From 0598d99d917545f1cf2e2a3a09e29cdbe70302ff Mon Sep 17 00:00:00 2001 From: dtucker Date: Wed, 13 Aug 2003 10:37:05 +0000 Subject: [PATCH] - markus@cvs.openbsd.org 2003/08/13 08:46:31 [auth1.c readconf.c readconf.h servconf.c servconf.h ssh.c ssh_config ssh_config.5 sshconnect1.c sshd.8 sshd.c sshd_config sshd_config.5] remove RhostsAuthentication; suggested by djm@ before; ok djm@, deraadt@, fgsch@, miod@, henning@, jakob@ and others --- ChangeLog | 5 +++++ auth1.c | 22 +--------------------- readconf.c | 15 +++------------ readconf.h | 3 +-- servconf.c | 13 +++---------- servconf.h | 4 +--- ssh.c | 14 +------------- ssh_config | 3 +-- ssh_config.5 | 28 +++------------------------- sshconnect1.c | 22 +--------------------- sshd.8 | 3 +-- sshd.c | 19 ++----------------- sshd_config | 8 +++----- sshd_config.5 | 7 +------ 14 files changed, 27 insertions(+), 139 deletions(-) diff --git a/ChangeLog b/ChangeLog index 7ad043c9..05ee72f6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,6 +5,11 @@ [session.c] use more portable tcsendbreak(3) and ignore break_length; ok deraadt, millert + - markus@cvs.openbsd.org 2003/08/13 08:46:31 + [auth1.c readconf.c readconf.h servconf.c servconf.h ssh.c ssh_config + ssh_config.5 sshconnect1.c sshd.8 sshd.c sshd_config sshd_config.5] + remove RhostsAuthentication; suggested by djm@ before; ok djm@, deraadt@, + fgsch@, miod@, henning@, jakob@ and others 20030811 - (dtucker) OpenBSD CVS Sync diff --git a/auth1.c b/auth1.c index 877e2e62..7c010010 100644 --- a/auth1.c +++ b/auth1.c @@ -10,7 +10,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth1.c,v 1.49 2003/07/22 13:35:22 markus Exp $"); +RCSID("$OpenBSD: auth1.c,v 1.50 2003/08/13 08:46:30 markus Exp $"); #include "xmalloc.h" #include "rsa.h" @@ -160,26 +160,6 @@ do_authloop(Authctxt *authctxt) break; #endif - case SSH_CMSG_AUTH_RHOSTS: - if (!options.rhosts_authentication) { - verbose("Rhosts authentication disabled."); - break; - } - /* - * Get client user name. Note that we just have to - * trust the client; this is one reason why rhosts - * authentication is insecure. (Another is - * IP-spoofing on a local network.) - */ - client_user = packet_get_string(&ulen); - packet_check_eom(); - - /* Try to authenticate using /etc/hosts.equiv and .rhosts. */ - authenticated = auth_rhosts(pw, client_user); - - snprintf(info, sizeof info, " ruser %.100s", client_user); - break; - case SSH_CMSG_AUTH_RHOSTS_RSA: if (!options.rhosts_rsa_authentication) { verbose("Rhosts with RSA authentication disabled."); diff --git a/readconf.c b/readconf.c index 332500e7..355a7dfc 100644 --- a/readconf.c +++ b/readconf.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: readconf.c,v 1.115 2003/07/22 13:35:22 markus Exp $"); +RCSID("$OpenBSD: readconf.c,v 1.116 2003/08/13 08:46:30 markus Exp $"); #include "ssh.h" #include "xmalloc.h" @@ -57,7 +57,6 @@ RCSID("$OpenBSD: readconf.c,v 1.115 2003/07/22 13:35:22 markus Exp $"); Host fascist.blob.com Port 23123 User tylonen - RhostsAuthentication no PasswordAuthentication no Host puukko.hut.fi @@ -75,7 +74,6 @@ RCSID("$OpenBSD: readconf.c,v 1.115 2003/07/22 13:35:22 markus Exp $"); Host * ForwardAgent no ForwardX11 no - RhostsAuthentication yes PasswordAuthentication yes RSAAuthentication yes RhostsRSAAuthentication yes @@ -91,7 +89,7 @@ RCSID("$OpenBSD: readconf.c,v 1.115 2003/07/22 13:35:22 markus Exp $"); typedef enum { oBadOption, - oForwardAgent, oForwardX11, oGatewayPorts, oRhostsAuthentication, + oForwardAgent, oForwardX11, oGatewayPorts, oPasswordAuthentication, oRSAAuthentication, oChallengeResponseAuthentication, oXAuthLocation, oKerberosAuthentication, oKerberosTgtPassing, @@ -122,7 +120,7 @@ static struct { { "xauthlocation", oXAuthLocation }, { "gatewayports", oGatewayPorts }, { "useprivilegedport", oUsePrivilegedPort }, - { "rhostsauthentication", oRhostsAuthentication }, + { "rhostsauthentication", oDeprecated }, { "passwordauthentication", oPasswordAuthentication }, { "kbdinteractiveauthentication", oKbdInteractiveAuthentication }, { "kbdinteractivedevices", oKbdInteractiveDevices }, @@ -351,10 +349,6 @@ parse_flag: intptr = &options->use_privileged_port; goto