[kexdh.c kexgex.c kex.h pathnames.h readconf.c servconf.h ssh.1
      sshconnect1.c sshconnect2.c sshconnect.c sshconnect.h sshd.8]
     get rid of known_hosts2, use it for hostkey lookup, but do not
     modify.
This commit is contained in:
Ben Lindstrom 2001-06-25 04:37:41 +00:00
parent b710f788f1
commit d6481ea49a
13 changed files with 158 additions and 123 deletions

View File

@ -46,6 +46,11 @@
- deraadt@cvs.openbsd.org 2001/06/23 02:33:05 - deraadt@cvs.openbsd.org 2001/06/23 02:33:05
[sftp.1 sftp-server.8 ssh-keygen.1] [sftp.1 sftp-server.8 ssh-keygen.1]
join .%A entries; most by bk@rt.fm join .%A entries; most by bk@rt.fm
- markus@cvs.openbsd.org 2001/06/23 02:34:33
[kexdh.c kexgex.c kex.h pathnames.h readconf.c servconf.h ssh.1
sshconnect1.c sshconnect2.c sshconnect.c sshconnect.h sshd.8]
get rid of known_hosts2, use it for hostkey lookup, but do not
modify.
20010622 20010622
- (stevesk) handle systems without pw_expire and pw_change. - (stevesk) handle systems without pw_expire and pw_change.
@ -5730,4 +5735,4 @@
- Wrote replacements for strlcpy and mkdtemp - Wrote replacements for strlcpy and mkdtemp
- Released 1.0pre1 - Released 1.0pre1
$Id: ChangeLog,v 1.1308 2001/06/25 04:32:38 mouring Exp $ $Id: ChangeLog,v 1.1309 2001/06/25 04:37:41 mouring Exp $

4
kex.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: kex.h,v 1.22 2001/04/04 20:25:37 markus Exp $ */ /* $OpenBSD: kex.h,v 1.23 2001/06/23 02:34:28 markus Exp $ */
/* /*
* Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2000 Markus Friedl. All rights reserved.
@ -107,7 +107,7 @@ struct Kex {
int flags; int flags;
char *client_version_string; char *client_version_string;
char *server_version_string; char *server_version_string;
int (*check_host_key)(Key *hostkey); int (*verify_host_key)(Key *hostkey);
Key *(*load_host_key)(int type); Key *(*load_host_key)(int type);
}; };

View File

@ -23,7 +23,7 @@
*/ */
#include "includes.h" #include "includes.h"
RCSID("$OpenBSD: kexdh.c,v 1.4 2001/06/07 20:23:04 markus Exp $"); RCSID("$OpenBSD: kexdh.c,v 1.5 2001/06/23 02:34:29 markus Exp $");
#include <openssl/crypto.h> #include <openssl/crypto.h>
#include <openssl/bn.h> #include <openssl/bn.h>
@ -123,9 +123,10 @@ kexdh_client(Kex *kex)
if (server_host_key == NULL) if (server_host_key == NULL)
fatal("cannot decode server_host_key_blob"); fatal("cannot decode server_host_key_blob");
if (kex->check_host_key == NULL) if (kex->verify_host_key == NULL)
fatal("cannot check server_host_key"); fatal("cannot verify server_host_key");
kex->check_host_key(server_host_key); if (kex->verify_host_key(server_host_key) == -1)
fatal("server_host_key verification failed");
/* DH paramter f, server public DH key */ /* DH paramter f, server public DH key */
dh_server_pub = BN_new(); dh_server_pub = BN_new();

View File

@ -24,7 +24,7 @@
*/ */
#include "includes.h" #include "includes.h"
RCSID("$OpenBSD: kexgex.c,v 1.6 2001/06/07 20:23:04 markus Exp $"); RCSID("$OpenBSD: kexgex.c,v 1.7 2001/06/23 02:34:29 markus Exp $");
#include <openssl/bn.h> #include <openssl/bn.h>
@ -177,9 +177,10 @@ kexgex_client(Kex *kex)
if (server_host_key == NULL) if (server_host_key == NULL)
fatal("cannot decode server_host_key_blob"); fatal("cannot decode server_host_key_blob");
if (kex->check_host_key == NULL) if (kex->verify_host_key == NULL)
fatal("cannot check server_host_key"); fatal("cannot verify server_host_key");
kex->check_host_key(server_host_key); if (kex->verify_host_key(server_host_key) == -1)
fatal("server_host_key verification failed");
/* DH paramter f, server public DH key */ /* DH paramter f, server public DH key */
dh_server_pub = BN_new(); dh_server_pub = BN_new();

