diff options
| -rw-r--r-- | ChangeLog | 5 | ||||
| -rw-r--r-- | readconf.c | 12 | ||||
| -rw-r--r-- | readconf.h | 3 | ||||
| -rw-r--r-- | scp.1 | 3 | ||||
| -rw-r--r-- | sftp.1 | 3 | ||||
| -rw-r--r-- | ssh.1 | 3 | ||||
| -rw-r--r-- | ssh_config.5 | 20 | ||||
| -rw-r--r-- | sshconnect2.c | 4 |
8 files changed, 43 insertions, 10 deletions
| @@ -20,6 +20,9 @@ | |||
| 20 | - djm@cvs.openbsd.org 2004/03/03 09:31:20 | 20 | - djm@cvs.openbsd.org 2004/03/03 09:31:20 |
| 21 | [sftp.c] | 21 | [sftp.c] |
| 22 | Fix initialisation of progress meter; ok markus@ | 22 | Fix initialisation of progress meter; ok markus@ |
| 23 | - markus@cvs.openbsd.org 2004/03/05 10:53:58 | ||
| 24 | [readconf.c readconf.h scp.1 sftp.1 ssh.1 ssh_config.5 sshconnect2.c] | ||
| 25 | add IdentitiesOnly; ok djm@, pb@ | ||
| 23 | 26 | ||
| 24 | 20040307 | 27 | 20040307 |
| 25 | - (tim) [regress/login-timeout.sh] fix building outside of source tree. | 28 | - (tim) [regress/login-timeout.sh] fix building outside of source tree. |
| @@ -880,4 +883,4 @@ | |||
| 880 | - (djm) Trim deprecated options from INSTALL. Mention UsePAM | 883 | - (djm) Trim deprecated options from INSTALL. Mention UsePAM |
| 881 | - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu | 884 | - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu |
| 882 | 885 | ||
| 883 | $Id: ChangeLog,v 1.3282 2004/03/08 12:12:19 djm Exp $ | 886 | $Id: ChangeLog,v 1.3283 2004/03/08 12:12:36 djm Exp $ |
diff --git a/readconf.c b/readconf.c index 2591e0dba..ce0d1f753 100644 --- a/readconf.c +++ b/readconf.c | |||
| @@ -12,7 +12,7 @@ | |||
| 12 | */ | 12 | */ |
| 13 | 13 | ||
| 14 | #include "includes.h" | 14 | #include "includes.h" |
| 15 | RCSID("$OpenBSD: readconf.c,v 1.127 2003/12/16 15:49:51 markus Exp $"); | 15 | RCSID("$OpenBSD: readconf.c,v 1.128 2004/03/05 10:53:58 markus Exp $"); |
| 16 | 16 | ||
| 17 | #include "ssh.h" | 17 | #include "ssh.h" |
| 18 | #include "xmalloc.h" | 18 | #include "xmalloc.h" |
| @@ -105,7 +105,7 @@ typedef enum { | |||
| 105 | oClearAllForwardings, oNoHostAuthenticationForLocalhost, | 105 | oClearAllForwardings, oNoHostAuthenticationForLocalhost, |
| 106 | oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout, | 106 | oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout, |
| 107 | oAddressFamily, oGssAuthentication, oGssDelegateCreds, | 107 | oAddressFamily, oGssAuthentication, oGssDelegateCreds, |
| 108 | oServerAliveInterval, oServerAliveCountMax, | 108 | oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, |
| 109 | oDeprecated, oUnsupported | 109 | oDeprecated, oUnsupported |
| 110 | } OpCodes; | 110 | } OpCodes; |
| 111 | 111 | ||
| @@ -147,6 +147,7 @@ static struct { | |||
| 147 | { "usersh", oDeprecated }, | 147 | { "usersh", oDeprecated }, |
| 148 | { "identityfile", oIdentityFile }, | 148 | { "identityfile", oIdentityFile }, |
| 149 | { "identityfile2", oIdentityFile }, /* alias */ | 149 | { "identityfile2", oIdentityFile }, /* alias */ |
| 150 | { "identitiesonly", oIdentitiesOnly }, | ||
| 150 | { "hostname", oHostName }, | 151 | { "hostname", oHostName }, |
| 151 | { "hostkeyalias", oHostKeyAlias }, | 152 | { "hostkeyalias", oHostKeyAlias }, |
| 152 | { "proxycommand", oProxyCommand }, | 153 | { "proxycommand", oProxyCommand }, |
| @@ -736,6 +737,10 @@ parse_int: | |||
| 736 | intptr = &options->enable_ssh_keysign; | 737 | intptr = &options->enable_ssh_keysign; |
| 737 | goto parse_flag; | 738 | goto parse_flag; |
| 738 | 739 | ||
| 740 | case oIdentitiesOnly: | ||
| 741 | intptr = &options->identities_only; | ||
| 742 | goto parse_flag; | ||
| 743 | |||
| 739 | case oServerAliveInterval: | 744 | case oServerAliveInterval: |
| 740 | intptr = &options->server_alive_interval; | 745 | intptr = &options->server_alive_interval; |
| 741 | goto parse_time; | 746 | goto parse_time; |
