- markus@cvs.openbsd.org 2003/08/13 08:46:31

[auth1.c readconf.c readconf.h servconf.c servconf.h ssh.c ssh_config ssh_config.5 sshconnect1.c sshd.8 sshd.c sshd_config sshd_config.5] remove RhostsAuthentication; suggested by djm@ before; ok djm@, deraadt@, fgsch@, miod@, henning@, jakob@ and others
2025-03-25 04:36:33 +00:00 · 2003-08-13 20:37:05 +10:00 · 2003-08-13 20:37:05 +10:00 · ec960f2c93
commit ec960f2c93
parent 3bdbd848ea
14 changed files with 28 additions and 140 deletions
--- a/7
+++ b/7
@ -5,6 +5,11 @@
     [session.c]
     use more portable tcsendbreak(3) and ignore break_length;
     ok deraadt, millert
   - markus@cvs.openbsd.org 2003/08/13 08:46:31
     [auth1.c readconf.c readconf.h servconf.c servconf.h ssh.c ssh_config
     ssh_config.5 sshconnect1.c sshd.8 sshd.c sshd_config sshd_config.5]
     remove RhostsAuthentication; suggested by djm@ before; ok djm@, deraadt@,
     fgsch@, miod@, henning@, jakob@ and others
 20030811
 - (dtucker) OpenBSD CVS Sync
@ -823,4 +828,4 @@
 - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo.
   Report from murple@murple.net, diagnosis from dtucker@zip.com.au
-$Id: ChangeLog,v 1.2890 2003/08/13 10:31:05 dtucker Exp $
+$Id: ChangeLog,v 1.2891 2003/08/13 10:37:05 dtucker Exp $
--- a/auth1.c
+++ b/auth1.c
@ -10,7 +10,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: auth1.c,v 1.49 2003/07/22 13:35:22 markus Exp $");
+RCSID("$OpenBSD: auth1.c,v 1.50 2003/08/13 08:46:30 markus Exp $");
 #include "xmalloc.h"
 #include "rsa.h"
@ -160,26 +160,6 @@ do_authloop(Authctxt *authctxt)
 			break;
 #endif
 		case SSH_CMSG_AUTH_RHOSTS:
 			if (!options.rhosts_authentication) {
 				verbose("Rhosts authentication disabled.");
 				break;
 			}
 			/*
 			 * Get client user name.  Note that we just have to
 			 * trust the client; this is one reason why rhosts
 			 * authentication is insecure. (Another is
 			 * IP-spoofing on a local network.)
 			 */
 			client_user = packet_get_string(&ulen);
 			packet_check_eom();
 			/* Try to authenticate using /etc/hosts.equiv and .rhosts. */
 			authenticated = auth_rhosts(pw, client_user);
 			snprintf(info, sizeof info, " ruser %.100s", client_user);
 			break;
 		case SSH_CMSG_AUTH_RHOSTS_RSA:
 			if (!options.rhosts_rsa_authentication) {
 				verbose("Rhosts with RSA authentication disabled.");
--- a/readconf.c
+++ b/readconf.c
@ -12,7 +12,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: readconf.c,v 1.115 2003/07/22 13:35:22 markus Exp $");
+RCSID("$OpenBSD: readconf.c,v 1.116 2003/08/13 08:46:30 markus Exp $");
 #include "ssh.h"
 #include "xmalloc.h"
@ -57,7 +57,6 @@ RCSID("$OpenBSD: readconf.c,v 1.115 2003/07/22 13:35:22 markus Exp $");
   Host fascist.blob.com
     Port 23123
     User tylonen
     RhostsAuthentication no
     PasswordAuthentication no
   Host puukko.hut.fi
@ -75,7 +74,6 @@ RCSID("$OpenBSD: readconf.c,v 1.115 2003/07/22 13:35:22 markus Exp $");
   Host *
     ForwardAgent no
     ForwardX11 no
     RhostsAuthentication yes
     PasswordAuthentication yes
     RSAAuthentication yes
     RhostsRSAAuthentication yes
@ -91,7 +89,7 @@ RCSID("$OpenBSD: readconf.c,v 1.115 2003/07/22 13:35:22 markus Exp $");
 typedef enum {
 	oBadOption,
-	oForwardAgent, oForwardX11, oGatewayPorts, oRhostsAuthentication,
+	oForwardAgent, oForwardX11, oGatewayPorts,
 	oPasswordAuthentication, oRSAAuthentication,
 	oChallengeResponseAuthentication, oXAuthLocation,
 	oKerberosAuthentication, oKerberosTgtPassing,
