version 1.292, 2016/06/23 05:17:51 |
version 1.293, 2016/08/15 12:27:56 |
|
|
options->num_host_cert_files = 0; |
options->num_host_cert_files = 0; |
options->host_key_agent = NULL; |
options->host_key_agent = NULL; |
options->pid_file = NULL; |
options->pid_file = NULL; |
options->server_key_bits = -1; |
|
options->login_grace_time = -1; |
options->login_grace_time = -1; |
options->key_regeneration_time = -1; |
|
options->permit_root_login = PERMIT_NOT_SET; |
options->permit_root_login = PERMIT_NOT_SET; |
options->ignore_rhosts = -1; |
options->ignore_rhosts = -1; |
options->ignore_user_known_hosts = -1; |
options->ignore_user_known_hosts = -1; |
|
|
options->tcp_keep_alive = -1; |
options->tcp_keep_alive = -1; |
options->log_facility = SYSLOG_FACILITY_NOT_SET; |
options->log_facility = SYSLOG_FACILITY_NOT_SET; |
options->log_level = SYSLOG_LEVEL_NOT_SET; |
options->log_level = SYSLOG_LEVEL_NOT_SET; |
options->rhosts_rsa_authentication = -1; |
|
options->hostbased_authentication = -1; |
options->hostbased_authentication = -1; |
options->hostbased_uses_name_from_packet_only = -1; |
options->hostbased_uses_name_from_packet_only = -1; |
options->hostbased_key_types = NULL; |
options->hostbased_key_types = NULL; |
options->hostkeyalgorithms = NULL; |
options->hostkeyalgorithms = NULL; |
options->rsa_authentication = -1; |
|
options->pubkey_authentication = -1; |
options->pubkey_authentication = -1; |
options->pubkey_key_types = NULL; |
options->pubkey_key_types = NULL; |
options->kerberos_authentication = -1; |
options->kerberos_authentication = -1; |
|
|
options->ciphers = NULL; |
options->ciphers = NULL; |
options->macs = NULL; |
options->macs = NULL; |
options->kex_algorithms = NULL; |
options->kex_algorithms = NULL; |
options->protocol = SSH_PROTO_UNKNOWN; |
|
options->fwd_opts.gateway_ports = -1; |
options->fwd_opts.gateway_ports = -1; |
options->fwd_opts.streamlocal_bind_mask = (mode_t)-1; |
options->fwd_opts.streamlocal_bind_mask = (mode_t)-1; |
options->fwd_opts.streamlocal_bind_unlink = -1; |
options->fwd_opts.streamlocal_bind_unlink = -1; |
|
|
{ |
{ |
int i; |
int i; |
|
|
if (options->protocol == SSH_PROTO_UNKNOWN) |
|
options->protocol = SSH_PROTO_2; |
|
if (options->num_host_key_files == 0) { |
if (options->num_host_key_files == 0) { |
/* fill default hostkeys for protocols */ |
/* fill default hostkeys */ |
if (options->protocol & SSH_PROTO_1) |
options->host_key_files[options->num_host_key_files++] = |
options->host_key_files[options->num_host_key_files++] = |
_PATH_HOST_RSA_KEY_FILE; |
_PATH_HOST_KEY_FILE; |
options->host_key_files[options->num_host_key_files++] = |
if (options->protocol & SSH_PROTO_2) { |
_PATH_HOST_DSA_KEY_FILE; |
options->host_key_files[options->num_host_key_files++] = |
options->host_key_files[options->num_host_key_files++] = |
_PATH_HOST_RSA_KEY_FILE; |
_PATH_HOST_ECDSA_KEY_FILE; |
options->host_key_files[options->num_host_key_files++] = |
options->host_key_files[options->num_host_key_files++] = |
_PATH_HOST_DSA_KEY_FILE; |
_PATH_HOST_ED25519_KEY_FILE; |
options->host_key_files[options->num_host_key_files++] = |
|
_PATH_HOST_ECDSA_KEY_FILE; |
|
options->host_key_files[options->num_host_key_files++] = |
|
