summaryrefslogtreecommitdiff
path: root/usr.bin
diff options
context:
space:
mode:
authorMarkus Friedl <markus@cvs.openbsd.org>2000-12-27 12:30:21 +0000
committerMarkus Friedl <markus@cvs.openbsd.org>2000-12-27 12:30:21 +0000
commit138ff6783f1d8745ac932c76c2f3e7bffeed398f (patch)
tree3be5b09097a7e78256b288ea069f4da2337655ae /usr.bin
parent68d9515c7a8f6bee0b9c61e7a870f4c363e823e3 (diff)
new option: HostKeyAlias: allows the user to record the host key
under a different name. This is useful for ssh tunneling over forwarded connections or if you run multiple sshd's on different ports on the same machine.
Diffstat (limited to 'usr.bin')
-rw-r--r--usr.bin/ssh/readconf.c11
-rw-r--r--usr.bin/ssh/readconf.h3
-rw-r--r--usr.bin/ssh/ssh.18
-rw-r--r--usr.bin/ssh/sshconnect.c23
4 files changed, 37 insertions, 8 deletions
diff --git a/usr.bin/ssh/readconf.c b/usr.bin/ssh/readconf.c
index bb5277f1d93..59268f413c1 100644
--- a/usr.bin/ssh/readconf.c
+++ b/usr.bin/ssh/readconf.c
@@ -12,7 +12,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: readconf.c,v 1.51 2000/12/19 23:17:57 markus Exp $");
+RCSID("$OpenBSD: readconf.c,v 1.52 2000/12/27 12:30:19 markus Exp $");
#include "ssh.h"
#include "readconf.h"
@@ -103,7 +103,7 @@ typedef enum {
oCompressionLevel, oKeepAlives, oNumberOfPasswordPrompts, oTISAuthentication,
oUsePrivilegedPort, oLogLevel, oCiphers, oProtocol,
oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication,
- oKbdInteractiveAuthentication, oKbdInteractiveDevices
+ oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias
} OpCodes;
/* Textual representations of the tokens. */
@@ -137,6 +137,7 @@ static struct {
{ "identityfile", oIdentityFile },
{ "identityfile2", oIdentityFile }, /* alias */
{ "hostname", oHostName },
+ { "hostkeyalias", oHostKeyAlias },
{ "proxycommand", oProxyCommand },
{ "port", oPort },
{ "cipher", oCipher },
@@ -433,6 +434,10 @@ parse_string:
charptr = &options->hostname;
goto parse_string;
+ case oHostKeyAlias:
+ charptr = &options->host_key_alias;
+ goto parse_string;
+
case oProxyCommand:
charptr = &options->proxy_command;
string = xstrdup("");
@@ -687,6 +692,7 @@ initialize_options(Options * options)
options->protocol = SSH_PROTO_UNKNOWN;
options->num_identity_files = 0;
options->hostname = NULL;
+ options->host_key_alias = NULL;
options->proxy_command = NULL;
options->user = NULL;
options->escape_char = -1;
@@ -800,4 +806,5 @@ fill_default_options(Options * options)
/* options->proxy_command should not be set by default */
/* options->user will be set in the main program if appropriate */
/* options->hostname will be set in the main program if appropriate */
+ /* options->host_key_alias should not be set by default */
}
diff --git a/usr.bin/ssh/readconf.h b/usr.bin/ssh/readconf.h
index 85d937d8716..08ff70839e8 100644
--- a/usr.bin/ssh/readconf.h
+++ b/usr.bin/ssh/readconf.h
@@ -11,7 +11,7 @@
* called by a name other than "ssh" or "Secure Shell".
*/
-/* RCSID("$OpenBSD: readconf.h,v 1.23 2000/11/12 19:50:37 markus Exp $"); */
+/* RCSID("$OpenBSD: readconf.h,v 1.24 2000/12/27 12:30:20 markus Exp $"); */
#ifndef READCONF_H
#define READCONF_H
@@ -69,6 +69,7 @@ typedef struct {
char *ciphers; /* SSH2 ciphers in order of preference. */
int protocol; /* Protocol in order of preference. */
char *hostname; /* Real host to connect. */
+ char *host_key_alias; /* hostname alias for .ssh/known_hosts */
char *proxy_command; /* Proxy command for connecting the host. */
char *user; /* User to log in as. */
int escape_char; /* Escape character; -2 = none */
diff --git a/usr.bin/ssh/ssh.1 b/usr.bin/ssh/ssh.1
index d830cfeb2b3..40cb6dfa8b4 100644
--- a/usr.bin/ssh/ssh.1
+++ b/usr.bin/ssh/ssh.1
@@ -34,7 +34,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: ssh.1,v 1.73 2000/12/27 11:51:53 markus Exp $
+.\" $OpenBSD: ssh.1,v 1.74 2000/12/27 12:30:20 markus Exp $
.Dd September 25, 1999
.Dt SSH 1
.Os
@@ -746,6 +746,12 @@ The default is
.It Cm GlobalKnownHostsFile
Specifies a file to use instead of
.Pa /etc/ssh_known_hosts .
+.It Cm HostKeyAlias
+Specifies an alias that should be used instead of the
+real host name when looking up or saving the host key
+the kown_hosts files.
+This option is useful for tunneling ssh connection
+or if you have multiple servers running on a single host.
.It Cm HostName
Specifies the real host name to log into.
This can be used to specify nicknames or abbreviations for hosts.
diff --git a/usr.bin/ssh/sshconnect.c b/usr.bin/ssh/sshconnect.c
index a894c7fc166..5672ff939ff 100644
--- a/usr.bin/ssh/sshconnect.c
+++ b/usr.bin/ssh/sshconnect.c
@@ -13,7 +13,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: sshconnect.c,v 1.85 2000/12/21 15:10:17 markus Exp $");
+RCSID("$OpenBSD: sshconnect.c,v 1.86 2000/12/27 12:30:20 markus Exp $");
#include <openssl/bn.h>
#include <openssl/dsa.h>
@@ -491,8 +491,13 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
break;
}
if (local) {
- debug("Forcing accepting of host key for loopback/localhost.");
- return;
+ if (options.host_key_alias == NULL) {
+ debug("Forcing accepting of host key for "
+ "loopback/localhost.");
+ return;
+ }
+ if (options.check_host_ip)
+ options.check_host_ip = 0;
}
/*
@@ -504,7 +509,7 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
if (options.proxy_command == NULL) {
if (getnameinfo(hostaddr, hostaddr->sa_len, ntop, sizeof(ntop),
- NULL, 0, NI_NUMERICHOST) != 0)
+ NULL, 0, NI_NUMERICHOST) != 0)
fatal("check_host_key: getnameinfo failed");
ip = xstrdup(ntop);
} else {
@@ -512,6 +517,16 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
}
/*
+ * Allow the user to record the key under a different name. This is
+ * useful for ssh tunneling over forwarded connections or if you run
+ * multiple sshd's on different ports on the same machine.
+ */
+ if (options.host_key_alias != NULL) {
+ host = options.host_key_alias;
+ debug("using hostkeyalias: %s", host);
+ }
+
+ /*
* Store the host key from the known host file in here so that we can
* compare it with the key for the IP address.
*/