diff options
| author | Markus Friedl <markus@cvs.openbsd.org> | 2004-03-05 10:53:59 +0000 |
|---|---|---|
| committer | Markus Friedl <markus@cvs.openbsd.org> | 2004-03-05 10:53:59 +0000 |
| commit | 69671f292c5beefa6a50c8ff57a87f2b515f0950 (patch) | |
| tree | 10f70bdc1e09d4e755f71c1d8711efdd5c3941f6 | |
| parent | f27b58730fc040b378fef8693bbfc5023b7df0e1 (diff) | |
add IdentitiesOnly; ok djm@, pb@
| -rw-r--r-- | usr.bin/ssh/readconf.c | 12 | ||||
| -rw-r--r-- | usr.bin/ssh/readconf.h | 3 | ||||
| -rw-r--r-- | usr.bin/ssh/scp.1 | 3 | ||||
| -rw-r--r-- | usr.bin/ssh/sftp.1 | 3 | ||||
| -rw-r--r-- | usr.bin/ssh/ssh.1 | 3 | ||||
| -rw-r--r-- | usr.bin/ssh/ssh_config.5 | 20 | ||||
| -rw-r--r-- | usr.bin/ssh/sshconnect2.c | 4 |
7 files changed, 39 insertions, 9 deletions
diff --git a/usr.bin/ssh/readconf.c b/usr.bin/ssh/readconf.c index cd9acc8d04d..5e6aa2f90bc 100644 --- a/usr.bin/ssh/readconf.c +++ b/usr.bin/ssh/readconf.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: readconf.c,v 1.127 2003/12/16 15:49:51 markus Exp $"); +RCSID("$OpenBSD: readconf.c,v 1.128 2004/03/05 10:53:58 markus Exp $"); #include "ssh.h" #include "xmalloc.h" @@ -105,7 +105,7 @@ typedef enum { oClearAllForwardings, oNoHostAuthenticationForLocalhost, oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout, oAddressFamily, oGssAuthentication, oGssDelegateCreds, - oServerAliveInterval, oServerAliveCountMax, + oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, oDeprecated, oUnsupported } OpCodes; @@ -147,6 +147,7 @@ static struct { { "usersh", oDeprecated }, { "identityfile", oIdentityFile }, { "identityfile2", oIdentityFile }, /* alias */ + { "identitiesonly", oIdentitiesOnly }, { "hostname", oHostName }, { "hostkeyalias", oHostKeyAlias }, { "proxycommand", oProxyCommand }, @@ -734,6 +735,10 @@ parse_int: intptr = &options->enable_ssh_keysign; goto parse_flag; + case oIdentitiesOnly: + intptr = &options->identities_only; + goto parse_flag; + case oServerAliveInterval: intptr = &options->server_alive_interval; goto parse_time; @@ -867,6 +872,7 @@ initialize_options(Options * options) options->smartcard_device = NULL; options->enable_ssh_keysign = - 1; options->no_host_authentication_for_localhost = - 1; + options->identities_only = - 1; options->rekey_limit = - 1; options->verify_host_key_dns = -1; options->server_alive_interval = -1; @@ -979,6 +985,8 @@ fill_default_options(Options * options) clear_forwardings(options); if (options->no_host_authentication_for_localhost == - 1) options->no_host_authentication_for_localhost = 0; + if (options->identities_only == -1) + options->identities_only = 0; if (options->enable_ssh_keysign == -1) options->enable_ssh_keysign = 0; if (options->rekey_limit == -1) diff --git a/usr.bin/ssh/readconf.h b/usr.bin/ssh/readconf.h index 3f27af9616a..93d833cee3d 100644 --- a/usr.bin/ssh/readconf.h +++ b/usr.bin/ssh/readconf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.h,v 1.59 2003/12/16 15:49:51 markus Exp $ */ +/* $OpenBSD: readconf.h,v 1.60 2004/03/05 10:53:58 markus Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -100,6 +100,7 @@ typedef struct { int enable_ssh_keysign; int rekey_limit; int no_host_authentication_for_localhost; + int identities_only; int server_alive_interval; int server_alive_count_max; } Options; diff --git a/usr.bin/ssh/scp.1 b/usr.bin/ssh/scp.1 index f5ca1e45abd..5a3221127cb 100644 --- a/usr.bin/ssh/scp.1 +++ b/usr.bin/ssh/scp.1 @@ -9,7 +9,7 @@ .