Attachment #2218 for bug #2070

View | Details | Raw Unified | Return to bug 2070
Collapse All | Expand All

Lines 85-90 initialize_server_options(ServerOptions Link Here

(-)openssh-6.1p1/servconf.c (-1 / +11 lines)
85	options->x11_forwarding = -1;	85	options->x11_forwarding = -1;
86	options->x11_display_offset = -1;	86	options->x11_display_offset = -1;
87	options->x11_use_localhost = -1;	87	options->x11_use_localhost = -1;
		88	options->permit_tty = -1;
88	options->xauth_location = NULL;	89	options->xauth_location = NULL;
89	options->strict_modes = -1;	90	options->strict_modes = -1;
90	options->tcp_keep_alive = -1;	91	options->tcp_keep_alive = -1;
Lines 201-206 fill_default_server_options(ServerOption Link Here
201	options->x11_use_localhost = 1;	202	options->x11_use_localhost = 1;
202	if (options->xauth_location == NULL)	203	if (options->xauth_location == NULL)
203	options->xauth_location = _PATH_XAUTH;	204	options->xauth_location = _PATH_XAUTH;
		205	if (options->permit_tty == -1)
		206	options->permit_tty = 1;
204	if (options->strict_modes == -1)	207	if (options->strict_modes == -1)
205	options->strict_modes = 1;	208	options->strict_modes = 1;
206	if (options->tcp_keep_alive == -1)	209	if (options->tcp_keep_alive == -1)
Lines 314-320 typedef enum { Link Here
314	sListenAddress, sAddressFamily,	317	sListenAddress, sAddressFamily,
315	sPrintMotd, sPrintLastLog, sIgnoreRhosts,	318	sPrintMotd, sPrintLastLog, sIgnoreRhosts,
316	sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost,	319	sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost,
317	sStrictModes, sEmptyPasswd, sTCPKeepAlive,	320	sPermitTTY, sStrictModes, sEmptyPasswd, sTCPKeepAlive,
318	sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression,	321	sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression,
319	sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,	322	sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
320	sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,	323	sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,
Lines 443-448 static struct { Link Here
443	{ "useprivilegeseparation", sUsePrivilegeSeparation, SSHCFG_GLOBAL},	446	{ "useprivilegeseparation", sUsePrivilegeSeparation, SSHCFG_GLOBAL},
444	{ "acceptenv", sAcceptEnv, SSHCFG_ALL },	447	{ "acceptenv", sAcceptEnv, SSHCFG_ALL },
445	{ "permittunnel", sPermitTunnel, SSHCFG_ALL },	448	{ "permittunnel", sPermitTunnel, SSHCFG_ALL },
		449	{ "permittty", sPermitTTY, SSHCFG_ALL },
446	{ "match", sMatch, SSHCFG_ALL },	450	{ "match", sMatch, SSHCFG_ALL },
447	{ "permitopen", sPermitOpen, SSHCFG_ALL },	451	{ "permitopen", sPermitOpen, SSHCFG_ALL },
448	{ "forcecommand", sForceCommand, SSHCFG_ALL },	452	{ "forcecommand", sForceCommand, SSHCFG_ALL },
Lines 1075-1080 process_server_config_line(ServerOptions Link Here
1075	charptr = &options->xauth_location;	1079	charptr = &options->xauth_location;
1076	goto parse_filename;	1080	goto parse_filename;
1077		1081
		1082	case sPermitTTY:
		1083	intptr = &options->permit_tty;
		1084	goto parse_flag;
		1085
1078	case sStrictModes:	1086	case sStrictModes:
1079	intptr = &options->strict_modes;	1087	intptr = &options->strict_modes;
1080	goto parse_flag;	1088	goto parse_flag;
Lines 1657-1662 copy_set_server_options(ServerOptions *d Link Here
1657	M_CP_INTOPT(x11_display_offset);	1665	M_CP_INTOPT(x11_display_offset);
1658	M_CP_INTOPT(x11_forwarding);	1666	M_CP_INTOPT(x11_forwarding);
1659	M_CP_INTOPT(x11_use_localhost);	1667	M_CP_INTOPT(x11_use_localhost);
		1668	M_CP_INTOPT(permit_tty);
1660	M_CP_INTOPT(max_sessions);	1669	M_CP_INTOPT(max_sessions);
1661	M_CP_INTOPT(max_authtries);	1670	M_CP_INTOPT(max_authtries);
1662	M_CP_INTOPT(ip_qos_interactive);	1671	M_CP_INTOPT(ip_qos_interactive);
Lines 1883-1888 dump_config(ServerOptions *o) Link Here
1883	dump_cfg_fmtint(sPrintLastLog, o->print_lastlog);	1892	dump_cfg_fmtint(sPrintLastLog, o->print_lastlog);
1884	dump_cfg_fmtint(sX11Forwarding, o->x11_forwarding);	1893	dump_cfg_fmtint(sX11Forwarding, o->x11_forwarding);
1885	dump_cfg_fmtint(sX11UseLocalhost, o->x11_use_localhost);	1894	dump_cfg_fmtint(sX11UseLocalhost, o->x11_use_localhost);
		1895	dump_cfg_fmtint(sPermitTTY, o->permit_tty);
1886	dump_cfg_fmtint(sStrictModes, o->strict_modes);	1896	dump_cfg_fmtint(sStrictModes, o->strict_modes);
1887	dump_cfg_fmtint(sTCPKeepAlive, o->tcp_keep_alive);	1897	dump_cfg_fmtint(sTCPKeepAlive, o->tcp_keep_alive);
1888	dump_cfg_fmtint(sEmptyPasswd, o->permit_empty_passwd);	1898	dump_cfg_fmtint(sEmptyPasswd, o->permit_empty_passwd);

