summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog7
-rw-r--r--auth1.c22
-rw-r--r--readconf.c15
-rw-r--r--readconf.h3
-rw-r--r--servconf.c13
-rw-r--r--servconf.h4
-rw-r--r--ssh.c14
-rw-r--r--ssh_config3
-rw-r--r--ssh_config.528
-rw-r--r--sshconnect1.c22
-rw-r--r--sshd.83
-rw-r--r--sshd.c19
-rw-r--r--sshd_config8
-rw-r--r--sshd_config.57
14 files changed, 28 insertions, 140 deletions
diff --git a/ChangeLog b/ChangeLog
index f80dea66..b421d6ff 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -5,6 +5,11 @@
[session.c]
use more portable tcsendbreak(3) and ignore break_length;
ok deraadt, millert
+ - markus@cvs.openbsd.org 2003/08/13 08:46:31
+ [auth1.c readconf.c readconf.h servconf.c servconf.h ssh.c ssh_config
+ ssh_config.5 sshconnect1.c sshd.8 sshd.c sshd_config sshd_config.5]
+ remove RhostsAuthentication; suggested by djm@ before; ok djm@, deraadt@,
+ fgsch@, miod@, henning@, jakob@ and others
20030811
- (dtucker) OpenBSD CVS Sync
@@ -823,4 +828,4 @@
- Fix sshd BindAddress and -b options for systems using fake-getaddrinfo.
Report from murple@murple.net, diagnosis from dtucker@zip.com.au
-$Id: ChangeLog,v 1.2890 2003/08/13 10:31:05 dtucker Exp $
+$Id: ChangeLog,v 1.2891 2003/08/13 10:37:05 dtucker Exp $
diff --git a/auth1.c b/auth1.c
index 877e2e62..7c010010 100644
--- a/auth1.c
+++ b/auth1.c
@@ -10,7 +10,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: auth1.c,v 1.49 2003/07/22 13:35:22 markus Exp $");
+RCSID("$OpenBSD: auth1.c,v 1.50 2003/08/13 08:46:30 markus Exp $");
#include "xmalloc.h"
#include "rsa.h"
@@ -160,26 +160,6 @@ do_authloop(Authctxt *authctxt)
break;
#endif
- case SSH_CMSG_AUTH_RHOSTS:
- if (!options.rhosts_authentication) {
- verbose("Rhosts authentication disabled.");
- break;
- }
- /*
- * Get client user name. Note that we just have to
- * trust the client; this is one reason why rhosts
- * authentication is insecure. (Another is
- * IP-spoofing on a local network.)
- */
- client_user = packet_get_string(&ulen);
- packet_check_eom();
-
- /* Try to authenticate using /etc/hosts.equiv and .rhosts. */
- authenticated = auth_rhosts(pw, client_user);
-
- snprintf(info, sizeof info, " ruser %.100s", client_user);
- break;
-
case SSH_CMSG_AUTH_RHOSTS_RSA:
if (!options.rhosts_rsa_authentication) {
verbose("Rhosts with RSA authentication disabled.");
diff --git a/readconf.c b/readconf.c
index 332500e7..355a7dfc 100644
--- a/readconf.c
+++ b/readconf.c
@@ -12,7 +12,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: readconf.c,v 1.115 2003/07/22 13:35:22 markus Exp $");
+RCSID("$OpenBSD: readconf.c,v 1.116 2003/08/13 08:46:30 markus Exp $");
#include "ssh.h"
#include "xmalloc.h"
@@ -57,7 +57,6 @@ RCSID("$OpenBSD: readconf.c,v 1.115 2003/07/22 13:35:22 markus Exp $");
Host fascist.blob.com
Port 23123
User tylonen
- RhostsAuthentication no
PasswordAuthentication no
Host puukko.hut.fi
@@ -75,7 +74,6 @@ RCSID("$OpenBSD: readconf.c,v 1.115 2003/07/22 13:35:22 markus Exp $");
Host *
ForwardAgent no
ForwardX11 no
- RhostsAuthentication yes
PasswordAuthentication yes
RSAAuthentication yes
RhostsRSAAuthentication yes
@@ -91,7 +89,7 @@ RCSID("$OpenBSD: readconf.c,v 1.115 2003/07/22 13:35:22 markus Exp $");
typedef enum {
oBadOption,
- oForwardAgent, oForwardX11, oGatewayPorts, oRhostsAuthentication,
+ oForwardAgent, oForwardX11, oGatewayPorts,
oPasswordAuthentication, oRSAAuthentication,
oChallengeResponseAuthentication, oXAuthLocation,
oKerberosAuthentication, oKerberosTgtPassing,
@@ -122,7 +120,7 @@ static struct {
{ "xauthlocation", oXAuthLocation },
