[openssh-commits] [openssh] 01/03: upstream: Remove support for loading HostBasedAuthentication keys
git+noreply at mindrot.org
git+noreply at mindrot.org
Thu Jul 19 21:41:49 AEST 2018
This is an automated email from the git hooks/post-receive script.
djm pushed a commit to branch master
in repository openssh.
commit 26efc2f5df0e3bcf6a6bbdd0506fd682d60c2145
Author: dtucker at openbsd.org <dtucker at openbsd.org>
Date: Mon Jul 16 11:05:41 2018 +0000
upstream: Remove support for loading HostBasedAuthentication keys
directly in ssh(1) and always use ssh-keysign. This removes one of the few
remaining reasons why ssh(1) might be setuid. ok markus@
OpenBSD-Commit-ID: 97f01e1448707129a20d75f86bad5d27c3cf0b7d
---
ssh.c | 35 +++++------------------------------
sshconnect.h | 3 +--
sshconnect2.c | 10 +++-------
3 files changed, 9 insertions(+), 39 deletions(-)
diff --git a/ssh.c b/ssh.c
index 3367e913..33d7ea2b 100644
--- a/ssh.c
+++ b/ssh.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh.c,v 1.484 2018/07/16 07:06:50 djm Exp $ */
+/* $OpenBSD: ssh.c,v 1.485 2018/07/16 11:05:41 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -1411,16 +1411,12 @@ main(int ac, char **av)
debug3("timeout: %d ms remain after connect", timeout_ms);
/*
- * If we successfully made the connection, load the host private key
- * in case we will need it later for hostbased
- * authentication. This must be done before releasing extra
- * privileges, because the file is only readable by root.
- * If we cannot access the private keys, load the public keys
- * instead and try to execute the ssh-keysign helper instead.
+ * If we successfully made the connection and we have hostbased auth
+ * enabled, load the public keys so we can later use the ssh-keysign
+ * helper to sign challenges.
*/
sensitive_data.nkeys = 0;
sensitive_data.keys = NULL;
- sensitive_data.external_keysign = 0;
if (options.hostbased_authentication) {
sensitive_data.nkeys = 11;
sensitive_data.keys = xcalloc(sensitive_data.nkeys,
@@ -1439,27 +1435,7 @@ main(int ac, char **av)
#define L_CERT(p,o) \
check_load(sshkey_load_cert(p, &(sensitive_data.keys[o])), p, "cert")
- PRIV_START;
- L_KEYCERT(KEY_ECDSA, _PATH_HOST_ECDSA_KEY_FILE, 1);
- L_KEYCERT(KEY_ED25519, _PATH_HOST_ED25519_KEY_FILE, 2);
- L_KEYCERT(KEY_RSA, _PATH_HOST_RSA_KEY_FILE, 3);
- L_KEYCERT(KEY_DSA, _PATH_HOST_DSA_KEY_FILE, 4);
- L_KEY(KEY_ECDSA, _PATH_HOST_ECDSA_KEY_FILE, 5);
- L_KEY(KEY_ED25519, _PATH_HOST_ED25519_KEY_FILE, 6);
- L_KEY(KEY_RSA, _PATH_HOST_RSA_KEY_FILE, 7);
- L_KEY(KEY_DSA, _PATH_HOST_DSA_KEY_FILE, 8);
- L_KEYCERT(KEY_XMSS, _PATH_HOST_XMSS_KEY_FILE, 9);
- L_KEY(KEY_XMSS, _PATH_HOST_XMSS_KEY_FILE, 10);
- PRIV_END;
-
- if (options.hostbased_authentication == 1 &&
- sensitive_data.keys[0] == NULL &&
- sensitive_data.keys[5] == NULL &&
- sensitive_data.keys[6] == NULL &&
- sensitive_data.keys[7] == NULL &&
- sensitive_data.keys[8] == NULL &&
- sensitive_data.keys[9] == NULL &&
- sensitive_data.keys[10] == NULL) {
+ if (options.hostbased_authentication == 1) {
L_CERT(_PATH_HOST_ECDSA_KEY_FILE, 1);
L_CERT(_PATH_HOST_ED25519_KEY_FILE, 2);
L_CERT(_PATH_HOST_RSA_KEY_FILE, 3);
@@ -1470,7 +1446,6 @@ main(int ac, char **av)
L_PUBKEY(_PATH_HOST_DSA_KEY_FILE, 8);
L_CERT(_PATH_HOST_XMSS_KEY_FILE, 9);
L_PUBKEY(_PATH_HOST_XMSS_KEY_FILE, 10);
- sensitive_data.external_keysign = 1;
}
}
/*
diff --git a/sshconnect.h b/sshconnect.h
index dd648b09..6bba62ad 100644
--- a/sshconnect.h
+++ b/sshconnect.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect.h,v 1.32 2018/02/10 09:25:35 djm Exp $ */
+/* $OpenBSD: sshconnect.h,v 1.33 2018/07/16 11:05:41 dtucker Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
@@ -28,7 +28,6 @@ typedef struct Sensitive Sensitive;
struct Sensitive {
struct sshkey **keys;
int nkeys;
- int external_keysign;
};
struct addrinfo;
diff --git a/sshconnect2.c b/sshconnect2.c
index fb90e8af..7b0e18f2 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect2.c,v 1.280 2018/07/11 18:55:11 markus Exp $ */
+/* $OpenBSD: sshconnect2.c,v 1.281 2018/07/16 11:05:41 dtucker Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
* Copyright (c) 2008 Damien Miller. All rights reserved.
@@ -1990,12 +1990,8 @@ userauth_hostbased(Authctxt *authctxt)
#ifdef DEBUG_PK
sshbuf_dump(b, stderr);
#endif
- if (authctxt->sensitive->external_keysign)
- r = ssh_keysign(private, &sig, &siglen,
- sshbuf_ptr(b), sshbuf_len(b));
- else if ((r = sshkey_sign(private, &sig, &siglen,
- sshbuf_ptr(b), sshbuf_len(b), NULL, datafellows)) != 0)
- debug("%s: sshkey_sign: %s", __func__, ssh_err(r));
+ r = ssh_keysign(private, &sig, &siglen,
+ sshbuf_ptr(b), sshbuf_len(b));
if (r != 0) {
error("sign using hostkey %s %s failed",
sshkey_ssh_name(private), fp);
--
To stop receiving notification emails like this one, please contact
djm at mindrot.org.
More information about the openssh-commits
mailing list