summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDamien Miller <djm@mindrot.org>2002-01-22 23:19:11 +1100
committerDamien Miller <djm@mindrot.org>2002-01-22 23:19:11 +1100
commit7fc2373f17b9a06e4ba43a7178ae6b5dbebe80e8 (patch)
treeb4e80f8e4857b2505cc7fd2bf01896e135379296
parentf51b0e1a3017bbd5ea06358e6e539bd71bfa65c8 (diff)
- stevesk@cvs.openbsd.org 2002/01/04 18:14:16
[servconf.c sshd.8] protocol 2 HostKey code default is now /etc/ssh_host_rsa_key and /etc/ssh_host_dsa_key like we have in sshd_config. ok markus@
-rw-r--r--ChangeLog6
-rw-r--r--servconf.c13
-rw-r--r--sshd.826
3 files changed, 33 insertions, 12 deletions
diff --git a/ChangeLog b/ChangeLog
index e577b52b..4697dfa3 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -88,6 +88,10 @@
- stevesk@cvs.openbsd.org 2002/01/04 17:59:17
[readconf.c servconf.c]
remove #ifdef _PATH_XAUTH/#endif; ok markus@
+ - stevesk@cvs.openbsd.org 2002/01/04 18:14:16
+ [servconf.c sshd.8]
+ protocol 2 HostKey code default is now /etc/ssh_host_rsa_key and
+ /etc/ssh_host_dsa_key like we have in sshd_config. ok markus@
20020121
@@ -7236,4 +7240,4 @@
- Wrote replacements for strlcpy and mkdtemp
- Released 1.0pre1
-$Id: ChangeLog,v 1.1748 2002/01/22 12:18:49 djm Exp $
+$Id: ChangeLog,v 1.1749 2002/01/22 12:19:11 djm Exp $
diff --git a/servconf.c b/servconf.c
index e772cd46..445d2da7 100644
--- a/servconf.c
+++ b/servconf.c
@@ -10,7 +10,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: servconf.c,v 1.96 2002/01/04 17:59:17 stevesk Exp $");
+RCSID("$OpenBSD: servconf.c,v 1.97 2002/01/04 18:14:16 stevesk Exp $");
#if defined(KRB4) || defined(KRB5)
#include <krb.h>
@@ -124,9 +124,14 @@ fill_default_server_options(ServerOptions *options)
if (options->num_host_key_files == 0) {
/* fill default hostkeys for protocols */
if (options->protocol & SSH_PROTO_1)
- options->host_key_files[options->num_host_key_files++] = _PATH_HOST_KEY_FILE;
- if (options->protocol & SSH_PROTO_2)
- options->host_key_files[options->num_host_key_files++] = _PATH_HOST_DSA_KEY_FILE;
+ options->host_key_files[options->num_host_key_files++] =
+ _PATH_HOST_KEY_FILE;
+ if (options->protocol & SSH_PROTO_2) {
+ options->host_key_files[options->num_host_key_files++] =
+ _PATH_HOST_RSA_KEY_FILE;
+ options->host_key_files[options->num_host_key_files++] =
+ _PATH_HOST_DSA_KEY_FILE;
+ }
}
if (options->num_ports == 0)
options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
diff --git a/sshd.8 b/sshd.8
index d6b92477..d2fa2761 100644
--- a/sshd.8
+++ b/sshd.8
@@ -34,7 +34,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: sshd.8,v 1.159 2001/12/28 22:37:48 stevesk Exp $
+.\" $OpenBSD: sshd.8,v 1.160 2002/01/04 18:14:16 stevesk Exp $
.Dd September 25, 1999
.Dt SSHD 8
.Os
@@ -208,12 +208,18 @@ If the client fails to authenticate the user within
this many seconds, the server disconnects and exits.
A value of zero indicates no limit.
.It Fl h Ar host_key_file
-Specifies the file from which the host key is read (default
-.Pa /etc/ssh_host_key ) .
+Specifies a file from which a host key is read.
This option must be given if
.Nm
is not run as root (as the normal
-host file is normally not readable by anyone but root).
+host key files are normally not readable by anyone but root).
+The default is
+.Pa /etc/ssh_host_key
+for protocol version 1, and
+.Pa /etc/ssh_host_rsa_key
+and
+.Pa /etc/ssh_host_dsa_key
+for protocol version 2.
It is possible to have multiple host key files for
the different protocol versions and host key algorithms.
.It Fl i
@@ -475,9 +481,15 @@ and applies to protocol version 2 only.
The default is
.Dq no .
.It Cm HostKey
-Specifies the file containing the private host keys (default
-.Pa /etc/ssh_host_key )
-used by SSH protocol versions 1 and 2.
+Specifies a file containing a private host key
+used by SSH.
+The default is
+.Pa /etc/ssh_host_key
+for protocol version 1, and
+.Pa /etc/ssh_host_rsa_key
+and
+.Pa /etc/ssh_host_dsa_key
+for protocol version 2.
Note that
.Nm
will refuse to use a file if it is group/world-accessible.