@ -122,7 +120,7 @@ static struct {
 	{ "xauthlocation", oXAuthLocation },
 	{ "gatewayports", oGatewayPorts },
 	{ "useprivilegedport", oUsePrivilegedPort },
-	{ "rhostsauthentication", oRhostsAuthentication },
+	{ "rhostsauthentication", oDeprecated },
 	{ "passwordauthentication", oPasswordAuthentication },
 	{ "kbdinteractiveauthentication", oKbdInteractiveAuthentication },
 	{ "kbdinteractivedevices", oKbdInteractiveDevices },
@ -351,10 +349,6 @@ parse_flag:
 		intptr = &options->use_privileged_port;
 		goto parse_flag;
 	case oRhostsAuthentication:
 		intptr = &options->rhosts_authentication;
 		goto parse_flag;
 	case oPasswordAuthentication:
 		intptr = &options->password_authentication;
 		goto parse_flag;
@ -814,7 +808,6 @@ initialize_options(Options * options)
 	options->xauth_location = NULL;
 	options->gateway_ports = -1;
 	options->use_privileged_port = -1;
 	options->rhosts_authentication = -1;
 	options->rsa_authentication = -1;
 	options->pubkey_authentication = -1;
 	options->challenge_response_authentication = -1;
@ -884,8 +877,6 @@ fill_default_options(Options * options)
 		options->gateway_ports = 0;
 	if (options->use_privileged_port == -1)
 		options->use_privileged_port = 0;
 	if (options->rhosts_authentication == -1)
 		options->rhosts_authentication = 0;
 	if (options->rsa_authentication == -1)
 		options->rsa_authentication = 1;
 	if (options->pubkey_authentication == -1)
--- a/readconf.h
+++ b/readconf.h
@ -1,4 +1,4 @@
-/*	$OpenBSD: readconf.h,v 1.52 2003/07/22 13:35:22 markus Exp $	*/
+/*	$OpenBSD: readconf.h,v 1.53 2003/08/13 08:46:30 markus Exp $	*/
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -33,7 +33,6 @@ typedef struct {
 	char   *xauth_location;	/* Location for xauth program */
 	int     gateway_ports;	/* Allow remote connects to forwarded ports. */
 	int     use_privileged_port;	/* Don't use privileged port if false. */
 	int     rhosts_authentication;	/* Try rhosts authentication. */
 	int     rhosts_rsa_authentication;	/* Try rhosts with RSA
 						 * authentication. */
 	int     rsa_authentication;	/* Try RSA authentication. */
--- a/servconf.c
+++ b/servconf.c
@ -10,7 +10,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: servconf.c,v 1.123 2003/07/22 13:35:22 markus Exp $");
+RCSID("$OpenBSD: servconf.c,v 1.124 2003/08/13 08:46:30 markus Exp $");
 #include "ssh.h"
 #include "log.h"
@ -64,7 +64,6 @@ initialize_server_options(ServerOptions *options)
 	options->keepalives = -1;
 	options->log_facility = SYSLOG_FACILITY_NOT_SET;
 	options->log_level = SYSLOG_LEVEL_NOT_SET;
 	options->rhosts_authentication = -1;
 	options->rhosts_rsa_authentication = -1;
 	options->hostbased_authentication = -1;
 	options->hostbased_uses_name_from_packet_only = -1;
@ -165,8 +164,6 @@ fill_default_server_options(ServerOptions *options)
 		options->log_facility = SYSLOG_FACILITY_AUTH;
 	if (options->log_level == SYSLOG_LEVEL_NOT_SET)
 		options->log_level = SYSLOG_LEVEL_INFO;
 	if (options->rhosts_authentication == -1)
 		options->rhosts_authentication = 0;
 	if (options->rhosts_rsa_authentication == -1)
 		options->rhosts_rsa_authentication = 0;
 	if (options->hostbased_authentication == -1)
@ -248,7 +245,7 @@ typedef enum {
 	/* Standard Options */
 	sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
 	sPermitRootLogin, sLogFacility, sLogLevel,
-	sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication,
+	sRhostsRSAAuthentication, sRSAAuthentication,
