summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDamien Miller <djm@cvs.openbsd.org>2022-11-28 01:37:37 +0000
committerDamien Miller <djm@cvs.openbsd.org>2022-11-28 01:37:37 +0000
commit4225e0f8d8454dfc323072768024be4c765f88ee (patch)
tree47596d85c88410a3720d7883a3bb19dd96e072b7
parentb57ff6540bca63a465dbf4b757bd22c5f1cebf23 (diff)
New EnableEscapeCommandline ssh_config(5) option
This option (default "no") controls whether the ~C escape is available. Turning it off by default means we will soon be able to use a stricter default pledge(2) in the client. feedback deraadt@ dtucker@; tested in snaps for a while
-rw-r--r--usr.bin/ssh/clientloop.c14
-rw-r--r--usr.bin/ssh/readconf.c12
-rw-r--r--usr.bin/ssh/readconf.h3
-rw-r--r--usr.bin/ssh/ssh.15
-rw-r--r--usr.bin/ssh/ssh_config.510
5 files changed, 35 insertions, 9 deletions
diff --git a/usr.bin/ssh/clientloop.c b/usr.bin/ssh/clientloop.c
index 1c2da07f909..d17e3aa1c73 100644
--- a/usr.bin/ssh/clientloop.c
+++ b/usr.bin/ssh/clientloop.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: clientloop.c,v 1.382 2022/11/10 23:03:10 dtucker Exp $ */
+/* $OpenBSD: clientloop.c,v 1.383 2022/11/28 01:37:36 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -878,6 +878,7 @@ out:
#define SUPPRESS_MUXCLIENT 1 /* don't show in mux client sessions */
#define SUPPRESS_MUXMASTER 2 /* don't show in mux master sessions */
#define SUPPRESS_SYSLOG 4 /* don't show when logging to syslog */
+#define SUPPRESS_NOCMDLINE 8 /* don't show when cmdline disabled*/
struct escape_help_text {
const char *cmd;
const char *text;
@@ -888,7 +889,7 @@ static struct escape_help_text esc_txt[] = {
{".", "terminate connection (and any multiplexed sessions)",
SUPPRESS_MUXCLIENT},
{"B", "send a BREAK to the remote system", SUPPRESS_NEVER},
- {"C", "open a command line", SUPPRESS_MUXCLIENT},
+ {"C", "open a command line", SUPPRESS_MUXCLIENT|SUPPRESS_NOCMDLINE},
{"R", "request rekey", SUPPRESS_NEVER},
{"V/v", "decrease/increase verbosity (LogLevel)", SUPPRESS_MUXCLIENT},
{"^Z", "suspend ssh", SUPPRESS_MUXCLIENT},
@@ -912,7 +913,8 @@ print_escape_help(struct sshbuf *b, int escape_char, int mux_client,
suppress_flags =
(mux_client ? SUPPRESS_MUXCLIENT : 0) |
(mux_client ? 0 : SUPPRESS_MUXMASTER) |
- (using_stderr ? 0 : SUPPRESS_SYSLOG);
+ (using_stderr ? 0 : SUPPRESS_SYSLOG) |
+ (options.enable_escape_commandline == 0 ? SUPPRESS_NOCMDLINE : 0);
for (i = 0; i < sizeof(esc_txt)/sizeof(esc_txt[0]); i++) {
if (esc_txt[i].flags & suppress_flags)
@@ -1106,6 +1108,12 @@ process_escapes(struct ssh *ssh, Channel *c,
case 'C':
if (c && c->ctl_chan != -1)
goto noescape;
+ if (options.enable_escape_commandline == 0) {
+ if ((r = sshbuf_putf(berr,
+ "commandline disabled\r\n")) != 0)
+ fatal_fr(r, "sshbuf_putf");
+ continue;
+ }
process_cmdline(ssh);
continue;
diff --git a/usr.bin/ssh/readconf.c b/usr.bin/ssh/readconf.c
index ffca590a05c..6e3f697ba82 100644
--- a/usr.bin/ssh/readconf.c
+++ b/usr.bin/ssh/readconf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.c,v 1.369 2022/09/17 10:33:18 djm Exp $ */
+/* $OpenBSD: readconf.c,v 1.370 2022/11/28 01:37:36 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -161,6 +161,7 @@ typedef enum {
oFingerprintHash, oUpdateHostkeys, oHostbasedAcceptedAlgorithms,
oPubkeyAcceptedAlgorithms, oCASignatureAlgorithms, oProxyJump,
oSecurityKeyProvider, oKnownHostsCommand, oRequiredRSASize,
+ oEnableEscapeCommandline,
oIgnore, oIgnoredUnknownOption, oDeprecated, oUnsupported
} OpCodes;
@@ -307,6 +308,7 @@ static struct {
{ "securitykeyprovider", oSecurityKeyProvider },
