summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog5
-rw-r--r--readconf.c12
-rw-r--r--readconf.h3
-rw-r--r--scp.13
-rw-r--r--sftp.13
-rw-r--r--ssh.13
-rw-r--r--ssh_config.520
-rw-r--r--sshconnect2.c4
8 files changed, 43 insertions, 10 deletions
diff --git a/ChangeLog b/ChangeLog
index 4ad86f20..f9ea2e95 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -20,6 +20,9 @@
- djm@cvs.openbsd.org 2004/03/03 09:31:20
[sftp.c]
Fix initialisation of progress meter; ok markus@
+ - markus@cvs.openbsd.org 2004/03/05 10:53:58
+ [readconf.c readconf.h scp.1 sftp.1 ssh.1 ssh_config.5 sshconnect2.c]
+ add IdentitiesOnly; ok djm@, pb@
20040307
- (tim) [regress/login-timeout.sh] fix building outside of source tree.
@@ -880,4 +883,4 @@
- (djm) Trim deprecated options from INSTALL. Mention UsePAM
- (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
-$Id: ChangeLog,v 1.3282 2004/03/08 12:12:19 djm Exp $
+$Id: ChangeLog,v 1.3283 2004/03/08 12:12:36 djm Exp $
diff --git a/readconf.c b/readconf.c
index 2591e0db..ce0d1f75 100644
--- a/readconf.c
+++ b/readconf.c
@@ -12,7 +12,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: readconf.c,v 1.127 2003/12/16 15:49:51 markus Exp $");
+RCSID("$OpenBSD: readconf.c,v 1.128 2004/03/05 10:53:58 markus Exp $");
#include "ssh.h"
#include "xmalloc.h"
@@ -105,7 +105,7 @@ typedef enum {
oClearAllForwardings, oNoHostAuthenticationForLocalhost,
oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout,
oAddressFamily, oGssAuthentication, oGssDelegateCreds,
- oServerAliveInterval, oServerAliveCountMax,
+ oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly,
oDeprecated, oUnsupported
} OpCodes;
@@ -147,6 +147,7 @@ static struct {
{ "usersh", oDeprecated },
{ "identityfile", oIdentityFile },
{ "identityfile2", oIdentityFile }, /* alias */
+ { "identitiesonly", oIdentitiesOnly },
{ "hostname", oHostName },
{ "hostkeyalias", oHostKeyAlias },
{ "proxycommand", oProxyCommand },
@@ -736,6 +737,10 @@ parse_int:
intptr = &options->enable_ssh_keysign;
goto parse_flag;
+ case oIdentitiesOnly:
+ intptr = &options->identities_only;
+ goto parse_flag;
+
case oServerAliveInterval:
intptr = &options->server_alive_interval;
goto parse_time;
@@ -869,6 +874,7 @@ initialize_options(Options * options)
options->smartcard_device = NULL;
options->enable_ssh_keysign = - 1;
options->no_host_authentication_for_localhost = - 1;
+ options->identities_only = - 1;
options->rekey_limit = - 1;
options->verify_host_key_dns = -1;
options->server_alive_interval = -1;
@@ -981,6 +987,8 @@ fill_default_options(Options * options)
clear_forwardings(options);
if (options->no_host_authentication_for_localhost == - 1)
options->no_host_authentication_for_localhost = 0;
+ if (options->identities_only == -1)
+ options->identities_only = 0;
if (options->enable_ssh_keysign == -1)
options->enable_ssh_keysign = 0;
if (options->rekey_limit == -1)
diff --git a/readconf.h b/readconf.h
index 3f27af96..93d833ce 100644
--- a/readconf.h
+++ b/readconf.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.h,v 1.59 2003/12/16 15:49:51 markus Exp $ */
+/* $OpenBSD: readconf.h,v 1.60 2004/03/05 10:53:58 markus Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -100,6 +100,7 @@ typedef struct {
int enable_ssh_keysign;
int rekey_limit;
int no_host_authentication_for_localhost;
