20001203

- (bal) OpenBSD CVS updates:
  - markus@cvs.openbsd.org 2000/11/30 22:54:31
    [channels.c]
    debug->warn if tried to do -R style fwd w/o client requesting this;
    ok neils@
  - markus@cvs.openbsd.org 2000/11/29 20:39:17
    [cipher.c]
    des_cbc_encrypt -> des_ncbc_encrypt since it already updates the IV
  - markus@cvs.openbsd.org 2000/11/30 18:33:05
    [ssh-agent.c]
    agents must not dump core, ok niels@
  - markus@cvs.openbsd.org 2000/11/30 07:04:02
    [ssh.1]
    T is for both protocols
  - markus@cvs.openbsd.org 2000/12/01 00:00:51
    [ssh.1]
    typo; from green@FreeBSD.org
  - markus@cvs.openbsd.org 2000/11/30 07:02:35
    [ssh.c]
    check -T before isatty()
  - provos@cvs.openbsd.org 2000/11/29 13:51:27
    [sshconnect.c]
    show IP address and hostname when new key is encountered. okay markus@
  - markus@cvs.openbsd.org 2000/11/30 22:53:35
    [sshconnect.c]
    disable agent/x11/port fwding if hostkey has changed; ok niels@
  - marksu@cvs.openbsd.org 2000/11/29 21:11:59
    [sshd.c]
    sshd -D, startup w/o deamon(), for monitoring scripts or inittab;
    from handler@sub-rosa.com and eric@urbanrange.com; ok niels@

ChangeLog

@@ -1,3 +1,35 @@
+20001203
+- (bal) OpenBSD CVS updates:
+  - markus@cvs.openbsd.org 2000/11/30 22:54:31
+    [channels.c]
+    debug->warn if tried to do -R style fwd w/o client requesting this; 
+    ok neils@
+  - markus@cvs.openbsd.org 2000/11/29 20:39:17
+    [cipher.c]
+    des_cbc_encrypt -> des_ncbc_encrypt since it already updates the IV
+  - markus@cvs.openbsd.org 2000/11/30 18:33:05
+    [ssh-agent.c]
+    agents must not dump core, ok niels@
+  - markus@cvs.openbsd.org 2000/11/30 07:04:02 
+    [ssh.1]
+    T is for both protocols
+  - markus@cvs.openbsd.org 2000/12/01 00:00:51
+    [ssh.1]
+    typo; from green@FreeBSD.org
+  - markus@cvs.openbsd.org 2000/11/30 07:02:35
+    [ssh.c]
+    check -T before isatty()
+  - provos@cvs.openbsd.org 2000/11/29 13:51:27
+    [sshconnect.c]
+    show IP address and hostname when new key is encountered. okay markus@ 
+  - markus@cvs.openbsd.org 2000/11/30 22:53:35
+    [sshconnect.c]
+    disable agent/x11/port fwding if hostkey has changed; ok niels@
+  - marksu@cvs.openbsd.org 2000/11/29 21:11:59
+    [sshd.c]
+    sshd -D, startup w/o deamon(), for monitoring scripts or inittab;
+    from handler@sub-rosa.com and eric@urbanrange.com; ok niels@
+
 20001202
  - (bal) Backed out of part of Alain St-Denis' loginrec.c patch.
  - (bal) Irix need some sort of mansubdir, patch by Michael Stone 

TODO

@@ -2,6 +2,8 @@ Programming:
 - Replacement for setproctitle() - HP/UX support only currently
 
 - Improve PAM support (a pam_lastlog module will cause sshd to exit)
+  and maybe support alternate forms of authenications like OPIE via
+  pam?
 
