fix various issues in openssh-5.9p1-required-authentications.patch

This commit is contained in:
Petr Lautrbach 2012-03-30 19:29:02 +02:00
parent 22f0191d84
commit 5bad1d43cf

View File

@ -1,6 +1,6 @@
diff -up openssh-5.9p1/auth.c.required-authentication openssh-5.9p1/auth.c diff -up openssh-5.9p1/auth.c.required-authentication openssh-5.9p1/auth.c
--- openssh-5.9p1/auth.c.required-authentication 2012-02-06 17:03:51.034158031 +0100 --- openssh-5.9p1/auth.c.required-authentication 2012-03-30 18:37:59.990184619 +0200
+++ openssh-5.9p1/auth.c 2012-02-06 17:03:55.007830206 +0100 +++ openssh-5.9p1/auth.c 2012-03-30 18:38:00.003189876 +0200
@@ -251,7 +251,8 @@ allowed_user(struct passwd * pw) @@ -251,7 +251,8 @@ allowed_user(struct passwd * pw)
} }
@ -92,7 +92,7 @@ diff -up openssh-5.9p1/auth.c.required-authentication openssh-5.9p1/auth.c
+} +}
diff -up openssh-5.9p1/auth.h.required-authentication openssh-5.9p1/auth.h diff -up openssh-5.9p1/auth.h.required-authentication openssh-5.9p1/auth.h
--- openssh-5.9p1/auth.h.required-authentication 2011-05-29 13:39:38.000000000 +0200 --- openssh-5.9p1/auth.h.required-authentication 2011-05-29 13:39:38.000000000 +0200
+++ openssh-5.9p1/auth.h 2012-02-06 17:03:55.008839468 +0100 +++ openssh-5.9p1/auth.h 2012-03-30 18:38:00.003189876 +0200
@@ -142,10 +142,11 @@ void disable_forwarding(void); @@ -142,10 +142,11 @@ void disable_forwarding(void);
void do_authentication(Authctxt *); void do_authentication(Authctxt *);
void do_authentication2(Authctxt *); void do_authentication2(Authctxt *);
@ -122,7 +122,7 @@ diff -up openssh-5.9p1/auth.h.required-authentication openssh-5.9p1/auth.h
diff -up openssh-5.9p1/auth1.c.required-authentication openssh-5.9p1/auth1.c diff -up openssh-5.9p1/auth1.c.required-authentication openssh-5.9p1/auth1.c
--- openssh-5.9p1/auth1.c.required-authentication 2010-08-31 14:36:39.000000000 +0200 --- openssh-5.9p1/auth1.c.required-authentication 2010-08-31 14:36:39.000000000 +0200
+++ openssh-5.9p1/auth1.c 2012-02-06 17:03:55.055811924 +0100 +++ openssh-5.9p1/auth1.c 2012-03-30 18:38:00.004189905 +0200
@@ -98,6 +98,54 @@ static const struct AuthMethod1 @@ -98,6 +98,54 @@ static const struct AuthMethod1
return (NULL); return (NULL);
} }
@ -282,7 +282,7 @@ diff -up openssh-5.9p1/auth1.c.required-authentication openssh-5.9p1/auth1.c
packet_send(); packet_send();
diff -up openssh-5.9p1/auth2.c.required-authentication openssh-5.9p1/auth2.c diff -up openssh-5.9p1/auth2.c.required-authentication openssh-5.9p1/auth2.c
--- openssh-5.9p1/auth2.c.required-authentication 2011-05-05 06:04:11.000000000 +0200 --- openssh-5.9p1/auth2.c.required-authentication 2011-05-05 06:04:11.000000000 +0200
+++ openssh-5.9p1/auth2.c 2012-02-06 17:03:55.100896430 +0100 +++ openssh-5.9p1/auth2.c 2012-03-30 18:38:04.560122485 +0200
@@ -215,7 +215,7 @@ input_userauth_request(int type, u_int32 @@ -215,7 +215,7 @@ input_userauth_request(int type, u_int32
