diff options
| author | Markus Friedl <markus@cvs.openbsd.org> | 2003-08-13 08:46:32 +0000 |
|---|---|---|
| committer | Markus Friedl <markus@cvs.openbsd.org> | 2003-08-13 08:46:32 +0000 |
| commit | 3deff503c6f9bd16ae662d0f7b34eb292d1171ea (patch) | |
| tree | 3c77e46eb682b9d988e1393a547e34dbfcdb3b25 | |
| parent | 3dcabf584ce175350348728b9812a2936494bf4d (diff) | |
remove RhostsAuthentication; suggested by djm@ before; ok djm@, deraadt@,
fgsch@, miod@, henning@, jakob@ and others
| -rw-r--r-- | usr.bin/ssh/auth1.c | 23 | ||||
| -rw-r--r-- | usr.bin/ssh/readconf.c | 15 | ||||
| -rw-r--r-- | usr.bin/ssh/readconf.h | 3 | ||||
| -rw-r--r-- | usr.bin/ssh/servconf.c | 13 | ||||
| -rw-r--r-- | usr.bin/ssh/servconf.h | 4 | ||||
| -rw-r--r-- | usr.bin/ssh/ssh.c | 9 | ||||
| -rw-r--r-- | usr.bin/ssh/ssh_config | 3 | ||||
| -rw-r--r-- | usr.bin/ssh/ssh_config.5 | 28 | ||||
| -rw-r--r-- | usr.bin/ssh/sshconnect1.c | 22 | ||||
| -rw-r--r-- | usr.bin/ssh/sshd.8 | 3 | ||||
| -rw-r--r-- | usr.bin/ssh/sshd.c | 19 | ||||
| -rw-r--r-- | usr.bin/ssh/sshd_config | 8 | ||||
| -rw-r--r-- | usr.bin/ssh/sshd_config.5 | 7 |
13 files changed, 22 insertions, 135 deletions
diff --git a/usr.bin/ssh/auth1.c b/usr.bin/ssh/auth1.c index 3dd09a34f3b..dea027f3023 100644 --- a/usr.bin/ssh/auth1.c +++ b/usr.bin/ssh/auth1.c @@ -10,7 +10,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth1.c,v 1.49 2003/07/22 13:35:22 markus Exp $"); +RCSID("$OpenBSD: auth1.c,v 1.50 2003/08/13 08:46:30 markus Exp $"); #include "xmalloc.h" #include "rsa.h" @@ -147,27 +147,6 @@ do_authloop(Authctxt *authctxt) break; #endif - case SSH_CMSG_AUTH_RHOSTS: - if (!options.rhosts_authentication) { - verbose("Rhosts authentication disabled."); - break; - } - /* - * Get client user name. Note that we just have to - * trust the client; this is one reason why rhosts - * authentication is insecure. (Another is - * IP-spoofing on a local network.) - */ - client_user = packet_get_string(&ulen); - packet_check_eom(); - - /* Try to authenticate using /etc/hosts.equiv and .rhosts. */ - authenticated = auth_rhosts(pw, client_user); - - snprintf(info, sizeof info, " ruser %.100s", client_user); - xfree(client_user); - break; - case SSH_CMSG_AUTH_RHOSTS_RSA: if (!options.rhosts_rsa_authentication) { verbose("Rhosts with RSA authentication disabled."); diff --git a/usr.bin/ssh/readconf.c b/usr.bin/ssh/readconf.c index f4e0dcadefb..fca2a684f9b 100644 --- a/usr.bin/ssh/readconf.c +++ b/usr.bin/ssh/readconf.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: readconf.c,v 1.115 2003/07/22 13:35:22 markus Exp $"); +RCSID("$OpenBSD: readconf.c,v 1.116 2003/08/13 08:46:30 markus Exp $"); #include "ssh.h" #include "xmalloc.h" @@ -57,7 +57,6 @@ RCSID("$OpenBSD: readconf.c,v 1.115 2003/07/22 13:35:22 markus Exp $"); Host fascist.blob.com Port 23123 User tylonen - RhostsAuthentication no PasswordAuthentication no Host puukko.hut.fi @@ -75,7 +74,6 @@ RCSID("$OpenBSD: readconf.c,v 1.115 2003/07/22 13:35:22 markus Exp $"); Host * ForwardAgent no ForwardX11 no - RhostsAuthentication yes PasswordAuthentication yes RSAAuthentication yes RhostsRSAAuthentication yes @@ -91,7 +89,7 @@ RCSID("$OpenBSD: readconf.c,v 1.115 2003/07/22 13:35:22 markus Exp $"); typedef enum { oBadOption, - oForwardAgent, oForwardX11, oGatewayPorts, oRhostsAuthentication, + oForwardAgent, oForwardX11, oGatewayPorts, oPasswordAuthentication, oRSAAuthentication, oChallengeResponseAuthentication, oXAuthLocation, oKerberosAuthentication, oKerberosTgtPassing, @@ -122,7 +120,7 @@ static struct { { "xauthlocation", oXAuthLocation }, { "gatewayports", oGatewayPorts }, { "useprivilegedport", oUsePrivilegedPort }, - { "rhostsauthentication", oRhostsAuthentication }, + { "rhostsauthentication", oDeprecated }, { "passwordauthentication", oPasswordAuthentication }, { "kbdinteractiveauthentication", oKbdInteractiveAuthentication }, { "kbdinteractivedevices", oKbdInteractiveDevices }, @@ -349,10 +347,6 @@ parse_flag: intptr = &options->use_privileged_port; goto parse_flag; - case oRhostsAuthentication: - intptr = &options->rhosts_authentication; - goto parse_flag; - case oPasswordAuthentication: intptr = &options->password_authentication; goto parse_flag; @@ -812,7 +806,6 @@ initialize_options(Options * options) options->xauth_location = NULL; options->gateway_ports = -1; options->use_privileged_port = -1; - options->rhosts_authentication = -1; options->rsa_authentication = -1; options->pubkey_authentication = -1; options->challenge_response_authentication = -1; @@ -882,8 +875,6 @@ fill_default_options(Options * options) options->gateway_ports = 0; if (options->use_privileged_port == -1) options->use_privileged_port = 0; - if (options->rhosts_authentication == -1) - options->rhosts_authentication = 0; if (options->rsa_authentication == -1) options->rsa_authentication = 1; if (options->pubkey_authentication == -1) diff --git a/usr.bin/ssh/readconf.h b/usr.bin/ssh/readconf.h index cc94253e6ac..6fbf467e544 100644 --- a/usr.bin/ssh/readconf.h +++ b/usr.bin/ssh/readconf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.h,v 1.52 2003/07/22 13:35:22 markus Exp $ */ +/* $OpenBSD: readconf.h,v 1.53 2003/08/13 08:46:30 markus Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -33,7 +33,6 @@ typedef struct { char *xauth_location; /* Location for xauth program */ int gateway_ports; /* Allow remote connects to forwarded ports. */ int use_privileged_port; /* Don't use privileged port if false. */ - int rhosts_authentication; /* Try rhosts authentication. */ int rhosts_rsa_authentication; /* Try rhosts with RSA * authentication. */ int rsa_authentication; /* Try RSA authentication. */ diff --git a/usr.bin/ssh/servconf.c b/usr.bin/ssh/servconf.c index d57a221cb56..0aea8db3df4 100644 --- a/usr.bin/ssh/servconf.c +++ b/usr.bin/ssh/servconf.c @@ -10,7 +10,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: servconf.c,v 1.123 2003/07/22 13:35:22 markus Exp $"); +RCSID("$OpenBSD: servconf.c,v 1.124 2003/08/13 08:46:30 markus Exp $"); #include "ssh.h" #include "log.h" @@ -59,7 +59,6 @@ initialize_server_options(ServerOptions *options) options->keepalives = -1; options->log_facility = SYSLOG_FACILITY_NOT_SET; options->log_level = SYSLOG_LEVEL_NOT_SET; - options->rhosts_authentication = -1; options->rhosts_rsa_authentication = -1; options->hostbased_authentication = -1; options->hostbased_uses_name_from_packet_only = -1; @@ -155,8 +154,6 @@ fill_default_server_options(ServerOptions *options) options->log_facility = SYSLOG_FACILITY_AUTH; if (options->log_level == SYSLOG_LEVEL_NOT_SET) options->log_level = SYSLOG_LEVEL_INFO; - if (options->rhosts_authentication == -1) - options->rhosts_authentication = 0; if (options->rhosts_rsa_authentication == -1) options->rhosts_rsa_authentication = 0; if (options->hostbased_authentication == -1) @@ -225,7 +222,7 @@ typedef enum { sBadOption, /* == unknown option */ sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime, sPermitRootLogin, sLogFacility, sLogLevel, - sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication, + sRhostsRSAAuthentication, sRSAAuthentication, sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup, sKerberosTgtPassing, sChallengeResponseAuthentication, sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress, @@ -258,7 +255,7 @@ static struct { { "permitrootlogin", sPermitRootLogin }, { "syslogfacility", sLogFacility }, { "loglevel", sLogLevel }, - { "rhostsauthentication", sRhostsAuthentication }, + { "rhostsauthentication", sDeprecated }, { "rhostsrsaauthentication", sRhostsRSAAuthentication }, { "hostbasedauthentication", sHostbasedAuthentication }, { "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly }, @@ -553,10 +550,6 @@ parse_flag: intptr = &options->ignore_user_known_hosts; goto parse_flag; - case sRhostsAuthentication: - intptr = &options->rhosts_authentication; - goto parse_flag; - case sRhostsRSAAuthentication: intptr = &options->rhosts_rsa_authentication; goto parse_flag; diff --git a/usr.bin/ssh/servconf.h b/usr.bin/ssh/servconf.h index 13b6e32fff5..b9c6d894067 100644 --- a/usr.bin/ssh/servconf.h +++ b/usr.bin/ssh/servconf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.h,v 1.62 2003/07/22 13:35:22 markus Exp $ */ +/* $OpenBSD: servconf.h,v 1.63 2003/08/13 08:46:30 markus Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -65,8 +65,6 @@ typedef struct { int gateway_ports; /* If true, allow remote connects to forwarded ports. */ SyslogFacility log_facility; /* Facility for system logging. */ LogLevel log_level; /* Level for system logging. */ - int rhosts_authentication; /* If true, permit rhosts - * authentication. */ int rhosts_rsa_authentication; /* If true, permit rhosts RSA * authentication. */ int hostbased_authentication; /* If true, permit ssh2 hostbased auth */ diff --git a/usr.bin/ssh/ssh.c b/usr.bin/ssh/ssh.c index 1c7960f1704..2c8b931b217 100644 --- a/usr.bin/ssh/ssh.c +++ b/usr.bin/ssh/ssh.c @@ -40,7 +40,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh.c,v 1.198 2003/07/22 13:35:22 markus Exp $"); +RCSID("$OpenBSD: ssh.c,v 1.199 2003/08/13 08:46:30 markus Exp $"); #include <openssl/evp.h> #include <openssl/err.h> @@ -589,14 +589,7 @@ again: strcmp(options.proxy_command, "none") == 0) options.proxy_command = NULL; - /* Disable rhosts authentication if not running as root. */ - if (original_effective_uid != 0 || !options.use_privileged_port) { - debug("Rhosts Authentication disabled, " - "originating port will not be trusted."); - options.rhosts_authentication = 0; - } /* Open a connection to the remote host. */ - if (ssh_connect(host, &hostaddr, options.port, options.address_family, options.connection_attempts, original_effective_uid == 0 && options.use_privileged_port, diff --git a/usr.bin/ssh/ssh_config b/usr.bin/ssh/ssh_config index 721e374e0fb..2692e89137e 100644 --- a/usr.bin/ssh/ssh_config +++ b/usr.bin/ssh/ssh_config @@ -1,4 +1,4 @@ -# $OpenBSD: ssh_config,v 1.18 2003/05/16 03:27:12 djm Exp $ +# $OpenBSD: ssh_config,v 1.19 2003/08/13 08:46:31 markus Exp $ # This is the ssh client system-wide configuration file. See # ssh_config(5) for more information. This file provides defaults for @@ -18,7 +18,6 @@ # Host * # ForwardAgent no # ForwardX11 no -# RhostsAuthentication no # RhostsRSAAuthentication no # RSAAuthentication yes # PasswordAuthentication yes diff --git a/usr.bin/ssh/ssh_config.5 b/usr.bin/ssh/ssh_config.5 index 3a79af8f072..fb341d79b02 100644 --- a/usr.bin/ssh/ssh_config.5 +++ b/usr.bin/ssh/ssh_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.16 2003/07/22 13:35:22 markus Exp $ +.