{ "knownhostscommand", oKnownHostsCommand },
{ "requiredrsasize", oRequiredRSASize },
+ { "enableescapecommandline", oEnableEscapeCommandline },
{ NULL, oBadOption }
};
@@ -2163,6 +2165,10 @@ parse_pubkey_algos:
*charptr = xstrdup(arg);
break;
+ case oEnableEscapeCommandline:
+ intptr = &options->enable_escape_commandline;
+ goto parse_flag;
+
case oRequiredRSASize:
intptr = &options->required_rsa_size;
goto parse_int;
@@ -2415,6 +2421,7 @@ initialize_options(Options * options)
options->pubkey_accepted_algos = NULL;
options->known_hosts_command = NULL;
options->required_rsa_size = -1;
+ options->enable_escape_commandline = -1;
}
/*
@@ -2606,6 +2613,8 @@ fill_default_options(Options * options)
options->sk_provider = xstrdup("internal");
if (options->required_rsa_size == -1)
options->required_rsa_size = SSH_RSA_MINIMUM_MODULUS_SIZE;
+ if (options->enable_escape_commandline == -1)
+ options->enable_escape_commandline = 0;
/* Expand KEX name lists */
all_cipher = cipher_alg_list(',', 0);
@@ -3287,6 +3296,7 @@ dump_client_config(Options *o, const char *host)
dump_cfg_fmtint(oVerifyHostKeyDNS, o->verify_host_key_dns);
dump_cfg_fmtint(oVisualHostKey, o->visual_host_key);
dump_cfg_fmtint(oUpdateHostkeys, o->update_hostkeys);
+ dump_cfg_fmtint(oEnableEscapeCommandline, o->enable_escape_commandline);
/* Integer options */
dump_cfg_int(oCanonicalizeMaxDots, o->canonicalize_max_dots);
diff --git a/usr.bin/ssh/readconf.h b/usr.bin/ssh/readconf.h
index ffb5ec4f226..5c19a12066c 100644
--- a/usr.bin/ssh/readconf.h
+++ b/usr.bin/ssh/readconf.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.h,v 1.148 2022/09/17 10:33:18 djm Exp $ */
+/* $OpenBSD: readconf.h,v 1.149 2022/11/28 01:37:36 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -177,6 +177,7 @@ typedef struct {
char *known_hosts_command;
int required_rsa_size; /* minimum size of RSA keys */
+ int enable_escape_commandline; /* ~C commandline */
char *ignored_unknown; /* Pattern list of unknown tokens to ignore */
} Options;
diff --git a/usr.bin/ssh/ssh.1 b/usr.bin/ssh/ssh.1
index e255b9b9d2e..a3d1ba16399 100644
--- a/usr.bin/ssh/ssh.1
+++ b/usr.bin/ssh/ssh.1
@@ -33,8 +33,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: ssh.1,v 1.432 2022/09/17 10:33:18 djm Exp $
-.Dd $Mdocdate: September 17 2022 $
+.\" $OpenBSD: ssh.1,v 1.433 2022/11/28 01:37:36 djm Exp $
+.Dd $Mdocdate: November 28 2022 $
.Dt SSH 1
.Os
.Sh NAME
@@ -522,6 +522,7 @@ For full details of the options listed below, and their possible values, see
.It ControlPath
.It ControlPersist
.It DynamicForward
+.It EnableEscapeCommandline
.It EscapeChar
.It ExitOnForwardFailure
.It FingerprintHash
diff --git a/usr.bin/ssh/ssh_config.5 b/usr.bin/ssh/ssh_config.5
index e6973b88f31..33dea78cec4 100644
--- a/usr.bin/ssh/ssh_config.5
+++ b/usr.bin/ssh/ssh_config.5
@@ -33,8 +33,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: ssh_config.5,v 1.375 2022/11/07 10:09:28 dtucker Exp $
-.Dd $Mdocdate: November 7 2022 $
+.\" $OpenBSD: ssh_config.5,v 1.376 2022/11/28 01:37:36 djm Exp $
+.Dd $Mdocdate: November 28 2022 $
.Dt SSH_CONFIG 5
.Os
.Sh NAME
@@ -643,6 +643,12 @@ will act as a SOCKS server.
Multiple forwardings may be specified, and
additional forwardings can be given on the command line.
Only the superuser can forward privileged ports.
+.It Cm EnableEscapeCommandline
+Enables the command line option in the
+.Cm EscapeChar
+menu for interactive sessions (default
+.Ql ~C ) .
+By default, the command line is disabled.
.It Cm EnableSSHKeysign
Setting this option to
.Cm yes