diff options
author | Damien Miller <djm@mindrot.org> | 2004-03-08 23:12:36 +1100 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2004-03-08 23:12:36 +1100 |
commit | bd394c329b2356cc29fe76cc02ff1c63d3e8cd3c (patch) | |
tree | ec0bdc10f33a4dad4bb1da30092c35981b867878 | |
parent | c0f27d8782ecb76c7b83ba1fb047b9ca696b2071 (diff) |
- markus@cvs.openbsd.org 2004/03/05 10:53:58
[readconf.c readconf.h scp.1 sftp.1 ssh.1 ssh_config.5 sshconnect2.c]
add IdentitiesOnly; ok djm@, pb@
-rw-r--r-- | ChangeLog | 5 | ||||
-rw-r--r-- | readconf.c | 12 | ||||
-rw-r--r-- | readconf.h | 3 | ||||
-rw-r--r-- | scp.1 | 3 | ||||
-rw-r--r-- | sftp.1 | 3 | ||||
-rw-r--r-- | ssh.1 | 3 | ||||
-rw-r--r-- | ssh_config.5 | 20 | ||||
-rw-r--r-- | sshconnect2.c | 4 |
8 files changed, 43 insertions, 10 deletions
@@ -20,6 +20,9 @@ | |||
20 | - djm@cvs.openbsd.org 2004/03/03 09:31:20 | 20 | - djm@cvs.openbsd.org 2004/03/03 09:31:20 |
21 | [sftp.c] | 21 | [sftp.c] |
22 | Fix initialisation of progress meter; ok markus@ | 22 | Fix initialisation of progress meter; ok markus@ |
23 | - markus@cvs.openbsd.org 2004/03/05 10:53:58 | ||
24 | [readconf.c readconf.h scp.1 sftp.1 ssh.1 ssh_config.5 sshconnect2.c] | ||
25 | add IdentitiesOnly; ok djm@, pb@ | ||
23 | 26 | ||
24 | 20040307 | 27 | 20040307 |
25 | - (tim) [regress/login-timeout.sh] fix building outside of source tree. | 28 | - (tim) [regress/login-timeout.sh] fix building outside of source tree. |
@@ -880,4 +883,4 @@ | |||
880 | - (djm) Trim deprecated options from INSTALL. Mention UsePAM | 883 | - (djm) Trim deprecated options from INSTALL. Mention UsePAM |
881 | - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu | 884 | - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu |
882 | 885 | ||
883 | $Id: ChangeLog,v 1.3282 2004/03/08 12:12:19 djm Exp $ | 886 | $Id: ChangeLog,v 1.3283 2004/03/08 12:12:36 djm Exp $ |
diff --git a/readconf.c b/readconf.c index 2591e0dba..ce0d1f753 100644 --- a/readconf.c +++ b/readconf.c | |||
@@ -12,7 +12,7 @@ | |||
12 | */ | 12 | */ |
13 | 13 | ||
14 | #include "includes.h" | 14 | #include "includes.h" |
15 | RCSID("$OpenBSD: readconf.c,v 1.127 2003/12/16 15:49:51 markus Exp $"); | 15 | RCSID("$OpenBSD: readconf.c,v 1.128 2004/03/05 10:53:58 markus Exp $"); |
16 | 16 | ||
17 | #include "ssh.h" | 17 | #include "ssh.h" |
18 | #include "xmalloc.h" | 18 | #include "xmalloc.h" |
@@ -105,7 +105,7 @@ typedef enum { | |||
105 | oClearAllForwardings, oNoHostAuthenticationForLocalhost, | 105 | oClearAllForwardings, oNoHostAuthenticationForLocalhost, |
106 | oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout, | 106 | oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout, |
107 | oAddressFamily, oGssAuthentication, oGssDelegateCreds, | 107 | oAddressFamily, oGssAuthentication, oGssDelegateCreds, |
108 | oServerAliveInterval, oServerAliveCountMax, | 108 | oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, |
109 | oDeprecated, oUnsupported | 109 | oDeprecated, oUnsupported |
110 | } OpCodes; | 110 | } OpCodes; |
111 | 111 | ||
@@ -147,6 +147,7 @@ static struct { | |||
147 | { "usersh", oDeprecated }, | 147 | { "usersh", oDeprecated }, |
148 | { "identityfile", oIdentityFile }, | 148 | { "identityfile", oIdentityFile }, |
149 | { "identityfile2", oIdentityFile }, /* alias */ | 149 | { "identityfile2", oIdentityFile }, /* alias */ |
150 | { "identitiesonly", oIdentitiesOnly }, | ||
150 | { "hostname", oHostName }, | 151 | { "hostname", oHostName }, |
151 | { "hostkeyalias", oHostKeyAlias }, | 152 | { "hostkeyalias", oHostKeyAlias }, |
152 | { "proxycommand", oProxyCommand }, | 153 | { "proxycommand", oProxyCommand }, |
@@ -736,6 +737,10 @@ parse_int: | |||
736 | intptr = &options->enable_ssh_keysign; | 737 | intptr = &options->enable_ssh_keysign; |
737 | goto parse_flag; | 738 | goto parse_flag; |
