diff options
| author |   markus <markus@openbsd.org> | 2000-05-08 17:12:15 +0000 |
|---|---|---|
| committer | markus <markus@openbsd.org> | 2000-05-08 17:12:15 +0000 |
| commit | e51b777aca04de995f734e0d6707bafcc1060d7f (patch) | |
| tree | eee1108d7e04a306c7a1889d655bce1277989cc6 | |
| parent | sync (diff) | |
| download | wireguard-openbsd-e51b777aca04de995f734e0d6707bafcc1060d7f.tar.xz wireguard-openbsd-e51b777aca04de995f734e0d6707bafcc1060d7f.zip | |
complain about invalid ciphers in SSH1 (e.g. arcfour is SSH2 only)
| -rw-r--r-- | usr.bin/ssh/cipher.h | 3 | ||||
| -rw-r--r-- | usr.bin/ssh/myproposal.h | 2 | ||||
| -rw-r--r-- | usr.bin/ssh/readconf.c | 5 | ||||
| -rw-r--r-- | usr.bin/ssh/readconf.h | 4 | ||||
| -rw-r--r-- | usr.bin/ssh/servconf.c | 4 | ||||
| -rw-r--r-- | usr.bin/ssh/ssh.1 | 15 | ||||
| -rw-r--r-- | usr.bin/ssh/ssh.c | 3 | ||||
| -rw-r--r-- | usr.bin/ssh/ssh.h | 3 | ||||
| -rw-r--r-- | usr.bin/ssh/sshconnect1.c | 12 | ||||
| -rw-r--r-- | usr.bin/ssh/sshconnect2.c | 15 | ||||
| -rw-r--r-- | usr.bin/ssh/sshd.8 | 4 |
11 files changed, 42 insertions, 28 deletions
diff --git a/usr.bin/ssh/cipher.h b/usr.bin/ssh/cipher.h index b4cd1a3761a..197d9541eaf 100644 --- a/usr.bin/ssh/cipher.h +++ b/usr.bin/ssh/cipher.h @@ -11,7 +11,7 @@ * */ -/* RCSID("$Id: cipher.h,v 1.16 2000/04/14 10:30:30 markus Exp $"); */ +/* RCSID("$Id: cipher.h,v 1.17 2000/05/08 17:12:15 markus Exp $"); */ #ifndef CIPHER_H #define CIPHER_H @@ -23,6 +23,7 @@ /* Cipher types. New types can be added, but old types should not be removed for compatibility. The maximum allowed value is 31. */ +#define SSH_CIPHER_ILLEGAL -2 /* No valid cipher selected. */ #define SSH_CIPHER_NOT_SET -1 /* None selected (invalid number). */ #define SSH_CIPHER_NONE 0 /* no encryption */ #define SSH_CIPHER_IDEA 1 /* IDEA CFB */ diff --git a/usr.bin/ssh/myproposal.h b/usr.bin/ssh/myproposal.h index 7e4baff9dd0..8b24179724f 100644 --- a/usr.bin/ssh/myproposal.h +++ b/usr.bin/ssh/myproposal.h @@ -1,6 +1,6 @@ #define KEX_DEFAULT_KEX "diffie-hellman-group1-sha1" #define KEX_DEFAULT_PK_ALG "ssh-dss" -#define KEX_DEFAULT_ENCRYPT "blowfish-cbc,3des-cbc,arcfour,cast128-cbc" +#define KEX_DEFAULT_ENCRYPT "3des-cbc,blowfish-cbc,arcfour,cast128-cbc" #define KEX_DEFAULT_MAC "hmac-sha1,hmac-md5,hmac-ripemd160@openssh.com" #define KEX_DEFAULT_COMP "zlib,none" #define KEX_DEFAULT_LANG "" diff --git a/usr.bin/ssh/readconf.c b/usr.bin/ssh/readconf.c index a893460ad26..2053c67aa2b 100644 --- a/usr.bin/ssh/readconf.c +++ b/usr.bin/ssh/readconf.c @@ -14,7 +14,7 @@ */ #include "includes.h" -RCSID("$Id: readconf.c,v 1.30 2000/05/06 17:45:36 markus Exp $"); +RCSID("$Id: readconf.c,v 1.31 2000/05/08 17:12:15 markus Exp $"); #include "ssh.h" #include "cipher.h" @@ -475,7 +475,7 @@ parse_int: case