upstream commit Host key rotation support. Add a hostkeys@openssh.com protocol extension (global request) for a server to inform a client of all its available host key after authentication has completed. The client may record the keys in known_hosts, allowing it to upgrade to better host key algorithms and a server to gracefully rotate its keys. The client side of this is controlled by a UpdateHostkeys config option (default on). ok markus@

commit: 8d4f87258f31cb6def9b3b55b6a7321d84728ff2 [log] [tgz]
author: djm@openbsd.org <djm@openbsd.org> Mon Jan 26 03:04:45 2015 +0000
committer: Damien Miller <djm@mindrot.org> Tue Jan 27 00:00:57 2015 +1100
tree: c98e66c1c0824f0b0e312d7b44d8eeac46265362
parent: 60b1825262b1f1e24fc72050b907189c92daf18e [diff] [blame]
diff --git a/readconf.h b/readconf.h
index a23da11..7a8ae17 100644
--- a/readconf.h
+++ b/readconf.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.h,v 1.106 2015/01/15 09:40:00 djm Exp $ */
+/* $OpenBSD: readconf.h,v 1.107 2015/01/26 03:04:45 djm Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -146,7 +146,9 @@
 
 	char	*revoked_host_keys;
 
-	int	fingerprint_hash;
+	int	 fingerprint_hash;
+
+	int	 update_hostkeys;
 
 	char	*ignored_unknown; /* Pattern list of unknown tokens to ignore */
 }       Options;
commit	8d4f87258f31cb6def9b3b55b6a7321d84728ff2	[log] [tgz]
author	djm@openbsd.org <djm@openbsd.org>	Mon Jan 26 03:04:45 2015 +0000
committer	Damien Miller <djm@mindrot.org>	Tue Jan 27 00:00:57 2015 +1100
tree	c98e66c1c0824f0b0e312d7b44d8eeac46265362
parent	60b1825262b1f1e24fc72050b907189c92daf18e [diff] [blame]