代码拉取完成,页面将自动刷新
同步操作将从 src-openEuler/openssh 强制同步,此操作会覆盖自 Fork 仓库以来所做的任何修改,且无法恢复!!!
确定后同步将在后台操作,完成时将刷新页面,请耐心等待。
Conflict:NA
Reference:https://github.com/openssh/openssh-portable/pull/258/files
---
readconf.c | 11 ++++++++++-
readconf.h | 2 ++
scp.1 | 1 +
sftp.1 | 1 +
ssh.1 | 1 +
ssh_config | 1 +
ssh_config.5 | 7 +++++++
sshconnect2.c | 13 ++++++++++++-
8 files changed, 35 insertions(+), 2 deletions(-)
diff --git a/readconf.c b/readconf.c
index d25f983..45c1c22 100644
--- a/readconf.c
+++ b/readconf.c
@@ -157,7 +157,7 @@ typedef enum {
oLogFacility, oLogLevel, oLogVerbose, oCiphers, oMacs,
oPubkeyAuthentication,
oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias,
- oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,
+ oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication, oDisableTrivialAuth,
oHostKeyAlgorithms, oBindAddress, oBindInterface, oPKCS11Provider,
oClearAllForwardings, oNoHostAuthenticationForLocalhost,
oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout,
@@ -250,6 +250,7 @@ static struct {
{ "pubkeyauthentication", oPubkeyAuthentication },
{ "dsaauthentication", oPubkeyAuthentication }, /* alias */
{ "hostbasedauthentication", oHostbasedAuthentication },
+ { "disabletrivialauth", oDisableTrivialAuth},
{ "identityfile", oIdentityFile },
{ "identityfile2", oIdentityFile }, /* obsolete */
{ "identitiesonly", oIdentitiesOnly },
@@ -1124,6 +1125,10 @@ parse_time:
intptr = &options->hostbased_authentication;
goto parse_flag;
+ case oDisableTrivialAuth:
+ intptr = &options->disable_trivial_auth;
+ goto parse_flag;
+
case oGssAuthentication:
intptr = &options->gss_authentication;
goto parse_flag;
@@ -2392,6 +2397,7 @@ initialize_options(Options * options)
options->kbd_interactive_authentication = -1;
options->kbd_interactive_devices = NULL;
options->hostbased_authentication = -1;
+ options->disable_trivial_auth = -1;
options->batch_mode = -1;
options->check_host_ip = -1;
options->strict_host_key_checking = -1;
@@ -2562,6 +2568,8 @@ fill_default_options(Options * options)
options->kbd_interactive_authentication = 1;
if (options->hostbased_authentication == -1)
options->hostbased_authentication = 0;
+ if (options->disable_trivial_auth == -1)
+ options->disable_trivial_auth = 0;
if (options->batch_mode == -1)
options->batch_mode = 0;
if (options->check_host_ip == -1)
@@ -3362,6 +3370,7 @@ dump_client_config(Options *o, const char *host)
#endif /* GSSAPI */
dump_cfg_fmtint(oHashKnownHosts, o->hash_known_hosts);
dump_cfg_fmtint(oHostbasedAuthentication, o->hostbased_authentication);
+ dump_cfg_fmtint(oDisableTrivialAuth, o->disable_trivial_auth);
dump_cfg_fmtint(oIdentitiesOnly, o->identities_only);
dump_cfg_fmtint(oKbdInteractiveAuthentication, o->kbd_interactive_authentication);
dump_cfg_fmtint(oNoHostAuthenticationForLocalhost, o->no_host_authentication_for_localhost);
diff --git a/readconf.h b/readconf.h
index 00895ad..b391bd6 100644
--- a/readconf.h
+++ b/readconf.h
@@ -38,6 +38,8 @@ typedef struct {
struct ForwardOptions fwd_opts; /* forwarding options */
int pubkey_authentication; /* Try ssh2 pubkey authentication. */
int hostbased_authentication; /* ssh2's rhosts_rsa */
+
+ int disable_trivial_auth; /* disable trivial authentications */
int gss_authentication; /* Try GSS authentication */
int gss_keyex; /* Try GSS key exchange */
int gss_deleg_creds; /* Delegate GSS credentials */
diff --git a/scp.1 b/scp.1
index 874c5c2..e1f8191 100644
--- a/scp.1
+++ b/scp.1
@@ -187,6 +187,7 @@ For full details of the options listed below, and their possible values, see
.It Host
.It HostbasedAcceptedAlgorithms
.It HostbasedAuthentication