oCiphers: cp = strtok(NULL, WHITESPACE); if (!ciphers_valid(cp)) - fatal("%.200s line %d: Bad cipher spec '%s'.", + fatal("%.200s line %d: Bad SSH2 cipher spec '%s'.", filename, linenum, cp ? cp : "<NONE>"); if (*activep && options->ciphers == NULL) options->ciphers = xstrdup(cp); @@ -745,6 +745,7 @@ fill_default_options(Options * options) /* Selected in ssh_login(). */ if (options->cipher == -1) options->cipher = SSH_CIPHER_NOT_SET; + /* options->ciphers, default set in myproposals.h */ if (options->protocol == SSH_PROTO_UNKNOWN) options->protocol = SSH_PROTO_1|SSH_PROTO_2|SSH_PROTO_1_PREFERRED; if (options->num_identity_files == 0) { diff --git a/usr.bin/ssh/readconf.h b/usr.bin/ssh/readconf.h index cf16cb0fc23..7ee91571186 100644 --- a/usr.bin/ssh/readconf.h +++ b/usr.bin/ssh/readconf.h @@ -13,7 +13,7 @@ * */ -/* RCSID("$Id: readconf.h,v 1.17 2000/05/06 17:45:36 markus Exp $"); */ +/* RCSID("$Id: readconf.h,v 1.18 2000/05/08 17:12:15 markus Exp $"); */ #ifndef READCONF_H #define READCONF_H @@ -65,7 +65,7 @@ typedef struct { int number_of_password_prompts; /* Max number of password * prompts. */ int cipher; /* Cipher to use. */ - char *ciphers; /* Ciphers in order of preference. */ + char *ciphers; /* SSH2 ciphers in order of preference. */ int protocol; /* Protocol in order of preference. */ char *hostname; /* Real host to connect. */ char *proxy_command; /* Proxy command for connecting the host. */ diff --git a/usr.bin/ssh/servconf.c b/usr.bin/ssh/servconf.c index ae044c28d21..57f7050dbb4 100644 --- a/usr.bin/ssh/servconf.c +++ b/usr.bin/ssh/servconf.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$Id: servconf.c,v 1.39 2000/05/06 17:45:36 markus Exp $"); +RCSID("$Id: servconf.c,v 1.40 2000/05/08 17:12:15 markus Exp $"); #include "ssh.h" #include "servconf.h" @@ -589,7 +589,7 @@ parse_flag: case sCiphers: cp = strtok(NULL, WHITESPACE); if (!ciphers_valid(cp)) - fatal("%s line %d: Bad cipher spec '%s'.", + fatal("%s line %d: Bad SSH2 cipher spec '%s'.", filename, linenum, cp ? cp : "<NONE>"); if (options->ciphers == NULL) options->ciphers = xstrdup(cp); diff --git a/usr.bin/ssh/ssh.1 b/usr.bin/ssh/ssh.1 index 6b484936c92..e340ae1ef5d 100644 --- a/usr.bin/ssh/ssh.1 +++ b/usr.bin/ssh/ssh.1 @@ -9,7 +9,7 @@ .\" .\" Created: Sat Apr 22 21:55:14 1995 ylo .\" -.\" $Id: ssh.1,v 1.50 2000/05/06 17:45:37 markus Exp $ +.\" $Id: ssh.1,v 1.51 2000/05/08 17:12:15 markus Exp $ .