diff options
| author | Damien Miller <djm@mindrot.org> | 2003-05-15 10:19:46 +1000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2003-05-15 10:19:46 +1000 |
| commit | 37876e913a069036501086a247ed2ea430cea206 (patch) | |
| tree | 8294744f47011c82b63ec0b46f4449ff4f26ec7c /readconf.c | |
| parent | abbae980e7532da68e7f6aa1da716fb69e7521ad (diff) | |
- jakob@cvs.openbsd.org 2003/05/14 18:16:20
[key.c key.h readconf.c readconf.h ssh_config.5 sshconnect.c]
[dns.c dns.h README.dns ssh-keygen.1 ssh-keygen.c]
add experimental support for verifying hos keys using DNS as described
in draft-ietf-secsh-dns-xx.txt. more information in README.dns.
ok markus@ and henning@
Diffstat (limited to 'readconf.c')
| -rw-r--r-- | readconf.c | 12 |
1 files changed, 10 insertions, 2 deletions
@@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: readconf.c,v 1.106 2003/04/09 12:00:37 djm Exp $"); +RCSID("$OpenBSD: readconf.c,v 1.107 2003/05/14 18:16:20 jakob Exp $"); #include "ssh.h" #include "xmalloc.h" @@ -114,7 +114,7 @@ typedef enum { oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication, oHostKeyAlgorithms, oBindAddress, oSmartcardDevice, oClearAllForwardings, oNoHostAuthenticationForLocalhost, - oEnableSSHKeysign, oRekeyLimit, + oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oDeprecated } OpCodes; @@ -187,6 +187,7 @@ static struct { { "smartcarddevice", oSmartcardDevice }, { "clearallforwardings", oClearAllForwardings }, { "enablesshkeysign", oEnableSSHKeysign }, + { "verifyhostkeydns", oVerifyHostKeyDNS }, { "nohostauthenticationforlocalhost", oNoHostAuthenticationForLocalhost }, { "rekeylimit", oRekeyLimit }, { NULL, oBadOption } @@ -392,6 +393,10 @@ parse_flag: intptr = &options->check_host_ip; goto parse_flag; + case oVerifyHostKeyDNS: + intptr = &options->verify_host_key_dns; + goto parse_flag; + case oStrictHostKeyChecking: intptr = &options->strict_host_key_checking; arg = strdelim(&s); @@ -829,6 +834,7 @@ initialize_options(Options * options) options->enable_ssh_keysign = - 1; options->no_host_authentication_for_localhost = - 1; options->rekey_limit = - 1; + options->verify_host_key_dns = -1; } /* @@ -947,6 +953,8 @@ fill_default_options(Options * options) options->enable_ssh_keysign = 0; if (options->rekey_limit == -1) options->rekey_limit = 0; + if (options->verify_host_key_dns == -1) + options->verify_host_key_dns = 0; /* options->proxy_command should not be set by default */ /* options->user will be set in the main program if appropriate */ /* options->hostname will be set in the main program if appropriate */ |