View File

@ -1,4 +1,4 @@
/* $OpenBSD: pathnames.h,v 1.8 2001/06/22 21:55:49 markus Exp $ */ /* $OpenBSD: pathnames.h,v 1.9 2001/06/23 02:34:30 markus Exp $ */
/* /*
* Author: Tatu Ylonen <ylo@cs.hut.fi> * Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -25,6 +25,7 @@
* world-readable. * world-readable.
*/ */
#define _PATH_SSH_SYSTEM_HOSTFILE ETCDIR "/ssh_known_hosts" #define _PATH_SSH_SYSTEM_HOSTFILE ETCDIR "/ssh_known_hosts"
/* backward compat for protocol 2 */
#define _PATH_SSH_SYSTEM_HOSTFILE2 ETCDIR "/ssh_known_hosts2" #define _PATH_SSH_SYSTEM_HOSTFILE2 ETCDIR "/ssh_known_hosts2"
/* /*
@ -62,6 +63,7 @@
* contain anything particularly secret. * contain anything particularly secret.
*/ */
#define _PATH_SSH_USER_HOSTFILE "~/.ssh/known_hosts" #define _PATH_SSH_USER_HOSTFILE "~/.ssh/known_hosts"
/* backward compat for protocol 2 */
#define _PATH_SSH_USER_HOSTFILE2 "~/.ssh/known_hosts2" #define _PATH_SSH_USER_HOSTFILE2 "~/.ssh/known_hosts2"
/* /*

View File

@ -12,7 +12,7 @@
*/ */
#include "includes.h" #include "includes.h"
RCSID("$OpenBSD: readconf.c,v 1.80 2001/06/08 15:25:40 markus Exp $"); RCSID("$OpenBSD: readconf.c,v 1.81 2001/06/23 02:34:30 markus Exp $");
#include "ssh.h" #include "ssh.h"
#include "xmalloc.h" #include "xmalloc.h"
@ -162,9 +162,9 @@ static struct {
{ "host", oHost }, { "host", oHost },
{ "escapechar", oEscapeChar }, { "escapechar", oEscapeChar },
{ "globalknownhostsfile", oGlobalKnownHostsFile }, { "globalknownhostsfile", oGlobalKnownHostsFile },
{ "userknownhostsfile", oUserKnownHostsFile }, { "userknownhostsfile", oUserKnownHostsFile }, /* obsolete */
{ "globalknownhostsfile2", oGlobalKnownHostsFile2 }, { "globalknownhostsfile2", oGlobalKnownHostsFile2 },
{ "userknownhostsfile2", oUserKnownHostsFile2 }, { "userknownhostsfile2", oUserKnownHostsFile2 }, /* obsolete */
{ "connectionattempts", oConnectionAttempts }, { "connectionattempts", oConnectionAttempts },
{ "batchmode", oBatchMode }, { "batchmode", oBatchMode },
{ "checkhostip", oCheckHostIP }, { "checkhostip", oCheckHostIP },

View File

@ -11,7 +11,7 @@
* called by a name other than "ssh" or "Secure Shell". * called by a name other than "ssh" or "Secure Shell".
*/ */
/* RCSID("$OpenBSD: servconf.h,v 1.43 2001/05/20 17:20:35 markus Exp $"); */ /* RCSID("$OpenBSD: servconf.h,v 1.44 2001/06/23 02:34:31 markus Exp $"); */
#ifndef SERVCONF_H #ifndef SERVCONF_H
#define SERVCONF_H #define SERVCONF_H

