summaryrefslogtreecommitdiff
path: root/ssh-keyscan.c
diff options
context:
space:
mode:
authordjm@openbsd.org <djm@openbsd.org>2018-02-23 05:14:05 +0000
committerDamien Miller <djm@mindrot.org>2018-02-23 17:00:52 +1100
commit1a348359e4d2876203b5255941bae348557f4f54 (patch)
tree261e9047facd8bd8213ca2c4f38389b334eb60b3 /ssh-keyscan.c
parent3e19fb976a47b44b3d7c4f8355269f7f2c5dd82c (diff)
upstream: Add ssh-keyscan -D option to make it print its results in
SSHFP format bz#2821, ok dtucker@ OpenBSD-Commit-ID: 831446b582e0f298ca15c9d99c415c899e392221
Diffstat (limited to 'ssh-keyscan.c')
-rw-r--r--ssh-keyscan.c20
1 files changed, 16 insertions, 4 deletions
diff --git a/ssh-keyscan.c b/ssh-keyscan.c
index a816a220e..15059f6fa 100644
--- a/ssh-keyscan.c
+++ b/ssh-keyscan.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-keyscan.c,v 1.116 2017/11/25 06:46:22 dtucker Exp $ */ 1/* $OpenBSD: ssh-keyscan.c,v 1.117 2018/02/23 05:14:05 djm Exp $ */
2/* 2/*
3 * Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>. 3 * Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
4 * 4 *
@@ -46,6 +46,7 @@
46#include "hostfile.h" 46#include "hostfile.h"
47#include "ssherr.h" 47#include "ssherr.h"
48#include "ssh_api.h" 48#include "ssh_api.h"
49#include "dns.h"
49 50
50/* Flag indicating whether IPv4 or IPv6. This can be set on the command line. 51/* Flag indicating whether IPv4 or IPv6. This can be set on the command line.
51 Default value is AF_UNSPEC means both IPv4 and IPv6. */ 52 Default value is AF_UNSPEC means both IPv4 and IPv6. */
@@ -66,6 +67,8 @@ int get_keytypes = KT_RSA|KT_ECDSA|KT_ED25519;
66 67
67int hash_hosts = 0; /* Hash hostname on output */ 68int hash_hosts = 0; /* Hash hostname on output */
68 69
70int print_sshfp = 0; /* Print SSHFP records instead of known_hosts */
71
69#define MAXMAXFD 256 72#define MAXMAXFD 256
70 73
71/* The number of seconds after which to give up on a TCP connection */ 74/* The number of seconds after which to give up on a TCP connection */
@@ -280,6 +283,11 @@ keyprint_one(const char *host, struct sshkey *key)
280 char *hostport; 283 char *hostport;
281 const char *known_host, *hashed; 284 const char *known_host, *hashed;
282 285
286 if (print_sshfp) {
287 export_dns_rr(host, key, stdout, 0);
288 return;
289 }
290
283 hostport = put_host_port(host, ssh_port); 291 hostport = put_host_port(host, ssh_port);
284 lowercase(hostport); 292 lowercase(hostport);
285 if (hash_hosts && (hashed = host_hash(host, NULL, 0)) == NULL) 293 if (hash_hosts && (hashed = host_hash(host, NULL, 0)) == NULL)
@@ -497,7 +505,8 @@ congreet(int s)
497 confree(s); 505 confree(s);
498 return; 506 return;
499 } 507 }
500 fprintf(stderr, "# %s:%d %s\n", c->c_name, ssh_port, chop(buf)); 508 fprintf(stderr, "%c %s:%d %s\n", print_sshfp ? ';' : '#',
509 c->c_name, ssh_port, chop(buf));
501 keygrab_ssh2(c); 510 keygrab_ssh2(c);
502 confree(s); 511 confree(s);
503} 512}
@@ -621,7 +630,7 @@ static void
621usage(void) 630usage(void)
622{ 631{
623 fprintf(stderr, 632 fprintf(stderr,
624 "usage: %s [-46cHv] [-f file] [-p port] [-T timeout] [-t type]\n" 633 "usage: %s [-46cDHv] [-f file] [-p port] [-T timeout] [-t type]\n"
625 "\t\t [host | addrlist namelist] ...\n", 634 "\t\t [host | addrlist namelist] ...\n",
626 __progname); 635 __progname);
627 exit(1); 636 exit(1);
@@ -650,7 +659,7 @@ main(int argc, char **argv)
650 if (argc <= 1) 659 if (argc <= 1)
651 usage(); 660 usage();
652 661
653 while ((opt = getopt(argc, argv, "cHv46p:T:t:f:")) != -1) { 662 while ((opt = getopt(argc, argv, "cDHv46p:T:t:f:")) != -1) {
654 switch (opt) { 663 switch (opt) {
655 case 'H': 664 case 'H':
656 hash_hosts = 1; 665 hash_hosts = 1;
@@ -658,6 +667,9 @@ main(int argc, char **argv)
658 case 'c': 667 case 'c':
659 get_cert = 1; 668 get_cert = 1;
660 break; 669 break;
670 case 'D':
671 print_sshfp = 1;
672 break;
661 case 'p': 673 case 'p':
662 ssh_port = a2port(optarg); 674 ssh_port = a2port(optarg);
663 if (ssh_port <= 0) { 675 if (ssh_port <= 0) {
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-02 13:49:01 +0000