_PATH_HOST_ED25519_KEY_FILE; |
|
} |
|
} |
} |
/* No certificates by default */ |
/* No certificates by default */ |
if (options->num_ports == 0) |
if (options->num_ports == 0) |
|
|
add_listen_addr(options, NULL, 0); |
add_listen_addr(options, NULL, 0); |
if (options->pid_file == NULL) |
if (options->pid_file == NULL) |
options->pid_file = xstrdup(_PATH_SSH_DAEMON_PID_FILE); |
options->pid_file = xstrdup(_PATH_SSH_DAEMON_PID_FILE); |
if (options->server_key_bits == -1) |
|
options->server_key_bits = 1024; |
|
if (options->login_grace_time == -1) |
if (options->login_grace_time == -1) |
options->login_grace_time = 120; |
options->login_grace_time = 120; |
if (options->key_regeneration_time == -1) |
|
options->key_regeneration_time = 3600; |
|
if (options->permit_root_login == PERMIT_NOT_SET) |
if (options->permit_root_login == PERMIT_NOT_SET) |
options->permit_root_login = PERMIT_NO_PASSWD; |
options->permit_root_login = PERMIT_NO_PASSWD; |
if (options->ignore_rhosts == -1) |
if (options->ignore_rhosts == -1) |
|
|
options->log_facility = SYSLOG_FACILITY_AUTH; |
options->log_facility = SYSLOG_FACILITY_AUTH; |
if (options->log_level == SYSLOG_LEVEL_NOT_SET) |
if (options->log_level == SYSLOG_LEVEL_NOT_SET) |
options->log_level = SYSLOG_LEVEL_INFO; |
options->log_level = SYSLOG_LEVEL_INFO; |
if (options->rhosts_rsa_authentication == -1) |
|
options->rhosts_rsa_authentication = 0; |
|
if (options->hostbased_authentication == -1) |
if (options->hostbased_authentication == -1) |
options->hostbased_authentication = 0; |
options->hostbased_authentication = 0; |
if (options->hostbased_uses_name_from_packet_only == -1) |
if (options->hostbased_uses_name_from_packet_only == -1) |
options->hostbased_uses_name_from_packet_only = 0; |
options->hostbased_uses_name_from_packet_only = 0; |
if (options->rsa_authentication == -1) |
|
options->rsa_authentication = 1; |
|
if (options->pubkey_authentication == -1) |
if (options->pubkey_authentication == -1) |
options->pubkey_authentication = 1; |
options->pubkey_authentication = 1; |
if (options->kerberos_authentication == -1) |
if (options->kerberos_authentication == -1) |
|
|
/* Keyword tokens. */ |
/* Keyword tokens. */ |
typedef enum { |
typedef enum { |
sBadOption, /* == unknown option */ |
sBadOption, /* == unknown option */ |
sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, |
sPort, sHostKeyFile, sLoginGraceTime, |
sKeyRegenerationTime, sPermitRootLogin, sLogFacility, sLogLevel, |
sPermitRootLogin, sLogFacility, sLogLevel, |
sRhostsRSAAuthentication, sRSAAuthentication, |
|
sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup, |
sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup, |
sKerberosGetAFSToken, |
sKerberosGetAFSToken, |
sKerberosTgtPassing, sChallengeResponseAuthentication, |
sKerberosTgtPassing, sChallengeResponseAuthentication, |
|
|
sPermitTTY, sStrictModes, sEmptyPasswd, sTCPKeepAlive, |
sPermitTTY, sStrictModes, sEmptyPasswd, sTCPKeepAlive, |
sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression, |
sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression, |
sRekeyLimit, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, |
sRekeyLimit, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, |
sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile, |
sIgnoreUserKnownHosts, sCiphers, sMacs, sPidFile, |
sGatewayPorts, sPubkeyAuthentication, sPubkeyAcceptedKeyTypes, |
sGatewayPorts, sPubkeyAuthentication, sPubkeyAcceptedKeyTypes, |
sXAuthLocation, sSubsystem, sMaxStartups, sMaxAuthTries, sMaxSessions, |
sXAuthLocation, sSubsystem, sMaxStartups, sMaxAuthTries, sMaxSessions, |
sBanner, sUseDNS, sHostbasedAuthentication, |
sBanner, sUseDNS, sHostbasedAuthentication, |
|
|
{ "hostdsakey", sHostKeyFile, SSHCFG_GLOBAL }, /* alias */ |
{ "hostdsakey", sHostKeyFile, SSHCFG_GLOBAL }, /* alias */ |
{ "hostkeyagent", sHostKeyAgent, SSHCFG_GLOBAL }, |
{ "hostkeyagent", sHostKeyAgent, SSHCFG_GLOBAL }, |
{ "pidfile", sPidFile, SSHCFG_GLOBAL }, |
{ "pidfile", sPidFile, SSHCFG_GLOBAL }, |
{ "serverkeybits", sServerKeyBits, SSHCFG_GLOBAL }, |
{ "serverkeybits", sDeprecated, SSHCFG_GLOBAL }, |
{ "logingracetime", sLoginGraceTime, SSHCFG_GLOBAL }, |
{ "logingracetime", sLoginGraceTime, SSHCFG_GLOBAL }, |
{ "keyregenerationinterval", sKeyRegenerationTime, SSHCFG_GLOBAL }, |
{ "keyregenerationinterval", sDeprecated, SSHCFG_GLOBAL }, |
{ "permitrootlogin", sPermitRootLogin, SSHCFG_ALL }, |
{ "permitrootlogin", sPermitRootLogin, SSHCFG_ALL }, |
{ "syslogfacility", sLogFacility, SSHCFG_GLOBAL }, |
{ "syslogfacility", sLogFacility, SSHCFG_GLOBAL }, |
{ "loglevel", sLogLevel, SSHCFG_GLOBAL }, |
{ "loglevel", sLogLevel, SSHCFG_GLOBAL }, |
{ "rhostsauthentication", sDeprecated, SSHCFG_GLOBAL }, |
{ "rhostsauthentication", sDeprecated, SSHCFG_GLOBAL }, |
{ "rhostsrsaauthentication", sRhostsRSAAuthentication, SSHCFG_ALL }, |
{ "rhostsrsaauthentication", sDeprecated, SSHCFG_ALL }, |
{ "hostbasedauthentication", sHostbasedAuthentication, SSHCFG_ALL }, |
{ "hostbasedauthentication", sHostbasedAuthentication, SSHCFG_ALL }, |
{ "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly, SSHCFG_ALL }, |
{ "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly, SSHCFG_ALL }, |
{ "hostbasedacceptedkeytypes", sHostbasedAcceptedKeyTypes, SSHCFG_ALL }, |
{ "hostbasedacceptedkeytypes", sHostbasedAcceptedKeyTypes, SSHCFG_ALL }, |
{ "hostkeyalgorithms", sHostKeyAlgorithms, SSHCFG_GLOBAL }, |
{ "hostkeyalgorithms", sHostKeyAlgorithms, SSHCFG_GLOBAL }, |
{ "rsaauthentication", sRSAAuthentication, SSHCFG_ALL }, |
{ "rsaauthentication", sDeprecated, SSHCFG_ALL }, |
{ "pubkeyauthentication", sPubkeyAuthentication, SSHCFG_ALL }, |
{ "pubkeyauthentication", sPubkeyAuthentication, SSHCFG_ALL }, |
{ "pubkeyacceptedkeytypes", sPubkeyAcceptedKeyTypes, SSHCFG_ALL }, |
{ "pubkeyacceptedkeytypes", sPubkeyAcceptedKeyTypes, SSHCFG_ALL }, |
{ "dsaauthentication", sPubkeyAuthentication, SSHCFG_GLOBAL }, /* alias */ |
{ "dsaauthentication", sPubkeyAuthentication, SSHCFG_GLOBAL }, /* alias */ |
|
|
{ "denygroups", sDenyGroups, SSHCFG_ALL }, |
{ "denygroups", sDenyGroups, SSHCFG_ALL }, |
{ "ciphers", sCiphers, SSHCFG_GLOBAL }, |
{ "ciphers", sCiphers, SSHCFG_GLOBAL }, |
{ "macs", sMacs, SSHCFG_GLOBAL }, |
{ "macs", sMacs, SSHCFG_GLOBAL }, |
{ "protocol", sProtocol, SSHCFG_GLOBAL }, |
{ "protocol", sDeprecated, SSHCFG_GLOBAL }, |
{ "gatewayports", sGatewayPorts, SSHCFG_ALL }, |