+.It DisableTrivialAuth
.It HostKeyAlgorithms
.It HostKeyAlias
.It Hostname
diff --git a/sftp.1 b/sftp.1
index 7eebeea..89b6773 100644
--- a/sftp.1
+++ b/sftp.1
@@ -247,6 +247,7 @@ For full details of the options listed below, and their possible values, see
.It Host
.It HostbasedAcceptedAlgorithms
.It HostbasedAuthentication
+.It DisableTrivialAuth
.It HostKeyAlgorithms
.It HostKeyAlias
.It Hostname
diff --git a/ssh.1 b/ssh.1
index 975ab39..1cb8d5c 100644
--- a/ssh.1
+++ b/ssh.1
@@ -541,6 +541,7 @@ For full details of the options listed below, and their possible values, see
.It Host
.It HostbasedAcceptedAlgorithms
.It HostbasedAuthentication
+.It DisableTrivialAuth
.It HostKeyAlgorithms
.It HostKeyAlias
.It Hostname
diff --git a/ssh_config b/ssh_config
index b3a4922..169f30c 100644
--- a/ssh_config
+++ b/ssh_config
@@ -22,6 +22,7 @@
# ForwardX11 no
# PasswordAuthentication yes
# HostbasedAuthentication no
+# DisableTrivialAuth no
# GSSAPIAuthentication no
# GSSAPIDelegateCredentials no
# GSSAPIKeyExchange no
diff --git a/ssh_config.5 b/ssh_config.5
index 6735401..fd82e05 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -955,6 +955,13 @@ The argument must be
or
.Cm no
(the default).
+.It Cm DisableTrivialAuth
+Disables trivial or incomplete authentications.
+The argument must be
+.Cm yes
+or
+.Cm no
+(the default).
.It Cm HostKeyAlgorithms
Specifies the host key signature algorithms
that the client wants to use in order of preference.
diff --git a/sshconnect2.c b/sshconnect2.c
index e90eb89..150d419 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -403,6 +403,7 @@ struct identity {
TAILQ_HEAD(idlist, identity);
struct cauthctxt {
+ int is_trivial_auth;
const char *server_user;
const char *local_user;
const char *host;
@@ -531,6 +532,7 @@ ssh_userauth2(struct ssh *ssh, const char *local_user,
/* setup authentication context */
memset(&authctxt, 0, sizeof(authctxt));
authctxt.server_user = server_user;
+ authctxt.is_trivial_auth = 1;
authctxt.local_user = local_user;
authctxt.host = host;
authctxt.service = "ssh-connection"; /* service name */
@@ -570,6 +572,10 @@ ssh_userauth2(struct ssh *ssh, const char *local_user,
if (!authctxt.success)
fatal("Authentication failed.");
+ if (authctxt.is_trivial_auth == 1 && options.disable_trivial_auth == 1) {
+ fatal("Trivial authentication disabled.");
+ }
+ debug("Authentication succeeded (%s).", authctxt.method->name);
if (ssh_packet_connection_is_on_socket(ssh)) {
verbose("Authenticated to %s ([%s]:%d) using \"%s\".", host,
ssh_remote_ipaddr(ssh), ssh_remote_port(ssh),
@@ -968,6 +974,7 @@ process_gssapi_token(struct ssh *ssh, gss_buffer_t recv_tok)
fatal_fr(r, "send %u packet", type);
gss_release_buffer(&ms, &send_tok);
+ authctxt->is_trivial_auth = 0;
}
if (status == GSS_S_COMPLETE) {
@@ -1213,6 +1220,7 @@ static int
userauth_passwd(struct ssh *ssh)
{
Authctxt *authctxt = (Authctxt *)ssh->authctxt;
+ authctxt->is_trivial_auth = 0;
char *password, *prompt = NULL;
const char *host = options.host_key_alias ? options.host_key_alias :
authctxt->host;
@@ -2023,8 +2031,10 @@ userauth_pubkey(struct ssh *ssh)
id->isprivate = 0;
}
}
- if (sent)
+ if (sent) {
+ authctxt->is_trivial_auth = 0;
return (sent);
+ }
}
return (0);
}
@@ -2105,6 +2115,7 @@ input_userauth_info_req(int type, u_int32_t seq, struct ssh *ssh)
debug2_f("num_prompts %d", num_prompts);
for (i = 0; i < num_prompts; i++) {
+ authctxt->is_trivial_auth = 0;
if ((r = sshpkt_get_cstring(ssh, &prompt, NULL)) != 0 ||
(r = sshpkt_get_u8(ssh, &echo)) != 0)
goto out;
--
2.27.0
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。
马建仓 AI 助手