- Merged changes from OpenBSD CVS

- [sshd.c] session_key_int may be zero
   - [auth-rh-rsa.c servconf.c servconf.h ssh.h sshd.8 sshd.c sshd_config]
     IgnoreUserKnownHosts(default=no), used for RhostRSAAuth, ok
     deraadt,millert
 - Brought default sshd_config more in line with OpenBSDs

ChangeLog

@@ -1,6 +1,10 @@
 19991112
  - Merged changes from OpenBSD CVS
    - [sshd.c] session_key_int may be zero
+   - [auth-rh-rsa.c servconf.c servconf.h ssh.h sshd.8 sshd.c sshd_config]
+     IgnoreUserKnownHosts(default=no), used for RhostRSAAuth, ok 
+     deraadt,millert
+ - Brought default sshd_config more in line with OpenBSD's
 
 19991111
  - Added (untested) Entropy Gathering Daemon (EGD) support

auth-rh-rsa.c

@@ -15,22 +15,22 @@ authentication.
 */
 
 #include "includes.h"
-RCSID("$Id: auth-rh-rsa.c,v 1.2 1999/11/11 00:43:13 damien Exp $");
+RCSID("$Id: auth-rh-rsa.c,v 1.3 1999/11/12 00:33:04 damien Exp $");
 
 #include "packet.h"
 #include "ssh.h"
 #include "xmalloc.h"
 #include "uidswap.h"
+#include "servconf.h"
 
 /* Tries to authenticate the user using the .rhosts file and the host using
-   its host key.  Returns true if authentication succeeds. 
-   .rhosts and .shosts will be ignored if ignore_rhosts is non-zero. */
+   its host key.  Returns true if authentication succeeds. */
 
 int auth_rhosts_rsa(struct passwd *pw, const char *client_user,
 		    unsigned int client_host_key_bits,
-		    BIGNUM *client_host_key_e, BIGNUM *client_host_key_n,
-		    int ignore_rhosts, int strict_modes)
+		    BIGNUM *client_host_key_e, BIGNUM *client_host_key_n)
 {
+  extern ServerOptions options;
   const char *canonical_hostname;
   HostStatus host_status;
   BIGNUM *ke, *kn;
@@ -38,7 +38,7 @@ int auth_rhosts_rsa(struct passwd *pw, const char *client_user,
   debug("Trying rhosts with RSA host authentication for %.100s", client_user);
 
   /* Check if we would accept it using rhosts authentication. */
-  if (!auth_rhosts(pw, client_user, ignore_rhosts, strict_modes))
+  if (!auth_rhosts(pw, client_user, options.ignore_rhosts, options.strict_modes))
     return 0;
 
   canonical_hostname = get_canonical_hostname();
@@ -53,13 +53,14 @@ int auth_rhosts_rsa(struct passwd *pw, const char *client_user,
   host_status = check_host_in_hostfile(SSH_SYSTEM_HOSTFILE, canonical_hostname,
 				       client_host_key_bits, client_host_key_e,
 				       client_host_key_n, ke, kn);
-  /* Check user host file. */
-  if (host_status != HOST_OK) {
+
+  /* Check user host file unless ignored. */
+  if (host_status != HOST_OK && !options.ignore_user_known_hosts) {
     struct stat st;
     char *user_hostfile = tilde_expand_filename(SSH_USER_HOSTFILE, pw->pw_uid);
     /* Check file permissions of SSH_USER_HOSTFILE,
        auth_rsa() did already check pw->pw_dir, but there is a race XXX */
-    if (strict_modes &&
+    if (options.strict_modes &&
 	(stat(user_hostfile, &st) == 0) &&
 	((st.st_uid != 0 && st.st_uid != pw->pw_uid) ||
 	(st.st_mode & 022) != 0)) {

servconf.c

@@ -12,7 +12,7 @@ Created: Mon Aug 21 15:48:58 1995 ylo
 */
 
 #include "includes.h"
-RCSID("$Id: servconf.c,v 1.2 1999/11/11 06:57:39 damien Exp $");
+RCSID("$Id: servconf.c,v 1.3 1999/11/12 00:33:04 damien Exp $");
 
