mirror of git://anongit.mindrot.org/openssh.git
- markus@cvs.openbsd.org 2001/10/01 21:51:16
[readconf.c readconf.h ssh.1 sshconnect.c]
add NoHostAuthenticationForLocalhost; note that the hostkey is
now check for localhost, too.
This commit is contained in:
Ben Lindstrom
parent
908afed17f
commit
3cecc9a41f
|
|
@ -27,6 +27,10 @@
|
|||
- markus@cvs.openbsd.org 2001/10/01 21:38:53
|
||||
[channels.c channels.h ssh.c sshd.c]
|
||||
remove ugliness; vp@drexel.edu via angelos
|
||||
- markus@cvs.openbsd.org 2001/10/01 21:51:16
|
||||
[readconf.c readconf.h ssh.1 sshconnect.c]
|
||||
add NoHostAuthenticationForLocalhost; note that the hostkey is
|
||||
now check for localhost, too.
|
||||
|
||||
20011001
|
||||
- (stevesk) loginrec.c: fix type conversion problems exposed when using
|
||||
|
|
@ -6619,4 +6623,4 @@
|
|||
- Wrote replacements for strlcpy and mkdtemp
|
||||
- Released 1.0pre1
|
||||
|
||||
$Id: ChangeLog,v 1.1577 2001/10/03 17:34:59 mouring Exp $
|
||||
$Id: ChangeLog,v 1.1578 2001/10/03 17:39:38 mouring Exp $
|
||||
|
|
|
|||
12
readconf.c
12
readconf.c
|
|
@ -12,7 +12,7 @@
|
|||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: readconf.c,v 1.90 2001/09/19 19:24:18 stevesk Exp $");
|
||||
RCSID("$OpenBSD: readconf.c,v 1.91 2001/10/01 21:51:16 markus Exp $");
|
||||
|
||||
#include "ssh.h"
|
||||
#include "xmalloc.h"
|
||||
|
|
@ -115,7 +115,7 @@ typedef enum {
|
|||
oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias,
|
||||
oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,
|
||||
oHostKeyAlgorithms, oBindAddress, oSmartcardDevice,
|
||||
oClearAllForwardings
|
||||
oClearAllForwardings, oNoHostAuthenticationForLocalhost
|
||||
} OpCodes;
|
||||
|
||||
/* Textual representations of the tokens. */
|
||||
|
|
@ -186,6 +186,7 @@ static struct {
|
|||
{ "bindaddress", oBindAddress },
|
||||
{ "smartcarddevice", oSmartcardDevice },
|
||||
{ "clearallforwardings", oClearAllForwardings },
|
||||
{ "nohostauthenticationforlocalhost", oNoHostAuthenticationForLocalhost },
|
||||
{ NULL, 0 }
|
||||
};
|
||||
|
||||
|
|
@ -415,6 +416,10 @@ parse_flag:
|
|||
intptr = &options->keepalives;
|
||||
goto parse_flag;
|
||||
|
||||
case oNoHostAuthenticationForLocalhost:
|
||||
intptr = &options->no_host_authentication_for_localhost;
|
||||
goto parse_flag;
|
||||
|
||||
case oNumberOfPasswordPrompts:
|
||||
intptr = &options->number_of_password_prompts;
|
||||
goto parse_int;
|
||||
|
|
@ -793,6 +798,7 @@ initialize_options(Options * options)
|
|||
options->preferred_authentications = NULL;
|
||||
options->bind_address = NULL;
|
||||
options->smartcard_device = NULL;
|
||||
options->no_host_authentication_for_localhost = - 1;
|
||||
}
|
||||
|
||||
/*
|
||||
|
|
@ -911,6 +917,8 @@ fill_default_options(Options * options)
|
|||
options->log_level = SYSLOG_LEVEL_INFO;
|
||||
if (options->clear_forwardings == 1)
|
||||
clear_forwardings(options);
|
||||
if (options->no_host_authentication_for_localhost == - 1)
|
||||
options->no_host_authentication_for_localhost = 0;
|
||||
/* options->proxy_command should not be set by default */
|
||||
/* options->user will be set in the main program if appropriate */
|
||||
/* options->hostname will be set in the main program if appropriate */
|
||||
|
|
|
|||
|
|
@ -11,7 +11,7 @@
|
|||
* called by a name other than "ssh" or "Secure Shell".
|
||||
*/
|
||||
|
||||
/* RCSID("$OpenBSD: readconf.h,v 1.39 2001/09/19 19:24:18 stevesk Exp $"); */
|
||||
/* RCSID("$OpenBSD: readconf.h,v 1.40 2001/10/01 21:51:16 markus Exp $"); */
|
||||
|
||||
#ifndef READCONF_H
|
||||
#define READCONF_H
|
||||
|
|
@ -101,6 +101,7 @@ typedef struct {
|
|||
int num_remote_forwards;
|
||||
Forward remote_forwards[SSH_MAX_FORWARDS_PER_DIRECTION];
|
||||
int clear_forwardings;
|
||||
int no_host_authentication_for_localhost;
|
||||
} Options;
|
||||
|
||||
|
||||
|
|
|
|||
12
ssh.1
12
ssh.1
|
|
@ -34,7 +34,7 @@
|
|||
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $OpenBSD: ssh.1,v 1.138 2001/09/19 19:24:19 stevesk Exp $
|
||||
.\" $OpenBSD: ssh.1,v 1.139 2001/10/01 21:51:16 markus Exp $
|
||||
.Dd September 25, 1999
|
||||
.Dt SSH 1
|
||||
.Os
|
||||
|
|
@ -981,6 +981,16 @@ for data integrity protection.
|
|||
Multiple algorithms must be comma-separated.
|
||||
The default is
|
||||
.Dq hmac-md5,hmac-sha1,hmac-ripemd160,hmac-sha1-96,hmac-md5-96 .
|
||||
.It Cm NoHostAuthenticationForLocalhost
|
||||
This option can be used if the home directory is shared across machines.
|
||||
In this case localhost will refer to a different machine on each of
|
||||
the machines and the user will get many warnings about changed host keys.
|
||||
However, this option disables host authentication for localhost.
|
||||
The argument to this keyword must be
|
||||
.Dq yes
|
||||
or
|
||||
.Dq no .
|
||||
The default is to check the host key for localhost.
|
||||
.It Cm NumberOfPasswordPrompts
|
||||
Specifies the number of password prompts before giving up.
|
||||
The argument to this keyword must be an integer.
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@
|
|||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: sshconnect.c,v 1.110 2001/07/25 14:35:18 markus Exp $");
|
||||
RCSID("$OpenBSD: sshconnect.c,v 1.111 2001/10/01 21:51:16 markus Exp $");
|
||||
|
||||
#include <openssl/bn.h>
|
||||
|
||||
|
|
@ -587,7 +587,8 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
|
|||
salen = sizeof(struct sockaddr_storage);
|
||||
break;
|
||||
}
|
||||
if (local && options.host_key_alias == NULL) {
|
||||
if (options.no_host_authentication_for_localhost == 1 && local &&
|
||||
options.host_key_alias == NULL) {
|
||||
debug("Forcing accepting of host key for "
|
||||
"loopback/localhost.");
|
||||
return 0;
|
||||
|
|
|
|||
Loading…
Reference in New Issue