upstream: Add ssh -Q key-sig for all key and signature types.

Teach ssh -Q to accept ssh_config(5) and sshd_config(5) algorithm keywords as an alias for the corresponding query. Man page help jmc@, ok djm@. OpenBSD-Commit-ID: 1e110aee3db2fc4bc5bee2d893b7128fd622e0f8
author: dtucker@openbsd.org <dtucker@openbsd.org> 2020-02-07 03:54:44 +0000
committer: Darren Tucker <dtucker@dtucker.net> 2020-02-07 15:03:20 +1100
commit: d4d9e1d40514e2746f9e05335d646512ea1020c6 (patch)
tree: bed063bc542afb6e2972ee1476ce14a425267de6
parent: fd68dc27864b099b552a6d9d507ca4b83afd6a76 (diff)
4 files changed, 34 insertions, 17 deletions
diff --git a/ssh.1 b/ssh.1
index 971337520..60de6087a 100644
--- a/ssh.1
+++ b/ssh.1
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh.1,v 1.409 2019/12/21 20:22:34 naddy Exp $
+.\" $OpenBSD: ssh.1,v 1.410 2020/02/07 03:54:44 dtucker Exp $
-.Dd $Mdocdate: December 21 2019 $
+.Dd $Mdocdate: February 7 2020 $
 .Dt SSH 1
 .Os
 .Sh NAME
@@ -585,10 +585,18 @@ flag),
 (certificate key types),
 .Ar key-plain
 (non-certificate key types),
+.Ar key-sig
+(all key types and signature algorithms),
 .Ar protocol-version
 (supported SSH protocol versions), and
 .Ar sig
 (supported signature algorithms).
+Alternatively, any keyword from
+.Xr ssh_config 5
+or
+.Xr sshd_config 5
+that takes an algorithm list may be used as an alias for the corresponding
+query_option.
 .Pp
 .It Fl q
 Quiet mode.
diff --git a/ssh.c b/ssh.c
index 326ce21f6..15aee569e 100644
--- a/ssh.c
+++ b/ssh.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh.c,v 1.518 2020/02/06 22:30:54 naddy Exp $ */
+/* $OpenBSD: ssh.c,v 1.519 2020/02/07 03:54:44 dtucker Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -736,13 +736,16 @@ main(int ac, char **av)
                        break;
                case 'Q':
                        cp = NULL;
-                        if (strcmp(optarg, "cipher") == 0)
+                        if (strcmp(optarg, "cipher") == 0 ||
+                            strcasecmp(optarg, "Ciphers") == 0)
                                cp = cipher_alg_list('\n', 0);
                        else if (strcmp(optarg, "cipher-auth") == 0)
                                cp = cipher_alg_list('\n', 1);
-                        else if (strcmp(optarg, "mac") == 0)
+                        else if (strcmp(optarg, "mac") == 0 ||
+                            strcasecmp(optarg, "MACs") == 0)
                                cp = mac_alg_list('\n');
-                        else if (strcmp(optarg, "kex") == 0)
+                        else if (strcmp(optarg, "kex") == 0 ||
+                            strcasecmp(optarg, "KexAlgorithms") == 0)
                                cp = kex_alg_list('\n');
                        else if (strcmp(optarg, "key") == 0)
                                cp = sshkey_alg_list(0, 0, 0, '\n');
@@ -750,6 +753,12 @@ main(int ac, char **av)
                                cp = sshkey_alg_list(1, 0, 0, '\n');
                        else if (strcmp(optarg, "key-plain") == 0)
                                cp = sshkey_alg_list(0, 1, 0, '\n');
+                        else if (strcmp(optarg, "key-sig") == 0 ||
+                            strcasecmp(optarg, "PubkeyAcceptedKeyTypes") == 0 ||
+                            strcasecmp(optarg, "HostKeyAlgorithms") == 0 ||
+                            strcasecmp(optarg, "HostbasedKeyTypes") == 0 ||
+                            strcasecmp(optarg, "HostbasedAcceptedKeyTypes") == 0)
+                                cp = sshkey_alg_list(0, 0, 1, '\n');
                        else if (strcmp(optarg, "sig") == 0)
                                cp = sshkey_alg_list(0, 1, 1, '\n');
                        else if (strcmp(optarg, "protocol-version") == 0)
@@ -763,7 +772,7 @@ main(int ac, char **av)
                        } else if (strcmp(optarg, "help") == 0) {
                                cp = xstrdup(
                                    "cipher\ncipher-auth\ncompression\nkex\n"
-                                    "key\nkey-cert\nkey-plain\nmac\n"
+                                    "key\nkey-cert\nkey-plain\nkey-sig\nmac\n"
                                    "protocol-version\nsig");
                        }
                        if (cp == NULL)
diff --git a/ssh_config.5 b/ssh_config.5
index 0a6d80544..06a32d314 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh_config.5,v 1.321 2020/01/31 22:25:59 jmc Exp $
+.\" $OpenBSD: ssh_config.5,v 1.322 2020/02/07 03:54:44 dtucker Exp $
-.Dd $Mdocdate: January 31 2020 $
+.Dd $Mdocdate: February 7 2020 $
 .Dt SSH_CONFIG 5
 .Os
 .Sh NAME
@@ -868,7 +868,7 @@ If hostkeys are known for the destination host then this default is modified
 to prefer their algorithms.