{ {
Authctxt *authctxt = ctxt; Authctxt *authctxt = ctxt;
@ -444,7 +444,7 @@ diff -up openssh-5.9p1/auth2.c.required-authentication openssh-5.9p1/auth2.c
+ ret = -1; + ret = -1;
+ } + }
+ /* Activate method if it isn't already */ + /* Activate method if it isn't already */
+ if (*(m->enabled) == -1) + if (m->enabled != NULL && *(m->enabled) == -1)
+ *(m->enabled) = 1; + *(m->enabled) = 1;
+ } + }
+ xfree(orig_methods); + xfree(orig_methods);
@ -453,7 +453,7 @@ diff -up openssh-5.9p1/auth2.c.required-authentication openssh-5.9p1/auth2.c
+ +
diff -up openssh-5.9p1/auth2-gss.c.required-authentication openssh-5.9p1/auth2-gss.c diff -up openssh-5.9p1/auth2-gss.c.required-authentication openssh-5.9p1/auth2-gss.c
--- openssh-5.9p1/auth2-gss.c.required-authentication 2011-05-05 06:04:11.000000000 +0200 --- openssh-5.9p1/auth2-gss.c.required-authentication 2011-05-05 06:04:11.000000000 +0200
+++ openssh-5.9p1/auth2-gss.c 2012-02-06 17:03:55.098862514 +0100 +++ openssh-5.9p1/auth2-gss.c 2012-03-30 18:38:00.005184630 +0200
@@ -163,7 +163,7 @@ input_gssapi_token(int type, u_int32_t p @@ -163,7 +163,7 @@ input_gssapi_token(int type, u_int32_t p
} }
authctxt->postponed = 0; authctxt->postponed = 0;
@ -483,21 +483,20 @@ diff -up openssh-5.9p1/auth2-gss.c.required-authentication openssh-5.9p1/auth2-g
Authmethod method_gssapi = { Authmethod method_gssapi = {
diff -up openssh-5.9p1/auth2-chall.c.required-authentication openssh-5.9p1/auth2-chall.c diff -up openssh-5.9p1/auth2-chall.c.required-authentication openssh-5.9p1/auth2-chall.c
--- openssh-5.9p1/auth2-chall.c.required-authentication 2009-01-28 06:13:39.000000000 +0100 --- openssh-5.9p1/auth2-chall.c.required-authentication 2009-01-28 06:13:39.000000000 +0100
+++ openssh-5.9p1/auth2-chall.c 2012-02-06 17:03:55.098862514 +0100 +++ openssh-5.9p1/auth2-chall.c 2012-03-30 19:25:49.049897712 +0200
@@ -341,8 +341,8 @@ input_userauth_info_response(int type, u @@ -341,7 +341,8 @@ input_userauth_info_response(int type, u
auth2_challenge_start(authctxt); auth2_challenge_start(authctxt);
} }
} }
- userauth_finish(authctxt, authenticated, method); - userauth_finish(authctxt, authenticated, method);
- xfree(method);
+ userauth_finish(authctxt, authenticated, "keyboard-interactive", + userauth_finish(authctxt, authenticated, "keyboard-interactive",
+ kbdintctxt->device?kbdintctxt->device->name:NULL); + authctxt->kbdintctxt?kbdintctxt->device->name:NULL);
xfree(method);
} }
void
diff -up openssh-5.9p1/auth2-none.c.required-authentication openssh-5.9p1/auth2-none.c diff -up openssh-5.9p1/auth2-none.c.required-authentication openssh-5.9p1/auth2-none.c
--- openssh-5.9p1/auth2-none.c.required-authentication 2010-06-26 02:01:33.000000000 +0200 --- openssh-5.9p1/auth2-none.c.required-authentication 2010-06-26 02:01:33.000000000 +0200
+++ openssh-5.9p1/auth2-none.c 2012-02-06 17:03:55.099879104 +0100 +++ openssh-5.9p1/auth2-none.c 2012-03-30 18:38:00.006184515 +0200
