Attachment #2955 for bug #2691

View | Details | Raw Unified | Return to bug 2691
Collapse All | Expand All

Lines 926-943 process_cmdline(void) Link Here

(-)a/clientloop.c (-12 / +19 lines)
926		926
927	if (s == 'h' \|\| s == 'H' \|\| *s == '?') {	927	if (s == 'h' \|\| s == 'H' \|\| *s == '?') {
928	logit("Commands:");	928	logit("Commands:");
929	logit(" -L[bind_address:]port:host:hostport "	929	if (options.escape_char_forward_menu == 1) {
930	"Request local forward");	930	logit(" -L[bind_address:]port:host:hostport "
931	logit(" -R[bind_address:]port:host:hostport "	931	"Request local forward");
932	"Request remote forward");	932	logit(" -R[bind_address:]port:host:hostport "
933	logit(" -D[bind_address:]port "	933	"Request remote forward");
934	"Request dynamic forward");	934	logit(" -D[bind_address:]port "
935	logit(" -KL[bind_address:]port "	935	"Request dynamic forward");
936	"Cancel local forward");	936	logit(" -KL[bind_address:]port "
937	logit(" -KR[bind_address:]port "	937	"Cancel local forward");
938	"Cancel remote forward");	938	logit(" -KR[bind_address:]port "
939	logit(" -KD[bind_address:]port "	939	"Cancel remote forward");
940	"Cancel dynamic forward");	940	logit(" -KD[bind_address:]port "
		941	"Cancel dynamic forward");
		942	}
941	if (!options.permit_local_command)	943	if (!options.permit_local_command)
942	goto out;	944	goto out;
943	logit(" !args "	945	logit(" !args "
Lines 951-956 process_cmdline(void) Link Here
951	goto out;	953	goto out;
952	}	954	}
953		955
		956	if (options.escape_char_forward_menu != 1) {
		957	logit("Forward menu disabled.");
		958	goto out;
		959	}
		960
954	if (*s == 'K') {	961	if (*s == 'K') {
955	delete = 1;	962	delete = 1;
956	s++;	963	s++;

Lines 148-154 typedef enum { Link Here

(-)a/readconf.c (-1 / +10 lines)
148	oChallengeResponseAuthentication, oXAuthLocation,	148	oChallengeResponseAuthentication, oXAuthLocation,
149	oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward,	149	oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward,
150	oCertificateFile, oAddKeysToAgent, oIdentityAgent,	150	oCertificateFile, oAddKeysToAgent, oIdentityAgent,
151	oUser, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand,	151	oUser, oEscapeChar, oEscapeCharForwardMenu, oRhostsRSAAuthentication, oProxyCommand,
152	oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts,	152	oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts,
153	oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression,	153	oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression,
154	oCompressionLevel, oTCPKeepAlive, oNumberOfPasswordPrompts,	154	oCompressionLevel, oTCPKeepAlive, oNumberOfPasswordPrompts,
Lines 255-260 static struct { Link Here
255	{ "host", oHost },	255	{ "host", oHost },
256	{ "match", oMatch },	256	{ "match", oMatch },
257	{ "escapechar", oEscapeChar },	257	{ "escapechar", oEscapeChar },
		258	{ "escapecharforwardmenu", oEscapeCharForwardMenu },
258	{ "globalknownhostsfile", oGlobalKnownHostsFile },	259	{ "globalknownhostsfile", oGlobalKnownHostsFile },
259	{ "userknownhostsfile", oUserKnownHostsFile },	260	{ "userknownhostsfile", oUserKnownHostsFile },
260	{ "connectionattempts", oConnectionAttempts },	261	{ "connectionattempts", oConnectionAttempts },
Lines 1368-1373 parse_keytypes: Link Here
1368	*intptr = value;	1369	*intptr = value;
1369	break;	1370	break;
1370		1371
		1372	case oEscapeCharForwardMenu:
		1373	intptr = &options->escape_char_forward_menu;
		1374	goto parse_flag;
		1375
1371	case oAddressFamily:	1376	case oAddressFamily:
1372	intptr = &options->address_family;	1377	intptr = &options->address_family;
1373	multistate_ptr = multistate_addressfamily;	1378	multistate_ptr = multistate_addressfamily;
Lines 1827-1832 initialize_options(Options * options) Link Here
1827	options->jump_extra = NULL;	1832	options->jump_extra = NULL;
1828	options->user = NULL;	1833	options->user = NULL;
1829	options->escape_char = -1;	1834	options->escape_char = -1;
		1835	options->escape_char_forward_menu = -1;
1830	options->num_system_hostfiles = 0;	1836	options->num_system_hostfiles = 0;
1831	options->num_user_hostfiles = 0;	1837	options->num_user_hostfiles = 0;
1832	options->local_forwards = NULL;	1838	options->local_forwards = NULL;
Lines 1995-2000 fill_default_options(Options * options) Link Here
1995	}	2001	}
1996	if (options->escape_char == -1)	2002	if (options->escape_char == -1)
1997	options->escape_char = '~';	2003	options->escape_char = '~';
		2004	if (options->escape_char_forward_menu == -1)
		2005	options->escape_char_forward_menu = 1;
1998	if (options->num_system_hostfiles == 0) {	2006	if (options->num_system_hostfiles == 0) {
1999	options->system_hostfiles[options->num_system_hostfiles++] =	2007	options->system_hostfiles[options->num_system_hostfiles++] =
2000	xstrdup(_PATH_SSH_SYSTEM_HOSTFILE);	2008	xstrdup(_PATH_SSH_SYSTEM_HOSTFILE);
Lines 2551-2556 dump_client_config(Options o, const char host) Link Here
2551	dump_cfg_fmtint(oVerifyHostKeyDNS, o->verify_host_key_dns);	2559	dump_cfg_fmtint(oVerifyHostKeyDNS, o->verify_host_key_dns);
2552	dump_cfg_fmtint(oVisualHostKey, o->visual_host_key);	2560	dump_cfg_fmtint(oVisualHostKey, o->visual_host_key);
2553	dump_cfg_fmtint(oUpdateHostkeys, o->update_hostkeys);	2561	dump_cfg_fmtint(oUpdateHostkeys, o->update_hostkeys);
		2562	dump_cfg_fmtint(oEscapeCharForwardMenu, o->escape_char_forward_menu);
2554		2563
2555	/* Integer options */	2564	/* Integer options */
2556	dump_cfg_int(oCanonicalizeMaxDots, o->canonicalize_max_dots);	2565	dump_cfg_int(oCanonicalizeMaxDots, o->canonicalize_max_dots);

