summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--usr.bin/ssh/readconf.c13
-rw-r--r--usr.bin/ssh/readconf.h3
-rw-r--r--usr.bin/ssh/ssh.126
-rw-r--r--usr.bin/ssh/ssh.c16
4 files changed, 51 insertions, 7 deletions
diff --git a/usr.bin/ssh/readconf.c b/usr.bin/ssh/readconf.c
index 872794177dc..95886623098 100644
--- a/usr.bin/ssh/readconf.c
+++ b/usr.bin/ssh/readconf.c
@@ -14,7 +14,7 @@ Functions for reading the configuration files.
*/
#include "includes.h"
-RCSID("$Id: readconf.c,v 1.10 1999/10/06 20:07:42 dugsong Exp $");
+RCSID("$Id: readconf.c,v 1.11 1999/10/12 21:04:21 markus Exp $");
#include "ssh.h"
#include "cipher.h"
@@ -100,7 +100,8 @@ typedef enum
oUser, oHost, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand,
oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts,
oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression,
- oCompressionLevel, oKeepAlives, oNumberOfPasswordPrompts, oTISAuthentication
+ oCompressionLevel, oKeepAlives, oNumberOfPasswordPrompts, oTISAuthentication,
+ oUsePrivilegedPort
} OpCodes;
/* Textual representations of the tokens. */
@@ -114,6 +115,7 @@ static struct
{ "forwardagent", oForwardAgent },
{ "forwardx11", oForwardX11 },
{ "gatewayports", oGatewayPorts },
+ { "useprivilegedports", oUsePrivilegedPort },
{ "rhostsauthentication", oRhostsAuthentication },
{ "passwordauthentication", oPasswordAuthentication },
{ "rsaauthentication", oRSAAuthentication },
@@ -262,6 +264,10 @@ void process_config_line(Options *options, const char *host,
intptr = &options->gateway_ports;
goto parse_flag;
+ case oUsePrivilegedPort:
+ intptr = &options->use_privileged_port;
+ goto parse_flag;
+
case oRhostsAuthentication:
intptr = &options->rhosts_authentication;
goto parse_flag;
@@ -568,6 +574,7 @@ void initialize_options(Options *options)
options->forward_agent = -1;
options->forward_x11 = -1;
options->gateway_ports = -1;
+ options->use_privileged_port = -1;
options->rhosts_authentication = -1;
options->rsa_authentication = -1;
#ifdef KRB4
@@ -613,6 +620,8 @@ void fill_default_options(Options *options)
options->forward_x11 = 1;
if (options->gateway_ports == -1)
options->gateway_ports = 0;
+ if (options->use_privileged_port == -1)
+ options->use_privileged_port = 1;
if (options->rhosts_authentication == -1)
options->rhosts_authentication = 1;
if (options->rsa_authentication == -1)
diff --git a/usr.bin/ssh/readconf.h b/usr.bin/ssh/readconf.h
index b70195dea19..dceb0406800 100644
--- a/usr.bin/ssh/readconf.h
+++ b/usr.bin/ssh/readconf.h
@@ -13,7 +13,7 @@ Functions for reading the configuration file.
*/
-/* RCSID("$Id: readconf.h,v 1.6 1999/10/06 20:07:42 dugsong Exp $"); */
+/* RCSID("$Id: readconf.h,v 1.7 1999/10/12 21:04:22 markus Exp $"); */
#ifndef READCONF_H
#define READCONF_H
@@ -34,6 +34,7 @@ typedef struct
int forward_agent; /* Forward authentication agent. */
int forward_x11; /* Forward X11 display. */
int gateway_ports; /* Allow remote connects to forwarded ports. */
+ int use_privileged_port; /* Don't use privileged port if false. */
int rhosts_authentication; /* Try rhosts authentication. */
int rhosts_rsa_authentication;/* Try rhosts with RSA authentication. */
int rsa_authentication; /* Try RSA authentication. */
diff --git a/usr.bin/ssh/ssh.1 b/usr.bin/ssh/ssh.1
index 9b00433a3c8..35df1040a50 100644
--- a/usr.bin/ssh/ssh.1
+++ b/usr.bin/ssh/ssh.1
@@ -9,7 +9,7 @@
.\"
.\" Created: Sat Apr 22 21:55:14 1995 ylo
.\"
-.\" $Id: ssh.1,v 1.15 1999/10/11 20:40:08 markus Exp $
+.\" $Id: ssh.1,v 1.16 1999/10/12 21:04:22 markus Exp $
.\"
.Dd September 25, 1999
.Dt SSH 1
@@ -24,7 +24,7 @@
.Op Ar command
.Pp
.Nm ssh
-.Op Fl agknqtvxXC
+.Op Fl agknqtvxCPX
.Op Fl c Ar blowfish | 3des
.Op Fl e Ar escape_char
.Op Fl i Ar identity_file
@@ -345,6 +345,14 @@ configuration file.