{ "gatewayports", sGatewayPorts, SSHCFG_ALL }, |
{ "subsystem", sSubsystem, SSHCFG_GLOBAL }, |
{ "subsystem", sSubsystem, SSHCFG_GLOBAL }, |
{ "maxstartups", sMaxStartups, SSHCFG_GLOBAL }, |
{ "maxstartups", sMaxStartups, SSHCFG_GLOBAL }, |
|
|
filename, linenum); |
filename, linenum); |
break; |
break; |
|
|
case sServerKeyBits: |
|
intptr = &options->server_key_bits; |
|
parse_int: |
|
arg = strdelim(&cp); |
|
if (!arg || *arg == '\0') |
|
fatal("%s line %d: missing integer value.", |
|
filename, linenum); |
|
value = atoi(arg); |
|
if (*activep && *intptr == -1) |
|
*intptr = value; |
|
break; |
|
|
|
case sLoginGraceTime: |
case sLoginGraceTime: |
intptr = &options->login_grace_time; |
intptr = &options->login_grace_time; |
parse_time: |
parse_time: |
|
|
*intptr = value; |
*intptr = value; |
break; |
break; |
|
|
case sKeyRegenerationTime: |
|
intptr = &options->key_regeneration_time; |
|
goto parse_time; |
|
|
|
case sListenAddress: |
case sListenAddress: |
arg = strdelim(&cp); |
arg = strdelim(&cp); |
if (arg == NULL || *arg == '\0') |
if (arg == NULL || *arg == '\0') |
|
|
intptr = &options->ignore_user_known_hosts; |
intptr = &options->ignore_user_known_hosts; |
goto parse_flag; |
goto parse_flag; |
|
|
case sRhostsRSAAuthentication: |
|
intptr = &options->rhosts_rsa_authentication; |
|
goto parse_flag; |
|
|
|
case sHostbasedAuthentication: |
case sHostbasedAuthentication: |
intptr = &options->hostbased_authentication; |
intptr = &options->hostbased_authentication; |
goto parse_flag; |
goto parse_flag; |
|
|
charptr = &options->hostkeyalgorithms; |
charptr = &options->hostkeyalgorithms; |
goto parse_keytypes; |
goto parse_keytypes; |
|
|
case sRSAAuthentication: |
|
intptr = &options->rsa_authentication; |
|
goto parse_flag; |
|
|
|
case sPubkeyAuthentication: |
case sPubkeyAuthentication: |
intptr = &options->pubkey_authentication; |
intptr = &options->pubkey_authentication; |
goto parse_flag; |
goto parse_flag; |
|
|
|
|
case sX11DisplayOffset: |
case sX11DisplayOffset: |
intptr = &options->x11_display_offset; |
intptr = &options->x11_display_offset; |
goto parse_int; |
parse_int: |
|
arg = strdelim(&cp); |
|
if (!arg || *arg == '\0') |
|
fatal("%s line %d: missing integer value.", |
|
filename, linenum); |
|
value = atoi(arg); |
|
if (*activep && *intptr == -1) |
|
*intptr = value; |
|
break; |
|
|
case sX11UseLocalhost: |
case sX11UseLocalhost: |
intptr = &options->x11_use_localhost; |
intptr = &options->x11_use_localhost; |
|
|
options->kex_algorithms = xstrdup(arg); |
options->kex_algorithms = xstrdup(arg); |
break; |
break; |
|
|
case sProtocol: |
|
intptr = &options->protocol; |
|
arg = strdelim(&cp); |
|
if (!arg || *arg == '\0') |
|
fatal("%s line %d: Missing argument.", filename, linenum); |
|
value = proto_spec(arg); |
|
if (value == SSH_PROTO_UNKNOWN) |
|
fatal("%s line %d: Bad protocol spec '%s'.", |
|
filename, linenum, arg ? arg : "<NONE>"); |
|
if (*intptr == SSH_PROTO_UNKNOWN) |
|
*intptr = value; |
|
break; |
|
|
|
case sSubsystem: |
case sSubsystem: |
if (options->num_subsystems >= MAX_SUBSYSTEMS) { |
if (options->num_subsystems >= MAX_SUBSYSTEMS) { |
fatal("%s line %d: too many subsystems defined.", |