parse_flag; - case oRhostsAuthentication: - intptr = &options->rhosts_authentication; - goto parse_flag; - case oPasswordAuthentication: intptr = &options->password_authentication; goto parse_flag; @@ -814,7 +808,6 @@ initialize_options(Options * options) options->xauth_location = NULL; options->gateway_ports = -1; options->use_privileged_port = -1; - options->rhosts_authentication = -1; options->rsa_authentication = -1; options->pubkey_authentication = -1; options->challenge_response_authentication = -1; @@ -884,8 +877,6 @@ fill_default_options(Options * options) options->gateway_ports = 0; if (options->use_privileged_port == -1) options->use_privileged_port = 0; - if (options->rhosts_authentication == -1) - options->rhosts_authentication = 0; if (options->rsa_authentication == -1) options->rsa_authentication = 1; if (options->pubkey_authentication == -1) diff --git a/readconf.h b/readconf.h index cc94253e..6fbf467e 100644 --- a/readconf.h +++ b/readconf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.h,v 1.52 2003/07/22 13:35:22 markus Exp $ */ +/* $OpenBSD: readconf.h,v 1.53 2003/08/13 08:46:30 markus Exp $ */ /* * Author: Tatu Ylonen @@ -33,7 +33,6 @@ typedef struct { char *xauth_location; /* Location for xauth program */ int gateway_ports; /* Allow remote connects to forwarded ports. */ int use_privileged_port; /* Don't use privileged port if false. */ - int rhosts_authentication; /* Try rhosts authentication. */ int rhosts_rsa_authentication; /* Try rhosts with RSA * authentication. */ int rsa_authentication; /* Try RSA authentication. */ diff --git a/servconf.c b/servconf.c index c4b2bb28..e9c313bb 100644 --- a/servconf.c +++ b/servconf.c @@ -10,7 +10,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: servconf.c,v 1.123 2003/07/22 13:35:22 markus Exp $"); +RCSID("$OpenBSD: servconf.c,v 1.124 2003/08/13 08:46:30 markus Exp $"); #include "ssh.h" #include "log.h" @@ -64,7 +64,6 @@ initialize_server_options(ServerOptions *options) options->keepalives = -1; options->log_facility = SYSLOG_FACILITY_NOT_SET; options->log_level = SYSLOG_LEVEL_NOT_SET; - options->rhosts_authentication = -1; options->rhosts_rsa_authentication = -1; options->hostbased_authentication = -1; options->hostbased_uses_name_from_packet_only = -1; @@ -165,8 +164,6 @@ fill_default_server_options(ServerOptions *options) options->log_facility = SYSLOG_FACILITY_AUTH; if (options->log_level == SYSLOG_LEVEL_NOT_SET) options->log_level = SYSLOG_LEVEL_INFO; - if (options->rhosts_authentication == -1) - options->rhosts_authentication = 0; if (options->rhosts_rsa_authentication == -1) options->rhosts_rsa_authentication = 0; if (options->hostbased_authentication == -1) @@ -248,7 +245,7 @@ typedef enum { /* Standard Options */ sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime, sPermitRootLogin, sLogFacility, sLogLevel, - sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication, + sRhostsRSAAuthentication, sRSAAuthentication, sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup, sKerberosTgtPassing, sChallengeResponseAuthentication, sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress, @@ -288,7 +285,7 @@ static struct { { "permitrootlogin", sPermitRootLogin }, { "syslogfacility", sLogFacility }, { "loglevel", sLogLevel }, - { "rhostsauthentication", sRhostsAuthentication }, + { "rhostsauthentication", sDeprecated }, { "rhostsrsaauthentication", sRhostsRSAAuthentication }, { "hostbasedauthentication", sHostbasedAuthentication }, { "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly }, @@ -589,10 +586,6 @@ parse_flag: intptr = &options->ignore_user_known_hosts; goto parse_flag; - case sRhostsAuthentication: - intptr = &options->rhosts_authentication; - goto parse_flag; - case sRhostsRSAAuthentication: intptr = &options->rhosts_rsa_authentication; goto parse_flag; diff --git a/servconf.h b/servconf.h index 65ad2071..42bcda75 100644 --- a/servconf.h +++ b/servconf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.h,v 1.62 2003/07/22 13:35:22 markus Exp $ */ +/* $OpenBSD: servconf.h,v 1.63 2003/08/13 08:46:30 markus Exp $ */ /* * Author: Tatu Ylonen @@ -65,8 +65,6 @@ typedef struct { int gateway_ports; /* If