Attachment #2998 for bug #2728

Lines 809-815 The list of available key types may also be obtained using Link Here

(-)a/ssh_config.5 (-1 / +1 lines)
809	.It Cm HostKeyAlias	809	.It Cm HostKeyAlias
810	Specifies an alias that should be used instead of the	810	Specifies an alias that should be used instead of the
811	real host name when looking up or saving the host key	811	real host name when looking up or saving the host key
812	in the host key database files.	812	in the host key database files and when validating host certificates.
813	This option is useful for tunneling SSH connections	813	This option is useful for tunneling SSH connections
814	or for multiple servers running on a single host.	814	or for multiple servers running on a single host.
815	.It Cm HostName	815	.It Cm HostName

Lines 837-843 check_host_key(char hostname, struct sockaddr hostaddr, u_short port, Link Here

(-)a/sshconnect.c (-1 / +3 lines)
837	host, type, want_cert ? "certificate" : "key");	837	host, type, want_cert ? "certificate" : "key");
838	debug("Found %s in %s:%lu", want_cert ? "CA key" : "key",	838	debug("Found %s in %s:%lu", want_cert ? "CA key" : "key",
839	host_found->file, host_found->line);	839	host_found->file, host_found->line);
840	if (want_cert && !check_host_cert(hostname, host_key))	840	if (want_cert &&
		841	!check_host_cert(options.host_key_alias == NULL ?
		842	hostname : options.host_key_alias, host_key))
841	goto fail;	843	goto fail;
842	if (options.check_host_ip && ip_status == HOST_NEW) {	844	if (options.check_host_ip && ip_status == HOST_NEW) {
843	if (readonly \|\| want_cert)	845	if (readonly \|\| want_cert)




and
.Ql \&?
act as
wildcards); each pattern in turn is matched against the host name.
When
.Nm sshd
is authenticating a client, such as when using
.Cm HostbasedAuthentication ,
this will be the canonical client host name.
When
.Xr ssh 1
is authenticating a server, this will be the either the host name
given by the user, the value of the
.Xr ssh 1
.Cm HostkeyAlias
if it was specified, or the canonical server hostname if the
.Xr ssh 1
.Cm CanonicalizeHostname
option was used.
.Pp
A pattern may also be preceded by
.Ql \&!
to indicate negation: if the host name matches a negated

Return to bug 2728

Lines 625-633 Hostnames is a comma-separated list of patterns Link Here

(-)a/sshd.8 (-3 / +17 lines)
625	and	625	and
626	.Ql \&?	626	.Ql \&?
627	act as	627	act as
628	wildcards); each pattern in turn is matched against the canonical host	628	wildcards); each pattern in turn is matched against the host name.
629	name (when authenticating a client) or against the user-supplied	629	When
630	name (when authenticating a server).	630	.Nm sshd
		631	is authenticating a client, such as when using
		632	.Cm HostbasedAuthentication ,
		633	this will be the canonical client host name.
		634	When
		635	.Xr ssh 1
		636	is authenticating a server, this will be the either the host name
		637	given by the user, the value of the
		638	.Xr ssh 1
		639	.Cm HostkeyAlias
		640	if it was specified, or the canonical server hostname if the
		641	.Xr ssh 1
		642	.Cm CanonicalizeHostname
		643	option was used.
		644	.Pp
631	A pattern may also be preceded by	645	A pattern may also be preceded by
632	.Ql \&!	646	.Ql \&!
633	to indicate negation: if the host name matches a negated	647	to indicate negation: if the host name matches a negated