From b4748e2fe933c09667199909ceb24d08bb1f1cf4 Mon Sep 17 00:00:00 2001 From: damien Date: Fri, 12 Nov 1999 00:33:04 +0000 Subject: [PATCH] - Merged changes from OpenBSD CVS - [sshd.c] session_key_int may be zero - [auth-rh-rsa.c servconf.c servconf.h ssh.h sshd.8 sshd.c sshd_config] IgnoreUserKnownHosts(default=no), used for RhostRSAAuth, ok deraadt,millert - Brought default sshd_config more in line with OpenBSDs --- ChangeLog | 4 ++++ auth-rh-rsa.c | 17 +++++++++-------- servconf.c | 14 +++++++++++--- servconf.h | 1 + ssh.h | 7 +++---- sshd.8 | 9 +++++++++ sshd.c | 5 +---- sshd_config | 14 ++++++++++++-- 8 files changed, 50 insertions(+), 21 deletions(-) diff --git a/ChangeLog b/ChangeLog index 2d702dca..a1e2cac8 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,10 @@ 19991112 - Merged changes from OpenBSD CVS - [sshd.c] session_key_int may be zero + - [auth-rh-rsa.c servconf.c servconf.h ssh.h sshd.8 sshd.c sshd_config] + IgnoreUserKnownHosts(default=no), used for RhostRSAAuth, ok + deraadt,millert + - Brought default sshd_config more in line with OpenBSD's 19991111 - Added (untested) Entropy Gathering Daemon (EGD) support diff --git a/auth-rh-rsa.c b/auth-rh-rsa.c index 609cca63..5fb312f5 100644 --- a/auth-rh-rsa.c +++ b/auth-rh-rsa.c @@ -21,16 +21,16 @@ RCSID("$Id$"); #include "ssh.h" #include "xmalloc.h" #include "uidswap.h" +#include "servconf.h" /* Tries to authenticate the user using the .rhosts file and the host using - its host key. Returns true if authentication succeeds. - .rhosts and .shosts will be ignored if ignore_rhosts is non-zero. */ + its host key. Returns true if authentication succeeds. */ int auth_rhosts_rsa(struct passwd *pw, const char *client_user, unsigned int client_host_key_bits, - BIGNUM *client_host_key_e, BIGNUM *client_host_key_n, - int ignore_rhosts, int strict_modes) + BIGNUM *client_host_key_e, BIGNUM *client_host_key_n) { + extern ServerOptions options; const char *canonical_hostname; HostStatus host_status; BIGNUM *ke, *kn; @@ -38,7 +38,7 @@ int auth_rhosts_rsa(struct passwd *pw, const char *client_user, debug("Trying rhosts with RSA host authentication for %.100s", client_user); /* Check if we would accept it using rhosts authentication. */ - if (!auth_rhosts(pw, client_user, ignore_rhosts, strict_modes)) + if (!auth_rhosts(pw, client_user, options.ignore_rhosts, options.strict_modes)) return 0; canonical_hostname = get_canonical_hostname(); @@ -53,13 +53,14 @@ int auth_rhosts_rsa(struct passwd *pw, const char *client_user, host_status = check_host_in_hostfile(SSH_SYSTEM_HOSTFILE, canonical_hostname, client_host_key_bits, client_host_key_e, client_host_key_n, ke, kn); - /* Check user host file. */ - if (host_status != HOST_OK) { + + /* Check user host file unless ignored. */ + if (host_status != HOST_OK && !options.ignore_user_known_hosts) { struct stat st; char *user_hostfile = tilde_expand_filename(SSH_USER_HOSTFILE, pw->pw_uid); /* Check file permissions of SSH_USER_HOSTFILE, auth_rsa() did already check pw->pw_dir, but there is a race XXX */ - if (strict_modes && + if (options.strict_modes && (stat(user_hostfile, &st) == 0) && ((st.st_uid != 0 && st.st_uid != pw->pw_uid) || (st.st_mode & 022) != 0)) { diff --git a/servconf.c b/servconf.c index 6943b2b5..3e0c821f 100644 --- a/servconf.c +++ b/servconf.c @@ -31,6 +31,7 @@ void initialize_server_options(ServerOptions *options) options->key_regeneration_time = -1; options->permit_root_login = -1; options->ignore_rhosts = -1; + options->ignore_user_known_hosts = -1; options->print_motd = -1; options->check_mail = -1; options->x11_forwarding = -1; @@ -88,6 +89,8 @@ void fill_default_server_options(ServerOptions *options) options->permit_root_login = 1; /* yes */ if (options->ignore_rhosts == -1) options->ignore_rhosts = 0; + if (options->ignore_user_known_hosts == -1) + options->ignore_user_known_hosts = 0; if (options->check_mail == -1) options->check_mail = 0; if (options->print_motd == -1) @@ -156,8 +159,8 @@ typedef enum sPasswordAuthentication, sListenAddress, sPrintMotd, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset, sStrictModes, sEmptyPasswd, sRandomSeedFile, sKeepAlives, sCheckMail, - sUseLogin, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups - + sUseLogin, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, + sIgnoreUserKnownHosts } ServerOpCodes; /* Textual representation of the tokens. */ @@ -195,6 +198,7 @@ static struct { "listenaddress", sListenAddress }, { "printmotd", sPrintMotd }, { "ignorerhosts", sIgnoreRhosts }, + { "ignoreuserknownhosts", sIgnoreUserKnownHosts }, { "x11forwarding", sX11Forwarding }, { "x11displayoffset", sX11DisplayOffset }, { "strictmodes", sStrictModes }, @@ -402,7 +406,11 @@ void read_server_config(ServerOptions *options, const char *filename) if (*intptr == -1) *intptr = value; break; - + + case sIgnoreUserKnownHosts: + intptr = &options->ignore_user_known_hosts; + goto parse_int; + case sRhostsAuthentication: intptr = &options->rhosts_authentication; goto parse_flag; diff --git a/servconf.h b/servconf.h index 86bad5bf..59420d55 100644 --- a/servconf.h +++ b/servconf.h @@ -33,6 +33,7 @@ typedef struct int key_regeneration_time; /* Server key lifetime (seconds). */ int permit_root_login; /* If true, permit root login. */ int ignore_rhosts; /* Ignore .rhosts and .shosts. */ + int ignore_user_known_hosts; /* Ignore ~/.ssh/known_hosts for RhostsRsaAuth */ int print_motd; /* If true, print /etc/motd. */ int check_mail; /* If true, check for new mail. */ int x11_forwarding; /* If true, permit inet (spoofing) X11 fwd. */ diff --git a/ssh.h b/ssh.h index 28bbd28b..b27e6502 100644 --- a/ssh.h +++ b/ssh.h @@ -138,8 +138,8 @@ only by root, whereas ssh_config should be world-readable. */ #define SSH_AUTHSOCKET_ENV_NAME "SSH_AUTH_SOCK" /* Name of the environment variable containing the pathname of the - authentication socket. */ -#define SSH_AGENTPID_ENV_NAME "SSH_AGENT_PID" + authentication socket. */ +#define SSH_AGENTPID_ENV_NAME "SSH_AGENT_PID" /* Force host key length and server key length to differ by at least this many bits. This is to make double encryption with rsaref work. */ @@ -334,8 +334,7 @@ int auth_rhosts(struct passwd *pw, const char *client_user, its host key. Returns true if authentication succeeds. */ int auth_rhosts_rsa(struct passwd *pw, const char *client_user, unsigned int bits, BIGNUM *client_host_key_e, - BIGNUM *client_host_key_n, int ignore_rhosts, - int strict_modes); + BIGNUM *client_host_key_n); /* Tries to authenticate the user using password. Returns true if authentication succeeds. */ diff --git a/sshd.8 b/sshd.8 index c8fa828c..ff546858 100644 --- a/sshd.8 +++ b/sshd.8 @@ -245,6 +245,15 @@ and .Pa /etc/ssh/shosts.equiv are still used. The default is .Dq no . +.It Cm IgnoreUserKnownHosts +Specifies whether +.Nm +should ignore the user's +.Pa $HOME/.ssh/known_hosts +during +.Cm RhostsRSAAuthentication . +The default is +.Dq no . .It Cm KeepAlive Specifies whether the system should send keepalive messages to the other side. If they are sent, death of the connection or crash of one diff --git a/sshd.c b/sshd.c index 86864c10..4bd9c7cd 100644 --- a/sshd.c +++ b/sshd.c @@ -1394,11 +1394,8 @@ do_authentication(char *user, int privileged_port) packet_integrity_check(plen, (4 + ulen) + 4 + elen + nlen, type); } - /* Try to authenticate using /etc/hosts.equiv and .rhosts. */ if (auth_rhosts_rsa(pw, client_user, - client_host_key_bits, client_host_key_e, - client_host_key_n, options.ignore_rhosts, - options.strict_modes)) + client_host_key_bits, client_host_key_e, client_host_key_n)) { /* Authentication accepted. */ authenticated = 1; diff --git a/sshd_config b/sshd_config index 42c3244b..791fd13b 100644 --- a/sshd_config +++ b/sshd_config @@ -11,13 +11,13 @@ PermitRootLogin yes # # Loglevel replaces QuietMode and FascistLogging # +SyslogFacility AUTH LogLevel INFO # # Don't read ~/.rhosts and ~/.shosts files -IgnoreRhosts yes StrictModes yes -X11Forwarding yes +X11Forwarding no X11DisplayOffset 10 FascistLogging no PrintMotd yes @@ -32,6 +32,16 @@ RhostsAuthentication no # RhostsRSAAuthentication no +# +# Don't read ~/.rhosts and ~/.shosts files +# +IgnoreRhosts yes + +# +# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication +# +#IgnoreUserKnownHosts yes + RSAAuthentication yes # To disable tunneled clear text passwords, change to no here! -- 2.45.1