 	sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
 	sKerberosTgtPassing, sChallengeResponseAuthentication,
 	sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress,
@ -288,7 +285,7 @@ static struct {
 	{ "permitrootlogin", sPermitRootLogin },
 	{ "syslogfacility", sLogFacility },
 	{ "loglevel", sLogLevel },
-	{ "rhostsauthentication", sRhostsAuthentication },
+	{ "rhostsauthentication", sDeprecated },
 	{ "rhostsrsaauthentication", sRhostsRSAAuthentication },
 	{ "hostbasedauthentication", sHostbasedAuthentication },
 	{ "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly },
@ -589,10 +586,6 @@ parse_flag:
 		intptr = &options->ignore_user_known_hosts;
 		goto parse_flag;
 	case sRhostsAuthentication:
 		intptr = &options->rhosts_authentication;
 		goto parse_flag;
 	case sRhostsRSAAuthentication:
 		intptr = &options->rhosts_rsa_authentication;
 		goto parse_flag;
--- a/servconf.h
+++ b/servconf.h
@ -1,4 +1,4 @@
-/*	$OpenBSD: servconf.h,v 1.62 2003/07/22 13:35:22 markus Exp $	*/
+/*	$OpenBSD: servconf.h,v 1.63 2003/08/13 08:46:30 markus Exp $	*/
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -65,8 +65,6 @@ typedef struct {
 	int     gateway_ports;	/* If true, allow remote connects to forwarded ports. */
 	SyslogFacility log_facility;	/* Facility for system logging. */
 	LogLevel log_level;	/* Level for system logging. */
 	int     rhosts_authentication;	/* If true, permit rhosts
 					 * authentication. */
 	int     rhosts_rsa_authentication;	/* If true, permit rhosts RSA
 						 * authentication. */
 	int     hostbased_authentication;	/* If true, permit ssh2 hostbased auth */
--- a/ssh.c
+++ b/ssh.c
@ -40,7 +40,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: ssh.c,v 1.198 2003/07/22 13:35:22 markus Exp $");
+RCSID("$OpenBSD: ssh.c,v 1.199 2003/08/13 08:46:30 markus Exp $");
 #include <openssl/evp.h>
 #include <openssl/err.h>
@ -600,19 +600,7 @@ again:
 	    strcmp(options.proxy_command, "none") == 0)
 		options.proxy_command = NULL;
 	/* Disable rhosts authentication if not running as root. */
 #ifdef HAVE_CYGWIN
 	/* Ignore uid if running under Windows */
 	if (!options.use_privileged_port) {
 #else
 	if (original_effective_uid != 0 || !options.use_privileged_port) {
 #endif
 		debug("Rhosts Authentication disabled, "
 		    "originating port will not be trusted.");
 		options.rhosts_authentication = 0;
 	}
 	/* Open a connection to the remote host. */
 	if (ssh_connect(host, &hostaddr, options.port,
 	    options.address_family, options.connection_attempts,
 #ifdef HAVE_CYGWIN
--- a/3
+++ b/3
@ -1,4 +1,4 @@
-#	$OpenBSD: ssh_config,v 1.18 2003/05/16 03:27:12 djm Exp $
+#	$OpenBSD: ssh_config,v 1.19 2003/08/13 08:46:31 markus Exp $
 # This is the ssh client system-wide configuration file.  See
 # ssh_config(5) for more information.  This file provides defaults for
@ -18,7 +18,6 @@
 # Host *
 #   ForwardAgent no
 #   ForwardX11 no
 #   RhostsAuthentication no
 #   RhostsRSAAuthentication no
 #   RSAAuthentication yes
 #   PasswordAuthentication yes
--- a/ssh_config.5
+++ b/ssh_config.5
@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh_config.5,v 1.16 2003/07/22 13:35:22 markus Exp $
+.\" $OpenBSD: ssh_config.5,v 1.17 2003/08/13 08:46:31 markus Exp $
 .Dd September 25, 1999
 .Dt SSH_CONFIG 5
 .Os
@ -529,26 +529,6 @@ IPv6 addresses can be specified with an alternative syntax:
 Multiple forwardings may be specified, and additional
 forwardings can be given on the command line.