\" .Dd September 25, 1999 .Dt SSH 1 @@ -25,7 +25,7 @@ .Pp .Nm ssh .Op Fl afgknqtvxCPX246 -.Op Fl c Ar blowfish | 3des +.Op Fl c Ar cipher_spec .Op Fl e Ar escape_char .Op Fl i Ar identity_file .Op Fl l Ar login_name @@ -202,7 +202,7 @@ This protocol 2 implementation does not yet support Kerberos or S/Key authentication. .Pp Protocol 2 provides additional mechanisms for confidentiality -(the traffic is encrypted using 3DES, blowfish, cast128 or arcfour) +(the traffic is encrypted using 3DES, Blowfish, CAST128 or Arcfour) and integrity (hmac-sha1, hmac-md5). Note that protocol 1 lacks a strong mechanism for ensuring the integrity of the connection. @@ -342,10 +342,15 @@ It is believed to be secure. (triple-des) is an encrypt-decrypt-encrypt triple with three different keys. It is presumably more secure than the .Ar des -cipher which is no longer supported in ssh. +cipher which is no longer supported in +.Nm ssh . .Ar blowfish is a fast block cipher, it appears very secure and is much faster than .Ar 3des . +.It Fl c Ar "3des-cbc,blowfish-cbc,arcfour,cast128-cbc" +Additionally, for protocol version 2 a comma-separated list of ciphers can +be specified in order of preference. Protocol version 2 supports +3DES, Blowfish and CAST128 in CBC mode and Arcfour. .It Fl e Ar ch|^ch|none Sets the escape character for sessions with a pty (default: .Ql ~ ) . @@ -601,7 +606,7 @@ Specifies the ciphers allowed for protocol version 2 in order of preference. Multiple ciphers must be comma-separated. The default is -.Dq blowfish-cbc,3des-cbc,arcfour,cast128-cbc . +.Dq 3des-cbc,blowfish-cbc,arcfour,cast128-cbc . .It Cm Compression Specifies whether to use compression. The argument must be diff --git a/usr.bin/ssh/ssh.c b/usr.bin/ssh/ssh.c index 434e92c1293..0ab3f9fb058 100644 --- a/usr.bin/ssh/ssh.c +++ b/usr.bin/ssh/ssh.c @@ -11,7 +11,7 @@ */ #include "includes.h" -RCSID("$Id: ssh.c,v 1.50 2000/04/28 08:10:20 markus Exp $"); +RCSID("$Id: ssh.c,v 1.51 2000/05/08 17:12:15 markus Exp $"); #include <openssl/evp.h> #include <openssl/dsa.h> @@ -359,6 +359,7 @@ main(int ac, char **av) if (ciphers_valid(optarg)) { /* SSH2 only */ options.ciphers = xstrdup(optarg); + options.cipher = SSH_CIPHER_ILLEGAL; } else { /* SSH1 only */ options.cipher = cipher_number(optarg); diff --git a/usr.bin/ssh/ssh.h b/usr.bin/ssh/ssh.h index ac3698562a7..0762c964ca2 100644 --- a/usr.bin/ssh/ssh.h +++ b/usr.bin/ssh/ssh.h @@ -13,7 +13,7 @@ * */ -/* RCSID("$Id: ssh.h,v 1.44 2000/05/04 22:38:00 markus Exp $"); */ +/* RCSID("$Id: ssh.h,v 1.45 2000/05/08 17:12:16 markus Exp $"); */ #ifndef SSH_H #define SSH_H @@ -22,6 +22,7 @@ #include "cipher.h" /* + * XXX * The default cipher used if IDEA is not supported by the remote host. It is * recommended that this be one of the mandatory ciphers (DES, 3DES), though * that is not required. diff --git a/usr.bin/ssh/sshconnect1.c b/usr.bin/ssh/sshconnect1.c index 31ee9843cde..4360d7283d8 100644 --- a/usr.bin/ssh/sshconnect1.c +++ b/usr.bin/ssh/sshconnect1.c @@ -9,7 +9,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect1.c,v 1.2 2000/05/04 22:38:00 markus Exp $"); +RCSID("$OpenBSD: sshconnect1.c,v 1.3 