summaryrefslogtreecommitdiff
path: root/readconf.c
diff options
context:
space:
mode:
authorDamien Miller <djm@mindrot.org>2003-05-15 10:19:46 +1000
committerDamien Miller <djm@mindrot.org>2003-05-15 10:19:46 +1000
commit37876e913a069036501086a247ed2ea430cea206 (patch)
tree8294744f47011c82b63ec0b46f4449ff4f26ec7c /readconf.c
parentabbae980e7532da68e7f6aa1da716fb69e7521ad (diff)
- jakob@cvs.openbsd.org 2003/05/14 18:16:20
[key.c key.h readconf.c readconf.h ssh_config.5 sshconnect.c] [dns.c dns.h README.dns ssh-keygen.1 ssh-keygen.c] add experimental support for verifying hos keys using DNS as described in draft-ietf-secsh-dns-xx.txt. more information in README.dns. ok markus@ and henning@
Diffstat (limited to 'readconf.c')
-rw-r--r--readconf.c12
1 files changed, 10 insertions, 2 deletions
diff --git a/readconf.c b/readconf.c
index acdf128f..c9c463b2 100644
--- a/readconf.c
+++ b/readconf.c
@@ -12,7 +12,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: readconf.c,v 1.106 2003/04/09 12:00:37 djm Exp $");
+RCSID("$OpenBSD: readconf.c,v 1.107 2003/05/14 18:16:20 jakob Exp $");
#include "ssh.h"
#include "xmalloc.h"
@@ -114,7 +114,7 @@ typedef enum {
oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,
oHostKeyAlgorithms, oBindAddress, oSmartcardDevice,
oClearAllForwardings, oNoHostAuthenticationForLocalhost,
- oEnableSSHKeysign, oRekeyLimit,
+ oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS,
oDeprecated
} OpCodes;
@@ -187,6 +187,7 @@ static struct {
{ "smartcarddevice", oSmartcardDevice },
{ "clearallforwardings", oClearAllForwardings },
{ "enablesshkeysign", oEnableSSHKeysign },
+ { "verifyhostkeydns", oVerifyHostKeyDNS },
{ "nohostauthenticationforlocalhost", oNoHostAuthenticationForLocalhost },
{ "rekeylimit", oRekeyLimit },
{ NULL, oBadOption }
@@ -392,6 +393,10 @@ parse_flag:
intptr = &options->check_host_ip;
goto parse_flag;
+ case oVerifyHostKeyDNS:
+ intptr = &options->verify_host_key_dns;
+ goto parse_flag;
+
case oStrictHostKeyChecking:
intptr = &options->strict_host_key_checking;
arg = strdelim(&s);
@@ -829,6 +834,7 @@ initialize_options(Options * options)
options->enable_ssh_keysign = - 1;
options->no_host_authentication_for_localhost = - 1;
options->rekey_limit = - 1;
+ options->verify_host_key_dns = -1;
}
/*
@@ -947,6 +953,8 @@ fill_default_options(Options * options)
options->enable_ssh_keysign = 0;
if (options->rekey_limit == -1)
options->rekey_limit = 0;
+ if (options->verify_host_key_dns == -1)
+ options->verify_host_key_dns = 0;
/* options->proxy_command should not be set by default */
/* options->user will be set in the main program if appropriate */
/* options->hostname will be set in the main program if appropriate */