upstream: Add a '%k' TOKEN that expands to the effective HostKey of

the destination.  This allows, eg, keeping host keys in individual files
using "UserKnownHostsFile ~/.ssh/known_hosts.d/%k". bz#1654, ok djm@, jmc@
(man page bits)

OpenBSD-Commit-ID: 7084d723c9cc987a5c47194219efd099af5beadc

diff --git a/ssh.c b/ssh.c
index 5c93c3d2fb2a5671646d0cb489f388de94074b69..93e5c4831063a02dfd28f234cfc5a3a28a955f26 100644 (file)
--- a/ssh.c
+++ b/ssh.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh.c,v 1.532 2020/07/17 03:23:10 dtucker Exp $ */
+/* $OpenBSD: ssh.c,v 1.533 2020/07/17 03:43:42 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -176,6 +176,7 @@ char *forward_agent_sock_path = NULL;
 /* Various strings used to to percent_expand() arguments */
 static char thishost[NI_MAXHOST], shorthost[NI_MAXHOST], portstr[NI_MAXSERV];
 static char uidstr[32], *host_arg, *conn_hash_hex;
+static const char *keyalias;
 
 /* socket address the host resolves to */
 struct sockaddr_storage hostaddr;
@@ -235,6 +236,7 @@ tilde_expand_paths(char **paths, u_int num_paths)
     "C", conn_hash_hex, \
     "L", shorthost, \
     "i", uidstr, \
+    "k", keyalias, \
     "l", thishost, \
     "n", host_arg, \
     "p", portstr
@@ -1380,6 +1382,7 @@ main(int ac, char **av)
        snprintf(portstr, sizeof(portstr), "%d", options.port);
        snprintf(uidstr, sizeof(uidstr), "%llu",
            (unsigned long long)pw->pw_uid);
+       keyalias = options.host_key_alias ? options.host_key_alias : host_arg;
 
        conn_hash_hex = ssh_connection_hash(thishost, host, portstr,
            options.user);

diff --git a/ssh_config b/ssh_config
index 5e8ef548bb50296beb3e7ddb4c6037fcb65d8594..842ea866c72a620b06a1b99d38feca1afa64d523 100644 (file)
--- a/ssh_config
+++ b/ssh_config
@@ -1,4 +1,4 @@
-#      $OpenBSD: ssh_config,v 1.34 2019/02/04 02:39:42 dtucker Exp $
+#      $OpenBSD: ssh_config,v 1.35 2020/07/17 03:43:42 dtucker Exp $
 
 # This is the ssh client system-wide configuration file.  See
 # ssh_config(5) for more information.  This file provides defaults for
@@ -43,3 +43,4 @@
 #   VisualHostKey no
 #   ProxyCommand ssh -q -W %h:%p gateway.example.com
 #   RekeyLimit 1G 1h
+#   UserKnownHostsFile ~/.ssh/known_hosts.d/%k

diff --git a/ssh_config.5 b/ssh_config.5
index fce59d13a00ae87d85bcb2685f3b6f5313c03c14..523ee6973c443b984ee5973395ceaf134949d8b3 100644 (file)
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -33,7 +33,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh_config.5,v 1.329 2020/07/17 03:23:10 dtucker Exp $
+.\" $OpenBSD: ssh_config.5,v 1.330 2020/07/17 03:43:42 dtucker Exp $
 .Dd $Mdocdate: July 17 2020 $
 .Dt SSH_CONFIG 5
 .Os
@@ -1850,6 +1850,9 @@ Local user's home directory.
 The remote hostname.
 .It %i
 The local user ID.
+.It %k
+The host key alias if specified, otherwise the orignal remote hostname given
+on the command line.
 .It %L
 The local hostname.
 .It %l

diff --git a/sshconnect.c b/sshconnect.c
index af08be4154d9ed3ed2222e48d4fbef6daf47a9e5..f6d8a1bcfe21b8eccf8405b7a266314611d30edf 100644 (file)
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect.c,v 1.329 2020/03/13 04:01:56 djm Exp $ */
+/* $OpenBSD: sshconnect.c,v 1.330 2020/07/17 03:43:42 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -89,11 +89,14 @@ expand_proxy_command(const char *proxy_command, const char *user,
     const char *host, const char *host_arg, int port)
 {
        char *tmp, *ret, strport[NI_MAXSERV];
+       const char *keyalias = options.host_key_alias ?
+            options.host_key_alias : host_arg;
 
        snprintf(strport, sizeof strport, "%d", port);
        xasprintf(&tmp, "exec %s", proxy_command);
        ret = percent_expand(tmp,
            "h", host,
+           "k", keyalias,
            "n", host_arg,
            "p", strport,
            "r", options.user,