strncpy(cfg->username, value, sizeof(cfg->username));
cfg->username[sizeof(cfg->username) - 1] = '\0';
}
+ if (!strcmp(p, "-loghost")) {
+ RETURN(2);
+ UNAVAILABLE_IN(TOOLTYPE_NONNETWORK);
+ SAVEABLE(0);
+ strncpy(cfg->loghost, value, sizeof(cfg->loghost));
+ cfg->loghost[sizeof(cfg->loghost) - 1] = '\0';
+ }
if ((!strcmp(p, "-L") || !strcmp(p, "-R") || !strcmp(p, "-D"))) {
char *fwd, *ptr, *q, *qq;
int dynamic, i=0;
"IPv6", '6', I(ADDRTYPE_IPV6),
NULL);
#endif
+
+ s = ctrl_getset(b, "Connection", "identity",
+ "Logical name of remote host");
+ ctrl_editbox(s, "Logical name of remote host (e.g. for SSH key lookup):",
+ 'm', 100,
+ HELPCTX(connection_loghost),
+ dlg_stdeditbox_handler, I(offsetof(Config,loghost)),
+ I(sizeof(((Config *)0)->loghost)));
}
/*
If you need to force PuTTY to use a particular protocol, you can
explicitly set this to \q{IPv4} or \q{IPv6}.
+\S{config-loghost} \I{logical host name}\q{Logical name of remote host}
+
+\cfg{winhelp-topic}{connection.loghost}
+
+This allows you to tell PuTTY that the host it will really end up
+connecting to is different from where it thinks it is making a
+network connection.
+
+You might use this, for instance, if you had set up an SSH port
+forwarding in one PuTTY session so that connections to some
+arbitrary port (say, \cw{localhost} port 10022) were forwarded to a
+second machine's SSH port (say, \cw{foovax} port 22), and then
+started a second PuTTY connecting to the forwarded port.
+
+In normal usage, the second PuTTY will access the host key cache
+under the host name and port it actually connected to (i.e.
+\cw{localhost} port 10022 in this example). Using the logical host
+name option, however, you can configure the second PuTTY to cache
+the host key under the name of the host \e{you} know that it's
+\e{really} going to end up talking to (here \c{foovax}).
+
+This can be useful if you expect to connect to the same actual
+server through many different channels (perhaps because your port
+forwarding arrangements keep changing): by consistently setting the
+logical host name, you can arrange that PuTTY will not keep asking
+you to reconfirm its host key. Conversely, if you expect to use the
+same local port number for port forwardings to lots of different
+servers, you probably didn't want any particular server's host key
+cached under that local port number.
+
+If you just enter a host name for this option, PuTTY will cache the
+SSH host key under the default SSH port for that host, irrespective
+of the port you really connected to (since the typical scenario is
+like the above example: you connect to a silly real port number and
+your connection ends up forwarded to the normal port-22 SSH server
+of some other machine). To override this, you can append a port
+number to the logical host name, separated by a colon. E.g. entering
+\cq{foovax:2200} as the logical host name will cause the host key to
+be cached as if you had connected to port 2200 of \c{foovax}.
+
+If you provide a host name using this option, it is also displayed
+in other locations which contain the remote host name, such as the
+default window title and the default SSH password prompt. This
+reflects the fact that this is the host you're \e{really} connecting
+to, which is more important than the mere means you happen to be
+using to contact that host. (This applies even if you're using a
+protocol other than SSH.)
+
\H{config-data} The Data panel
The Data panel allows you to configure various pieces of data which
such as \q{Local ports accept connections from other hosts} only take
effect on new forwardings.
+If the connection you are forwarding over SSH is itself a second SSH
+connection made by another copy of PuTTY, you might find the
+\q{logical host name} configuration option useful to warn PuTTY of
+which host key it should be expecting. See \k{config-loghost} for
+details of this.
+
\S{config-ssh-portfwd-localhost} Controlling the visibility of
forwarded ports
\IM{PGP signatures} PGP signatures, of PuTTY binaries
\IM{PGP signatures} signatures, of PuTTY binaries
+
+\IM{logical host name} logical host name
+\IM{logical host name} host name, logical
+\IM{logical host name} host key, caching policy
For more options relating to port forwarding, see
\k{config-ssh-portfwd}.
+If the connection you are forwarding over SSH is itself a second SSH
+connection made by another copy of PuTTY, you might find the
+\q{logical host name} configuration option useful to warn PuTTY of
+which host key it should be expecting. See \k{config-loghost} for
+details of this.
+
\H{using-rawprot} Making \i{raw TCP connections}
A lot of \I{debugging Internet protocols}Internet protocols are
authentication} box in the Auth panel of the PuTTY configuration box
(see \k{config-ssh-privkey}).
+\S2{using-cmdline-loghost} \i\c{-loghost}: specify a \i{logical host
+name}
+
+This option overrides PuTTY's normal SSH host key caching policy by
+telling it the name of the host you expect your connection to end up
+at (in cases where this differs from the location PuTTY thinks it's
+connecting to). It can be a plain host name, or a host name followed
+by a colon and a port number. See \k{config-loghost} for more detail
+on this.