{ "gatewayports", oGatewayPorts },
{ "useprivilegedport", oUsePrivilegedPort },
- { "rhostsauthentication", oRhostsAuthentication },
+ { "rhostsauthentication", oDeprecated },
{ "passwordauthentication", oPasswordAuthentication },
{ "kbdinteractiveauthentication", oKbdInteractiveAuthentication },
{ "kbdinteractivedevices", oKbdInteractiveDevices },
@@ -351,10 +349,6 @@ parse_flag:
intptr = &options->use_privileged_port;
goto parse_flag;
- case oRhostsAuthentication:
- intptr = &options->rhosts_authentication;
- goto parse_flag;
-
case oPasswordAuthentication:
intptr = &options->password_authentication;
goto parse_flag;
@@ -814,7 +808,6 @@ initialize_options(Options * options)
options->xauth_location = NULL;
options->gateway_ports = -1;
options->use_privileged_port = -1;
- options->rhosts_authentication = -1;
options->rsa_authentication = -1;
options->pubkey_authentication = -1;
options->challenge_response_authentication = -1;
@@ -884,8 +877,6 @@ fill_default_options(Options * options)
options->gateway_ports = 0;
if (options->use_privileged_port == -1)
options->use_privileged_port = 0;
- if (options->rhosts_authentication == -1)
- options->rhosts_authentication = 0;
if (options->rsa_authentication == -1)
options->rsa_authentication = 1;
if (options->pubkey_authentication == -1)
diff --git a/readconf.h b/readconf.h
index cc94253e..6fbf467e 100644
--- a/readconf.h
+++ b/readconf.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.h,v 1.52 2003/07/22 13:35:22 markus Exp $ */
+/* $OpenBSD: readconf.h,v 1.53 2003/08/13 08:46:30 markus Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -33,7 +33,6 @@ typedef struct {
char *xauth_location; /* Location for xauth program */
int gateway_ports; /* Allow remote connects to forwarded ports. */
int use_privileged_port; /* Don't use privileged port if false. */
- int rhosts_authentication; /* Try rhosts authentication. */
int rhosts_rsa_authentication; /* Try rhosts with RSA
* authentication. */
int rsa_authentication; /* Try RSA authentication. */
diff --git a/servconf.c b/servconf.c
index c4b2bb28..e9c313bb 100644
--- a/servconf.c
+++ b/servconf.c
@@ -10,7 +10,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: servconf.c,v 1.123 2003/07/22 13:35:22 markus Exp $");
+RCSID("$OpenBSD: servconf.c,v 1.124 2003/08/13 08:46:30 markus Exp $");
#include "ssh.h"
#include "log.h"
@@ -64,7 +64,6 @@ initialize_server_options(ServerOptions *options)
options->keepalives = -1;
options->log_facility = SYSLOG_FACILITY_NOT_SET;
options->log_level = SYSLOG_LEVEL_NOT_SET;
- options->rhosts_authentication = -1;
options->rhosts_rsa_authentication = -1;
options->hostbased_authentication = -1;
options->hostbased_uses_name_from_packet_only = -1;
@@ -165,8 +164,6 @@ fill_default_server_options(ServerOptions *options)
options->log_facility = SYSLOG_FACILITY_AUTH;
if (options->log_level == SYSLOG_LEVEL_NOT_SET)
options->log_level = SYSLOG_LEVEL_INFO;
- if (options->rhosts_authentication == -1)
- options->rhosts_authentication = 0;
if (options->rhosts_rsa_authentication == -1)
options->rhosts_rsa_authentication = 0;
if (options->hostbased_authentication == -1)
@@ -248,7 +245,7 @@ typedef enum {
/* Standard Options */
sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
sPermitRootLogin, sLogFacility, sLogLevel,
- sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication,
+ sRhostsRSAAuthentication, sRSAAuthentication,
sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
sKerberosTgtPassing, sChallengeResponseAuthentication,
sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress,
@@ -288,7 +285,7 @@ static struct {
{ "permitrootlogin", sPermitRootLogin },
{ "syslogfacility", sLogFacility },
{ "loglevel", sLogLevel },
- { "rhostsauthentication", sRhostsAuthentication },
+ { "rhostsauthentication", sDeprecated },
{ "rhostsrsaauthentication", sRhostsRSAAuthentication },
{ "hostbasedauthentication", sHostbasedAuthentication },
{ "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly },
@@ -589,10 +586,6 @@ parse_flag:
intptr = &options->ignore_user_known_hosts;
goto parse_flag;
- case sRhostsAuthentication:
- intptr = &options->rhosts_authentication;
- goto parse_flag;
-
case sRhostsRSAAuthentication:
intptr = &options->rhosts_rsa_authentication;
goto parse_flag;
diff --git a/servconf.h b/servconf.h
index 65ad2071..42bcda75 100644
--- a/servconf.h
+++ b/servconf.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: servconf.h,v 1.62 2003/07/22 13:35:22 markus Exp $ */
+/* $OpenBSD: servconf.h,v 1.63 2003/08/13 08:46:30 markus Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -65,8 +65,6 @@ typedef struct {
int gateway_ports; /* If true, allow remote connects to forwarded ports. */
SyslogFacility log_facility; /* Facility for system logging. */
LogLevel log_level; /* Level for system logging. */
- int rhosts_authentication; /* If true, permit rhosts
- * authentication. */
int rhosts_rsa_authentication; /* If true, permit rhosts RSA
* authentication. */
int hostbased_authentication; /* If true, permit ssh2 hostbased auth */
diff --git a/ssh.c b/ssh.c
index 82b40193..71556e20 100644
--- a/ssh.c
+++ b/ssh.c
@@ -40,7 +40,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: ssh.c,v 1.198 2003/07/22 13:35:22 markus Exp $");
+RCSID("$OpenBSD: ssh.c,v 1.199 2003/08/13 08:46:30 markus Exp $");
#include <openssl/evp.h>
#include <openssl/err.h>
@@ -600,19 +600,7 @@ again:
strcmp(options.proxy_command, "none") == 0)
options.proxy_command = NULL;
- /* Disable rhosts authentication if not running as root. */
-#ifdef HAVE_CYGWIN
- /* Ignore uid if running under Windows */
- if (!options.use_privileged_port) {
-#else
- if (original_effective_uid != 0 || !options.use_privileged_port) {
-#endif
- debug("Rhosts Authentication disabled, "
- "originating port will not be trusted.");
- options.rhosts_authentication = 0;
- }
/* Open a connection to the remote host. */
-
if (ssh_connect(host, &hostaddr, options.port,
options.address_family, options.connection_attempts,
#ifdef HAVE_CYGWIN
diff --git a/ssh_config b/ssh_config
index 721e374e..2692e891 100644
--- a/ssh_config
+++ b/ssh_config
@@ -1,4 +1,4 @@
-# $OpenBSD: ssh_config,v 1.18 2003/05/16 03:27:12 djm Exp $
+# $OpenBSD: ssh_config,v 1.19 2003/08/13 08:46:31 markus Exp $
# This is the ssh client system-wide configuration file. See
# ssh_config(5) for more information. This file provides defaults for
@@ -18,7 +18,6 @@
# Host *
# ForwardAgent no
# ForwardX11 no
-# RhostsAuthentication no
# RhostsRSAAuthentication no
# RSAAuthentication yes
# PasswordAuthentication yes
diff --git a/ssh_config.5 b/ssh_config.5
index 3a79af8f..fb341d79 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -34,7 +34,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: ssh_config.5,v 1.16 2003/07/22 13:35:22 markus Exp $
+.\" $OpenBSD: ssh_config.5,v 1.17 2003/08/13 08:46:31 markus Exp $
.Dd September 25, 1999
.Dt SSH_CONFIG 5
.Os
@@ -529,26 +529,6 @@ IPv6 addresses can be specified with an alternative syntax:
Multiple forwardings may be specified, and additional
forwardings can be given on the command line.
