- grunk@cvs.openbsd.org 2008/06/11 21:01:35
[ssh_config.5 key.h readconf.c readconf.h ssh-keygen.1 ssh-keygen.c key.c
sshconnect.c]
Introduce SSH Fingerprint ASCII Visualization, a technique inspired by the
graphical hash visualization schemes known as "random art", and by
Dan Kaminsky's musings on the subject during a BlackOp talk at the
23C3 in Berlin.
Scientific publication (original paper):
"Hash Visualization: a New Technique to improve Real-World Security",
Perrig A. and Song D., 1999, International Workshop on Cryptographic
Techniques and E-Commerce (CrypTEC '99)
http://sparrow.ece.cmu.edu/~adrian/projects/validation/validation.pdf
The algorithm used here is a worm crawling over a discrete plane,
leaving a trace (augmenting the field) everywhere it goes.
Movement is taken from dgst_raw 2bit-wise. Bumping into walls
makes the respective movement vector be ignored for this turn,
thus switching to the other color of the chessboard.
Graphs are not unambiguous for now, because circles in graphs can be
walked in either direction.
discussions with several people,
help, corrections and ok markus@ djm@
2008-06-12 20:40:35 +02:00
|
|
|
/* $OpenBSD: readconf.h,v 1.73 2008/06/11 21:01:35 grunk Exp $ */
|
2002-03-05 02:53:02 +01:00
|
|
|
|
1999-10-27 05:42:43 +02:00
|
|
|
/*
|
1999-11-24 14:26:21 +01:00
|
|
|
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
|
|
|
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
|
|
|
* All rights reserved
|
|
|
|
* Functions for reading the configuration file.
|
2000-04-16 03:18:38 +02:00
|
|
|
*
|
2000-09-16 04:29:08 +02:00
|
|
|
* As far as I am concerned, the code I have written for this software
|
|
|
|
* can be used freely for any purpose. Any derived versions of this
|
|
|
|
* software must be clearly marked as such, and if the derived work is
|
|
|
|
* incompatible with the protocol description in the RFC file, it must be
|
|
|
|
* called by a name other than "ssh" or "Secure Shell".
|
1999-11-24 14:26:21 +01:00
|
|
|
*/
|
|
|
|
|
1999-10-27 05:42:43 +02:00
|
|
|
#ifndef READCONF_H
|
|
|
|
#define READCONF_H
|
|
|
|
|
|
|
|
/* Data structure for representing a forwarding request. */
|
|
|
|
|
1999-11-24 14:26:21 +01:00
|
|
|
typedef struct {
|
2005-03-01 11:24:33 +01:00
|
|
|
char *listen_host; /* Host (address) to listen on. */
|
|
|
|
u_short listen_port; /* Port to forward. */
|
|
|
|
char *connect_host; /* Host to connect. */
|
|
|
|
u_short connect_port; /* Port to connect on connect_host. */
|
1999-11-24 14:26:21 +01:00
|
|
|
} Forward;
|
1999-10-27 05:42:43 +02:00
|
|
|
/* Data structure for representing option data. */
|
|
|
|
|
2004-05-02 14:11:30 +02:00
|
|
|
#define MAX_SEND_ENV 256
|
|
|
|
|
1999-11-24 14:26:21 +01:00
|
|
|
typedef struct {
|
|
|
|
int forward_agent; /* Forward authentication agent. */
|
|
|
|
int forward_x11; /* Forward X11 display. */
|
2003-10-15 07:54:32 +02:00
|
|
|
int forward_x11_trusted; /* Trust Forward X11 display. */
|
2006-07-12 14:17:10 +02:00
|
|
|
int exit_on_forward_failure; /* Exit if bind(2) fails for -L/-R */
|
2000-06-07 11:55:44 +02:00
|
|
|
char *xauth_location; /* Location for xauth program */
|
1999-11-24 14:26:21 +01:00
|
|
|
int gateway_ports; /* Allow remote connects to forwarded ports. */
|
|
|
|
int use_privileged_port; /* Don't use privileged port if false. */
|
|
|
|
int rhosts_rsa_authentication; /* Try rhosts with RSA
|
|
|
|
* authentication. */
|
|
|
|
int rsa_authentication; /* Try RSA authentication. */
|
2000-11-13 12:57:25 +01:00
|
|
|
int pubkey_authentication; /* Try ssh2 pubkey authentication. */
