=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/ssh.c,v retrieving revision 1.48 retrieving revision 1.49 diff -u -r1.48 -r1.49 --- src/usr.bin/ssh/ssh.c 2000/04/14 10:30:33 1.48 +++ src/usr.bin/ssh/ssh.c 2000/04/26 20:56:30 1.49 @@ -11,8 +11,12 @@ */ #include "includes.h" -RCSID("$Id: ssh.c,v 1.48 2000/04/14 10:30:33 markus Exp $"); +RCSID("$Id: ssh.c,v 1.49 2000/04/26 20:56:30 markus Exp $"); +#include +#include +#include + #include "xmalloc.h" #include "ssh.h" #include "packet.h" @@ -24,7 +28,11 @@ #include "ssh2.h" #include "compat.h" #include "channels.h" +#include "key.h" +#include "authfile.h" +extern char *__progname; + /* Flag indicating whether IPv4 or IPv6. This can be set on the command line. Default value is AF_UNSPEC means both IPv4 and IPv6. */ int IPv4or6 = AF_UNSPEC; @@ -348,10 +356,16 @@ } break; case 'c': - options.cipher = cipher_number(optarg); - if (options.cipher == -1) { - fprintf(stderr, "Unknown cipher type '%s'\n", optarg); - exit(1); + if (ciphers_valid(optarg)) { + /* SSH2 only */ + options.ciphers = xstrdup(optarg); + } else { + /* SSH1 only */ + options.cipher = cipher_number(optarg); + if (options.cipher == -1) { + fprintf(stderr, "Unknown cipher type '%s'\n", optarg); + exit(1); + } } break; case 'p': @@ -407,15 +421,8 @@ if (!host) usage(); - /* check if RSA support exists */ - if (rsa_alive() == 0) { - extern char *__progname; + OpenSSL_add_all_algorithms(); - fprintf(stderr, - "%s: no RSA support in libssl and libcrypto. See ssl(8).\n", - __progname); - exit(1); - } /* Initialize the command to execute on remote host. */ buffer_init(&command); @@ -488,6 +495,20 @@ /* reinit */ log_init(av[0], options.log_level, SYSLOG_FACILITY_USER, 0); + /* check if RSA support exists */ + if ((options.protocol & SSH_PROTO_1) && + rsa_alive() == 0) { + log("%s: no RSA support in libssl and libcrypto. See ssl(8).", + __progname); + log("Disabling protocol version 1"); + options.protocol &= ~ (SSH_PROTO_1|SSH_PROTO_1_PREFERRED); + } + if (! options.protocol & (SSH_PROTO_1|SSH_PROTO_2)) { + fprintf(stderr, "%s: No protocol version available.\n", + __progname); + exit(1); + } + if (options.user == NULL) options.user = xstrdup(pw->pw_name); @@ -554,9 +575,12 @@ * authentication. This must be done before releasing extra * privileges, because the file is only readable by root. */ - if (ok) { + if (ok && (options.protocol & SSH_PROTO_1)) { + Key k; host_private_key = RSA_new(); - if (load_private_key(HOST_KEY_FILE, "", host_private_key, NULL)) + k.type = KEY_RSA; + k.rsa = host_private_key; + if (load_private_key(HOST_KEY_FILE, "", &k, NULL)) host_private_key_loaded = 1; } /* @@ -602,15 +626,22 @@ exit(1); } /* Expand ~ in options.identity_files. */ + /* XXX mem-leaks */ for (i = 0; i < options.num_identity_files; i++) options.identity_files[i] = tilde_expand_filename(options.identity_files[i], original_real_uid); - + for (i = 0; i < options.num_identity_files2; i++) + options.identity_files2[i] = + tilde_expand_filename(options.identity_files2[i], original_real_uid); /* Expand ~ in known host file names. */ options.system_hostfile = tilde_expand_filename(options.system_hostfile, - original_real_uid); + original_real_uid); options.user_hostfile = tilde_expand_filename(options.user_hostfile, - original_real_uid); + original_real_uid); + options.system_hostfile2 = tilde_expand_filename(options.system_hostfile2, + original_real_uid); + options.user_hostfile2 = tilde_expand_filename(options.user_hostfile2, + original_real_uid); /* Log into the remote system. This never returns if the login fails. */ ssh_login(host_private_key_loaded, host_private_key,