no thanks. Or do you propose changing HostKey too?
On Mon, 10 May 2010, Lars Nooden wrote:
> The sshd_config directive 'RevokeKeys' is like 'AuthorizedKeysFile' in that
> both point to files.
>
> Index: servconf.c
> ===================================================================
> RCS file: /cvs/src/usr.bin/ssh/servconf.c,v
> retrieving revision 1.208
> diff -u -p -r1.208 servconf.c
> --- servconf.c 7 May 2010 11:30:29 -0000 1.208
> +++ servconf.c 10 May 2010 16:47:18 -0000
> @@ -286,7 +286,7 @@ typedef enum {
> sMatch, sPermitOpen, sForceCommand, sChrootDirectory,
> sUsePrivilegeSeparation, sAllowAgentForwarding,
> sZeroKnowledgePasswordAuthentication, sHostCertificate,
> - sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile,
> + sRevokedKeysFile, sTrustedUserCAKeys, sAuthorizedPrincipalsFile,
> sDeprecated, sUnsupported
> } ServerOpCodes;
>
> @@ -394,7 +394,8 @@ static struct {
> { "forcecommand", sForceCommand, SSHCFG_ALL },
> { "chrootdirectory", sChrootDirectory, SSHCFG_ALL },
> { "hostcertificate", sHostCertificate, SSHCFG_GLOBAL },
> - { "revokedkeys", sRevokedKeys, SSHCFG_ALL },
> + { "revokedkeysfile", sRevokedKeysFile, SSHCFG_ALL },
> + { "revokedkeys", sRevokedKeysFile, SSHCFG_ALL }, /* obsolete alias */
> { "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL },
> { "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_GLOBAL
> },
> { NULL, sBadOption, 0 }
> @@ -1304,7 +1305,7 @@ process_server_config_line(ServerOptions
> charptr = &options->trusted_user_ca_keys;
> goto parse_filename;
>
> - case sRevokedKeys:
> + case sRevokedKeysFile:
> charptr = &options->revoked_keys_file;
> goto parse_filename;
>
> @@ -1639,7 +1640,7 @@ dump_config(ServerOptions *o)
> dump_cfg_string(sForceCommand, o->adm_forced_command);
> dump_cfg_string(sChrootDirectory, o->chroot_directory);
> dump_cfg_string(sTrustedUserCAKeys, o->trusted_user_ca_keys);
> - dump_cfg_string(sRevokedKeys, o->revoked_keys_file);
> + dump_cfg_string(sRevokedKeysFile, o->revoked_keys_file);
> dump_cfg_string(sAuthorizedPrincipalsFile,
> o->authorized_principals_file);
>
> Index: sshd_config.5
> ===================================================================
> RCS file: /cvs/src/usr.bin/ssh/sshd_config.5,v
> retrieving revision 1.122
> diff -u -p -r1.122 sshd_config.5
> --- sshd_config.5 7 May 2010 12:49:17 -0000 1.122
> +++ sshd_config.5 10 May 2010 16:47:18 -0000
> @@ -851,7 +851,7 @@ Specifies whether public key authenticat
> The default is
> .Dq yes .
> Note that this option applies to protocol version 2 only.
> -.It Cm RevokedKeys
> +.It Cm RevokedKeysFile
> Specifies a list of revoked public keys.
> Keys listed in this file will be refused for public key authentication.
> Note that if this file is not readable, then public key authentication will