 - Complete Tru64 SIA support
 

channels.c

@@ -40,7 +40,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: channels.c,v 1.73 2000/11/06 23:04:55 markus Exp $");
+RCSID("$OpenBSD: channels.c,v 1.74 2000/11/30 22:54:31 markus Exp $");
 
 #include "ssh.h"
 #include "packet.h"
@@ -1729,7 +1729,8 @@ channel_connect_by_listen_adress(u_short listen_port)
 			return channel_connect_to(
 			    permitted_opens[i].host_to_connect,
 			    permitted_opens[i].port_to_connect);
-	debug("channel_connect_by_listen_adress: unknown listen_port %d", listen_port);
+	error("WARNING: Server requests forwarding for unknown listen_port %d",
+	    listen_port);
 	return -1;
 }
 

cipher.c

@@ -35,7 +35,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: cipher.c,v 1.37 2000/10/23 19:31:54 markus Exp $");
+RCSID("$OpenBSD: cipher.c,v 1.38 2000/11/29 20:39:17 markus Exp $");
 
 #include "ssh.h"
 #include "xmalloc.h"
@@ -154,14 +154,9 @@ des3_ssh1_encrypt(CipherContext *cc, u_char *dest, const u_char *src,
 
 	memcpy(&iv1, iv2, 8);
 
-	des_cbc_encrypt(src, dest, len, cc->u.des3.key1, &iv1, DES_ENCRYPT);
-	memcpy(&iv1, dest + len - 8, 8);
-
-	des_cbc_encrypt(dest, dest, len, cc->u.des3.key2, iv2, DES_DECRYPT);
-	memcpy(iv2, &iv1, 8);	/* Note how iv1 == iv2 on entry and exit. */
-
-	des_cbc_encrypt(dest, dest, len, cc->u.des3.key3, iv3, DES_ENCRYPT);
-	memcpy(iv3, dest + len - 8, 8);
+	des_ncbc_encrypt(src,  dest, len, cc->u.des3.key1, &iv1, DES_ENCRYPT);
+	des_ncbc_encrypt(dest, dest, len, cc->u.des3.key2, iv2, DES_DECRYPT);
+	des_ncbc_encrypt(dest, dest, len, cc->u.des3.key3, iv3, DES_ENCRYPT);
 }
 void
 des3_ssh1_decrypt(CipherContext *cc, u_char *dest, const u_char *src,
@@ -173,15 +168,9 @@ des3_ssh1_decrypt(CipherContext *cc, u_char *dest, const u_char *src,
 
 	memcpy(&iv1, iv2, 8);
 
-	des_cbc_encrypt(src, dest, len, cc->u.des3.key3, iv3, DES_DECRYPT);
-	memcpy(iv3, src + len - 8, 8);
-
-	des_cbc_encrypt(dest, dest, len, cc->u.des3.key2, iv2, DES_ENCRYPT);
-	memcpy(iv2, dest + len - 8, 8);
-
-	des_cbc_encrypt(dest, dest, len, cc->u.des3.key1, &iv1, DES_DECRYPT);
-	/* memcpy(&iv1, iv2, 8); */
-	/* Note how iv1 == iv2 on entry and exit. */
+	des_ncbc_encrypt(src,  dest, len, cc->u.des3.key3, iv3, DES_DECRYPT);
+	des_ncbc_encrypt(dest, dest, len, cc->u.des3.key2, iv2, DES_ENCRYPT);
+	des_ncbc_encrypt(dest, dest, len, cc->u.des3.key1, &iv1, DES_DECRYPT);
 }
 
 /* Blowfish */

ssh-agent.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: ssh-agent.c,v 1.40 2000/11/14 23:48:55 markus Exp $	*/
+/*	$OpenBSD: ssh-agent.c,v 1.41 2000/11/30 18:33:05 markus Exp $	*/
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -37,7 +37,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: ssh-agent.c,v 1.40 2000/11/14 23:48:55 markus Exp $");
+RCSID("$OpenBSD: ssh-agent.c,v 1.41 2000/11/30 18:33:05 markus Exp $");
 
 #include "ssh.h"
 #include "rsa.h"
@@ -674,6 +674,7 @@ main(int ac, char **av)
 	fd_set readset, writeset;
 	int sock, c_flag = 0, k_flag = 0, s_flag = 0, ch;
 	struct sockaddr_un sunaddr;
+	struct rlimit rlim;
 	pid_t pid;
 	char *shell, *format, *pidstr, pidstrbuf[1 + 3 * sizeof pid];
 	extern int optind;
@@ -804,6 +805,12 @@ main(int ac, char **av)
 	close(1);
 	close(2);
 
+	/* deny core dumps, since memory contains unencrypted private keys */
+	rlim.rlim_cur = rlim.rlim_max = 0;
+	if (setrlimit(RLIMIT_CORE, &rlim) < 0) {
+		perror("setrlimit rlimit_core failed");
+		cleanup_exit(1);
+	}
 	if (setsid() == -1) {
 		perror("setsid");
 		cleanup_exit(1);

ssh.1

@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh.1,v 1.68 2000/11/12 19:50:38 markus Exp $
+.\" $OpenBSD: ssh.1,v 1.70 2000/12/01 00:00:51 markus Exp $
 .Dd September 25, 1999
 .Dt SSH 1
 .Os
@@ -446,7 +446,7 @@ needs to ask for a password or passphrase; see also the
 option.)
 .It Fl N
 Do not execute a remote command.
-This is usefull if you just want to forward ports
+This is useful if you just want to forward ports
 (protocol version 2 only).
 .It Fl o Ar option
 Can be used to give options in the format used in the config file.
@@ -475,7 +475,7 @@ This can be used to execute arbitrary
 screen-based programs on a remote machine, which can be very useful,
 e.g., when implementing menu services.
 .It Fl T
-Disable pseudo-tty allocation (protocol version 2 only).
+Disable pseudo-tty allocation.
 .It Fl v
 Verbose mode.
 Causes
@@ -1236,7 +1236,7 @@ This version of OpenSSH
 .Bl -bullet
 .It
 has all components of a restrictive nature (i.e., patents, see
-.Xr crypto 3 )
+.Xr ssl 8 )
 directly removed from the source code; any licensed or patented components
 are chosen from
 external libraries.
@@ -1265,4 +1265,4 @@ The support for SSH protocol 2 was written by Markus Friedl.
 .Xr ssh-keygen 1 ,
 .Xr telnet 1 ,
 .Xr sshd 8 ,
-.Xr crypto 3
+.Xr ssl 8

ssh.c

@@ -39,7 +39,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: ssh.c,v 1.74 2000/11/23 21:03:47 markus Exp $");
+RCSID("$OpenBSD: ssh.c,v 1.75 2000/11/30 07:02:35 markus Exp $");
 
 #include <openssl/evp.h>
 #include <openssl/dsa.h>
@@ -526,15 +526,15 @@ main(int ac, char **av)
 	if (buffer_len(&command) == 0)
 		tty_flag = 1;
 
+	/* Force no tty*/
+	if (no_tty_flag)
+		tty_flag = 0;
 	/* Do not allocate a tty if stdin is not a tty. */
 	if (!isatty(fileno(stdin))) {
 		if (tty_flag)
 			fprintf(stderr, "Pseudo-terminal will not be allocated because stdin is not a terminal.\n");
 		tty_flag = 0;
 	}
-	/* force */
-	if (no_tty_flag)
-		tty_flag = 0;
 
 	/* Get user data. */
 	pw = getpwuid(original_real_uid);

sshconnect.c

@@ -13,7 +13,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshconnect.c,v 1.81 2000/11/06 23:16:35 markus Exp $");
+RCSID("$OpenBSD: sshconnect.c,v 1.83 2000/11/30 22:53:35 markus Exp $");
 
 #include <openssl/bn.h>
 #include <openssl/dsa.h>
@@ -508,13 +508,11 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
 	if (options.proxy_command != NULL && options.check_host_ip)
 		options.check_host_ip = 0;
 