Lines 74-79 typedef struct { Link Here

(-)openssh-6.1p1/servconf.h (+1 lines)
74	* searching at */	74	* searching at */
75	int x11_use_localhost; /* If true, use localhost for fake X11 server. */	75	int x11_use_localhost; /* If true, use localhost for fake X11 server. */
76	char xauth_location; / Location of xauth program */	76	char xauth_location; / Location of xauth program */
		77	int permit_tty; /* If false, deny pty allocation */
77	int strict_modes; /* If true, require string home dir modes. */	78	int strict_modes; /* If true, require string home dir modes. */
78	int tcp_keep_alive; /* If true, set SO_KEEPALIVE. */	79	int tcp_keep_alive; /* If true, set SO_KEEPALIVE. */
79	int ip_qos_interactive; /* IP ToS/DSCP/class for interactive */	80	int ip_qos_interactive; /* IP ToS/DSCP/class for interactive */

Lines 2018-2024 session_pty_req(Session *s) Link Here

(-)openssh-6.1p1/session.c (-1 / +1 lines)
2018	u_int len;	2018	u_int len;
2019	int n_bytes;	2019	int n_bytes;
2020		2020
2021	if (no_pty_flag) {	2021	if (no_pty_flag \|\| !options.permit_tty) {
2022	debug("Allocating a pty not permitted for this authentication.");	2022	debug("Allocating a pty not permitted for this authentication.");
2023	return 0;	2023	return 0;
2024	}	2024	}

Lines 95-100 AuthorizedKeysFile .ssh/authorized_keys Link Here

(-)openssh-6.1p1/sshd_config (+2 lines)
95	#X11Forwarding no	95	#X11Forwarding no
96	#X11DisplayOffset 10	96	#X11DisplayOffset 10
97	#X11UseLocalhost yes	97	#X11UseLocalhost yes
		98	#PermitTTY yes
98	#PrintMotd yes	99	#PrintMotd yes
99	#PrintLastLog yes	100	#PrintLastLog yes
100	#TCPKeepAlive yes	101	#TCPKeepAlive yes
Lines 121-124 Subsystem sftp /usr/libexec/sftp-server Link Here
121	#Match User anoncvs	122	#Match User anoncvs
122	# X11Forwarding no	123	# X11Forwarding no
123	# AllowTcpForwarding no	124	# AllowTcpForwarding no
		125	# PermitTTY no
124	# ForceCommand cvs server	126	# ForceCommand cvs server

