diff options
-rw-r--r-- | usr.bin/ssh/readconf.c | 13 | ||||
-rw-r--r-- | usr.bin/ssh/readconf.h | 3 | ||||
-rw-r--r-- | usr.bin/ssh/ssh.1 | 26 | ||||
-rw-r--r-- | usr.bin/ssh/ssh.c | 16 |
4 files changed, 51 insertions, 7 deletions
diff --git a/usr.bin/ssh/readconf.c b/usr.bin/ssh/readconf.c index 872794177dc..95886623098 100644 --- a/usr.bin/ssh/readconf.c +++ b/usr.bin/ssh/readconf.c @@ -14,7 +14,7 @@ Functions for reading the configuration files. */ #include "includes.h" -RCSID("$Id: readconf.c,v 1.10 1999/10/06 20:07:42 dugsong Exp $"); +RCSID("$Id: readconf.c,v 1.11 1999/10/12 21:04:21 markus Exp $"); #include "ssh.h" #include "cipher.h" @@ -100,7 +100,8 @@ typedef enum oUser, oHost, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand, oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts, oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression, - oCompressionLevel, oKeepAlives, oNumberOfPasswordPrompts, oTISAuthentication + oCompressionLevel, oKeepAlives, oNumberOfPasswordPrompts, oTISAuthentication, + oUsePrivilegedPort } OpCodes; /* Textual representations of the tokens. */ @@ -114,6 +115,7 @@ static struct { "forwardagent", oForwardAgent }, { "forwardx11", oForwardX11 }, { "gatewayports", oGatewayPorts }, + { "useprivilegedports", oUsePrivilegedPort }, { "rhostsauthentication", oRhostsAuthentication }, { "passwordauthentication", oPasswordAuthentication }, { "rsaauthentication", oRSAAuthentication }, @@ -262,6 +264,10 @@ void process_config_line(Options *options, const char *host, intptr = &options->gateway_ports; goto parse_flag; + case oUsePrivilegedPort: + intptr = &options->use_privileged_port; + goto parse_flag; + case oRhostsAuthentication: intptr = &options->rhosts_authentication; goto parse_flag; @@ -568,6 +574,7 @@ void initialize_options(Options *options) options->forward_agent = -1; options->forward_x11 = -1; options->gateway_ports = -1; + options->use_privileged_port = -1; options->rhosts_authentication = -1; options->rsa_authentication = -1; #ifdef KRB4 @@ -613,6 +620,8 @@ void fill_default_options(Options *options) options->forward_x11 = 1; if (options->gateway_ports == -1) options->gateway_ports = 0; + if (options->use_privileged_port == -1) + options->use_privileged_port = 1; if (options->rhosts_authentication == -1) options->rhosts_authentication = 1; if (options->rsa_authentication == -1) diff --git a/usr.bin/ssh/readconf.h b/usr.bin/ssh/readconf.h index b70195dea19..dceb0406800 100644 --- a/usr.bin/ssh/readconf.h +++ b/usr.bin/ssh/readconf.h @@ -13,7 +13,7 @@ Functions for reading the configuration file. */ -/* RCSID("$Id: readconf.h,v 1.6 1999/10/06 20:07:42 dugsong Exp $"); */ +/* RCSID("$Id: readconf.h,v 1.7 1999/10/12 21:04:22 markus Exp $"); */ #ifndef READCONF_H #define READCONF_H @@ -34,6 +34,7 @@ typedef struct int forward_agent; /* Forward authentication agent. */ int forward_x11; /* Forward X11 display. */ int gateway_ports; /* Allow remote connects to forwarded ports. */ + int use_privileged_port; /* Don't use privileged port if false. */ int rhosts_authentication; /* Try rhosts authentication. */ int rhosts_rsa_authentication;/* Try rhosts with RSA authentication. */ int rsa_authentication; /* Try RSA authentication. */ diff --git a/usr.bin/ssh/ssh.1 b/usr.bin/ssh/ssh.1 index 9b00433a3c8..35df1040a50 100644 --- a/usr.bin/ssh/ssh.1 +++ b/usr.bin/ssh/ssh.1 @@ -9,7 +9,7 @@ .