summaryrefslogtreecommitdiffstats
path: root/crypto/openssh
diff options
context:
space:
mode:
authorkris <kris@FreeBSD.org>2000-06-03 07:18:09 +0000
committerkris <kris@FreeBSD.org>2000-06-03 07:18:09 +0000
commite503398156edd9b3ad9ebac248c30f5d5380f379 (patch)
treeee1a7d00f7444a5417f2b5cd94a3557ba6197b77 /crypto/openssh
parent10badcd8c786a973fe56a5b4fe4ea468245231e8 (diff)
downloadFreeBSD-src-e503398156edd9b3ad9ebac248c30f5d5380f379.zip
FreeBSD-src-e503398156edd9b3ad9ebac248c30f5d5380f379.tar.gz
Import vendor patches: the first is written by
Brian Feldman <green@FreeBSD.org> * Remove the gratuitous dependency on OpenSSL 0.9.5a (preparation for MFC) * Disable agent forwarding by default in the client (security risk) Submitted by: green Obtained from: OpenBSD
Diffstat (limited to 'crypto/openssh')
-rw-r--r--crypto/openssh/readconf.c10
-rw-r--r--crypto/openssh/ssh-keygen.c4
-rw-r--r--crypto/openssh/ssh.118
-rw-r--r--crypto/openssh/ssh.c9
4 files changed, 31 insertions, 10 deletions
diff --git a/crypto/openssh/readconf.c b/crypto/openssh/readconf.c
index 2053c67..15b8e6e 100644
--- a/crypto/openssh/readconf.c
+++ b/crypto/openssh/readconf.c
@@ -14,7 +14,7 @@
*/
#include "includes.h"
-RCSID("$Id: readconf.c,v 1.31 2000/05/08 17:12:15 markus Exp $");
+RCSID("$Id: readconf.c,v 1.33 2000/05/29 20:20:46 markus Exp $");
#include "ssh.h"
#include "cipher.h"
@@ -464,6 +464,8 @@ parse_int:
case oCipher:
intptr = &options->cipher;
cp = strtok(NULL, WHITESPACE);
+ if (!cp)
+ fatal("%.200s line %d: Missing argument.", filename, linenum);
value = cipher_number(cp);
if (value == -1)
fatal("%.200s line %d: Bad cipher '%s'.",
@@ -474,6 +476,8 @@ parse_int:
case oCiphers:
cp = strtok(NULL, WHITESPACE);
+ if (!cp)
+ fatal("%.200s line %d: Missing argument.", filename, linenum);
if (!ciphers_valid(cp))
fatal("%.200s line %d: Bad SSH2 cipher spec '%s'.",
filename, linenum, cp ? cp : "<NONE>");
@@ -484,6 +488,8 @@ parse_int:
case oProtocol:
intptr = &options->protocol;
cp = strtok(NULL, WHITESPACE);
+ if (!cp)
+ fatal("%.200s line %d: Missing argument.", filename, linenum);
value = proto_spec(cp);
if (value == SSH_PROTO_UNKNOWN)
fatal("%.200s line %d: Bad protocol spec '%s'.",
@@ -691,7 +697,7 @@ void
fill_default_options(Options * options)
{
if (options->forward_agent == -1)
- options->forward_agent = 1;
+ options->forward_agent = 0;
if (options->forward_x11 == -1)
options->forward_x11 = 0;
if (options->gateway_ports == -1)
diff --git a/crypto/openssh/ssh-keygen.c b/crypto/openssh/ssh-keygen.c
index 9129c70..874acfe 100644
--- a/crypto/openssh/ssh-keygen.c
+++ b/crypto/openssh/ssh-keygen.c
@@ -7,7 +7,7 @@
*/
#include "includes.h"
-RCSID("$Id: ssh-keygen.c,v 1.25 2000/05/08 18:23:07 markus Exp $");
+RCSID("$Id: ssh-keygen.c,v 1.26 2000/05/30 17:32:06 markus Exp $");
#include <openssl/evp.h>
#include <openssl/pem.h>
@@ -516,7 +516,7 @@ main(int ac, char **av)
extern int optind;
extern char *optarg;
- OpenSSL_add_all_algorithms();
+ SSLeay_add_all_algorithms();
/* we need this for the home * directory. */
pw = getpwuid(getuid());
diff --git a/crypto/openssh/ssh.1 b/crypto/openssh/ssh.1
index 77c3980..d069ce1 100644
--- a/crypto/openssh/ssh.1
+++ b/crypto/openssh/ssh.1
@@ -9,7 +9,7 @@
.\"
.\" Created: Sat Apr 22 21:55:14 1995 ylo
.\"
-.\" $Id: ssh.1,v 1.52 2000/05/08 17:21:32 hugh Exp $
+.\" $Id: ssh.1,v 1.54 2000/05/29 20:20:46 markus Exp $
.\"
.Dd September 25, 1999
.Dt SSH 1
@@ -24,7 +24,7 @@
.Op Ar command
.Pp
.Nm ssh
-.Op Fl afgknqtvxCPX246
+.Op Fl afgknqtvxACNPTX246
.Op Fl c Ar cipher_spec
.Op Fl e Ar escape_char
.Op Fl i Ar identity_file
@@ -332,7 +332,9 @@ host key is not known or has changed.