+ int identities_only;
int server_alive_interval;
int server_alive_count_max;
} Options;
diff --git a/scp.1 b/scp.1
index f5ca1e45..5a322112 100644
--- a/scp.1
+++ b/scp.1
@@ -9,7 +9,7 @@
.\"
.\" Created: Sun May 7 00:14:37 1995 ylo
.\"
-.\" $OpenBSD: scp.1,v 1.32 2003/12/16 15:49:51 markus Exp $
+.\" $OpenBSD: scp.1,v 1.33 2004/03/05 10:53:58 markus Exp $
.\"
.Dd September 25, 1999
.Dt SCP 1
@@ -137,6 +137,7 @@ For full details of the options listed below, and their possible values, see
.It HostKeyAlias
.It HostName
.It IdentityFile
+.It IdentitiesOnly
.It LogLevel
.It MACs
.It NoHostAuthenticationForLocalhost
diff --git a/sftp.1 b/sftp.1
index 2a67a888..b2cab0cd 100644
--- a/sftp.1
+++ b/sftp.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: sftp.1,v 1.51 2004/01/13 12:17:33 jmc Exp $
+.\" $OpenBSD: sftp.1,v 1.52 2004/03/05 10:53:58 markus Exp $
.\"
.\" Copyright (c) 2001 Damien Miller. All rights reserved.
.\"
@@ -163,6 +163,7 @@ For full details of the options listed below, and their possible values, see
.It HostKeyAlias
.It HostName
.It IdentityFile
+.It IdentitiesOnly
.It LogLevel
.It MACs
.It NoHostAuthenticationForLocalhost
diff --git a/ssh.1 b/ssh.1
index e2cd5d34..31eb66c9 100644
--- a/ssh.1
+++ b/ssh.1
@@ -34,7 +34,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: ssh.1,v 1.181 2003/12/16 15:49:51 markus Exp $
+.\" $OpenBSD: ssh.1,v 1.182 2004/03/05 10:53:58 markus Exp $
.Dd September 25, 1999
.Dt SSH 1
.Os
@@ -634,6 +634,7 @@ For full details of the options listed below, and their possible values, see
.It HostKeyAlias
.It HostName
.It IdentityFile
+.It IdentitiesOnly
.It LocalForward
.It LogLevel
.It MACs
diff --git a/ssh_config.5 b/ssh_config.5
index 210da059..05581ece 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -34,7 +34,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: ssh_config.5,v 1.28 2003/12/16 15:49:51 markus Exp $
+.\" $OpenBSD: ssh_config.5,v 1.29 2004/03/05 10:53:58 markus Exp $
.Dd September 25, 1999
.Dt SSH_CONFIG 5
.Os
@@ -406,6 +406,24 @@ syntax to refer to a user's home directory.
It is possible to have
multiple identity files specified in configuration files; all these
identities will be tried in sequence.
+.It Cm IdentitiesOnly
+Specifies that
+.Nm ssh
+should only use the authentication identity files configured in the
+.Nm
+files,
+even if the
+.Nm ssh-agent
+offers more identities.
+The argument to this keyword must be
+.Dq yes
+or
+.Dq no .
+This option is intented for situations where
+.Nm ssh-agent
+offers many different identities.
+The default is
+.Dq no .
.It Cm LocalForward
Specifies that a TCP/IP port on the local machine be forwarded over
the secure channel to the specified host and port from the remote machine.
diff --git a/sshconnect2.c b/sshconnect2.c
index 3a218113..c261dfd1 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -23,7 +23,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: sshconnect2.c,v 1.134 2004/01/19 21:25:15 markus Exp $");
+RCSID("$OpenBSD: sshconnect2.c,v 1.135 2004/03/05 10:53:58 markus Exp $");
#include "openbsd-compat/sys-queue.h"
@@ -1044,7 +1044,7 @@ pubkey_prepare(Authctxt *authctxt)
break;
}
}
- if (!found) {
+ if (!found && !options.identities_only) {
id = xmalloc(sizeof(*id));
memset(id, 0, sizeof(*id));
id->key = key;