mirror of
git://anongit.mindrot.org/openssh.git
synced 2024-11-27 14:44:21 +08:00
1aed65eb27
[auth-rh-rsa.c auth-rsa.c auth.c auth.h auth2-hostbased.c auth2-pubkey.c]
[authfile.c authfile.h hostfile.c hostfile.h servconf.c servconf.h]
[ssh-keygen.c ssh.1 sshconnect.c sshd_config.5]
Add a TrustedUserCAKeys option to sshd_config to specify CA keys that
are trusted to authenticate users (in addition than doing it per-user
in authorized_keys).
Add a RevokedKeys option to sshd_config and a @revoked marker to
known_hosts to allow keys to me revoked and banned for user or host
authentication.
feedback and ok markus@
37 lines
1.2 KiB
C
37 lines
1.2 KiB
C
/* $OpenBSD: hostfile.h,v 1.18 2010/03/04 10:36:03 djm Exp $ */
|
|
|
|
/*
|
|
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
|
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
|
* All rights reserved
|
|
*
|
|
* As far as I am concerned, the code I have written for this software
|
|
* can be used freely for any purpose. Any derived versions of this
|
|
* software must be clearly marked as such, and if the derived work is
|
|
* incompatible with the protocol description in the RFC file, it must be
|
|
* called by a name other than "ssh" or "Secure Shell".
|
|
*/
|
|
#ifndef HOSTFILE_H
|
|
#define HOSTFILE_H
|
|
|
|
typedef enum {
|
|
HOST_OK, HOST_NEW, HOST_CHANGED, HOST_REVOKED, HOST_FOUND
|
|
} HostStatus;
|
|
|
|
int hostfile_read_key(char **, u_int *, Key *);
|
|
HostStatus check_host_in_hostfile(const char *, const char *,
|
|
const Key *, Key *, int *);
|
|
int add_host_to_hostfile(const char *, const char *, const Key *, int);
|
|
int lookup_key_in_hostfile_by_type(const char *, const char *,
|
|
int, Key *, int *);
|
|
|
|
#define HASH_MAGIC "|1|"
|
|
#define HASH_DELIM '|'
|
|
|
|
#define CA_MARKER "@cert-authority"
|
|
#define REVOKE_MARKER "@revoked"
|
|
|
|
char *host_hash(const char *, const char *, u_int);
|
|
|
|
#endif
|