diff options
author | Damien Miller <djm@mindrot.org> | 2013-12-07 11:24:01 +1100 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2013-12-07 11:24:01 +1100 |
commit | 5be9d9e3cbd9c66f24745d25bf2e809c1d158ee0 (patch) | |
tree | d2086d37436014ea44f0f024396a1a8638640b00 /ssh-keyscan.c | |
parent | bcd00abd8451f36142ae2ee10cc657202149201e (diff) |
- markus@cvs.openbsd.org 2013/12/06 13:39:49
[authfd.c authfile.c key.c key.h myproposal.h pathnames.h readconf.c]
[servconf.c ssh-agent.c ssh-keygen.c ssh-keyscan.1 ssh-keyscan.c]
[ssh-keysign.c ssh.c ssh_config.5 sshd.8 sshd.c verify.c ssh-ed25519.c]
[sc25519.h sc25519.c hash.c ge25519_base.data ge25519.h ge25519.c]
[fe25519.h fe25519.c ed25519.c crypto_api.h blocks.c]
support ed25519 keys (hostkeys and user identities) using the public
domain ed25519 reference code from SUPERCOP, see
http://ed25519.cr.yp.to/software.html
feedback, help & ok djm@
Diffstat (limited to 'ssh-keyscan.c')
-rw-r--r-- | ssh-keyscan.c | 16 |
1 files changed, 11 insertions, 5 deletions
diff --git a/ssh-keyscan.c b/ssh-keyscan.c index c5f658d77..8d0a6b8d8 100644 --- a/ssh-keyscan.c +++ b/ssh-keyscan.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-keyscan.c,v 1.88 2013/11/02 21:59:15 markus Exp $ */ | 1 | /* $OpenBSD: ssh-keyscan.c,v 1.89 2013/12/06 13:39:49 markus Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>. | 3 | * Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>. |
4 | * | 4 | * |
@@ -56,6 +56,7 @@ int ssh_port = SSH_DEFAULT_PORT; | |||
56 | #define KT_DSA 2 | 56 | #define KT_DSA 2 |
57 | #define KT_RSA 4 | 57 | #define KT_RSA 4 |
58 | #define KT_ECDSA 8 | 58 | #define KT_ECDSA 8 |
59 | #define KT_ED25519 16 | ||
59 | 60 | ||
60 | int get_keytypes = KT_RSA|KT_ECDSA;/* Get RSA and ECDSA keys by default */ | 61 | int get_keytypes = KT_RSA|KT_ECDSA;/* Get RSA and ECDSA keys by default */ |
61 | 62 | ||
@@ -245,9 +246,11 @@ keygrab_ssh2(con *c) | |||
245 | 246 | ||
246 | packet_set_connection(c->c_fd, c->c_fd); | 247 | packet_set_connection(c->c_fd, c->c_fd); |
247 | enable_compat20(); | 248 | enable_compat20(); |
248 | myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = c->c_keytype == KT_DSA? | 249 | myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = |
249 | "ssh-dss" : (c->c_keytype == KT_RSA ? "ssh-rsa" : | 250 | c->c_keytype == KT_DSA ? "ssh-dss" : |
250 | "ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521"); | 251 | (c->c_keytype == KT_RSA ? "ssh-rsa" : |
252 | (c->c_keytype == KT_ED25519 ? "ssh-ed25519" : | ||
253 | "ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521")); | ||
251 | c->c_kex = kex_setup(myproposal); | 254 | c->c_kex = kex_setup(myproposal); |
252 | c->c_kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client; | 255 | c->c_kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client; |
253 | c->c_kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client; | 256 | c->c_kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client; |
@@ -575,7 +578,7 @@ do_host(char *host) | |||
575 | 578 | ||
576 | if (name == NULL) | 579 | if (name == NULL) |
577 | return; | 580 | return; |
578 | for (j = KT_RSA1; j <= KT_ECDSA; j *= 2) { | 581 | for (j = KT_RSA1; j <= KT_ED25519; j *= 2) { |
579 | if (get_keytypes & j) { | 582 | if (get_keytypes & j) { |
580 | while (ncon >= MAXCON) | 583 | while (ncon >= MAXCON) |
581 | conloop(); | 584 | conloop(); |
@@ -682,6 +685,9 @@ main(int argc, char **argv) | |||
682 | case KEY_RSA: | 685 | case KEY_RSA: |
683 | get_keytypes |= KT_RSA; | 686 | get_keytypes |= KT_RSA; |
684 | break; | 687 | break; |
688 | case KEY_ED25519: | ||
689 | get_keytypes |= KT_ED25519; | ||
690 | break; | ||
685 | case KEY_UNSPEC: | 691 | case KEY_UNSPEC: |
686 | fatal("unknown key type %s", tname); | 692 | fatal("unknown key type %s", tname); |
687 | } | 693 | } |