- dtucker@cvs.openbsd.org 2006/07/10 12:46:51
[misc.c misc.h sshd.8 sshconnect.c]
Add port identifier to known_hosts for non-default ports, based originally
on a patch from Devin Nate in bz#910.
For any connection using the default port or using a HostKeyAlias the
format is unchanged, otherwise the host name or address is enclosed
within square brackets in the same format as sshd's ListenAddress.
Tested by many, ok markus@.
This commit is contained in:
Darren Tucker
parent
0f07707267
commit
da34553561
10
ChangeLog
10
ChangeLog
|
|
@ -96,6 +96,14 @@
|
||||||
[channels.c]
|
[channels.c]
|
||||||
fix misparsing of SOCKS 5 packets that could result in a crash;
|
fix misparsing of SOCKS 5 packets that could result in a crash;
|
||||||
reported by mk@ ok markus@
|
reported by mk@ ok markus@
|
||||||
|
- dtucker@cvs.openbsd.org 2006/07/10 12:46:51
|
||||||
|
[misc.c misc.h sshd.8 sshconnect.c]
|
||||||
|
Add port identifier to known_hosts for non-default ports, based originally
|
||||||
|
on a patch from Devin Nate in bz#910.
|
||||||
|
For any connection using the default port or using a HostKeyAlias the
|
||||||
|
format is unchanged, otherwise the host name or address is enclosed
|
||||||
|
within square brackets in the same format as sshd's ListenAddress.
|
||||||
|
Tested by many, ok markus@.
|
||||||
|
|
||||||
20060706
|
20060706
|
||||||
- (dtucker) [configure.ac] Try AIX blibpath test in different order when
|
- (dtucker) [configure.ac] Try AIX blibpath test in different order when
|
||||||
|
|
@ -4829,4 +4837,4 @@
|
||||||
- (djm) Trim deprecated options from INSTALL. Mention UsePAM
|
- (djm) Trim deprecated options from INSTALL. Mention UsePAM
|
||||||
- (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
|
- (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
|
||||||
|
|
||||||
$Id: ChangeLog,v 1.4383 2006/07/10 12:21:02 djm Exp $
|
$Id: ChangeLog,v 1.4384 2006/07/10 13:04:19 dtucker Exp $
|
||||||
|
|
|
||||||
20
misc.c
20
misc.c
|
|
@ -1,4 +1,4 @@
|
||||||
/* $OpenBSD: misc.c,v 1.55 2006/07/09 15:15:10 stevesk Exp $ */
|
/* $OpenBSD: misc.c,v 1.56 2006/07/10 12:46:51 dtucker Exp $ */
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
||||||
* Copyright (c) 2005,2006 Damien Miller. All rights reserved.
|
* Copyright (c) 2005,2006 Damien Miller. All rights reserved.
|
||||||
|
|
@ -45,6 +45,7 @@
|
||||||
#include "misc.h"
|
#include "misc.h"
|
||||||
#include "log.h"
|
#include "log.h"
|
||||||
#include "xmalloc.h"
|
#include "xmalloc.h"
|
||||||
|
#include "ssh.h"
|
||||||
|
|
||||||
/* remove newline at end of string */
|
/* remove newline at end of string */
|
||||||
char *
|
char *
|
||||||
|
|
@ -336,6 +337,23 @@ convtime(const char *s)
|
||||||
return total;
|
return total;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Returns a standardized host+port identifier string.
|
||||||
|
* Caller must free returned string.
|
||||||
|
*/
|
||||||
|
char *
|
||||||
|
put_host_port(const char *host, u_short port)
|
||||||
|
{
|
||||||
|
char *hoststr;
|
||||||
|
|
||||||
|
if (port == 0 || port == SSH_DEFAULT_PORT)
|
||||||
|
return(xstrdup(host));
|
||||||
|
if (asprintf(&hoststr, "[%s]:%d", host, (int)port) < 0)
|
||||||
|
fatal("put_host_port: asprintf: %s", strerror(errno));
|
||||||
|
debug3("put_host_port: %s", hoststr);
|
||||||
|
return hoststr;
|
||||||
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Search for next delimiter between hostnames/addresses and ports.
|
* Search for next delimiter between hostnames/addresses and ports.
|
||||||
* Argument may be modified (for termination).
|
* Argument may be modified (for termination).
|
||||||
|
|
|
||||||
3
misc.h
3
misc.h
|
|
@ -1,4 +1,4 @@
|
||||||
/* $OpenBSD: misc.h,v 1.32 2006/07/06 16:03:53 stevesk Exp $ */
|
/* $OpenBSD: misc.h,v 1.33 2006/07/10 12:46:51 dtucker Exp $ */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||||
|
|
@ -28,6 +28,7 @@ int unset_nonblock(int);
|
||||||
void set_nodelay(int);
|
void set_nodelay(int);
|
||||||
int a2port(const char *);
|
int a2port(const char *);
|
||||||
int a2tun(const char *, int *);
|
int a2tun(const char *, int *);
|
||||||
|
char *put_host_port(const char *, u_short);
|
||||||
char *hpdelim(char **);
|
char *hpdelim(char **);
|
||||||
char *cleanhostname(char *);
|
char *cleanhostname(char *);
|
||||||
char *colon(char *);
|
char *colon(char *);
|
||||||
|
|
|
||||||
25
sshconnect.c
25
sshconnect.c
|
|
@ -1,4 +1,4 @@
|
||||||
/* $OpenBSD: sshconnect.c,v 1.188 2006/07/06 16:03:53 stevesk Exp $ */
|
/* $OpenBSD: sshconnect.c,v 1.189 2006/07/10 12:46:51 dtucker Exp $ */
|
||||||
/*
|
/*
|
||||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||||
|
|
@ -514,12 +514,12 @@ confirm(const char *prompt)
|
||||||
* is not valid. the user_hostfile will not be updated if 'readonly' is true.