738 | 739 | ||
740 | case oIdentitiesOnly: | ||
741 | intptr = &options->identities_only; | ||
742 | goto parse_flag; | ||
743 | |||
739 | case oServerAliveInterval: | 744 | case oServerAliveInterval: |
740 | intptr = &options->server_alive_interval; | 745 | intptr = &options->server_alive_interval; |
741 | goto parse_time; | 746 | goto parse_time; |
@@ -869,6 +874,7 @@ initialize_options(Options * options) | |||
869 | options->smartcard_device = NULL; | 874 | options->smartcard_device = NULL; |
870 | options->enable_ssh_keysign = - 1; | 875 | options->enable_ssh_keysign = - 1; |
871 | options->no_host_authentication_for_localhost = - 1; | 876 | options->no_host_authentication_for_localhost = - 1; |
877 | options->identities_only = - 1; | ||
872 | options->rekey_limit = - 1; | 878 | options->rekey_limit = - 1; |
873 | options->verify_host_key_dns = -1; | 879 | options->verify_host_key_dns = -1; |
874 | options->server_alive_interval = -1; | 880 | options->server_alive_interval = -1; |
@@ -981,6 +987,8 @@ fill_default_options(Options * options) | |||
981 | clear_forwardings(options); | 987 | clear_forwardings(options); |
982 | if (options->no_host_authentication_for_localhost == - 1) | 988 | if (options->no_host_authentication_for_localhost == - 1) |
983 | options->no_host_authentication_for_localhost = 0; | 989 | options->no_host_authentication_for_localhost = 0; |
990 | if (options->identities_only == -1) | ||
991 | options->identities_only = 0; | ||
984 | if (options->enable_ssh_keysign == -1) | 992 | if (options->enable_ssh_keysign == -1) |
985 | options->enable_ssh_keysign = 0; | 993 | options->enable_ssh_keysign = 0; |
986 | if (options->rekey_limit == -1) | 994 | if (options->rekey_limit == -1) |
diff --git a/readconf.h b/readconf.h index 3f27af961..93d833cee 100644 --- a/readconf.h +++ b/readconf.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: readconf.h,v 1.59 2003/12/16 15:49:51 markus Exp $ */ | 1 | /* $OpenBSD: readconf.h,v 1.60 2004/03/05 10:53:58 markus Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
@@ -100,6 +100,7 @@ typedef struct { | |||
100 | int enable_ssh_keysign; | 100 | int enable_ssh_keysign; |
101 | int rekey_limit; | 101 | int rekey_limit; |
102 | int no_host_authentication_for_localhost; | 102 | int no_host_authentication_for_localhost; |
103 | int identities_only; | ||
103 | int server_alive_interval; | 104 | int server_alive_interval; |
104 | int server_alive_count_max; | 105 | int server_alive_count_max; |
105 | } Options; | 106 | } Options; |
@@ -9,7 +9,7 @@ | |||
9 | .\" | 9 | .\" |
10 | .\" Created: Sun May 7 00:14:37 1995 ylo | 10 | .\" Created: Sun May 7 00:14:37 1995 ylo |
11 | .\" | 11 | .\" |
12 | .\" $OpenBSD: scp.1,v 1.32 2003/12/16 15:49:51 markus Exp $ | 12 | .\" $OpenBSD: scp.1,v 1.33 2004/03/05 10:53:58 markus Exp $ |
13 | .\" | 13 | .\" |
14 | .Dd September 25, 1999 | 14 | .Dd September 25, 1999 |
15 | .Dt SCP 1 | 15 | .Dt SCP 1 |
@@ -137,6 +137,7 @@ For full details of the options listed below, and their possible values, see | |||
137 | .It HostKeyAlias | 137 | .It HostKeyAlias |
138 | .It HostName | 138 | .It HostName |
139 | .It IdentityFile | 139 | .It IdentityFile |
140 | .It IdentitiesOnly | ||
140 | .It LogLevel | 141 | .It LogLevel |
141 | .It MACs | 142 | .It MACs |
142 | .It NoHostAuthenticationForLocalhost | 143 | .It NoHostAuthenticationForLocalhost |
@@ -1,4 +1,4 @@ | |||
1 | .\" $OpenBSD: sftp.1,v 1.51 2004/01/13 12:17:33 jmc Exp $ | 1 | .\" $OpenBSD: sftp.1,v 1.52 2004/03/05 10:53:58 markus Exp $ |
2 | .\" | 2 | .\" |
3 | .\" Copyright (c) 2001 Damien Miller. All rights reserved. | 3 | .\" Copyright (c) 2001 Damien Miller. All rights reserved. |
4 | .\" | 4 | .\" |
@@ -163,6 +163,7 @@ For full details of the options listed below, and their possible values, see | |||
