diff options
| -rw-r--r-- | auth2-hostbased.c | 6 | ||||
| -rw-r--r-- | monitor.c | 4 | ||||
| -rw-r--r-- | readconf.c | 19 | ||||
| -rw-r--r-- | readconf.h | 4 | ||||
| -rw-r--r-- | scp.1 | 6 | ||||
| -rw-r--r-- | servconf.c | 17 | ||||
| -rw-r--r-- | servconf.h | 6 | ||||
| -rw-r--r-- | sftp.1 | 6 | ||||
| -rw-r--r-- | ssh.1 | 6 | ||||
| -rw-r--r-- | ssh.c | 7 | ||||
| -rw-r--r-- | ssh_config.5 | 7 | ||||
| -rw-r--r-- | sshconnect2.c | 6 | ||||
| -rw-r--r-- | sshd_config.5 | 11 |
13 files changed, 55 insertions, 50 deletions
diff --git a/auth2-hostbased.c b/auth2-hostbased.c index ae43dd8a..3bc799c4 100644 --- a/auth2-hostbased.c +++ b/auth2-hostbased.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-hostbased.c,v 1.44 2021/01/26 00:49:30 djm Exp $ */ +/* $OpenBSD: auth2-hostbased.c,v 1.45 2021/01/26 05:32:21 dtucker Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -108,8 +108,8 @@ userauth_hostbased(struct ssh *ssh) "signature format"); goto done; } - if (match_pattern_list(pkalg, options.hostbased_key_types, 0) != 1) { - logit_f("key type %s not in HostbasedAcceptedKeyTypes", + if (match_pattern_list(pkalg, options.hostbased_accepted_algos, 0) != 1) { + logit_f("key type %s not in HostbasedAcceptedAlgorithms", sshkey_type(key)); goto done; } @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.c,v 1.220 2021/01/22 02:44:58 dtucker Exp $ */ +/* $OpenBSD: monitor.c,v 1.221 2021/01/26 05:32:21 dtucker Exp $ */ /* * Copyright 2002 Niels Provos <provos@citi.umich.edu> * Copyright 2002 Markus Friedl <markus@openbsd.org> @@ -1198,7 +1198,7 @@ mm_answer_keyallowed(struct ssh *ssh, int sock, struct sshbuf *m) if (auth2_key_already_used(authctxt, key)) break; if (!key_base_type_match(auth_method, key, - options.hostbased_key_types)) + options.hostbased_accepted_algos)) break; allowed = hostbased_key_allowed(ssh, authctxt->pw, cuser, chost, key); @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.c,v 1.349 2021/01/22 02:44:58 dtucker Exp $ */ +/* $OpenBSD: readconf.c,v 1.350 2021/01/26 05:32:21 dtucker Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -170,7 +170,7 @@ typedef enum { oCanonicalDomains, oCanonicalizeHostname, oCanonicalizeMaxDots, oCanonicalizeFallbackLocal, oCanonicalizePermittedCNAMEs, oStreamLocalBindMask, oStreamLocalBindUnlink, oRevokedHostKeys, - oFingerprintHash, oUpdateHostkeys, oHostbasedKeyTypes, + oFingerprintHash, oUpdateHostkeys, oHostbasedAcceptedAlgorithms, oPubkeyAcceptedAlgorithms, oCASignatureAlgorithms, oProxyJump, oSecurityKeyProvider, oKnownHostsCommand, oIgnore, oIgnoredUnknownOption, oDeprecated, oUnsupported @@ -306,7 +306,8 @@ static struct { { "revokedhostkeys", oRevokedHostKeys }, { "fingerprinthash", oFingerprintHash }, { "updatehostkeys", oUpdateHostkeys }, - { "hostbasedkeytypes", oHostbasedKeyTypes }, + { "hostbasedkeytypes", oHostbasedAcceptedAlgorithms }, /* obsolete */ + { "hostbasedalgorithms", oHostbasedAcceptedAlgorithms }, { "pubkeyacceptedkeytypes", oPubkeyAcceptedAlgorithms }, /* obsolete */ { "pubkeyacceptedalgorithms", oPubkeyAcceptedAlgorithms }, { "ignoreunknown", oIgnoreUnknown }, @@ -1933,8 +1934,8 @@ parse_pubkey_algos: multistate_ptr = multistate_yesnoask; goto parse_multistate; - case oHostbasedKeyTypes: - charptr = &options->hostbased_key_types; + case oHostbasedAcceptedAlgorithms: + charptr = &options->hostbased_accepted_algos; goto parse_pubkey_algos; case oPubkeyAcceptedAlgorithms: @@ -2221,7 +2222,7 @@ initialize_options(Options * options) options->revoked_host_keys = NULL; options->fingerprint_hash = -1; options->update_hostkeys = -1; - options->hostbased_key_types = NULL; + options->hostbased_accepted_algos = NULL; options->pubkey_accepted_algos = NULL; options->known_hosts_command = NULL; } @@ -2440,7 +2441,7 @@ fill_default_options(Options * options) ASSEMBLE(ciphers, def_cipher, all_cipher); ASSEMBLE(macs, def_mac, all_mac); ASSEMBLE(kex_algorithms, def_kex, all_kex); - ASSEMBLE(hostbased_key_types, def_key, all_key); + ASSEMBLE(hostbased_accepted_algos, def_key, all_key); ASSEMBLE(pubkey_accepted_algos, def_key, all_key); ASSEMBLE(ca_sign_algorithms, def_sig, all_sig); #undef ASSEMBLE @@ -2560,7 +2561,7 @@ free_options(Options *o) free(o->permitted_cnames[i].target_list); } free(o->revoked_host_keys); - free(o->hostbased_key_types); + free(o->hostbased_accepted_algos); free(o->pubkey_accepted_algos); free(o->jump_user); free(o->jump_host); @@ -3087,7 +3088,7 @@ dump_client_config(Options *o, const char *host) dump_cfg_string(oControlPath, o->control_path); dump_cfg_string(oHostKeyAlgorithms, o->hostkeyalgorithms); dump_cfg_string(oHostKeyAlias, o->host_key_alias); - dump_cfg_string(oHostbasedKeyTypes, o->hostbased_key_types); + dump_cfg_string(oHostbasedAcceptedAlgorithms, o->hostbased_accepted_algos); dump_cfg_string(oIdentityAgent, o->identity_agent); dump_cfg_string(oIgnoreUnknown, o->ignored_unknown); dump_cfg_string(oKbdInteractiveDevices, o->kbd_interactive_devices); @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.h,v 1.138 2021/01/22 02:44:58 dtucker Exp $ */ +/* $OpenBSD: readconf.h,v 1.139 2021/01/26 05:32:21 dtucker Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -161,7 +161,7 @@ typedef struct { int update_hostkeys; /* one of SSH_UPDATE_HOSTKEYS_* */ - char *hostbased_key_types; + char *hostbased_accepted_algos; char *pubkey_accepted_algos; char *jump_user; @@ -8,9 +8,9 @@ .\" .\" Created: Sun May 7 00:14:37 1995 ylo .\" -.\" $OpenBSD: scp.1,v 1.93 2021/01/22 02:44:58 dtucker Exp $ +.\" $OpenBSD: scp.1,v 1.94 2021/01/26 05:32:21 dtucker Exp $ .\" -.Dd $Mdocdate: January 22 2021 $ +.Dd $Mdocdate: January 26 2021 $ .Dt SCP 1 .Os .Sh NAME @@ -173,7 +173,7 @@ For full details of the options listed below, and their possible values, see .It HashKnownHosts .It Host .It HostbasedAuthentication -.It HostbasedKeyTypes +.It HostbasedAcceptedAlgorithms .It HostKeyAlgorithms .It HostKeyAlias .It Hostname @@ -1,5 +1,5 @@ -/* $OpenBSD: servconf.c,v 1.374 2021/01/22 02:44:58 dtucker Exp $ */ +/* $OpenBSD: servconf.c,v 1.375 2021/01/26 05:32:21 