true, allow remote connects to forwarded ports. */ SyslogFacility log_facility; /* Facility for system logging. */ LogLevel log_level; /* Level for system logging. */ - int rhosts_authentication; /* If true, permit rhosts - * authentication. */ int rhosts_rsa_authentication; /* If true, permit rhosts RSA * authentication. */ int hostbased_authentication; /* If true, permit ssh2 hostbased auth */ diff --git a/ssh.c b/ssh.c index 82b40193..71556e20 100644 --- a/ssh.c +++ b/ssh.c @@ -40,7 +40,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh.c,v 1.198 2003/07/22 13:35:22 markus Exp $"); +RCSID("$OpenBSD: ssh.c,v 1.199 2003/08/13 08:46:30 markus Exp $"); #include #include @@ -600,19 +600,7 @@ again: strcmp(options.proxy_command, "none") == 0) options.proxy_command = NULL; - /* Disable rhosts authentication if not running as root. */ -#ifdef HAVE_CYGWIN - /* Ignore uid if running under Windows */ - if (!options.use_privileged_port) { -#else - if (original_effective_uid != 0 || !options.use_privileged_port) { -#endif - debug("Rhosts Authentication disabled, " - "originating port will not be trusted."); - options.rhosts_authentication = 0; - } /* Open a connection to the remote host. */ - if (ssh_connect(host, &hostaddr, options.port, options.address_family, options.connection_attempts, #ifdef HAVE_CYGWIN diff --git a/ssh_config b/ssh_config index 721e374e..2692e891 100644 --- a/ssh_config +++ b/ssh_config @@ -1,4 +1,4 @@ -# $OpenBSD: ssh_config,v 1.18 2003/05/16 03:27:12 djm Exp $ +# $OpenBSD: ssh_config,v 1.19 2003/08/13 08:46:31 markus Exp $ # This is the ssh client system-wide configuration file. See # ssh_config(5) for more information. This file provides defaults for @@ -18,7 +18,6 @@ # Host * # ForwardAgent no # ForwardX11 no -# RhostsAuthentication no # RhostsRSAAuthentication no # RSAAuthentication yes # PasswordAuthentication yes diff --git a/ssh_config.5 b/ssh_config.5 index 3a79af8f..fb341d79 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.16 2003/07/22 13:35:22 markus Exp $ +.\" $OpenBSD: ssh_config.5,v 1.17 2003/08/13 08:46:31 markus Exp $ .Dd September 25, 1999 .Dt SSH_CONFIG 5 .Os @@ -529,26 +529,6 @@ IPv6 addresses can be specified with an alternative syntax: Multiple forwardings may be specified, and additional forwardings can be given on the command line. Only the superuser can forward privileged ports. -.It Cm RhostsAuthentication -Specifies whether to try rhosts based authentication. -Note that this -declaration only affects the client side and has no effect whatsoever -on security. -Most servers do not permit RhostsAuthentication because it -is not secure (see -.Cm RhostsRSAAuthentication ) . -The argument to this keyword must be -.Dq yes -or -.Dq no . -The default is -.Dq no . -This option applies to protocol version 1 only and requires -.Nm ssh -to be setuid root and -.Cm UsePrivilegedPort -to be set to -.Dq yes . .It Cm RhostsRSAAuthentication Specifies whether to try rhosts based authentication with RSA host authentication. @@ -629,11 +609,9 @@ If set to must be setuid root. Note that this option must be set to .Dq yes -if -.Cm RhostsAuthentication -and +for .Cm RhostsRSAAuthentication -authentications are needed with older servers. +with older servers. .It Cm User Specifies the user to log in as. This can be useful when a different user name is used on different machines. diff --git a/sshconnect1.c b/sshconnect1.c index 8851c35f..5e1802b1 100644 --- a/sshconnect1.c +++ b/sshconnect1.c @@ -13,7 +13,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect1.c,v 1.54 2003/07/22 13:35:22 markus Exp $"); +RCSID("$OpenBSD: sshconnect1.c,v 1.55 2003/08/13 08:46:31 markus Exp $"); #include #include @@ -931,26 +931,6 @@ ssh_userauth1(const char *local_user, const char *server_user, char *host, } #endif /* KRB5 */ - /* - * Use rhosts authentication if running in privileged socket and we - * do not wish to remain anonymous. - */ - if ((supported_authentications & (1 << SSH_AUTH_RHOSTS)) && - options.rhosts_authentication) { - debug("Trying rhosts authentication."); - packet_start(SSH_CMSG_AUTH_RHOSTS); - packet_put_cstring(local_user); - packet_send(); - packet_write_wait(); - - /* The server should respond with success or failure. */ - type = packet_read(); - if (type == SSH_SMSG_SUCCESS) - goto success; - if (type != SSH_SMSG_FAILURE) - packet_disconnect("Protocol error: got %d in response to rhosts auth", - type); - } /* * Try .rhosts or /etc/hosts.equiv authentication with RSA host * authentication. diff --git a/sshd.8 b/sshd.8 index 1cad834f..4749fab8 100644 --- a/sshd.8 +++ b/sshd.8 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.198 2003/06/10 09:12:12 jmc Exp $ +.