19991112
- Merged changes from OpenBSD CVS
- [sshd.c] session_key_int may be zero
+ - [auth-rh-rsa.c servconf.c servconf.h ssh.h sshd.8 sshd.c sshd_config]
+ IgnoreUserKnownHosts(default=no), used for RhostRSAAuth, ok
+ deraadt,millert
+ - Brought default sshd_config more in line with OpenBSD's
19991111
- Added (untested) Entropy Gathering Daemon (EGD) support
#include "ssh.h"
#include "xmalloc.h"
#include "uidswap.h"
+#include "servconf.h"
/* Tries to authenticate the user using the .rhosts file and the host using
- its host key. Returns true if authentication succeeds.
- .rhosts and .shosts will be ignored if ignore_rhosts is non-zero. */
+ its host key. Returns true if authentication succeeds. */
int auth_rhosts_rsa(struct passwd *pw, const char *client_user,
unsigned int client_host_key_bits,
- BIGNUM *client_host_key_e, BIGNUM *client_host_key_n,
- int ignore_rhosts, int strict_modes)
+ BIGNUM *client_host_key_e, BIGNUM *client_host_key_n)
{
+ extern ServerOptions options;
const char *canonical_hostname;
HostStatus host_status;
BIGNUM *ke, *kn;
debug("Trying rhosts with RSA host authentication for %.100s", client_user);
/* Check if we would accept it using rhosts authentication. */
- if (!auth_rhosts(pw, client_user, ignore_rhosts, strict_modes))
+ if (!auth_rhosts(pw, client_user, options.ignore_rhosts, options.strict_modes))
return 0;
canonical_hostname = get_canonical_hostname();
host_status = check_host_in_hostfile(SSH_SYSTEM_HOSTFILE, canonical_hostname,
client_host_key_bits, client_host_key_e,
client_host_key_n, ke, kn);
- /* Check user host file. */
- if (host_status != HOST_OK) {
+
+ /* Check user host file unless ignored. */
+ if (host_status != HOST_OK && !options.ignore_user_known_hosts) {
struct stat st;
char *user_hostfile = tilde_expand_filename(SSH_USER_HOSTFILE, pw->pw_uid);
/* Check file permissions of SSH_USER_HOSTFILE,
auth_rsa() did already check pw->pw_dir, but there is a race XXX */
- if (strict_modes &&
+ if (options.strict_modes &&
(stat(user_hostfile, &st) == 0) &&
((st.st_uid != 0 && st.st_uid != pw->pw_uid) ||
(st.st_mode & 022) != 0)) {
options->key_regeneration_time = -1;
options->permit_root_login = -1;
options->ignore_rhosts = -1;
+ options->ignore_user_known_hosts = -1;
options->print_motd = -1;
options->check_mail = -1;
options->x11_forwarding = -1;
options->permit_root_login = 1; /* yes */
if (options->ignore_rhosts == -1)
options->ignore_rhosts = 0;
+ if (options->ignore_user_known_hosts == -1)
+ options->ignore_user_known_hosts = 0;
if (options->check_mail == -1)
options->check_mail = 0;
if (options->print_motd == -1)
sPasswordAuthentication, sListenAddress,
sPrintMotd, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset,
sStrictModes, sEmptyPasswd, sRandomSeedFile, sKeepAlives, sCheckMail,
- sUseLogin, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups
-
+ sUseLogin, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
+ sIgnoreUserKnownHosts
} ServerOpCodes;
/* Textual representation of the tokens. */
{ "listenaddress", sListenAddress },
{ "printmotd", sPrintMotd },
{ "ignorerhosts", sIgnoreRhosts },
+ { "ignoreuserknownhosts", sIgnoreUserKnownHosts },
{ "x11forwarding", sX11Forwarding },
{ "x11displayoffset", sX11DisplayOffset },
{ "strictmodes", sStrictModes },
if (*intptr == -1)
*intptr = value;
break;
-
+
+ case sIgnoreUserKnownHosts:
+ intptr = &options->ignore_user_known_hosts;
+ goto parse_int;
+
case sRhostsAuthentication:
intptr = &options->rhosts_authentication;
goto parse_flag;
int key_regeneration_time; /* Server key lifetime (seconds). */
int permit_root_login; /* If true, permit root login. */
int ignore_rhosts; /* Ignore .rhosts and .shosts. */
+ int ignore_user_known_hosts; /* Ignore ~/.ssh/known_hosts for RhostsRsaAuth */
int print_motd; /* If true, print /etc/motd. */
int check_mail; /* If true, check for new mail. */
int x11_forwarding; /* If true, permit inet (spoofing) X11 fwd. */
#define SSH_AUTHSOCKET_ENV_NAME "SSH_AUTH_SOCK"
/* Name of the environment variable containing the pathname of the
- authentication socket. */
-#define SSH_AGENTPID_ENV_NAME "SSH_AGENT_PID"
+ authentication socket. */
+#define SSH_AGENTPID_ENV_NAME "SSH_AGENT_PID"
/* Force host key length and server key length to differ by at least this
many bits. This is to make double encryption with rsaref work. */
its host key. Returns true if authentication succeeds. */
int auth_rhosts_rsa(struct passwd *pw, const char *client_user,
unsigned int bits, BIGNUM *client_host_key_e,
- BIGNUM *client_host_key_n, int ignore_rhosts,
- int strict_modes);
+ BIGNUM *client_host_key_n);
/* Tries to authenticate the user using password. Returns true if
authentication succeeds. */
.Pa /etc/ssh/shosts.equiv
are still used. The default is
.Dq no .
+.It Cm IgnoreUserKnownHosts
+Specifies whether
+.Nm
+should ignore the user's
+.Pa $HOME/.ssh/known_hosts
+during
+.Cm RhostsRSAAuthentication .
+The default is
+.Dq no .
.It Cm KeepAlive
Specifies whether the system should send keepalive messages to the
other side. If they are sent, death of the connection or crash of one
packet_integrity_check(plen, (4 + ulen) + 4 + elen + nlen, type);
}
- /* Try to authenticate using /etc/hosts.equiv and .rhosts. */
if (auth_rhosts_rsa(pw, client_user,
- client_host_key_bits, client_host_key_e,
- client_host_key_n, options.ignore_rhosts,
- options.strict_modes))
+ client_host_key_bits, client_host_key_e, client_host_key_n))
{
/* Authentication accepted. */
authenticated = 1;
#
# Loglevel replaces QuietMode and FascistLogging
#
+SyslogFacility AUTH
LogLevel INFO
#
# Don't read ~/.rhosts and ~/.shosts files
-IgnoreRhosts yes
StrictModes yes
-X11Forwarding yes
+X11Forwarding no
X11DisplayOffset 10
FascistLogging no
PrintMotd yes
#
RhostsRSAAuthentication no
+#
+# Don't read ~/.rhosts and ~/.shosts files
+#
+IgnoreRhosts yes
+
+#
+# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
+#
+#IgnoreUserKnownHosts yes
+
RSAAuthentication yes
# To disable tunneled clear text passwords, change to no here!