| @@ -869,6 +874,7 @@ initialize_options(Options * options) | |||
| 869 | options->smartcard_device = NULL; | 874 | options->smartcard_device = NULL; |
| 870 | options->enable_ssh_keysign = - 1; | 875 | options->enable_ssh_keysign = - 1; |
| 871 | options->no_host_authentication_for_localhost = - 1; | 876 | options->no_host_authentication_for_localhost = - 1; |
| 877 | options->identities_only = - 1; | ||
| 872 | options->rekey_limit = - 1; | 878 | options->rekey_limit = - 1; |
| 873 | options->verify_host_key_dns = -1; | 879 | options->verify_host_key_dns = -1; |
| 874 | options->server_alive_interval = -1; | 880 | options->server_alive_interval = -1; |
| @@ -981,6 +987,8 @@ fill_default_options(Options * options) | |||
| 981 | clear_forwardings(options); | 987 | clear_forwardings(options); |
| 982 | if (options->no_host_authentication_for_localhost == - 1) | 988 | if (options->no_host_authentication_for_localhost == - 1) |
| 983 | options->no_host_authentication_for_localhost = 0; | 989 | options->no_host_authentication_for_localhost = 0; |
| 990 | if (options->identities_only == -1) | ||
| 991 | options->identities_only = 0; | ||
| 984 | if (options->enable_ssh_keysign == -1) | 992 | if (options->enable_ssh_keysign == -1) |
| 985 | options->enable_ssh_keysign = 0; | 993 | options->enable_ssh_keysign = 0; |
| 986 | if (options->rekey_limit == -1) | 994 | if (options->rekey_limit == -1) |
diff --git a/readconf.h b/readconf.h index 3f27af961..93d833cee 100644 --- a/readconf.h +++ b/readconf.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: readconf.h,v 1.59 2003/12/16 15:49:51 markus Exp $ */ | 1 | /* $OpenBSD: readconf.h,v 1.60 2004/03/05 10:53:58 markus Exp $ */ |
| 2 | 2 | ||
| 3 | /* | 3 | /* |
| 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| @@ -100,6 +100,7 @@ typedef struct { | |||
| 100 | int enable_ssh_keysign; | 100 | int enable_ssh_keysign; |
| 101 | int rekey_limit; | 101 | int rekey_limit; |
| 102 | int no_host_authentication_for_localhost; | 102 | int no_host_authentication_for_localhost; |
| 103 | int identities_only; | ||
| 103 | int server_alive_interval; | 104 | int server_alive_interval; |
| 104 | int server_alive_count_max; | 105 | int server_alive_count_max; |
| 105 | } Options; | 106 | } Options; |
| @@ -9,7 +9,7 @@ | |||
| 9 | .\" | 9 | .\" |
| 10 | .\" Created: Sun May 7 00:14:37 1995 ylo | 10 | .\" Created: Sun May 7 00:14:37 1995 ylo |
| 11 | .\" | 11 | .\" |
| 12 | .\" $OpenBSD: scp.1,v 1.32 2003/12/16 15:49:51 markus Exp $ | 12 | .\" $OpenBSD: scp.1,v 1.33 2004/03/05 10:53:58 markus Exp $ |
| 13 | .\" | 13 | .\" |
| 14 | .Dd September 25, 1999 | 14 | .Dd September 25, 1999 |
| 15 | .Dt SCP 1 | 15 | .Dt SCP 1 |
| @@ -137,6 +137,7 @@ For full details of the options listed below, and their possible values, see | |||
| 137 | .It HostKeyAlias | 137 | .It HostKeyAlias |
| 138 | .It HostName | 138 | .It HostName |
| 139 | .It IdentityFile | 139 | .It IdentityFile |
| 140 | .It IdentitiesOnly | ||
| 140 | .It LogLevel | 141 | .It LogLevel |
| 141 | .It MACs | 142 | .It MACs |
| 142 | .It NoHostAuthenticationForLocalhost | 143 | .It NoHostAuthenticationForLocalhost |
| @@ -1,4 +1,4 @@ | |||
| 1 | .\" $OpenBSD: sftp.1,v 1.51 2004/01/13 12:17:33 jmc Exp $ | 1 | .\" $OpenBSD: sftp.1,v 1.52 2004/03/05 10:53:58 markus Exp $ |
| 2 | .\" | 2 | .\" |
| 3 | .\" Copyright (c) 2001 Damien Miller. All rights reserved. | 3 | .\" Copyright (c) 2001 Damien Miller. All rights reserved. |
| 4 | .\" | 4 | .\" |
| @@ -163,6 +163,7 @@ For full details of the options listed below, and their possible values, see | |||
| 163 | .It HostKeyAlias | 163 | .It HostKeyAlias |
| 164 | .It HostName | 164 | .It HostName |
| 165 | .It IdentityFile | 165 | .It IdentityFile |
| 166 | .It IdentitiesOnly | ||
| 166 | .It LogLevel | 167 | .It LogLevel |
