diff options
| author |   markus <markus@openbsd.org> | 2000-04-26 20:56:29 +0000 |
|---|---|---|
| committer | markus <markus@openbsd.org> | 2000-04-26 20:56:29 +0000 |
| commit | 814ccd3fa756865f9d24e6aadc91a1c7a2cef263 (patch) | |
| tree | df406ebf216fe444197b84db0f9fa6ca03f37c6f /usr.bin/ssh/ssh.c | |
| parent | missing fclose (diff) | |
| download | wireguard-openbsd-814ccd3fa756865f9d24e6aadc91a1c7a2cef263.tar.xz wireguard-openbsd-814ccd3fa756865f9d24e6aadc91a1c7a2cef263.zip | |
add DSA pubkey auth and other SSH2 fixes. use ssh-keygen -[xX]
for trading keys with the real and the original SSH, directly from the
people who invented the SSH protocol.
Diffstat (limited to 'usr.bin/ssh/ssh.c')
| -rw-r--r-- | usr.bin/ssh/ssh.c | 67 |
1 files changed, 49 insertions, 18 deletions
diff --git a/usr.bin/ssh/ssh.c b/usr.bin/ssh/ssh.c index 850e1e528f4..5d6079e9b6e 100644 --- a/usr.bin/ssh/ssh.c +++ b/usr.bin/ssh/ssh.c @@ -11,7 +11,11 @@ */ #include "includes.h" -RCSID("$Id: ssh.c,v 1.48 2000/04/14 10:30:33 markus Exp $"); +RCSID("$Id: ssh.c,v 1.49 2000/04/26 20:56:30 markus Exp $"); + +#include <openssl/evp.h> +#include <openssl/dsa.h> +#include <openssl/rsa.h> #include "xmalloc.h" #include "ssh.h" @@ -24,6 +28,10 @@ RCSID("$Id: ssh.c,v 1.48 2000/04/14 10:30:33 markus Exp $"); #include "ssh2.h" #include "compat.h" #include "channels.h" +#include "key.h" +#include "authfile.h" + +extern char *__progname; /* Flag indicating whether IPv4 or IPv6. This can be set on the command line. Default value is AF_UNSPEC means both IPv4 and IPv6. */ @@ -348,10 +356,16 @@ main(int ac, char **av) } break; case 'c': - options.cipher = cipher_number(optarg); - if (options.cipher == -1) { - fprintf(stderr, "Unknown cipher type '%s'\n", optarg); - exit(1); + if (ciphers_valid(optarg)) { + /* SSH2 only */ + options.ciphers = xstrdup(optarg); + } else { + /* SSH1 only */ + options.cipher = cipher_number(optarg); + if (options.cipher == -1) { + fprintf(stderr, "Unknown cipher type '%s'\n", optarg); + exit(1); + } } break; case 'p': @@ -407,15 +421,8 @@ main(int ac, char **av) if (!host) usage(); - /* check if RSA support exists */ - if (rsa_alive() == 0) { - extern char *__progname; + OpenSSL_add_all_algorithms(); - fprintf(stderr, - "%s: no RSA support in libssl and libcrypto. See ssl(8).\n", - __progname); - exit(1); - } /* Initialize the command to execute on remote host. */ buffer_init(&command); @@ -488,6 +495,20 @@ main(int ac, char **av) /* reinit */ log_init(av[0], options.log_level, SYSLOG_FACILITY_USER, 0); + /* check if RSA support exists */ + if ((options.protocol & SSH_PROTO_1) && + rsa_alive() == 0) { + log("%s: no RSA support in libssl and libcrypto. See ssl(8).", + __progname); + log("Disabling protocol version 1"); + options.protocol &= ~ (SSH_PROTO_1|SSH_PROTO_1_PREFERRED); + } + if (! options.protocol & (SSH_PROTO_1|SSH_PROTO_2)) { + fprintf(stderr, "%s: No protocol version available.\n", + __progname); + exit(1); + } + if (options.user == NULL) options.user = xstrdup(pw->pw_name); @@ -554,9 +575,12 @@ main(int ac, char **av) * authentication. This must be done before releasing extra * privileges, because the file is only readable by root. */ - if (ok) { + if (ok && (options.protocol & SSH_PROTO_1)) { + Key k; host_private_key = RSA_new(); - if (load_private_key(HOST_KEY_FILE, "", host_private_key, NULL)) + k.type = KEY_RSA; + k.rsa = host_private_key; + if (load_private_key(HOST_KEY_FILE, "", &k, NULL)) host_private_key_loaded = 1; } /* @@ -602,15 +626,22 @@ main(int ac, char **av) exit(1); } /* Expand ~ in options.identity_files. */ + /* XXX mem-leaks */ for (i = 0; i < options.num_identity_files; i++) options.identity_files[i] = tilde_expand_filename(options.identity_files[i], original_real_uid); - + for (i = 0; i < options.num_identity_files2; i++) + options.identity_files2[i] = + tilde_expand_filename(options.identity_files2[i], original_real_uid); /* Expand ~ in known host file names. */ options.system_hostfile = tilde_expand_filename(options.system_hostfile, - original_real_uid); + original_real_uid); options.user_hostfile = tilde_expand_filename(options.user_hostfile, - original_real_uid); + original_real_uid); + options.system_hostfile2 = tilde_expand_filename(options.system_hostfile2, + original_real_uid); + options.user_hostfile2 = tilde_expand_filename(options.user_hostfile2, + original_real_uid); /* Log into the remote system. This never returns if the login fails. */ ssh_login(host_private_key_loaded, host_private_key, |