sshd_config RevokedKeys ?

Mon, 10 May 2010 10:06:16 -0700

The sshd_config directive 'RevokeKeys' is like 'AuthorizedKeysFile' in that both point to files. 

Index: servconf.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/servconf.c,v
retrieving revision 1.208
diff -u -p -r1.208 servconf.c
--- servconf.c  7 May 2010 11:30:29 -0000       1.208
+++ servconf.c  10 May 2010 16:47:18 -0000
@@ -286,7 +286,7 @@ typedef enum {
        sMatch, sPermitOpen, sForceCommand, sChrootDirectory,
        sUsePrivilegeSeparation, sAllowAgentForwarding,
        sZeroKnowledgePasswordAuthentication, sHostCertificate,
-       sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile,
+       sRevokedKeysFile, sTrustedUserCAKeys, sAuthorizedPrincipalsFile,
        sDeprecated, sUnsupported
 } ServerOpCodes;

@@ -394,7 +394,8 @@ static struct {
        { "forcecommand", sForceCommand, SSHCFG_ALL },
        { "chrootdirectory", sChrootDirectory, SSHCFG_ALL },
        { "hostcertificate", sHostCertificate, SSHCFG_GLOBAL },
-       { "revokedkeys", sRevokedKeys, SSHCFG_ALL },
+       { "revokedkeysfile", sRevokedKeysFile, SSHCFG_ALL },
+       { "revokedkeys", sRevokedKeysFile, SSHCFG_ALL }, /* obsolete alias */
        { "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL },
        { "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_GLOBAL 
},
        { NULL, sBadOption, 0 }
@@ -1304,7 +1305,7 @@ process_server_config_line(ServerOptions
                charptr = &options->trusted_user_ca_keys;
                goto parse_filename;

-       case sRevokedKeys:
+       case sRevokedKeysFile:
                charptr = &options->revoked_keys_file;
                goto parse_filename;

@@ -1639,7 +1640,7 @@ dump_config(ServerOptions *o)
        dump_cfg_string(sForceCommand, o->adm_forced_command);
        dump_cfg_string(sChrootDirectory, o->chroot_directory);
        dump_cfg_string(sTrustedUserCAKeys, o->trusted_user_ca_keys);
-       dump_cfg_string(sRevokedKeys, o->revoked_keys_file);
+       dump_cfg_string(sRevokedKeysFile, o->revoked_keys_file);
        dump_cfg_string(sAuthorizedPrincipalsFile,
            o->authorized_principals_file);

Index: sshd_config.5
===================================================================
RCS file: /cvs/src/usr.bin/ssh/sshd_config.5,v
retrieving revision 1.122
diff -u -p -r1.122 sshd_config.5
--- sshd_config.5       7 May 2010 12:49:17 -0000       1.122
+++ sshd_config.5       10 May 2010 16:47:18 -0000
@@ -851,7 +851,7 @@ Specifies whether public key authenticat
 The default is
 .Dq yes .
 Note that this option applies to protocol version 2 only.
-.It Cm RevokedKeys
+.It Cm RevokedKeysFile
 Specifies a list of revoked public keys.
 Keys listed in this file will be refused for public key authentication.
 Note that if this file is not readable, then public key authentication will

Reply via email to