51
ssh.1
View File

@ -34,7 +34,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\" .\"
.\" $OpenBSD: ssh.1,v 1.115 2001/06/22 21:55:49 markus Exp $ .\" $OpenBSD: ssh.1,v 1.116 2001/06/23 02:34:31 markus Exp $
.Dd September 25, 1999 .Dd September 25, 1999
.Dt SSH 1 .Dt SSH 1
.Os .Os
@ -361,17 +361,12 @@ electronic purse; another is going through firewalls.
.Nm .Nm
automatically maintains and checks a database containing automatically maintains and checks a database containing
identifications for all hosts it has ever been used with. identifications for all hosts it has ever been used with.
RSA host keys are stored in Host keys are stored in
.Pa $HOME/.ssh/known_hosts .Pa $HOME/.ssh/known_hosts
and
host keys used in the protocol version 2 are stored in
.Pa $HOME/.ssh/known_hosts2
in the user's home directory. in the user's home directory.
Additionally, the files Additionally, the file
.Pa /etc/ssh_known_hosts .Pa /etc/ssh_known_hosts
and is automatically checked for known hosts.
.Pa /etc/ssh_known_hosts2
are automatically checked for known hosts.
Any new hosts are automatically added to the user's file. Any new hosts are automatically added to the user's file.
If a host's identification If a host's identification
ever changes, ever changes,
@ -797,13 +792,9 @@ or
The default is The default is
.Dq no . .Dq no .
.It Cm GlobalKnownHostsFile .It Cm GlobalKnownHostsFile
Specifies a file to use for the protocol version 1 global Specifies a file to use for the global
host key database instead of host key database instead of
.Pa /etc/ssh_known_hosts . .Pa /etc/ssh_known_hosts .
.It Cm GlobalKnownHostsFile2
Specifies a file to use for the protocol version 2 global
host key database instead of
.Pa /etc/ssh_known_hosts2 .
.It Cm HostbasedAuthentication .It Cm HostbasedAuthentication
Specifies whether to try rhosts based authentication with public key Specifies whether to try rhosts based authentication with public key
authentication. authentication.
@ -1036,14 +1027,10 @@ If this flag is set to
.Nm .Nm
will never automatically add host keys to the will never automatically add host keys to the
.Pa $HOME/.ssh/known_hosts .Pa $HOME/.ssh/known_hosts
and file, and refuses to connect to hosts whose host key has changed.
.Pa $HOME/.ssh/known_hosts2
files, and refuses to connect to hosts whose host key has changed.
This provides maximum protection against trojan horse attacks. This provides maximum protection against trojan horse attacks.
However, it can be somewhat annoying if you don't have good However, it can be somewhat annoying if you don't have good
.Pa /etc/ssh_known_hosts .Pa /etc/ssh_known_hosts
and
.Pa /etc/ssh_known_hosts2
files installed and frequently files installed and frequently
connect to new hosts. connect to new hosts.
This option forces the user to manually This option forces the user to manually
@ -1090,13 +1077,9 @@ This can be useful if you have a different user name on different machines.
This saves the trouble of This saves the trouble of
having to remember to give the user name on the command line. having to remember to give the user name on the command line.
.It Cm UserKnownHostsFile .It Cm UserKnownHostsFile
Specifies a file to use for the protocol version 1 user Specifies a file to use for the user
host key database instead of host key database instead of
.Pa $HOME/.ssh/known_hosts . .Pa $HOME/.ssh/known_hosts .
.It Cm UserKnownHostsFile2
Specifies a file to use for the protocol version 2 user
host key database instead of
.Pa $HOME/.ssh/known_hosts2 .
.It Cm UseRsh .It Cm UseRsh
Specifies that rlogin/rsh should be used for this host. Specifies that rlogin/rsh should be used for this host.
It is possible that the host does not at all support the It is possible that the host does not at all support the
@ -1189,13 +1172,10 @@ and adds lines of the format
to the environment. to the environment.
.Sh FILES .Sh FILES
.Bl -tag -width Ds .Bl -tag -width Ds
.It Pa $HOME/.ssh/known_hosts, $HOME/.ssh/known_hosts2 .It Pa $HOME/.ssh/known_hosts
Records host keys for all hosts the user has logged into (that are not Records host keys for all hosts the user has logged into (that are not
in in
.Pa /etc/ssh_known_hosts .Pa /etc/ssh_known_hosts .
for protocol version 1 or
.Pa /etc/ssh_known_hosts2
for protocol version 2).
See See
.Xr sshd 8 . .Xr sshd 8 .
.It Pa $HOME/.ssh/identity, $HOME/.ssh/id_dsa, $HOME/.ssh/id_rsa .It Pa $HOME/.ssh/identity, $HOME/.ssh/id_dsa, $HOME/.ssh/id_rsa
@ -1246,22 +1226,19 @@ Lists the public keys (RSA/DSA) that can be used for logging in as this user.
The format of this file is described in the The format of this file is described in the
.Xr sshd 8 .Xr sshd 8
manual page. manual page.
In the simplest form the format is the same as the .pub
identity files.
This file is not highly sensitive, but the recommended This file is not highly sensitive, but the recommended
permissions are read/write for the user, and not accessible by others. permissions are read/write for the user, and not accessible by others.
.It Pa /etc/ssh_known_hosts, /etc/ssh_known_hosts2 .It Pa /etc/ssh_known_hosts
Systemwide list of known host keys. Systemwide list of known host keys.
.Pa /etc/ssh_known_hosts This file should be prepared by the
contains RSA and
.Pa /etc/ssh_known_hosts2
contains RSA or DSA keys for protocol version 2.
These files should be prepared by the
system administrator to contain the public host keys of all machines in the system administrator to contain the public host keys of all machines in the
organization. organization.
This file should be world-readable. This file should be world-readable.
This file contains This file contains
public keys, one per line, in the following format (fields separated public keys, one per line, in the following format (fields separated
by spaces): system name, number of bits in modulus, public exponent, by spaces): system name, public key and optional comment field.
modulus, and optional comment field.
When different names are used When different names are used
for the same machine, all such names should be listed, separated by for the same machine, all such names should be listed, separated by
commas. commas.