@@ -61,7 +61,7 @@ userauth_none(Authctxt *authctxt) @@ -61,7 +61,7 @@ userauth_none(Authctxt *authctxt)
{ {
none_enabled = 0; none_enabled = 0;
@ -508,8 +507,8 @@ diff -up openssh-5.9p1/auth2-none.c.required-authentication openssh-5.9p1/auth2-
return (0); return (0);
} }
diff -up openssh-5.9p1/monitor.c.required-authentication openssh-5.9p1/monitor.c diff -up openssh-5.9p1/monitor.c.required-authentication openssh-5.9p1/monitor.c
--- openssh-5.9p1/monitor.c.required-authentication 2012-02-06 17:03:51.020095446 +0100 --- openssh-5.9p1/monitor.c.required-authentication 2012-03-30 18:37:59.976189954 +0200
+++ openssh-5.9p1/monitor.c 2012-02-06 17:03:55.101912924 +0100 +++ openssh-5.9p1/monitor.c 2012-03-30 18:38:04.555127442 +0200
@@ -199,6 +199,7 @@ static int key_blobtype = MM_NOKEY; @@ -199,6 +199,7 @@ static int key_blobtype = MM_NOKEY;
static char *hostbased_cuser = NULL; static char *hostbased_cuser = NULL;
static char *hostbased_chost = NULL; static char *hostbased_chost = NULL;
@ -552,7 +551,7 @@ diff -up openssh-5.9p1/monitor.c.required-authentication openssh-5.9p1/monitor.c
authenticated = (monitor_read(pmonitor, mon_dispatch, &ent) == 1); authenticated = (monitor_read(pmonitor, mon_dispatch, &ent) == 1);
if (authenticated) { if (authenticated) {
if (!(ent->flags & MON_AUTHDECIDE)) if (!(ent->flags & MON_AUTHDECIDE))
@@ -401,11 +407,23 @@ monitor_child_preauth(Authctxt *_authctx @@ -401,11 +407,24 @@ monitor_child_preauth(Authctxt *_authctx
} }
#endif #endif
} }
@ -564,9 +563,10 @@ diff -up openssh-5.9p1/monitor.c.required-authentication openssh-5.9p1/monitor.c
+ auth_method, *req_auth); + auth_method, *req_auth);
+ debug2("monitor_child_preauth: required list now: %s", + debug2("monitor_child_preauth: required list now: %s",
+ *req_auth == NULL ? "DONE" : *req_auth); + *req_auth == NULL ? "DONE" : *req_auth);
+ if (*req_auth != NULL) + if (*req_auth != NULL) {
+ authenticated = 0; + authenticated = 0;
+ no_increment = 1; + no_increment = 1;
+ }
+ } + }
if (ent->flags & (MON_AUTHDECIDE|MON_ALOG)) { if (ent->flags & (MON_AUTHDECIDE|MON_ALOG)) {
@ -578,7 +578,7 @@ diff -up openssh-5.9p1/monitor.c.required-authentication openssh-5.9p1/monitor.c
authctxt->failures++; authctxt->failures++;
} }
#ifdef JPAKE #ifdef JPAKE
@@ -862,6 +880,7 @@ mm_answer_authpassword(int sock, Buffer @@ -862,6 +881,7 @@ mm_answer_authpassword(int sock, Buffer
auth_method = "none"; auth_method = "none";
else else
auth_method = "password"; auth_method = "password";
@ -586,7 +586,7 @@ diff -up openssh-5.9p1/monitor.c.required-authentication openssh-5.9p1/monitor.c
/* Causes monitor loop to terminate if authenticated */ /* Causes monitor loop to terminate if authenticated */
return (authenticated); return (authenticated);
@@ -921,6 +940,7 @@ mm_answer_bsdauthrespond(int sock, Buffe @@ -921,6 +941,7 @@ mm_answer_bsdauthrespond(int sock, Buffe
