summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBen Lindstrom <mouring@eviladmin.org>2001-10-03 17:39:38 +0000
committerBen Lindstrom <mouring@eviladmin.org>2001-10-03 17:39:38 +0000
commit3cecc9a41f32681b8729a7e4b32dbe8fe80a3f8a (patch)
tree2738b5bdd1b2cae3fc86685b3ce5075f583153ad
parent908afed17f97a3f5814f8d0d16be27b9f487f93d (diff)
- markus@cvs.openbsd.org 2001/10/01 21:51:16
[readconf.c readconf.h ssh.1 sshconnect.c] add NoHostAuthenticationForLocalhost; note that the hostkey is now check for localhost, too.
-rw-r--r--ChangeLog6
-rw-r--r--readconf.c12
-rw-r--r--readconf.h3
-rw-r--r--ssh.112
-rw-r--r--sshconnect.c5
5 files changed, 31 insertions, 7 deletions
diff --git a/ChangeLog b/ChangeLog
index d6a3ca25..65655e58 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -27,6 +27,10 @@
- markus@cvs.openbsd.org 2001/10/01 21:38:53
[channels.c channels.h ssh.c sshd.c]
remove ugliness; vp@drexel.edu via angelos
+ - markus@cvs.openbsd.org 2001/10/01 21:51:16
+ [readconf.c readconf.h ssh.1 sshconnect.c]
+ add NoHostAuthenticationForLocalhost; note that the hostkey is
+ now check for localhost, too.
20011001
- (stevesk) loginrec.c: fix type conversion problems exposed when using
@@ -6619,4 +6623,4 @@
- Wrote replacements for strlcpy and mkdtemp
- Released 1.0pre1
-$Id: ChangeLog,v 1.1577 2001/10/03 17:34:59 mouring Exp $
+$Id: ChangeLog,v 1.1578 2001/10/03 17:39:38 mouring Exp $
diff --git a/readconf.c b/readconf.c
index 83069d3a..63035b37 100644
--- a/readconf.c
+++ b/readconf.c
@@ -12,7 +12,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: readconf.c,v 1.90 2001/09/19 19:24:18 stevesk Exp $");
+RCSID("$OpenBSD: readconf.c,v 1.91 2001/10/01 21:51:16 markus Exp $");
#include "ssh.h"
#include "xmalloc.h"
@@ -115,7 +115,7 @@ typedef enum {
oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias,
oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,
oHostKeyAlgorithms, oBindAddress, oSmartcardDevice,
- oClearAllForwardings
+ oClearAllForwardings, oNoHostAuthenticationForLocalhost
} OpCodes;
/* Textual representations of the tokens. */
@@ -186,6 +186,7 @@ static struct {
{ "bindaddress", oBindAddress },
{ "smartcarddevice", oSmartcardDevice },
{ "clearallforwardings", oClearAllForwardings },
+ { "nohostauthenticationforlocalhost", oNoHostAuthenticationForLocalhost },
{ NULL, 0 }
};
@@ -415,6 +416,10 @@ parse_flag:
intptr = &options->keepalives;
goto parse_flag;
+ case oNoHostAuthenticationForLocalhost:
+ intptr = &options->no_host_authentication_for_localhost;
+ goto parse_flag;
+
case oNumberOfPasswordPrompts:
intptr = &options->number_of_password_prompts;
goto parse_int;
@@ -793,6 +798,7 @@ initialize_options(Options * options)
options->preferred_authentications = NULL;
options->bind_address = NULL;
options->smartcard_device = NULL;
+ options->no_host_authentication_for_localhost = - 1;
}
/*
@@ -911,6 +917,8 @@ fill_default_options(Options * options)
options->log_level = SYSLOG_LEVEL_INFO;
if (options->clear_forwardings == 1)
clear_forwardings(options);
+ if (options->no_host_authentication_for_localhost == - 1)
+ options->no_host_authentication_for_localhost = 0;
/* options->proxy_command should not be set by default */
/* options->user will be set in the main program if appropriate */
/* options->hostname will be set in the main program if appropriate */
diff --git a/readconf.h b/readconf.h
index bde9eaa1..25ffa466 100644
--- a/readconf.h
+++ b/readconf.h
@@ -11,7 +11,7 @@
* called by a name other than "ssh" or "Secure Shell".
*/
-/* RCSID("$OpenBSD: readconf.h,v 1.39 2001/09/19 19:24:18 stevesk Exp $"); */
+/* RCSID("$OpenBSD: readconf.h,v 1.40 2001/10/01 21:51:16 markus Exp $"); */
#ifndef READCONF_H
#define READCONF_H
@@ -101,6 +101,7 @@ typedef struct {
int num_remote_forwards;
Forward remote_forwards[SSH_MAX_FORWARDS_PER_DIRECTION];
int clear_forwardings;
+ int no_host_authentication_for_localhost;
} Options;
diff --git a/ssh.1 b/ssh.1
index e3dc7506..9b924bd5 100644
--- a/ssh.1
+++ b/ssh.1
@@ -34,7 +34,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: ssh.1,v 1.138 2001/09/19 19:24:19 stevesk Exp $
+.\" $OpenBSD: ssh.1,v 1.139 2001/10/01 21:51:16 markus Exp $
.Dd September 25, 1999
.Dt SSH 1
.Os
@@ -981,6 +981,16 @@ for data integrity protection.
Multiple algorithms must be comma-separated.
The default is
.Dq hmac-md5,hmac-sha1,hmac-ripemd160,hmac-sha1-96,hmac-md5-96 .
+.It Cm NoHostAuthenticationForLocalhost
+This option can be used if the home directory is shared across machines.
+In this case localhost will refer to a different machine on each of
+the machines and the user will get many warnings about changed host keys.
+However, this option disables host authentication for localhost.
+The argument to this keyword must be
+.Dq yes
+or
+.Dq no .
+The default is to check the host key for localhost.
.It Cm NumberOfPasswordPrompts
Specifies the number of password prompts before giving up.
The argument to this keyword must be an integer.
diff --git a/sshconnect.c b/sshconnect.c
index 0ae100fe..6a9b5489 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -13,7 +13,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: sshconnect.c,v 1.110 2001/07/25 14:35:18 markus Exp $");
+RCSID("$OpenBSD: sshconnect.c,v 1.111 2001/10/01 21:51:16 markus Exp $");
#include <openssl/bn.h>
@@ -587,7 +587,8 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
salen = sizeof(struct sockaddr_storage);
break;
}
- if (local && options.host_key_alias == NULL) {
+ if (options.no_host_authentication_for_localhost == 1 && local &&
+ options.host_key_alias == NULL) {
debug("Forcing accepting of host key for "
"loopback/localhost.");
return 0;