From 2cbe402d16f007786082e20001df33fdb6f80adb Mon Sep 17 00:00:00 2001 From: markus Date: Thu, 7 Oct 1999 21:45:02 +0000 Subject: add skey to sshd: 1) pass *pw to auth_password() not user_name, do_authentication already keeps private copy of struct passwd for current user. 2) limit authentication attemps to 5, otherwise ssh -o 'NumberOfPasswordPrompts 100000' host lets you enter 100000 passwds 3) make s/key a run-time option in /etc/sshd_config 4) generate fake skeys, for s/key for nonexisting users, too limit auth-tries for nonexisting users, too. Note that % ssh -l nonexisting-user -o 'NumberOfPasswordPrompts 100000' host has NO limits in ssh-1.2.27 --- usr.bin/ssh/ssh.h | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) (limited to 'usr.bin/ssh/ssh.h') diff --git a/usr.bin/ssh/ssh.h b/usr.bin/ssh/ssh.h index 1586ace8b22..756a795b8bc 100644 --- a/usr.bin/ssh/ssh.h +++ b/usr.bin/ssh/ssh.h @@ -13,7 +13,7 @@ Generic header file for ssh. */ -/* RCSID("$Id: ssh.h,v 1.8 1999/10/05 22:18:52 markus Exp $"); */ +/* RCSID("$Id: ssh.h,v 1.9 1999/10/07 21:45:02 markus Exp $"); */ #ifndef SSH_H #define SSH_H @@ -260,7 +260,7 @@ int auth_rhosts_rsa(struct passwd *pw, const char *client_user, /* Tries to authenticate the user using password. Returns true if authentication succeeds. */ -int auth_password(const char *server_user, const char *password); +int auth_password(struct passwd *pw, const char *password); /* Performs the RSA authentication dialog with the client. This returns 0 if the client could not be authenticated, and 1 if authentication was @@ -583,4 +583,9 @@ int radix_to_creds(const char *buf, CREDENTIALS *creds); #endif /* KRB4 */ +#ifdef SKEY +#include +char *skey_fake_keyinfo(char *username); +#endif /* SKEY */ + #endif /* SSH_H */ -- cgit v1.2.3-59-g8ed1b