Bugzilla – Attachment 314 Details for
Bug 580
disable kbdint if host key mismatch
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
disable kbdint on host key mismatch
d (text/plain), 1.61 KB, created by
Frank Cusack
on 2003-05-30 13:39:23 AEST
(
hide
)
Description:
disable kbdint on host key mismatch
Filename:
MIME Type:
Creator:
Frank Cusack
Created:
2003-05-30 13:39:23 AEST
Size:
1.61 KB
patch
obsolete
> > Disable kbdint if host key doesn't match. This matches behavior > for password auth. > >--- openssh.orig/ssh.c >+++ openssh/ssh.c >@@ -592,6 +592,10 @@ > /* Fill configuration defaults. */ > fill_default_options(&options); > >+ /* challenge-response implies kbdint */ >+ if (options.challenge_response_authentication) >+ options.kbd_interactive_authentication = 1; >+ > /* reinit */ > log_init(av[0], options.log_level, SYSLOG_FACILITY_USER, 1); > > >--- openssh.orig/sshconnect.c >+++ openssh/sshconnect.c >@@ -726,14 +726,20 @@ > > /* > * If strict host key checking has not been requested, allow >- * the connection but without password authentication or >- * agent forwarding. >+ * the connection but without password/kbdint authentication >+ * or agent forwarding. > */ > if (options.password_authentication) { > error("Password authentication is disabled to avoid " > "man-in-the-middle attacks."); > options.password_authentication = 0; > } >+ if (options.kbd_interactive_authentication) { >+ error("Keyboard-interactive authentication is disabled " >+ "to avoid man-in-the-middle attacks."); >+ options.kbd_interactive_authentication = 0; >+ options.challenge_response_authentication = 0; >+ } > if (options.forward_agent) { > error("Agent forwarding is disabled to avoid " > "man-in-the-middle attacks."); > >--- openssh.orig/sshconnect2.c >+++ openssh/sshconnect2.c >@@ -222,9 +222,6 @@ > Authctxt authctxt; > int type; > >- if (options.challenge_response_authentication) >- options.kbd_interactive_authentication = 1; >- > packet_start(SSH2_MSG_SERVICE_REQUEST); > packet_put_cstring("ssh-userauth"); > packet_send();
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=314">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 580
:
314
|
315