Sync remaining ChallengeResponse removal.
These were omitted from commit 88868fd131.
This commit is contained in:
Darren Tucker
parent
2c9e4b319f
commit
53237ac789
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: auth2-kbdint.c,v 1.12 2020/10/18 11:32:01 djm Exp $ */
|
||||
/* $OpenBSD: auth2-kbdint.c,v 1.13 2021/07/02 05:11:20 dtucker Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
||||
*
|
||||
|
|
@ -56,7 +56,7 @@ userauth_kbdint(struct ssh *ssh)
|
|||
|
||||
debug("keyboard-interactive devs %s", devs);
|
||||
|
||||
if (options.challenge_response_authentication)
|
||||
if (options.kbd_interactive_authentication)
|
||||
authenticated = auth2_challenge(ssh, devs);
|
||||
|
||||
free(devs);
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: monitor.c,v 1.226 2021/04/30 04:02:52 dtucker Exp $ */
|
||||
/* $OpenBSD: monitor.c,v 1.227 2021/07/02 05:11:20 dtucker Exp $ */
|
||||
/*
|
||||
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
|
||||
* Copyright 2002 Markus Friedl <markus@openbsd.org>
|
||||
|
|
@ -962,7 +962,7 @@ mm_answer_bsdauthrespond(struct ssh *ssh, int sock, struct sshbuf *m)
|
|||
|
||||
if ((r = sshbuf_get_cstring(m, &response, NULL)) != 0)
|
||||
fatal_fr(r, "parse");
|
||||
authok = options.challenge_response_authentication &&
|
||||
authok = options.kbd_interactive_authentication &&
|
||||
auth_userresponse(authctxt->as, response, 0);
|
||||
authctxt->as = NULL;
|
||||
debug3_f("<%s> = <%d>", response, authok);
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: readconf.h,v 1.140 2021/02/15 20:43:15 markus Exp $ */
|
||||
/* $OpenBSD: readconf.h,v 1.141 2021/07/02 05:11:21 dtucker Exp $ */
|
||||
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
|
|
@ -38,8 +38,6 @@ typedef struct {
|
|||
struct ForwardOptions fwd_opts; /* forwarding options */
|
||||
int pubkey_authentication; /* Try ssh2 pubkey authentication. */
|
||||
int hostbased_authentication; /* ssh2's rhosts_rsa */
|
||||
int challenge_response_authentication;
|
||||
/* Try S/Key or TIS, authentication. */
|
||||
int gss_authentication; /* Try GSS authentication */
|
||||
int gss_deleg_creds; /* Delegate GSS credentials */
|
||||
int password_authentication; /* Try password
|
||||
|
|
|
|||
5
scp.1
5
scp.1
|
|
@ -8,9 +8,9 @@
|
|||
.\"
|
||||
.\" Created: Sun May 7 00:14:37 1995 ylo
|
||||
.\"
|
||||
.\" $OpenBSD: scp.1,v 1.95 2021/01/26 15:40:17 naddy Exp $
|
||||
.\" $OpenBSD: scp.1,v 1.96 2021/07/02 05:11:21 dtucker Exp $
|
||||
.\"
|
||||
.Dd $Mdocdate: January 26 2021 $
|
||||
.Dd $Mdocdate: July 2 2021 $
|
||||
.Dt SCP 1
|
||||
.Os
|
||||
.Sh NAME
|
||||
|
|
@ -158,7 +158,6 @@ For full details of the options listed below, and their possible values, see
|
|||
.It CanonicalizePermittedCNAMEs
|
||||
.It CASignatureAlgorithms
|
||||
.It CertificateFile
|
||||
.It ChallengeResponseAuthentication
|
||||
.It CheckHostIP
|
||||
.It Ciphers
|
||||
.It Compression
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: servconf.h,v 1.154 2021/04/03 06:18:40 djm Exp $ */
|
||||
/* $OpenBSD: servconf.h,v 1.155 2021/07/02 05:11:21 dtucker Exp $ */
|
||||
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
|
|
@ -146,7 +146,6 @@ typedef struct {
|
|||
int password_authentication; /* If true, permit password
|
||||
* authentication. */
|
||||
int kbd_interactive_authentication; /* If true, permit */
|
||||
int challenge_response_authentication;
|
||||
int permit_empty_passwd; /* If false, do not permit empty
|
||||
* passwords. */
|
||||
int permit_user_env; /* If true, read ~/.ssh/environment */
|
||||
|
|
|
|||
5
sftp.1
5
sftp.1
|
|
@ -1,4 +1,4 @@
|
|||
.\" $OpenBSD: sftp.1,v 1.137 2021/02/12 03:49:09 djm Exp $
|
||||
.\" $OpenBSD: sftp.1,v 1.138 2021/07/02 05:11:21 dtucker Exp $
|
||||
.\"
|
||||
.\" Copyright (c) 2001 Damien Miller. All rights reserved.
|
||||
.\"
|
||||
|
|
@ -22,7 +22,7 @@
|
|||
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
.\"
|
||||
.Dd $Mdocdate: February 12 2021 $
|
||||
.Dd $Mdocdate: July 2 2021 $
|
||||
.Dt SFTP 1
|
||||
.Os
|
||||
.Sh NAME
|
||||
|
|
@ -232,7 +232,6 @@ For full details of the options listed below, and their possible values, see
|
|||
.It CanonicalizePermittedCNAMEs
|
||||
.It CASignatureAlgorithms
|
||||
.It CertificateFile
|
||||
.It ChallengeResponseAuthentication
|
||||
.It CheckHostIP
|
||||
.It Ciphers
|
||||
.It Compression
|
||||
|
|
|
|||
13
ssh.1
13
ssh.1
|
|
@ -33,8 +33,8 @@
|
|||
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $OpenBSD: ssh.1,v 1.420 2021/06/25 06:20:39 dtucker Exp $
|
||||
.Dd $Mdocdate: June 25 2021 $
|
||||
.\" $OpenBSD: ssh.1,v 1.421 2021/07/02 05:11:21 dtucker Exp $
|
||||
.Dd $Mdocdate: July 2 2021 $
|
||||
.Dt SSH 1
|
||||
.Os
|
||||
.Sh NAME
|
||||
|
|
@ -485,7 +485,6 @@ For full details of the options listed below, and their possible values, see
|
|||
.It CanonicalizePermittedCNAMEs
|
||||
.It CASignatureAlgorithms
|
||||
.It CertificateFile
|
||||
.It ChallengeResponseAuthentication
|
||||
.It CheckHostIP
|
||||
.It Ciphers
|
||||
.It ClearAllForwardings
|
||||
|
|
@ -833,7 +832,7 @@ The methods available for authentication are:
|
|||
GSSAPI-based authentication,
|
||||
host-based authentication,
|
||||
public key authentication,
|
||||
challenge-response authentication,
|
||||
keyboard-interactive authentication,
|
||||
and password authentication.
|
||||
Authentication methods are tried in the order specified above,
|
||||
though
|
||||
|
|
@ -971,11 +970,11 @@ directive in
|
|||
.Xr ssh_config 5
|
||||
for more information.
|
||||
.Pp
|
||||
Challenge-response authentication works as follows:
|
||||
Keyboard-interactive authentication works as follows:
|
||||
The server sends an arbitrary
|
||||
.Qq challenge
|
||||
text, and prompts for a response.
|
||||
Examples of challenge-response authentication include
|
||||
text and prompts for a response, possibly multiple times.
