From bd394c329b2356cc29fe76cc02ff1c63d3e8cd3c Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 8 Mar 2004 23:12:36 +1100 Subject: - markus@cvs.openbsd.org 2004/03/05 10:53:58 [readconf.c readconf.h scp.1 sftp.1 ssh.1 ssh_config.5 sshconnect2.c] add IdentitiesOnly; ok djm@, pb@ --- ChangeLog | 5 ++++- readconf.c | 12 ++++++++++-- readconf.h | 3 ++- scp.1 | 3 ++- sftp.1 | 3 ++- ssh.1 | 3 ++- ssh_config.5 | 20 +++++++++++++++++++- sshconnect2.c | 4 ++-- 8 files changed, 43 insertions(+), 10 deletions(-) diff --git a/ChangeLog b/ChangeLog index 4ad86f200..f9ea2e959 100644 --- a/ChangeLog +++ b/ChangeLog @@ -20,6 +20,9 @@ - djm@cvs.openbsd.org 2004/03/03 09:31:20 [sftp.c] Fix initialisation of progress meter; ok markus@ + - markus@cvs.openbsd.org 2004/03/05 10:53:58 + [readconf.c readconf.h scp.1 sftp.1 ssh.1 ssh_config.5 sshconnect2.c] + add IdentitiesOnly; ok djm@, pb@ 20040307 - (tim) [regress/login-timeout.sh] fix building outside of source tree. @@ -880,4 +883,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3282 2004/03/08 12:12:19 djm Exp $ +$Id: ChangeLog,v 1.3283 2004/03/08 12:12:36 djm Exp $ diff --git a/readconf.c b/readconf.c index 2591e0dba..ce0d1f753 100644 --- a/readconf.c +++ b/readconf.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: readconf.c,v 1.127 2003/12/16 15:49:51 markus Exp $"); +RCSID("$OpenBSD: readconf.c,v 1.128 2004/03/05 10:53:58 markus Exp $"); #include "ssh.h" #include "xmalloc.h" @@ -105,7 +105,7 @@ typedef enum { oClearAllForwardings, oNoHostAuthenticationForLocalhost, oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout, oAddressFamily, oGssAuthentication, oGssDelegateCreds, - oServerAliveInterval, oServerAliveCountMax, + oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, oDeprecated, oUnsupported } OpCodes; @@ -147,6 +147,7 @@ static struct { { "usersh", oDeprecated }, { "identityfile", oIdentityFile }, { "identityfile2", oIdentityFile }, /* alias */ + { "identitiesonly", oIdentitiesOnly }, { "hostname", oHostName }, { "hostkeyalias", oHostKeyAlias }, { "proxycommand", oProxyCommand }, @@ -736,6 +737,10 @@ parse_int: intptr = &options->enable_ssh_keysign; goto parse_flag; + case oIdentitiesOnly: + intptr = &options->identities_only; + goto parse_flag; + case oServerAliveInterval: intptr = &options->server_alive_interval; goto parse_time; @@ -869,6 +874,7 @@ initialize_options(Options * options) options->smartcard_device = NULL; options->enable_ssh_keysign = - 1; options->no_host_authentication_for_localhost = - 1; + options->identities_only = - 1; options->rekey_limit = - 1; options->verify_host_key_dns = -1; options->server_alive_interval = -1; @@ -981,6 +987,8 @@ fill_default_options(Options * options) clear_forwardings(options); if (options->no_host_authentication_for_localhost == - 1) options->no_host_authentication_for_localhost = 0; + if (options->identities_only == -1) + options->identities_only = 0; if (options->enable_ssh_keysign == -1) options->enable_ssh_keysign = 0; if (options->rekey_limit == -1) diff --git a/readconf.h b/readconf.h index 3f27af961..93d833cee 100644 --- a/readconf.h +++ b/readconf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.h,v 1.59 2003/12/16 15:49:51 markus Exp $ */ +/* $OpenBSD: readconf.h,v 1.60 2004/03/05 10:53:58 markus Exp $ */ /* * Author: Tatu Ylonen @@ -100,6 +100,7 @@ typedef struct { int enable_ssh_keysign; int rekey_limit; int no_host_authentication_for_localhost; + int identities_only; int server_alive_interval; int server_alive_count_max; } Options; diff --git a/scp.1 b/scp.1 index f5ca1e45a..5a3221127 100644 --- a/scp.1 +++ b/scp.1 @@ -9,7 +9,7 @@ .