- (djm) Merge OpenBSD changes:

   - markus@cvs.openbsd.org  2000/11/06 16:04:56
     [channels.c channels.h clientloop.c nchan.c serverloop.c]
     [session.c ssh.c]
     agent forwarding and -R for ssh2, based on work from
     jhuuskon@messi.uku.fi
   - markus@cvs.openbsd.org  2000/11/06 16:13:27
     [ssh.c sshconnect.c sshd.c]
     do not disabled rhosts(rsa) if server port > 1024; from
     pekkas@netcore.fi
   - markus@cvs.openbsd.org  2000/11/06 16:16:35
     [sshconnect.c]
     downgrade client to 1.3 if server is 1.4; help from mdb@juniper.net
   - markus@cvs.openbsd.org  2000/11/09 18:04:40
     [auth1.c]
     typo; from mouring@pconline.com
   - markus@cvs.openbsd.org  2000/11/12 12:03:28
     [ssh-agent.c]
     off-by-one when removing a key from the agent
   - markus@cvs.openbsd.org  2000/11/12 12:50:39
     [auth-rh-rsa.c auth2.c authfd.c authfd.h]
     [authfile.c hostfile.c kex.c kex.h key.c key.h myproposal.h]
     [readconf.c readconf.h rsa.c rsa.h servconf.c servconf.h ssh-add.c]
     [ssh-agent.c ssh-keygen.1 ssh-keygen.c ssh.1 ssh.c ssh_config]
     [sshconnect1.c sshconnect2.c sshd.8 sshd.c sshd_config ssh-dss.c]
     [ssh-dss.h ssh-rsa.c ssh-rsa.h dsa.c dsa.h]
     add support for RSA to SSH2.  please test.
     there are now 3 types of keys: RSA1 is used by ssh-1 only,
     RSA and DSA are used by SSH2.
     you can use 'ssh-keygen -t rsa -f ssh2_rsa_file' to generate RSA
     keys for SSH2 and use the RSA keys for hostkeys or for user keys.
     SSH2 RSA or DSA keys are added to .ssh/authorised_keys2 as before.
 - (djm) Fix up Makefile and Redhat init script to create RSA host keys
 - (djm) Change to interim version

1 files changed, 5 insertions, 4 deletions

diff --git a/servconf.h b/servconf.h
index 0188b9b89..3ecf6a00d 100644
--- a/servconf.h
+++ b/servconf.h
@@ -11,7 +11,7 @@
  * called by a name other than "ssh" or "Secure Shell".
  */
 
-/* RCSID("$OpenBSD: servconf.h,v 1.30 2000/10/14 12:12:09 markus Exp $"); */
+/* RCSID("$OpenBSD: servconf.h,v 1.31 2000/11/12 19:50:38 markus Exp $"); */
 
 #ifndef SERVCONF_H
 #define SERVCONF_H
@@ -23,6 +23,7 @@
 #define MAX_ALLOW_GROUPS        256     /* Max # groups on allow list. */
 #define MAX_DENY_GROUPS         256     /* Max # groups on deny list. */
 #define MAX_SUBSYSTEMS          256     /* Max # subsystems. */
+#define MAX_HOSTKEYS            256     /* Max # hostkeys. */
 
 typedef struct {
         unsigned int num_ports;
@@ -30,8 +31,8 @@ typedef struct {
         u_short ports[MAX_PORTS];       /* Port number to listen on. */
         char   *listen_addr;            /* Address on which the server listens. */
         struct addrinfo *listen_addrs;  /* Addresses on which the server listens. */
-        char   *host_key_file;  /* File containing host key. */
-        char   *host_dsa_key_file;      /* File containing dsa host key. */
+        char   *host_key_files[MAX_HOSTKEYS];   /* Files containing host keys. */
+        int     num_host_key_files;     /* Number of files for host keys. */
         char   *pid_file;       /* Where to put our pid */
         int     server_key_bits;/* Size of the server key. */
         int     login_grace_time;       /* Disconnect if no auth in this time
@@ -59,7 +60,7 @@ typedef struct {
         int     rhosts_rsa_authentication;      /* If true, permit rhosts RSA
                                                  * authentication. */
         int     rsa_authentication;     /* If true, permit RSA authentication. */
-        int     dsa_authentication;     /* If true, permit DSA authentication. */
+        int     pubkey_authentication;  /* If true, permit ssh2 pubkey authentication. */
 #ifdef KRB4
         int     kerberos_authentication;        /* If true, permit Kerberos
                                                  * authentication. */