From: dtucker@openbsd.org Date: Fri, 17 Jul 2020 03:43:42 +0000 (+0000) Subject: upstream: Add a '%k' TOKEN that expands to the effective HostKey of X-Git-Tag: V_8_4_P1~69 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8df5774a42d2eaffe057bd7f293fc6a4b1aa411c;p=thirdparty%2Fopenssh-portable.git upstream: Add a '%k' TOKEN that expands to the effective HostKey of the destination. This allows, eg, keeping host keys in individual files using "UserKnownHostsFile ~/.ssh/known_hosts.d/%k". bz#1654, ok djm@, jmc@ (man page bits) OpenBSD-Commit-ID: 7084d723c9cc987a5c47194219efd099af5beadc --- diff --git a/ssh.c b/ssh.c index 5c93c3d2f..93e5c4831 100644 --- a/ssh.c +++ b/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.532 2020/07/17 03:23:10 dtucker Exp $ */ +/* $OpenBSD: ssh.c,v 1.533 2020/07/17 03:43:42 dtucker Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -176,6 +176,7 @@ char *forward_agent_sock_path = NULL; /* Various strings used to to percent_expand() arguments */ static char thishost[NI_MAXHOST], shorthost[NI_MAXHOST], portstr[NI_MAXSERV]; static char uidstr[32], *host_arg, *conn_hash_hex; +static const char *keyalias; /* socket address the host resolves to */ struct sockaddr_storage hostaddr; @@ -235,6 +236,7 @@ tilde_expand_paths(char **paths, u_int num_paths) "C", conn_hash_hex, \ "L", shorthost, \ "i", uidstr, \ + "k", keyalias, \ "l", thishost, \ "n", host_arg, \ "p", portstr @@ -1380,6 +1382,7 @@ main(int ac, char **av) snprintf(portstr, sizeof(portstr), "%d", options.port); snprintf(uidstr, sizeof(uidstr), "%llu", (unsigned long long)pw->pw_uid); + keyalias = options.host_key_alias ? options.host_key_alias : host_arg; conn_hash_hex = ssh_connection_hash(thishost, host, portstr, options.user); diff --git a/ssh_config b/ssh_config index 5e8ef548b..842ea866c 100644 --- a/ssh_config +++ b/ssh_config @@ -1,4 +1,4 @@ -# $OpenBSD: ssh_config,v 1.34 2019/02/04 02:39:42 dtucker Exp $ +# $OpenBSD: ssh_config,v 1.35 2020/07/17 03:43:42 dtucker Exp $ # This is the ssh client system-wide configuration file. See # ssh_config(5) for more information. This file provides defaults for @@ -43,3 +43,4 @@ # VisualHostKey no # ProxyCommand ssh -q -W %h:%p gateway.example.com # RekeyLimit 1G 1h +# UserKnownHostsFile ~/.ssh/known_hosts.d/%k diff --git a/ssh_config.5 b/ssh_config.5 index fce59d13a..523ee6973 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -33,7 +33,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.329 2020/07/17 03:23:10 dtucker Exp $ +.\" $OpenBSD: ssh_config.5,v 1.330 2020/07/17 03:43:42 dtucker Exp $ .Dd $Mdocdate: July 17 2020 $ .Dt SSH_CONFIG 5 .Os @@ -1850,6 +1850,9 @@ Local user's home directory. The remote hostname. .It %i The local user ID. +.It %k +The host key alias if specified, otherwise the orignal remote hostname given +on the command line. .It %L The local hostname. .It %l diff --git a/sshconnect.c b/sshconnect.c index af08be415..f6d8a1bcf 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.c,v 1.329 2020/03/13 04:01:56 djm Exp $ */ +/* $OpenBSD: sshconnect.c,v 1.330 2020/07/17 03:43:42 dtucker Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -89,11 +89,14 @@ expand_proxy_command(const char *proxy_command, const char *user, const char *host, const char *host_arg, int port) { char *tmp, *ret, strport[NI_MAXSERV]; + const char *keyalias = options.host_key_alias ? + options.host_key_alias : host_arg; snprintf(strport, sizeof strport, "%d", port); xasprintf(&tmp, "exec %s", proxy_command); ret = percent_expand(tmp, "h", host, + "k", keyalias, "n", host_arg, "p", strport, "r", options.user,