Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / openssh / 22376d27a349f62c502fec3396dfe0fdcb2a40b7
commit22376d27a349f62c502fec3396dfe0fdcb2a40b7[log] [tgz]
authordjm@openbsd.org <djm@openbsd.org>Sun Sep 03 23:33:13 2017 +0000
committerDamien Miller <djm@mindrot.org>Mon Sep 04 09:38:57 2017 +1000
tree8368234874273df676d62ffab3bfc184ef58405f
parentff3c42384033514e248ba5d7376aa033f4a2b99a [diff]
upstream commit

Expand ssh_config's StrictModes option with two new
settings:

StrictModes=accept-new will automatically accept hitherto-unseen keys
but will refuse connections for changed or invalid hostkeys.

StrictModes=off is the same as StrictModes=no

Motivation:

StrictModes=no combines two behaviours for host key processing:
automatically learning new hostkeys and continuing to connect to hosts
with invalid/changed hostkeys. The latter behaviour is quite dangerous
since it removes most of the protections the SSH protocol is supposed to
provide.

Quite a few users want to automatically learn hostkeys however, so
this makes that feature available with less danger.

At some point in the future, StrictModes=no will change to be a synonym
for accept-new, with its current behaviour remaining available via
StrictModes=off.

bz#2400, suggested by Michael Samuel; ok markus

Upstream-ID: 0f55502bf75fc93a74fb9853264a8276b9680b64
4 files changed
tree: 8368234874273df676d62ffab3bfc184ef58405f
  1. contrib/
  2. openbsd-compat/
  3. regress/
  4. .gitignore
  5. .skipped-commit-ids
  6. aclocal.m4
  7. addrmatch.c
  8. atomicio.c
  9. atomicio.h
  10. audit-bsm.c
  11. audit-linux.c
  12. audit.c
  13. audit.h
  14. auth-bsdauth.c
  15. auth-krb5.c
  16. auth-options.c
  17. auth-options.h
  18. auth-pam.c
  19. auth-pam.h
  20. auth-passwd.c
  21. auth-rhosts.c
  22. auth-shadow.c
  23. auth-sia.c
  24. auth-sia.h
  25. auth-skey.c
  26. auth.c
  27. auth.h
  28. auth2-chall.c
  29. auth2-gss.c
  30. auth2-hostbased.c
  31. auth2-kbdint.c
  32. auth2-none.c
  33. auth2-passwd.c
  34. auth2-pubkey.c
  35. auth2.c
  36. authfd.c
  37. authfd.h
  38. authfile.c
  39. authfile.h
  40. bitmap.c
  41. bitmap.h
  42. blocks.c
  43. bufaux.c
  44. bufbn.c
  45. bufec.c
  46. buffer.c
  47. buffer.h
  48. buildpkg.sh.in
  49. canohost.c
  50. canohost.h
  51. chacha.c
  52. chacha.h
  53. channels.c
  54. channels.h
  55. cipher-aes.c
  56. cipher-aesctr.c
  57. cipher-aesctr.h
  58. cipher-chachapoly.c
  59. cipher-chachapoly.h
  60. cipher-ctr.c
  61. cipher.c
  62. cipher.h
  63. cleanup.c
  64. clientloop.c
  65. clientloop.h
  66. compat.c
  67. compat.h
  68. config.guess
  69. config.sub
  70. configure.ac
  71. crc32.c
  72. crc32.h
  73. CREDITS
  74. crypto_api.h
  75. defines.h
  76. dh.c
  77. dh.h
  78. digest-libc.c
  79. digest-openssl.c
  80. digest.h
  81. dispatch.c
  82. dispatch.h
  83. dns.c
  84. dns.h
  85. ed25519.c
  86. entropy.c
  87. entropy.h
  88. fatal.c
  89. fe25519.c
  90. fe25519.h
  91. fixalgorithms
  92. fixpaths
  93. fixprogs
  94. ge25519.c
  95. ge25519.h
  96. ge25519_base.data
  97. groupaccess.c
  98. groupaccess.h
  99. gss-genr.c
  100. gss-serv-krb5.c
  101. gss-serv.c
  102. hash.c
  103. hmac.c
  104. hmac.h
  105. hostfile.c
  106. hostfile.h
  107. includes.h
  108. INSTALL
  109. install-sh
  110. kex.c
  111. kex.h
