diff options
| author | des <des@FreeBSD.org> | 2002-06-29 10:51:56 +0000 |
|---|---|---|
| committer | des <des@FreeBSD.org> | 2002-06-29 10:51:56 +0000 |
| commit | 2d6cae03f17019300424e86d8b093c55ed79c305 (patch) | |
| tree | 669f9e631122de923df645f3f78a1f051c9d2218 /crypto | |
| parent | a56e989df507678554319c1aab75a3ff04601696 (diff) | |
| download | FreeBSD-src-2d6cae03f17019300424e86d8b093c55ed79c305.zip FreeBSD-src-2d6cae03f17019300424e86d8b093c55ed79c305.tar.gz | |
Apply FreeBSD's configuration defaults.
Sponsored by: DARPA, NAI Labs
Diffstat (limited to 'crypto')
| -rw-r--r-- | crypto/openssh/myproposal.h | 3 | ||||
| -rw-r--r-- | crypto/openssh/readconf.c | 12 | ||||
| -rw-r--r-- | crypto/openssh/servconf.c | 29 |
3 files changed, 34 insertions, 10 deletions
diff --git a/crypto/openssh/myproposal.h b/crypto/openssh/myproposal.h index 62f5cfb..372ac7e 100644 --- a/crypto/openssh/myproposal.h +++ b/crypto/openssh/myproposal.h @@ -1,4 +1,5 @@ /* $OpenBSD: myproposal.h,v 1.14 2002/04/03 09:26:11 markus Exp $ */ +/* $FreeBSD$ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -24,7 +25,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #define KEX_DEFAULT_KEX "diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1" -#define KEX_DEFAULT_PK_ALG "ssh-rsa,ssh-dss" +#define KEX_DEFAULT_PK_ALG "ssh-dss,ssh-rsa" #define KEX_DEFAULT_ENCRYPT \ "aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour," \ "aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se" diff --git a/crypto/openssh/readconf.c b/crypto/openssh/readconf.c index 80d99fe..d45df25 100644 --- a/crypto/openssh/readconf.c +++ b/crypto/openssh/readconf.c @@ -13,6 +13,7 @@ #include "includes.h" RCSID("$OpenBSD: readconf.c,v 1.100 2002/06/19 00:27:55 deraadt Exp $"); +RCSID("$FreeBSD$"); #include "ssh.h" #include "xmalloc.h" @@ -114,6 +115,7 @@ typedef enum { oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication, oHostKeyAlgorithms, oBindAddress, oSmartcardDevice, oClearAllForwardings, oNoHostAuthenticationForLocalhost, + oVersionAddendum, oDeprecated } OpCodes; @@ -186,6 +188,7 @@ static struct { { "smartcarddevice", oSmartcardDevice }, { "clearallforwardings", oClearAllForwardings }, { "nohostauthenticationforlocalhost", oNoHostAuthenticationForLocalhost }, + { "versionaddendum", oVersionAddendum }, { NULL, oBadOption } }; @@ -669,6 +672,13 @@ parse_int: *intptr = value; break; + case oVersionAddendum: + ssh_version_set_addendum(strtok(s, "\n")); + do { + arg = strdelim(&s); + } while (arg != NULL && *arg != '\0'); + break; + case oDeprecated: debug("%s line %d: Deprecated option \"%s\"", filename, linenum, keyword); @@ -846,7 +856,7 @@ fill_default_options(Options * options) if (options->batch_mode == -1) options->batch_mode = 0; if (options->check_host_ip == -1) - options->check_host_ip = 1; + options->check_host_ip = 0; if (options->strict_host_key_checking == -1) options->strict_host_key_checking = 2; /* 2 is default */ if (options->compression == -1) diff --git a/crypto/openssh/servconf.c b/crypto/openssh/servconf.c index 4195b41..9540725 100644 --- a/crypto/openssh/servconf.c +++ b/crypto/openssh/servconf.c @@ -11,13 +11,14 @@ #include "includes.h" RCSID("$OpenBSD: servconf.c,v 1.111 2002/06/20 23:05:55 markus Exp $"); +RCSID("$FreeBSD$"); #if defined(KRB4) #include <krb.h> #endif #if defined(KRB5) #ifdef HEIMDAL -#include <krb.h> +#include <krb5.h> #else /* Bodge - but then, so is using the kerberos IV KEYFILE to get a Kerberos V * keytab */ @@ -144,8 +145,6 @@ fill_default_server_options(ServerOptions *options) _PATH_HOST_KEY_FILE; if (options->protocol & SSH_PROTO_2) { options->host_key_files[options->num_host_key_files++] = - _PATH_HOST_RSA_KEY_FILE; - options->host_key_files[options->num_host_key_files++] = _PATH_HOST_DSA_KEY_FILE; } } @@ -158,11 +157,11 @@ fill_default_server_options(ServerOptions *options) if (options->server_key_bits == -1) options->server_key_bits = 768; if (options->login_grace_time == -1) - options->login_grace_time = 600; + options->login_grace_time = 120; if (options->key_regeneration_time == -1) options->key_regeneration_time = 3600; if (options->permit_root_login == PERMIT_NOT_SET) - options->permit_root_login = PERMIT_YES; + options->permit_root_login = PERMIT_NO; if (options->ignore_rhosts == -1) options->ignore_rhosts = 1; if (options->ignore_user_known_hosts == -1) @@ -172,7 +171,7 @@ fill_default_server_options(ServerOptions *options) if (options->print_lastlog == -1) options->print_lastlog = 1; if (options->x11_forwarding == -1) - options->x11_forwarding = 0; + options->x11_forwarding = 1; if (options->x11_display_offset == -1) options->x11_display_offset = 10; if (options->x11_use_localhost == -1) @@ -199,9 +198,21 @@ fill_default_server_options(ServerOptions *options) options->rsa_authentication = 1; if (options->pubkey_authentication == -1) options->pubkey_authentication = 1; -#if defined(KRB4) || defined(KRB5) +#if defined(KRB4) && defined(KRB5) + if (options->kerberos_authentication == -1) + options->kerberos_authentication = + (access(KEYFILE, R_OK) == 0 || + access(krb5_defkeyname, R_OK) == 0); +#elif defined(KRB4) + if (options->kerberos_authentication == -1) + options->kerberos_authentication = + (access(KEYFILE, R_OK) == 0); +#elif defined(KRB5) if (options->kerberos_authentication == -1) - options->kerberos_authentication = 0; + options->kerberos_authentication = + (access(krb5_defkeyname, R_OK) == 0); +#endif +#if defined(KRB4) || defined(KRB5) if (options->kerberos_or_local_passwd == -1) options->kerberos_or_local_passwd = 1; if (options->kerberos_ticket_cleanup == -1) @@ -309,7 +320,9 @@ static struct { ServerOpCodes opcode; } keywords[] = { /* Portable-specific options */ +#if 0 { "PAMAuthenticationViaKbdInt", sPAMAuthenticationViaKbdInt }, +#endif /* Standard Options */ { "port", sPort }, { "hostkey", sHostKeyFile }, |
