- markus@cvs.openbsd.org 2002/11/07 16:28:47
[sshd.c]
log to stderr if -ie is given, bug #414, prj@po.cwru.edu
+ - markus@cvs.openbsd.org 2002/11/07 22:08:07
+ [readconf.c readconf.h ssh-keysign.8 ssh-keysign.c]
+ we cannot use HostbasedAuthentication for enabling ssh-keysign(8),
+ because HostbasedAuthentication might be enabled based on the
+ target host and ssh-keysign(8) does not know the remote hostname
+ and not trust ssh(1) about the hostname, so we add a new option
+ EnableSSHKeysign; ok djm@, report from zierke@informatik.uni-hamburg.de
20021021
- (djm) Bug #400: Kill ssh-rand-helper children on timeout, patch from
*/
#include "includes.h"
-RCSID("$OpenBSD: readconf.c,v 1.100 2002/06/19 00:27:55 deraadt Exp $");
+RCSID("$OpenBSD: readconf.c,v 1.101 2002/11/07 22:08:07 markus Exp $");
#include "ssh.h"
#include "xmalloc.h"
oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,
oHostKeyAlgorithms, oBindAddress, oSmartcardDevice,
oClearAllForwardings, oNoHostAuthenticationForLocalhost,
+ oEnableSSHKeysign,
oDeprecated
} OpCodes;
{ "bindaddress", oBindAddress },
{ "smartcarddevice", oSmartcardDevice },
{ "clearallforwardings", oClearAllForwardings },
+ { "enablesshkeysign", oEnableSSHKeysign },
{ "nohostauthenticationforlocalhost", oNoHostAuthenticationForLocalhost },
{ NULL, oBadOption }
};
*intptr = value;
break;
+ case oEnableSSHKeysign:
+ intptr = &options->enable_ssh_keysign;
+ goto parse_flag;
+
case oDeprecated:
debug("%s line %d: Deprecated option \"%s\"",
filename, linenum, keyword);
options->preferred_authentications = NULL;
options->bind_address = NULL;
options->smartcard_device = NULL;
+ options->enable_ssh_keysign = - 1;
options->no_host_authentication_for_localhost = - 1;
}
clear_forwardings(options);
if (options->no_host_authentication_for_localhost == - 1)
options->no_host_authentication_for_localhost = 0;
+ if (options->enable_ssh_keysign == -1)
+ options->enable_ssh_keysign = 0;
/* options->proxy_command should not be set by default */
/* options->user will be set in the main program if appropriate */
/* options->hostname will be set in the main program if appropriate */
-/* $OpenBSD: readconf.h,v 1.43 2002/06/08 05:17:01 markus Exp $ */
+/* $OpenBSD: readconf.h,v 1.44 2002/11/07 22:08:07 markus Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
int num_remote_forwards;
Forward remote_forwards[SSH_MAX_FORWARDS_PER_DIRECTION];
int clear_forwardings;
+
+ int enable_ssh_keysign;
int no_host_authentication_for_localhost;
} Options;
-.\" $OpenBSD: ssh-keysign.8,v 1.3 2002/07/03 14:21:05 markus Exp $
+.\" $OpenBSD: ssh-keysign.8,v 1.4 2002/11/07 22:08:07 markus Exp $
.\"
.\" Copyright (c) 2002 Markus Friedl. All rights reserved.
.\"
the global client configuration file
.Pa /etc/ssh/ssh_config
by setting
-.Cm HostbasedAuthentication
+.Cm EnableSSHKeysign
to
.Dq yes .
.Pp
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "includes.h"
-RCSID("$OpenBSD: ssh-keysign.c,v 1.7 2002/07/03 14:21:05 markus Exp $");
+RCSID("$OpenBSD: ssh-keysign.c,v 1.8 2002/11/07 22:08:07 markus Exp $");
#include <openssl/evp.h>
#include <openssl/rand.h>
initialize_options(&options);
(void)read_config_file(_PATH_HOST_CONFIG_FILE, "", &options);
fill_default_options(&options);
- if (options.hostbased_authentication != 1)
- fatal("Hostbased authentication not enabled in %s",
+ if (options.enable_ssh_keysign != 1)
+ fatal("ssh-keysign not enabled in %s",
_PATH_HOST_CONFIG_FILE);
if (key_fd[0] == -1 && key_fd[1] == -1)