mirror of
https://github.com/PowerShell/openssh-portable.git
synced 2025-07-26 23:34:55 +02:00
- (djm) OpenBSD CVS updates:
- provos@cvs.openbsd.org 2000/11/22 08:38:31 [sshd.8] talk about /etc/primes, okay markus@ - markus@cvs.openbsd.org 2000/11/23 14:03:48 [ssh.c sshconnect1.c sshconnect2.c] complain about invalid ciphers for ssh1/ssh2, fall back to reasonable defaults - markus@cvs.openbsd.org 2000/11/25 09:42:53 [sshconnect1.c] reorder check for illegal ciphers, bugreport from espie@ - markus@cvs.openbsd.org 2000/11/25 10:19:34 [ssh-keygen.c ssh.h] print keytype when generating a key. reasonable defaults for RSA1/RSA/DSA keys.
This commit is contained in:
parent
3f62abaee8
commit
e39cacc579
15
ChangeLog
15
ChangeLog
@ -4,6 +4,21 @@
|
||||
- (djm) Don't fail in defines.h on absence of 64 bit types (we will
|
||||
still fail during compilation of sftp-server).
|
||||
- (djm) Fail if ar is not found during configure
|
||||
- (djm) OpenBSD CVS updates:
|
||||
- provos@cvs.openbsd.org 2000/11/22 08:38:31
|
||||
[sshd.8]
|
||||
talk about /etc/primes, okay markus@
|
||||
- markus@cvs.openbsd.org 2000/11/23 14:03:48
|
||||
[ssh.c sshconnect1.c sshconnect2.c]
|
||||
complain about invalid ciphers for ssh1/ssh2, fall back to reasonable
|
||||
defaults
|
||||
- markus@cvs.openbsd.org 2000/11/25 09:42:53
|
||||
[sshconnect1.c]
|
||||
reorder check for illegal ciphers, bugreport from espie@
|
||||
- markus@cvs.openbsd.org 2000/11/25 10:19:34
|
||||
[ssh-keygen.c ssh.h]
|
||||
print keytype when generating a key.
|
||||
reasonable defaults for RSA1/RSA/DSA keys.
|
||||
|
||||
20001125
|
||||
- (djm) Give up privs when reading seed file
|
||||
|
45
ssh-keygen.c
45
ssh-keygen.c
@ -12,7 +12,7 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: ssh-keygen.c,v 1.34 2000/11/15 20:24:43 millert Exp $");
|
||||
RCSID("$OpenBSD: ssh-keygen.c,v 1.35 2000/11/25 17:19:33 markus Exp $");
|
||||
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/pem.h>
|
||||
@ -67,9 +67,8 @@ int convert_to_ssh2 = 0;
|
||||
int convert_from_ssh2 = 0;
|
||||
int print_public = 0;
|
||||
|
||||
/* key type */
|
||||
int dsa_mode = 0; /* compat */
|
||||
char *key_type_name = NULL;
|
||||
/* default to RSA for SSH-1 */
|
||||
char *key_type_name = "rsa1";
|
||||
|
||||
/* argv0 */
|
||||
#ifdef HAVE___PROGNAME
|
||||
@ -84,9 +83,24 @@ void
|
||||
ask_filename(struct passwd *pw, const char *prompt)
|
||||
{
|
||||
char buf[1024];
|
||||
snprintf(identity_file, sizeof(identity_file), "%s/%s",
|
||||
pw->pw_dir,
|
||||
dsa_mode ? SSH_CLIENT_ID_DSA: SSH_CLIENT_IDENTITY);
|
||||
char *name = NULL;
|
||||
|
||||
switch (key_type_from_name(key_type_name)) {
|
||||
case KEY_RSA1:
|
||||
name = SSH_CLIENT_IDENTITY;
|
||||
break;
|
||||
case KEY_DSA:
|
||||
name = SSH_CLIENT_ID_DSA;
|
||||
break;
|
