Re: Locking down ssh config in large env

From: David M. Andersen (danderse_at_uncc.edu)
Date: 09/30/04

  • Next message: Bill Edison: "Re: Using wrappers w/ssh" 
    Date: Wed, 29 Sep 2004 20:05:55 -0400
To: secureshell@securityfocus.com

    You could easily do something like this:

    diff -r -u openssh-3.8.1p1/ssh.c openssh-3.8.1p1-patched/ssh.c
    --- openssh-3.8.1p1/ssh.c 2004-03-21 17:36:01.000000000 -0500
    +++ openssh-3.8.1p1-patched/ssh.c 2004-09-29 20:03:07.305991536 -0400
    @@ -168,7 +168,7 @@
            int i, opt, exit_status;
            u_short fwd_port, fwd_host_port;
            char sfwd_port[6], sfwd_host_port[6];
    - char *p, *cp, *line, buf[256];
    + char *p, *cp, buf[256];
            struct stat st;
            struct passwd *pw;
            int dummy;
    @@ -422,12 +422,8 @@
                            no_tty_flag = 1;
                            break;
                    case 'o':
    + /* Silently discard any config options on the
    command line. */
                            dummy = 1;
    - line = xstrdup(optarg);
    - if (process_config_line(&options, host ? host : "",
    - line, "command-line", 0, &dummy) != 0)
    - exit(1);
    - xfree(line);
                            break;
                    case 's':
                            subsystem_flag = 1;
    @@ -521,22 +517,8 @@
            log_init(av[0], options.log_level == -1 ? SYSLOG_LEVEL_INFO :
    options.log_level,
                SYSLOG_FACILITY_USER, 1);

    - /*
    - * Read per-user configuration file. Ignore the system wide config
    - * file if the user specifies a config file on the command line.
    - */
    - if (config != NULL) {
    - if (!read_config_file(config, host, &options))
    - fatal("Can't open user config file %.100s: "
    - "%.100s", config, strerror(errno));
    - } else {
    - snprintf(buf, sizeof buf, "%.100s/%.100s", pw->pw_dir,
    - _PATH_SSH_USER_CONFFILE);
    - (void)read_config_file(buf, host, &options);
    -
    - /* Read systemwide configuration file after use config. */
    - (void)read_config_file(_PATH_HOST_CONFIG_FILE, host,
    &options);
    - }
    + /* Read systemwide configuration file. Ignore any user
    configuration. */
    + (void)read_config_file(_PATH_HOST_CONFIG_FILE, host, &options);

            /* Fill configuration defaults. */
            fill_default_options(&options);

    This should put it in some sort of nazi mode.
    Also look at "IgnoreUserKnownHosts" in the sshd_config man page.

    Atro Tossavainen wrote:

    >Robert Hajime Lanning wrote:
    >
    >
    >
    >>Actually if the .ssh directory is owned by root (and everything in it)
    >>with the user not having write access to it, the user cannot delete the
    >>.ssh directory.
    >>
    >>
    >
    >I have just confirmed this on Linux. You neglected to mention that
    >the user can rename such a directory, which (while not removing the
    >actual contents of those files) accomplishes the desired effect none-
    >theless as the user can proceed to create their own .ssh directory.
    >
    >
    >

  • Next message: Bill Edison: "Re: Using wrappers w/ssh"