[ssh-keygen.1 ssh-keygen.c sshd.8]
increase default rsa/dsa key length from 1024 to 2048 bits;
ok markus@ deraadt@
+ - djm@cvs.openbsd.org 2005/06/08 11:25:09
+ [clientloop.c readconf.c readconf.h ssh.c ssh_config.5]
+ add ControlMaster=auto/autoask options to support opportunistic
+ multiplexing; tested avsm@ and jakob@, ok markus@
20050609
- (dtucker) [cipher.c openbsd-compat/Makefile.in
*/
#include "includes.h"
-RCSID("$OpenBSD: clientloop.c,v 1.136 2005/03/10 22:01:05 deraadt Exp $");
+RCSID("$OpenBSD: clientloop.c,v 1.137 2005/06/08 11:25:09 djm Exp $");
#include "ssh.h"
#include "ssh1.h"
switch (command) {
case SSHMUX_COMMAND_OPEN:
- if (options.control_master == 2)
+ if (options.control_master == SSHCTL_MASTER_ASK ||
+ options.control_master == SSHCTL_MASTER_AUTO_ASK)
allowed = ask_permission("Allow shared connection "
"to %s? ", host);
/* continue below */
break;
case SSHMUX_COMMAND_TERMINATE:
- if (options.control_master == 2)
+ if (options.control_master == SSHCTL_MASTER_ASK ||
+ options.control_master == SSHCTL_MASTER_AUTO_ASK)
allowed = ask_permission("Terminate shared connection "
"to %s? ", host);
if (allowed)
*/
#include "includes.h"
-RCSID("$OpenBSD: readconf.c,v 1.140 2005/05/16 15:30:51 markus Exp $");
+RCSID("$OpenBSD: readconf.c,v 1.141 2005/06/08 11:25:09 djm Exp $");
#include "ssh.h"
#include "xmalloc.h"
case oControlMaster:
intptr = &options->control_master;
- goto parse_yesnoask;
+ arg = strdelim(&s);
+ if (!arg || *arg == '\0')
+ fatal("%.200s line %d: Missing ControlMaster argument.",
+ filename, linenum);
+ value = 0; /* To avoid compiler warning... */
+ if (strcmp(arg, "yes") == 0 || strcmp(arg, "true") == 0)
+ value = SSHCTL_MASTER_YES;
+ else if (strcmp(arg, "no") == 0 || strcmp(arg, "false") == 0)
+ value = SSHCTL_MASTER_NO;
+ else if (strcmp(arg, "auto") == 0)
+ value = SSHCTL_MASTER_AUTO;
+ else if (strcmp(arg, "ask") == 0)
+ value = SSHCTL_MASTER_ASK;
+ else if (strcmp(arg, "autoask") == 0)
+ value = SSHCTL_MASTER_AUTO_ASK;
+ else
+ fatal("%.200s line %d: Bad ControlMaster argument.",
+ filename, linenum);
+ if (*activep && *intptr == -1)
+ *intptr = value;
+ break;
case oHashKnownHosts:
intptr = &options->hash_known_hosts;
-/* $OpenBSD: readconf.h,v 1.66 2005/03/01 10:40:27 djm Exp $ */
+/* $OpenBSD: readconf.h,v 1.67 2005/06/08 11:25:09 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
int hash_known_hosts;
} Options;
+#define SSHCTL_MASTER_NO 0
+#define SSHCTL_MASTER_YES 1
+#define SSHCTL_MASTER_AUTO 2
+#define SSHCTL_MASTER_ASK 3
+#define SSHCTL_MASTER_AUTO_ASK 4
void initialize_options(Options *);
void fill_default_options(Options *);
*/
#include "includes.h"
-RCSID("$OpenBSD: ssh.c,v 1.241 2005/06/06 11:20:36 djm Exp $");
+RCSID("$OpenBSD: ssh.c,v 1.242 2005/06/08 11:25:09 djm Exp $");
#include <openssl/evp.h>
#include <openssl/err.h>
}
break;
case 'M':
- options.control_master =
- (options.control_master >= 1) ? 2 : 1;
+ if (options.control_master == SSHCTL_MASTER_YES)
+ options.control_master = SSHCTL_MASTER_ASK;
+ else
+ options.control_master = SSHCTL_MASTER_YES;
break;
case 'p':
options.port = a2port(optarg);
}
if (mux_command != 0 && options.control_path == NULL)
fatal("No ControlPath specified for \"-O\" command");
- if (options.control_path != NULL && options.control_master == 0) {
- if (mux_command == 0)
- mux_command = SSHMUX_COMMAND_OPEN;
+ if (options.control_path != NULL)
control_client(options.control_path);
- }
/* Open a connection to the remote host. */
if (ssh_connect(host, &hostaddr, options.port,
mode_t old_umask;
int addr_len;
- if (options.control_path == NULL || options.control_master <= 0)
+ if (options.control_path == NULL ||
+ options.control_master == SSHCTL_MASTER_NO)
return;
+ debug("setting up multiplex master socket");
+
memset(&addr, '\0', sizeof(addr));
addr.sun_family = AF_UNIX;
addr_len = offsetof(struct sockaddr_un, sun_path) +
extern char **environ;
u_int flags;
+ if (mux_command == 0)
+ mux_command = SSHMUX_COMMAND_OPEN;
+
+ switch (options.control_master) {
+ case SSHCTL_MASTER_AUTO:
+ case SSHCTL_MASTER_AUTO_ASK:
+ debug("auto-mux: Trying existing master");
+ /* FALLTHROUGH */
+ case SSHCTL_MASTER_NO:
+ break;
+ default:
+ return;
+ }
+
memset(&addr, '\0', sizeof(addr));
addr.sun_family = AF_UNIX;
addr_len = offsetof(struct sockaddr_un, sun_path) +
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: ssh_config.5,v 1.55 2005/06/06 11:20:36 djm Exp $
+.\" $OpenBSD: ssh_config.5,v 1.56 2005/06/08 11:25:09 djm Exp $
.Dd September 25, 1999
.Dt SSH_CONFIG 5
.Os
can not be opened,
.Nm ssh
will continue without connecting to a master instance.
+.Pp
+Two additional options allow for opportunistic multiplexing: try to use a
+master connection but fall back to creating a new one if one does not already
+exist.
+These options are:
+.Dq auto
+and
+.Dq autoask .
+The latter requires confirmation like the
+.Dq ask
+option.
.It Cm ControlPath
Specify the path to the control socket used for connection sharing as described
in the
the port and
.Ql %r
by the remote login username.
+It is recommended that any
+.Cm ControlPath
+used for opportunistic connection sharing include
+all three of these escape sequences.
+This ensures that shared connections are uniquely identified.
.It Cm DynamicForward
Specifies that a TCP/IP port on the local machine be forwarded
over the secure channel, and the application