From e503398156edd9b3ad9ebac248c30f5d5380f379 Mon Sep 17 00:00:00 2001 From: kris Date: Sat, 3 Jun 2000 07:18:09 +0000 Subject: Import vendor patches: the first is written by Brian Feldman * Remove the gratuitous dependency on OpenSSL 0.9.5a (preparation for MFC) * Disable agent forwarding by default in the client (security risk) Submitted by: green Obtained from: OpenBSD --- crypto/openssh/readconf.c | 10 ++++++++-- crypto/openssh/ssh-keygen.c | 4 ++-- crypto/openssh/ssh.1 | 18 ++++++++++++++---- crypto/openssh/ssh.c | 9 +++++++-- 4 files changed, 31 insertions(+), 10 deletions(-) (limited to 'crypto') diff --git a/crypto/openssh/readconf.c b/crypto/openssh/readconf.c index 2053c67..15b8e6e 100644 --- a/crypto/openssh/readconf.c +++ b/crypto/openssh/readconf.c @@ -14,7 +14,7 @@ */ #include "includes.h" -RCSID("$Id: readconf.c,v 1.31 2000/05/08 17:12:15 markus Exp $"); +RCSID("$Id: readconf.c,v 1.33 2000/05/29 20:20:46 markus Exp $"); #include "ssh.h" #include "cipher.h" @@ -464,6 +464,8 @@ parse_int: case oCipher: intptr = &options->cipher; cp = strtok(NULL, WHITESPACE); + if (!cp) + fatal("%.200s line %d: Missing argument.", filename, linenum); value = cipher_number(cp); if (value == -1) fatal("%.200s line %d: Bad cipher '%s'.", @@ -474,6 +476,8 @@ parse_int: case oCiphers: cp = strtok(NULL, WHITESPACE); + if (!cp) + fatal("%.200s line %d: Missing argument.", filename, linenum); if (!ciphers_valid(cp)) fatal("%.200s line %d: Bad SSH2 cipher spec '%s'.", filename, linenum, cp ? cp : ""); @@ -484,6 +488,8 @@ parse_int: case oProtocol: intptr = &options->protocol; cp = strtok(NULL, WHITESPACE); + if (!cp) + fatal("%.200s line %d: Missing argument.", filename, linenum); value = proto_spec(cp); if (value == SSH_PROTO_UNKNOWN) fatal("%.200s line %d: Bad protocol spec '%s'.", @@ -691,7 +697,7 @@ void fill_default_options(Options * options) { if (options->forward_agent == -1) - options->forward_agent = 1; + options->forward_agent = 0; if (options->forward_x11 == -1) options->forward_x11 = 0; if (options->gateway_ports == -1) diff --git a/crypto/openssh/ssh-keygen.c b/crypto/openssh/ssh-keygen.c index 9129c70..874acfe 100644 --- a/crypto/openssh/ssh-keygen.c +++ b/crypto/openssh/ssh-keygen.c @@ -7,7 +7,7 @@ */ #include "includes.h" -RCSID("$Id: ssh-keygen.c,v 1.25 2000/05/08 18:23:07 markus Exp $"); +RCSID("$Id: ssh-keygen.c,v 1.26 2000/05/30 17:32:06 markus Exp $"); #include #include @@ -516,7 +516,7 @@ main(int ac, char **av) extern int optind; extern char *optarg; - OpenSSL_add_all_algorithms(); + SSLeay_add_all_algorithms(); /* we need this for the home * directory. */ pw = getpwuid(getuid()); diff --git a/crypto/openssh/ssh.1 b/crypto/openssh/ssh.1 index 77c3980..d069ce1 100644 --- a/crypto/openssh/ssh.1 +++ b/crypto/openssh/ssh.1 @@ -9,7 +9,7 @@ .\" .\" Created: Sat Apr 22 21:55:14 1995 ylo .\" -.\" $Id: ssh.1,v 1.52 2000/05/08 17:21:32 hugh Exp $ +.\" $Id: ssh.1,v 1.54 2000/05/29 20:20:46 markus Exp $ .