Lines 80-85 typedef struct { Link Here

(-)a/readconf.h (+1 lines)
80	char proxy_command; / Proxy command for connecting the host. */	80	char proxy_command; / Proxy command for connecting the host. */
81	char user; / User to log in as. */	81	char user; / User to log in as. */
82	int escape_char; /* Escape character; -2 = none */	82	int escape_char; /* Escape character; -2 = none */
		83	int escape_char_forward_menu; /* Enable forward menu (~C). */
83		84
84	u_int num_system_hostfiles; /* Paths for /etc/ssh/ssh_known_hosts */	85	u_int num_system_hostfiles; /* Paths for /etc/ssh/ssh_known_hosts */
85	char *system_hostfiles[SSH_MAX_HOSTS_FILES];	86	char *system_hostfiles[SSH_MAX_HOSTS_FILES];

Lines 42-47 Link Here

(-)a/ssh_config (+1 lines)
42	# Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc	42	# Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc
43	# MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160	43	# MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160
44	# EscapeChar ~	44	# EscapeChar ~
		45	# EscapeCharForwardMenu yes
45	# Tunnel no	46	# Tunnel no
46	# TunnelDevice any:any	47	# TunnelDevice any:any
47	# PermitLocalCommand no	48	# PermitLocalCommand no




to disable the escape
character entirely (making the connection transparent for binary
data).
.It Cm EscapeCharForwardMenu
When you enter the EscapeChar cmdline (EscapeChar+C, default: ~C),
there is a menu which allows you to add or remove port forwardings.
This can be a security risk if you ssh into untrusted remote hosts.
If you use screen(1) or a terminal emulator that transports the escape
sequences back to the ssh client, an attacker might control
the menu and create tunnels into your local network.
The argument must be
.Cm yes
(the default)
or
.Cm no.
.It Cm ExitOnForwardFailure
Specifies whether
.Xr ssh 1
- 

Return to bug 2691

Lines 634-639 followed by a letter, or Link Here

(-)a/ssh_config.5 (-1 / +12 lines)
634	to disable the escape	634	to disable the escape
635	character entirely (making the connection transparent for binary	635	character entirely (making the connection transparent for binary
636	data).	636	data).
		637	.It Cm EscapeCharForwardMenu
		638	When you enter the EscapeChar cmdline (EscapeChar+C, default: ~C),
		639	there is a menu which allows you to add or remove port forwardings.
		640	This can be a security risk if you ssh into untrusted remote hosts.
		641	If you use screen(1) or a terminal emulator that transports the escape
		642	sequences back to the ssh client, an attacker might control
		643	the menu and create tunnels into your local network.
		644	The argument must be
		645	.Cm yes
		646	(the default)
		647	or
		648	.Cm no.
637	.It Cm ExitOnForwardFailure	649	.It Cm ExitOnForwardFailure
638	Specifies whether	650	Specifies whether
639	.Xr ssh 1	651	.Xr ssh 1
640	-