Only the superuser can forward privileged ports.
-.It Cm RhostsAuthentication
-Specifies whether to try rhosts based authentication.
-Note that this
-declaration only affects the client side and has no effect whatsoever
-on security.
-Most servers do not permit RhostsAuthentication because it
-is not secure (see
-.Cm RhostsRSAAuthentication ) .
-The argument to this keyword must be
-.Dq yes
-or
-.Dq no .
-The default is
-.Dq no .
-This option applies to protocol version 1 only and requires
-.Nm ssh
-to be setuid root and
-.Cm UsePrivilegedPort
-to be set to
-.Dq yes .
.It Cm RhostsRSAAuthentication
Specifies whether to try rhosts based authentication with RSA host
authentication.
@@ -629,11 +609,9 @@ If set to
must be setuid root.
Note that this option must be set to
.Dq yes
-if
-.Cm RhostsAuthentication
-and
+for
.Cm RhostsRSAAuthentication
-authentications are needed with older servers.
+with older servers.
.It Cm User
Specifies the user to log in as.
This can be useful when a different user name is used on different machines.
diff --git a/sshconnect1.c b/sshconnect1.c
index 8851c35f..5e1802b1 100644
--- a/sshconnect1.c
+++ b/sshconnect1.c
@@ -13,7 +13,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: sshconnect1.c,v 1.54 2003/07/22 13:35:22 markus Exp $");
+RCSID("$OpenBSD: sshconnect1.c,v 1.55 2003/08/13 08:46:31 markus Exp $");
#include <openssl/bn.h>
#include <openssl/md5.h>
@@ -932,26 +932,6 @@ ssh_userauth1(const char *local_user, const char *server_user, char *host,
#endif /* KRB5 */
/*
- * Use rhosts authentication if running in privileged socket and we
- * do not wish to remain anonymous.
- */
- if ((supported_authentications & (1 << SSH_AUTH_RHOSTS)) &&
- options.rhosts_authentication) {
- debug("Trying rhosts authentication.");
- packet_start(SSH_CMSG_AUTH_RHOSTS);
- packet_put_cstring(local_user);
- packet_send();
- packet_write_wait();
-
- /* The server should respond with success or failure. */
- type = packet_read();
- if (type == SSH_SMSG_SUCCESS)
- goto success;
- if (type != SSH_SMSG_FAILURE)
- packet_disconnect("Protocol error: got %d in response to rhosts auth",
- type);
- }
- /*
* Try .rhosts or /etc/hosts.equiv authentication with RSA host
* authentication.
*/
diff --git a/sshd.8 b/sshd.8
index 1cad834f..4749fab8 100644
--- a/sshd.8
+++ b/sshd.8
@@ -34,7 +34,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: sshd.8,v 1.198 2003/06/10 09:12:12 jmc Exp $
+.\" $OpenBSD: sshd.8,v 1.199 2003/08/13 08:46:31 markus Exp $
.Dd September 25, 1999
.Dt SSHD 8
.Os
@@ -292,7 +292,6 @@ may also be used to prevent
from making DNS requests unless the authentication
mechanism or configuration requires it.