dtucker Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved @@ -126,7 +126,7 @@ initialize_server_options(ServerOptions *options) options->log_verbose = NULL; options->hostbased_authentication = -1; options->hostbased_uses_name_from_packet_only = -1; - options->hostbased_key_types = NULL; + options->hostbased_accepted_algos = NULL; options->hostkeyalgorithms = NULL; options->pubkey_authentication = -1; options->pubkey_auth_options = -1; @@ -232,7 +232,7 @@ assemble_algorithms(ServerOptions *o) ASSEMBLE(macs, def_mac, all_mac); ASSEMBLE(kex_algorithms, def_kex, all_kex); ASSEMBLE(hostkeyalgorithms, def_key, all_key); - ASSEMBLE(hostbased_key_types, def_key, all_key); + ASSEMBLE(hostbased_accepted_algos, def_key, all_key); ASSEMBLE(pubkey_accepted_algos, def_key, all_key); ASSEMBLE(ca_sign_algorithms, def_sig, all_sig); #undef ASSEMBLE @@ -530,7 +530,7 @@ typedef enum { sGatewayPorts, sPubkeyAuthentication, sPubkeyAcceptedAlgorithms, sXAuthLocation, sSubsystem, sMaxStartups, sMaxAuthTries, sMaxSessions, sBanner, sUseDNS, sHostbasedAuthentication, - sHostbasedUsesNameFromPacketOnly, sHostbasedAcceptedKeyTypes, + sHostbasedUsesNameFromPacketOnly, sHostbasedAcceptedAlgorithms, sHostKeyAlgorithms, sPerSourceMaxStartups, sPerSourceNetBlockSize, sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile, sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor, @@ -585,7 +585,8 @@ static struct { { "rhostsrsaauthentication", sDeprecated, SSHCFG_ALL }, { "hostbasedauthentication", sHostbasedAuthentication, SSHCFG_ALL }, { "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly, SSHCFG_ALL }, - { "hostbasedacceptedkeytypes", sHostbasedAcceptedKeyTypes, SSHCFG_ALL }, + { "hostbasedacceptedkeytypes", sHostbasedAcceptedAlgorithms, SSHCFG_ALL }, /* obsolete */ + { "hostbasedacceptedalgorithms", sHostbasedAcceptedAlgorithms, SSHCFG_ALL }, { "hostkeyalgorithms", sHostKeyAlgorithms, SSHCFG_GLOBAL }, { "rsaauthentication", sDeprecated, SSHCFG_ALL }, { "pubkeyauthentication", sPubkeyAuthentication, SSHCFG_ALL }, @@ -1500,8 +1501,8 @@ process_server_config_line_depth(ServerOptions *options, char *line, intptr = &options->hostbased_uses_name_from_packet_only; goto parse_flag; - case sHostbasedAcceptedKeyTypes: - charptr = &options->hostbased_key_types; + case sHostbasedAcceptedAlgorithms: + charptr = &options->hostbased_accepted_algos; parse_pubkey_algos: arg = strdelim(&cp); if (!arg || *arg == '\0') @@ -2920,7 +2921,7 @@ dump_config(ServerOptions *o) dump_cfg_string(sHostKeyAgent, o->host_key_agent); dump_cfg_string(sKexAlgorithms, o->kex_algorithms); dump_cfg_string(sCASignatureAlgorithms, o->ca_sign_algorithms); - dump_cfg_string(sHostbasedAcceptedKeyTypes, o->hostbased_key_types); + dump_cfg_string(sHostbasedAcceptedAlgorithms, o->hostbased_accepted_algos); dump_cfg_string(sHostKeyAlgorithms, o->hostkeyalgorithms); dump_cfg_string(sPubkeyAcceptedAlgorithms, o->pubkey_accepted_algos); #if defined(__OpenBSD__) || defined(HAVE_SYS_SET_PROCESS_RDOMAIN) @@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.h,v 1.150 2021/01/22 