summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDamien Miller <djm@mindrot.org>2004-03-08 23:12:36 +1100
committerDamien Miller <djm@mindrot.org>2004-03-08 23:12:36 +1100
commitbd394c329b2356cc29fe76cc02ff1c63d3e8cd3c (patch)
treeec0bdc10f33a4dad4bb1da30092c35981b867878
parentc0f27d8782ecb76c7b83ba1fb047b9ca696b2071 (diff)
- markus@cvs.openbsd.org 2004/03/05 10:53:58
[readconf.c readconf.h scp.1 sftp.1 ssh.1 ssh_config.5 sshconnect2.c] add IdentitiesOnly; ok djm@, pb@
-rw-r--r--ChangeLog5
-rw-r--r--readconf.c12
-rw-r--r--readconf.h3
-rw-r--r--scp.13
-rw-r--r--sftp.13
-rw-r--r--ssh.13
-rw-r--r--ssh_config.520
-rw-r--r--sshconnect2.c4
8 files changed, 43 insertions, 10 deletions
diff --git a/ChangeLog b/ChangeLog
index 4ad86f200..f9ea2e959 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -20,6 +20,9 @@
20 - djm@cvs.openbsd.org 2004/03/03 09:31:20 20 - djm@cvs.openbsd.org 2004/03/03 09:31:20
21 [sftp.c] 21 [sftp.c]
22 Fix initialisation of progress meter; ok markus@ 22 Fix initialisation of progress meter; ok markus@
23 - markus@cvs.openbsd.org 2004/03/05 10:53:58
24 [readconf.c readconf.h scp.1 sftp.1 ssh.1 ssh_config.5 sshconnect2.c]
25 add IdentitiesOnly; ok djm@, pb@
23 26
2420040307 2720040307
25 - (tim) [regress/login-timeout.sh] fix building outside of source tree. 28 - (tim) [regress/login-timeout.sh] fix building outside of source tree.
@@ -880,4 +883,4 @@
880 - (djm) Trim deprecated options from INSTALL. Mention UsePAM 883 - (djm) Trim deprecated options from INSTALL. Mention UsePAM
881 - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu 884 - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
882 885
883$Id: ChangeLog,v 1.3282 2004/03/08 12:12:19 djm Exp $ 886$Id: ChangeLog,v 1.3283 2004/03/08 12:12:36 djm Exp $
diff --git a/readconf.c b/readconf.c
index 2591e0dba..ce0d1f753 100644
--- a/readconf.c
+++ b/readconf.c
@@ -12,7 +12,7 @@
12 */ 12 */
13 13
14#include "includes.h" 14#include "includes.h"
15RCSID("$OpenBSD: readconf.c,v 1.127 2003/12/16 15:49:51 markus Exp $"); 15RCSID("$OpenBSD: readconf.c,v 1.128 2004/03/05 10:53:58 markus Exp $");
16 16
17#include "ssh.h" 17#include "ssh.h"
18#include "xmalloc.h" 18#include "xmalloc.h"
@@ -105,7 +105,7 @@ typedef enum {
105 oClearAllForwardings, oNoHostAuthenticationForLocalhost, 105 oClearAllForwardings, oNoHostAuthenticationForLocalhost,
106 oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout, 106 oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout,
107 oAddressFamily, oGssAuthentication, oGssDelegateCreds, 107 oAddressFamily, oGssAuthentication, oGssDelegateCreds,
108 oServerAliveInterval, oServerAliveCountMax, 108 oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly,
109 oDeprecated, oUnsupported 109 oDeprecated, oUnsupported
110} OpCodes; 110} OpCodes;
111 111
@@ -147,6 +147,7 @@ static struct {
147 { "usersh", oDeprecated }, 147 { "usersh", oDeprecated },
148 { "identityfile", oIdentityFile }, 148 { "identityfile", oIdentityFile },
149 { "identityfile2", oIdentityFile }, /* alias */ 149 { "identityfile2", oIdentityFile }, /* alias */
150 { "identitiesonly", oIdentitiesOnly },
150 { "hostname", oHostName }, 151 { "hostname", oHostName },
151 { "hostkeyalias", oHostKeyAlias }, 152 { "hostkeyalias", oHostKeyAlias },
152 { "proxycommand", oProxyCommand }, 153 { "proxycommand", oProxyCommand },
@@ -736,6 +737,10 @@ parse_int:
736 intptr = &options->enable_ssh_keysign; 737 intptr = &options->enable_ssh_keysign;
737 goto parse_flag; 738 goto parse_flag;