 #include "ssh.h"
 #include "servconf.h"
@@ -31,6 +31,7 @@ void initialize_server_options(ServerOptions *options)
   options->key_regeneration_time = -1;
   options->permit_root_login = -1;
   options->ignore_rhosts = -1;
+  options->ignore_user_known_hosts = -1;
   options->print_motd = -1;
   options->check_mail = -1;
   options->x11_forwarding = -1;
@@ -88,6 +89,8 @@ void fill_default_server_options(ServerOptions *options)
     options->permit_root_login = 1;		 /* yes */
   if (options->ignore_rhosts == -1)
     options->ignore_rhosts = 0;
+  if (options->ignore_user_known_hosts == -1)
+    options->ignore_user_known_hosts = 0;
   if (options->check_mail == -1)
     options->check_mail = 0;
   if (options->print_motd == -1)
@@ -156,8 +159,8 @@ typedef enum
   sPasswordAuthentication, sListenAddress,
   sPrintMotd, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset,
   sStrictModes, sEmptyPasswd, sRandomSeedFile, sKeepAlives, sCheckMail,
-  sUseLogin, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups
-
+  sUseLogin, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
+  sIgnoreUserKnownHosts
 } ServerOpCodes;
 
 /* Textual representation of the tokens. */
@@ -195,6 +198,7 @@ static struct
   { "listenaddress", sListenAddress },
   { "printmotd", sPrintMotd },
   { "ignorerhosts", sIgnoreRhosts },
+  { "ignoreuserknownhosts", sIgnoreUserKnownHosts },
   { "x11forwarding", sX11Forwarding },
   { "x11displayoffset", sX11DisplayOffset },
   { "strictmodes", sStrictModes },
@@ -402,7 +406,11 @@ void read_server_config(ServerOptions *options, const char *filename)
 	  if (*intptr == -1)
 	    *intptr = value;
 	  break;
-	  
+
+	case sIgnoreUserKnownHosts:
+	  intptr = &options->ignore_user_known_hosts;
+	  goto parse_int;
+
 	case sRhostsAuthentication:
 	  intptr = &options->rhosts_authentication;
 	  goto parse_flag;

servconf.h

@@ -13,7 +13,7 @@ Definitions for server configuration data and for the functions reading it.
 
 */
 
-/* RCSID("$Id: servconf.h,v 1.2 1999/11/11 06:57:40 damien Exp $"); */
+/* RCSID("$Id: servconf.h,v 1.3 1999/11/12 00:33:04 damien Exp $"); */
 
 #ifndef SERVCONF_H
 #define SERVCONF_H
@@ -33,6 +33,7 @@ typedef struct
   int key_regeneration_time;	/* Server key lifetime (seconds). */
   int permit_root_login;	/* If true, permit root login. */
   int ignore_rhosts;		/* Ignore .rhosts and .shosts. */
+  int ignore_user_known_hosts;	/* Ignore ~/.ssh/known_hosts for RhostsRsaAuth */
   int print_motd;		/* If true, print /etc/motd. */
   int check_mail;               /* If true, check for new mail. */
   int x11_forwarding;		/* If true, permit inet (spoofing) X11 fwd. */

ssh.h

@@ -13,7 +13,7 @@ Generic header file for ssh.
 