02:44:58 dtucker Exp $ */ +/* $OpenBSD: servconf.h,v 1.151 2021/01/26 05:32:21 dtucker Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -122,7 +122,7 @@ typedef struct { char **log_verbose; int hostbased_authentication; /* If true, permit ssh2 hostbased auth */ int hostbased_uses_name_from_packet_only; /* experimental */ - char *hostbased_key_types; /* Key types allowed for hostbased */ + char *hostbased_accepted_algos; /* Algos allowed for hostbased */ char *hostkeyalgorithms; /* SSH2 server key types */ char *ca_sign_algorithms; /* Allowed CA signature algorithms */ int pubkey_authentication; /* If true, permit ssh2 pubkey authentication. */ @@ -271,7 +271,7 @@ TAILQ_HEAD(include_list, include_item); M_CP_STROPT(authorized_principals_file); \ M_CP_STROPT(authorized_principals_command); \ M_CP_STROPT(authorized_principals_command_user); \ - M_CP_STROPT(hostbased_key_types); \ + M_CP_STROPT(hostbased_accepted_algos); \ M_CP_STROPT(pubkey_accepted_algos); \ M_CP_STROPT(ca_sign_algorithms); \ M_CP_STROPT(routing_domain); \ @@ -1,4 +1,4 @@ -.\" $OpenBSD: sftp.1,v 1.134 2021/01/22 02:44:58 dtucker Exp $ +.\" $OpenBSD: sftp.1,v 1.135 2021/01/26 05:32:21 dtucker Exp $ .\" .\" Copyright (c) 2001 Damien Miller. All rights reserved. .\" @@ -22,7 +22,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: January 22 2021 $ +.Dd $Mdocdate: January 26 2021 $ .Dt SFTP 1 .Os .Sh NAME @@ -247,7 +247,7 @@ For full details of the options listed below, and their possible values, see .It HashKnownHosts .It Host .It HostbasedAuthentication -.It HostbasedKeyTypes +.It HostbasedAcceptedAlgorithms .It HostKeyAlgorithms .It HostKeyAlias .It Hostname @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.416 2021/01/22 02:46:40 dtucker Exp $ -.Dd $Mdocdate: January 22 2021 $ +.\" $OpenBSD: ssh.1,v 1.417 2021/01/26 05:32:21 dtucker Exp $ +.Dd $Mdocdate: January 26 2021 $ .Dt SSH 1 .Os .Sh NAME @@ -510,7 +510,7 @@ For full details of the options listed below, and their possible values, see .It HashKnownHosts .It Host .It HostbasedAuthentication -.It HostbasedKeyTypes +.It HostbasedAcceptedAlgorithms .It HostKeyAlgorithms .It HostKeyAlias .It Hostname @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.547 2021/01/22 02:44:58 dtucker Exp $ */ +/* $OpenBSD: ssh.c,v 1.548 2021/01/26 05:32:22 dtucker Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -802,8 +802,9 @@ main(int ac, char **av) strcasecmp(optarg, "PubkeyAcceptedKeyTypes") == 0 || /* deprecated name */ strcasecmp(optarg, "PubkeyAcceptedAlgorithms") == 0 || strcasecmp(optarg, "HostKeyAlgorithms") == 0 || - strcasecmp(optarg, "HostbasedKeyTypes") == 0 || - strcasecmp(optarg, "HostbasedAcceptedKeyTypes") == 0) + strcasecmp(optarg, "HostbasedKeyTypes") == 0 || /* deprecated name */ + strcasecmp(optarg, "HostbasedAcceptedKeyTypes") == 0 || /* deprecated name */ + strcasecmp(optarg, "HostbasedAcceptedAlgorithms") == 0) cp = sshkey_alg_list(0, 0, 1, '\n'); else if (strcmp(optarg, "sig") == 0) cp = sshkey_alg_list(0, 1, 1, '\n'); diff --git a/ssh_config.5 b/ssh_config.5 index 96d6f658..d099903f 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.343 2021/01/22 02:44:58 dtucker Exp $ -.Dd $Mdocdate: January 22 2021 $ +.