summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDarren Tucker <dtucker@zip.com.au>2006-07-10 15:04:19 +0200
committerDarren Tucker <dtucker@zip.com.au>2006-07-10 15:04:19 +0200
commitda3455356100dbcb5d1ff9f0556386ca5f788795 (patch)
tree013d0f5e5bca486e4e72387d94980fc81d402a50
parent - djm@cvs.openbsd.org 2006/07/10 12:08:08 (diff)
downloadopenssh-da3455356100dbcb5d1ff9f0556386ca5f788795.tar.xz
openssh-da3455356100dbcb5d1ff9f0556386ca5f788795.zip
- dtucker@cvs.openbsd.org 2006/07/10 12:46:51
[misc.c misc.h sshd.8 sshconnect.c] Add port identifier to known_hosts for non-default ports, based originally on a patch from Devin Nate in bz#910. For any connection using the default port or using a HostKeyAlias the format is unchanged, otherwise the host name or address is enclosed within square brackets in the same format as sshd's ListenAddress. Tested by many, ok markus@.
-rw-r--r--ChangeLog10
-rw-r--r--misc.c20
-rw-r--r--misc.h3
-rw-r--r--sshconnect.c25
-rw-r--r--sshd.89
5 files changed, 53 insertions, 14 deletions
diff --git a/ChangeLog b/ChangeLog
index beb4a4fa2..56cee8708 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -96,6 +96,14 @@
[channels.c]
fix misparsing of SOCKS 5 packets that could result in a crash;
reported by mk@ ok markus@
+ - dtucker@cvs.openbsd.org 2006/07/10 12:46:51
+ [misc.c misc.h sshd.8 sshconnect.c]
+ Add port identifier to known_hosts for non-default ports, based originally
+ on a patch from Devin Nate in bz#910.
+ For any connection using the default port or using a HostKeyAlias the
+ format is unchanged, otherwise the host name or address is enclosed
+ within square brackets in the same format as sshd's ListenAddress.
+ Tested by many, ok markus@.
20060706
- (dtucker) [configure.ac] Try AIX blibpath test in different order when
@@ -4829,4 +4837,4 @@
- (djm) Trim deprecated options from INSTALL. Mention UsePAM
- (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
-$Id: ChangeLog,v 1.4383 2006/07/10 12:21:02 djm Exp $
+$Id: ChangeLog,v 1.4384 2006/07/10 13:04:19 dtucker Exp $
diff --git a/misc.c b/misc.c
index 2abb14051..a65b1fded 100644
--- a/misc.c
+++ b/misc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: misc.c,v 1.55 2006/07/09 15:15:10 stevesk Exp $ */
+/* $OpenBSD: misc.c,v 1.56 2006/07/10 12:46:51 dtucker Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
* Copyright (c) 2005,2006 Damien Miller. All rights reserved.
@@ -45,6 +45,7 @@
#include "misc.h"
#include "log.h"
#include "xmalloc.h"
+#include "ssh.h"
/* remove newline at end of string */
char *
@@ -337,6 +338,23 @@ convtime(const char *s)
}
/*
+ * Returns a standardized host+port identifier string.
+ * Caller must free returned string.
+ */
+char *
+put_host_port(const char *host, u_short port)
+{
+ char *hoststr;
+
+ if (port == 0 || port == SSH_DEFAULT_PORT)
+ return(xstrdup(host));
+ if (asprintf(&hoststr, "[%s]:%d", host, (int)port) < 0)
+ fatal("put_host_port: asprintf: %s", strerror(errno));
+ debug3("put_host_port: %s", hoststr);
+ return hoststr;
+}
+
+/*
* Search for next delimiter between hostnames/addresses and ports.
* Argument may be modified (for termination).
* Returns *cp if parsing succeeds.
diff --git a/misc.h b/misc.h
index f96328662..139a62e05 100644
--- a/misc.h
+++ b/misc.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: misc.h,v 1.32 2006/07/06 16:03:53 stevesk Exp $ */
+/* $OpenBSD: misc.h,v 1.33 2006/07/10 12:46:51 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -28,6 +28,7 @@ int unset_nonblock(int);
void set_nodelay(int);
int a2port(const char *);
int a2tun(const char *, int *);
+char *put_host_port(const char *, u_short);
char *hpdelim(char **);
char *cleanhostname(char *);
char *colon(char *);
diff --git a/sshconnect.c b/sshconnect.c
index 3bc455eb4..f8450eadf 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect.c,v 1.188 2006/07/06 16:03:53 stevesk Exp $ */
+/* $OpenBSD: sshconnect.c,v 1.189 2006/07/10 12:46:51 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -514,12 +514,12 @@ confirm(const char *prompt)
* is not valid. the user_hostfile will not be updated if 'readonly' is true.
*/
static int
-check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
+check_host_key(char *hostname, struct sockaddr *hostaddr, Key *host_key,
int readonly, const char *user_hostfile, const char *system_hostfile)
{
Key *file_key;
const char *type = key_type(host_key);
- char *ip = NULL;
+ char *ip = NULL, *host = NULL;
char hostline[1000], *hostp, *fp;
HostStatus host_status;
HostStatus ip_status;
@@ -570,7 +570,7 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
if (getnameinfo(hostaddr, salen, ntop, sizeof(ntop),
NULL, 0, NI_NUMERICHOST) != 0)
fatal("check_host_key: getnameinfo failed");
- ip = xstrdup(ntop);
+ ip = put_host_port(ntop, options.port);
} else {
ip = xstrdup("<no hostip for proxy command>");
}
@@ -578,18 +578,21 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
* Turn off check_host_ip if the connection is to localhost, via proxy
* command or if we don't have a hostname to compare with
*/
- if (options.check_host_ip &&
- (local || strcmp(host, ip) == 0 || options.proxy_command != NULL))
+ if (options.check_host_ip && (local ||
+ strcmp(hostname, ip) == 0 || options.proxy_command != NULL))
options.check_host_ip = 0;
/*
- * Allow the user to record the key under a different name. This is
- * useful for ssh tunneling over forwarded connections or if you run
- * multiple sshd's on different ports on the same machine.
+ * Allow the user to record the key under a different name or
+ * differentiate a non-standard port. This is useful for ssh
+ * tunneling over forwarded connections or if you run multiple
+ * sshd's on different ports on the same machine.
*/
if (options.host_key_alias != NULL) {
- host = options.host_key_alias;
+ host = xstrdup(options.host_key_alias);
debug("using hostkeyalias: %s", host);
+ } else {
+ host = put_host_port(hostname, options.port);
}
/*
@@ -851,10 +854,12 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
}
xfree(ip);
+ xfree(host);
return 0;
fail:
xfree(ip);
+ xfree(host);
return -1;
}
diff --git a/sshd.8 b/sshd.8
index 0bfd68505..f614b8dc3 100644
--- a/sshd.8
+++ b/sshd.8
@@ -34,7 +34,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: sshd.8,v 1.230 2006/02/24 20:31:31 jmc Exp $
+.\" $OpenBSD: sshd.8,v 1.231 2006/07/10 12:46:52 dtucker Exp $
.Dd September 25, 1999
.Dt SSHD 8
.Os
@@ -588,6 +588,13 @@ A pattern may also be preceded by
to indicate negation: if the host name matches a negated
pattern, it is not accepted (by that line) even if it matched another
pattern on the line.
+A hostname or address may optionally be enclosed within
+.Ql \&[
+and
+.Ql \&]
+brackets then followed by
+.Ql \&:
+and and a non-standard port number.
.Pp
Alternately, hostnames may be stored in a hashed form which hides host names
and addresses should the file's contents be disclosed.