-	if (options.check_host_ip) {
-		if (getnameinfo(hostaddr, salen, ntop, sizeof(ntop),
-		    NULL, 0, NI_NUMERICHOST) != 0)
-			fatal("check_host_key: getnameinfo failed");
-		ip = xstrdup(ntop);
-	}
-
+  	if (getnameinfo(hostaddr, salen, ntop, sizeof(ntop),
+  			NULL, 0, NI_NUMERICHOST) != 0)
+  		fatal("check_host_key: getnameinfo failed");
+  	ip = xstrdup(ntop);
+  
 	/*
 	 * Store the host key from the known host file in here so that we can
 	 * compare it with the key for the IP address.
@@ -577,10 +575,10 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
 			char prompt[1024];
 			char *fp = key_fingerprint(host_key);
 			snprintf(prompt, sizeof(prompt),
-			    "The authenticity of host '%.200s' can't be established.\n"
+			    "The authenticity of host '%.200s (%s)' can't be established.\n"
 			    "%s key fingerprint is %s.\n"
 			    "Are you sure you want to continue connecting (yes/no)? ",
-			    host, type, fp);
+			    host, ip, type, fp);
 			if (!read_yes_or_no(prompt, -1))
 				fatal("Aborted by user!\n");
 		}
@@ -647,6 +645,14 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
 			error("Agent forwarding is disabled to avoid trojan horses.");
 			options.forward_agent = 0;
 		}
+		if (options.forward_x11) {
+			error("X11 forwarding is disabled to avoid trojan horses.");
+			options.forward_x11 = 0;
+		}
+	        if (options.num_local_forwards > 0 || options.num_remote_forwards > 0) {
+			error("Port forwarding is disabled to avoid trojan horses.");
+			options.num_local_forwards = options.num_remote_forwards = 0;
+		}
 		/*
 		 * XXX Should permit the user to change to use the new id.
 		 * This could be done by converting the host key to an
@@ -656,8 +662,8 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
 		 */
 		break;
 	}
-	if (options.check_host_ip)
-		xfree(ip);
+
+	xfree(ip);
 }
 
 /*

sshd.c

@@ -40,7 +40,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.134 2000/11/12 19:50:38 markus Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.135 2000/11/29 21:11:59 markus Exp $");
 
 #include "xmalloc.h"
 #include "rsa.h"
@@ -111,6 +111,9 @@ int debug_flag = 0;
 /* Flag indicating that the daemon is being started from inetd. */
 int inetd_flag = 0;
 
+/* Flag indicating that sshd should not detach and become a daemon. */
+int no_daemon_flag = 0;
+
 /* debug goes to stderr unless inetd_flag is set */
 int log_stderr = 0;
 
@@ -583,7 +586,7 @@ main(int ac, char **av)
 	initialize_server_options(&options);
 
 	/* Parse command-line arguments. */
-	while ((opt = getopt(ac, av, "f:p:b:k:h:g:V:u:diqQ46")) != EOF) {
+	while ((opt = getopt(ac, av, "f:p:b:k:h:g:V:u:dDiqQ46")) != EOF) {
 		switch (opt) {
 		case '4':
 			IPv4or6 = AF_INET;
@@ -605,6 +608,9 @@ main(int ac, char **av)
 				exit(1);
 			}
 			break;
+		case 'D':
+			no_daemon_flag = 1;
+			break;
 		case 'i':
 			inetd_flag = 1;
 			break;
@@ -769,7 +775,7 @@ main(int ac, char **av)
 	 * from the controlling terminal, and fork.  The original process
 	 * exits.
 	 */
-	if (!debug_flag && !inetd_flag) {
+	if (!(debug_flag || inetd_flag || no_daemon_flag)) {
 #ifdef TIOCNOTTY
 		int fd;
 #endif /* TIOCNOTTY */