Lines 408-416 DESCRIPTION Link Here

(-)openssh-6.1p1/sshd_config.0 (-2 / +6 lines)
408	HostbasedUsesNameFromPacketOnly, KbdInteractiveAuthentication,	408	HostbasedUsesNameFromPacketOnly, KbdInteractiveAuthentication,
409	KerberosAuthentication, MaxAuthTries, MaxSessions,	409	KerberosAuthentication, MaxAuthTries, MaxSessions,
410	PasswordAuthentication, PermitEmptyPasswords, PermitOpen,	410	PasswordAuthentication, PermitEmptyPasswords, PermitOpen,
411	PermitRootLogin, PermitTunnel, PubkeyAuthentication,	411	PermitRootLogin, PermitTunnel, PermitTTY, PubkeyAuthentication,
412	RhostsRSAAuthentication, RSAAuthentication, X11DisplayOffset,	412	RhostsRSAAuthentication, RSAAuthentication, X11DisplayOffset,
413	X11Forwarding and X11UseLocalHost.	413	X11Forwarding, and X11UseLocalHost.
414		414
415	MaxAuthTries	415	MaxAuthTries
416	Specifies the maximum number of authentication attempts permitted	416	Specifies the maximum number of authentication attempts permitted
Lines 481-486 DESCRIPTION Link Here
481	``ethernet'' (layer 2), or ``no''. Specifying ``yes'' permits	481	``ethernet'' (layer 2), or ``no''. Specifying ``yes'' permits
482	both ``point-to-point'' and ``ethernet''. The default is ``no''.	482	both ``point-to-point'' and ``ethernet''. The default is ``no''.
483		483
		484	PermitTTY
		485	Specifies whether pty(7) allocation is permitted. The default is
		486	``yes''.
		487
484	PermitUserEnvironment	488	PermitUserEnvironment
485	Specifies whether ~/.ssh/environment and environment= options in	489	Specifies whether ~/.ssh/environment and environment= options in
486	~/.ssh/authorized_keys are processed by sshd(8). The default is	490	~/.ssh/authorized_keys are processed by sshd(8). The default is




.Cm PermitOpen ,
.Cm PermitRootLogin ,
.Cm PermitTunnel ,
.Cm PermitTTY ,
.Cm PubkeyAuthentication ,
.Cm RhostsRSAAuthentication ,
.Cm RSAAuthentication ,
.Cm X11DisplayOffset ,
.Cm X11Forwarding ,
and
.Cm X11UseLocalHost .
.It Cm MaxAuthTries

.Dq ethernet .
The default is
.Dq no .
.It Cm PermitTTY
Specifies whether
.Xr pty 7
allocation is permitted.
The default is
.Dq yes .
.It Cm PermitUserEnvironment
Specifies whether
.Pa ~/.ssh/environment

Return to bug 2070

Lines 731-741 Available keywords are Link Here

(-)openssh-6.1p1/sshd_config.5 (-1 / +8 lines)
731	.Cm PermitOpen ,	731	.Cm PermitOpen ,
732	.Cm PermitRootLogin ,	732	.Cm PermitRootLogin ,
733	.Cm PermitTunnel ,	733	.Cm PermitTunnel ,
		734	.Cm PermitTTY ,
734	.Cm PubkeyAuthentication ,	735	.Cm PubkeyAuthentication ,
735	.Cm RhostsRSAAuthentication ,	736	.Cm RhostsRSAAuthentication ,
736	.Cm RSAAuthentication ,	737	.Cm RSAAuthentication ,
737	.Cm X11DisplayOffset ,	738	.Cm X11DisplayOffset ,
738	.Cm X11Forwarding	739	.Cm X11Forwarding ,
739	and	740	and
740	.Cm X11UseLocalHost .	741	.Cm X11UseLocalHost .
741	.It Cm MaxAuthTries	742	.It Cm MaxAuthTries
Lines 858-863 and Link Here
858	.Dq ethernet .	859	.Dq ethernet .
859	The default is	860	The default is
860	.Dq no .	861	.Dq no .
		862	.It Cm PermitTTY
		863	Specifies whether
		864	.Xr pty 7
		865	allocation is permitted.
		866	The default is
		867	.Dq yes .
861	.It Cm PermitUserEnvironment	868	.It Cm PermitUserEnvironment
862	Specifies whether	869	Specifies whether
863	.Pa ~/.ssh/environment	870	.Pa ~/.ssh/environment