163 | .It HostKeyAlias | 163 | .It HostKeyAlias |
164 | .It HostName | 164 | .It HostName |
165 | .It IdentityFile | 165 | .It IdentityFile |
166 | .It IdentitiesOnly | ||
166 | .It LogLevel | 167 | .It LogLevel |
167 | .It MACs | 168 | .It MACs |
168 | .It NoHostAuthenticationForLocalhost | 169 | .It NoHostAuthenticationForLocalhost |
@@ -34,7 +34,7 @@ | |||
34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
36 | .\" | 36 | .\" |
37 | .\" $OpenBSD: ssh.1,v 1.181 2003/12/16 15:49:51 markus Exp $ | 37 | .\" $OpenBSD: ssh.1,v 1.182 2004/03/05 10:53:58 markus Exp $ |
38 | .Dd September 25, 1999 | 38 | .Dd September 25, 1999 |
39 | .Dt SSH 1 | 39 | .Dt SSH 1 |
40 | .Os | 40 | .Os |
@@ -634,6 +634,7 @@ For full details of the options listed below, and their possible values, see | |||
634 | .It HostKeyAlias | 634 | .It HostKeyAlias |
635 | .It HostName | 635 | .It HostName |
636 | .It IdentityFile | 636 | .It IdentityFile |
637 | .It IdentitiesOnly | ||
637 | .It LocalForward | 638 | .It LocalForward |
638 | .It LogLevel | 639 | .It LogLevel |
639 | .It MACs | 640 | .It MACs |
diff --git a/ssh_config.5 b/ssh_config.5 index 210da059b..05581ece4 100644 --- a/ssh_config.5 +++ b/ssh_config.5 | |||
@@ -34,7 +34,7 @@ | |||
34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
36 | .\" | 36 | .\" |
37 | .\" $OpenBSD: ssh_config.5,v 1.28 2003/12/16 15:49:51 markus Exp $ | 37 | .\" $OpenBSD: ssh_config.5,v 1.29 2004/03/05 10:53:58 markus Exp $ |
38 | .Dd September 25, 1999 | 38 | .Dd September 25, 1999 |
39 | .Dt SSH_CONFIG 5 | 39 | .Dt SSH_CONFIG 5 |
40 | .Os | 40 | .Os |
@@ -406,6 +406,24 @@ syntax to refer to a user's home directory. | |||
406 | It is possible to have | 406 | It is possible to have |
407 | multiple identity files specified in configuration files; all these | 407 | multiple identity files specified in configuration files; all these |
408 | identities will be tried in sequence. | 408 | identities will be tried in sequence. |
409 | .It Cm IdentitiesOnly | ||
410 | Specifies that | ||
411 | .Nm ssh | ||
412 | should only use the authentication identity files configured in the | ||
413 | .Nm | ||
414 | files, | ||
415 | even if the | ||
416 | .Nm ssh-agent | ||
417 | offers more identities. | ||
418 | The argument to this keyword must be | ||
419 | .Dq yes | ||
420 | or | ||
421 | .Dq no . | ||
422 | This option is intented for situations where | ||
423 | .Nm ssh-agent | ||
424 | offers many different identities. | ||
425 | The default is | ||
426 | .Dq no . | ||
409 | .It Cm LocalForward | 427 | .It Cm LocalForward |
410 | Specifies that a TCP/IP port on the local machine be forwarded over | 428 | Specifies that a TCP/IP port on the local machine be forwarded over |
411 | the secure channel to the specified host and port from the remote machine. | 429 | the secure channel to the specified host and port from the remote machine. |
diff --git a/sshconnect2.c b/sshconnect2.c index 3a218113c..c261dfd18 100644 --- a/sshconnect2.c +++ b/sshconnect2.c | |||
@@ -23,7 +23,7 @@ | |||
23 | */ | 23 | */ |
24 | 24 | ||
25 | #include "includes.h" | 25 | #include "includes.h" |
26 | RCSID("$OpenBSD: sshconnect2.c,v 1.134 2004/01/19 21:25:15 markus Exp $"); | 26 | RCSID("$OpenBSD: sshconnect2.c,v 1.135 2004/03/05 10:53:58 markus Exp $"); |
27 | 27 | ||
28 | #include "openbsd-compat/sys-queue.h" | 28 | #include "openbsd-compat/sys-queue.h" |
29 | 29 | ||
@@ -1044,7 +1044,7 @@ pubkey_prepare(Authctxt *authctxt) | |||
1044 | break; | 1044 | break; |
1045 | } | 1045 | } |
1046 | } | 1046 | } |
1047 | if (!found) { | 1047 | if (!found && !options.identities_only) { |
1048 | id = xmalloc(sizeof(*id)); | 1048 | id = xmalloc(sizeof(*id)); |
1049 | memset(id, 0, sizeof(*id)); | 1049 | memset(id, 0, sizeof(*id)); |
1050 | id->key = key; | 1050 | id->key = key; |