diff options
author | Damien Miller <djm@cvs.openbsd.org> | 2022-11-28 01:37:37 +0000 |
---|---|---|
committer | Damien Miller <djm@cvs.openbsd.org> | 2022-11-28 01:37:37 +0000 |
commit | 4225e0f8d8454dfc323072768024be4c765f88ee (patch) | |
tree | 47596d85c88410a3720d7883a3bb19dd96e072b7 | |
parent | b57ff6540bca63a465dbf4b757bd22c5f1cebf23 (diff) |
New EnableEscapeCommandline ssh_config(5) option
This option (default "no") controls whether the ~C escape is available.
Turning it off by default means we will soon be able to use a stricter
default pledge(2) in the client.
feedback deraadt@ dtucker@; tested in snaps for a while
-rw-r--r-- | usr.bin/ssh/clientloop.c | 14 | ||||
-rw-r--r-- | usr.bin/ssh/readconf.c | 12 | ||||
-rw-r--r-- | usr.bin/ssh/readconf.h | 3 | ||||
-rw-r--r-- | usr.bin/ssh/ssh.1 | 5 | ||||
-rw-r--r-- | usr.bin/ssh/ssh_config.5 | 10 |
5 files changed, 35 insertions, 9 deletions
diff --git a/usr.bin/ssh/clientloop.c b/usr.bin/ssh/clientloop.c index 1c2da07f909..d17e3aa1c73 100644 --- a/usr.bin/ssh/clientloop.c +++ b/usr.bin/ssh/clientloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.c,v 1.382 2022/11/10 23:03:10 dtucker Exp $ */ +/* $OpenBSD: clientloop.c,v 1.383 2022/11/28 01:37:36 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -878,6 +878,7 @@ out: #define SUPPRESS_MUXCLIENT 1 /* don't show in mux client sessions */ #define SUPPRESS_MUXMASTER 2 /* don't show in mux master sessions */ #define SUPPRESS_SYSLOG 4 /* don't show when logging to syslog */ +#define SUPPRESS_NOCMDLINE 8 /* don't show when cmdline disabled*/ struct escape_help_text { const char *cmd; const char *text; @@ -888,7 +889,7 @@ static struct escape_help_text esc_txt[] = { {".", "terminate connection (and any multiplexed sessions)", SUPPRESS_MUXCLIENT}, {"B", "send a BREAK to the remote system", SUPPRESS_NEVER}, - {"C", "open a command line", SUPPRESS_MUXCLIENT}, + {"C", "open a command line", SUPPRESS_MUXCLIENT|SUPPRESS_NOCMDLINE}, {"R", "request rekey", SUPPRESS_NEVER}, {"V/v", "decrease/increase verbosity (LogLevel)", SUPPRESS_MUXCLIENT}, {"^Z", "suspend ssh", SUPPRESS_MUXCLIENT}, @@ -912,7 +913,8 @@ print_escape_help(struct sshbuf *b, int escape_char, int mux_client, suppress_flags = (mux_client ? SUPPRESS_MUXCLIENT : 0) | (mux_client ? 0 : SUPPRESS_MUXMASTER) | - (using_stderr ? 0 : SUPPRESS_SYSLOG); + (using_stderr ? 0 : SUPPRESS_SYSLOG) | + (options.enable_escape_commandline == 0 ? SUPPRESS_NOCMDLINE : 0); for (i = 0; i < sizeof(esc_txt)/sizeof(esc_txt[0]); i++) { if (esc_txt[i].flags & suppress_flags) @@ -1106,6 +1108,12 @@ process_escapes(struct ssh *ssh, Channel *c, case 'C': if (c && c->ctl_chan != -1) goto noescape; + if (options.enable_escape_commandline == 0) { + if ((r = sshbuf_putf(berr, + "commandline disabled\r\n")) != 0) + fatal_fr(r, "sshbuf_putf"); + continue; + } process_cmdline(ssh); continue; diff --git a/usr.bin/ssh/readconf.c b/usr.bin/ssh/readconf.c index ffca590a05c..6e3f697ba82 100644 --- a/usr.bin/ssh/readconf.c +++ b/usr.bin/ssh/readconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.c,v 1.369 2022/09/17 10:33:18 djm Exp $ */ +/* $OpenBSD: readconf.c,v 1.370 2022/11/28 01:37:36 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -161,6 +161,7 @@ typedef enum { oFingerprintHash, oUpdateHostkeys, oHostbasedAcceptedAlgorithms, oPubkeyAcceptedAlgorithms, oCASignatureAlgorithms, oProxyJump, oSecurityKeyProvider, oKnownHostsCommand, oRequiredRSASize, + oEnableEscapeCommandline, oIgnore, oIgnoredUnknownOption, oDeprecated, oUnsupported } OpCodes; @@ -307,6 +308,7 @@ static struct { { "securitykeyprovider", oSecurityKeyProvider }, { "knownhostscommand", oKnownHostsCommand }, { "requiredrsasize", oRequiredRSASize }, + { "enableescapecommandline", oEnableEscapeCommandline }, { NULL, oBadOption } }; @@ -2163,6 +2165,10 @@ parse_pubkey_algos: *charptr = xstrdup(arg); break; + case oEnableEscapeCommandline: + intptr = &options->enable_escape_commandline; + goto parse_flag; + case oRequiredRSASize: intptr = &options->required_rsa_size; goto parse_int; @@ -2415,6 +2421,7 @@ initialize_options(Options * options) options->pubkey_accepted_algos = NULL; options->known_hosts_command = NULL; options->required_rsa_size = -1; + options->enable_escape_commandline = -1; } /* @@ -2606,6 +2613,8 @@ fill_default_options(Options * options) options->sk_provider = xstrdup("internal"); if (options->required_rsa_size == -1) options->required_rsa_size = SSH_RSA_MINIMUM_MODULUS_SIZE; + if (options->enable_escape_commandline == -1) + options->enable_escape_commandline = 0; /* Expand KEX name lists */ all_cipher = cipher_alg_list(',', 0); @@ -3287,6 +3296,7 @@ dump_client_config(Options *o, const char *host) dump_cfg_fmtint(oVerifyHostKeyDNS, o->verify_host_key_dns); dump_cfg_fmtint(oVisualHostKey, o->visual_host_key); dump_cfg_fmtint(oUpdateHostkeys, o->update_hostkeys); + dump_cfg_fmtint(oEnableEscapeCommandline, o->enable_escape_commandline); /* Integer options */ dump_cfg_int(oCanonicalizeMaxDots, o->canonicalize_max_dots); diff --git a/usr.bin/ssh/readconf.h b/usr.bin/ssh/readconf.h index ffb5ec4f226..5c19a12066c 100644 --- a/usr.bin/ssh/readconf.h +++ b/usr.bin/ssh/readconf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.h,v 1.148 2022/09/17 10:33:18 djm Exp $ */ +/* $OpenBSD: readconf.h,v 1.149 2022/11/28 01:37:36 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -177,6 +177,7 @@ typedef struct { char *known_hosts_command; int required_rsa_size; /* minimum size of RSA keys */ + int enable_escape_commandline; /* ~C commandline */ char *ignored_unknown; /* Pattern list of unknown tokens to ignore */ } Options; diff --git a/usr.bin/ssh/ssh.1 b/usr.bin/ssh/ssh.1 index e255b9b9d2e..a3d1ba16399 100644 --- a/usr.bin/ssh/ssh.1 +++ b/usr.bin/ssh/ssh.1 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.432 2022/09/17 10:33:18 djm Exp $ -.Dd $Mdocdate: September 17 2022 $ +.\" $OpenBSD: ssh.1,v 1.433 2022/11/28 01:37:36 djm Exp $ +.Dd $Mdocdate: November 28 2022 $ .Dt SSH 1 .Os .Sh NAME @@ -522,6 +522,7 @@ For full details of the options listed below, and their possible values, see .It ControlPath .It ControlPersist .It DynamicForward +.It EnableEscapeCommandline .It EscapeChar .It ExitOnForwardFailure .It FingerprintHash diff --git a/usr.bin/ssh/ssh_config.5 b/usr.bin/ssh/ssh_config.5 index e6973b88f31..33dea78cec4 100644 --- a/usr.bin/ssh/ssh_config.5 +++ b/usr.bin/ssh/ssh_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.375 2022/11/07 10:09:28 dtucker Exp $ -.Dd $Mdocdate: November 7 2022 $ +.\" $OpenBSD: ssh_config.5,v 1.376 2022/11/28 01:37:36 djm Exp $ +.Dd $Mdocdate: November 28 2022 $ .Dt SSH_CONFIG 5 .Os .Sh NAME @@ -643,6 +643,12 @@ will act as a SOCKS server. Multiple forwardings may be specified, and additional forwardings can be given on the command line. Only the superuser can forward privileged ports. +.It Cm EnableEscapeCommandline +Enables the command line option in the +.Cm EscapeChar +menu for interactive sessions (default +.Ql ~C ) . +By default, the command line is disabled. .It Cm EnableSSHKeysign Setting this option to .Cm yes |