diff options
author | Markus Friedl <markus@cvs.openbsd.org> | 2000-12-27 12:30:21 +0000 |
---|---|---|
committer | Markus Friedl <markus@cvs.openbsd.org> | 2000-12-27 12:30:21 +0000 |
commit | 138ff6783f1d8745ac932c76c2f3e7bffeed398f (patch) | |
tree | 3be5b09097a7e78256b288ea069f4da2337655ae /usr.bin | |
parent | 68d9515c7a8f6bee0b9c61e7a870f4c363e823e3 (diff) |
new option: HostKeyAlias: allows the user to record the host key
under a different name. This is useful for ssh tunneling over
forwarded connections or if you run multiple sshd's on different
ports on the same machine.
Diffstat (limited to 'usr.bin')
-rw-r--r-- | usr.bin/ssh/readconf.c | 11 | ||||
-rw-r--r-- | usr.bin/ssh/readconf.h | 3 | ||||
-rw-r--r-- | usr.bin/ssh/ssh.1 | 8 | ||||
-rw-r--r-- | usr.bin/ssh/sshconnect.c | 23 |
4 files changed, 37 insertions, 8 deletions
diff --git a/usr.bin/ssh/readconf.c b/usr.bin/ssh/readconf.c index bb5277f1d93..59268f413c1 100644 --- a/usr.bin/ssh/readconf.c +++ b/usr.bin/ssh/readconf.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: readconf.c,v 1.51 2000/12/19 23:17:57 markus Exp $"); +RCSID("$OpenBSD: readconf.c,v 1.52 2000/12/27 12:30:19 markus Exp $"); #include "ssh.h" #include "readconf.h" @@ -103,7 +103,7 @@ typedef enum { oCompressionLevel, oKeepAlives, oNumberOfPasswordPrompts, oTISAuthentication, oUsePrivilegedPort, oLogLevel, oCiphers, oProtocol, oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication, - oKbdInteractiveAuthentication, oKbdInteractiveDevices + oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias } OpCodes; /* Textual representations of the tokens. */ @@ -137,6 +137,7 @@ static struct { { "identityfile", oIdentityFile }, { "identityfile2", oIdentityFile }, /* alias */ { "hostname", oHostName }, + { "hostkeyalias", oHostKeyAlias }, { "proxycommand", oProxyCommand }, { "port", oPort }, { "cipher", oCipher }, @@ -433,6 +434,10 @@ parse_string: charptr = &options->hostname; goto parse_string; + case oHostKeyAlias: + charptr = &options->host_key_alias; + goto parse_string; + case oProxyCommand: charptr = &options->proxy_command; string = xstrdup(""); @@ -687,6 +692,7 @@ initialize_options(Options * options) options->protocol = SSH_PROTO_UNKNOWN; options->num_identity_files = 0; options->hostname = NULL; + options->host_key_alias = NULL; options->proxy_command = NULL; options->user = NULL; options->escape_char = -1; @@ -800,4 +806,5 @@ fill_default_options(Options * options) /* options->proxy_command should not be set by default */ /* options->user will be set in the main program if appropriate */ /* options->hostname will be set in the main program if appropriate */ + /* options->host_key_alias should not be set by default */ } diff --git a/usr.bin/ssh/readconf.h b/usr.bin/ssh/readconf.h index 85d937d8716..08ff70839e8 100644 --- a/usr.bin/ssh/readconf.h +++ b/usr.bin/ssh/readconf.h @@ -11,7 +11,7 @@ * called by a name other than "ssh" or "Secure Shell". */ -/* RCSID("$OpenBSD: readconf.h,v 1.23 2000/11/12 19:50:37 markus Exp $"); */ +/* RCSID("$OpenBSD: readconf.h,v 1.24 2000/12/27 12:30:20 markus Exp $"); */ #ifndef READCONF_H #define READCONF_H @@ -69,6 +69,7 @@ typedef struct { char *ciphers; /* SSH2 ciphers in order of preference. */ int protocol; /* Protocol in order of preference. */ char *hostname; /* Real host to connect. */ + char *host_key_alias; /* hostname alias for .ssh/known_hosts */ char *proxy_command; /* Proxy command for connecting the host. */ char *user; /* User to log in as. */ int escape_char; /* Escape character; -2 = none */ diff --git a/usr.bin/ssh/ssh.1 b/usr.bin/ssh/ssh.1 index d830cfeb2b3..40cb6dfa8b4 100644 --- a/usr.bin/ssh/ssh.1 +++ b/usr.bin/ssh/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.73 2000/12/27 11:51:53 markus Exp $ +.\" $OpenBSD: ssh.1,v 1.74 2000/12/27 12:30:20 markus Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -746,6 +746,12 @@ The default is .It Cm GlobalKnownHostsFile Specifies a file to use instead of .Pa /etc/ssh_known_hosts . +.It Cm HostKeyAlias +Specifies an alias that should be used instead of the +real host name when looking up or saving the host key +the kown_hosts files. +This option is useful for tunneling ssh connection +or if you have multiple servers running on a single host. .It Cm HostName Specifies the real host name to log into. This can be used to specify nicknames or abbreviations for hosts. diff --git a/usr.bin/ssh/sshconnect.c b/usr.bin/ssh/sshconnect.c index a894c7fc166..5672ff939ff 100644 --- a/usr.bin/ssh/sshconnect.c +++ b/usr.bin/ssh/sshconnect.c @@ -13,7 +13,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect.c,v 1.85 2000/12/21 15:10:17 markus Exp $"); +RCSID("$OpenBSD: sshconnect.c,v 1.86 2000/12/27 12:30:20 markus Exp $"); #include <openssl/bn.h> #include <openssl/dsa.h> @@ -491,8 +491,13 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, break; } if (local) { - debug("Forcing accepting of host key for loopback/localhost."); - return; + if (options.host_key_alias == NULL) { + debug("Forcing accepting of host key for " + "loopback/localhost."); + return; + } + if (options.check_host_ip) + options.check_host_ip = 0; } /* @@ -504,7 +509,7 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, if (options.proxy_command == NULL) { if (getnameinfo(hostaddr, hostaddr->sa_len, ntop, sizeof(ntop), - NULL, 0, NI_NUMERICHOST) != 0) + NULL, 0, NI_NUMERICHOST) != 0) fatal("check_host_key: getnameinfo failed"); ip = xstrdup(ntop); } else { @@ -512,6 +517,16 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, } /* + * Allow the user to record the key under a different name. This is + * useful for ssh tunneling over forwarded connections or if you run + * multiple sshd's on different ports on the same machine. + */ + if (options.host_key_alias != NULL) { + host = options.host_key_alias; + debug("using hostkeyalias: %s", host); + } + + /* * Store the host key from the known host file in here so that we can * compare it with the key for the IP address. */ |