|
2001-04-13 01:34:34 +02:00
|
|
|
int hostbased_authentication; /* ssh2's rhosts_rsa */
|
2001-06-05 20:56:16 +02:00
|
|
|
int challenge_response_authentication;
|
2001-01-23 04:12:10 +01:00
|
|
|
/* Try S/Key or TIS, authentication. */
|
2003-08-26 03:49:55 +02:00
|
|
|
int gss_authentication; /* Try GSS authentication */
|
|
|
|
int gss_deleg_creds; /* Delegate GSS credentials */
|
1999-11-24 14:26:21 +01:00
|
|
|
int password_authentication; /* Try password
|
|
|
|
* authentication. */
|
2000-10-14 07:23:11 +02:00
|
|
|
int kbd_interactive_authentication; /* Try keyboard-interactive auth. */
|
|
|
|
char *kbd_interactive_devices; /* Keyboard-interactive auth devices. */
|
1999-11-24 14:26:21 +01:00
|
|
|
int batch_mode; /* Batch mode: do not ask for passwords. */
|
|
|
|
int check_host_ip; /* Also keep track of keys for IP address */
|
|
|
|
int strict_host_key_checking; /* Strict host key checking. */
|
|
|
|
int compression; /* Compress packets in both directions. */
|
|
|
|
int compression_level; /* Compression level 1 (fast) to 9
|
|
|
|
* (best). */
|
2003-12-17 06:31:10 +01:00
|
|
|
int tcp_keep_alive; /* Set SO_KEEPALIVE. */
|
1999-11-24 14:26:21 +01:00
|
|
|
LogLevel log_level; /* Level for logging. */
|
|
|
|
|
|
|
|
int port; /* Port to connect. */
|
2003-07-03 12:37:47 +02:00
|
|
|
int address_family;
|
1999-11-24 14:26:21 +01:00
|
|
|
int connection_attempts; /* Max attempts (seconds) before
|
|
|
|
* giving up */
|
2003-05-16 03:39:04 +02:00
|
|
|
int connection_timeout; /* Max time (seconds) before
|
2003-11-21 13:48:55 +01:00
|
|
|
* aborting connection attempt */
|
1999-11-24 14:26:21 +01:00
|
|
|
int number_of_password_prompts; /* Max number of password
|
|
|
|
* prompts. */
|
|
|
|
int cipher; /* Cipher to use. */
|
2000-05-09 03:02:59 +02:00
|
|
|
char *ciphers; /* SSH2 ciphers in order of preference. */
|
2001-02-15 04:01:59 +01:00
|
|
|
char *macs; /* SSH2 macs in order of preference. */
|
2001-04-17 20:11:36 +02:00
|
|
|
char *hostkeyalgorithms; /* SSH2 server key types in order of preference. */
|
2000-04-12 12:17:38 +02:00
|
|
|
int protocol; /* Protocol in order of preference. */
|
1999-11-24 14:26:21 +01:00
|
|
|
char *hostname; /* Real host to connect. */
|
2000-12-28 17:40:05 +01:00
|
|
|
char *host_key_alias; /* hostname alias for .ssh/known_hosts */
|
1999-11-24 14:26:21 +01:00
|
|
|
char *proxy_command; /* Proxy command for connecting the host. */
|
|
|
|
char *user; /* User to log in as. */
|
|
|
|
int escape_char; /* Escape character; -2 = none */
|
|
|
|
|
2002-02-10 08:32:55 +01:00
|
|
|
char *system_hostfile;/* Path for /etc/ssh/ssh_known_hosts. */
|
1999-11-24 14:26:21 +01:00
|
|
|
char *user_hostfile; /* Path for $HOME/.ssh/known_hosts. */
|
2000-04-29 15:57:08 +02:00
|
|
|
char *system_hostfile2;
|
|
|
|
char *user_hostfile2;
|
2001-03-11 02:49:19 +01:00
|
|
|
char *preferred_authentications;
|
2001-04-30 15:06:24 +02:00
|
|
|
char *bind_address; /* local socket address for connection to sshd */
|
2001-08-06 23:35:51 +02:00
|
|
|
char *smartcard_device; /* Smartcard reader device */
|
2003-05-15 02:19:46 +02:00
|
|
|
int verify_host_key_dns; /* Verify host key using DNS */
|
1999-11-24 14:26:21 +01:00
|
|
|
|
2000-11-13 12:57:25 +01:00
|
|
|
int num_identity_files; /* Number of files for RSA/DSA identities. */
|
1999-11-24 14:26:21 +01:00
|
|
|
char *identity_files[SSH_MAX_IDENTITY_FILES];
|
2001-03-09 01:12:22 +01:00
|
|
|
Key *identity_keys[SSH_MAX_IDENTITY_FILES];
|
1999-11-24 14:26:21 +01:00
|
|
|
|
|
|
|
/* Local TCP/IP forward requests. */
|
|
|
