- djm@cvs.openbsd.org 2010/03/04 10:36:03
[auth-rh-rsa.c auth-rsa.c auth.c auth.h auth2-hostbased.c auth2-pubkey.c]
[authfile.c authfile.h hostfile.c hostfile.h servconf.c servconf.h]
[ssh-keygen.c ssh.1 sshconnect.c sshd_config.5]
Add a TrustedUserCAKeys option to sshd_config to specify CA keys that
are trusted to authenticate users (in addition than doing it per-user
in authorized_keys).
Add a RevokedKeys option to sshd_config and a @revoked marker to
known_hosts to allow keys to me revoked and banned for user or host
authentication.
feedback and ok markus@
diff --git a/hostfile.h b/hostfile.h
index ebac1e4..1d460c1 100644
--- a/hostfile.h
+++ b/hostfile.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: hostfile.h,v 1.17 2010/02/26 20:29:54 djm Exp $ */
+/* $OpenBSD: hostfile.h,v 1.18 2010/03/04 10:36:03 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -15,7 +15,7 @@
#define HOSTFILE_H
typedef enum {
- HOST_OK, HOST_NEW, HOST_CHANGED, HOST_FOUND
+ HOST_OK, HOST_NEW, HOST_CHANGED, HOST_REVOKED, HOST_FOUND
} HostStatus;
int hostfile_read_key(char **, u_int *, Key *);
@@ -29,6 +29,7 @@
#define HASH_DELIM '|'
#define CA_MARKER "@cert-authority"
+#define REVOKE_MARKER "@revoked"
char *host_hash(const char *, const char *, u_int);