diff options
| author | Damien Miller <djm@cvs.openbsd.org> | 2015-02-20 22:17:22 +0000 |
|---|---|---|
| committer | Damien Miller <djm@cvs.openbsd.org> | 2015-02-20 22:17:22 +0000 |
| commit | c9ba317251bb1d7b46346ee3ac41354b6bfa7ef6 (patch) | |
| tree | d73cd8330f5f3d2739351fc423fd5e48d513b11b | |
| parent | baa9ac356954692ecc751959de48f726abfdc38b (diff) | |
UpdateHostKeys fixes:
I accidentally changed the format of the hostkeys@openssh.com messages
last week without changing the extension name, and this has been causing
connection failures for people who are running -current. First reported
by sthen@
s/hostkeys@openssh.com/hostkeys-00@openssh.com/
Change the name of the proof message too, and reorder it a little.
Also, UpdateHostKeys=ask is incompatible with ControlPersist (no TTY
available to read the response) so disable UpdateHostKeys if it is in
ask mode and ControlPersist is active (and document this)
| -rw-r--r-- | usr.bin/ssh/PROTOCOL | 12 | ||||
| -rw-r--r-- | usr.bin/ssh/clientloop.c | 23 | ||||
| -rw-r--r-- | usr.bin/ssh/monitor.c | 8 | ||||
| -rw-r--r-- | usr.bin/ssh/serverloop.c | 10 | ||||
| -rw-r--r-- | usr.bin/ssh/ssh.c | 8 | ||||
| -rw-r--r-- | usr.bin/ssh/ssh_config.5 | 7 | ||||
| -rw-r--r-- | usr.bin/ssh/sshd.c | 4 |
7 files changed, 42 insertions, 30 deletions
diff --git a/usr.bin/ssh/PROTOCOL b/usr.bin/ssh/PROTOCOL index f9560839ec4..91bfe270d93 100644 --- a/usr.bin/ssh/PROTOCOL +++ b/usr.bin/ssh/PROTOCOL @@ -282,15 +282,15 @@ by the client cancel the forwarding of a Unix domain socket. boolean FALSE string socket path -2.5. connection: hostkey update and rotation "hostkeys@openssh.com" -and "hostkeys-prove@openssh.com" +2.5. connection: hostkey update and rotation "hostkeys-00@openssh.com" +and "hostkeys-prove-00@openssh.com" OpenSSH supports a protocol extension allowing a server to inform a client of all its protocol v.2 host keys after user-authentication has completed. byte SSH_MSG_GLOBAL_REQUEST - string "hostkeys@openssh.com" + string "hostkeys-00@openssh.com" string[] hostkeys Upon receiving this message, a client should check which of the @@ -300,15 +300,15 @@ to request the server prove ownership of the private half of the key. byte SSH_MSG_GLOBAL_REQUEST - string "hostkeys-prove@openssh.com" + string "hostkeys-prove-00@openssh.com" char 1 /* want-reply */ string[] hostkeys When a server receives this message, it should generate a signature using each requested key over the following: + string "hostkeys-prove-00@openssh.com" string session identifier - string "hostkeys-prove@openssh.com" string hostkey These signatures should be included in the reply, in the order matching @@ -453,4 +453,4 @@ respond with a SSH_FXP_STATUS message. This extension is advertised in the SSH_FXP_VERSION hello with version "1". -$OpenBSD: PROTOCOL,v 1.26 2015/02/16 22:13:32 djm Exp $ +$OpenBSD: PROTOCOL,v 1.27 2015/02/20 22:17:21 djm Exp $ diff --git a/usr.bin/ssh/clientloop.c b/usr.bin/ssh/clientloop.c index ef0ecadd5d0..644a1f2537f 100644 --- a/usr.bin/ssh/clientloop.c +++ b/usr.bin/ssh/clientloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.c,v 1.269 2015/02/16 22:13:32 djm Exp $ */ +/* $OpenBSD: clientloop.c,v 1.270 2015/02/20 22:17:21 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -2247,10 +2247,10 @@ client_global_hostkeys_private_confirm(int type, u_int32_t seq, void *_ctx) continue; /* Prepare data to be signed: session ID, unique string, key */ sshbuf_reset(signdata); - if ((r = sshbuf_put_string(signdata, ssh->kex->session_id, + if ( (r = sshbuf_put_cstring(signdata, + "hostkeys-prove-00@openssh.com")) != 0 || + (r = sshbuf_put_string(signdata, ssh->kex->session_id, ssh->kex->session_id_len)) != 0 || - (r = sshbuf_put_cstring(signdata, - "hostkeys-prove@openssh.com")) != 0 || (r = sshkey_puts(ctx->keys[i], signdata)) != 0) fatal("%s: failed to prepare signature: %s", __func__, ssh_err(r)); @@ -2282,7 +2282,7 @@ client_global_hostkeys_private_confirm(int type, u_int32_t seq, void *_ctx) } /* - * Handle hostkeys@openssh.com global request to inform the client of all + * Handle hostkeys-00@openssh.com global request to inform the client of all * the server's hostkeys. The keys are checked against the user's * HostkeyAlgorithms preference before they are accepted. */ @@ -2317,8 +2317,10 @@ client_input_hostkeys(void) __func__, ssh_err(r)); goto out; } - if ((r = sshkey_from_blob(blob, len, &key)) != 0) - fatal("%s: parse key: %s", __func__, ssh_err(r)); + if ((r = sshkey_from_blob(blob, len, &key)) != 0) { + error("%s: parse key: %s", __func__, ssh_err(r)); + goto out; + } fp = sshkey_fingerprint(key, options.fingerprint_hash, SSH_FP_DEFAULT); debug3("%s: received %s key %s", __func__, @@ -2358,9 +2360,10 @@ client_input_hostkeys(void) } if (ctx->nkeys == 0) { - error("%s: server sent no hostkeys", __func__); + debug("%s: server sent no hostkeys", __func__); goto out; } + if ((ctx->keys_seen = calloc(ctx->nkeys, sizeof(*ctx->keys_seen))) == NULL) fatal("%s: calloc failed", __func__); @@ -2400,7 +2403,7 @@ client_input_hostkeys(void) __func__, ctx->nnew); if ((r = sshpkt_start(ssh, SSH2_MSG_GLOBAL_REQUEST)) != 0 || (r = sshpkt_put_cstring(ssh, - "hostkeys-prove@openssh.com")) != 0 || + "hostkeys-prove-00@openssh.com")) != 0 || (r = sshpkt_put_u8(ssh, 1)) != 0) /* bool: want reply */ fatal("%s: cannot prepare packet: %s", __func__, ssh_err(r)); @@ -2447,7 +2450,7 @@ client_input_global_request(int type, u_int32_t seq, void *ctxt) want_reply = packet_get_char(); debug("client_input_global_request: rtype %s want_reply %d", rtype, want_reply); - if (strcmp(rtype, "hostkeys@openssh.com") == 0) + if (strcmp(rtype, "hostkeys-00@openssh.com") == 0) success = client_input_hostkeys(); if (want_reply) { packet_start(success ? diff --git a/usr.bin/ssh/monitor.c b/usr.bin/ssh/monitor.c index 13b75a62e48..e459ef90841 100644 --- a/usr.bin/ssh/monitor.c +++ b/usr.bin/ssh/monitor.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.c,v 1.144 2015/02/16 22:13:32 djm Exp $ */ +/* $OpenBSD: monitor.c,v 1.145 2015/02/20 22:17:21 djm Exp $ */ /* * Copyright 2002 Niels Provos <provos@citi.umich.edu> * Copyright 2002 Markus Friedl <markus@openbsd.org> @@ -599,7 +599,7 @@ mm_answer_sign(int sock, Buffer *m) u_char *signature; size_t datlen, siglen; int r, keyid, is_proof = 0; - const char proof_req[] = "hostkeys-prove@openssh.com"; + const char proof_req[] = "hostkeys-prove-00@openssh.com"; debug3("%s", __func__); @@ -629,9 +629,9 @@ mm_answer_sign(int sock, Buffer *m) fatal("%s: no hostkey for index %d", __func__, keyid); if ((sigbuf = sshbuf_new()) == NULL) fatal("%s: sshbuf_new", __func__); - if ((r = sshbuf_put_string(sigbuf, session_id2, + if ((r = sshbuf_put_cstring(sigbuf, proof_req)) != 0 || + (r = sshbuf_put_string(sigbuf, session_id2, session_id2_len) != 0) || - (r = sshbuf_put_cstring(sigbuf, proof_req)) != 0 || (r = sshkey_puts(key, sigbuf)) != 