|
||||
Examples of keyboard-interactive authentication include
|
||||
.Bx
|
||||
Authentication (see
|
||||
.Xr login.conf 5 )
|
||||
|
|
|
|||
13
ssh_config.5
13
ssh_config.5
|
|
@ -33,8 +33,8 @@
|
|||
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $OpenBSD: ssh_config.5,v 1.354 2021/06/04 05:10:03 djm Exp $
|
||||
.Dd $Mdocdate: June 4 2021 $
|
||||
.\" $OpenBSD: ssh_config.5,v 1.355 2021/07/02 05:11:21 dtucker Exp $
|
||||
.Dd $Mdocdate: July 2 2021 $
|
||||
.Dt SSH_CONFIG 5
|
||||
.Os
|
||||
.Sh NAME
|
||||
|
|
@ -412,13 +412,6 @@ Multiple
|
|||
.Cm CertificateFile
|
||||
directives will add to the list of certificates used for
|
||||
authentication.
|
||||
.It Cm ChallengeResponseAuthentication
|
||||
Specifies whether to use challenge-response authentication.
|
||||
The argument to this keyword must be
|
||||
.Cm yes
|
||||
(the default)
|
||||
or
|
||||
.Cm no .
|
||||
.It Cm CheckHostIP
|
||||
If set to
|
||||
.Cm yes
|
||||
|
|
@ -1085,6 +1078,8 @@ The argument to this keyword must be
|
|||
(the default)
|
||||
or
|
||||
.Cm no .
|
||||
.Cm ChallengeResponseAuthentication
|
||||
is a deprecated alias for this.
|
||||
.It Cm KbdInteractiveDevices
|
||||
Specifies the list of methods to use in keyboard-interactive authentication.
|
||||
Multiple method names must be comma-separated.
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: sshconnect.c,v 1.354 2021/06/25 06:20:39 dtucker Exp $ */
|
||||
/* $OpenBSD: sshconnect.c,v 1.355 2021/07/02 05:11:21 dtucker Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
|
|
@ -1298,13 +1298,6 @@ check_host_key(char *hostname, const struct ssh_conn_info *cinfo,
|
|||
error("Keyboard-interactive authentication is disabled"
|
||||
" to avoid man-in-the-middle attacks.");
|
||||
options.kbd_interactive_authentication = 0;
|
||||
options.challenge_response_authentication = 0;
|
||||
cancelled_forwarding = 1;
|
||||
}
|
||||
if (options.challenge_response_authentication) {
|
||||
error("Challenge/response authentication is disabled"
|
||||
" to avoid man-in-the-middle attacks.");
|
||||
options.challenge_response_authentication = 0;
|
||||
cancelled_forwarding = 1;
|
||||
}
|
||||
if (options.forward_agent) {
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: sshconnect2.c,v 1.349 2021/06/07 03:38:38 djm Exp $ */
|
||||
/* $OpenBSD: sshconnect2.c,v 1.350 2021/07/02 05:11:21 dtucker Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
||||
* Copyright (c) 2008 Damien Miller. All rights reserved.
|
||||
|
|
@ -442,8 +442,6 @@ ssh_userauth2(struct ssh *ssh, const char *local_user,
|
|||
Authctxt authctxt;
|
||||
int r;
|
||||
|
||||
if (options.challenge_response_authentication)
|
||||
options.kbd_interactive_authentication = 1;
|
||||
if (options.preferred_authentications == NULL)
|
||||
options.preferred_authentications = authmethods_get();
|
||||
|
||||
|
|
|
|||
6
sshd.c
6
sshd.c
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: sshd.c,v 1.576 2021/06/10 03:14:14 dtucker Exp $ */
|
||||
/* $OpenBSD: sshd.c,v 1.577 2021/07/02 05:11:21 dtucker Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
|
|
@ -1753,10 +1753,6 @@ main(int ac, char **av)
|
|||
/* Fill in default values for those options not explicitly set. */
|
||||
fill_default_server_options(&options);
|
||||
|
||||
/* challenge-response is implemented via keyboard interactive */
|
||||
if (options.challenge_response_authentication)
|
||||
options.kbd_interactive_authentication = 1;
|
||||
|
||||
/* Check that options are sensible */
|
||||
if (options.authorized_keys_command_user == NULL &&
|
||||
(options.authorized_keys_command != NULL &&
|
||||
|
|
|
|||
Loading…
Reference in New Issue