>make ssh-keysign read /etc/ssh/ssh_config

>and exit if HostbasedAuthentication is disabled globally. based on discussions
>with deraadt, itojun and sommerfeld; ok itojun@

sync w/openbsd

crypto/dist/ssh/ssh-keysign.8

@@ -1,5 +1,5 @@
-.\"	$NetBSD: ssh-keysign.8,v 1.1.1.1 2002/06/24 05:26:12 itojun Exp $
+.\"	$NetBSD: ssh-keysign.8,v 1.2 2002/07/03 14:23:13 itojun Exp $
-.\" $OpenBSD: ssh-keysign.8,v 1.2 2002/06/10 16:56:30 stevesk Exp $
+.\" $OpenBSD: ssh-keysign.8,v 1.3 2002/07/03 14:21:05 markus Exp $
 .\"
 .\" Copyright (c) 2002 Markus Friedl.  All rights reserved.
 .\"
@@ -37,6 +37,16 @@ is used by
 .Xr ssh 1
 to access the local host keys and generate the digital signature
 required during hostbased authentication with SSH protocol version 2.
+.Pp
+.Nm
+is disabled by default and can only be enabled in the
+the global client configuration file
+.Pa /etc/ssh/ssh_config
+by setting
+.Cm HostbasedAuthentication
+to
+.Dq yes .
+.Pp
 .Nm
 is not intended to be invoked by the user, but from
 .Xr ssh 1 .
@@ -47,6 +57,10 @@ and
 for more information about hostbased authentication.
 .Sh FILES
 .Bl -tag -width Ds
+.It Pa /etc/ssh/ssh_config
+Controls whether
+.Nm
+is enabled.
 .It Pa /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_rsa_key
 These files contain the private parts of the host keys used to
 generate the digital signature.  They
@@ -59,6 +73,7 @@ must be set-uid root if hostbased authentication is used.
 .Sh SEE ALSO
 .Xr ssh 1 ,
 .Xr ssh-keygen 1 ,
+.Xr ssh_config 5 ,
 .Xr sshd 8
 .Sh AUTHORS
 Markus Friedl <markus@openbsd.org>

crypto/dist/ssh/ssh-keysign.c

@@ -1,4 +1,4 @@
-/*	$NetBSD: ssh-keysign.c,v 1.3 2002/07/03 10:06:39 itojun Exp $	*/
+/*	$NetBSD: ssh-keysign.c,v 1.4 2002/07/03 14:23:13 itojun Exp $	*/
 /*
  * Copyright (c) 2002 Markus Friedl.  All rights reserved.
  *
@@ -31,6 +31,7 @@ RCSID("$OpenBSD: ssh-keysign.c,v 1.6 2002/07/03 09:55:38 markus Exp $");
 
 #include "log.h"
 #include "key.h"
+#include "ssh.h"
 #include "ssh2.h"
 #include "misc.h"
 #include "xmalloc.h"
@@ -40,6 +41,9 @@ RCSID("$OpenBSD: ssh-keysign.c,v 1.6 2002/07/03 09:55:38 markus Exp $");
 #include "msg.h"
 #include "canohost.h"
 #include "pathnames.h"
+#include "readconf.h"
+
+uid_t original_real_uid;	/* XXX readconf.c needs this */
 
 static int
 valid_request(struct passwd *pw, char *host, Key **ret, u_char *data,
@@ -131,6 +135,7 @@ int
 main(int argc, char **argv)
 {
 	Buffer b;
+	Options options;
 	Key *keys[2], *key;
 	struct passwd *pw;
 	int key_fd[2], i, found, version = 2, fd;
@@ -149,6 +154,15 @@ main(int argc, char **argv)
 	log_init("ssh-keysign", SYSLOG_LEVEL_DEBUG3, SYSLOG_FACILITY_AUTH, 0);
 #endif
 
+	/* verify that ssh-keysign is enabled by the admin */
+	original_real_uid = getuid();	/* XXX readconf.c needs this */
+	initialize_options(&options);
+	(void)read_config_file(_PATH_HOST_CONFIG_FILE, "", &options);
+	fill_default_options(&options);
+	if (options.hostbased_authentication != 1)
+		fatal("Hostbased authentication not enabled in %s",
+		    _PATH_HOST_CONFIG_FILE);
+
 	if (key_fd[0] == -1 && key_fd[1] == -1)
 		fatal("could not open any host key");
 

crypto/dist/ssh/ssh.c

@@ -1,4 +1,4 @@
-/*	$NetBSD: ssh.c,v 1.23 2002/07/01 06:17:13 itojun Exp $	*/
+/*	$NetBSD: ssh.c,v 1.24 2002/07/03 14:23:13 itojun Exp $	*/
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -626,7 +626,8 @@ again:
 		    _PATH_HOST_RSA_KEY_FILE, "", NULL);
 		PRIV_END;
 
-		if (sensitive_data.keys[0] == NULL &&
+		if (options.hostbased_authentication == 1 &&
+		    sensitive_data.keys[0] == NULL &&
 		    sensitive_data.keys[1] == NULL &&
 		    sensitive_data.keys[2] == NULL) {
 			sensitive_data.keys[1] = key_load_public(

crypto/dist/ssh/ssh_config

@@ -1,4 +1,4 @@
-#	$NetBSD: ssh_config,v 1.6 2002/06/24 05:48:38 itojun Exp $
+#	$NetBSD: ssh_config,v 1.7 2002/07/03 14:23:14 itojun Exp $
 #	$OpenBSD: ssh_config,v 1.15 2002/06/20 20:03:34 stevesk Exp $
 
 # This is the ssh client system-wide configuration file.  See
@@ -23,6 +23,7 @@
 #   RhostsRSAAuthentication no
 #   RSAAuthentication yes
 #   PasswordAuthentication yes
+#   HostbasedAuthentication no
 #   BatchMode no
 #   CheckHostIP yes
 #   StrictHostKeyChecking ask

usr.bin/ssh/ssh-keysign/Makefile

@@ -1,10 +1,10 @@
-#	$NetBSD: Makefile,v 1.4 2002/07/01 06:19:22 itojun Exp $
+#	$NetBSD: Makefile,v 1.5 2002/07/03 14:23:15 itojun Exp $
 
 .include <bsd.own.mk>
 
 PROG=	ssh-keysign
 
-SRCS=	ssh-keysign.c
+SRCS=	ssh-keysign.c readconf.c
 
 BINOWN=	root
 #BINMODE=4555