\" $OpenBSD: ssh_config.5,v 1.17 2003/08/13 08:46:31 markus Exp $ .Dd September 25, 1999 .Dt SSH_CONFIG 5 .Os @@ -529,26 +529,6 @@ IPv6 addresses can be specified with an alternative syntax: Multiple forwardings may be specified, and additional forwardings can be given on the command line. Only the superuser can forward privileged ports. -.It Cm RhostsAuthentication -Specifies whether to try rhosts based authentication. -Note that this -declaration only affects the client side and has no effect whatsoever -on security. -Most servers do not permit RhostsAuthentication because it -is not secure (see -.Cm RhostsRSAAuthentication ) . -The argument to this keyword must be -.Dq yes -or -.Dq no . -The default is -.Dq no . -This option applies to protocol version 1 only and requires -.Nm ssh -to be setuid root and -.Cm UsePrivilegedPort -to be set to -.Dq yes . .It Cm RhostsRSAAuthentication Specifies whether to try rhosts based authentication with RSA host authentication. @@ -629,11 +609,9 @@ If set to must be setuid root. Note that this option must be set to .Dq yes -if -.Cm RhostsAuthentication -and +for .Cm RhostsRSAAuthentication -authentications are needed with older servers. +with older servers. .It Cm User Specifies the user to log in as. This can be useful when a different user name is used on different machines. diff --git a/usr.bin/ssh/sshconnect1.c b/usr.bin/ssh/sshconnect1.c index 67f0545f606..9cc827b08fd 100644 --- a/usr.bin/ssh/sshconnect1.c +++ b/usr.bin/ssh/sshconnect1.c @@ -13,7 +13,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect1.c,v 1.54 2003/07/22 13:35:22 markus Exp $"); +RCSID("$OpenBSD: sshconnect1.c,v 1.55 2003/08/13 08:46:31 markus Exp $"); #include <openssl/bn.h> #include <openssl/md5.h> @@ -886,26 +886,6 @@ ssh_userauth1(const char *local_user, const char *server_user, char *host, #endif /* KRB5 */ /* - * Use rhosts authentication if running in privileged socket and we - * do not wish to remain anonymous. - */ - if ((supported_authentications & (1 << SSH_AUTH_RHOSTS)) && - options.rhosts_authentication) { - debug("Trying rhosts authentication."); - packet_start(SSH_CMSG_AUTH_RHOSTS); - packet_put_cstring(local_user); - packet_send(); - packet_write_wait(); - - /* The server should respond with success or failure. */ - type = packet_read(); - if (type == SSH_SMSG_SUCCESS) - goto success; - if (type != SSH_SMSG_FAILURE) - packet_disconnect("Protocol error: got %d in response to rhosts auth", - type); - } - /* * Try .rhosts or /etc/hosts.equiv authentication with RSA host * authentication. */ diff --git a/usr.bin/ssh/sshd.8 b/usr.bin/ssh/sshd.8 index 1cad834f691..4749fab845f 100644 --- a/usr.bin/ssh/sshd.8 +++ b/usr.bin/ssh/sshd.8 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.198 2003/06/10 09:12:12 jmc Exp $ +.