fatal("%s line %d: too many subsystems defined.", |
|
|
|
|
M_CP_INTOPT(password_authentication); |
M_CP_INTOPT(password_authentication); |
M_CP_INTOPT(gss_authentication); |
M_CP_INTOPT(gss_authentication); |
M_CP_INTOPT(rsa_authentication); |
|
M_CP_INTOPT(pubkey_authentication); |
M_CP_INTOPT(pubkey_authentication); |
M_CP_INTOPT(kerberos_authentication); |
M_CP_INTOPT(kerberos_authentication); |
M_CP_INTOPT(hostbased_authentication); |
M_CP_INTOPT(hostbased_authentication); |
|
|
return fmt_multistate_int(val, multistate_tcpfwd); |
return fmt_multistate_int(val, multistate_tcpfwd); |
case sFingerprintHash: |
case sFingerprintHash: |
return ssh_digest_alg_name(val); |
return ssh_digest_alg_name(val); |
case sProtocol: |
|
switch (val) { |
|
case SSH_PROTO_1: |
|
return "1"; |
|
case SSH_PROTO_2: |
|
return "2"; |
|
case (SSH_PROTO_1|SSH_PROTO_2): |
|
return "2,1"; |
|
default: |
|
return "UNKNOWN"; |
|
} |
|
default: |
default: |
switch (val) { |
switch (val) { |
case 0: |
case 0: |
|
|
/* these are usually at the top of the config */ |
/* these are usually at the top of the config */ |
for (i = 0; i < o->num_ports; i++) |
for (i = 0; i < o->num_ports; i++) |
printf("port %d\n", o->ports[i]); |
printf("port %d\n", o->ports[i]); |
dump_cfg_fmtint(sProtocol, o->protocol); |
|
dump_cfg_fmtint(sAddressFamily, o->address_family); |
dump_cfg_fmtint(sAddressFamily, o->address_family); |
|
|
/* |
/* |
|
|
free(laddr1); |
free(laddr1); |
|
|
/* integer arguments */ |
/* integer arguments */ |
dump_cfg_int(sServerKeyBits, o->server_key_bits); |
|
dump_cfg_int(sLoginGraceTime, o->login_grace_time); |
dump_cfg_int(sLoginGraceTime, o->login_grace_time); |
dump_cfg_int(sKeyRegenerationTime, o->key_regeneration_time); |
|
dump_cfg_int(sX11DisplayOffset, o->x11_display_offset); |
dump_cfg_int(sX11DisplayOffset, o->x11_display_offset); |
dump_cfg_int(sMaxAuthTries, o->max_authtries); |
dump_cfg_int(sMaxAuthTries, o->max_authtries); |
dump_cfg_int(sMaxSessions, o->max_sessions); |
dump_cfg_int(sMaxSessions, o->max_sessions); |
|
|
dump_cfg_fmtint(sPermitRootLogin, o->permit_root_login); |
dump_cfg_fmtint(sPermitRootLogin, o->permit_root_login); |
dump_cfg_fmtint(sIgnoreRhosts, o->ignore_rhosts); |
dump_cfg_fmtint(sIgnoreRhosts, o->ignore_rhosts); |
dump_cfg_fmtint(sIgnoreUserKnownHosts, o->ignore_user_known_hosts); |
dump_cfg_fmtint(sIgnoreUserKnownHosts, o->ignore_user_known_hosts); |
dump_cfg_fmtint(sRhostsRSAAuthentication, o->rhosts_rsa_authentication); |
|
dump_cfg_fmtint(sHostbasedAuthentication, o->hostbased_authentication); |
dump_cfg_fmtint(sHostbasedAuthentication, o->hostbased_authentication); |
dump_cfg_fmtint(sHostbasedUsesNameFromPacketOnly, |
dump_cfg_fmtint(sHostbasedUsesNameFromPacketOnly, |
o->hostbased_uses_name_from_packet_only); |
o->hostbased_uses_name_from_packet_only); |
dump_cfg_fmtint(sRSAAuthentication, o->rsa_authentication); |
|
dump_cfg_fmtint(sPubkeyAuthentication, o->pubkey_authentication); |
dump_cfg_fmtint(sPubkeyAuthentication, o->pubkey_authentication); |
#ifdef KRB5 |
#ifdef KRB5 |
dump_cfg_fmtint(sKerberosAuthentication, o->kerberos_authentication); |
dump_cfg_fmtint(sKerberosAuthentication, o->kerberos_authentication); |