summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDamien Miller <djm@cvs.openbsd.org>2010-06-22 04:23:00 +0000
committerDamien Miller <djm@cvs.openbsd.org>2010-06-22 04:23:00 +0000
commit3006f279160c7b8a5b4a56ac1f2224564cb3d7c3 (patch)
tree8c6bb624328ddd44ee1d300e09b31e4d032ef422
parent035a2d348b9248aafb74529c5d121e1b1189fd08 (diff)
expose some more sshd_config options inside Match blocks:
AuthorizedKeysFile AuthorizedPrincipalsFile HostbasedUsesNameFromPacketOnly PermitTunnel bz#1764; feedback from imorgan AT nas.nasa.gov; ok dtucker@
-rw-r--r--usr.bin/ssh/servconf.c17
-rw-r--r--usr.bin/ssh/sshd_config.58
2 files changed, 17 insertions, 8 deletions
diff --git a/usr.bin/ssh/servconf.c b/usr.bin/ssh/servconf.c
index 410d02e6d96..17632bfaa8c 100644
--- a/usr.bin/ssh/servconf.c
+++ b/usr.bin/ssh/servconf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: servconf.c,v 1.208 2010/05/07 11:30:29 djm Exp $ */
+/* $OpenBSD: servconf.c,v 1.209 2010/06/22 04:22:59 djm Exp $ */
/*
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
@@ -313,7 +313,7 @@ static struct {
{ "rhostsauthentication", sDeprecated, SSHCFG_GLOBAL },
{ "rhostsrsaauthentication", sRhostsRSAAuthentication, SSHCFG_ALL },
{ "hostbasedauthentication", sHostbasedAuthentication, SSHCFG_ALL },
- { "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly, SSHCFG_GLOBAL },
+ { "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly, SSHCFG_ALL },
{ "rsaauthentication", sRSAAuthentication, SSHCFG_ALL },
{ "pubkeyauthentication", sPubkeyAuthentication, SSHCFG_ALL },
{ "dsaauthentication", sPubkeyAuthentication, SSHCFG_GLOBAL }, /* alias */
@@ -384,11 +384,11 @@ static struct {
{ "reversemappingcheck", sDeprecated, SSHCFG_GLOBAL },
{ "clientaliveinterval", sClientAliveInterval, SSHCFG_GLOBAL },
{ "clientalivecountmax", sClientAliveCountMax, SSHCFG_GLOBAL },
- { "authorizedkeysfile", sAuthorizedKeysFile, SSHCFG_GLOBAL },
- { "authorizedkeysfile2", sAuthorizedKeysFile2, SSHCFG_GLOBAL },
+ { "authorizedkeysfile", sAuthorizedKeysFile, SSHCFG_ALL },
+ { "authorizedkeysfile2", sAuthorizedKeysFile2, SSHCFG_ALL },
{ "useprivilegeseparation", sUsePrivilegeSeparation, SSHCFG_GLOBAL},
{ "acceptenv", sAcceptEnv, SSHCFG_GLOBAL },
- { "permittunnel", sPermitTunnel, SSHCFG_GLOBAL },
+ { "permittunnel", sPermitTunnel, SSHCFG_ALL },
{ "match", sMatch, SSHCFG_ALL },
{ "permitopen", sPermitOpen, SSHCFG_ALL },
{ "forcecommand", sForceCommand, SSHCFG_ALL },
@@ -396,7 +396,7 @@ static struct {
{ "hostcertificate", sHostCertificate, SSHCFG_GLOBAL },
{ "revokedkeys", sRevokedKeys, SSHCFG_ALL },
{ "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL },
- { "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_GLOBAL },
+ { "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL },
{ NULL, sBadOption, 0 }
};
@@ -1403,6 +1403,7 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth)
M_CP_INTOPT(pubkey_authentication);
M_CP_INTOPT(kerberos_authentication);
M_CP_INTOPT(hostbased_authentication);
+ M_CP_INTOPT(hostbased_uses_name_from_packet_only);
M_CP_INTOPT(kbd_interactive_authentication);
M_CP_INTOPT(zero_knowledge_password_authentication);
M_CP_INTOPT(permit_root_login);
@@ -1410,6 +1411,7 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth)
M_CP_INTOPT(allow_tcp_forwarding);
M_CP_INTOPT(allow_agent_forwarding);
+ M_CP_INTOPT(permit_tun);
M_CP_INTOPT(gateway_ports);
M_CP_INTOPT(x11_display_offset);
M_CP_INTOPT(x11_forwarding);
@@ -1424,6 +1426,9 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth)
M_CP_STROPT(chroot_directory);
M_CP_STROPT(trusted_user_ca_keys);
M_CP_STROPT(revoked_keys_file);
+ M_CP_STROPT(authorized_keys_file);
+ M_CP_STROPT(authorized_keys_file2);
+ M_CP_STROPT(authorized_principals_file);
}
#undef M_CP_INTOPT
diff --git a/usr.bin/ssh/sshd_config.5 b/usr.bin/ssh/sshd_config.5
index 0a88a7ac62e..a9286984ac1 100644
--- a/usr.bin/ssh/sshd_config.5
+++ b/usr.bin/ssh/sshd_config.5
@@ -34,8 +34,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: sshd_config.5,v 1.122 2010/05/07 12:49:17 jmc Exp $
-.Dd $Mdocdate: May 7 2010 $
+.\" $OpenBSD: sshd_config.5,v 1.123 2010/06/22 04:22:59 djm Exp $
+.Dd $Mdocdate: June 22 2010 $
.Dt SSHD_CONFIG 5
.Os
.Sh NAME
@@ -645,12 +645,15 @@ keyword.
Available keywords are
.Cm AllowAgentForwarding ,
.Cm AllowTcpForwarding ,
+.Cm AuthorizedKeysFile ,
+.Cm AuthorizedPrincipalsFile ,
.Cm Banner ,
.Cm ChrootDirectory ,
.Cm ForceCommand ,
.Cm GatewayPorts ,
.Cm GSSAPIAuthentication ,
.Cm HostbasedAuthentication ,
+.Cm HostbasedUsesNameFromPacketOnly ,
.Cm KbdInteractiveAuthentication ,
.Cm KerberosAuthentication ,
.Cm MaxAuthTries ,
@@ -659,6 +662,7 @@ Available keywords are
.Cm PermitEmptyPasswords ,
.Cm PermitOpen ,
.Cm PermitRootLogin ,
+.Cm PermitTunnel ,
.Cm PubkeyAuthentication ,
.Cm RhostsRSAAuthentication ,
.Cm RSAAuthentication ,