\" $OpenBSD: sshd.8,v 1.199 2003/08/13 08:46:31 markus Exp $ .Dd September 25, 1999 .Dt SSHD 8 .Os @@ -292,7 +292,6 @@ may also be used to prevent from making DNS requests unless the authentication mechanism or configuration requires it. Authentication mechanisms that may require DNS include -.Cm RhostsAuthentication , .Cm RhostsRSAAuthentication , .Cm HostbasedAuthentication and using a diff --git a/sshd.c b/sshd.c index 896e56c7..dc275b0c 100644 --- a/sshd.c +++ b/sshd.c @@ -42,7 +42,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshd.c,v 1.274 2003/07/22 13:35:22 markus Exp $"); +RCSID("$OpenBSD: sshd.c,v 1.275 2003/08/13 08:46:31 markus Exp $"); #include #include @@ -1462,20 +1462,7 @@ main(int ac, char **av) alarm(options.login_grace_time); sshd_exchange_identification(sock_in, sock_out); - /* - * Check that the connection comes from a privileged port. - * Rhosts-Authentication only makes sense from privileged - * programs. Of course, if the intruder has root access on his local - * machine, he can connect from any port. So do not use these - * authentication methods from machines that you do not trust. - */ - if (options.rhosts_authentication && - (remote_port >= IPPORT_RESERVED || - remote_port < IPPORT_RESERVED / 2)) { - debug("Rhosts Authentication disabled, " - "originating port %d not trusted.", remote_port); - options.rhosts_authentication = 0; - } + #ifdef KRB5 if (!packet_connection_is_ipv4() && options.kerberos_authentication) { @@ -1643,8 +1630,6 @@ do_ssh1_kex(void) /* Declare supported authentication types. */ auth_mask = 0; - if (options.rhosts_authentication) - auth_mask |= 1 << SSH_AUTH_RHOSTS; if (options.rhosts_rsa_authentication) auth_mask |= 1 << SSH_AUTH_RHOSTS_RSA; if (options.rsa_authentication) diff --git a/sshd_config b/sshd_config index 262b6883..a2bd2ff6 100644 --- a/sshd_config +++ b/sshd_config @@ -1,4 +1,4 @@ -# $OpenBSD: sshd_config,v 1.62 2003/07/23 07:42:43 markus Exp $ +# $OpenBSD: sshd_config,v 1.63 2003/08/13 08:46:31 markus Exp $ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. @@ -40,10 +40,6 @@ #PubkeyAuthentication yes #AuthorizedKeysFile .ssh/authorized_keys -# rhosts authentication should not be used -#RhostsAuthentication no -# Don't read the user's ~/.rhosts and ~/.shosts files -#IgnoreRhosts yes # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts #RhostsRSAAuthentication no # similar for protocol version 2 @@ -51,6 +47,8 @@ # Change to yes if you don't trust ~/.ssh/known_hosts for # RhostsRSAAuthentication and HostbasedAuthentication #IgnoreUserKnownHosts no +# Don't read the user's ~/.rhosts and ~/.shosts files +#IgnoreRhosts yes # To disable tunneled clear text passwords, change to no here! #PasswordAuthentication yes diff --git a/sshd_config.5 b/sshd_config.5 index 223ff8aa..3d920cc8 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.21 2003/07/22 13:35:22 markus Exp $ +.\" $OpenBSD: sshd_config.5,v 1.22 2003/08/13 08:46:31 markus Exp $ .Dd September 25, 1999 .Dt SSHD_CONFIG 5 .Os @@ -260,7 +260,6 @@ Specifies that and .Pa .shosts files will not be used in -.Cm RhostsAuthentication , .Cm RhostsRSAAuthentication or .Cm HostbasedAuthentication . @@ -529,10 +528,6 @@ Specifies whether public key authentication is allowed. The default is .Dq yes . Note that this option applies to protocol version 2 only. -.It Cm RhostsAuthentication -Specifies whether authentication using rhosts or /etc/hosts.equiv -files is sufficient. -Normally, this method should not be permitted because it is insecure. .Cm RhostsRSAAuthentication should be used instead, because it performs RSA-based host authentication in addition -- 2.45.2