\" .Dd September 25, 1999 .Dt SSH 1 @@ -24,7 +24,7 @@ .Op Ar command .Pp .Nm ssh -.Op Fl afgknqtvxCPX246 +.Op Fl afgknqtvxACNPTX246 .Op Fl c Ar cipher_spec .Op Fl e Ar escape_char .Op Fl i Ar identity_file @@ -332,7 +332,9 @@ host key is not known or has changed. .Bl -tag -width Ds .It Fl a Disables forwarding of the authentication agent connection. -This may also be specified on a per-host basis in the configuration file. +.It Fl A +Enables forwarding of the authentication agent connection. +This can also be specified on a per-host basis in a configuration file. .It Fl c Ar blowfish|3des Selects the cipher to use for encrypting the session. .Ar 3des @@ -416,6 +418,10 @@ program will be put in the background. needs to ask for a password or passphrase; see also the .Fl f option.) +.It Fl N +Do not execute a remote command. +This is usefull if you just want to forward ports +(protocol version 2 only). .It Fl o Ar option Can be used to give options in the format used in the config file. This is useful for specifying options for which there is no separate @@ -442,6 +448,8 @@ Force pseudo-tty allocation. This can be used to execute arbitrary screen-based programs on a remote machine, which can be very useful, e.g., when implementing menu services. +.It Fl T +Disable pseudo-tty allocation (protocol version 2 only). .It Fl v Verbose mode. Causes @@ -454,9 +462,9 @@ The verbose mode is also used to display challenges, if the user entered "s/key" as password. .It Fl x Disables X11 forwarding. -This can also be specified on a per-host basis in a configuration file. .It Fl X Enables X11 forwarding. +This can also be specified on a per-host basis in a configuration file. .It Fl C Requests compression of all data (including stdin, stdout, stderr, and data for forwarded X11 and TCP/IP connections). @@ -665,6 +673,8 @@ The argument must be .Dq yes or .Dq no . +The default is +.Dq no . .It Cm ForwardX11 Specifies whether X11 connections will be automatically redirected over the secure channel and diff --git a/crypto/openssh/ssh.c b/crypto/openssh/ssh.c index 0ab3f9f..f343b41 100644 --- a/crypto/openssh/ssh.c +++ b/crypto/openssh/ssh.c @@ -11,7 +11,7 @@ */ #include "includes.h" -RCSID("$Id: ssh.c,v 1.51 2000/05/08 17:12:15 markus Exp $"); +RCSID("$Id: ssh.c,v 1.54 2000/05/30 17:32:06 markus Exp $"); #include #include @@ -108,10 +108,12 @@ usage() fprintf(stderr, "Options:\n"); fprintf(stderr, " -l user Log in using this user name.\n"); fprintf(stderr, " -n Redirect input from /dev/null.\n"); + fprintf(stderr, " -A Enable authentication agent forwarding.\n"); fprintf(stderr, " -a Disable authentication agent forwarding.\n"); #ifdef AFS fprintf(stderr, " -k Disable Kerberos ticket and AFS token forwarding.\n"); #endif /* AFS */ + fprintf(stderr, " -X Enable X11 connection forwarding.\n"); fprintf(stderr, " -x Disable X11 connection forwarding.\n"); fprintf(stderr, " -i file Identity for RSA authentication (default: ~/.ssh/identity).\n"); fprintf(stderr, " -t Tty; allocate a tty even if command is given.\n"); @@ -306,6 +308,9 @@ main(int ac, char **av) case 'a': options.forward_agent = 0; break; + case 'A': + options.forward_agent = 1; + break; #ifdef AFS case 'k': options.kerberos_tgt_passing = 0; @@ -422,7 +427,7 @@ main(int ac, char **av) if (!host) usage(); - OpenSSL_add_all_algorithms(); + SSLeay_add_all_algorithms(); /* Initialize the command to execute on remote host. */ buffer_init(&command); -- cgit v1.1