||||
case KEY_RSA:
|
||||
name = SSH_CLIENT_ID_RSA;
|
||||
break;
|
||||
default:
|
||||
fprintf(stderr, "bad key type");
|
||||
exit(1);
|
||||
break;
|
||||
}
|
||||
snprintf(identity_file, sizeof(identity_file), "%s/%s", pw->pw_dir, name);
|
||||
printf("%s (%s): ", prompt, identity_file);
|
||||
fflush(stdout);
|
||||
if (fgets(buf, sizeof(buf), stdin) == NULL)
|
||||
@ -600,10 +614,9 @@ main(int ac, char **av)
|
||||
{
|
||||
char dotsshdir[16 * 1024], comment[1024], *passphrase1, *passphrase2;
|
||||
struct passwd *pw;
|
||||
int opt;
|
||||
int opt, type;
|
||||
struct stat st;
|
||||
FILE *f;
|
||||
int type = KEY_RSA1;
|
||||
Key *private;
|
||||
Key *public;
|
||||
|
||||
@ -688,12 +701,10 @@ main(int ac, char **av)
|
||||
|
||||
case 'd':
|
||||
key_type_name = "dsa";
|
||||
dsa_mode = 1;
|
||||
break;
|
||||
|
||||
case 't':
|
||||
key_type_name = optarg;
|
||||
dsa_mode = (strcmp(optarg, "dsa") == 0);
|
||||
break;
|
||||
|
||||
case '?':
|
||||
@ -724,15 +735,13 @@ main(int ac, char **av)
|
||||
|
||||
arc4random_stir();
|
||||
|
||||
if (key_type_name != NULL) {
|
||||
type = key_type_from_name(key_type_name);
|
||||
if (type == KEY_UNSPEC) {
|
||||
fprintf(stderr, "unknown key type %s\n", key_type_name);
|
||||
exit(1);
|
||||
}
|
||||
type = key_type_from_name(key_type_name);
|
||||
if (type == KEY_UNSPEC) {
|
||||
fprintf(stderr, "unknown key type %s\n", key_type_name);
|
||||
exit(1);
|
||||
}
|
||||
if (!quiet)
|
||||
printf("Generating public/private key pair.\n");
|
||||
printf("Generating public/private %s key pair.\n", key_type_name);
|
||||
private = key_generate(type, bits);
|
||||
if (private == NULL) {
|
||||
fprintf(stderr, "key_generate failed");
|
||||
|
14
ssh.c
14
ssh.c
@ -39,7 +39,7 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: ssh.c,v 1.73 2000/11/15 19:58:08 markus Exp $");
|
||||
RCSID("$OpenBSD: ssh.c,v 1.74 2000/11/23 21:03:47 markus Exp $");
|
||||
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/dsa.h>
|
||||
@ -427,12 +427,18 @@ main(int ac, char **av)
|
||||
options.cipher = SSH_CIPHER_ILLEGAL;
|
||||
} else {
|
||||
/* SSH1 only */
|
||||
Cipher *c = cipher_by_name(optarg);
|
||||
if (c == NULL || c->number < 0) {
|
||||
options.cipher = cipher_number(optarg);
|
||||
if (options.cipher == -1) {
|
||||
fprintf(stderr, "Unknown cipher type '%s'\n", optarg);
|
||||
exit(1);
|
||||
}
|
||||
options.cipher = c->number;
|
||||
if (options.cipher == SSH_CIPHER_3DES) {
|
||||
options.ciphers = "3des-cbc";
|
||||
} else if (options.cipher == SSH_CIPHER_BLOWFISH) {
|
||||
options.ciphers = "blowfish-cbc";
|
||||
} else {
|
||||
options.ciphers = (char *)-1;
|
||||
}
|
||||
}
|
||||
break;
|
||||
case 'p':
|
||||
|
3
ssh.h
3
ssh.h
@ -12,7 +12,7 @@
|
||||
* called by a name other than "ssh" or "Secure Shell".
