- (djm) OpenBSD CVS updates:

- provos@cvs.openbsd.org  2000/11/22 08:38:31
     [sshd.8]
     talk about /etc/primes, okay markus@
   - markus@cvs.openbsd.org  2000/11/23 14:03:48
     [ssh.c sshconnect1.c sshconnect2.c]
     complain about invalid ciphers for ssh1/ssh2, fall back to reasonable
     defaults
   - markus@cvs.openbsd.org  2000/11/25 09:42:53
     [sshconnect1.c]
     reorder check for illegal ciphers, bugreport from espie@
   - markus@cvs.openbsd.org  2000/11/25 10:19:34
     [ssh-keygen.c ssh.h]
     print keytype when generating a key.
     reasonable defaults for RSA1/RSA/DSA keys.
This commit is contained in:
Damien Miller 2000-11-29 12:18:44 +11:00
parent 3f62abaee8
commit e39cacc579
7 changed files with 67 additions and 38 deletions

View File

@ -4,6 +4,21 @@
- (djm) Don't fail in defines.h on absence of 64 bit types (we will
still fail during compilation of sftp-server).
- (djm) Fail if ar is not found during configure
- (djm) OpenBSD CVS updates:
- provos@cvs.openbsd.org 2000/11/22 08:38:31
[sshd.8]
talk about /etc/primes, okay markus@
- markus@cvs.openbsd.org 2000/11/23 14:03:48
[ssh.c sshconnect1.c sshconnect2.c]
complain about invalid ciphers for ssh1/ssh2, fall back to reasonable
defaults
- markus@cvs.openbsd.org 2000/11/25 09:42:53
[sshconnect1.c]
reorder check for illegal ciphers, bugreport from espie@
- markus@cvs.openbsd.org 2000/11/25 10:19:34
[ssh-keygen.c ssh.h]
print keytype when generating a key.
reasonable defaults for RSA1/RSA/DSA keys.
20001125
- (djm) Give up privs when reading seed file

View File

@ -12,7 +12,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: ssh-keygen.c,v 1.34 2000/11/15 20:24:43 millert Exp $");
RCSID("$OpenBSD: ssh-keygen.c,v 1.35 2000/11/25 17:19:33 markus Exp $");
#include <openssl/evp.h>
#include <openssl/pem.h>
@ -67,9 +67,8 @@ int convert_to_ssh2 = 0;
int convert_from_ssh2 = 0;
int print_public = 0;
/* key type */
int dsa_mode = 0; /* compat */
char *key_type_name = NULL;
/* default to RSA for SSH-1 */
char *key_type_name = "rsa1";
/* argv0 */
#ifdef HAVE___PROGNAME
@ -84,9 +83,24 @@ void
ask_filename(struct passwd *pw, const char *prompt)
{
char buf[1024];
snprintf(identity_file, sizeof(identity_file), "%s/%s",
pw->pw_dir,
dsa_mode ? SSH_CLIENT_ID_DSA: SSH_CLIENT_IDENTITY);
char *name = NULL;
switch (key_type_from_name(key_type_name)) {
case KEY_RSA1:
name = SSH_CLIENT_IDENTITY;
break;
case KEY_DSA:
name = SSH_CLIENT_ID_DSA;
break;
case KEY_RSA:
name = SSH_CLIENT_ID_RSA;
break;
default:
fprintf(stderr, "bad key type");
exit(1);
break;
}
snprintf(identity_file, sizeof(identity_file), "%s/%s", pw->pw_dir, name);
printf("%s (%s): ", prompt, identity_file);
fflush(stdout);
if (fgets(buf, sizeof(buf), stdin) == NULL)
@ -600,10 +614,9 @@ main(int ac, char **av)
{
char dotsshdir[16 * 1024], comment[1024], *passphrase1, *passphrase2;
struct passwd *pw;
int opt;
int opt, type;
struct stat st;
FILE *f;
int type = KEY_RSA1;
Key *private;
Key *public;
@ -688,12 +701,10 @@ main(int ac, char **av)
case 'd':
key_type_name = "dsa";
dsa_mode = 1;
break;
case 't':
key_type_name = optarg;
dsa_mode = (strcmp(optarg, "dsa") == 0);
break;
case '?':
@ -724,15 +735,13 @@ main(int ac, char **av)
arc4random_stir();
if (key_type_name != NULL) {
type = key_type_from_name(key_type_name);
if (type == KEY_UNSPEC) {
fprintf(stderr, "unknown key type %s\n", key_type_name);
exit(1);
}
type = key_type_from_name(key_type_name);
if (type == KEY_UNSPEC) {
fprintf(stderr, "unknown key type %s\n", key_type_name);
exit(1);
}
if (!quiet)
printf("Generating public/private key pair.\n");
printf("Generating public/private %s key pair.\n", key_type_name);
private = key_generate(type, bits);
if (private == NULL) {
fprintf(stderr, "key_generate failed");