738 739
740 case oIdentitiesOnly:
741 intptr = &options->identities_only;
742 goto parse_flag;
743
739 case oServerAliveInterval: 744 case oServerAliveInterval:
740 intptr = &options->server_alive_interval; 745 intptr = &options->server_alive_interval;
741 goto parse_time; 746 goto parse_time;
@@ -869,6 +874,7 @@ initialize_options(Options * options)
869 options->smartcard_device = NULL; 874 options->smartcard_device = NULL;
870 options->enable_ssh_keysign = - 1; 875 options->enable_ssh_keysign = - 1;
871 options->no_host_authentication_for_localhost = - 1; 876 options->no_host_authentication_for_localhost = - 1;
877 options->identities_only = - 1;
872 options->rekey_limit = - 1; 878 options->rekey_limit = - 1;
873 options->verify_host_key_dns = -1; 879 options->verify_host_key_dns = -1;
874 options->server_alive_interval = -1; 880 options->server_alive_interval = -1;
@@ -981,6 +987,8 @@ fill_default_options(Options * options)
981 clear_forwardings(options); 987 clear_forwardings(options);
982 if (options->no_host_authentication_for_localhost == - 1) 988 if (options->no_host_authentication_for_localhost == - 1)
983 options->no_host_authentication_for_localhost = 0; 989 options->no_host_authentication_for_localhost = 0;
990 if (options->identities_only == -1)
991 options->identities_only = 0;
984 if (options->enable_ssh_keysign == -1) 992 if (options->enable_ssh_keysign == -1)
985 options->enable_ssh_keysign = 0; 993 options->enable_ssh_keysign = 0;
986 if (options->rekey_limit == -1) 994 if (options->rekey_limit == -1)
diff --git a/readconf.h b/readconf.h
index 3f27af961..93d833cee 100644
--- a/readconf.h
+++ b/readconf.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: readconf.h,v 1.59 2003/12/16 15:49:51 markus Exp $ */ 1/* $OpenBSD: readconf.h,v 1.60 2004/03/05 10:53:58 markus Exp $ */
2 2
3/* 3/*
4 * Author: Tatu Ylonen <ylo@cs.hut.fi> 4 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -100,6 +100,7 @@ typedef struct {
100 int enable_ssh_keysign; 100 int enable_ssh_keysign;
101 int rekey_limit; 101 int rekey_limit;
102 int no_host_authentication_for_localhost; 102 int no_host_authentication_for_localhost;
103 int identities_only;
103 int server_alive_interval; 104 int server_alive_interval;
104 int server_alive_count_max; 105 int server_alive_count_max;
105} Options; 106} Options;
diff --git a/scp.1 b/scp.1
index f5ca1e45a..5a3221127 100644
--- a/scp.1
+++ b/scp.1
@@ -9,7 +9,7 @@
9.\" 9.\"
10.\" Created: Sun May 7 00:14:37 1995 ylo 10.\" Created: Sun May 7 00:14:37 1995 ylo
11.\" 11.\"
12.\" $OpenBSD: scp.1,v 1.32 2003/12/16 15:49:51 markus Exp $ 12.\" $OpenBSD: scp.1,v 1.33 2004/03/05 10:53:58 markus Exp $
13.\" 13.\"
14.Dd September 25, 1999 14.Dd September 25, 1999
15.Dt SCP 1 15.Dt SCP 1
@@ -137,6 +137,7 @@ For full details of the options listed below, and their possible values, see
137.It HostKeyAlias 137.It HostKeyAlias
138.It HostName 138.It HostName
139.It IdentityFile 139.It IdentityFile
140.It IdentitiesOnly
140.It LogLevel 141.It LogLevel
141.It MACs 142.It MACs
142.It NoHostAuthenticationForLocalhost 143.It NoHostAuthenticationForLocalhost
diff --git a/sftp.1 b/sftp.1
index 2a67a888e..b2cab0cda 100644
--- a/sftp.1
+++ b/sftp.1
@@ -1,4 +1,4 @@
1.\" $OpenBSD: sftp.1,v 1.51 2004/01/13 12:17:33 jmc Exp $ 1.\" $OpenBSD: sftp.1,v 1.52 2004/03/05 10:53:58 markus Exp $
2.\" 2.\"
3.\" Copyright (c) 2001 Damien Miller. All rights reserved. 3.\" Copyright (c) 2001 Damien Miller. All rights reserved.
