From 5891116cb328acbca829be47d3cd36a3bddaa85b Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Tue, 1 Jan 2008 20:33:09 +1100 Subject: [PATCH] - dtucker@cvs.openbsd.org 2007/12/31 15:27:04 [sshd.c] When in inetd mode, have sshd generate a Protocol 1 ephemeral server key only for connections where the client chooses Protocol 1 as opposed to when it's enabled in the server's config. Speeds up Protocol 2 connections to inetd-mode servers that also allow Protocol 1. bz #440, based on a patch from bruno at wolff.to, ok markus@ --- ChangeLog | 9 ++++++++- sshd.c | 10 +++++----- 2 files changed, 13 insertions(+), 6 deletions(-) diff --git a/ChangeLog b/ChangeLog index 934c81772..848d9cc0d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,6 +4,13 @@ [readconf.c servconf.c] Prevent strict-aliasing warnings on newer gcc versions. bz #1355, patch from Dmitry V. Levin, ok djm@ + - dtucker@cvs.openbsd.org 2007/12/31 15:27:04 + [sshd.c] + When in inetd mode, have sshd generate a Protocol 1 ephemeral server + key only for connections where the client chooses Protocol 1 as opposed + to when it's enabled in the server's config. Speeds up Protocol 2 + connections to inetd-mode servers that also allow Protocol 1. bz #440, + based on a patch from bruno at wolff.to, ok markus@ 20071231 - (dtucker) [configure.ac openbsd-compat/glob.{c,h}] Bug #1407: force use of @@ -3494,4 +3501,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4812 2008/01/01 09:32:26 dtucker Exp $ +$Id: ChangeLog,v 1.4813 2008/01/01 09:33:09 dtucker Exp $ diff --git a/sshd.c b/sshd.c index 399237889..9019411ac 100644 --- a/sshd.c +++ b/sshd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.352 2007/12/27 14:22:08 dtucker Exp $ */ +/* $OpenBSD: sshd.c,v 1.353 2007/12/31 15:27:04 dtucker Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1599,10 +1599,6 @@ main(int ac, char **av) /* Get a connection, either from inetd or a listening TCP socket */ if (inetd_flag) { server_accept_inetd(&sock_in, &sock_out); - - if ((options.protocol & SSH_PROTO_1) && - sensitive_data.server_key == NULL) - generate_ephemeral_server_key(); } else { server_listen(); @@ -1772,6 +1768,10 @@ main(int ac, char **av) sshd_exchange_identification(sock_in, sock_out); + /* In inetd mode, generate ephemeral key only for proto 1 connections */ + if (!compat20 && inetd_flag && sensitive_data.server_key == NULL) + generate_ephemeral_server_key(); + packet_set_nonblocking(); /* allocate authentication context */