|
Line
Link Here
|
| 0 |
-- openssh.orig/ssh.c |
0 |
++ openssh/ssh.c |
|
Lines 592-597
Link Here
|
| 592 |
/* Fill configuration defaults. */ |
592 |
/* Fill configuration defaults. */ |
| 593 |
fill_default_options(&options); |
593 |
fill_default_options(&options); |
| 594 |
|
594 |
|
|
|
595 |
/* challenge-response implies kbdint */ |
| 596 |
if (options.challenge_response_authentication) |
| 597 |
options.kbd_interactive_authentication = 1; |
| 598 |
|
| 595 |
/* reinit */ |
599 |
/* reinit */ |
| 596 |
log_init(av[0], options.log_level, SYSLOG_FACILITY_USER, 1); |
600 |
log_init(av[0], options.log_level, SYSLOG_FACILITY_USER, 1); |
| 597 |
|
601 |
|
| 598 |
-- openssh.orig/sshconnect.c |
602 |
++ openssh/sshconnect.c |
|
Lines 726-739
Link Here
|
| 726 |
|
726 |
|
| 727 |
/* |
727 |
/* |
| 728 |
* If strict host key checking has not been requested, allow |
728 |
* If strict host key checking has not been requested, allow |
| 729 |
* the connection but without password authentication or |
729 |
* the connection but without password/kbdint authentication |
| 730 |
* agent forwarding. |
730 |
* or agent forwarding. |
| 731 |
*/ |
731 |
*/ |
| 732 |
if (options.password_authentication) { |
732 |
if (options.password_authentication) { |
| 733 |
error("Password authentication is disabled to avoid " |
733 |
error("Password authentication is disabled to avoid " |
| 734 |
"man-in-the-middle attacks."); |
734 |
"man-in-the-middle attacks."); |
| 735 |
options.password_authentication = 0; |
735 |
options.password_authentication = 0; |
| 736 |
} |
736 |
} |
|
|
737 |
if (options.kbd_interactive_authentication) { |
| 738 |
error("Keyboard-interactive authentication is disabled " |
| 739 |
"to avoid man-in-the-middle attacks."); |
| 740 |
options.kbd_interactive_authentication = 0; |
| 741 |
} |
| 737 |
if (options.forward_agent) { |
742 |
if (options.forward_agent) { |
| 738 |
error("Agent forwarding is disabled to avoid " |
743 |
error("Agent forwarding is disabled to avoid " |
| 739 |
"man-in-the-middle attacks."); |
744 |
"man-in-the-middle attacks."); |
| 740 |
-- openssh.orig/sshconnect2.c |
745 |
++ openssh/sshconnect2.c |
|
Lines 222-230
Link Here
|
| 222 |
Authctxt authctxt; |
222 |
Authctxt authctxt; |
| 223 |
int type; |
223 |
int type; |
| 224 |
|
224 |
|
| 225 |
if (options.challenge_response_authentication) |
|
|
| 226 |
options.kbd_interactive_authentication = 1; |
| 227 |
|
| 228 |
packet_start(SSH2_MSG_SERVICE_REQUEST); |
225 |
packet_start(SSH2_MSG_SERVICE_REQUEST); |
| 229 |
packet_put_cstring("ssh-userauth"); |
226 |
packet_put_cstring("ssh-userauth"); |
| 230 |
packet_send(); |
227 |
packet_send(); |