Commit bd394c32 authored by Damien Miller's avatar Damien Miller

- markus@cvs.openbsd.org 2004/03/05 10:53:58

     [readconf.c readconf.h scp.1 sftp.1 ssh.1 ssh_config.5 sshconnect2.c]
     add IdentitiesOnly; ok djm@, pb@
parent c0f27d87
......@@ -20,6 +20,9 @@
- djm@cvs.openbsd.org 2004/03/03 09:31:20
[sftp.c]
Fix initialisation of progress meter; ok markus@
- markus@cvs.openbsd.org 2004/03/05 10:53:58
[readconf.c readconf.h scp.1 sftp.1 ssh.1 ssh_config.5 sshconnect2.c]
add IdentitiesOnly; ok djm@, pb@
20040307
- (tim) [regress/login-timeout.sh] fix building outside of source tree.
......@@ -880,4 +883,4 @@
- (djm) Trim deprecated options from INSTALL. Mention UsePAM
- (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
$Id: ChangeLog,v 1.3282 2004/03/08 12:12:19 djm Exp $
$Id: ChangeLog,v 1.3283 2004/03/08 12:12:36 djm Exp $
......@@ -12,7 +12,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: readconf.c,v 1.127 2003/12/16 15:49:51 markus Exp $");
RCSID("$OpenBSD: readconf.c,v 1.128 2004/03/05 10:53:58 markus Exp $");
#include "ssh.h"
#include "xmalloc.h"
......@@ -105,7 +105,7 @@ typedef enum {
oClearAllForwardings, oNoHostAuthenticationForLocalhost,
oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout,
oAddressFamily, oGssAuthentication, oGssDelegateCreds,
oServerAliveInterval, oServerAliveCountMax,
oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly,
oDeprecated, oUnsupported
} OpCodes;
......@@ -147,6 +147,7 @@ static struct {
{ "usersh", oDeprecated },
{ "identityfile", oIdentityFile },
{ "identityfile2", oIdentityFile }, /* alias */
{ "identitiesonly", oIdentitiesOnly },
{ "hostname", oHostName },
{ "hostkeyalias", oHostKeyAlias },
{ "proxycommand", oProxyCommand },
......@@ -736,6 +737,10 @@ parse_int:
intptr = &options->enable_ssh_keysign;
goto parse_flag;
case oIdentitiesOnly:
intptr = &options->identities_only;
goto parse_flag;
case oServerAliveInterval:
intptr = &options->server_alive_interval;
goto parse_time;
......@@ -869,6 +874,7 @@ initialize_options(Options * options)
options->smartcard_device = NULL;
options->enable_ssh_keysign = - 1;
options->no_host_authentication_for_localhost = - 1;
options->identities_only = - 1;
options->rekey_limit = - 1;
options->verify_host_key_dns = -1;
options->server_alive_interval = -1;
......@@ -981,6 +987,8 @@ fill_default_options(Options * options)
clear_forwardings(options);
if (options->no_host_authentication_for_localhost == - 1)
options->no_host_authentication_for_localhost = 0;
if (options->identities_only == -1)
options->identities_only = 0;
if (options->enable_ssh_keysign == -1)
options->enable_ssh_keysign = 0;
if (options->rekey_limit == -1)
......
/* $OpenBSD: readconf.h,v 1.59 2003/12/16 15:49:51 markus Exp $ */
/* $OpenBSD: readconf.h,v 1.60 2004/03/05 10:53:58 markus Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
......@@ -100,6 +100,7 @@ typedef struct {
int enable_ssh_keysign;
int rekey_limit;
int no_host_authentication_for_localhost;
int identities_only;
int server_alive_interval;
int server_alive_count_max;
} Options;
......
......@@ -9,7 +9,7 @@
.\"
.\" Created: Sun May 7 00:14:37 1995 ylo
.\"
.\" $OpenBSD: scp.1,v 1.32 2003/12/16 15:49:51 markus Exp $
.\" $OpenBSD: scp.1,v 1.33 2004/03/05 10:53:58 markus Exp $
.\"
.Dd September 25, 1999
.Dt SCP 1
......@@ -137,6 +137,7 @@ For full details of the options listed below, and their possible values, see
.It HostKeyAlias
.It HostName
.It IdentityFile
.It IdentitiesOnly
.It LogLevel
.It MACs
.It NoHostAuthenticationForLocalhost
......
.\" $OpenBSD: sftp.1,v 1.51 2004/01/13 12:17:33 jmc Exp $
.\" $OpenBSD: sftp.1,v 1.52 2004/03/05 10:53:58 markus Exp $
.\"
.\" Copyright (c) 2001 Damien Miller. All rights reserved.
.\"
......@@ -163,6 +163,7 @@ For full details of the options listed below, and their possible values, see
.It HostKeyAlias
.It HostName
.It IdentityFile
.It IdentitiesOnly
.It LogLevel
.It MACs
.It NoHostAuthenticationForLocalhost
......
......@@ -34,7 +34,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" $OpenBSD: ssh.1,v 1.181 2003/12/16 15:49:51 markus Exp $
.\" $OpenBSD: ssh.1,v 1.182 2004/03/05 10:53:58 markus Exp $
.Dd September 25, 1999
.Dt SSH 1
.Os
......@@ -634,6 +634,7 @@ For full details of the options listed below, and their possible values, see
.It HostKeyAlias
.It HostName
.It IdentityFile
.It IdentitiesOnly
.It LocalForward
.It LogLevel
.It MACs
......
......@@ -34,7 +34,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" $OpenBSD: ssh_config.5,v 1.28 2003/12/16 15:49:51 markus Exp $
.\" $OpenBSD: ssh_config.5,v 1.29 2004/03/05 10:53:58 markus Exp $
.Dd September 25, 1999
.Dt SSH_CONFIG 5
.Os
......@@ -406,6 +406,24 @@ syntax to refer to a user's home directory.
It is possible to have
multiple identity files specified in configuration files; all these
identities will be tried in sequence.
.It Cm IdentitiesOnly
Specifies that
.Nm ssh
should only use the authentication identity files configured in the
.Nm
files,
even if the
.Nm ssh-agent
offers more identities.
The argument to this keyword must be
.Dq yes
or
.Dq no .
This option is intented for situations where
.Nm ssh-agent
offers many different identities.
The default is
.Dq no .
.It Cm LocalForward
Specifies that a TCP/IP port on the local machine be forwarded over
the secure channel to the specified host and port from the remote machine.
......
......@@ -23,7 +23,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: sshconnect2.c,v 1.134 2004/01/19 21:25:15 markus Exp $");
RCSID("$OpenBSD: sshconnect2.c,v 1.135 2004/03/05 10:53:58 markus Exp $");
#include "openbsd-compat/sys-queue.h"
......@@ -1044,7 +1044,7 @@ pubkey_prepare(Authctxt *authctxt)
break;
}
}
if (!found) {
if (!found && !options.identities_only) {
id = xmalloc(sizeof(*id));
memset(id, 0, sizeof(*id));
id->key = key;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment