after successful authentication
* or if the child has died
*/
close(startup_pipes[i]);
andersk / openssh.git / commitdiff