+
\S2{using-cmdline-pgpfp} \i\c{-pgpfp}: display \i{PGP key fingerprint}s
This option causes the PuTTY tools not to run as normal, but instead
int ping_interval; /* in seconds */
int tcp_nodelay;
int tcp_keepalives;
+ char loghost[512]; /* logical host being contacted, for host key check */
/* Proxy options */
char proxy_exclude_list[512];
int proxy_dns;
if ((err = sk_socket_error(raw->s)) != NULL)
return err;
+ if (*cfg->loghost) {
+ char *colon;
+
+ sfree(*realhost);
+ *realhost = dupstr(cfg->loghost);
+ colon = strrchr(*realhost, ':');
+ if (colon) {
+ /*
+ * FIXME: if we ever update this aspect of ssh.c for
+ * IPv6 literal management, this should change in line
+ * with it.
+ */
+ *colon++ = '\0';
+ }
+ }
+
return NULL;
}
rlogin->bufsize = sk_write(rlogin->s, &z, 1);
}
+ if (*cfg->loghost) {
+ char *colon;
+
+ sfree(*realhost);
+ *realhost = dupstr(cfg->loghost);
+ colon = strrchr(*realhost, ':');
+ if (colon) {
+ /*
+ * FIXME: if we ever update this aspect of ssh.c for
+ * IPv6 literal management, this should change in line
+ * with it.
+ */
+ *colon++ = '\0';
+ }
+ }
+
return NULL;
}
write_setting_i(sesskey, "AuthKI", cfg->try_ki_auth);
write_setting_i(sesskey, "SshNoShell", cfg->ssh_no_shell);
write_setting_i(sesskey, "SshProt", cfg->sshprot);
+ write_setting_s(sesskey, "LogHost", cfg->loghost);
write_setting_i(sesskey, "SSH2DES", cfg->ssh2_des_cbc);
write_setting_filename(sesskey, "PublicKeyFile", cfg->keyfile);
write_setting_s(sesskey, "RemoteCommand", cfg->remote_cmd);
gpps(sesskey, "RekeyBytes", "1G", cfg->ssh_rekey_data,
sizeof(cfg->ssh_rekey_data));
gppi(sesskey, "SshProt", 2, &cfg->sshprot);
+ gpps(sesskey, "LogHost", "", cfg->loghost, sizeof(cfg->loghost));
gppi(sesskey, "SSH2DES", 0, &cfg->ssh2_des_cbc);
gppi(sesskey, "SshNoAuth", 0, &cfg->ssh_no_userauth);
gppi(sesskey, "AuthTIS", 0, &cfg->try_tis_auth);
SockAddr addr;
const char *err;
- ssh->savedhost = snewn(1 + strlen(host), char);
- strcpy(ssh->savedhost, host);
+ if (*ssh->cfg.loghost) {
+ char *colon;
- if (port < 0)
- port = 22; /* default ssh port */
- ssh->savedport = port;
+ ssh->savedhost = dupstr(ssh->cfg.loghost);
+ ssh->savedport = 22; /* default ssh port */
+
+ /*
+ * A colon suffix on savedhost also lets us affect
+ * savedport.
+ *
+ * (FIXME: do something about IPv6 address literals here.)
+ */
+ colon = strrchr(ssh->savedhost, ':');
+ if (colon) {
+ *colon++ = '\0';
+ if (*colon)
+ ssh->savedport = atoi(colon);
+ }
+ } else {
+ ssh->savedhost = dupstr(host);
+ if (port < 0)
+ port = 22; /* default ssh port */
+ ssh->savedport = port;
+ }
/*
* Try to find host.
ssh_send_verstring(ssh, NULL);
}
+ /*
+ * loghost, if configured, overrides realhost.
+ */
+ if (*ssh->cfg.loghost) {
+ sfree(*realhost);
+ *realhost = dupstr(ssh->cfg.loghost);
+ }
+
return NULL;
}
*/
update_specials_menu(telnet->frontend);
+ /*
+ * loghost overrides realhost, if specified.
+ */
+ if (*telnet->cfg.loghost) {
+ char *colon;
+
+ sfree(*realhost);
+ *realhost = dupstr(telnet->cfg.loghost);
+ colon = strrchr(*realhost, ':');
+ if (colon) {
+ /*
+ * FIXME: if we ever update this aspect of ssh.c for
+ * IPv6 literal management, this should change in line
+ * with it.
+ */
+ *colon++ = '\0';
+ }
+ }
+
return NULL;
}
#define WINHELP_CTX_connection_nodelay "connection.nodelay:config-nodelay"
#define WINHELP_CTX_connection_ipversion "connection.ipversion:config-address-family"
#define WINHELP_CTX_connection_tcpkeepalive "connection.tcpkeepalive:config-tcp-keepalives"
+#define WINHELP_CTX_connection_loghost "connection.loghost:config-loghost"
#define WINHELP_CTX_proxy_type "proxy.type:config-proxy-type"
#define WINHELP_CTX_proxy_main "proxy.main:config-proxy"
#define WINHELP_CTX_proxy_exclude "proxy.exclude:config-proxy-exclude"