\" .\" Created: Sat Apr 22 21:55:14 1995 ylo .\" -.\" $Id: ssh.1,v 1.15 1999/10/11 20:40:08 markus Exp $ +.\" $Id: ssh.1,v 1.16 1999/10/12 21:04:22 markus Exp $ .\" .Dd September 25, 1999 .Dt SSH 1 @@ -24,7 +24,7 @@ .Op Ar command .Pp .Nm ssh -.Op Fl agknqtvxXC +.Op Fl agknqtvxCPX .Op Fl c Ar blowfish | 3des .Op Fl e Ar escape_char .Op Fl i Ar identity_file @@ -345,6 +345,14 @@ configuration file. .It Fl p Ar port Port to connect to on the remote host. This can be specified on a per-host basis in the configuration file. +.It Fl P +Use a non-privileged port for outgoing connections. +This can be used if your firewall does +not permit connections from privileged ports. +Note that this option turns of +.Cm RhostsAuthentication +and +.Cm RhostsRSAAuthentication . .It Fl q Quiet mode. Causes all warning and diagnostic messages to be suppressed. Only fatal errors are displayed. @@ -678,6 +686,20 @@ having to remember to give the user name on the command line. .It Cm UserKnownHostsFile Specifies a file to use instead of .Pa $HOME/.ssh/known_hosts . +.It Cm UsePrivilegedPort +Specifies whether to use a privileged port for outgoing connections. +The argument must be +.Dq yes +or +.Dq no . +The default is +.Dq yes . +Note that setting this option to +.Dq no +turns of +.Cm RhostsAuthentication +and +.Cm RhostsRSAAuthentication . .It Cm UseRsh Specifies that rlogin/rsh should be used for this host. It is possible that the host does not at all support the diff --git a/usr.bin/ssh/ssh.c b/usr.bin/ssh/ssh.c index bf9dc850276..9fce3199b8b 100644 --- a/usr.bin/ssh/ssh.c +++ b/usr.bin/ssh/ssh.c @@ -18,7 +18,7 @@ Modified to work with SSL by Niels Provos <provos@citi.umich.edu> in Canada. */ #include "includes.h" -RCSID("$Id: ssh.c,v 1.22 1999/10/03 21:50:04 provos Exp $"); +RCSID("$Id: ssh.c,v 1.23 1999/10/12 21:04:22 markus Exp $"); #include "xmalloc.h" #include "ssh.h" @@ -97,6 +97,7 @@ usage() fprintf(stderr, " -t Tty; allocate a tty even if command is given.\n"); fprintf(stderr, " -v Verbose; display verbose debugging messages.\n"); fprintf(stderr, " -V Display version number only.\n"); + fprintf(stderr, " -P Don't allocate a privileged port.\n"); fprintf(stderr, " -q Quiet; don't display any warning messages.\n"); fprintf(stderr, " -f Fork into background after authentication.\n"); fprintf(stderr, " -e char Set escape character; ``none'' = disable (default: ~).\n"); @@ -274,6 +275,10 @@ main(int ac, char **av) options.gateway_ports = 1; break; + case 'P': + options.use_privileged_port = 0; + break; + case 'a': options.forward_agent = 0; break; @@ -522,7 +527,14 @@ main(int ac, char **av) restore_uid(); /* Open a connection to the remote host. This needs root privileges if - rhosts_authentication is true. */ + rhosts_{rsa_}authentication is true. */ + + if (!options.use_privileged_port) + { + options.rhosts_authentication = 0; + options.rhosts_rsa_authentication = 0; + } + ok = ssh_connect(host, &hostaddr, options.port, options.connection_attempts, !options.rhosts_authentication && !options.rhosts_rsa_authentication, |