|
int num_local_forwards;
|
|
|
|
Forward local_forwards[SSH_MAX_FORWARDS_PER_DIRECTION];
|
|
|
|
|
|
|
|
/* Remote TCP/IP forward requests. */
|
|
|
|
int num_remote_forwards;
|
|
|
|
Forward remote_forwards[SSH_MAX_FORWARDS_PER_DIRECTION];
|
2001-09-20 02:57:55 +02:00
|
|
|
int clear_forwardings;
|
2002-11-09 16:52:31 +01:00
|
|
|
|
|
|
|
int enable_ssh_keysign;
|
2008-02-10 12:25:52 +01:00
|
|
|
int64_t rekey_limit;
|
2001-10-03 19:39:38 +02:00
|
|
|
int no_host_authentication_for_localhost;
|
2004-03-08 13:12:36 +01:00
|
|
|
int identities_only;
|
2004-07-17 08:12:08 +02:00
|
|
|
int server_alive_interval;
|
2003-12-17 06:33:10 +01:00
|
|
|
int server_alive_count_max;
|
2004-05-02 14:11:30 +02:00
|
|
|
|
|
|
|
int num_send_env;
|
|
|
|
char *send_env[MAX_SEND_ENV];
|
2004-06-15 02:34:08 +02:00
|
|
|
|
|
|
|
char *control_path;
|
|
|
|
int control_master;
|
2005-03-01 11:47:37 +01:00
|
|
|
|
|
|
|
int hash_known_hosts;
|
2005-12-13 09:29:02 +01:00
|
|
|
|
|
|
|
int tun_open; /* tun(4) */
|
|
|
|
int tun_local; /* force tun device (optional) */
|
|
|
|
int tun_remote; /* force tun device (optional) */
|
|
|
|
|
|
|
|
char *local_command;
|
|
|
|
int permit_local_command;
|
|
|
|
|
1999-11-24 14:26:21 +01:00
|
|
|
} Options;
|
1999-10-27 05:42:43 +02:00
|
|
|
|
- grunk@cvs.openbsd.org 2008/06/11 21:01:35
[ssh_config.5 key.h readconf.c readconf.h ssh-keygen.1 ssh-keygen.c key.c
sshconnect.c]
Introduce SSH Fingerprint ASCII Visualization, a technique inspired by the
graphical hash visualization schemes known as "random art", and by
Dan Kaminsky's musings on the subject during a BlackOp talk at the
23C3 in Berlin.
Scientific publication (original paper):
"Hash Visualization: a New Technique to improve Real-World Security",
Perrig A. and Song D., 1999, International Workshop on Cryptographic
Techniques and E-Commerce (CrypTEC '99)
http://sparrow.ece.cmu.edu/~adrian/projects/validation/validation.pdf
The algorithm used here is a worm crawling over a discrete plane,
leaving a trace (augmenting the field) everywhere it goes.
Movement is taken from dgst_raw 2bit-wise. Bumping into walls
makes the respective movement vector be ignored for this turn,
thus switching to the other color of the chessboard.
Graphs are not unambiguous for now, because circles in graphs can be
walked in either direction.
discussions with several people,
help, corrections and ok markus@ djm@
2008-06-12 20:40:35 +02:00
|
|
|
#define SSHCTL_CHECKHOSTIP_NO 0
|
|
|
|
#define SSHCTL_CHECKHOSTIP_YES 1
|
|
|
|
#define SSHCTL_CHECKHOSTIP_FPR 2
|
|
|
|
|
2005-06-16 05:19:41 +02:00
|
|
|
#define SSHCTL_MASTER_NO 0
|
|
|
|
#define SSHCTL_MASTER_YES 1
|
|
|
|
#define SSHCTL_MASTER_AUTO 2
|
|
|
|
#define SSHCTL_MASTER_ASK 3
|
|
|
|
#define SSHCTL_MASTER_AUTO_ASK 4
|
1999-10-27 05:42:43 +02:00
|
|
|
|
2001-07-04 06:46:56 +02:00
|
|
|
void initialize_options(Options *);
|
|
|
|
void fill_default_options(Options *);
|
2004-04-20 12:11:57 +02:00
|
|
|
int read_config_file(const char *, const char *, Options *, int);
|
2005-03-01 11:24:33 +01:00
|
|
|
int parse_forward(Forward *, const char *);
|
1999-10-27 05:42:43 +02:00
|
|
|
|
2000-04-16 03:18:38 +02:00
|
|
|
int
|
2001-07-04 06:02:36 +02:00
|
|
|
process_config_line(Options *, const char *, char *, const char *, int, int *);
|
1999-10-27 05:42:43 +02:00
|
|
|
|
2005-03-01 11:24:33 +01:00
|
|
|
void add_local_forward(Options *, const Forward *);
|
|
|
|
void add_remote_forward(Options *, const Forward *);
|
1999-10-27 05:42:43 +02:00
|
|
|
|
1999-11-24 14:26:21 +01:00
|
|
|
#endif /* READCONF_H */
|