0) fatal("%s: couldn't prepare private key " "proof buffer: %s", __func__, ssh_err(r)); diff --git a/usr.bin/ssh/serverloop.c b/usr.bin/ssh/serverloop.c index 6b09fbde2f5..e2f60bc6255 100644 --- a/usr.bin/ssh/serverloop.c +++ b/usr.bin/ssh/serverloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: serverloop.c,v 1.177 2015/02/16 22:13:32 djm Exp $ */ +/* $OpenBSD: serverloop.c,v 1.178 2015/02/20 22:17:21 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -1158,10 +1158,10 @@ server_input_hostkeys_prove(struct sshbuf **respp) sshbuf_reset(sigbuf); free(sig); sig = NULL; - if ((r = sshbuf_put_string(sigbuf, + if ((r = sshbuf_put_cstring(sigbuf, + "hostkeys-prove-00@openssh.com")) != 0 || + (r = sshbuf_put_string(sigbuf, ssh->kex->session_id, ssh->kex->session_id_len)) != 0 || - (r = sshbuf_put_cstring(sigbuf, - "hostkeys-prove@openssh.com")) != 0 || (r = sshkey_puts(key, sigbuf)) != 0 || (r = ssh->kex->sign(key_prv, key_pub, &sig, &slen, sshbuf_ptr(sigbuf), sshbuf_len(sigbuf), 0)) != 0 || @@ -1270,7 +1270,7 @@ server_input_global_request(int type, u_int32_t seq, void *ctxt) } else if (strcmp(rtype, "no-more-sessions@openssh.com") == 0) { no_more_sessions = 1; success = 1; - } else if (strcmp(rtype, "hostkeys-prove@openssh.com") == 0) { + } else if (strcmp(rtype, "hostkeys-prove-00@openssh.com") == 0) { success = server_input_hostkeys_prove(&resp); } if (want_reply) { diff --git a/usr.bin/ssh/ssh.c b/usr.bin/ssh/ssh.c index 108efd4bfa7..536f104d1a8 100644 --- a/usr.bin/ssh/ssh.c +++ b/usr.bin/ssh/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.414 2015/01/20 23:14:00 deraadt Exp $ */ +/* $OpenBSD: ssh.c,v 1.415 2015/02/20 22:17:21 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -1042,6 +1042,12 @@ main(int ac, char **av) strcmp(options.proxy_command, "-") == 0 && options.proxy_use_fdpass) fatal("ProxyCommand=- and ProxyUseFDPass are incompatible"); + if (options.control_persist && + options.update_hostkeys == SSH_UPDATE_HOSTKEYS_ASK) { + debug("UpdateHostKeys=ask is incompatible with ControlPersist; " + "disabling"); + options.update_hostkeys = 0; + } if (original_effective_uid != 0) options.use_privileged_port = 0; diff --git a/usr.bin/ssh/ssh_config.5 b/usr.bin/ssh/ssh_config.5 index fa59c518e87..140d0ba9815 100644 --- a/usr.bin/ssh/ssh_config.5 +++ b/usr.bin/ssh/ssh_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.204 2015/02/16 22:13:32 djm Exp $ -.Dd $Mdocdate: February 16 2015 $ +.\" $OpenBSD: ssh_config.5,v 1.205 2015/02/20 22:17:21 djm Exp $ +.Dd $Mdocdate: February 20 2015 $ .Dt SSH_CONFIG 5 .Os .Sh NAME @@ -1524,6 +1524,9 @@ If is set to .Dq ask , then the user is asked to confirm the modifications to the known_hosts file. +Confirmation is currently incompatible with +.Cm ControlPersist , +and will be disabled if it is enabled. .Pp Presently, only .Xr sshd 8 diff --git a/usr.bin/ssh/sshd.c b/usr.bin/ssh/sshd.c index 73621167d38..a7a183a6e93 100644 --- a/usr.bin/ssh/sshd.c +++ b/usr.bin/ssh/sshd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.443 2015/02/16 22:30:03 djm Exp $ */ +/* $OpenBSD: sshd.c,v 1.444 2015/02/20 22:17:21 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -905,7 +905,7 @@ notify_hostkeys(struct ssh *ssh) free(fp); if (nkeys == 0) { packet_start(SSH2_MSG_GLOBAL_REQUEST); - packet_put_cstring("hostkeys@openssh.com"); + packet_put_cstring("hostkeys-00@openssh.com"); packet_put_char(0); /* want-reply */ } sshbuf_reset(buf); |