tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

upstream: Add tilde and environment variable expansion to 

RevokedHostKeys. bz#3552, ok djm@

OpenBSD-Commit-ID: ce5d8e0219b63cded594c17d4c2958c06918ec0d
This commit is contained in:
dtucker@openbsd.org 2023-03-27 03:56:11 +00:00 committed by Darren Tucker
parent 009eb4cb48
commit f1a17de150
No known key found for this signature in database
2 changed files with 20 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
ssh.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ssh.c,v 1.585 2023/02/10 04:40:28 djm Exp $ */
/* $OpenBSD: ssh.c,v 1.586 2023/03/27 03:56:11 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -1421,6 +1421,14 @@ main(int ac, char **av)
options.identity_agent = cp;
}
if (options.revoked_host_keys != NULL) {
p = tilde_expand_filename(options.revoked_host_keys, getuid());
cp = default_client_percent_dollar_expand(p, cinfo);
free(p);
free(options.revoked_host_keys);
options.revoked_host_keys = cp;
}
if (options.forward_agent_sock_path != NULL) {
p = tilde_expand_filename(options.forward_agent_sock_path,
getuid());

13
ssh_config.5
View File

@ -33,8 +33,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" $OpenBSD: ssh_config.5,v 1.379 2023/03/10 02:32:04 djm Exp $
.Dd $Mdocdate: March 10 2023 $
.\" $OpenBSD: ssh_config.5,v 1.380 2023/03/27 03:56:11 dtucker Exp $
.Dd $Mdocdate: March 27 2023 $
.Dt SSH_CONFIG 5
.Os
.Sh NAME
@ -1665,6 +1665,14 @@ an OpenSSH Key Revocation List (KRL) as generated by
.Xr ssh-keygen 1 .
For more information on KRLs, see the KEY REVOCATION LISTS section in
.Xr ssh-keygen 1 .
Arguments to
.Cm RevokedHostKeys
may use the tilde syntax to refer to a user's home directory,
the tokens described in the
.Sx TOKENS
section and environment variables as described in the
.Sx ENVIRONMENT VARIABLES
section.
.It Cm SecurityKeyProvider
Specifies a path to a library that will be used when loading any
FIDO authenticator-hosted keys, overriding the default of using
@ -2135,6 +2143,7 @@ The local username.
.Cm Match exec ,
.Cm RemoteCommand ,
.Cm RemoteForward ,
.Cm RevokedHostKeys ,
and
.Cm UserKnownHostsFile
accept the tokens %%, %C, %d, %h, %i, %k, %L, %l, %n, %p, %r, and %u.