diff options
-rw-r--r-- | readconf.c | 11 | ||||
-rw-r--r-- | readconf.h | 3 | ||||
-rw-r--r-- | ssh.1 | 5 | ||||
-rw-r--r-- | ssh.c | 18 | ||||
-rw-r--r-- | ssh_config.5 | 29 |
5 files changed, 58 insertions, 8 deletions
diff --git a/readconf.c b/readconf.c index b348c9683..26436b3ac 100644 --- a/readconf.c +++ b/readconf.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: readconf.c,v 1.252 2016/04/15 00:30:19 djm Exp $ */ | 1 | /* $OpenBSD: readconf.c,v 1.253 2016/05/04 12:21:53 markus Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -147,7 +147,7 @@ typedef enum { | |||
147 | oPasswordAuthentication, oRSAAuthentication, | 147 | oPasswordAuthentication, oRSAAuthentication, |
148 | oChallengeResponseAuthentication, oXAuthLocation, | 148 | oChallengeResponseAuthentication, oXAuthLocation, |
149 | oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward, | 149 | oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward, |
150 | oCertificateFile, oAddKeysToAgent, | 150 | oCertificateFile, oAddKeysToAgent, oIdentityAgent, |
151 | oUser, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand, | 151 | oUser, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand, |
152 | oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts, | 152 | oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts, |
153 | oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression, | 153 | oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression, |
@@ -217,6 +217,7 @@ static struct { | |||
217 | { "identitiesonly", oIdentitiesOnly }, | 217 | { "identitiesonly", oIdentitiesOnly }, |
218 | { "certificatefile", oCertificateFile }, | 218 | { "certificatefile", oCertificateFile }, |
219 | { "addkeystoagent", oAddKeysToAgent }, | 219 | { "addkeystoagent", oAddKeysToAgent }, |
220 | { "identityagent", oIdentityAgent }, | ||
220 | { "hostname", oHostName }, | 221 | { "hostname", oHostName }, |
221 | { "hostkeyalias", oHostKeyAlias }, | 222 | { "hostkeyalias", oHostKeyAlias }, |
222 | { "proxycommand", oProxyCommand }, | 223 | { "proxycommand", oProxyCommand }, |
@@ -1636,6 +1637,10 @@ parse_keytypes: | |||
1636 | multistate_ptr = multistate_yesnoaskconfirm; | 1637 | multistate_ptr = multistate_yesnoaskconfirm; |
1637 | goto parse_multistate; | 1638 | goto parse_multistate; |
1638 | 1639 | ||
1640 | case oIdentityAgent: | ||
1641 | charptr = &options->identity_agent; | ||
1642 | goto parse_string; | ||
1643 | |||
1639 | case oDeprecated: | 1644 | case oDeprecated: |
1640 | debug("%s line %d: Deprecated option \"%s\"", | 1645 | debug("%s line %d: Deprecated option \"%s\"", |
1641 | filename, linenum, keyword); | 1646 | filename, linenum, keyword); |
@@ -1814,6 +1819,7 @@ initialize_options(Options * options) | |||
1814 | options->local_command = NULL; | 1819 | options->local_command = NULL; |
1815 | options->permit_local_command = -1; | 1820 | options->permit_local_command = -1; |
1816 | options->add_keys_to_agent = -1; | 1821 | options->add_keys_to_agent = -1; |
1822 | options->identity_agent = NULL; | ||
1817 | options->visual_host_key = -1; | 1823 | options->visual_host_key = -1; |
1818 | options->ip_qos_interactive = -1; | 1824 | options->ip_qos_interactive = -1; |
1819 | options->ip_qos_bulk = -1; | 1825 | options->ip_qos_bulk = -1; |
@@ -2463,6 +2469,7 @@ dump_client_config(Options *o, const char *host) | |||
2463 | dump_cfg_string(oHostKeyAlgorithms, o->hostkeyalgorithms); | 2469 | dump_cfg_string(oHostKeyAlgorithms, o->hostkeyalgorithms); |
2464 | dump_cfg_string(oHostKeyAlias, o->host_key_alias); | 2470 | dump_cfg_string(oHostKeyAlias, o->host_key_alias); |
2465 | dump_cfg_string(oHostbasedKeyTypes, o->hostbased_key_types); | 2471 | dump_cfg_string(oHostbasedKeyTypes, o->hostbased_key_types); |
2472 | dump_cfg_string(oIdentityAgent, o->identity_agent); | ||
2466 | dump_cfg_string(oKbdInteractiveDevices, o->kbd_interactive_devices); | 2473 | dump_cfg_string(oKbdInteractiveDevices, o->kbd_interactive_devices); |
2467 | dump_cfg_string(oKexAlgorithms, o->kex_algorithms ? o->kex_algorithms : KEX_CLIENT_KEX); | 2474 | dump_cfg_string(oKexAlgorithms, o->kex_algorithms ? o->kex_algorithms : KEX_CLIENT_KEX); |
2468 | dump_cfg_string(oLocalCommand, o->local_command); | 2475 | dump_cfg_string(oLocalCommand, o->local_command); |
diff --git a/readconf.h b/readconf.h index 5f4451066..f0e498ea2 100644 --- a/readconf.h +++ b/readconf.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: readconf.h,v 1.114 2016/04/15 00:30:19 djm Exp $ */ | 1 | /* $OpenBSD: readconf.h,v 1.115 2016/05/04 12:21:53 markus Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
@@ -101,6 +101,7 @@ typedef struct { | |||
101 | struct sshkey *certificates[SSH_MAX_CERTIFICATE_FILES]; | 101 | struct sshkey *certificates[SSH_MAX_CERTIFICATE_FILES]; |
102 | 102 | ||
103 | int add_keys_to_agent; | 103 | int add_keys_to_agent; |
104 | char *identity_agent; /* Optional path to ssh-agent socket */ | ||
104 | 105 | ||
105 | /* Local TCP/IP forward requests. */ | 106 | /* Local TCP/IP forward requests. */ |
106 | int num_local_forwards; | 107 | int num_local_forwards; |
@@ -33,8 +33,8 @@ | |||
33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
35 | .\" | 35 | .\" |
36 | .\" $OpenBSD: ssh.1,v 1.370 2016/04/15 00:30:19 djm Exp $ | 36 | .\" $OpenBSD: ssh.1,v 1.371 2016/05/04 12:21:53 markus Exp $ |
37 | .Dd $Mdocdate: April 15 2016 $ | 37 | .Dd $Mdocdate: May 4 2016 $ |
38 | .Dt SSH 1 | 38 | .Dt SSH 1 |
39 | .Os | 39 | .Os |
40 | .Sh NAME | 40 | .Sh NAME |
@@ -501,6 +501,7 @@ For full details of the options listed below, and their possible values, see | |||
501 | .It HostKeyAlgorithms | 501 | .It HostKeyAlgorithms |
502 | .It HostKeyAlias | 502 | .It HostKeyAlias |
503 | .It HostName | 503 | .It HostName |
504 | .It IdentityAgent | ||
504 | .It IdentityFile | 505 | .It IdentityFile |
505 | .It IdentitiesOnly | 506 | .It IdentitiesOnly |
506 | .It Include | 507 | .It Include |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh.c,v 1.438 2016/04/29 08:07:53 djm Exp $ */ | 1 | /* $OpenBSD: ssh.c,v 1.439 2016/05/04 12:21:53 markus Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -1335,6 +1335,22 @@ main(int ac, char **av) | |||
1335 | /* load options.identity_files */ | 1335 | /* load options.identity_files */ |
1336 | load_public_identity_files(); | 1336 | load_public_identity_files(); |
1337 | 1337 | ||
1338 | /* optionally set the SSH_AUTHSOCKET_ENV_NAME varibale */ | ||
1339 | if (options.identity_agent) { | ||
1340 | if (strcmp(options.identity_agent, "none") == 0) { | ||
1341 | unsetenv(SSH_AUTHSOCKET_ENV_NAME); | ||
1342 | } else { | ||
1343 | p = tilde_expand_filename(options.identity_agent, | ||
1344 | original_real_uid); | ||
1345 | cp = percent_expand(p, "d", pw->pw_dir, | ||
1346 | "u", pw->pw_name, "l", thishost, "h", host, | ||
1347 | "r", options.user, (char *)NULL); | ||
1348 | setenv(SSH_AUTHSOCKET_ENV_NAME, cp, 1); | ||
1349 | free(cp); | ||
1350 | free(p); | ||
1351 | } | ||
1352 | } | ||
1353 | |||
1338 | /* Expand ~ in known host file names. */ | 1354 | /* Expand ~ in known host file names. */ |
1339 | tilde_expand_paths(options.system_hostfiles, | 1355 | tilde_expand_paths(options.system_hostfiles, |
1340 | options.num_system_hostfiles); | 1356 | options.num_system_hostfiles); |
diff --git a/ssh_config.5 b/ssh_config.5 index 10650e1bc..be790114a 100644 --- a/ssh_config.5 +++ b/ssh_config.5 | |||
@@ -33,8 +33,8 @@ | |||
33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
35 | .\" | 35 | .\" |
36 | .\" $OpenBSD: ssh_config.5,v 1.230 2016/04/17 14:34:46 jmc Exp $ | 36 | .\" $OpenBSD: ssh_config.5,v 1.231 2016/05/04 12:21:53 markus Exp $ |
37 | .Dd $Mdocdate: April 17 2016 $ | 37 | .Dd $Mdocdate: May 4 2016 $ |
38 | .Dt SSH_CONFIG 5 | 38 | .Dt SSH_CONFIG 5 |
39 | .Os | 39 | .Os |
40 | .Sh NAME | 40 | .Sh NAME |
@@ -952,6 +952,31 @@ This option is intended for situations where ssh-agent | |||
952 | offers many different identities. | 952 | offers many different identities. |
953 | The default is | 953 | The default is |
954 | .Dq no . | 954 | .Dq no . |
955 | .It Cm IdentityAgent | ||
956 | Specifies the | ||
957 | .Ux Ns -domain | ||
958 | socket used to communicate with the authentication agent. | ||
959 | .Pp | ||
960 | This option overrides the | ||
961 | .Dq SSH_AUTH_SOCK | ||
962 | environment variable and can be used to select a specific agent. | ||
963 | Setting the socket name to | ||
964 | .Dq none | ||
965 | disables the use of an authentication agent. | ||
966 | .Pp | ||
967 | The socket name may use the tilde | ||
968 | syntax to refer to a user's home directory or one of the following | ||
969 | escape characters: | ||
970 | .Ql %d | ||
971 | (local user's home directory), | ||
972 | .Ql %u | ||
973 | (local user name), | ||
974 | .Ql %l | ||
975 | (local host name), | ||
976 | .Ql %h | ||
977 | (remote host name) or | ||
978 | .Ql %r | ||
979 | (remote user name). | ||
955 | .It Cm IdentityFile | 980 | .It Cm IdentityFile |
956 | Specifies a file from which the user's DSA, ECDSA, Ed25519 or RSA authentication | 981 | Specifies a file from which the user's DSA, ECDSA, Ed25519 or RSA authentication |
957 | identity is read. | 982 | identity is read. |