sshd_config RevokedKeys ?

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

sshd_config RevokedKeys ?

Lars Nooden-2
The sshd_config directive 'RevokeKeys' is like 'AuthorizedKeysFile' in
that both point to files.

Index: servconf.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/servconf.c,v
retrieving revision 1.208
diff -u -p -r1.208 servconf.c
--- servconf.c 7 May 2010 11:30:29 -0000 1.208
+++ servconf.c 10 May 2010 16:47:18 -0000
@@ -286,7 +286,7 @@ typedef enum {
  sMatch, sPermitOpen, sForceCommand, sChrootDirectory,
  sUsePrivilegeSeparation, sAllowAgentForwarding,
  sZeroKnowledgePasswordAuthentication, sHostCertificate,
- sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile,
+ sRevokedKeysFile, sTrustedUserCAKeys, sAuthorizedPrincipalsFile,
  sDeprecated, sUnsupported
  } ServerOpCodes;

@@ -394,7 +394,8 @@ static struct {
  { "forcecommand", sForceCommand, SSHCFG_ALL },
  { "chrootdirectory", sChrootDirectory, SSHCFG_ALL },
  { "hostcertificate", sHostCertificate, SSHCFG_GLOBAL },
- { "revokedkeys", sRevokedKeys, SSHCFG_ALL },
+ { "revokedkeysfile", sRevokedKeysFile, SSHCFG_ALL },
+ { "revokedkeys", sRevokedKeysFile, SSHCFG_ALL }, /* obsolete alias */
  { "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL },
  { "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_GLOBAL },
  { NULL, sBadOption, 0 }
@@ -1304,7 +1305,7 @@ process_server_config_line(ServerOptions
  charptr = &options->trusted_user_ca_keys;
  goto parse_filename;

- case sRevokedKeys:
+ case sRevokedKeysFile:
  charptr = &options->revoked_keys_file;
  goto parse_filename;

@@ -1639,7 +1640,7 @@ dump_config(ServerOptions *o)
  dump_cfg_string(sForceCommand, o->adm_forced_command);
  dump_cfg_string(sChrootDirectory, o->chroot_directory);
  dump_cfg_string(sTrustedUserCAKeys, o->trusted_user_ca_keys);
- dump_cfg_string(sRevokedKeys, o->revoked_keys_file);
+ dump_cfg_string(sRevokedKeysFile, o->revoked_keys_file);
  dump_cfg_string(sAuthorizedPrincipalsFile,
     o->authorized_principals_file);

Index: sshd_config.5
===================================================================
RCS file: /cvs/src/usr.bin/ssh/sshd_config.5,v
retrieving revision 1.122
diff -u -p -r1.122 sshd_config.5
--- sshd_config.5 7 May 2010 12:49:17 -0000 1.122
+++ sshd_config.5 10 May 2010 16:47:18 -0000
@@ -851,7 +851,7 @@ Specifies whether public key authenticat
  The default is
  .Dq yes .
  Note that this option applies to protocol version 2 only.
-.It Cm RevokedKeys
+.It Cm RevokedKeysFile
  Specifies a list of revoked public keys.
  Keys listed in this file will be refused for public key authentication.
  Note that if this file is not readable, then public key authentication will

Reply | Threaded
Open this post in threaded view
|

Re: sshd_config RevokedKeys ?

Damien Miller
no thanks. Or do you propose changing HostKey too?

On Mon, 10 May 2010, Lars Nooden wrote:

> The sshd_config directive 'RevokeKeys' is like 'AuthorizedKeysFile' in that
> both point to files.
>
> Index: servconf.c
> ===================================================================
> RCS file: /cvs/src/usr.bin/ssh/servconf.c,v
> retrieving revision 1.208
> diff -u -p -r1.208 servconf.c
> --- servconf.c 7 May 2010 11:30:29 -0000 1.208
> +++ servconf.c 10 May 2010 16:47:18 -0000
> @@ -286,7 +286,7 @@ typedef enum {
>   sMatch, sPermitOpen, sForceCommand, sChrootDirectory,
>   sUsePrivilegeSeparation, sAllowAgentForwarding,
>   sZeroKnowledgePasswordAuthentication, sHostCertificate,
> - sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile,
> + sRevokedKeysFile, sTrustedUserCAKeys, sAuthorizedPrincipalsFile,
>   sDeprecated, sUnsupported
>  } ServerOpCodes;
>
> @@ -394,7 +394,8 @@ static struct {
>   { "forcecommand", sForceCommand, SSHCFG_ALL },
>   { "chrootdirectory", sChrootDirectory, SSHCFG_ALL },
>   { "hostcertificate", sHostCertificate, SSHCFG_GLOBAL },
> - { "revokedkeys", sRevokedKeys, SSHCFG_ALL },
> + { "revokedkeysfile", sRevokedKeysFile, SSHCFG_ALL },
> + { "revokedkeys", sRevokedKeysFile, SSHCFG_ALL }, /* obsolete alias */
>   { "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL },
>   { "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_GLOBAL
> },
>   { NULL, sBadOption, 0 }
> @@ -1304,7 +1305,7 @@ process_server_config_line(ServerOptions
>   charptr = &options->trusted_user_ca_keys;
>   goto parse_filename;
>
> - case sRevokedKeys:
> + case sRevokedKeysFile:
>   charptr = &options->revoked_keys_file;
>   goto parse_filename;
>
> @@ -1639,7 +1640,7 @@ dump_config(ServerOptions *o)
>   dump_cfg_string(sForceCommand, o->adm_forced_command);
>   dump_cfg_string(sChrootDirectory, o->chroot_directory);
>   dump_cfg_string(sTrustedUserCAKeys, o->trusted_user_ca_keys);
> - dump_cfg_string(sRevokedKeys, o->revoked_keys_file);
> + dump_cfg_string(sRevokedKeysFile, o->revoked_keys_file);
>   dump_cfg_string(sAuthorizedPrincipalsFile,
>      o->authorized_principals_file);
>
> Index: sshd_config.5
> ===================================================================
> RCS file: /cvs/src/usr.bin/ssh/sshd_config.5,v
> retrieving revision 1.122
> diff -u -p -r1.122 sshd_config.5
> --- sshd_config.5 7 May 2010 12:49:17 -0000 1.122
> +++ sshd_config.5 10 May 2010 16:47:18 -0000
> @@ -851,7 +851,7 @@ Specifies whether public key authenticat
>  The default is
>  .Dq yes .
>  Note that this option applies to protocol version 2 only.
> -.It Cm RevokedKeys
> +.It Cm RevokedKeysFile
>  Specifies a list of revoked public keys.
>  Keys listed in this file will be refused for public key authentication.
>  Note that if this file is not readable, then public key authentication will