  112. kexc25519.c
  113. kexc25519c.c
  114. kexc25519s.c
  115. kexdh.c
  116. kexdhc.c
  117. kexdhs.c
  118. kexecdh.c
  119. kexecdhc.c
  120. kexecdhs.c
  121. kexgex.c
  122. kexgexc.c
  123. kexgexs.c
  124. key.c
  125. key.h
  126. krl.c
  127. krl.h
  128. LICENCE
  129. log.c
  130. log.h
  131. loginrec.c
  132. loginrec.h
  133. logintest.c
  134. mac.c
  135. mac.h
  136. Makefile.in
  137. match.c
  138. match.h
  139. md5crypt.c
  140. md5crypt.h
  141. mdoc2man.awk
  142. misc.c
  143. misc.h
  144. mkinstalldirs
  145. moduli
  146. moduli.5
  147. moduli.c
  148. monitor.c
  149. monitor.h
  150. monitor_fdpass.c
  151. monitor_fdpass.h
  152. monitor_wrap.c
  153. monitor_wrap.h
  154. msg.c
  155. msg.h
  156. mux.c
  157. myproposal.h
  158. nchan.c
  159. nchan.ms
  160. nchan2.ms
  161. opacket.c
  162. opacket.h
  163. openssh.xml.in
  164. opensshd.init.in
  165. OVERVIEW
  166. packet.c
  167. packet.h
  168. pathnames.h
  169. pkcs11.h
  170. platform-misc.c
  171. platform-pledge.c
  172. platform-tracing.c
  173. platform.c
  174. platform.h
  175. poly1305.c
  176. poly1305.h
  177. progressmeter.c
  178. progressmeter.h
  179. PROTOCOL
  180. PROTOCOL.agent
  181. PROTOCOL.certkeys
  182. PROTOCOL.chacha20poly1305
  183. PROTOCOL.key
  184. PROTOCOL.krl
  185. PROTOCOL.mux
  186. readconf.c
  187. readconf.h
  188. README
  189. README.dns
  190. README.platform
  191. README.privsep
  192. README.tun
  193. readpass.c
  194. rijndael.c
  195. rijndael.h
  196. sandbox-capsicum.c
  197. sandbox-darwin.c
  198. sandbox-null.c
  199. sandbox-pledge.c
  200. sandbox-rlimit.c
  201. sandbox-seccomp-filter.c
  202. sandbox-solaris.c
  203. sandbox-systrace.c
  204. sc25519.c
  205. sc25519.h
  206. scp.1
  207. scp.c
  208. servconf.c
  209. servconf.h
  210. serverloop.c
  211. serverloop.h
  212. session.c
  213. session.h
  214. sftp-client.c
  215. sftp-client.h
  216. sftp-common.c
  217. sftp-common.h
  218. sftp-glob.c
  219. sftp-server-main.c
  220. sftp-server.8
  221. sftp-server.c
  222. sftp.1
  223. sftp.c
  224. sftp.h
  225. smult_curve25519_ref.c
  226. ssh-add.1
  227. ssh-add.c
  228. ssh-agent.1
  229. ssh-agent.c
  230. ssh-dss.c
  231. ssh-ecdsa.c
  232. ssh-ed25519.c
  233. ssh-gss.h
  234. ssh-keygen.1
  235. ssh-keygen.c
  236. ssh-keyscan.1
  237. ssh-keyscan.c
  238. ssh-keysign.8
  239. ssh-keysign.c
  240. ssh-pkcs11-client.c
  241. ssh-pkcs11-helper.8
  242. ssh-pkcs11-helper.c
  243. ssh-pkcs11.c
  244. ssh-pkcs11.h
  245. ssh-rsa.c
  246. ssh-sandbox.h
  247. ssh.1
  248. ssh.c
  249. ssh.h
  250. ssh2.h
  251. ssh_api.c
  252. ssh_api.h
  253. ssh_config
  254. ssh_config.5
  255. sshbuf-getput-basic.c
  256. sshbuf-getput-crypto.c
  257. sshbuf-misc.c
  258. sshbuf.c
  259. sshbuf.h
  260. sshconnect.c
  261. sshconnect.h
  262. sshconnect2.c
  263. sshd.8
  264. sshd.c
  265. sshd_config
  266. sshd_config.5
  267. ssherr.c
  268. ssherr.h
  269. sshkey.c
  270. sshkey.h
  271. sshlogin.c
  272. sshlogin.h
  273. sshpty.c
  274. sshpty.h
  275. sshtty.c
  276. survey.sh.in
  277. TODO
  278. ttymodes.c
  279. ttymodes.h
  280. uidswap.c
  281. uidswap.h
  282. umac.c
  283. umac.h
  284. utf8.c
  285. utf8.h
  286. uuencode.c
  287. uuencode.h
  288. verify.c
  289. version.h
  290. xmalloc.c
  291. xmalloc.h