mm_request_send(sock, MONITOR_ANS_BSDAUTHRESPOND, m); mm_request_send(sock, MONITOR_ANS_BSDAUTHRESPOND, m);
auth_method = "bsdauth"; auth_method = "bsdauth";
@ -594,7 +594,7 @@ diff -up openssh-5.9p1/monitor.c.required-authentication openssh-5.9p1/monitor.c
return (authok != 0); return (authok != 0);
} }
@@ -970,6 +990,7 @@ mm_answer_skeyrespond(int sock, Buffer * @@ -970,6 +991,7 @@ mm_answer_skeyrespond(int sock, Buffer *
mm_request_send(sock, MONITOR_ANS_SKEYRESPOND, m); mm_request_send(sock, MONITOR_ANS_SKEYRESPOND, m);
auth_method = "skey"; auth_method = "skey";
@ -602,7 +602,7 @@ diff -up openssh-5.9p1/monitor.c.required-authentication openssh-5.9p1/monitor.c
return (authok != 0); return (authok != 0);
} }
@@ -1059,7 +1080,8 @@ mm_answer_pam_query(int sock, Buffer *m) @@ -1059,7 +1081,8 @@ mm_answer_pam_query(int sock, Buffer *m)
xfree(prompts); xfree(prompts);
if (echo_on != NULL) if (echo_on != NULL)
xfree(echo_on); xfree(echo_on);
@ -612,7 +612,7 @@ diff -up openssh-5.9p1/monitor.c.required-authentication openssh-5.9p1/monitor.c
mm_request_send(sock, MONITOR_ANS_PAM_QUERY, m); mm_request_send(sock, MONITOR_ANS_PAM_QUERY, m);
return (0); return (0);
} }
@@ -1088,7 +1110,8 @@ mm_answer_pam_respond(int sock, Buffer * @@ -1088,7 +1111,8 @@ mm_answer_pam_respond(int sock, Buffer *
buffer_clear(m); buffer_clear(m);
buffer_put_int(m, ret); buffer_put_int(m, ret);
mm_request_send(sock, MONITOR_ANS_PAM_RESPOND, m); mm_request_send(sock, MONITOR_ANS_PAM_RESPOND, m);
@ -622,7 +622,7 @@ diff -up openssh-5.9p1/monitor.c.required-authentication openssh-5.9p1/monitor.c
if (ret == 0) if (ret == 0)
sshpam_authok = sshpam_ctxt; sshpam_authok = sshpam_ctxt;
return (0); return (0);
@@ -1102,7 +1125,8 @@ mm_answer_pam_free_ctx(int sock, Buffer @@ -1102,7 +1126,8 @@ mm_answer_pam_free_ctx(int sock, Buffer
(sshpam_device.free_ctx)(sshpam_ctxt); (sshpam_device.free_ctx)(sshpam_ctxt);
buffer_clear(m); buffer_clear(m);
mm_request_send(sock, MONITOR_ANS_PAM_FREE_CTX, m); mm_request_send(sock, MONITOR_ANS_PAM_FREE_CTX, m);
@ -632,7 +632,7 @@ diff -up openssh-5.9p1/monitor.c.required-authentication openssh-5.9p1/monitor.c
return (sshpam_authok == sshpam_ctxt); return (sshpam_authok == sshpam_ctxt);
} }
#endif #endif
@@ -1138,6 +1162,7 @@ mm_answer_keyallowed(int sock, Buffer *m @@ -1138,6 +1163,7 @@ mm_answer_keyallowed(int sock, Buffer *m
allowed = options.pubkey_authentication && allowed = options.pubkey_authentication &&
user_key_allowed(authctxt->pw, key); user_key_allowed(authctxt->pw, key);
auth_method = "publickey"; auth_method = "publickey";
@ -640,7 +640,7 @@ diff -up openssh-5.9p1/monitor.c.required-authentication openssh-5.9p1/monitor.c
if (options.pubkey_authentication && allowed != 1) if (options.pubkey_authentication && allowed != 1)
auth_clear_options(); auth_clear_options();
break; break;
