From 13a0dcff571ffb601fae462e963f690e3b3bb072 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 17 Jul 2020 03:43:43 +0000 Subject: Add a '%k' TOKEN that expands to the effective HostKey of the destination. This allows, eg, keeping host keys in individual files using "UserKnownHostsFile ~/.ssh/known_hosts.d/%k". bz#1654, ok djm@, jmc@ (man page bits) --- usr.bin/ssh/ssh.c | 5 ++++- usr.bin/ssh/ssh_config | 3 ++- usr.bin/ssh/ssh_config.5 | 5 ++++- usr.bin/ssh/sshconnect.c | 5 ++++- 4 files changed, 14 insertions(+), 4 deletions(-) (limited to 'usr.bin/ssh') diff --git a/usr.bin/ssh/ssh.c b/usr.bin/ssh/ssh.c index 34def8473d8..701e8a8a21d 100644 --- a/usr.bin/ssh/ssh.c +++ b/usr.bin/ssh/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.532 2020/07/17 03:23:10 dtucker Exp $ */ +/* $OpenBSD: ssh.c,v 1.533 2020/07/17 03:43:42 dtucker Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -160,6 +160,7 @@ char *forward_agent_sock_path = NULL; /* Various strings used to to percent_expand() arguments */ static char thishost[NI_MAXHOST], shorthost[NI_MAXHOST], portstr[NI_MAXSERV]; static char uidstr[32], *host_arg, *conn_hash_hex; +static const char *keyalias; /* socket address the host resolves to */ struct sockaddr_storage hostaddr; @@ -219,6 +220,7 @@ tilde_expand_paths(char **paths, u_int num_paths) "C", conn_hash_hex, \ "L", shorthost, \ "i", uidstr, \ + "k", keyalias, \ "l", thishost, \ "n", host_arg, \ "p", portstr @@ -1359,6 +1361,7 @@ main(int ac, char **av) snprintf(portstr, sizeof(portstr), "%d", options.port); snprintf(uidstr, sizeof(uidstr), "%llu", (unsigned long long)pw->pw_uid); + keyalias = options.host_key_alias ? options.host_key_alias : host_arg; conn_hash_hex = ssh_connection_hash(thishost, host, portstr, options.user); diff --git a/usr.bin/ssh/ssh_config b/usr.bin/ssh/ssh_config index 40f9d3924f1..fec5b080640 100644 --- a/usr.bin/ssh/ssh_config +++ b/usr.bin/ssh/ssh_config @@ -1,4 +1,4 @@ -# $OpenBSD: ssh_config,v 1.34 2019/02/04 02:39:42 dtucker Exp $ +# $OpenBSD: ssh_config,v 1.35 2020/07/17 03:43:42 dtucker Exp $ # This is the ssh client system-wide configuration file. See # ssh_config(5) for more information. This file provides defaults for @@ -41,3 +41,4 @@ # VisualHostKey no # ProxyCommand ssh -q -W %h:%p gateway.example.com # RekeyLimit 1G 1h +# UserKnownHostsFile ~/.ssh/known_hosts.d/%k diff --git a/usr.bin/ssh/ssh_config.5 b/usr.bin/ssh/ssh_config.5 index 13ac08166db..0ddf4350107 100644 --- a/usr.bin/ssh/ssh_config.5 +++ b/usr.bin/ssh/ssh_config.5 @@ -33,7 +33,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.329 2020/07/17 03:23:10 dtucker Exp $ +.\" $OpenBSD: ssh_config.5,v 1.330 2020/07/17 03:43:42 dtucker Exp $ .Dd $Mdocdate: July 17 2020 $ .Dt SSH_CONFIG 5 .Os @@ -1851,6 +1851,9 @@ Local user's home directory. The remote hostname. .It %i The local user ID. +.It %k +The host key alias if specified, otherwise the orignal remote hostname given +on the command line. .It %L The local hostname. .It %l diff --git a/usr.bin/ssh/sshconnect.c b/usr.bin/ssh/sshconnect.c index a598c3a4cb4..3b17241794b 100644 --- a/usr.bin/ssh/sshconnect.c +++ b/usr.bin/ssh/sshconnect.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.c,v 1.329 2020/03/13 04:01:56 djm Exp $ */ +/* $OpenBSD: sshconnect.c,v 1.330 2020/07/17 03:43:42 dtucker Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -77,11 +77,14 @@ expand_proxy_command(const char *proxy_command, const char *user, const char *host, const char *host_arg, int port) { char *tmp, *ret, strport[NI_MAXSERV]; + const char *keyalias = options.host_key_alias ? + options.host_key_alias : host_arg; snprintf(strport, sizeof strport, "%d", port); xasprintf(&tmp, "exec %s", proxy_command); ret = percent_expand(tmp, "h", host, + "k", keyalias, "n", host_arg, "p", strport, "r", options.user, -- cgit v1.2.3