\" $OpenBSD: ssh_config.5,v 1.344 2021/01/26 05:32:22 dtucker Exp $ +.Dd $Mdocdate: January 26 2021 $ .Dt SSH_CONFIG 5 .Os .Sh NAME @@ -808,7 +808,7 @@ The argument must be or .Cm no (the default). -.It Cm HostbasedKeyTypes +.It Cm HostbasedAcceptedAlgorithms Specifies the key types that will be used for hostbased authentication as a comma-separated list of patterns. Alternately if the specified list begins with a @@ -846,6 +846,7 @@ The option of .Xr ssh 1 may be used to list supported key types. +This was formerly named HostbasedKeyTypes. .It Cm HostKeyAlgorithms Specifies the host key algorithms that the client wants to use in order of preference. diff --git a/sshconnect2.c b/sshconnect2.c index 0883a367..4bbe8d34 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect2.c,v 1.343 2021/01/25 06:00:17 djm Exp $ */ +/* $OpenBSD: sshconnect2.c,v 1.344 2021/01/26 05:32:22 dtucker Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2008 Damien Miller. All rights reserved. @@ -2100,12 +2100,12 @@ userauth_hostbased(struct ssh *ssh) int i, r, success = 0; if (authctxt->ktypes == NULL) { - authctxt->oktypes = xstrdup(options.hostbased_key_types); + authctxt->oktypes = xstrdup(options.hostbased_accepted_algos); authctxt->ktypes = authctxt->oktypes; } /* - * Work through each listed type pattern in HostbasedKeyTypes, + * Work through each listed type pattern in HostbasedAcceptedAlgorithms, * trying each hostkey that matches the type in turn. */ for (;;) { diff --git a/sshd_config.5 b/sshd_config.5 index 9b7a8916..76109ab4 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.324 2021/01/22 02:44:58 dtucker Exp $ -.Dd $Mdocdate: January 22 2021 $ +.\" $OpenBSD: sshd_config.5,v 1.325 2021/01/26 05:32:22 dtucker Exp $ +.Dd $Mdocdate: January 26 2021 $ .Dt SSHD_CONFIG 5 .Os .Sh NAME @@ -658,7 +658,7 @@ machine's default store. This facility is provided to assist with operation on multi homed machines. The default is .Cm yes . -.It Cm HostbasedAcceptedKeyTypes +.It Cm HostbasedAcceptedAlgorithms Specifies the key types that will be accepted for hostbased authentication as a list of comma-separated patterns. Alternately if the specified list begins with a @@ -692,7 +692,8 @@ rsa-sha2-512,rsa-sha2-256,ssh-rsa .Ed .Pp The list of available key types may also be obtained using -.Qq ssh -Q HostbasedAcceptedKeyTypes . +.Qq ssh -Q HostbasedAcceptedAlgorithms . +This was formerly named HostbasedAcceptedKeyTypes. .It Cm HostbasedAuthentication Specifies whether rhosts or /etc/hosts.equiv authentication together with successful public key client host authentication is allowed @@ -1190,7 +1191,7 @@ Available keywords are .Cm ForceCommand , .Cm GatewayPorts , .Cm GSSAPIAuthentication , -.Cm HostbasedAcceptedKeyTypes , +.Cm HostbasedAcceptedAlgorithms , .Cm HostbasedAuthentication , .Cm HostbasedUsesNameFromPacketOnly , .Cm IgnoreRhosts , |