upstream: Remove support for loading HostBasedAuthentication keys
directly in ssh(1) and always use ssh-keysign. This removes one of the few remaining reasons why ssh(1) might be setuid. ok markus@ OpenBSD-Commit-ID: 97f01e1448707129a20d75f86bad5d27c3cf0b7d
This commit is contained in:
parent
3eb7f1038d
commit
26efc2f5df
35
ssh.c
35
ssh.c
|
@ -1,4 +1,4 @@
|
||||||
/* $OpenBSD: ssh.c,v 1.484 2018/07/16 07:06:50 djm Exp $ */
|
/* $OpenBSD: ssh.c,v 1.485 2018/07/16 11:05:41 dtucker Exp $ */
|
||||||
/*
|
/*
|
||||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||||
|
@ -1411,16 +1411,12 @@ main(int ac, char **av)
|
||||||
debug3("timeout: %d ms remain after connect", timeout_ms);
|
debug3("timeout: %d ms remain after connect", timeout_ms);
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* If we successfully made the connection, load the host private key
|
* If we successfully made the connection and we have hostbased auth
|
||||||
* in case we will need it later for hostbased
|
* enabled, load the public keys so we can later use the ssh-keysign
|
||||||
* authentication. This must be done before releasing extra
|
* helper to sign challenges.
|
||||||
* privileges, because the file is only readable by root.
|
|
||||||
* If we cannot access the private keys, load the public keys
|
|
||||||
* instead and try to execute the ssh-keysign helper instead.
|
|
||||||
*/
|
*/
|
||||||
sensitive_data.nkeys = 0;
|
sensitive_data.nkeys = 0;
|
||||||
sensitive_data.keys = NULL;
|
sensitive_data.keys = NULL;
|
||||||
sensitive_data.external_keysign = 0;
|
|
||||||
if (options.hostbased_authentication) {
|
if (options.hostbased_authentication) {
|
||||||
sensitive_data.nkeys = 11;
|
sensitive_data.nkeys = 11;
|
||||||
sensitive_data.keys = xcalloc(sensitive_data.nkeys,
|
sensitive_data.keys = xcalloc(sensitive_data.nkeys,
|
||||||
|
@ -1439,27 +1435,7 @@ main(int ac, char **av)
|
||||||
#define L_CERT(p,o) \
|
#define L_CERT(p,o) \
|
||||||
check_load(sshkey_load_cert(p, &(sensitive_data.keys[o])), p, "cert")
|
check_load(sshkey_load_cert(p, &(sensitive_data.keys[o])), p, "cert")
|
||||||
|
|
||||||
PRIV_START;
|
if (options.hostbased_authentication == 1) {
|
||||||
L_KEYCERT(KEY_ECDSA, _PATH_HOST_ECDSA_KEY_FILE, 1);
|
|
||||||
L_KEYCERT(KEY_ED25519, _PATH_HOST_ED25519_KEY_FILE, 2);
|
|
||||||
L_KEYCERT(KEY_RSA, _PATH_HOST_RSA_KEY_FILE, 3);
|
|
||||||
L_KEYCERT(KEY_DSA, _PATH_HOST_DSA_KEY_FILE, 4);
|
|
||||||
L_KEY(KEY_ECDSA, _PATH_HOST_ECDSA_KEY_FILE, 5);
|
|
||||||
L_KEY(KEY_ED25519, _PATH_HOST_ED25519_KEY_FILE, 6);
|
|
||||||
L_KEY(KEY_RSA, _PATH_HOST_RSA_KEY_FILE, 7);
|
|
||||||
L_KEY(KEY_DSA, _PATH_HOST_DSA_KEY_FILE, 8);
|
|
||||||
L_KEYCERT(KEY_XMSS, _PATH_HOST_XMSS_KEY_FILE, 9);
|
|
||||||
L_KEY(KEY_XMSS, _PATH_HOST_XMSS_KEY_FILE, 10);
|
|
||||||
PRIV_END;
|
|
||||||
|
|
||||||
