From 7fc2373f17b9a06e4ba43a7178ae6b5dbebe80e8 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 22 Jan 2002 23:19:11 +1100 Subject: [PATCH] - stevesk@cvs.openbsd.org 2002/01/04 18:14:16 [servconf.c sshd.8] protocol 2 HostKey code default is now /etc/ssh_host_rsa_key and /etc/ssh_host_dsa_key like we have in sshd_config. ok markus@ --- ChangeLog | 6 +++++- servconf.c | 13 +++++++++---- sshd.8 | 26 +++++++++++++++++++------- 3 files changed, 33 insertions(+), 12 deletions(-) diff --git a/ChangeLog b/ChangeLog index e577b52bd..4697dfa34 100644 --- a/ChangeLog +++ b/ChangeLog @@ -88,6 +88,10 @@ - stevesk@cvs.openbsd.org 2002/01/04 17:59:17 [readconf.c servconf.c] remove #ifdef _PATH_XAUTH/#endif; ok markus@ + - stevesk@cvs.openbsd.org 2002/01/04 18:14:16 + [servconf.c sshd.8] + protocol 2 HostKey code default is now /etc/ssh_host_rsa_key and + /etc/ssh_host_dsa_key like we have in sshd_config. ok markus@ 20020121 @@ -7236,4 +7240,4 @@ - Wrote replacements for strlcpy and mkdtemp - Released 1.0pre1 -$Id: ChangeLog,v 1.1748 2002/01/22 12:18:49 djm Exp $ +$Id: ChangeLog,v 1.1749 2002/01/22 12:19:11 djm Exp $ diff --git a/servconf.c b/servconf.c index e772cd46b..445d2da79 100644 --- a/servconf.c +++ b/servconf.c @@ -10,7 +10,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: servconf.c,v 1.96 2002/01/04 17:59:17 stevesk Exp $"); +RCSID("$OpenBSD: servconf.c,v 1.97 2002/01/04 18:14:16 stevesk Exp $"); #if defined(KRB4) || defined(KRB5) #include @@ -124,9 +124,14 @@ fill_default_server_options(ServerOptions *options) if (options->num_host_key_files == 0) { /* fill default hostkeys for protocols */ if (options->protocol & SSH_PROTO_1) - options->host_key_files[options->num_host_key_files++] = _PATH_HOST_KEY_FILE; - if (options->protocol & SSH_PROTO_2) - options->host_key_files[options->num_host_key_files++] = _PATH_HOST_DSA_KEY_FILE; + options->host_key_files[options->num_host_key_files++] = + _PATH_HOST_KEY_FILE; + if (options->protocol & SSH_PROTO_2) { + options->host_key_files[options->num_host_key_files++] = + _PATH_HOST_RSA_KEY_FILE; + options->host_key_files[options->num_host_key_files++] = + _PATH_HOST_DSA_KEY_FILE; + } } if (options->num_ports == 0) options->ports[options->num_ports++] = SSH_DEFAULT_PORT; diff --git a/sshd.8 b/sshd.8 index d6b924771..d2fa27612 100644 --- a/sshd.8 +++ b/sshd.8 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.159 2001/12/28 22:37:48 stevesk Exp $ +.\" $OpenBSD: sshd.8,v 1.160 2002/01/04 18:14:16 stevesk Exp $ .Dd September 25, 1999 .Dt SSHD 8 .Os @@ -208,12 +208,18 @@ If the client fails to authenticate the user within this many seconds, the server disconnects and exits. A value of zero indicates no limit. .It Fl h Ar host_key_file -Specifies the file from which the host key is read (default -.Pa /etc/ssh_host_key ) . +Specifies a file from which a host key is read. This option must be given if .Nm is not run as root (as the normal -host file is normally not readable by anyone but root). +host key files are normally not readable by anyone but root). +The default is +.Pa /etc/ssh_host_key +for protocol version 1, and +.Pa /etc/ssh_host_rsa_key +and +.Pa /etc/ssh_host_dsa_key +for protocol version 2. It is possible to have multiple host key files for the different protocol versions and host key algorithms. .It Fl i @@ -475,9 +481,15 @@ and applies to protocol version 2 only. The default is .Dq no . .It Cm HostKey -Specifies the file containing the private host keys (default -.Pa /etc/ssh_host_key ) -used by SSH protocol versions 1 and 2. +Specifies a file containing a private host key +used by SSH. +The default is +.Pa /etc/ssh_host_key +for protocol version 1, and +.Pa /etc/ssh_host_rsa_key +and +.Pa /etc/ssh_host_dsa_key +for protocol version 2. Note that .Nm will refuse to use a file if it is group/world-accessible.