View File

@ -13,7 +13,7 @@
*/ */
#include "includes.h" #include "includes.h"
RCSID("$OpenBSD: sshconnect.c,v 1.107 2001/06/07 20:23:05 markus Exp $"); RCSID("$OpenBSD: sshconnect.c,v 1.108 2001/06/23 02:34:31 markus Exp $");
#include <openssl/bn.h> #include <openssl/bn.h>
@ -467,7 +467,10 @@ read_yes_or_no(const char *prompt, int defval)
while (1) { while (1) {
fprintf(stderr, "%s", prompt); fprintf(stderr, "%s", prompt);
if (fgets(buf, sizeof(buf), f) == NULL) { if (fgets(buf, sizeof(buf), f) == NULL) {
/* Print a newline (the prompt probably didn\'t have one). */ /*
* Print a newline (the prompt probably didn\'t have
* one).
*/
fprintf(stderr, "\n"); fprintf(stderr, "\n");
strlcpy(buf, "no", sizeof buf); strlcpy(buf, "no", sizeof buf);
} }
@ -493,12 +496,13 @@ read_yes_or_no(const char *prompt, int defval)
} }
/* /*
* check whether the supplied host key is valid, return only if ok. * check whether the supplied host key is valid, return -1 if the key
* is not valid. the user_hostfile will not be updated if 'readonly' is true.
*/ */
void int
check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
const char *user_hostfile, const char *system_hostfile) int readonly, const char *user_hostfile, const char *system_hostfile)
{ {
Key *file_key; Key *file_key;
char *type = key_type(host_key); char *type = key_type(host_key);
@ -523,11 +527,13 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
/** hostaddr == 0! */ /** hostaddr == 0! */
switch (hostaddr->sa_family) { switch (hostaddr->sa_family) {
case AF_INET: case AF_INET:
local = (ntohl(((struct sockaddr_in *)hostaddr)->sin_addr.s_addr) >> 24) == IN_LOOPBACKNET; local = (ntohl(((struct sockaddr_in *)hostaddr)->
sin_addr.s_addr) >> 24) == IN_LOOPBACKNET;
salen = sizeof(struct sockaddr_in); salen = sizeof(struct sockaddr_in);
break; break;
case AF_INET6: case AF_INET6:
local = IN6_IS_ADDR_LOOPBACK(&(((struct sockaddr_in6 *)hostaddr)->sin6_addr)); local = IN6_IS_ADDR_LOOPBACK(
&(((struct sockaddr_in6 *)hostaddr)->sin6_addr));
salen = sizeof(struct sockaddr_in6); salen = sizeof(struct sockaddr_in6);
break; break;
default: default:
@ -538,7 +544,7 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
if (local && options.host_key_alias == NULL) { if (local && options.host_key_alias == NULL) {
debug("Forcing accepting of host key for " debug("Forcing accepting of host key for "
"loopback/localhost."); "loopback/localhost.");
return; return 0;
} }
/* /*
@ -582,10 +588,12 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
* hosts or in the systemwide list. * hosts or in the systemwide list.
*/ */
host_file = user_hostfile; host_file = user_hostfile;
host_status = check_host_in_hostfile(host_file, host, host_key, file_key, &host_line); host_status = check_host_in_hostfile(host_file, host, host_key,
file_key, &host_line);
if (host_status == HOST_NEW) { if (host_status == HOST_NEW) {
host_file = system_hostfile; host_file = system_hostfile;
host_status = check_host_in_hostfile(host_file, host, host_key, file_key, &host_line); host_status = check_host_in_hostfile(host_file, host, host_key,
file_key, &host_line);
} }
/* /*
* Also perform check for the ip address, skip the check if we are * Also perform check for the ip address, skip the check if we are
@ -595,10 +603,12 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
Key *ip_key = key_new(host_key->type); Key *ip_key = key_new(host_key->type);
ip_file = user_hostfile; ip_file = user_hostfile;
ip_status = check_host_in_hostfile(ip_file, ip, host_key, ip_key, &ip_line); ip_status = check_host_in_hostfile(ip_file, ip, host_key,
ip_key, &ip_line);
if (ip_status == HOST_NEW) { if (ip_status == HOST_NEW) {
ip_file = system_hostfile; ip_file = system_hostfile;
ip_status = check_host_in_hostfile(ip_file, ip, host_key, ip_key, &ip_line); ip_status = check_host_in_hostfile(ip_file, ip,
