diff options
| author |   djm <djm@openbsd.org> | 2010-03-04 10:36:03 +0000 |
|---|---|---|
| committer | djm <djm@openbsd.org> | 2010-03-04 10:36:03 +0000 |
| commit | 3e5de86e329ffce489808e0acea82603eee57732 (patch) | |
| tree | bea43f991e865f9be7c03b4987258aa3bcac32e3 /usr.bin/ssh/sshconnect.c | |
| parent | `speed' is an argument, not a flag. (diff) | |
| download | wireguard-openbsd-3e5de86e329ffce489808e0acea82603eee57732.tar.xz wireguard-openbsd-3e5de86e329ffce489808e0acea82603eee57732.zip | |
Add a TrustedUserCAKeys option to sshd_config to specify CA keys that
are trusted to authenticate users (in addition than doing it per-user
in authorized_keys).
Add a RevokedKeys option to sshd_config and a @revoked marker to
known_hosts to allow keys to me revoked and banned for user or host
authentication.
feedback and ok markus@
Diffstat (limited to 'usr.bin/ssh/sshconnect.c')
| -rw-r--r-- | usr.bin/ssh/sshconnect.c | 24 |
1 files changed, 22 insertions, 2 deletions
diff --git a/usr.bin/ssh/sshconnect.c b/usr.bin/ssh/sshconnect.c index df5a9bdcb5a..7bf8fbec832 100644 --- a/usr.bin/ssh/sshconnect.c +++ b/usr.bin/ssh/sshconnect.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.c,v 1.219 2010/02/26 20:29:54 djm Exp $ */ +/* $OpenBSD: sshconnect.c,v 1.220 2010/03/04 10:36:03 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -846,6 +846,25 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, logit("Warning: Permanently added '%.200s' (%s) to the " "list of known hosts.", hostp, type); break; + case HOST_REVOKED: + error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); + error("@ WARNING: REVOKED HOST KEY DETECTED! @"); + error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); + error("The %s host key for %s is marked as revoked.", type, host); + error("This could mean that a stolen key is being used to"); + error("impersonate this host."); + + /* + * If strict host key checking is in use, the user will have + * to edit the key manually and we can only abort. + */ + if (options.strict_host_key_checking) { + error("%s host key for %.200s was revoked and you have " + "requested strict checking.", type, host); + goto fail; + } + goto continue_unsafe; + case HOST_CHANGED: if (want_cert) { /* @@ -895,6 +914,7 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, goto fail; } + continue_unsafe: /* * If strict host key checking has not been requested, allow * the connection but without MITM-able authentication or @@ -994,7 +1014,7 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, return 0; fail: - if (want_cert) { + if (want_cert && host_status != HOST_REVOKED) { /* * No matching certificate. Downgrade cert to raw key and * search normally. |