 Only the superuser can forward privileged ports.
 .It Cm RhostsAuthentication
 Specifies whether to try rhosts based authentication.
 Note that this
 declaration only affects the client side and has no effect whatsoever
 on security.
 Most servers do not permit RhostsAuthentication because it
 is not secure (see
 .Cm RhostsRSAAuthentication ) .
 The argument to this keyword must be
 .Dq yes
 or
 .Dq no .
 The default is
 .Dq no .
 This option applies to protocol version 1 only and requires
 .Nm ssh
 to be setuid root and
 .Cm UsePrivilegedPort
 to be set to
 .Dq yes .
 .It Cm RhostsRSAAuthentication
 Specifies whether to try rhosts based authentication with RSA host
 authentication.
@ -629,11 +609,9 @@ If set to
 must be setuid root.
 Note that this option must be set to
 .Dq yes
-if
+for
 .Cm RhostsAuthentication
 and
 .Cm RhostsRSAAuthentication
-authentications are needed with older servers.
+with older servers.
 .It Cm User
 Specifies the user to log in as.
 This can be useful when a different user name is used on different machines.
--- a/sshconnect1.c
+++ b/sshconnect1.c
@ -13,7 +13,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: sshconnect1.c,v 1.54 2003/07/22 13:35:22 markus Exp $");
+RCSID("$OpenBSD: sshconnect1.c,v 1.55 2003/08/13 08:46:31 markus Exp $");
 #include <openssl/bn.h>
 #include <openssl/md5.h>
@ -931,26 +931,6 @@ ssh_userauth1(const char *local_user, const char *server_user, char *host,
 	}
 #endif /* KRB5 */
 	/*
 	 * Use rhosts authentication if running in privileged socket and we
 	 * do not wish to remain anonymous.
 	 */
 	if ((supported_authentications & (1 << SSH_AUTH_RHOSTS)) &&
 	    options.rhosts_authentication) {
 		debug("Trying rhosts authentication.");
 		packet_start(SSH_CMSG_AUTH_RHOSTS);
 		packet_put_cstring(local_user);
 		packet_send();
 		packet_write_wait();
 		/* The server should respond with success or failure. */
 		type = packet_read();
 		if (type == SSH_SMSG_SUCCESS)
 			goto success;
 		if (type != SSH_SMSG_FAILURE)
 			packet_disconnect("Protocol error: got %d in response to rhosts auth",
 					  type);
 	}
 	/*
 	 * Try .rhosts or /etc/hosts.equiv authentication with RSA host
 	 * authentication.
--- a/sshd.8
+++ b/sshd.8
@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd.8,v 1.198 2003/06/10 09:12:12 jmc Exp $
+.\" $OpenBSD: sshd.8,v 1.199 2003/08/13 08:46:31 markus Exp $
 .Dd September 25, 1999
 .Dt SSHD 8
 .Os
@ -292,7 +292,6 @@ may also be used to prevent
 from making DNS requests unless the authentication
 mechanism or configuration requires it.