\" .\" Created: Sun May 7 00:14:37 1995 ylo .\" -.\" $OpenBSD: scp.1,v 1.32 2003/12/16 15:49:51 markus Exp $ +.\" $OpenBSD: scp.1,v 1.33 2004/03/05 10:53:58 markus Exp $ .\" .Dd September 25, 1999 .Dt SCP 1 @@ -137,6 +137,7 @@ For full details of the options listed below, and their possible values, see .It HostKeyAlias .It HostName .It IdentityFile +.It IdentitiesOnly .It LogLevel .It MACs .It NoHostAuthenticationForLocalhost diff --git a/sftp.1 b/sftp.1 index 2a67a888e..b2cab0cda 100644 --- a/sftp.1 +++ b/sftp.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: sftp.1,v 1.51 2004/01/13 12:17:33 jmc Exp $ +.\" $OpenBSD: sftp.1,v 1.52 2004/03/05 10:53:58 markus Exp $ .\" .\" Copyright (c) 2001 Damien Miller. All rights reserved. .\" @@ -163,6 +163,7 @@ For full details of the options listed below, and their possible values, see .It HostKeyAlias .It HostName .It IdentityFile +.It IdentitiesOnly .It LogLevel .It MACs .It NoHostAuthenticationForLocalhost diff --git a/ssh.1 b/ssh.1 index e2cd5d343..31eb66c97 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.181 2003/12/16 15:49:51 markus Exp $ +.\" $OpenBSD: ssh.1,v 1.182 2004/03/05 10:53:58 markus Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -634,6 +634,7 @@ For full details of the options listed below, and their possible values, see .It HostKeyAlias .It HostName .It IdentityFile +.It IdentitiesOnly .It LocalForward .It LogLevel .It MACs diff --git a/ssh_config.5 b/ssh_config.5 index 210da059b..05581ece4 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.28 2003/12/16 15:49:51 markus Exp $ +.\" $OpenBSD: ssh_config.5,v 1.29 2004/03/05 10:53:58 markus Exp $ .Dd September 25, 1999 .Dt SSH_CONFIG 5 .Os @@ -406,6 +406,24 @@ syntax to refer to a user's home directory. It is possible to have multiple identity files specified in configuration files; all these identities will be tried in sequence. +.It Cm IdentitiesOnly +Specifies that +.Nm ssh +should only use the authentication identity files configured in the +.Nm +files, +even if the +.Nm ssh-agent +offers more identities. +The argument to this keyword must be +.Dq yes +or +.Dq no . +This option is intented for situations where +.Nm ssh-agent +offers many different identities. +The default is +.Dq no . .It Cm LocalForward Specifies that a TCP/IP port on the local machine be forwarded over the secure channel to the specified host and port from the remote machine. diff --git a/sshconnect2.c b/sshconnect2.c index 3a218113c..c261dfd18 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect2.c,v 1.134 2004/01/19 21:25:15 markus Exp $"); +RCSID("$OpenBSD: sshconnect2.c,v 1.135 2004/03/05 10:53:58 markus Exp $"); #include "openbsd-compat/sys-queue.h" @@ -1044,7 +1044,7 @@ pubkey_prepare(Authctxt *authctxt) break; } } - if (!found) { + if (!found && !options.identities_only) { id = xmalloc(sizeof(*id)); memset(id, 0, sizeof(*id)); id->key = key; -- cgit v1.2.3