Apply FreeBSD's configuration defaults.

Sponsored by: DARPA, NAI Labs
svn path=/head/; revision=99048
2002-06-29 10:51:56 +00:00 · 2002-06-29 10:51:56 +00:00 · 975616f046 · 2020-12-20 02:59:44 +00:00
commit 975616f046
parent db58a8e40c
3 changed files with 34 additions and 10 deletions
--- a/crypto/openssh/myproposal.h
+++ b/crypto/openssh/myproposal.h
@ -1,4 +1,5 @@
 /*	$OpenBSD: myproposal.h,v 1.14 2002/04/03 09:26:11 markus Exp $	*/
+/*	$FreeBSD$	*/

 /*
 * Copyright (c) 2000 Markus Friedl.  All rights reserved.
@ -24,7 +25,7 @@
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
 #define KEX_DEFAULT_KEX		"diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1"
-#define	KEX_DEFAULT_PK_ALG	"ssh-rsa,ssh-dss"
+#define	KEX_DEFAULT_PK_ALG	"ssh-dss,ssh-rsa"
 #define	KEX_DEFAULT_ENCRYPT \
 	"aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour," \
 	"aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se"
--- a/crypto/openssh/readconf.c
+++ b/crypto/openssh/readconf.c
@ -13,6 +13,7 @@

 #include "includes.h"
 RCSID("$OpenBSD: readconf.c,v 1.100 2002/06/19 00:27:55 deraadt Exp $");
+RCSID("$FreeBSD$");

 #include "ssh.h"
 #include "xmalloc.h"
@ -114,6 +115,7 @@ typedef enum {
 	oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,
 	oHostKeyAlgorithms, oBindAddress, oSmartcardDevice,
 	oClearAllForwardings, oNoHostAuthenticationForLocalhost,
+	oVersionAddendum,
 	oDeprecated
 } OpCodes;

@ -186,6 +188,7 @@ static struct {
 	{ "smartcarddevice", oSmartcardDevice },
 	{ "clearallforwardings", oClearAllForwardings },
 	{ "nohostauthenticationforlocalhost", oNoHostAuthenticationForLocalhost },
+	{ "versionaddendum", oVersionAddendum },
 	{ NULL, oBadOption }
 };

@ -669,6 +672,13 @@ process_config_line(Options *options, const char *host,
 			*intptr = value;
 		break;

+	case oVersionAddendum:
+		ssh_version_set_addendum(strtok(s, "\n"));
+		do {
+			arg = strdelim(&s);
+		} while (arg != NULL && *arg != '\0');
+		break;
+
 	case oDeprecated:
 		debug("%s line %d: Deprecated option \"%s\"",
 		    filename, linenum, keyword);
@ -846,7 +856,7 @@ fill_default_options(Options * options)
 	if (options->batch_mode == -1)
 		options->batch_mode = 0;
 	if (options->check_host_ip == -1)
-		options->check_host_ip = 1;
+		options->check_host_ip = 0;
 	if (options->strict_host_key_checking == -1)
 		options->strict_host_key_checking = 2;	/* 2 is default */
 	if (options->compression == -1)
--- a/crypto/openssh/servconf.c
+++ b/crypto/openssh/servconf.c
@ -11,13 +11,14 @@

 #include "includes.h"
 RCSID("$OpenBSD: servconf.c,v 1.111 2002/06/20 23:05:55 markus Exp $");
+RCSID("$FreeBSD$");

 #if defined(KRB4)
 #include <krb.h>
 #endif
 #if defined(KRB5)
 #ifdef HEIMDAL
-#include <krb.h>
+#include <krb5.h>
 #else
 /* Bodge - but then, so is using the kerberos IV KEYFILE to get a Kerberos V
 * keytab */
@ -143,8 +144,6 @@ fill_default_server_options(ServerOptions *options)
 			options->host_key_files[options->num_host_key_files++] =
 			    _PATH_HOST_KEY_FILE;
 		if (options->protocol & SSH_PROTO_2) {
-			options->host_key_files[options->num_host_key_files++] =
-			    _PATH_HOST_RSA_KEY_FILE;
 			options->host_key_files[options->num_host_key_files++] =
 			    _PATH_HOST_DSA_KEY_FILE;
 		}
@ -158,11 +157,11 @@ fill_default_server_options(ServerOptions *options)
 	if (options->server_key_bits == -1)
 		options->server_key_bits = 768;
 	if (options->login_grace_time == -1)
-		options->login_grace_time = 600;
+		options->login_grace_time = 120;
 	if (options->key_regeneration_time == -1)
 		options->key_regeneration_time = 3600;
 	if (options->permit_root_login == PERMIT_NOT_SET)
-		options->permit_root_login = PERMIT_YES;
+		options->permit_root_login = PERMIT_NO;
 	if (options->ignore_rhosts == -1)
 		options->ignore_rhosts = 1;
 	if (options->ignore_user_known_hosts == -1)
@ -172,7 +171,7 @@ fill_default_server_options(ServerOptions *options)
 	if (options->print_lastlog == -1)
 		options->print_lastlog = 1;
 	if (options->x11_forwarding == -1)
-		options->x11_forwarding = 0;
+		options->x11_forwarding = 1;
 	if (options->x11_display_offset == -1)
 		options->x11_display_offset = 10;
 	if (options->x11_use_localhost == -1)
@ -199,9 +198,21 @@ fill_default_server_options(ServerOptions *options)
 		options->rsa_authentication = 1;
 	if (options->pubkey_authentication == -1)
 		options->pubkey_authentication = 1;
-#if defined(KRB4) || defined(KRB5)
+#if defined(KRB4) && defined(KRB5)
+        if (options->kerberos_authentication == -1)
+                options->kerberos_authentication =
+                    (access(KEYFILE, R_OK) == 0 ||
+		    access(krb5_defkeyname, R_OK) == 0);
+#elif defined(KRB4)
+        if (options->kerberos_authentication == -1)
+                options->kerberos_authentication =
+		    (access(KEYFILE, R_OK) == 0);
+#elif defined(KRB5)
 	if (options->kerberos_authentication == -1)
-		options->kerberos_authentication = 0;
+                options->kerberos_authentication =
+                    (access(krb5_defkeyname, R_OK) == 0);
+#endif
+#if defined(KRB4) || defined(KRB5)
 	if (options->kerberos_or_local_passwd == -1)
 		options->kerberos_or_local_passwd = 1;
 	if (options->kerberos_ticket_cleanup == -1)
@ -309,7 +320,9 @@ static struct {
 	ServerOpCodes opcode;
 } keywords[] = {
 	/* Portable-specific options */
+#if 0
 	{ "PAMAuthenticationViaKbdInt", sPAMAuthenticationViaKbdInt },
+#endif
 	/* Standard Options */
 	{ "port", sPort },
 	{ "hostkey", sHostKeyFile },