4.\" 4.\"
@@ -163,6 +163,7 @@ For full details of the options listed below, and their possible values, see
163.It HostKeyAlias 163.It HostKeyAlias
164.It HostName 164.It HostName
165.It IdentityFile 165.It IdentityFile
166.It IdentitiesOnly
166.It LogLevel 167.It LogLevel
167.It MACs 168.It MACs
168.It NoHostAuthenticationForLocalhost 169.It NoHostAuthenticationForLocalhost
diff --git a/ssh.1 b/ssh.1
index e2cd5d343..31eb66c97 100644
--- a/ssh.1
+++ b/ssh.1
@@ -34,7 +34,7 @@
34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36.\" 36.\"
37.\" $OpenBSD: ssh.1,v 1.181 2003/12/16 15:49:51 markus Exp $ 37.\" $OpenBSD: ssh.1,v 1.182 2004/03/05 10:53:58 markus Exp $
38.Dd September 25, 1999 38.Dd September 25, 1999
39.Dt SSH 1 39.Dt SSH 1
40.Os 40.Os
@@ -634,6 +634,7 @@ For full details of the options listed below, and their possible values, see
634.It HostKeyAlias 634.It HostKeyAlias
635.It HostName 635.It HostName
636.It IdentityFile 636.It IdentityFile
637.It IdentitiesOnly
637.It LocalForward 638.It LocalForward
638.It LogLevel 639.It LogLevel
639.It MACs 640.It MACs
diff --git a/ssh_config.5 b/ssh_config.5
index 210da059b..05581ece4 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -34,7 +34,7 @@
34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36.\" 36.\"
37.\" $OpenBSD: ssh_config.5,v 1.28 2003/12/16 15:49:51 markus Exp $ 37.\" $OpenBSD: ssh_config.5,v 1.29 2004/03/05 10:53:58 markus Exp $
38.Dd September 25, 1999 38.Dd September 25, 1999
39.Dt SSH_CONFIG 5 39.Dt SSH_CONFIG 5
40.Os 40.Os
@@ -406,6 +406,24 @@ syntax to refer to a user's home directory.
406It is possible to have 406It is possible to have
407multiple identity files specified in configuration files; all these 407multiple identity files specified in configuration files; all these
408identities will be tried in sequence. 408identities will be tried in sequence.
409.It Cm IdentitiesOnly
410Specifies that
411.Nm ssh
412should only use the authentication identity files configured in the
413.Nm
414files,
415even if the
416.Nm ssh-agent
417offers more identities.
418The argument to this keyword must be
419.Dq yes
420or
421.Dq no .
422This option is intented for situations where
423.Nm ssh-agent
424offers many different identities.
425The default is
426.Dq no .
409.It Cm LocalForward 427.It Cm LocalForward
410Specifies that a TCP/IP port on the local machine be forwarded over 428Specifies that a TCP/IP port on the local machine be forwarded over
411the secure channel to the specified host and port from the remote machine. 429the secure channel to the specified host and port from the remote machine.
diff --git a/sshconnect2.c b/sshconnect2.c
index 3a218113c..c261dfd18 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -23,7 +23,7 @@
23 */ 23 */
24 24
25#include "includes.h" 25#include "includes.h"
26RCSID("$OpenBSD: sshconnect2.c,v 1.134 2004/01/19 21:25:15 markus Exp $"); 26RCSID("$OpenBSD: sshconnect2.c,v 1.135 2004/03/05 10:53:58 markus Exp $");
27 27
28#include "openbsd-compat/sys-queue.h" 28#include "openbsd-compat/sys-queue.h"
29 29
@@ -1044,7 +1044,7 @@ pubkey_prepare(Authctxt *authctxt)
1044 break; 1044 break;
1045 } 1045 }
1046 } 1046 }
1047 if (!found) { 1047 if (!found && !options.identities_only) {
1048 id = xmalloc(sizeof(*id)); 1048 id = xmalloc(sizeof(*id));
1049 memset(id, 0, sizeof(*id)); 1049 memset(id, 0, sizeof(*id));
1050 id->key = key; 1050 id->key = key;