diff options
| author | Markus Friedl <markus@cvs.openbsd.org> | 2000-01-18 09:42:19 +0000 |
|---|---|---|
| committer | Markus Friedl <markus@cvs.openbsd.org> | 2000-01-18 09:42:19 +0000 |
| commit | 087f72b74c380f614587e63475053f9927827dd8 (patch) | |
| tree | 44b42afbe7998e73d6d40ca92d487eb8dbf1413e | |
| parent | 646ae9333319b6f0ade32997719b2e2a34378c29 (diff) | |
disable agent fwding for proto 1.3, remove abuse of auth-rsa flags.
| -rw-r--r-- | usr.bin/ssh/sshconnect.c | 7 | ||||
| -rw-r--r-- | usr.bin/ssh/sshd.c | 9 |
2 files changed, 6 insertions, 10 deletions
diff --git a/usr.bin/ssh/sshconnect.c b/usr.bin/ssh/sshconnect.c index 22bbc64f166..ac8f4937143 100644 --- a/usr.bin/ssh/sshconnect.c +++ b/usr.bin/ssh/sshconnect.c @@ -8,7 +8,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect.c,v 1.52 2000/01/16 23:53:02 markus Exp $"); +RCSID("$OpenBSD: sshconnect.c,v 1.53 2000/01/18 09:42:17 markus Exp $"); #include <ssl/bn.h> #include "xmalloc.h" @@ -985,9 +985,8 @@ ssh_exchange_identification() /* We speak 1.3, too. */ if (remote_major == 1 && remote_minor == 3) { enable_compat13(); - if (options.forward_agent && strcmp(remote_version, "OpenSSH-1.1") != 0) { - log("Agent forwarding disabled, remote version '%s' is not compatible.", - remote_version); + if (options.forward_agent) { + log("Agent forwarding disabled for protocol 1.3"); options.forward_agent = 0; } } diff --git a/usr.bin/ssh/sshd.c b/usr.bin/ssh/sshd.c index 1c8b3aee5f1..a8cdabb8bef 100644 --- a/usr.bin/ssh/sshd.c +++ b/usr.bin/ssh/sshd.c @@ -11,7 +11,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshd.c,v 1.77 2000/01/16 23:03:10 markus Exp $"); +RCSID("$OpenBSD: sshd.c,v 1.78 2000/01/18 09:42:18 markus Exp $"); #include <poll.h> @@ -830,11 +830,8 @@ main(int ac, char **av) packet_disconnect("Your ssh version is too old and is no longer supported. Please install a newer version."); if (remote_major == 1 && remote_minor == 3) { + /* note that this disables agent-forwarding */ enable_compat13(); - if (strcmp(remote_version, "OpenSSH-1.1") != 0) { - debug("Agent forwarding disabled, remote version is not compatible."); - no_agent_forwarding_flag = 1; - } } /* * Check that the connection comes from a privileged port. Rhosts- @@ -1730,7 +1727,7 @@ do_authenticated(struct passwd * pw) #endif /* XAUTH_PATH */ case SSH_CMSG_AGENT_REQUEST_FORWARDING: - if (no_agent_forwarding_flag) { + if (no_agent_forwarding_flag || compat13) { debug("Authentication agent forwarding not permitted for this authentication."); goto fail; } |