if (options.hostbased_authentication == 1 &&
|
|
||||||
sensitive_data.keys[0] == NULL &&
|
|
||||||
sensitive_data.keys[5] == NULL &&
|
|
||||||
sensitive_data.keys[6] == NULL &&
|
|
||||||
sensitive_data.keys[7] == NULL &&
|
|
||||||
sensitive_data.keys[8] == NULL &&
|
|
||||||
sensitive_data.keys[9] == NULL &&
|
|
||||||
sensitive_data.keys[10] == NULL) {
|
|
||||||
L_CERT(_PATH_HOST_ECDSA_KEY_FILE, 1);
|
L_CERT(_PATH_HOST_ECDSA_KEY_FILE, 1);
|
||||||
L_CERT(_PATH_HOST_ED25519_KEY_FILE, 2);
|
L_CERT(_PATH_HOST_ED25519_KEY_FILE, 2);
|
||||||
L_CERT(_PATH_HOST_RSA_KEY_FILE, 3);
|
L_CERT(_PATH_HOST_RSA_KEY_FILE, 3);
|
||||||
|
@ -1470,7 +1446,6 @@ main(int ac, char **av)
|
||||||
L_PUBKEY(_PATH_HOST_DSA_KEY_FILE, 8);
|
L_PUBKEY(_PATH_HOST_DSA_KEY_FILE, 8);
|
||||||
L_CERT(_PATH_HOST_XMSS_KEY_FILE, 9);
|
L_CERT(_PATH_HOST_XMSS_KEY_FILE, 9);
|
||||||
L_PUBKEY(_PATH_HOST_XMSS_KEY_FILE, 10);
|
L_PUBKEY(_PATH_HOST_XMSS_KEY_FILE, 10);
|
||||||
sensitive_data.external_keysign = 1;
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
/*
|
/*
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
/* $OpenBSD: sshconnect.h,v 1.32 2018/02/10 09:25:35 djm Exp $ */
|
/* $OpenBSD: sshconnect.h,v 1.33 2018/07/16 11:05:41 dtucker Exp $ */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
||||||
|
@ -28,7 +28,6 @@ typedef struct Sensitive Sensitive;
|
||||||
struct Sensitive {
|
struct Sensitive {
|
||||||
struct sshkey **keys;
|
struct sshkey **keys;
|
||||||
int nkeys;
|
int nkeys;
|
||||||
int external_keysign;
|
|
||||||
};
|
};
|
||||||
|
|
||||||
struct addrinfo;
|
struct addrinfo;
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
/* $OpenBSD: sshconnect2.c,v 1.280 2018/07/11 18:55:11 markus Exp $ */
|
/* $OpenBSD: sshconnect2.c,v 1.281 2018/07/16 11:05:41 dtucker Exp $ */
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
||||||
* Copyright (c) 2008 Damien Miller. All rights reserved.
|
* Copyright (c) 2008 Damien Miller. All rights reserved.
|
||||||
|
@ -1990,12 +1990,8 @@ userauth_hostbased(Authctxt *authctxt)
|
||||||
#ifdef DEBUG_PK
|
#ifdef DEBUG_PK
|
||||||
sshbuf_dump(b, stderr);
|
sshbuf_dump(b, stderr);
|
||||||
#endif
|
#endif
|
||||||
if (authctxt->sensitive->external_keysign)
|
|
||||||
r = ssh_keysign(private, &sig, &siglen,
|
r = ssh_keysign(private, &sig, &siglen,
|
||||||
sshbuf_ptr(b), sshbuf_len(b));
|
sshbuf_ptr(b), sshbuf_len(b));
|
||||||
else if ((r = sshkey_sign(private, &sig, &siglen,
|
|
||||||
sshbuf_ptr(b), sshbuf_len(b), NULL, datafellows)) != 0)
|
|
||||||
debug("%s: sshkey_sign: %s", __func__, ssh_err(r));
|
|
||||||
if (r != 0) {
|
if (r != 0) {
|
||||||
error("sign using hostkey %s %s failed",
|
error("sign using hostkey %s %s failed",
|
||||||
sshkey_ssh_name(private), fp);
|
sshkey_ssh_name(private), fp);
|
||||||
|
|
Loading…
Reference in New Issue