diff options
author | Colin Watson <cjwatson@debian.org> | 2016-02-29 12:15:15 +0000 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2016-03-08 11:51:22 +0000 |
commit | 46961f5704f8e86cea3e99253faad55aef4d8f35 (patch) | |
tree | 0dd97fa4fb649a62b4639fe2674380872b1f3e98 /ssh-keyscan.c | |
parent | c753fe267efb1b027424fa8706cf0385fc3d14c1 (diff) | |
parent | 85e40e87a75fb80a0bf893ac05a417d6c353537d (diff) |
New upstream release (7.2).
Diffstat (limited to 'ssh-keyscan.c')
-rw-r--r-- | ssh-keyscan.c | 71 |
1 files changed, 57 insertions, 14 deletions
diff --git a/ssh-keyscan.c b/ssh-keyscan.c index 57d88429b..7fe61e4e1 100644 --- a/ssh-keyscan.c +++ b/ssh-keyscan.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-keyscan.c,v 1.101 2015/04/10 00:08:55 djm Exp $ */ | 1 | /* $OpenBSD: ssh-keyscan.c,v 1.105 2016/02/15 09:47:49 dtucker Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>. | 3 | * Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>. |
4 | * | 4 | * |
@@ -60,6 +60,7 @@ int ssh_port = SSH_DEFAULT_PORT; | |||
60 | #define KT_ECDSA 8 | 60 | #define KT_ECDSA 8 |
61 | #define KT_ED25519 16 | 61 | #define KT_ED25519 16 |
62 | 62 | ||
63 | int get_cert = 0; | ||
63 | int get_keytypes = KT_RSA|KT_ECDSA|KT_ED25519; | 64 | int get_keytypes = KT_RSA|KT_ECDSA|KT_ED25519; |
64 | 65 | ||
65 | int hash_hosts = 0; /* Hash hostname on output */ | 66 | int hash_hosts = 0; /* Hash hostname on output */ |
@@ -267,11 +268,32 @@ keygrab_ssh2(con *c) | |||
267 | int r; | 268 | int r; |
268 | 269 | ||
269 | enable_compat20(); | 270 | enable_compat20(); |
270 | myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = | 271 | switch (c->c_keytype) { |
271 | c->c_keytype == KT_DSA ? "ssh-dss" : | 272 | case KT_DSA: |
272 | (c->c_keytype == KT_RSA ? "ssh-rsa" : | 273 | myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = get_cert ? |
273 | (c->c_keytype == KT_ED25519 ? "ssh-ed25519" : | 274 | "ssh-dss-cert-v01@openssh.com" : "ssh-dss"; |
274 | "ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521")); | 275 | break; |
276 | case KT_RSA: | ||
277 | myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = get_cert ? | ||
278 | "ssh-rsa-cert-v01@openssh.com" : "ssh-rsa"; | ||
279 | break; | ||
280 | case KT_ED25519: | ||
281 | myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = get_cert ? | ||
282 | "ssh-ed25519-cert-v01@openssh.com" : "ssh-ed25519"; | ||
283 | break; | ||
284 | case KT_ECDSA: | ||
285 | myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = get_cert ? | ||
286 | "ecdsa-sha2-nistp256-cert-v01@openssh.com," | ||
287 | "ecdsa-sha2-nistp384-cert-v01@openssh.com," | ||
288 | "ecdsa-sha2-nistp521-cert-v01@openssh.com" : | ||
289 | "ecdsa-sha2-nistp256," | ||
290 | "ecdsa-sha2-nistp384," | ||
291 | "ecdsa-sha2-nistp521"; | ||
292 | break; | ||
293 | default: | ||
294 | fatal("unknown key type %d", c->c_keytype); | ||
295 | break; | ||
296 | } | ||
275 | if ((r = kex_setup(c->c_ssh, myproposal)) != 0) { | 297 | if ((r = kex_setup(c->c_ssh, myproposal)) != 0) { |
276 | free(c->c_ssh); | 298 | free(c->c_ssh); |
277 | fprintf(stderr, "kex_setup: %s\n", ssh_err(r)); | 299 | fprintf(stderr, "kex_setup: %s\n", ssh_err(r)); |
@@ -296,23 +318,39 @@ keygrab_ssh2(con *c) | |||
296 | } | 318 | } |
297 | 319 | ||
298 | static void | 320 | static void |
299 | keyprint(con *c, struct sshkey *key) | 321 | keyprint_one(char *host, struct sshkey *key) |
300 | { | 322 | { |
301 | char *host = c->c_output_name ? c->c_output_name : c->c_name; | 323 | char *hostport; |