host_key, ip_key, &ip_line);
} }
if (host_status == HOST_CHANGED && if (host_status == HOST_CHANGED &&
(ip_status != HOST_CHANGED || !key_equal(ip_key, file_key))) (ip_status != HOST_CHANGED || !key_equal(ip_key, file_key)))
@ -617,32 +627,49 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
host, type); host, type);
debug("Found key in %s:%d", host_file, host_line); debug("Found key in %s:%d", host_file, host_line);
if (options.check_host_ip && ip_status == HOST_NEW) { if (options.check_host_ip && ip_status == HOST_NEW) {
if (!add_host_to_hostfile(user_hostfile, ip, host_key)) if (readonly)
log("Failed to add the %s host key for IP address '%.128s' to the list of known hosts (%.30s).", log("%s host key for IP address "
type, ip, user_hostfile); "'%.128s' not in list of known hosts.",
else
log("Warning: Permanently added the %s host key for IP address '%.128s' to the list of known hosts.",
type, ip); type, ip);
else if (!add_host_to_hostfile(user_hostfile, ip,
host_key))
log("Failed to add the %s host key for IP "
"address '%.128s' to the list of known "
"hosts (%.30s).", type, ip, user_hostfile);
else
log("Warning: Permanently added the %s host "
"key for IP address '%.128s' to the list "
"of known hosts.", type, ip);
} }
break; break;
case HOST_NEW: case HOST_NEW:
if (readonly)
goto fail;
/* The host is new. */ /* The host is new. */
if (options.strict_host_key_checking == 1) { if (options.strict_host_key_checking == 1) {
/* User has requested strict host key checking. We will not add the host key /*
automatically. The only alternative left is to abort. */ * User has requested strict host key checking. We
fatal("No %s host key is known for %.200s and you have requested strict checking.", type, host); * will not add the host key automatically. The only
* alternative left is to abort.
*/
error("No %s host key is known for %.200s and you "
"have requested strict checking.", type, host);
goto fail;
} else if (options.strict_host_key_checking == 2) { } else if (options.strict_host_key_checking == 2) {
/* The default */ /* The default */
char prompt[1024]; char prompt[1024];
fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX); fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX);
snprintf(prompt, sizeof(prompt), snprintf(prompt, sizeof(prompt),
"The authenticity of host '%.200s (%s)' can't be established.\n" "The authenticity of host '%.200s (%s)' can't be "
"established.\n"
"%s key fingerprint is %s.\n" "%s key fingerprint is %s.\n"
"Are you sure you want to continue connecting (yes/no)? ", "Are you sure you want to continue connecting "
host, ip, type, fp); "(yes/no)? ", host, ip, type, fp);
xfree(fp); xfree(fp);
if (!read_yes_or_no(prompt, -1)) if (!read_yes_or_no(prompt, -1)) {
fatal("Aborted by user!"); log("Aborted by user!");
goto fail;
}
} }
if (options.check_host_ip && ip_status == HOST_NEW) { if (options.check_host_ip && ip_status == HOST_NEW) {
snprintf(hostline, sizeof(hostline), "%s,%s", host, ip); snprintf(hostline, sizeof(hostline), "%s,%s", host, ip);
@ -650,13 +677,16 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
} else } else
hostp = host; hostp = host;
/* If not in strict mode, add the key automatically to the local known_hosts file. */ /*
* If not in strict mode, add the key automatically to the
* local known_hosts file.
*/
if (!add_host_to_hostfile(user_hostfile, hostp, host_key)) if (!add_host_to_hostfile(user_hostfile, hostp, host_key))
log("Failed to add the host to the list of known hosts (%.500s).", log("Failed to add the host to the list of known "
user_hostfile); "hosts (%.500s).", user_hostfile);
else else
log("Warning: Permanently added '%.200s' (%s) to the list of known hosts.", log("Warning: Permanently added '%.200s' (%s) to the "