\" .\" Created: Sun May 7 00:14:37 1995 ylo .\" -.\" $OpenBSD: scp.1,v 1.32 2003/12/16 15:49:51 markus Exp $ +.\" $OpenBSD: scp.1,v 1.33 2004/03/05 10:53:58 markus Exp $ .\" .Dd September 25, 1999 .Dt SCP 1 @@ -137,6 +137,7 @@ For full details of the options listed below, and their possible values, see .It HostKeyAlias .It HostName .It IdentityFile +.It IdentitiesOnly .It LogLevel .It MACs .It NoHostAuthenticationForLocalhost diff --git a/usr.bin/ssh/sftp.1 b/usr.bin/ssh/sftp.1 index 2a67a888e03..b2cab0cdaf3 100644 --- a/usr.bin/ssh/sftp.1 +++ b/usr.bin/ssh/sftp.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: sftp.1,v 1.51 2004/01/13 12:17:33 jmc Exp $ +.\" $OpenBSD: sftp.1,v 1.52 2004/03/05 10:53:58 markus Exp $ .\" .\" Copyright (c) 2001 Damien Miller. All rights reserved. .\" @@ -163,6 +163,7 @@ For full details of the options listed below, and their possible values, see .It HostKeyAlias .It HostName .It IdentityFile +.It IdentitiesOnly .It LogLevel .It MACs .It NoHostAuthenticationForLocalhost diff --git a/usr.bin/ssh/ssh.1 b/usr.bin/ssh/ssh.1 index e2cd5d34387..31eb66c979b 100644 --- a/usr.bin/ssh/ssh.1 +++ b/usr.bin/ssh/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.181 2003/12/16 15:49:51 markus Exp $ +.\" $OpenBSD: ssh.1,v 1.182 2004/03/05 10:53:58 markus Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -634,6 +634,7 @@ For full details of the options listed below, and their possible values, see .It HostKeyAlias .It HostName .It IdentityFile +.It IdentitiesOnly .It LocalForward .It LogLevel .It MACs diff --git a/usr.bin/ssh/ssh_config.5 b/usr.bin/ssh/ssh_config.5 index 210da059b55..05581ece47c 100644 --- a/usr.bin/ssh/ssh_config.5 +++ b/usr.bin/ssh/ssh_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.28 2003/12/16 15:49:51 markus Exp $ +.\" $OpenBSD: ssh_config.5,v 1.29 2004/03/05 10:53:58 markus Exp $ .Dd September 25, 1999 .Dt SSH_CONFIG 5 .Os @@ -406,6 +406,24 @@ syntax to refer to a user's home directory. It is possible to have multiple identity files specified in configuration files; all these identities will be tried in sequence. +.It Cm IdentitiesOnly +Specifies that +.Nm ssh +should only use the authentication identity files configured in the +.Nm +files, +even if the +.Nm ssh-agent +offers more identities. +The argument to this keyword must be +.Dq yes +or +.Dq no . +This option is intented for situations where +.Nm ssh-agent +offers many different identities. +The default is +.Dq no . .It Cm LocalForward Specifies that a TCP/IP port on the local machine be forwarded over the secure channel to the specified host and port from the remote machine. diff --git a/usr.bin/ssh/sshconnect2.c b/usr.bin/ssh/sshconnect2.c index a5787598f1b..c20e02ab524 100644 --- a/usr.bin/ssh/sshconnect2.c +++ b/usr.bin/ssh/sshconnect2.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect2.c,v 1.134 2004/01/19 21:25:15 markus Exp $"); +RCSID("$OpenBSD: sshconnect2.c,v 1.135 2004/03/05 10:53:58 markus Exp $"); #include "ssh.h" #include "ssh2.h" @@ -1042,7 +1042,7 @@ pubkey_prepare(Authctxt *authctxt) break; } } - if (!found) { + if (!found && !options.identities_only) { id = xmalloc(sizeof(*id)); memset(id, 0, sizeof(*id)); id->key = key; |