diff options
| author | brooks <brooks@FreeBSD.org> | 2011-08-03 19:14:22 +0000 |
|---|---|---|
| committer | brooks <brooks@FreeBSD.org> | 2011-08-03 19:14:22 +0000 |
| commit | 0f65fdcb29dbe4f29dde3b5ae94b071ac26bd281 (patch) | |
| tree | 8b4a106674838af0ac7eedd28b1ef001d98c7afa /crypto/openssh/sshconnect2.c | |
| parent | de1f0b5343c3a7812121eff0346472c63e25046a (diff) | |
| download | FreeBSD-src-0f65fdcb29dbe4f29dde3b5ae94b071ac26bd281.zip FreeBSD-src-0f65fdcb29dbe4f29dde3b5ae94b071ac26bd281.tar.gz | |
Add support for dynamically adjusted buffers to allow the full use of
the bandwidth of long fat pipes (i.e. 100Mbps+ trans-oceanic or
trans-continental links). Bandwidth-delay products up to 64MB are
supported.
Also add support (not compiled by default) for the None cypher. The
None cypher can only be enabled on non-interactive sessions (those
without a pty where -T was not used) and must be enabled in both
the client and server configuration files and on the client command
line. Additionally, the None cypher will only be activated after
authentication is complete. To enable the None cypher you must add
-DNONE_CIPHER_ENABLED to CFLAGS via the make command line or in
/etc/make.conf.
This code is a style(9) compliant version of these features extracted
from the patches published at:
http://www.psc.edu/networking/projects/hpn-ssh/
Merging this patch has been a collaboration between me and Bjoern.
Reviewed by: bz
Approved by: re (kib), des (maintainer)
Diffstat (limited to 'crypto/openssh/sshconnect2.c')
| -rw-r--r-- | crypto/openssh/sshconnect2.c | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/crypto/openssh/sshconnect2.c b/crypto/openssh/sshconnect2.c index 3cb9b10..7352276 100644 --- a/crypto/openssh/sshconnect2.c +++ b/crypto/openssh/sshconnect2.c @@ -1,4 +1,5 @@ /* $OpenBSD: sshconnect2.c,v 1.186 2010/11/29 23:45:51 djm Exp $ */ +/* $FreeBSD$ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2008 Damien Miller. All rights reserved. @@ -81,6 +82,16 @@ extern char *client_version_string; extern char *server_version_string; extern Options options; +#ifdef NONE_CIPHER_ENABLED +extern Kex *xxx_kex; + +/* + * tty_flag is set in ssh.c so we can use it here. If set then prevent + * the switch to the null cipher. + */ + +extern int tty_flag; +#endif /* * SSH2 key exchange @@ -419,6 +430,29 @@ ssh_userauth2(const char *local_user, const char *server_user, char *host, pubkey_cleanup(&authctxt); dispatch_range(SSH2_MSG_USERAUTH_MIN, SSH2_MSG_USERAUTH_MAX, NULL); +#ifdef NONE_CIPHER_ENABLED + /* + * If the user explicitly requests to use the none cipher enable it + * post authentication and only if the right conditions are met: both + * of the NONE switches must be true and there must be no tty allocated. + */ + if (options.none_switch == 1 && options.none_enabled == 1) { + if (!tty_flag) { + debug("Requesting none cipher re-keying..."); + myproposal[PROPOSAL_ENC_ALGS_STOC] = "none"; + myproposal[PROPOSAL_ENC_ALGS_CTOS] = "none"; + kex_prop2buf(&xxx_kex->my, myproposal); + packet_request_rekeying(); + fprintf(stderr, "WARNING: enabled NONE cipher\n"); + } else { + /* Requested NONE cipher on an interactive session. */ + debug("Cannot switch to NONE cipher with tty " + "allocated"); + fprintf(stderr, "NONE cipher switch disabled given " + "a TTY is allocated\n"); + } + } +#endif debug("Authentication succeeded (%s).", authctxt.method->name); } |
