Date: Sat, 2 Feb 2019 00:54:40 +0000 (UTC) From: Steve Wills <swills@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r491908 - in head/sysutils/tmate: . files Message-ID: <201902020054.x120seOw017412@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: swills Date: Sat Feb 2 00:54:40 2019 New Revision: 491908 URL: https://svnweb.freebsd.org/changeset/ports/491908 Log: sysutils/tmate: support newer ssh key types While here, add debugging, remove built in server keys Added: head/sysutils/tmate/files/patch-options-table.c (contents, props changed) Modified: head/sysutils/tmate/Makefile (contents, props changed) head/sysutils/tmate/files/patch-tmate-ssh-client.c (contents, props changed) Modified: head/sysutils/tmate/Makefile ============================================================================== --- head/sysutils/tmate/Makefile Sat Feb 2 00:54:26 2019 (r491907) +++ head/sysutils/tmate/Makefile Sat Feb 2 00:54:40 2019 (r491908) @@ -2,7 +2,7 @@ PORTNAME= tmate PORTVERSION= 2.2.1 -PORTREVISION= 2 +PORTREVISION= 3 CATEGORIES= sysutils MAINTAINER= swills@FreeBSD.org Added: head/sysutils/tmate/files/patch-options-table.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/sysutils/tmate/files/patch-options-table.c Sat Feb 2 00:54:40 2019 (r491908) @@ -0,0 +1,40 @@ +--- options-table.c.orig 2016-03-29 03:30:07 UTC ++++ options-table.c +@@ -925,15 +925,34 @@ const struct options_table_entry options_table[] = { + { .name = "tmate-server-rsa-fingerprint", + .type = OPTIONS_TABLE_STRING, + .scope = OPTIONS_TABLE_SERVER, +- .default_str = "af:2d:81:c1:fe:49:70:2d:7f:09:a9:d7:4b:32:e3:be" ++ .default_str = "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, + + { .name = "tmate-server-ecdsa-fingerprint", + .type = OPTIONS_TABLE_STRING, + .scope = OPTIONS_TABLE_SERVER, +- .default_str = "c7:a1:51:36:d2:bb:35:4b:0a:1a:c0:43:97:74:ea:42" ++ .default_str = "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" + }, +- ++ { .name = "tmate-server-dss-fingerprint", ++ .type = OPTIONS_TABLE_STRING, ++ .scope = OPTIONS_TABLE_SERVER, ++ .default_str = "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" ++ }, ++ { .name = "tmate-server-ed25519-fingerprint", ++ .type = OPTIONS_TABLE_STRING, ++ .scope = OPTIONS_TABLE_SERVER, ++ .default_str = "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" ++ }, ++ { .name = "tmate-server-dss-cert01-fingerprint", ++ .type = OPTIONS_TABLE_STRING, ++ .scope = OPTIONS_TABLE_SERVER, ++ .default_str = "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" ++ }, ++ { .name = "tmate-server-rsa-cert01-fingerprint", ++ .type = OPTIONS_TABLE_STRING, ++ .scope = OPTIONS_TABLE_SERVER, ++ .default_str = "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" ++ }, + { .name = "tmate-display-time", + .type = OPTIONS_TABLE_NUMBER, + .scope = OPTIONS_TABLE_SESSION, Modified: head/sysutils/tmate/files/patch-tmate-ssh-client.c ============================================================================== --- head/sysutils/tmate/files/patch-tmate-ssh-client.c Sat Feb 2 00:54:26 2019 (r491907) +++ head/sysutils/tmate/files/patch-tmate-ssh-client.c Sat Feb 2 00:54:40 2019 (r491908) @@ -8,3 +8,95 @@ #include "tmate.h" #include "window-copy.h" +@@ -195,6 +196,7 @@ static void on_ssh_client_event(struct tmate_ssh_clien + ssize_t hash_len; + char *hash_str; + const char *server_hash_str; ++ const char *key_type_name; + int match; + + int verbosity = SSH_LOG_NOLOG + log_get_level(); +@@ -257,43 +259,80 @@ static void on_ssh_client_event(struct tmate_ssh_clien + } + + case SSH_AUTH_SERVER: ++ tmate_debug("Starting SSH_AUTH_SERVER"); + if (ssh_get_publickey(session, &pubkey) < 0) + tmate_fatal("ssh_get_publickey"); + +- if (ssh_get_publickey_hash(pubkey, SSH_PUBLICKEY_HASH_MD5, &hash, &hash_len) < 0) { ++ if (ssh_get_publickey_hash(pubkey, SSH_PUBLICKEY_HASH_SHA1, &hash, &hash_len) < 0) { ++ tmate_debug("failed to get public key hash"); + kill_ssh_client(client, "Cannot authenticate server"); + return; + } ++ tmate_debug("got public key hash"); + + hash_str = ssh_get_hexa(hash, hash_len); + if (!hash_str) + tmate_fatal("malloc failed"); + + key_type = ssh_key_type(pubkey); ++ key_type_name = ssh_key_type_to_char(key_type); ++ if (key_type_name == NULL) { ++ tmate_debug("failed to get public key type name"); ++ return; ++ } + + switch (key_type) { + case SSH_KEYTYPE_RSA: + server_hash_str = options_get_string(global_options, + "tmate-server-rsa-fingerprint"); ++ tmate_debug("found rsa fingerprint"); + break; + case SSH_KEYTYPE_ECDSA: + server_hash_str = options_get_string(global_options, + "tmate-server-ecdsa-fingerprint"); ++ tmate_debug("found ecdsa fingerprint"); + break; ++ case SSH_KEYTYPE_DSS: ++ server_hash_str = options_get_string(global_options, ++ "tmate-server-dss-fingerprint"); ++ tmate_debug("found dss fingerprint"); ++ break; ++ case SSH_KEYTYPE_ED25519: ++ server_hash_str = options_get_string(global_options, ++ "tmate-server-ed25519-fingerprint"); ++ tmate_debug("found ed25519 fingerprint"); ++ break; ++ case SSH_KEYTYPE_DSS_CERT01: ++ server_hash_str = options_get_string(global_options, ++ "tmate-server-dss-cert01-fingerprint"); ++ tmate_debug("found dss_cert01 fingerprint"); ++ break; ++ case SSH_KEYTYPE_RSA_CERT01: ++ server_hash_str = options_get_string(global_options, ++ "tmate-server-rsa-cert01-fingerprint"); ++ tmate_debug("found rsa_cert01 fingerprint"); ++ break; ++ case SSH_KEYTYPE_UNKNOWN: ++ tmate_debug("found unknown fingerprint?"); ++ break; + default: + server_hash_str = ""; ++ tmate_debug("found no fingerprint?"); + } + + match = !strcmp(hash_str, server_hash_str); + + ssh_key_free(pubkey); + ssh_clean_pubkey_hash(&hash); +- free(hash_str); + + if (!match) { +- kill_ssh_client(client, "Cannot authenticate server"); ++ tmate_debug("Key mismatch: type: %s expected: %s found: %s", key_type_name, server_hash_str, hash_str); ++ kill_ssh_client(client, "Cannot authenticate server: Key mismatch: type: %s expected: %s found: %s", key_type_name, server_hash_str, hash_str); ++ free(hash_str); + return; + } ++ ++ free(hash_str); + + /* + * At this point, we abort other connection attempts to the
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201902020054.x120seOw017412>