14
ssh.c
View File

@ -39,7 +39,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: ssh.c,v 1.73 2000/11/15 19:58:08 markus Exp $");
RCSID("$OpenBSD: ssh.c,v 1.74 2000/11/23 21:03:47 markus Exp $");
#include <openssl/evp.h>
#include <openssl/dsa.h>
@ -427,12 +427,18 @@ main(int ac, char **av)
options.cipher = SSH_CIPHER_ILLEGAL;
} else {
/* SSH1 only */
Cipher *c = cipher_by_name(optarg);
if (c == NULL || c->number < 0) {
options.cipher = cipher_number(optarg);
if (options.cipher == -1) {
fprintf(stderr, "Unknown cipher type '%s'\n", optarg);
exit(1);
}
options.cipher = c->number;
if (options.cipher == SSH_CIPHER_3DES) {
options.ciphers = "3des-cbc";
} else if (options.cipher == SSH_CIPHER_BLOWFISH) {
options.ciphers = "blowfish-cbc";
} else {
options.ciphers = (char *)-1;
}
}
break;
case 'p':

3
ssh.h
View File

@ -12,7 +12,7 @@
* called by a name other than "ssh" or "Secure Shell".
*/
/* RCSID("$OpenBSD: ssh.h,v 1.54 2000/10/11 20:27:24 markus Exp $"); */
/* RCSID("$OpenBSD: ssh.h,v 1.55 2000/11/25 17:19:33 markus Exp $"); */
#ifndef SSH_H
#define SSH_H
@ -144,6 +144,7 @@
*/
#define SSH_CLIENT_IDENTITY ".ssh/identity"
#define SSH_CLIENT_ID_DSA ".ssh/id_dsa"
#define SSH_CLIENT_ID_RSA ".ssh/id_rsa"
/*
* Configuration file in user\'s home directory. This file need not be

View File

@ -13,7 +13,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: sshconnect1.c,v 1.9 2000/11/12 19:50:38 markus Exp $");
RCSID("$OpenBSD: sshconnect1.c,v 1.11 2000/11/25 16:42:53 markus Exp $");
#include <openssl/bn.h>
#include <openssl/dsa.h>
@ -833,13 +833,14 @@ ssh_kex(char *host, struct sockaddr *hostaddr)
RSA_free(public_key);
RSA_free(host_key);
if (options.cipher == SSH_CIPHER_ILLEGAL) {
if (options.cipher == SSH_CIPHER_NOT_SET) {
if (cipher_mask_ssh1(1) & supported_ciphers & (1 << ssh_cipher_default))
options.cipher = ssh_cipher_default;
} else if (options.cipher == SSH_CIPHER_ILLEGAL ||
!(cipher_mask_ssh1(1) & (1 << options.cipher))) {
log("No valid SSH1 cipher, using %.100s instead.",
cipher_name(ssh_cipher_default));
options.cipher = ssh_cipher_default;
} else if (options.cipher == SSH_CIPHER_NOT_SET) {
if (cipher_mask_ssh1(1) & supported_ciphers & (1 << ssh_cipher_default))
options.cipher = ssh_cipher_default;
}
/* Check that the selected cipher is supported. */
if (!(supported_ciphers & (1 << options.cipher)))

View File

@ -23,7 +23,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: sshconnect2.c,v 1.28 2000/11/12 19:50:38 markus Exp $");
RCSID("$OpenBSD: sshconnect2.c,v 1.29 2000/11/23 21:03:47 markus Exp $");
#include <openssl/bn.h>
#include <openssl/rsa.h>
@ -74,14 +74,9 @@ ssh_kex2(char *host, struct sockaddr *hostaddr)
Buffer *client_kexinit, *server_kexinit;
char *sprop[PROPOSAL_MAX];
if (options.ciphers == NULL) {
if (options.cipher == SSH_CIPHER_3DES) {
options.ciphers = "3des-cbc";
} else if (options.cipher == SSH_CIPHER_BLOWFISH) {
options.ciphers = "blowfish-cbc";
} else if (options.cipher == SSH_CIPHER_DES) {
fatal("cipher DES not supported for protocol version 2");
}
if (options.ciphers == (char *)-1) {
log("No valid ciphers for protocol version 2 given, using defaults.");
options.ciphers = NULL;
}
if (options.ciphers != NULL) {
myproposal[PROPOSAL_ENC_ALGS_CTOS] =

4
sshd.8
View File

@ -34,7 +34,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" $OpenBSD: sshd.8,v 1.72 2000/11/12 19:50:38 markus Exp $
.\" $OpenBSD: sshd.8,v 1.73 2000/11/22 15:38:30 provos Exp $
.Dd September 25, 1999
.Dt SSHD 8
.Os
@ -885,6 +885,8 @@ really used for anything; it is only provided for the convenience of
the user so its contents can be copied to known hosts files.
These two files are created using
.Xr ssh-keygen 1 .
.It Pa /etc/primes
Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange".
.It Pa /var/run/sshd.pid
Contains the process ID of the
.Nm