|
* is not valid. the user_hostfile will not be updated if 'readonly' is true.
|
||||||
*/
|
*/
|
||||||
static int
|
static int
|
||||||
check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
|
check_host_key(char *hostname, struct sockaddr *hostaddr, Key *host_key,
|
||||||
int readonly, const char *user_hostfile, const char *system_hostfile)
|
int readonly, const char *user_hostfile, const char *system_hostfile)
|
||||||
{
|
{
|
||||||
Key *file_key;
|
Key *file_key;
|
||||||
const char *type = key_type(host_key);
|
const char *type = key_type(host_key);
|
||||||
char *ip = NULL;
|
char *ip = NULL, *host = NULL;
|
||||||
char hostline[1000], *hostp, *fp;
|
char hostline[1000], *hostp, *fp;
|
||||||
HostStatus host_status;
|
HostStatus host_status;
|
||||||
HostStatus ip_status;
|
HostStatus ip_status;
|
||||||
|
|
@ -570,7 +570,7 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
|
||||||
if (getnameinfo(hostaddr, salen, ntop, sizeof(ntop),
|
if (getnameinfo(hostaddr, salen, ntop, sizeof(ntop),
|
||||||
NULL, 0, NI_NUMERICHOST) != 0)
|
NULL, 0, NI_NUMERICHOST) != 0)
|
||||||
fatal("check_host_key: getnameinfo failed");
|
fatal("check_host_key: getnameinfo failed");
|
||||||
ip = xstrdup(ntop);
|
ip = put_host_port(ntop, options.port);
|
||||||
} else {
|
} else {
|
||||||
ip = xstrdup("<no hostip for proxy command>");
|
ip = xstrdup("<no hostip for proxy command>");
|
||||||
}
|
}
|
||||||
|
|
@ -578,18 +578,21 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
|
||||||
* Turn off check_host_ip if the connection is to localhost, via proxy
|
* Turn off check_host_ip if the connection is to localhost, via proxy
|
||||||
* command or if we don't have a hostname to compare with
|
* command or if we don't have a hostname to compare with
|
||||||
*/
|
*/
|
||||||
if (options.check_host_ip &&
|
if (options.check_host_ip && (local ||
|
||||||
(local || strcmp(host, ip) == 0 || options.proxy_command != NULL))
|
strcmp(hostname, ip) == 0 || options.proxy_command != NULL))
|
||||||
options.check_host_ip = 0;
|
options.check_host_ip = 0;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Allow the user to record the key under a different name. This is
|
* Allow the user to record the key under a different name or
|
||||||
* useful for ssh tunneling over forwarded connections or if you run
|
* differentiate a non-standard port. This is useful for ssh
|
||||||
* multiple sshd's on different ports on the same machine.
|
* tunneling over forwarded connections or if you run multiple
|
||||||
|
* sshd's on different ports on the same machine.
|
||||||
*/
|
*/
|
||||||
if (options.host_key_alias != NULL) {
|
if (options.host_key_alias != NULL) {
|
||||||
host = options.host_key_alias;
|
host = xstrdup(options.host_key_alias);
|
||||||
debug("using hostkeyalias: %s", host);
|
debug("using hostkeyalias: %s", host);
|
||||||
|
} else {
|
||||||
|
host = put_host_port(hostname, options.port);
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
|
@ -851,10 +854,12 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
|
||||||
}
|
}
|
||||||
|
|
||||||
xfree(ip);
|
xfree(ip);
|
||||||
|
xfree(host);
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
fail:
|
fail:
|
||||||
xfree(ip);
|
xfree(ip);
|
||||||
|
xfree(host);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
9
sshd.8
9
sshd.8
|
|
@ -34,7 +34,7 @@
|
||||||
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||||
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||||
.\"
|
.\"
|
||||||
.\" $OpenBSD: sshd.8,v 1.230 2006/02/24 20:31:31 jmc Exp $
|
.\" $OpenBSD: sshd.8,v 1.231 2006/07/10 12:46:52 dtucker Exp $
|
||||||
.Dd September 25, 1999
|
.Dd September 25, 1999
|
||||||
.Dt SSHD 8
|
.Dt SSHD 8
|
||||||
.Os
|
.Os
|
||||||
|
|
@ -588,6 +588,13 @@ A pattern may also be preceded by
|
||||||
to indicate negation: if the host name matches a negated
|
to indicate negation: if the host name matches a negated
|
||||||
pattern, it is not accepted (by that line) even if it matched another
|
pattern, it is not accepted (by that line) even if it matched another
|
||||||
pattern on the line.
|
pattern on the line.
|
||||||
|
A hostname or address may optionally be enclosed within
|
||||||
|
.Ql \&[
|
||||||
|
and
|
||||||
|
.Ql \&]
|
||||||
|
brackets then followed by
|
||||||
|
.Ql \&:
|
||||||
|
and and a non-standard port number.
|
||||||
.Pp
|
.Pp
|
||||||
Alternately, hostnames may be stored in a hashed form which hides host names
|
Alternately, hostnames may be stored in a hashed form which hides host names
|
||||||
and addresses should the file's contents be disclosed.
|
and addresses should the file's contents be disclosed.
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue