[readconf.c readconf.h ssh.1 ssh.c]
add 'SmartcardDevice' client option to specify which smartcard device
is used to access a smartcard used for storing the user's private RSA
key. ok markus@.
- jakob@cvs.openbsd.org 2001/07/31 08:41:10
[scard.c]
do not complain about missing smartcards. ok markus@
- jakob@cvs.openbsd.org 2001/07/31 08:41:10
[scard.c]
do not complain about missing smartcards. ok markus@
+ - jakob@cvs.openbsd.org 2001/07/31 09:28:44
+ [readconf.c readconf.h ssh.1 ssh.c]
+ add 'SmartcardDevice' client option to specify which smartcard device
+ is used to access a smartcard used for storing the user's private RSA
+ key. ok markus@.
20010803
- (djm) Fix interrupted read in entropy gatherer. Spotted by markus@ on
20010803
- (djm) Fix interrupted read in entropy gatherer. Spotted by markus@ on
-RCSID("$OpenBSD: readconf.c,v 1.84 2001/07/25 14:35:18 markus Exp $");
+RCSID("$OpenBSD: readconf.c,v 1.85 2001/07/31 09:28:44 jakob Exp $");
#include "ssh.h"
#include "xmalloc.h"
#include "ssh.h"
#include "xmalloc.h"
oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication,
oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias,
oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,
oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication,
oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias,
oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,
- oHostKeyAlgorithms, oBindAddress
+ oHostKeyAlgorithms, oBindAddress, oSmartcardDevice
} OpCodes;
/* Textual representations of the tokens. */
} OpCodes;
/* Textual representations of the tokens. */
{ "preferredauthentications", oPreferredAuthentications },
{ "hostkeyalgorithms", oHostKeyAlgorithms },
{ "bindaddress", oBindAddress },
{ "preferredauthentications", oPreferredAuthentications },
{ "hostkeyalgorithms", oHostKeyAlgorithms },
{ "bindaddress", oBindAddress },
+ { "smartcarddevice", oSmartcardDevice },
charptr = &options->bind_address;
goto parse_string;
charptr = &options->bind_address;
goto parse_string;
+ case oSmartcardDevice:
+ intptr = &options->smartcard_device;
+ goto parse_int;
+
case oProxyCommand:
charptr = &options->proxy_command;
while ((arg = strdelim(&s)) != NULL && *arg != '\0') {
case oProxyCommand:
charptr = &options->proxy_command;
while ((arg = strdelim(&s)) != NULL && *arg != '\0') {
options->log_level = (LogLevel) - 1;
options->preferred_authentications = NULL;
options->bind_address = NULL;
options->log_level = (LogLevel) - 1;
options->preferred_authentications = NULL;
options->bind_address = NULL;
+ options->smartcard_device = -1;
* called by a name other than "ssh" or "Secure Shell".
*/
* called by a name other than "ssh" or "Secure Shell".
*/
-/* RCSID("$OpenBSD: readconf.h,v 1.35 2001/06/26 17:27:24 markus Exp $"); */
+/* RCSID("$OpenBSD: readconf.h,v 1.36 2001/07/31 09:28:44 jakob Exp $"); */
#ifndef READCONF_H
#define READCONF_H
#ifndef READCONF_H
#define READCONF_H
char *user_hostfile2;
char *preferred_authentications;
char *bind_address; /* local socket address for connection to sshd */
char *user_hostfile2;
char *preferred_authentications;
char *bind_address; /* local socket address for connection to sshd */
+ int smartcard_device; /* Smartcard reader device */
int num_identity_files; /* Number of files for RSA/DSA identities. */
char *identity_files[SSH_MAX_IDENTITY_FILES];
int num_identity_files; /* Number of files for RSA/DSA identities. */
char *identity_files[SSH_MAX_IDENTITY_FILES];
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: ssh.1,v 1.124 2001/07/25 14:35:18 markus Exp $
+.\" $OpenBSD: ssh.1,v 1.125 2001/07/31 09:28:44 jakob Exp $
.Dd September 25, 1999
.Dt SSH 1
.Os
.Dd September 25, 1999
.Dt SSH 1
.Os
.Fl i
options (and multiple identities specified in
configuration files).
.Fl i
options (and multiple identities specified in
configuration files).
+.It Fl I Ar smartcard_device
+Specifies which smartcard device to use. The argument is
+the device
+.Nm
+should use to communicate with a smartcard used for storing the user's
+private RSA key.
.It Fl k
Disables forwarding of Kerberos tickets and AFS tokens.
This may also be specified on a per-host basis in the configuration file.
.It Fl k
Disables forwarding of Kerberos tickets and AFS tokens.
This may also be specified on a per-host basis in the configuration file.
.Dq no .
The default is
.Dq yes .
.Dq no .
The default is
.Dq yes .
+.It Cm SmartcardDevice
+Specifies which smartcard device to use. The argument to this keyword is
+the device
+.Nm
+should use to communicate with a smartcard used for storing the user's
+private RSA key. By default, no device is specified and smartcard support
+is not activated.
.It Cm StrictHostKeyChecking
If this flag is set to
.Dq yes ,
.It Cm StrictHostKeyChecking
If this flag is set to
.Dq yes ,
-RCSID("$OpenBSD: ssh.c,v 1.131 2001/07/27 14:50:45 millert Exp $");
+RCSID("$OpenBSD: ssh.c,v 1.132 2001/07/31 09:28:44 jakob Exp $");
#include <openssl/evp.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/err.h>
/* Should we execute a command or invoke a subsystem? */
int subsystem_flag = 0;
/* Should we execute a command or invoke a subsystem? */
int subsystem_flag = 0;
-#ifdef SMARTCARD
-/* Smartcard reader id */
-int sc_reader_num = -1;
-#endif
-
/* Prints a help message to the user. This function never returns. */
static void
/* Prints a help message to the user. This function never returns. */
static void
break;
case 'I':
#ifdef SMARTCARD
break;
case 'I':
#ifdef SMARTCARD
- sc_reader_num = atoi(optarg);
+ options.smartcard_device = atoi(optarg);
#else
fprintf(stderr, "no support for smartcards.\n");
#endif
#else
fprintf(stderr, "no support for smartcards.\n");
#endif
int i = 0;
#ifdef SMARTCARD
int i = 0;
#ifdef SMARTCARD
- if (sc_reader_num != -1 &&
+ if (options.smartcard_device >= 0 &&
options.num_identity_files + 1 < SSH_MAX_IDENTITY_FILES &&
options.num_identity_files + 1 < SSH_MAX_IDENTITY_FILES &&
- (public = sc_get_key(sc_reader_num)) != NULL ) {
+ (public = sc_get_key(options.smartcard_device)) != NULL ) {
Key *new;
if (options.num_identity_files + 2 > SSH_MAX_IDENTITY_FILES)
Key *new;
if (options.num_identity_files + 2 > SSH_MAX_IDENTITY_FILES)