diff options
-rw-r--r-- | ChangeLog | 5 | ||||
-rw-r--r-- | ssh-keyscan.1 | 12 | ||||
-rw-r--r-- | ssh-keyscan.c | 18 |
3 files changed, 28 insertions, 7 deletions
@@ -33,6 +33,9 @@ | |||
33 | add support for hashing host names and addresses added to known_hosts | 33 | add support for hashing host names and addresses added to known_hosts |
34 | files, to improve privacy of which hosts user have been visiting; ok | 34 | files, to improve privacy of which hosts user have been visiting; ok |
35 | markus@ deraadt@ | 35 | markus@ deraadt@ |
36 | - djm@cvs.openbsd.org 2005/03/01 10:41:28 | ||
37 | [ssh-keyscan.1 ssh-keyscan.c] | ||
38 | option to hash hostnames output by ssh-keyscan; ok markus@ deraadt@ | ||
36 | 39 | ||
37 | 20050226 | 40 | 20050226 |
38 | - (dtucker) [openbsd-compat/bsd-openpty.c openbsd-compat/inet_ntop.c] | 41 | - (dtucker) [openbsd-compat/bsd-openpty.c openbsd-compat/inet_ntop.c] |
@@ -2209,4 +2212,4 @@ | |||
2209 | - (djm) Trim deprecated options from INSTALL. Mention UsePAM | 2212 | - (djm) Trim deprecated options from INSTALL. Mention UsePAM |
2210 | - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu | 2213 | - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu |
2211 | 2214 | ||
2212 | $Id: ChangeLog,v 1.3673 2005/03/01 10:47:37 djm Exp $ | 2215 | $Id: ChangeLog,v 1.3674 2005/03/01 10:48:03 djm Exp $ |
diff --git a/ssh-keyscan.1 b/ssh-keyscan.1 index 9efcf5213..63427e727 100644 --- a/ssh-keyscan.1 +++ b/ssh-keyscan.1 | |||
@@ -1,4 +1,4 @@ | |||
1 | .\" $OpenBSD: ssh-keyscan.1,v 1.18 2004/07/12 23:34:25 brad Exp $ | 1 | .\" $OpenBSD: ssh-keyscan.1,v 1.19 2005/03/01 10:41:28 djm Exp $ |
2 | .\" | 2 | .\" |
3 | .\" Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>. | 3 | .\" Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>. |
4 | .\" | 4 | .\" |
@@ -15,7 +15,7 @@ | |||
15 | .Sh SYNOPSIS | 15 | .Sh SYNOPSIS |
16 | .Nm ssh-keyscan | 16 | .Nm ssh-keyscan |
17 | .Bk -words | 17 | .Bk -words |
18 | .Op Fl v46 | 18 | .Op Fl Hv46 |
19 | .Op Fl p Ar port | 19 | .Op Fl p Ar port |
20 | .Op Fl T Ar timeout | 20 | .Op Fl T Ar timeout |
21 | .Op Fl t Ar type | 21 | .Op Fl t Ar type |
@@ -46,6 +46,14 @@ scanning process involve any encryption. | |||
46 | .Pp | 46 | .Pp |
47 | The options are as follows: | 47 | The options are as follows: |
48 | .Bl -tag -width Ds | 48 | .Bl -tag -width Ds |
49 | .It Fl H | ||
50 | Hash all hostnames and addresses in the output. | ||
51 | Hashed names may be used normally by | ||
52 | .Nm ssh | ||
53 | and | ||
54 | .Nm sshd , | ||
55 | but they do not reveal identifying information should the file's contents | ||
56 | be disclosed. | ||
49 | .It Fl p Ar port | 57 | .It Fl p Ar port |
50 | Port to connect to on the remote host. | 58 | Port to connect to on the remote host. |
51 | .It Fl T Ar timeout | 59 | .It Fl T Ar timeout |
diff --git a/ssh-keyscan.c b/ssh-keyscan.c index 3cb52ac2e..e94867004 100644 --- a/ssh-keyscan.c +++ b/ssh-keyscan.c | |||
@@ -7,7 +7,7 @@ | |||
7 | */ | 7 | */ |
8 | 8 | ||
9 | #include "includes.h" | 9 | #include "includes.h" |