Authentication mechanisms that may require DNS include
-.Cm RhostsAuthentication ,
.Cm RhostsRSAAuthentication ,
.Cm HostbasedAuthentication
and using a
diff --git a/sshd.c b/sshd.c
index 896e56c7..dc275b0c 100644
--- a/sshd.c
+++ b/sshd.c
@@ -42,7 +42,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.274 2003/07/22 13:35:22 markus Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.275 2003/08/13 08:46:31 markus Exp $");
#include <openssl/dh.h>
#include <openssl/bn.h>
@@ -1462,20 +1462,7 @@ main(int ac, char **av)
alarm(options.login_grace_time);
sshd_exchange_identification(sock_in, sock_out);
- /*
- * Check that the connection comes from a privileged port.
- * Rhosts-Authentication only makes sense from privileged
- * programs. Of course, if the intruder has root access on his local
- * machine, he can connect from any port. So do not use these
- * authentication methods from machines that you do not trust.
- */
- if (options.rhosts_authentication &&
- (remote_port >= IPPORT_RESERVED ||
- remote_port < IPPORT_RESERVED / 2)) {
- debug("Rhosts Authentication disabled, "
- "originating port %d not trusted.", remote_port);
- options.rhosts_authentication = 0;
- }
+
#ifdef KRB5
if (!packet_connection_is_ipv4() &&
options.kerberos_authentication) {
@@ -1643,8 +1630,6 @@ do_ssh1_kex(void)
/* Declare supported authentication types. */
auth_mask = 0;
- if (options.rhosts_authentication)
- auth_mask |= 1 << SSH_AUTH_RHOSTS;
if (options.rhosts_rsa_authentication)
auth_mask |= 1 << SSH_AUTH_RHOSTS_RSA;
if (options.rsa_authentication)
diff --git a/sshd_config b/sshd_config
index 262b6883..a2bd2ff6 100644
--- a/sshd_config
+++ b/sshd_config
@@ -1,4 +1,4 @@
-# $OpenBSD: sshd_config,v 1.62 2003/07/23 07:42:43 markus Exp $
+# $OpenBSD: sshd_config,v 1.63 2003/08/13 08:46:31 markus Exp $
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
@@ -40,10 +40,6 @@
#PubkeyAuthentication yes
#AuthorizedKeysFile .ssh/authorized_keys
-# rhosts authentication should not be used
-#RhostsAuthentication no
-# Don't read the user's ~/.rhosts and ~/.shosts files
-#IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
@@ -51,6 +47,8 @@
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
+# Don't read the user's ~/.rhosts and ~/.shosts files
+#IgnoreRhosts yes
# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
diff --git a/sshd_config.5 b/sshd_config.5
index 223ff8aa..3d920cc8 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -34,7 +34,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: sshd_config.5,v 1.21 2003/07/22 13:35:22 markus Exp $
+.\" $OpenBSD: sshd_config.5,v 1.22 2003/08/13 08:46:31 markus Exp $
.Dd September 25, 1999
.Dt SSHD_CONFIG 5
.Os
@@ -260,7 +260,6 @@ Specifies that
and
.Pa .shosts
files will not be used in
-.Cm RhostsAuthentication ,
.Cm RhostsRSAAuthentication
or
.Cm HostbasedAuthentication .
@@ -529,10 +528,6 @@ Specifies whether public key authentication is allowed.
The default is
.Dq yes .
Note that this option applies to protocol version 2 only.
-.It Cm RhostsAuthentication
-Specifies whether authentication using rhosts or /etc/hosts.equiv
-files is sufficient.
-Normally, this method should not be permitted because it is insecure.
.Cm RhostsRSAAuthentication
should be used
instead, because it performs RSA-based host authentication in addition