diff options
author | djm@openbsd.org <djm@openbsd.org> | 2019-12-15 19:47:10 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2019-12-16 14:19:41 +1100 |
commit | 9b6e30b96b094ad787511a5b989253e3b8fe1789 (patch) | |
tree | d26182a6a5747e9c70510b23a05e9097971ce80c | |
parent | 56584cce75f3d20aaa30befc7cbd331d922927f3 (diff) |
upstream: allow ssh-keyscan to find security key hostkeys
OpenBSD-Commit-ID: 1fe822a7f714df19a7e7184e3a3bbfbf546811d3
-rw-r--r-- | ssh-keyscan.c | 24 |
1 files changed, 21 insertions, 3 deletions
diff --git a/ssh-keyscan.c b/ssh-keyscan.c index 5de0508d0..a5e644076 100644 --- a/ssh-keyscan.c +++ b/ssh-keyscan.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-keyscan.c,v 1.130 2019/09/06 05:23:55 djm Exp $ */ | 1 | /* $OpenBSD: ssh-keyscan.c,v 1.131 2019/12/15 19:47:10 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>. | 3 | * Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>. |
4 | * | 4 | * |
@@ -61,12 +61,14 @@ int ssh_port = SSH_DEFAULT_PORT; | |||
61 | #define KT_ECDSA (1<<2) | 61 | #define KT_ECDSA (1<<2) |
62 | #define KT_ED25519 (1<<3) | 62 | #define KT_ED25519 (1<<3) |
63 | #define KT_XMSS (1<<4) | 63 | #define KT_XMSS (1<<4) |
64 | #define KT_ECDSA_SK (1<<5) | ||
65 | #define KT_ED25519_SK (1<<6) | ||
64 | 66 | ||
65 | #define KT_MIN KT_DSA | 67 | #define KT_MIN KT_DSA |
66 | #define KT_MAX KT_XMSS | 68 | #define KT_MAX KT_ED25519_SK |
67 | 69 | ||
68 | int get_cert = 0; | 70 | int get_cert = 0; |
69 | int get_keytypes = KT_RSA|KT_ECDSA|KT_ED25519; | 71 | int get_keytypes = KT_RSA|KT_ECDSA|KT_ED25519|KT_ECDSA_SK|KT_ED25519_SK; |
70 | 72 | ||
71 | int hash_hosts = 0; /* Hash hostname on output */ | 73 | int hash_hosts = 0; /* Hash hostname on output */ |
72 | 74 | ||
@@ -259,6 +261,16 @@ keygrab_ssh2(con *c) | |||
259 | "ecdsa-sha2-nistp384," | 261 | "ecdsa-sha2-nistp384," |
260 | "ecdsa-sha2-nistp521"; | 262 | "ecdsa-sha2-nistp521"; |
261 | break; | 263 | break; |
264 | case KT_ECDSA_SK: | ||
265 | myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = get_cert ? | ||
266 | "sk-ecdsa-sha2-nistp256-cert-v01@openssh.com" : | ||
267 | "sk-ecdsa-sha2-nistp256@openssh.com"; | ||
268 | break; | ||
269 | case KT_ED25519_SK: | ||
270 | myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = get_cert ? | ||
271 | "sk-ssh-ed25519-cert-v01@openssh.com" : | ||
272 | "sk-ssh-ed25519@openssh.com"; | ||
273 | break; | ||
262 | default: | 274 | default: |
263 | fatal("unknown key type %d", c->c_keytype); | 275 | fatal("unknown key type %d", c->c_keytype); |
264 | break; | 276 | break; |
@@ -735,6 +747,12 @@ main(int argc, char **argv) | |||
735 | case KEY_XMSS: | 747 | case KEY_XMSS: |
736 | get_keytypes |= KT_XMSS; | 748 | get_keytypes |= KT_XMSS; |
737 | break; | 749 | break; |
750 | case KEY_ED25519_SK: | ||
751 | get_keytypes |= KT_ED25519_SK; | ||
752 | break; | ||
753 | case KEY_ECDSA_SK: | ||
754 | get_keytypes |= KT_ECDSA_SK; | ||
755 | break; | ||
738 | case KEY_UNSPEC: | 756 | case KEY_UNSPEC: |
739 | default: | 757 | default: |
740 | fatal("Unknown key type \"%s\"", tname); | 758 | fatal("Unknown key type \"%s\"", tname); |