@@ -1146,6 +1171,7 @@ mm_answer_keyallowed(int sock, Buffer *m @@ -1146,6 +1172,7 @@ mm_answer_keyallowed(int sock, Buffer *m
hostbased_key_allowed(authctxt->pw, hostbased_key_allowed(authctxt->pw,
cuser, chost, key); cuser, chost, key);
auth_method = "hostbased"; auth_method = "hostbased";
@ -648,7 +648,7 @@ diff -up openssh-5.9p1/monitor.c.required-authentication openssh-5.9p1/monitor.c
break; break;
case MM_RSAHOSTKEY: case MM_RSAHOSTKEY:
key->type = KEY_RSA1; /* XXX */ key->type = KEY_RSA1; /* XXX */
@@ -1155,6 +1181,7 @@ mm_answer_keyallowed(int sock, Buffer *m @@ -1155,6 +1182,7 @@ mm_answer_keyallowed(int sock, Buffer *m
if (options.rhosts_rsa_authentication && allowed != 1) if (options.rhosts_rsa_authentication && allowed != 1)
auth_clear_options(); auth_clear_options();
auth_method = "rsa"; auth_method = "rsa";
@ -656,7 +656,7 @@ diff -up openssh-5.9p1/monitor.c.required-authentication openssh-5.9p1/monitor.c
break; break;
default: default:
fatal("%s: unknown key type %d", __func__, type); fatal("%s: unknown key type %d", __func__, type);
@@ -1180,7 +1207,8 @@ mm_answer_keyallowed(int sock, Buffer *m @@ -1180,7 +1208,8 @@ mm_answer_keyallowed(int sock, Buffer *m
hostbased_chost = chost; hostbased_chost = chost;
} else { } else {
/* Log failed attempt */ /* Log failed attempt */
@ -666,7 +666,7 @@ diff -up openssh-5.9p1/monitor.c.required-authentication openssh-5.9p1/monitor.c
xfree(blob); xfree(blob);
xfree(cuser); xfree(cuser);
xfree(chost); xfree(chost);
@@ -1356,6 +1384,7 @@ mm_answer_keyverify(int sock, Buffer *m) @@ -1356,6 +1385,7 @@ mm_answer_keyverify(int sock, Buffer *m)
xfree(data); xfree(data);
auth_method = key_blobtype == MM_USERKEY ? "publickey" : "hostbased"; auth_method = key_blobtype == MM_USERKEY ? "publickey" : "hostbased";
@ -674,7 +674,7 @@ diff -up openssh-5.9p1/monitor.c.required-authentication openssh-5.9p1/monitor.c
monitor_reset_key_state(); monitor_reset_key_state();
@@ -1545,6 +1574,7 @@ mm_answer_rsa_keyallowed(int sock, Buffe @@ -1545,6 +1575,7 @@ mm_answer_rsa_keyallowed(int sock, Buffe
debug3("%s entering", __func__); debug3("%s entering", __func__);
auth_method = "rsa"; auth_method = "rsa";
@ -682,7 +682,7 @@ diff -up openssh-5.9p1/monitor.c.required-authentication openssh-5.9p1/monitor.c
if (options.rsa_authentication && authctxt->valid) { if (options.rsa_authentication && authctxt->valid) {
if ((client_n = BN_new()) == NULL) if ((client_n = BN_new()) == NULL)
fatal("%s: BN_new", __func__); fatal("%s: BN_new", __func__);
@@ -1650,6 +1680,7 @@ mm_answer_rsa_response(int sock, Buffer @@ -1650,6 +1681,7 @@ mm_answer_rsa_response(int sock, Buffer
xfree(response); xfree(response);
auth_method = key_blobtype == MM_RSAUSERKEY ? "rsa" : "rhosts-rsa"; auth_method = key_blobtype == MM_RSAUSERKEY ? "rsa" : "rhosts-rsa";
@ -690,7 +690,7 @@ diff -up openssh-5.9p1/monitor.c.required-authentication openssh-5.9p1/monitor.c
/* reset state */ /* reset state */