302 | char *hostport = NULL; | ||
303 | 324 | ||
304 | if (!key) | ||
305 | return; | ||
306 | if (hash_hosts && (host = host_hash(host, NULL, 0)) == NULL) | 325 | if (hash_hosts && (host = host_hash(host, NULL, 0)) == NULL) |
307 | fatal("host_hash failed"); | 326 | fatal("host_hash failed"); |
308 | 327 | ||
309 | hostport = put_host_port(host, ssh_port); | 328 | hostport = put_host_port(host, ssh_port); |
310 | fprintf(stdout, "%s ", hostport); | 329 | if (!get_cert) |
330 | fprintf(stdout, "%s ", hostport); | ||
311 | sshkey_write(key, stdout); | 331 | sshkey_write(key, stdout); |
312 | fputs("\n", stdout); | 332 | fputs("\n", stdout); |
313 | free(hostport); | 333 | free(hostport); |
314 | } | 334 | } |
315 | 335 | ||
336 | static void | ||
337 | keyprint(con *c, struct sshkey *key) | ||
338 | { | ||
339 | char *hosts = c->c_output_name ? c->c_output_name : c->c_name; | ||
340 | char *host, *ohosts; | ||
341 | |||
342 | if (key == NULL) | ||
343 | return; | ||
344 | if (get_cert || (!hash_hosts && ssh_port == SSH_DEFAULT_PORT)) { | ||
345 | keyprint_one(hosts, key); | ||
346 | return; | ||
347 | } | ||
348 | ohosts = hosts = xstrdup(hosts); | ||
349 | while ((host = strsep(&hosts, ",")) != NULL) | ||
350 | keyprint_one(host, key); | ||
351 | free(ohosts); | ||
352 | } | ||
353 | |||
316 | static int | 354 | static int |
317 | tcpconnect(char *host) | 355 | tcpconnect(char *host) |
318 | { | 356 | { |
@@ -369,6 +407,7 @@ conalloc(char *iname, char *oname, int keytype) | |||
369 | if (fdcon[s].c_status) | 407 | if (fdcon[s].c_status) |
370 | fatal("conalloc: attempt to reuse fdno %d", s); | 408 | fatal("conalloc: attempt to reuse fdno %d", s); |
371 | 409 | ||
410 | debug3("%s: oname %s kt %d", __func__, oname, keytype); | ||
372 | fdcon[s].c_fd = s; | 411 | fdcon[s].c_fd = s; |
373 | fdcon[s].c_status = CS_CON; | 412 | fdcon[s].c_status = CS_CON; |
374 | fdcon[s].c_namebase = namebase; | 413 | fdcon[s].c_namebase = namebase; |
@@ -639,7 +678,7 @@ static void | |||
639 | usage(void) | 678 | usage(void) |
640 | { | 679 | { |
641 | fprintf(stderr, | 680 | fprintf(stderr, |
642 | "usage: %s [-46Hv] [-f file] [-p port] [-T timeout] [-t type]\n" | 681 | "usage: %s [-46cHv] [-f file] [-p port] [-T timeout] [-t type]\n" |
643 | "\t\t [host | addrlist namelist] ...\n", | 682 | "\t\t [host | addrlist namelist] ...\n", |
644 | __progname); | 683 | __progname); |
645 | exit(1); | 684 | exit(1); |
@@ -657,6 +696,7 @@ main(int argc, char **argv) | |||
657 | extern int optind; | 696 | extern int optind; |
658 | extern char *optarg; | 697 | extern char *optarg; |
659 | 698 | ||
699 | ssh_malloc_init(); /* must be called before any mallocs */ | ||
660 | __progname = ssh_get_progname(argv[0]); | 700 | __progname = ssh_get_progname(argv[0]); |
661 | seed_rng(); | 701 | seed_rng(); |
662 | TAILQ_INIT(&tq); | 702 | TAILQ_INIT(&tq); |
@@ -667,11 +707,14 @@ main(int argc, char **argv) | |||
667 | if (argc <= 1) | 707 | if (argc <= 1) |
668 | usage(); | 708 | usage(); |
669 | 709 | ||
670 | while ((opt = getopt(argc, argv, "Hv46p:T:t:f:")) != -1) { | 710 | while ((opt = getopt(argc, argv, "cHv46p:T:t:f:")) != -1) { |
671 | switch (opt) { | 711 | switch (opt) { |
672 | case 'H': | 712 | case 'H': |
673 | hash_hosts = 1; | 713 | hash_hosts = 1; |
674 | break; | 714 | break; |
715 | case 'c': | ||
716 | get_cert = 1; | ||
717 | break; | ||
675 | case 'p': | 718 | case 'p': |
676 | ssh_port = a2port(optarg); | 719 | ssh_port = a2port(optarg); |
677 | if (ssh_port <= 0) { | 720 | if (ssh_port <= 0) { |