|
||||
*/
|
||||
|
||||
/* RCSID("$OpenBSD: ssh.h,v 1.54 2000/10/11 20:27:24 markus Exp $"); */
|
||||
/* RCSID("$OpenBSD: ssh.h,v 1.55 2000/11/25 17:19:33 markus Exp $"); */
|
||||
|
||||
#ifndef SSH_H
|
||||
#define SSH_H
|
||||
@ -144,6 +144,7 @@
|
||||
*/
|
||||
#define SSH_CLIENT_IDENTITY ".ssh/identity"
|
||||
#define SSH_CLIENT_ID_DSA ".ssh/id_dsa"
|
||||
#define SSH_CLIENT_ID_RSA ".ssh/id_rsa"
|
||||
|
||||
/*
|
||||
* Configuration file in user\'s home directory. This file need not be
|
||||
|
@ -13,7 +13,7 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: sshconnect1.c,v 1.9 2000/11/12 19:50:38 markus Exp $");
|
||||
RCSID("$OpenBSD: sshconnect1.c,v 1.11 2000/11/25 16:42:53 markus Exp $");
|
||||
|
||||
#include <openssl/bn.h>
|
||||
#include <openssl/dsa.h>
|
||||
@ -833,13 +833,14 @@ ssh_kex(char *host, struct sockaddr *hostaddr)
|
||||
RSA_free(public_key);
|
||||
RSA_free(host_key);
|
||||
|
||||
if (options.cipher == SSH_CIPHER_ILLEGAL) {
|
||||
if (options.cipher == SSH_CIPHER_NOT_SET) {
|
||||
if (cipher_mask_ssh1(1) & supported_ciphers & (1 << ssh_cipher_default))
|
||||
options.cipher = ssh_cipher_default;
|
||||
} else if (options.cipher == SSH_CIPHER_ILLEGAL ||
|
||||
!(cipher_mask_ssh1(1) & (1 << options.cipher))) {
|
||||
log("No valid SSH1 cipher, using %.100s instead.",
|
||||
cipher_name(ssh_cipher_default));
|
||||
options.cipher = ssh_cipher_default;
|
||||
} else if (options.cipher == SSH_CIPHER_NOT_SET) {
|
||||
if (cipher_mask_ssh1(1) & supported_ciphers & (1 << ssh_cipher_default))
|
||||
options.cipher = ssh_cipher_default;
|
||||
}
|
||||
/* Check that the selected cipher is supported. */
|
||||
if (!(supported_ciphers & (1 << options.cipher)))
|
||||
|
@ -23,7 +23,7 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: sshconnect2.c,v 1.28 2000/11/12 19:50:38 markus Exp $");
|
||||
RCSID("$OpenBSD: sshconnect2.c,v 1.29 2000/11/23 21:03:47 markus Exp $");
|
||||
|
||||
#include <openssl/bn.h>
|
||||
#include <openssl/rsa.h>
|
||||
@ -74,14 +74,9 @@ ssh_kex2(char *host, struct sockaddr *hostaddr)
|
||||
Buffer *client_kexinit, *server_kexinit;
|
||||
char *sprop[PROPOSAL_MAX];
|
||||
|
||||
if (options.ciphers == NULL) {
|
||||
if (options.cipher == SSH_CIPHER_3DES) {
|
||||
options.ciphers = "3des-cbc";
|
||||
} else if (options.cipher == SSH_CIPHER_BLOWFISH) {
|
||||
options.ciphers = "blowfish-cbc";
|
||||
} else if (options.cipher == SSH_CIPHER_DES) {
|
||||
fatal("cipher DES not supported for protocol version 2");
|
||||
}
|
||||
if (options.ciphers == (char *)-1) {
|
||||
log("No valid ciphers for protocol version 2 given, using defaults.");
|
||||
options.ciphers = NULL;
|
||||
}
|
||||
if (options.ciphers != NULL) {
|
||||
myproposal[PROPOSAL_ENC_ALGS_CTOS] =
|
||||
|
4
sshd.8
4
sshd.8
@ -34,7 +34,7 @@
|
||||
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $OpenBSD: sshd.8,v 1.72 2000/11/12 19:50:38 markus Exp $
|
||||
.\" $OpenBSD: sshd.8,v 1.73 2000/11/22 15:38:30 provos Exp $
|
||||
.Dd September 25, 1999
|
||||
.Dt SSHD 8
|
||||
.Os
|
||||
@ -885,6 +885,8 @@ really used for anything; it is only provided for the convenience of
|
||||
the user so its contents can be copied to known hosts files.
|
||||
These two files are created using
|
||||
.Xr ssh-keygen 1 .
|
||||
.It Pa /etc/primes
|
||||
Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange".
|
||||
.It Pa /var/run/sshd.pid
|
||||
Contains the process ID of the
|
||||
.Nm
|
||||
|
Loading…
x
Reference in New Issue
Block a user