BN_clear_free(ssh1_challenge); BN_clear_free(ssh1_challenge);
@@ -2099,6 +2130,7 @@ mm_answer_gss_userok(int sock, Buffer *m @@ -2099,6 +2131,7 @@ mm_answer_gss_userok(int sock, Buffer *m
mm_request_send(sock, MONITOR_ANS_GSSUSEROK, m); mm_request_send(sock, MONITOR_ANS_GSSUSEROK, m);
auth_method = "gssapi-with-mic"; auth_method = "gssapi-with-mic";
@ -698,7 +698,7 @@ diff -up openssh-5.9p1/monitor.c.required-authentication openssh-5.9p1/monitor.c
/* Monitor loop will terminate if authenticated */ /* Monitor loop will terminate if authenticated */
return (authenticated); return (authenticated);
@@ -2303,6 +2335,7 @@ mm_answer_jpake_check_confirm(int sock, @@ -2303,6 +2336,7 @@ mm_answer_jpake_check_confirm(int sock,
monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_STEP1, 1); monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_STEP1, 1);
auth_method = "jpake-01@openssh.com"; auth_method = "jpake-01@openssh.com";
@ -707,8 +707,8 @@ diff -up openssh-5.9p1/monitor.c.required-authentication openssh-5.9p1/monitor.c
} }
diff -up openssh-5.9p1/servconf.c.required-authentication openssh-5.9p1/servconf.c diff -up openssh-5.9p1/servconf.c.required-authentication openssh-5.9p1/servconf.c
--- openssh-5.9p1/servconf.c.required-authentication 2012-02-06 17:03:51.024963230 +0100 --- openssh-5.9p1/servconf.c.required-authentication 2012-03-30 18:37:59.981184513 +0200
+++ openssh-5.9p1/servconf.c 2012-02-06 17:03:55.102929716 +0100 +++ openssh-5.9p1/servconf.c 2012-03-30 18:38:04.558121635 +0200
@@ -42,6 +42,8 @@ @@ -42,6 +42,8 @@
#include "key.h" #include "key.h"
#include "kex.h" #include "kex.h"
@ -752,12 +752,12 @@ diff -up openssh-5.9p1/servconf.c.required-authentication openssh-5.9p1/servconf
+ case sRequiredAuthentications1: + case sRequiredAuthentications1:
+ charptr = &options->required_auth1; + charptr = &options->required_auth1;
+ arg = strdelim(&cp); + arg = strdelim(&cp);
+ if (auth1_check_required(arg) != 0)
+ fatal("%.200s line %d: Invalid required authentication "
+ "list", filename, linenum);
+ if (!arg || *arg == '\0') + if (!arg || *arg == '\0')
+ fatal("%.200s line %d: Missing argument.", + fatal("%.200s line %d: Missing argument.",
+ filename, linenum); + filename, linenum);
+ if (auth1_check_required(arg) != 0)
+ fatal("%.200s line %d: Invalid required authentication "
+ "list", filename, linenum);
+ if (*charptr == NULL) + if (*charptr == NULL)
+ *charptr = xstrdup(arg); + *charptr = xstrdup(arg);
+ break; + break;
@ -765,12 +765,12 @@ diff -up openssh-5.9p1/servconf.c.required-authentication openssh-5.9p1/servconf
+ case sRequiredAuthentications2: + case sRequiredAuthentications2:
+ charptr = &options->required_auth2; + charptr = &options->required_auth2;
+ arg = strdelim(&cp); + arg = strdelim(&cp);
+ if (auth2_check_required(arg) != 0)
+ fatal("%.200s line %d: Invalid required authentication "
+ "list", filename, linenum);