| 167 | .It MACs | 168 | .It MACs |
| 168 | .It NoHostAuthenticationForLocalhost | 169 | .It NoHostAuthenticationForLocalhost |
| @@ -34,7 +34,7 @@ | |||
| 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
| 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 36 | .\" | 36 | .\" |
| 37 | .\" $OpenBSD: ssh.1,v 1.181 2003/12/16 15:49:51 markus Exp $ | 37 | .\" $OpenBSD: ssh.1,v 1.182 2004/03/05 10:53:58 markus Exp $ |
| 38 | .Dd September 25, 1999 | 38 | .Dd September 25, 1999 |
| 39 | .Dt SSH 1 | 39 | .Dt SSH 1 |
| 40 | .Os | 40 | .Os |
| @@ -634,6 +634,7 @@ For full details of the options listed below, and their possible values, see | |||
| 634 | .It HostKeyAlias | 634 | .It HostKeyAlias |
| 635 | .It HostName | 635 | .It HostName |
| 636 | .It IdentityFile | 636 | .It IdentityFile |
| 637 | .It IdentitiesOnly | ||
| 637 | .It LocalForward | 638 | .It LocalForward |
| 638 | .It LogLevel | 639 | .It LogLevel |
| 639 | .It MACs | 640 | .It MACs |
diff --git a/ssh_config.5 b/ssh_config.5 index 210da059b..05581ece4 100644 --- a/ssh_config.5 +++ b/ssh_config.5 | |||
| @@ -34,7 +34,7 @@ | |||
| 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
| 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 36 | .\" | 36 | .\" |
| 37 | .\" $OpenBSD: ssh_config.5,v 1.28 2003/12/16 15:49:51 markus Exp $ | 37 | .\" $OpenBSD: ssh_config.5,v 1.29 2004/03/05 10:53:58 markus Exp $ |
| 38 | .Dd September 25, 1999 | 38 | .Dd September 25, 1999 |
| 39 | .Dt SSH_CONFIG 5 | 39 | .Dt SSH_CONFIG 5 |
| 40 | .Os | 40 | .Os |
| @@ -406,6 +406,24 @@ syntax to refer to a user's home directory. | |||
| 406 | It is possible to have | 406 | It is possible to have |
| 407 | multiple identity files specified in configuration files; all these | 407 | multiple identity files specified in configuration files; all these |
| 408 | identities will be tried in sequence. | 408 | identities will be tried in sequence. |
| 409 | .It Cm IdentitiesOnly | ||
| 410 | Specifies that | ||
| 411 | .Nm ssh | ||
| 412 | should only use the authentication identity files configured in the | ||
| 413 | .Nm | ||
| 414 | files, | ||
| 415 | even if the | ||
| 416 | .Nm ssh-agent | ||
| 417 | offers more identities. | ||
| 418 | The argument to this keyword must be | ||
| 419 | .Dq yes | ||
| 420 | or | ||
| 421 | .Dq no . | ||
| 422 | This option is intented for situations where | ||
| 423 | .Nm ssh-agent | ||
| 424 | offers many different identities. | ||
| 425 | The default is | ||
| 426 | .Dq no . | ||
| 409 | .It Cm LocalForward | 427 | .It Cm LocalForward |
| 410 | Specifies that a TCP/IP port on the local machine be forwarded over | 428 | Specifies that a TCP/IP port on the local machine be forwarded over |
| 411 | the secure channel to the specified host and port from the remote machine. | 429 | the secure channel to the specified host and port from the remote machine. |
diff --git a/sshconnect2.c b/sshconnect2.c index 3a218113c..c261dfd18 100644 --- a/sshconnect2.c +++ b/sshconnect2.c | |||
| @@ -23,7 +23,7 @@ | |||
| 23 | */ | 23 | */ |
| 24 | 24 | ||
| 25 | #include "includes.h" | 25 | #include "includes.h" |
| 26 | RCSID("$OpenBSD: sshconnect2.c,v 1.134 2004/01/19 21:25:15 markus Exp $"); | 26 | RCSID("$OpenBSD: sshconnect2.c,v 1.135 2004/03/05 10:53:58 markus Exp $"); |
| 27 | 27 | ||
| 28 | #include "openbsd-compat/sys-queue.h" | 28 | #include "openbsd-compat/sys-queue.h" |
| 29 | 29 | ||
| @@ -1044,7 +1044,7 @@ pubkey_prepare(Authctxt *authctxt) | |||
| 1044 | break; | 1044 | break; |
| 1045 | } | 1045 | } |
| 1046 | } | 1046 | } |
| 1047 | if (!found) { | 1047 | if (!found && !options.identities_only) { |
| 1048 | id = xmalloc(sizeof(*id)); | 1048 | id = xmalloc(sizeof(*id)); |
| 1049 | memset(id, 0, sizeof(*id)); | 1049 | memset(id, 0, sizeof(*id)); |
| 1050 | id->key = key; | 1050 | id->key = key; |