hostp, type); "list of known hosts.", hostp, type);
break; break;
case HOST_CHANGED: case HOST_CHANGED:
if (options.check_host_ip && host_ip_differ) { if (options.check_host_ip && host_ip_differ) {
@ -698,8 +728,11 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
* If strict host key checking is in use, the user will have * If strict host key checking is in use, the user will have
* to edit the key manually and we can only abort. * to edit the key manually and we can only abort.
*/ */
if (options.strict_host_key_checking) if (options.strict_host_key_checking) {
fatal("%s host key for %.200s has changed and you have requested strict checking.", type, host); error("%s host key for %.200s has changed and you have "
"requested strict checking.", type, host);
goto fail;
}
/* /*
* If strict host key checking has not been requested, allow * If strict host key checking has not been requested, allow
@ -707,20 +740,26 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
* agent forwarding. * agent forwarding.
*/ */
if (options.password_authentication) { if (options.password_authentication) {
error("Password authentication is disabled to avoid trojan horses."); error("Password authentication is disabled to avoid "
"man-in-the-middle attacks.");
options.password_authentication = 0; options.password_authentication = 0;
} }
if (options.forward_agent) { if (options.forward_agent) {
error("Agent forwarding is disabled to avoid trojan horses."); error("Agent forwarding is disabled to avoid "
"man-in-the-middle attacks.");
options.forward_agent = 0; options.forward_agent = 0;
} }
if (options.forward_x11) { if (options.forward_x11) {
error("X11 forwarding is disabled to avoid trojan horses."); error("X11 forwarding is disabled to avoid "
"man-in-the-middle attacks.");
options.forward_x11 = 0; options.forward_x11 = 0;
} }
if (options.num_local_forwards > 0 || options.num_remote_forwards > 0) { if (options.num_local_forwards > 0 ||
error("Port forwarding is disabled to avoid trojan horses."); options.num_remote_forwards > 0) {
options.num_local_forwards = options.num_remote_forwards = 0; error("Port forwarding is disabled to avoid "
"man-in-the-middle attacks.");
options.num_local_forwards =
options.num_remote_forwards = 0;
} }
/* /*
* XXX Should permit the user to change to use the new id. * XXX Should permit the user to change to use the new id.
@ -741,15 +780,39 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
log("Matching host key in %s:%d", host_file, host_line); log("Matching host key in %s:%d", host_file, host_line);
log("Offending key for IP in %s:%d", ip_file, ip_line); log("Offending key for IP in %s:%d", ip_file, ip_line);
if (options.strict_host_key_checking == 1) { if (options.strict_host_key_checking == 1) {
fatal("Exiting, you have requested strict checking."); error("Exiting, you have requested strict checking.");
goto fail;
} else if (options.strict_host_key_checking == 2) { } else if (options.strict_host_key_checking == 2) {
if (!read_yes_or_no("Are you sure you want " \ if (!read_yes_or_no("Are you sure you want "
"to continue connecting (yes/no)? ", -1)) "to continue connecting (yes/no)? ", -1)) {
fatal("Aborted by user!"); log("Aborted by user!");
goto fail;
}
} }
} }
xfree(ip); xfree(ip);
return 0;
fail:
xfree(ip);
return -1;
}
int
verify_host_key(char *host, struct sockaddr *hostaddr, Key *host_key)
{
struct stat st;
/* return ok if the key can be found in an old keyfile */
if (stat(options.system_hostfile2, &st) == 0 ||
stat(options.user_hostfile2, &st) == 0) {
if (check_host_key(host, hostaddr, host_key, /*readonly*/ 1,
options.user_hostfile2, options.system_hostfile2) == 0)
return 0;
}
return check_host_key(host, hostaddr, host_key, /*readonly*/ 0,
options.user_hostfile, options.system_hostfile);
} }
/* /*