+ if (!arg || *arg == '\0') + if (!arg || *arg == '\0')
+ fatal("%.200s line %d: Missing argument.", + fatal("%.200s line %d: Missing argument.",
+ filename, linenum); + filename, linenum);
+ if (auth2_check_required(arg) != 0)
+ fatal("%.200s line %d: Invalid required authentication "
+ "list", filename, linenum);
+ if (*charptr == NULL) + if (*charptr == NULL)
+ *charptr = xstrdup(arg); + *charptr = xstrdup(arg);
+ break; + break;
@ -780,7 +780,7 @@ diff -up openssh-5.9p1/servconf.c.required-authentication openssh-5.9p1/servconf
goto parse_int; goto parse_int;
diff -up openssh-5.9p1/servconf.h.required-authentication openssh-5.9p1/servconf.h diff -up openssh-5.9p1/servconf.h.required-authentication openssh-5.9p1/servconf.h
--- openssh-5.9p1/servconf.h.required-authentication 2011-06-23 00:30:03.000000000 +0200 --- openssh-5.9p1/servconf.h.required-authentication 2011-06-23 00:30:03.000000000 +0200
+++ openssh-5.9p1/servconf.h 2012-02-06 17:03:55.102929716 +0100 +++ openssh-5.9p1/servconf.h 2012-03-30 18:38:00.009184624 +0200
@@ -154,6 +154,9 @@ typedef struct { @@ -154,6 +154,9 @@ typedef struct {
u_int num_authkeys_files; /* Files containing public keys */ u_int num_authkeys_files; /* Files containing public keys */
char *authorized_keys_files[MAX_AUTHKEYS_FILES]; char *authorized_keys_files[MAX_AUTHKEYS_FILES];
@ -793,7 +793,7 @@ diff -up openssh-5.9p1/servconf.h.required-authentication openssh-5.9p1/servconf
int use_pam; /* Enable auth via PAM */ int use_pam; /* Enable auth via PAM */
diff -up openssh-5.9p1/sshd_config.5.required-authentication openssh-5.9p1/sshd_config.5 diff -up openssh-5.9p1/sshd_config.5.required-authentication openssh-5.9p1/sshd_config.5
--- openssh-5.9p1/sshd_config.5.required-authentication 2011-08-05 22:17:33.000000000 +0200 --- openssh-5.9p1/sshd_config.5.required-authentication 2011-08-05 22:17:33.000000000 +0200
+++ openssh-5.9p1/sshd_config.5 2012-02-06 17:09:39.038871798 +0100 +++ openssh-5.9p1/sshd_config.5 2012-03-30 18:38:00.009184624 +0200
@@ -723,6 +723,8 @@ Available keywords are @@ -723,6 +723,8 @@ Available keywords are
.Cm PermitOpen , .Cm PermitOpen ,
.Cm PermitRootLogin , .Cm PermitRootLogin ,
@ -803,7 +803,7 @@ diff -up openssh-5.9p1/sshd_config.5.required-authentication openssh-5.9p1/sshd_
.Cm PubkeyAuthentication , .Cm PubkeyAuthentication ,
.Cm RhostsRSAAuthentication , .Cm RhostsRSAAuthentication ,
.Cm RSAAuthentication , .Cm RSAAuthentication ,
@@ -920,6 +937,21 @@ Specifies a list of revoked public keys. @@ -920,6 +922,21 @@ Specifies a list of revoked public keys.
Keys listed in this file will be refused for public key authentication. Keys listed in this file will be refused for public key authentication.
Note that if this file is not readable, then public key authentication will Note that if this file is not readable, then public key authentication will
be refused for all users. be refused for all users.