upstream: Add a '%k' TOKEN that expands to the effective HostKey of

the destination.  This allows, eg, keeping host keys in individual files
using "UserKnownHostsFile ~/.ssh/known_hosts.d/%k". bz#1654, ok djm@, jmc@
(man page bits)

OpenBSD-Commit-ID: 7084d723c9cc987a5c47194219efd099af5beadc

4 files changed, 14 insertions, 4 deletions

diff --git a/ssh.c b/ssh.c
index 5c93c3d2f..93e5c4831 100644
--- a/ssh.c
+++ b/ssh.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh.c,v 1.532 2020/07/17 03:23:10 dtucker Exp $ */
+/* $OpenBSD: ssh.c,v 1.533 2020/07/17 03:43:42 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -176,6 +176,7 @@ char *forward_agent_sock_path = NULL;
 /* Various strings used to to percent_expand() arguments */
 static char thishost[NI_MAXHOST], shorthost[NI_MAXHOST], portstr[NI_MAXSERV];
 static char uidstr[32], *host_arg, *conn_hash_hex;
+static const char *keyalias;
 
 /* socket address the host resolves to */
 struct sockaddr_storage hostaddr;
@@ -235,6 +236,7 @@ tilde_expand_paths(char **paths, u_int num_paths)
     "C", conn_hash_hex, \
     "L", shorthost, \
     "i", uidstr, \
+    "k", keyalias, \
     "l", thishost, \
     "n", host_arg, \
     "p", portstr
@@ -1380,6 +1382,7 @@ main(int ac, char **av)
         snprintf(portstr, sizeof(portstr), "%d", options.port);
         snprintf(uidstr, sizeof(uidstr), "%llu",
             (unsigned long long)pw->pw_uid);
+        keyalias = options.host_key_alias ? options.host_key_alias : host_arg;
 
         conn_hash_hex = ssh_connection_hash(thishost, host, portstr,
             options.user);
diff --git a/ssh_config b/ssh_config
index 5e8ef548b..842ea866c 100644
--- a/ssh_config
+++ b/ssh_config
@@ -1,4 +1,4 @@
-#       $OpenBSD: ssh_config,v 1.34 2019/02/04 02:39:42 dtucker Exp $
+#       $OpenBSD: ssh_config,v 1.35 2020/07/17 03:43:42 dtucker Exp $
 
 # This is the ssh client system-wide configuration file.  See
 # ssh_config(5) for more information.  This file provides defaults for
@@ -43,3 +43,4 @@
 #   VisualHostKey no
 #   ProxyCommand ssh -q -W %h:%p gateway.example.com
 #   RekeyLimit 1G 1h
+#   UserKnownHostsFile ~/.ssh/known_hosts.d/%k
diff --git a/ssh_config.5 b/ssh_config.5
index fce59d13a..523ee6973 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -33,7 +33,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh_config.5,v 1.329 2020/07/17 03:23:10 dtucker Exp $
+.\" $OpenBSD: ssh_config.5,v 1.330 2020/07/17 03:43:42 dtucker Exp $
 .Dd $Mdocdate: July 17 2020 $
 .Dt SSH_CONFIG 5
 .Os
@@ -1850,6 +1850,9 @@ Local user's home directory.
 The remote hostname.
 .It %i
 The local user ID.
+.It %k
+The host key alias if specified, otherwise the orignal remote hostname given
+on the command line.
 .It %L
 The local hostname.
 .It %l
diff --git a/sshconnect.c b/sshconnect.c
index af08be415..f6d8a1bcf 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect.c,v 1.329 2020/03/13 04:01:56 djm Exp $ */
+/* $OpenBSD: sshconnect.c,v 1.330 2020/07/17 03:43:42 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -89,11 +89,14 @@ expand_proxy_command(const char *proxy_command, const char *user,
     const char *host, const char *host_arg, int port)
 {
         char *tmp, *ret, strport[NI_MAXSERV];
+        const char *keyalias = options.host_key_alias ?
+             options.host_key_alias : host_arg;
 
         snprintf(strport, sizeof strport, "%d", port);
         xasprintf(&tmp, "exec %s", proxy_command);
         ret = percent_expand(tmp,
             "h", host,
+            "k", keyalias,
             "n", host_arg,
             "p", strport,
             "r", options.user,