 Authentication mechanisms that may require DNS include
 .Cm RhostsAuthentication ,
 .Cm RhostsRSAAuthentication ,
 .Cm HostbasedAuthentication
 and using a
--- a/sshd.c
+++ b/sshd.c
@ -42,7 +42,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.274 2003/07/22 13:35:22 markus Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.275 2003/08/13 08:46:31 markus Exp $");
 #include <openssl/dh.h>
 #include <openssl/bn.h>
@ -1462,20 +1462,7 @@ main(int ac, char **av)
 		alarm(options.login_grace_time);
 	sshd_exchange_identification(sock_in, sock_out);
-	/*
+
 	 * Check that the connection comes from a privileged port.
 	 * Rhosts-Authentication only makes sense from privileged
 	 * programs.  Of course, if the intruder has root access on his local
 	 * machine, he can connect from any port.  So do not use these
 	 * authentication methods from machines that you do not trust.
 	 */
 	if (options.rhosts_authentication &&
 	    (remote_port >= IPPORT_RESERVED ||
 	    remote_port < IPPORT_RESERVED / 2)) {
 		debug("Rhosts Authentication disabled, "
 		    "originating port %d not trusted.", remote_port);
 		options.rhosts_authentication = 0;
 	}
 #ifdef KRB5
 	if (!packet_connection_is_ipv4() &&
 	    options.kerberos_authentication) {
@ -1643,8 +1630,6 @@ do_ssh1_kex(void)
 	/* Declare supported authentication types. */
 	auth_mask = 0;
 	if (options.rhosts_authentication)
 		auth_mask |= 1 << SSH_AUTH_RHOSTS;
 	if (options.rhosts_rsa_authentication)
 		auth_mask |= 1 << SSH_AUTH_RHOSTS_RSA;
 	if (options.rsa_authentication)
--- a/8
+++ b/8
@ -1,4 +1,4 @@
-#	$OpenBSD: sshd_config,v 1.62 2003/07/23 07:42:43 markus Exp $
+#	$OpenBSD: sshd_config,v 1.63 2003/08/13 08:46:31 markus Exp $
 # This is the sshd server system-wide configuration file.  See
 # sshd_config(5) for more information.
@ -40,10 +40,6 @@
 #PubkeyAuthentication yes
 #AuthorizedKeysFile	.ssh/authorized_keys
 # rhosts authentication should not be used
 #RhostsAuthentication no
 # Don't read the user's ~/.rhosts and ~/.shosts files
 #IgnoreRhosts yes
 # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
 #RhostsRSAAuthentication no
 # similar for protocol version 2
@ -51,6 +47,8 @@
 # Change to yes if you don't trust ~/.ssh/known_hosts for
 # RhostsRSAAuthentication and HostbasedAuthentication
 #IgnoreUserKnownHosts no
 # Don't read the user's ~/.rhosts and ~/.shosts files
 #IgnoreRhosts yes
 # To disable tunneled clear text passwords, change to no here!
 #PasswordAuthentication yes
--- a/sshd_config.5
+++ b/sshd_config.5
@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd_config.5,v 1.21 2003/07/22 13:35:22 markus Exp $
+.\" $OpenBSD: sshd_config.5,v 1.22 2003/08/13 08:46:31 markus Exp $
 .Dd September 25, 1999
 .Dt SSHD_CONFIG 5
 .Os
@ -260,7 +260,6 @@ Specifies that
 and
 .Pa .shosts
 files will not be used in
 .Cm RhostsAuthentication ,
 .Cm RhostsRSAAuthentication
 or
 .Cm HostbasedAuthentication .
@ -529,10 +528,6 @@ Specifies whether public key authentication is allowed.
 The default is
 .Dq yes .
 Note that this option applies to protocol version 2 only.
 .It Cm RhostsAuthentication
 Specifies whether authentication using rhosts or /etc/hosts.equiv
 files is sufficient.
 Normally, this method should not be permitted because it is insecure.
 .Cm RhostsRSAAuthentication
 should be used
 instead, because it performs RSA-based host authentication in addition