10 | RCSID("$OpenBSD: ssh-keyscan.c,v 1.50 2004/08/11 21:44:32 avsm Exp $"); | 10 | RCSID("$OpenBSD: ssh-keyscan.c,v 1.51 2005/03/01 10:41:28 djm Exp $"); |
11 | 11 | ||
12 | #include "openbsd-compat/sys-queue.h" | 12 | #include "openbsd-compat/sys-queue.h" |
13 | 13 | ||
@@ -28,6 +28,7 @@ RCSID("$OpenBSD: ssh-keyscan.c,v 1.50 2004/08/11 21:44:32 avsm Exp $"); | |||
28 | #include "log.h" | 28 | #include "log.h" |
29 | #include "atomicio.h" | 29 | #include "atomicio.h" |
30 | #include "misc.h" | 30 | #include "misc.h" |
31 | #include "hostfile.h" | ||
31 | 32 | ||
32 | /* Flag indicating whether IPv4 or IPv6. This can be set on the command line. | 33 | /* Flag indicating whether IPv4 or IPv6. This can be set on the command line. |
33 | Default value is AF_UNSPEC means both IPv4 and IPv6. */ | 34 | Default value is AF_UNSPEC means both IPv4 and IPv6. */ |
@@ -41,6 +42,8 @@ int ssh_port = SSH_DEFAULT_PORT; | |||
41 | 42 | ||
42 | int get_keytypes = KT_RSA1; /* Get only RSA1 keys by default */ | 43 | int get_keytypes = KT_RSA1; /* Get only RSA1 keys by default */ |
43 | 44 | ||
45 | int hash_hosts = 0; /* Hash hostname on output */ | ||
46 | |||
44 | #define MAXMAXFD 256 | 47 | #define MAXMAXFD 256 |
45 | 48 | ||
46 | /* The number of seconds after which to give up on a TCP connection */ | 49 | /* The number of seconds after which to give up on a TCP connection */ |
@@ -366,10 +369,14 @@ keygrab_ssh2(con *c) | |||
366 | static void | 369 | static void |
367 | keyprint(con *c, Key *key) | 370 | keyprint(con *c, Key *key) |
368 | { | 371 | { |
372 | char *host = c->c_output_name ? c->c_output_name : c->c_name; | ||
373 | |||
369 | if (!key) | 374 | if (!key) |
370 | return; | 375 | return; |
376 | if (hash_hosts && (host = host_hash(host, NULL, 0)) == NULL) | ||
377 | fatal("host_hash failed"); | ||
371 | 378 | ||
372 | fprintf(stdout, "%s ", c->c_output_name ? c->c_output_name : c->c_name); | 379 | fprintf(stdout, "%s ", host); |
373 | key_write(key, stdout); | 380 | key_write(key, stdout); |
374 | fputs("\n", stdout); | 381 | fputs("\n", stdout); |
375 | } | 382 | } |
@@ -676,7 +683,7 @@ fatal(const char *fmt,...) | |||
676 | static void | 683 | static void |
677 | usage(void) | 684 | usage(void) |
678 | { | 685 | { |
679 | fprintf(stderr, "usage: %s [-v46] [-p port] [-T timeout] [-t type] [-f file]\n" | 686 | fprintf(stderr, "usage: %s [-Hv46] [-p port] [-T timeout] [-t type] [-f file]\n" |
680 | "\t\t [host | addrlist namelist] [...]\n", | 687 | "\t\t [host | addrlist namelist] [...]\n", |
681 | __progname); | 688 | __progname); |
682 | exit(1); | 689 | exit(1); |
@@ -700,8 +707,11 @@ main(int argc, char **argv) | |||
700 | if (argc <= 1) | 707 | if (argc <= 1) |
701 | usage(); | 708 | usage(); |
702 | 709 | ||
703 | while ((opt = getopt(argc, argv, "v46p:T:t:f:")) != -1) { | 710 | while ((opt = getopt(argc, argv, "Hv46p:T:t:f:")) != -1) { |
704 | switch (opt) { | 711 | switch (opt) { |
712 | case 'H': | ||
713 | hash_hosts = 1; | ||
714 | break; | ||
705 | case 'p': | 715 | case 'p': |
706 | ssh_port = a2port(optarg); | 716 | ssh_port = a2port(optarg); |
707 | if (ssh_port == 0) { | 717 | if (ssh_port == 0) { |