View File

@ -1,4 +1,4 @@
/* $OpenBSD: sshconnect.h,v 1.9 2001/04/12 19:15:25 markus Exp $ */ /* $OpenBSD: sshconnect.h,v 1.10 2001/06/23 02:34:32 markus Exp $ */
/* /*
* Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2000 Markus Friedl. All rights reserved.
@ -36,9 +36,7 @@ void
ssh_login(Key **keys, int nkeys, const char *orighost, ssh_login(Key **keys, int nkeys, const char *orighost,
struct sockaddr *hostaddr, struct passwd *pw); struct sockaddr *hostaddr, struct passwd *pw);
void int verify_host_key(char *host, struct sockaddr *hostaddr, Key *host_key);
check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
const char *user_hostfile, const char *system_hostfile);
void ssh_kex(char *host, struct sockaddr *hostaddr); void ssh_kex(char *host, struct sockaddr *hostaddr);
void ssh_kex2(char *host, struct sockaddr *hostaddr); void ssh_kex2(char *host, struct sockaddr *hostaddr);

View File

@ -13,7 +13,7 @@
*/ */
#include "includes.h" #include "includes.h"
RCSID("$OpenBSD: sshconnect1.c,v 1.33 2001/06/07 20:23:05 markus Exp $"); RCSID("$OpenBSD: sshconnect1.c,v 1.34 2001/06/23 02:34:32 markus Exp $");
#include <openssl/bn.h> #include <openssl/bn.h>
#include <openssl/evp.h> #include <openssl/evp.h>
@ -784,8 +784,8 @@ ssh_kex(char *host, struct sockaddr *hostaddr)
SSH_SMSG_PUBLIC_KEY); SSH_SMSG_PUBLIC_KEY);
k.type = KEY_RSA1; k.type = KEY_RSA1;
k.rsa = host_key; k.rsa = host_key;
check_host_key(host, hostaddr, &k, if (verify_host_key(host, hostaddr, &k) == -1)
options.user_hostfile, options.system_hostfile); fatal("host_key verification failed");
client_flags = SSH_PROTOFLAG_SCREEN_NUMBER | SSH_PROTOFLAG_HOST_IN_FWD_OPEN; client_flags = SSH_PROTOFLAG_SCREEN_NUMBER | SSH_PROTOFLAG_HOST_IN_FWD_OPEN;