 .Pp
 The list of available key types may also be obtained using
-.Qq ssh -Q key .
+.Qq ssh -Q HostKeyAlgorithms .
 .It Cm HostKeyAlias
 Specifies an alias that should be used instead of the
 real host name when looking up or saving the host key
@@ -1353,7 +1353,7 @@ rsa-sha2-512,rsa-sha2-256,ssh-rsa
 .Ed
 .Pp
 The list of available key types may also be obtained using
-.Qq ssh -Q key .
+.Qq ssh -Q PubkeyAcceptedKeyTypes .
 .It Cm PubkeyAuthentication
 Specifies whether to try public key authentication.
 The argument to this keyword must be
diff --git a/sshd_config.5 b/sshd_config.5
index 15a108676..70ccea449 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd_config.5,v 1.306 2020/02/06 22:34:58 naddy Exp $
+.\" $OpenBSD: sshd_config.5,v 1.307 2020/02/07 03:54:44 dtucker Exp $
-.Dd $Mdocdate: February 6 2020 $
+.Dd $Mdocdate: February 7 2020 $
 .Dt SSHD_CONFIG 5
 .Os
 .Sh NAME
@@ -693,7 +693,7 @@ rsa-sha2-512,rsa-sha2-256,ssh-rsa
 .Ed
 .Pp
 The list of available key types may also be obtained using
-.Qq ssh -Q key .
+.Qq ssh -Q HostbasedAcceptedKeyTypes .
 .It Cm HostbasedAuthentication
 Specifies whether rhosts or /etc/hosts.equiv authentication together
 with successful public key client host authentication is allowed
@@ -776,7 +776,7 @@ rsa-sha2-512,rsa-sha2-256,ssh-rsa
 .Ed
 .Pp
 The list of available key types may also be obtained using
-.Qq ssh -Q key .
+.Qq ssh -Q HostKeyAlgorithms .
 .It Cm IgnoreRhosts
 Specifies that
 .Pa .rhosts
@@ -949,7 +949,7 @@ diffie-hellman-group14-sha256
 .Ed
 .Pp
 The list of available key exchange algorithms may also be obtained using
-.Qq ssh -Q kex .
+.Qq ssh -Q KexAlgorithms .
 .It Cm ListenAddress
 Specifies the local addresses
 .Xr sshd 8
@@ -1461,7 +1461,7 @@ rsa-sha2-512,rsa-sha2-256,ssh-rsa
 .Ed
 .Pp
 The list of available key types may also be obtained using
-.Qq ssh -Q key .
+.Qq ssh -Q PubkeyAcceptedKeyTypes .
 .It Cm PubkeyAuthOptions
 Sets one or more public key authentication options.
 Two option keywords are currently supported:
author	dtucker@openbsd.org <dtucker@openbsd.org>	2020-02-07 03:54:44 +0000
committer	Darren Tucker <dtucker@dtucker.net>	2020-02-07 15:03:20 +1100
commit	d4d9e1d40514e2746f9e05335d646512ea1020c6 (patch)
tree	bed063bc542afb6e2972ee1476ce14a425267de6
parent	fd68dc27864b099b552a6d9d507ca4b83afd6a76 (diff)