\" $OpenBSD: sshd.8,v 1.199 2003/08/13 08:46:31 markus Exp $ .Dd September 25, 1999 .Dt SSHD 8 .Os @@ -292,7 +292,6 @@ may also be used to prevent from making DNS requests unless the authentication mechanism or configuration requires it. Authentication mechanisms that may require DNS include -.Cm RhostsAuthentication , .Cm RhostsRSAAuthentication , .Cm HostbasedAuthentication and using a diff --git a/usr.bin/ssh/sshd.c b/usr.bin/ssh/sshd.c index 7db6a6e01ac..fcb0f4983e5 100644 --- a/usr.bin/ssh/sshd.c +++ b/usr.bin/ssh/sshd.c @@ -42,7 +42,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshd.c,v 1.274 2003/07/22 13:35:22 markus Exp $"); +RCSID("$OpenBSD: sshd.c,v 1.275 2003/08/13 08:46:31 markus Exp $"); #include <openssl/dh.h> #include <openssl/bn.h> @@ -1395,20 +1395,7 @@ main(int ac, char **av) alarm(options.login_grace_time); sshd_exchange_identification(sock_in, sock_out); - /* - * Check that the connection comes from a privileged port. - * Rhosts-Authentication only makes sense from privileged - * programs. Of course, if the intruder has root access on his local - * machine, he can connect from any port. So do not use these - * authentication methods from machines that you do not trust. - */ - if (options.rhosts_authentication && - (remote_port >= IPPORT_RESERVED || - remote_port < IPPORT_RESERVED / 2)) { - debug("Rhosts Authentication disabled, " - "originating port %d not trusted.", remote_port); - options.rhosts_authentication = 0; - } + #ifdef KRB5 if (!packet_connection_is_ipv4() && options.kerberos_authentication) { @@ -1567,8 +1554,6 @@ do_ssh1_kex(void) /* Declare supported authentication types. */ auth_mask = 0; - if (options.rhosts_authentication) - auth_mask |= 1 << SSH_AUTH_RHOSTS; if (options.rhosts_rsa_authentication) auth_mask |= 1 << SSH_AUTH_RHOSTS_RSA; if (options.rsa_authentication) diff --git a/usr.bin/ssh/sshd_config b/usr.bin/ssh/sshd_config index 75726871c0b..acbe9028c3d 100644 --- a/usr.bin/ssh/sshd_config +++ b/usr.bin/ssh/sshd_config @@ -1,4 +1,4 @@ -# $OpenBSD: sshd_config,v 1.62 2003/07/23 07:42:43 markus Exp $ +# $OpenBSD: sshd_config,v 1.63 2003/08/13 08:46:31 markus Exp $ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. @@ -38,10 +38,6 @@ #PubkeyAuthentication yes #AuthorizedKeysFile .ssh/authorized_keys -# rhosts authentication should not be used -#RhostsAuthentication no -# Don't read the user's ~/.rhosts and ~/.shosts files -#IgnoreRhosts yes # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts #RhostsRSAAuthentication no # similar for protocol version 2 @@ -49,6 +45,8 @@ # Change to yes if you don't trust ~/.ssh/known_hosts for # RhostsRSAAuthentication and HostbasedAuthentication #IgnoreUserKnownHosts no +# Don't read the user's ~/.rhosts and ~/.shosts files +#IgnoreRhosts yes # To disable tunneled clear text passwords, change to no here! #PasswordAuthentication yes diff --git a/usr.bin/ssh/sshd_config.5 b/usr.bin/ssh/sshd_config.5 index abf29fd62e4..900b6754644 100644 --- a/usr.bin/ssh/sshd_config.5 +++ b/usr.bin/ssh/sshd_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.21 2003/07/22 13:35:22 markus Exp $ +.\" $OpenBSD: sshd_config.5,v 1.22 2003/08/13 08:46:31 markus Exp $ .Dd September 25, 1999 .Dt SSHD_CONFIG 5 .Os @@ -260,7 +260,6 @@ Specifies that and .Pa .shosts files will not be used in -.Cm RhostsAuthentication , .Cm RhostsRSAAuthentication or .Cm HostbasedAuthentication . @@ -529,10 +528,6 @@ Specifies whether public key authentication is allowed. The default is .Dq yes . Note that this option applies to protocol version 2 only. -.It Cm RhostsAuthentication -Specifies whether authentication using rhosts or /etc/hosts.equiv -files is sufficient. -Normally, this method should not be permitted because it is insecure. .Cm RhostsRSAAuthentication should be used instead, because it performs RSA-based host authentication in addition |