View File

@ -23,7 +23,7 @@
*/ */
#include "includes.h" #include "includes.h"
RCSID("$OpenBSD: sshconnect2.c,v 1.74 2001/05/19 16:32:16 markus Exp $"); RCSID("$OpenBSD: sshconnect2.c,v 1.75 2001/06/23 02:34:33 markus Exp $");
#include <openssl/bn.h> #include <openssl/bn.h>
#include <openssl/md5.h> #include <openssl/md5.h>
@ -73,10 +73,10 @@ struct sockaddr *xxx_hostaddr;
Kex *xxx_kex = NULL; Kex *xxx_kex = NULL;
int int
check_host_key_callback(Key *hostkey) verify_host_key_callback(Key *hostkey)
{ {
check_host_key(xxx_host, xxx_hostaddr, hostkey, if (verify_host_key(xxx_host, xxx_hostaddr, hostkey) == -1)
options.user_hostfile2, options.system_hostfile2); fatal("verify_host_key failed");
return 0; return 0;
} }
@ -119,7 +119,7 @@ ssh_kex2(char *host, struct sockaddr *hostaddr)
kex = kex_setup(myproposal); kex = kex_setup(myproposal);
kex->client_version_string=client_version_string; kex->client_version_string=client_version_string;
kex->server_version_string=server_version_string; kex->server_version_string=server_version_string;
kex->check_host_key=&check_host_key_callback; kex->verify_host_key=&verify_host_key_callback;
xxx_kex = kex; xxx_kex = kex;

20
sshd.8
View File

@ -34,7 +34,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\" .\"
.\" $OpenBSD: sshd.8,v 1.130 2001/06/22 21:55:50 markus Exp $ .\" $OpenBSD: sshd.8,v 1.131 2001/06/23 02:34:33 markus Exp $
.Dd September 25, 1999 .Dd September 25, 1999
.Dt SSHD 8 .Dt SSHD 8
.Os .Os
@ -1025,10 +1025,8 @@ permitopen="10.2.1.55:80",permitopen="10.2.1.56:25" 1024 33 23.\|.\|.\|2323
.Sh SSH_KNOWN_HOSTS FILE FORMAT .Sh SSH_KNOWN_HOSTS FILE FORMAT
The The
.Pa /etc/ssh_known_hosts , .Pa /etc/ssh_known_hosts ,
.Pa /etc/ssh_known_hosts2 ,
.Pa $HOME/.ssh/known_hosts ,
and and
.Pa $HOME/.ssh/known_hosts2 .Pa $HOME/.ssh/known_hosts
files contain host public keys for all known hosts. files contain host public keys for all known hosts.
The global file should The global file should
be prepared by the administrator (optional), and the per-user file is be prepared by the administrator (optional), and the per-user file is
@ -1129,7 +1127,8 @@ files into this file, as described in
.Xr ssh-keygen 1 . .Xr ssh-keygen 1 .
.It Pa "/etc/ssh_known_hosts" and "$HOME/.ssh/known_hosts" .It Pa "/etc/ssh_known_hosts" and "$HOME/.ssh/known_hosts"
These files are consulted when using rhosts with RSA host These files are consulted when using rhosts with RSA host
authentication to check the public key of the host. authentication or protocol version 2 hostbased authentication
to check the public key of the host.
The key must be listed in one of these files to be accepted. The key must be listed in one of these files to be accepted.
The client uses the same files The client uses the same files
to verify that it is connecting to the correct remote host. to verify that it is connecting to the correct remote host.
@ -1138,17 +1137,6 @@ These files should be writable only by root/the owner.
should be world-readable, and should be world-readable, and
.Pa $HOME/.ssh/known_hosts .Pa $HOME/.ssh/known_hosts
can but need not be world-readable. can but need not be world-readable.
.It Pa "/etc/ssh_known_hosts2" and "$HOME/.ssh/known_hosts2"
These files are consulted when using protocol version 2 hostbased
authentication to check the public key of the host.
The key must be listed in one of these files to be accepted.
The client uses the same files
to verify that it is connecting to the correct remote host.
These files should be writable only by root/the owner.
.Pa /etc/ssh_known_hosts2
should be world-readable, and
.Pa $HOME/.ssh/known_hosts2
can but need not be world-readable.
.It Pa /etc/nologin .It Pa /etc/nologin
If this file exists, If this file exists,
.Nm .Nm