fix old connect() race security-bug for ssh-agent and agent-forwarding

by removing the connect() junk, with the following restrictions:
1) change the version to "OpenSSH-1.1":
   agent-forwarding will work only between OpenSSH-1.1 client and
   OpenSSH-1.1 server
2) renamed the environment variable of OpenSSH-1.1 to
   "SSH_AUTH_SOCKET", since useing OpenSSH-1.0 ssh-add against the new
   ssh-agent does not work

1 files changed, 8 insertions, 1 deletions

diff --git a/usr.bin/ssh/sshd.c b/usr.bin/ssh/sshd.c
index 74744bce259..604fd9c0098 100644
--- a/usr.bin/ssh/sshd.c
+++ b/usr.bin/ssh/sshd.c
@@ -18,7 +18,7 @@ agent connections.
 */
 
 #include "includes.h"
-RCSID("$Id: sshd.c,v 1.30 1999/10/12 18:11:55 markus Exp $");
+RCSID("$Id: sshd.c,v 1.31 1999/10/14 18:17:42 markus Exp $");
 
 #include "xmalloc.h"
 #include "rsa.h"
@@ -713,6 +713,13 @@ main(int ac, char **av)
   if (remote_major == 1 && remote_minor == 0)
     packet_disconnect("Your ssh version is too old and is no longer supported.  Please install a newer version.");
 
+  if (strcmp(remote_version, SSH_VERSION) != 0)
+    {
+      debug("Agent forwarding disabled, remote version is not '%s'.",
+	    SSH_VERSION);
+      no_agent_forwarding_flag = 1;
+    }
+
   /* Check whether logins are permitted from this host. */
   if (options.num_allow_hosts > 0)
     {