.It Fl p Ar port
Port to connect to on the remote host. This can be specified on a
per-host basis in the configuration file.
+.It Fl P
+Use a non-privileged port for outgoing connections.
+This can be used if your firewall does
+not permit connections from privileged ports.
+Note that this option turns of
+.Cm RhostsAuthentication
+and
+.Cm RhostsRSAAuthentication .
.It Fl q
Quiet mode. Causes all warning and diagnostic messages to be
suppressed. Only fatal errors are displayed.
@@ -678,6 +686,20 @@ having to remember to give the user name on the command line.
.It Cm UserKnownHostsFile
Specifies a file to use instead of
.Pa $HOME/.ssh/known_hosts .
+.It Cm UsePrivilegedPort
+Specifies whether to use a privileged port for outgoing connections.
+The argument must be
+.Dq yes
+or
+.Dq no .
+The default is
+.Dq yes .
+Note that setting this option to
+.Dq no
+turns of
+.Cm RhostsAuthentication
+and
+.Cm RhostsRSAAuthentication .
.It Cm UseRsh
Specifies that rlogin/rsh should be used for this host. It is
possible that the host does not at all support the
diff --git a/usr.bin/ssh/ssh.c b/usr.bin/ssh/ssh.c
index bf9dc850276..9fce3199b8b 100644
--- a/usr.bin/ssh/ssh.c
+++ b/usr.bin/ssh/ssh.c
@@ -18,7 +18,7 @@ Modified to work with SSL by Niels Provos <provos@citi.umich.edu> in Canada.
*/
#include "includes.h"
-RCSID("$Id: ssh.c,v 1.22 1999/10/03 21:50:04 provos Exp $");
+RCSID("$Id: ssh.c,v 1.23 1999/10/12 21:04:22 markus Exp $");
#include "xmalloc.h"
#include "ssh.h"
@@ -97,6 +97,7 @@ usage()
fprintf(stderr, " -t Tty; allocate a tty even if command is given.\n");
fprintf(stderr, " -v Verbose; display verbose debugging messages.\n");
fprintf(stderr, " -V Display version number only.\n");
+ fprintf(stderr, " -P Don't allocate a privileged port.\n");
fprintf(stderr, " -q Quiet; don't display any warning messages.\n");
fprintf(stderr, " -f Fork into background after authentication.\n");
fprintf(stderr, " -e char Set escape character; ``none'' = disable (default: ~).\n");
@@ -274,6 +275,10 @@ main(int ac, char **av)
options.gateway_ports = 1;
break;
+ case 'P':
+ options.use_privileged_port = 0;
+ break;
+
case 'a':
options.forward_agent = 0;
break;
@@ -522,7 +527,14 @@ main(int ac, char **av)
restore_uid();
/* Open a connection to the remote host. This needs root privileges if
- rhosts_authentication is true. */
+ rhosts_{rsa_}authentication is true. */
+
+ if (!options.use_privileged_port)
+ {
+ options.rhosts_authentication = 0;
+ options.rhosts_rsa_authentication = 0;
+ }
+
ok = ssh_connect(host, &hostaddr, options.port, options.connection_attempts,
!options.rhosts_authentication &&
!options.rhosts_rsa_authentication,