1
0
mirror of https://git.FreeBSD.org/src.git synced 2024-11-28 08:02:54 +00:00

Apply FreeBSD's configuration defaults.

Sponsored by:	DARPA, NAI Labs
This commit is contained in:
Dag-Erling Smørgrav 2002-06-29 10:51:56 +00:00
parent db58a8e40c
commit 975616f046
Notes: svn2git 2020-12-20 02:59:44 +00:00
svn path=/head/; revision=99048
3 changed files with 34 additions and 10 deletions

View File

@ -1,4 +1,5 @@
/* $OpenBSD: myproposal.h,v 1.14 2002/04/03 09:26:11 markus Exp $ */
/* $FreeBSD$ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
@ -24,7 +25,7 @@
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#define KEX_DEFAULT_KEX "diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1"
#define KEX_DEFAULT_PK_ALG "ssh-rsa,ssh-dss"
#define KEX_DEFAULT_PK_ALG "ssh-dss,ssh-rsa"
#define KEX_DEFAULT_ENCRYPT \
"aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour," \
"aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se"

View File

@ -13,6 +13,7 @@
#include "includes.h"
RCSID("$OpenBSD: readconf.c,v 1.100 2002/06/19 00:27:55 deraadt Exp $");
RCSID("$FreeBSD$");
#include "ssh.h"
#include "xmalloc.h"
@ -114,6 +115,7 @@ typedef enum {
oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,
oHostKeyAlgorithms, oBindAddress, oSmartcardDevice,
oClearAllForwardings, oNoHostAuthenticationForLocalhost,
oVersionAddendum,
oDeprecated
} OpCodes;
@ -186,6 +188,7 @@ static struct {
{ "smartcarddevice", oSmartcardDevice },
{ "clearallforwardings", oClearAllForwardings },
{ "nohostauthenticationforlocalhost", oNoHostAuthenticationForLocalhost },
{ "versionaddendum", oVersionAddendum },
{ NULL, oBadOption }
};
@ -669,6 +672,13 @@ process_config_line(Options *options, const char *host,
*intptr = value;
break;
case oVersionAddendum:
ssh_version_set_addendum(strtok(s, "\n"));
do {
arg = strdelim(&s);
} while (arg != NULL && *arg != '\0');
break;
case oDeprecated:
debug("%s line %d: Deprecated option \"%s\"",
filename, linenum, keyword);
@ -846,7 +856,7 @@ fill_default_options(Options * options)
if (options->batch_mode == -1)
options->batch_mode = 0;
if (options->check_host_ip == -1)
options->check_host_ip = 1;
options->check_host_ip = 0;
if (options->strict_host_key_checking == -1)
options->strict_host_key_checking = 2; /* 2 is default */
if (options->compression == -1)

View File

@ -11,13 +11,14 @@
#include "includes.h"
RCSID("$OpenBSD: servconf.c,v 1.111 2002/06/20 23:05:55 markus Exp $");
RCSID("$FreeBSD$");
#if defined(KRB4)
#include <krb.h>
#endif
#if defined(KRB5)
#ifdef HEIMDAL
#include <krb.h>
#include <krb5.h>
#else
/* Bodge - but then, so is using the kerberos IV KEYFILE to get a Kerberos V
* keytab */
@ -143,8 +144,6 @@ fill_default_server_options(ServerOptions *options)
options->host_key_files[options->num_host_key_files++] =
_PATH_HOST_KEY_FILE;
if (options->protocol & SSH_PROTO_2) {
options->host_key_files[options->num_host_key_files++] =
_PATH_HOST_RSA_KEY_FILE;
options->host_key_files[options->num_host_key_files++] =
_PATH_HOST_DSA_KEY_FILE;
}
@ -158,11 +157,11 @@ fill_default_server_options(ServerOptions *options)
if (options->server_key_bits == -1)
options->server_key_bits = 768;
if (options->login_grace_time == -1)
options->login_grace_time = 600;
options->login_grace_time = 120;
if (options->key_regeneration_time == -1)
options->key_regeneration_time = 3600;
if (options->permit_root_login == PERMIT_NOT_SET)
options->permit_root_login = PERMIT_YES;
options->permit_root_login = PERMIT_NO;
if (options->ignore_rhosts == -1)
options->ignore_rhosts = 1;
if (options->ignore_user_known_hosts == -1)
@ -172,7 +171,7 @@ fill_default_server_options(ServerOptions *options)
if (options->print_lastlog == -1)
options->print_lastlog = 1;
if (options->x11_forwarding == -1)
options->x11_forwarding = 0;
options->x11_forwarding = 1;
if (options->x11_display_offset == -1)
options->x11_display_offset = 10;
if (options->x11_use_localhost == -1)
@ -199,9 +198,21 @@ fill_default_server_options(ServerOptions *options)
options->rsa_authentication = 1;
if (options->pubkey_authentication == -1)
options->pubkey_authentication = 1;
#if defined(KRB4) || defined(KRB5)
#if defined(KRB4) && defined(KRB5)
if (options->kerberos_authentication == -1)
options->kerberos_authentication =
(access(KEYFILE, R_OK) == 0 ||
access(krb5_defkeyname, R_OK) == 0);
#elif defined(KRB4)
if (options->kerberos_authentication == -1)
options->kerberos_authentication =
(access(KEYFILE, R_OK) == 0);
#elif defined(KRB5)
if (options->kerberos_authentication == -1)
options->kerberos_authentication = 0;
options->kerberos_authentication =
(access(krb5_defkeyname, R_OK) == 0);
#endif
#if defined(KRB4) || defined(KRB5)
if (options->kerberos_or_local_passwd == -1)
options->kerberos_or_local_passwd = 1;
if (options->kerberos_ticket_cleanup == -1)
@ -309,7 +320,9 @@ static struct {
ServerOpCodes opcode;
} keywords[] = {
/* Portable-specific options */
#if 0
{ "PAMAuthenticationViaKbdInt", sPAMAuthenticationViaKbdInt },
#endif
/* Standard Options */
{ "port", sPort },
{ "hostkey", sHostKeyFile },