 */
 
-/* RCSID("$Id: ssh.h,v 1.10 1999/11/11 06:57:40 damien Exp $"); */
+/* RCSID("$Id: ssh.h,v 1.11 1999/11/12 00:33:04 damien Exp $"); */
 
 #ifndef SSH_H
 #define SSH_H
@@ -138,8 +138,8 @@ only by root, whereas ssh_config should be world-readable. */
 #define SSH_AUTHSOCKET_ENV_NAME	"SSH_AUTH_SOCK"
 
 /* Name of the environment variable containing the pathname of the
-	authentication socket. */
-#define SSH_AGENTPID_ENV_NAME  "SSH_AGENT_PID"
+   authentication socket. */
+#define SSH_AGENTPID_ENV_NAME	"SSH_AGENT_PID"
 
 /* Force host key length and server key length to differ by at least this
    many bits.  This is to make double encryption with rsaref work. */
@@ -334,8 +334,7 @@ int auth_rhosts(struct passwd *pw, const char *client_user,
    its host key.  Returns true if authentication succeeds. */
 int auth_rhosts_rsa(struct passwd *pw, const char *client_user,
 		    unsigned int bits, BIGNUM *client_host_key_e,
-		    BIGNUM *client_host_key_n, int ignore_rhosts,
-		    int strict_modes);
+		    BIGNUM *client_host_key_n);
 
 /* Tries to authenticate the user using password.  Returns true if
    authentication succeeds. */

sshd.8

@@ -9,7 +9,7 @@
 .\"
 .\" Created: Sat Apr 22 21:55:14 1995 ylo
 .\"
-.\" $Id: sshd.8,v 1.6 1999/11/11 06:57:40 damien Exp $
+.\" $Id: sshd.8,v 1.7 1999/11/12 00:33:04 damien Exp $
 .\"
 .Dd September 25, 1999
 .Dt SSHD 8
@@ -245,6 +245,15 @@ and
 .Pa /etc/ssh/shosts.equiv 
 are still used.  The default is 
 .Dq no .
+.It Cm IgnoreUserKnownHosts
+Specifies whether
+.Nm
+should ignore the user's
+.Pa $HOME/.ssh/known_hosts
+during
+.Cm RhostsRSAAuthentication .
+The default is
+.Dq no .
 .It Cm KeepAlive
 Specifies whether the system should send keepalive messages to the
 other side.  If they are sent, death of the connection or crash of one

sshd.c

@@ -18,7 +18,7 @@ agent connections.
 */
 
 #include "includes.h"
-RCSID("$Id: sshd.c,v 1.15 1999/11/11 21:49:09 damien Exp $");
+RCSID("$Id: sshd.c,v 1.16 1999/11/12 00:33:04 damien Exp $");
 
 #include "xmalloc.h"
 #include "rsa.h"
@@ -1394,11 +1394,8 @@ do_authentication(char *user, int privileged_port)
 	    packet_integrity_check(plen, (4 + ulen) + 4 + elen + nlen, type);
 	  }
 
-	  /* Try to authenticate using /etc/hosts.equiv and .rhosts. */
 	  if (auth_rhosts_rsa(pw, client_user,
-			      client_host_key_bits, client_host_key_e,
-			      client_host_key_n, options.ignore_rhosts,
-			      options.strict_modes))
+			      client_host_key_bits, client_host_key_e, client_host_key_n))
 	    {
 	      /* Authentication accepted. */
 	      authenticated = 1;

sshd_config

@@ -11,13 +11,13 @@ PermitRootLogin yes
 #
 # Loglevel replaces QuietMode and FascistLogging
 #
+SyslogFacility AUTH
 LogLevel INFO
 
 #
 # Don't read ~/.rhosts and ~/.shosts files
-IgnoreRhosts yes
 StrictModes yes
-X11Forwarding yes
+X11Forwarding no
 X11DisplayOffset 10
 FascistLogging no
 PrintMotd yes
@@ -32,6 +32,16 @@ RhostsAuthentication no
 #
 RhostsRSAAuthentication no
 
+#
+# Don't read ~/.rhosts and ~/.shosts files
+#
+IgnoreRhosts yes
+
+#
+# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
+#
+#IgnoreUserKnownHosts yes
+
 RSAAuthentication yes
 
 # To disable tunneled clear text passwords, change to no here!