2000/05/08 17:12:16 markus Exp $"); #include <openssl/bn.h> #include <openssl/dsa.h> @@ -832,13 +832,17 @@ ssh_kex(char *host, struct sockaddr *hostaddr) RSA_free(public_key); RSA_free(host_key); - if (options.cipher == SSH_CIPHER_NOT_SET) { + if (options.cipher == SSH_CIPHER_ILLEGAL) { + log("No valid SSH1 cipher, using %.100s instead.", + cipher_name(SSH_FALLBACK_CIPHER)); + options.cipher = SSH_FALLBACK_CIPHER; + } else if (options.cipher == SSH_CIPHER_NOT_SET) { if (cipher_mask1() & supported_ciphers & (1 << ssh_cipher_default)) options.cipher = ssh_cipher_default; else { debug("Cipher %s not supported, using %.100s instead.", - cipher_name(ssh_cipher_default), - cipher_name(SSH_FALLBACK_CIPHER)); + cipher_name(ssh_cipher_default), + cipher_name(SSH_FALLBACK_CIPHER)); options.cipher = SSH_FALLBACK_CIPHER; } } diff --git a/usr.bin/ssh/sshconnect2.c b/usr.bin/ssh/sshconnect2.c index 3bddd7cc8c3..6ea804d0c17 100644 --- a/usr.bin/ssh/sshconnect2.c +++ b/usr.bin/ssh/sshconnect2.c @@ -28,7 +28,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect2.c,v 1.8 2000/05/07 18:23:32 markus Exp $"); +RCSID("$OpenBSD: sshconnect2.c,v 1.9 2000/05/08 17:12:16 markus Exp $"); #include <openssl/bn.h> #include <openssl/rsa.h> @@ -96,13 +96,14 @@ ssh_kex2(char *host, struct sockaddr *hostaddr) if (options.ciphers != NULL) { myproposal[PROPOSAL_ENC_ALGS_CTOS] = myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers; - } else if ( - options.cipher == SSH_CIPHER_ARCFOUR || - options.cipher == SSH_CIPHER_3DES_CBC || - options.cipher == SSH_CIPHER_CAST128_CBC || - options.cipher == SSH_CIPHER_BLOWFISH_CBC) { + } else if (options.cipher == SSH_CIPHER_3DES) { myproposal[PROPOSAL_ENC_ALGS_CTOS] = - myproposal[PROPOSAL_ENC_ALGS_STOC] = cipher_name(options.cipher); + myproposal[PROPOSAL_ENC_ALGS_STOC] = + cipher_name(SSH_CIPHER_3DES_CBC); + } else if (options.cipher == SSH_CIPHER_BLOWFISH) { + myproposal[PROPOSAL_ENC_ALGS_CTOS] = + myproposal[PROPOSAL_ENC_ALGS_STOC] = + cipher_name(SSH_CIPHER_BLOWFISH_CBC); } if (options.compression) { myproposal[PROPOSAL_COMP_ALGS_CTOS] = "zlib"; diff --git a/usr.bin/ssh/sshd.8 b/usr.bin/ssh/sshd.8 index 52b5273179d..90d13b6ac0b 100644 --- a/usr.bin/ssh/sshd.8 +++ b/usr.bin/ssh/sshd.8 @@ -9,7 +9,7 @@ .\" .\" Created: Sat Apr 22 21:55:14 1995 ylo .\" -.\" $Id: sshd.8,v 1.49 2000/05/06 17:45:37 markus Exp $ +.\" $Id: sshd.8,v 1.50 2000/05/08 17:12:16 markus Exp $ .\" .Dd September 25, 1999 .Dt SSHD 8 @@ -277,7 +277,7 @@ By default login is allowed regardless of the user name. Specifies the ciphers allowed for protocol version 2. Multiple ciphers must be comma-separated. The default is -.Dq blowfish-cbc,3des-cbc,arcfour,cast128-cbc . +.Dq 3des-cbc,blowfish-cbc,arcfour,cast128-cbc . .It Cm CheckMail Specifies whether .Nm |