.Bl -tag -width Ds
.It Fl a
Disables forwarding of the authentication agent connection.
-This may also be specified on a per-host basis in the configuration file.
+.It Fl A
+Enables forwarding of the authentication agent connection.
+This can also be specified on a per-host basis in a configuration file.
.It Fl c Ar blowfish|3des
Selects the cipher to use for encrypting the session.
.Ar 3des
@@ -416,6 +418,10 @@ program will be put in the background.
needs to ask for a password or passphrase; see also the
.Fl f
option.)
+.It Fl N
+Do not execute a remote command.
+This is usefull if you just want to forward ports
+(protocol version 2 only).
.It Fl o Ar option
Can be used to give options in the format used in the config file.
This is useful for specifying options for which there is no separate
@@ -442,6 +448,8 @@ Force pseudo-tty allocation.
This can be used to execute arbitrary
screen-based programs on a remote machine, which can be very useful,
e.g., when implementing menu services.
+.It Fl T
+Disable pseudo-tty allocation (protocol version 2 only).
.It Fl v
Verbose mode.
Causes
@@ -454,9 +462,9 @@ The verbose mode is also used to display
challenges, if the user entered "s/key" as password.
.It Fl x
Disables X11 forwarding.
-This can also be specified on a per-host basis in a configuration file.
.It Fl X
Enables X11 forwarding.
+This can also be specified on a per-host basis in a configuration file.
.It Fl C
Requests compression of all data (including stdin, stdout, stderr, and
data for forwarded X11 and TCP/IP connections).
@@ -665,6 +673,8 @@ The argument must be
.Dq yes
or
.Dq no .
+The default is
+.Dq no .
.It Cm ForwardX11
Specifies whether X11 connections will be automatically redirected
over the secure channel and
diff --git a/crypto/openssh/ssh.c b/crypto/openssh/ssh.c
index 0ab3f9f..f343b41 100644
--- a/crypto/openssh/ssh.c
+++ b/crypto/openssh/ssh.c
@@ -11,7 +11,7 @@
*/
#include "includes.h"
-RCSID("$Id: ssh.c,v 1.51 2000/05/08 17:12:15 markus Exp $");
+RCSID("$Id: ssh.c,v 1.54 2000/05/30 17:32:06 markus Exp $");
#include <openssl/evp.h>
#include <openssl/dsa.h>
@@ -108,10 +108,12 @@ usage()
fprintf(stderr, "Options:\n");
fprintf(stderr, " -l user Log in using this user name.\n");
fprintf(stderr, " -n Redirect input from /dev/null.\n");
+ fprintf(stderr, " -A Enable authentication agent forwarding.\n");
fprintf(stderr, " -a Disable authentication agent forwarding.\n");
#ifdef AFS
fprintf(stderr, " -k Disable Kerberos ticket and AFS token forwarding.\n");
#endif /* AFS */
+ fprintf(stderr, " -X Enable X11 connection forwarding.\n");
fprintf(stderr, " -x Disable X11 connection forwarding.\n");
fprintf(stderr, " -i file Identity for RSA authentication (default: ~/.ssh/identity).\n");
fprintf(stderr, " -t Tty; allocate a tty even if command is given.\n");
@@ -306,6 +308,9 @@ main(int ac, char **av)
case 'a':
options.forward_agent = 0;
break;
+ case 'A':
+ options.forward_agent = 1;
+ break;
#ifdef AFS
case 'k':
options.kerberos_tgt_passing = 0;
@@ -422,7 +427,7 @@ main(int ac, char **av)
if (!host)
usage();
- OpenSSL_add_all_algorithms();
+ SSLeay_add_all_algorithms();
/* Initialize the command to execute on remote host. */
buffer_init(&command);
OpenPOWER on IntegriCloud