From: dtucker Date: Mon, 27 Mar 2023 03:56:11 +0000 (+0000) Subject: Add tilde and environment variable expansion to RevokedHostKeys. X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=c8b539e9c4486a5e7c652ea5c81931ca48bbaa46;p=openbsd Add tilde and environment variable expansion to RevokedHostKeys. bz#3552, ok djm@ --- diff --git a/usr.bin/ssh/ssh.c b/usr.bin/ssh/ssh.c index b4744f33a42..c9de7718462 100644 --- a/usr.bin/ssh/ssh.c +++ b/usr.bin/ssh/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.585 2023/02/10 04:40:28 djm Exp $ */ +/* $OpenBSD: ssh.c,v 1.586 2023/03/27 03:56:11 dtucker Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1400,6 +1400,14 @@ main(int ac, char **av) options.identity_agent = cp; } + if (options.revoked_host_keys != NULL) { + p = tilde_expand_filename(options.revoked_host_keys, getuid()); + cp = default_client_percent_dollar_expand(p, cinfo); + free(p); + free(options.revoked_host_keys); + options.revoked_host_keys = cp; + } + if (options.forward_agent_sock_path != NULL) { p = tilde_expand_filename(options.forward_agent_sock_path, getuid()); diff --git a/usr.bin/ssh/ssh_config.5 b/usr.bin/ssh/ssh_config.5 index aebdf0346a8..972cafee625 100644 --- a/usr.bin/ssh/ssh_config.5 +++ b/usr.bin/ssh/ssh_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.379 2023/03/10 02:32:04 djm Exp $ -.Dd $Mdocdate: March 10 2023 $ +.\" $OpenBSD: ssh_config.5,v 1.380 2023/03/27 03:56:11 dtucker Exp $ +.Dd $Mdocdate: March 27 2023 $ .Dt SSH_CONFIG 5 .Os .Sh NAME @@ -1666,6 +1666,14 @@ an OpenSSH Key Revocation List (KRL) as generated by .Xr ssh-keygen 1 . For more information on KRLs, see the KEY REVOCATION LISTS section in .Xr ssh-keygen 1 . +Arguments to +.Cm RevokedHostKeys +may use the tilde syntax to refer to a user's home directory, +the tokens described in the +.Sx TOKENS +section and environment variables as described in the +.Sx ENVIRONMENT VARIABLES +section. .It Cm SecurityKeyProvider Specifies a path to a library that will be used when loading any FIDO authenticator-hosted keys, overriding the default of using @@ -2136,6 +2144,7 @@ The local username. .Cm Match exec , .Cm RemoteCommand , .Cm RemoteForward , +.Cm RevokedHostKeys , and .Cm UserKnownHostsFile accept the tokens %%, %C, %d, %h, %i, %k, %L, %l, %n, %p, %r, and %u.