diff options
Diffstat (limited to 'contrib')
-rw-r--r-- | contrib/gnome-ssh-askpass2.c | 99 | ||||
-rw-r--r-- | contrib/redhat/openssh.spec | 7 | ||||
-rw-r--r-- | contrib/ssh-copy-id | 158 | ||||
-rw-r--r-- | contrib/ssh-copy-id.1 | 2 | ||||
-rw-r--r-- | contrib/suse/openssh.spec | 6 |
5 files changed, 186 insertions, 86 deletions
diff --git a/contrib/gnome-ssh-askpass2.c b/contrib/gnome-ssh-askpass2.c index 88cdfaeff..bf8c92c8f 100644 --- a/contrib/gnome-ssh-askpass2.c +++ b/contrib/gnome-ssh-askpass2.c | |||
@@ -56,9 +56,11 @@ | |||
56 | #include <stdio.h> | 56 | #include <stdio.h> |
57 | #include <string.h> | 57 | #include <string.h> |
58 | #include <unistd.h> | 58 | #include <unistd.h> |
59 | |||
59 | #include <X11/Xlib.h> | 60 | #include <X11/Xlib.h> |
60 | #include <gtk/gtk.h> | 61 | #include <gtk/gtk.h> |
61 | #include <gdk/gdkx.h> | 62 | #include <gdk/gdkx.h> |
63 | #include <gdk/gdkkeysyms.h> | ||
62 | 64 | ||
63 | static void | 65 | static void |
64 | report_failed_grab (GtkWidget *parent_window, const char *what) | 66 | report_failed_grab (GtkWidget *parent_window, const char *what) |
@@ -85,6 +87,67 @@ ok_dialog(GtkWidget *entry, gpointer dialog) | |||
85 | gtk_dialog_response(GTK_DIALOG(dialog), GTK_RESPONSE_OK); | 87 | gtk_dialog_response(GTK_DIALOG(dialog), GTK_RESPONSE_OK); |
86 | } | 88 | } |
87 | 89 | ||
90 | static gboolean | ||
91 | check_none(GtkWidget *widget, GdkEventKey *event, gpointer dialog) | ||
92 | { | ||
93 | switch (event->keyval) { | ||
94 | case GDK_KEY_Escape: | ||
95 | /* esc -> close dialog */ | ||
96 | gtk_dialog_response(GTK_DIALOG(dialog), GTK_RESPONSE_CLOSE); | ||
97 | return TRUE; | ||
98 | case GDK_KEY_Tab: | ||
99 | /* tab -> focus close button */ | ||
100 | gtk_widget_grab_focus(gtk_dialog_get_widget_for_response( | ||
101 | dialog, GTK_RESPONSE_CLOSE)); | ||
102 | return TRUE; | ||
103 | default: | ||
104 | /* eat all other key events */ | ||
105 | return TRUE; | ||
106 | } | ||
107 | } | ||
108 | |||
109 | static int | ||
110 | parse_env_hex_color(const char *env, GdkColor *c) | ||
111 | { | ||
112 | const char *s; | ||
113 | unsigned long ul; | ||
114 | char *ep; | ||
115 | size_t n; | ||
116 | |||
117 | if ((s = getenv(env)) == NULL) | ||
118 | return 0; | ||
119 | |||
120 | memset(c, 0, sizeof(*c)); | ||
121 | |||
122 | /* Permit hex rgb or rrggbb optionally prefixed by '#' or '0x' */ | ||
123 | if (*s == '#') | ||
124 | s++; | ||
125 | else if (strncmp(s, "0x", 2) == 0) | ||
126 | s += 2; | ||
127 | n = strlen(s); | ||
128 | if (n != 3 && n != 6) | ||
129 | goto bad; | ||
130 | ul = strtoul(s, &ep, 16); | ||
131 | if (*ep != '\0' || ul > 0xffffff) { | ||
132 | bad: | ||
133 | fprintf(stderr, "Invalid $%s - invalid hex color code\n", env); | ||
134 | return 0; | ||
135 | } | ||
136 | /* Valid hex sequence; expand into a GdkColor */ | ||
137 | if (n == 3) { | ||
138 | /* 4-bit RGB */ | ||
139 | c->red = ((ul >> 8) & 0xf) << 12; | ||
140 | c->green = ((ul >> 4) & 0xf) << 12; | ||
141 | c->blue = (ul & 0xf) << 12; | ||
142 | } else { | ||
143 | /* 8-bit RGB */ | ||
144 | c->red = ((ul >> 16) & 0xff) << 8; | ||
145 | c->green = ((ul >> 8) & 0xff) << 8; | ||
146 | c->blue = (ul & 0xff) << 8; | ||
147 | } | ||
148 | return 1; | ||
149 | } | ||
150 | |||
88 | static int | 151 | static int |
89 | passphrase_dialog(char *message, int prompt_type) | 152 | passphrase_dialog(char *message, int prompt_type) |
90 | { | 153 | { |
@@ -94,11 +157,16 @@ passphrase_dialog(char *message, int prompt_type) | |||
94 | int buttons, default_response; | 157 | int buttons, default_response; |
95 | GtkWidget *parent_window, *dialog, *entry; | 158 | GtkWidget *parent_window, *dialog, *entry; |
96 | GdkGrabStatus status; | 159 | GdkGrabStatus status; |
160 | GdkColor fg, bg; | ||
161 | int fg_set = 0, bg_set = 0; | ||
97 | 162 | ||
98 | grab_server = (getenv("GNOME_SSH_ASKPASS_GRAB_SERVER") != NULL); | 163 | grab_server = (getenv("GNOME_SSH_ASKPASS_GRAB_SERVER") != NULL); |
99 | grab_pointer = (getenv("GNOME_SSH_ASKPASS_GRAB_POINTER") != NULL); | 164 | grab_pointer = (getenv("GNOME_SSH_ASKPASS_GRAB_POINTER") != NULL); |
100 | grab_tries = 0; | 165 | grab_tries = 0; |
101 | 166 | ||
167 | fg_set = parse_env_hex_color("GNOME_SSH_ASKPASS_FG_COLOR", &fg); | ||
168 | bg_set = parse_env_hex_color("GNOME_SSH_ASKPASS_BG_COLOR", &bg); | ||
169 | |||
102 | /* Create an invisible parent window so that GtkDialog doesn't | 170 | /* Create an invisible parent window so that GtkDialog doesn't |
103 | * complain. */ | 171 | * complain. */ |
104 | parent_window = gtk_window_new(GTK_WINDOW_TOPLEVEL); | 172 | parent_window = gtk_window_new(GTK_WINDOW_TOPLEVEL); |
@@ -127,17 +195,38 @@ passphrase_dialog(char *message, int prompt_type) | |||
127 | gtk_dialog_set_default_response(GTK_DIALOG(dialog), default_response); | 195 | gtk_dialog_set_default_response(GTK_DIALOG(dialog), default_response); |
128 | gtk_window_set_keep_above(GTK_WINDOW(dialog), TRUE); | 196 | gtk_window_set_keep_above(GTK_WINDOW(dialog), TRUE); |
129 | 197 | ||
130 | if (prompt_type == PROMPT_ENTRY) { | 198 | if (fg_set) |
199 | gtk_widget_modify_fg(dialog, GTK_STATE_NORMAL, &fg); | ||
200 | if (bg_set) | ||
201 | gtk_widget_modify_bg(dialog, GTK_STATE_NORMAL, &bg); | ||
202 | |||
203 | if (prompt_type == PROMPT_ENTRY || prompt_type == PROMPT_NONE) { | ||
131 | entry = gtk_entry_new(); | 204 | entry = gtk_entry_new(); |
205 | if (fg_set) | ||
206 | gtk_widget_modify_fg(entry, GTK_STATE_NORMAL, &fg); | ||
207 | if (bg_set) | ||
208 | gtk_widget_modify_bg(entry, GTK_STATE_NORMAL, &bg); | ||
132 | gtk_box_pack_start( | 209 | gtk_box_pack_start( |
133 | GTK_BOX(gtk_dialog_get_content_area(GTK_DIALOG(dialog))), | 210 | GTK_BOX(gtk_dialog_get_content_area(GTK_DIALOG(dialog))), |
134 | entry, FALSE, FALSE, 0); | 211 | entry, FALSE, FALSE, 0); |
135 | gtk_entry_set_visibility(GTK_ENTRY(entry), FALSE); | 212 | gtk_entry_set_visibility(GTK_ENTRY(entry), FALSE); |
136 | gtk_widget_grab_focus(entry); | 213 | gtk_widget_grab_focus(entry); |
137 | gtk_widget_show(entry); | 214 | if (prompt_type == PROMPT_ENTRY) { |
138 | /* Make <enter> close dialog */ | 215 | gtk_widget_show(entry); |
139 | g_signal_connect(G_OBJECT(entry), "activate", | 216 | /* Make <enter> close dialog */ |
140 | G_CALLBACK(ok_dialog), dialog); | 217 | g_signal_connect(G_OBJECT(entry), "activate", |
218 | G_CALLBACK(ok_dialog), dialog); | ||
219 | } else { | ||
220 | /* | ||
221 | * Ensure the 'close' button is not focused by default | ||
222 | * but is still reachable via tab. This is a bit of a | ||
223 | * hack - it uses a hidden entry that responds to a | ||
224 | * couple of keypress events (escape and tab only). | ||
225 | */ | ||
226 | gtk_widget_realize(entry); | ||
227 | g_signal_connect(G_OBJECT(entry), "key_press_event", | ||
228 | G_CALLBACK(check_none), dialog); | ||
229 | } | ||
141 | } | 230 | } |
142 | 231 | ||
143 | /* Grab focus */ | 232 | /* Grab focus */ |
diff --git a/contrib/redhat/openssh.spec b/contrib/redhat/openssh.spec index dcd57aa19..df99f7d73 100644 --- a/contrib/redhat/openssh.spec +++ b/contrib/redhat/openssh.spec | |||
@@ -1,4 +1,4 @@ | |||
1 | %global ver 8.3p1 | 1 | %global ver 8.4p1 |
2 | %global rel 1%{?dist} | 2 | %global rel 1%{?dist} |
3 | 3 | ||
4 | # OpenSSH privilege separation requires a user & group ID | 4 | # OpenSSH privilege separation requires a user & group ID |
@@ -363,8 +363,10 @@ fi | |||
363 | %attr(0755,root,root) %dir %{_libexecdir}/openssh | 363 | %attr(0755,root,root) %dir %{_libexecdir}/openssh |
364 | %attr(4711,root,root) %{_libexecdir}/openssh/ssh-keysign | 364 | %attr(4711,root,root) %{_libexecdir}/openssh/ssh-keysign |
365 | %attr(0755,root,root) %{_libexecdir}/openssh/ssh-pkcs11-helper | 365 | %attr(0755,root,root) %{_libexecdir}/openssh/ssh-pkcs11-helper |
366 | %attr(0755,root,root) %{_libexecdir}/openssh/ssh-sk-helper | ||
366 | %attr(0644,root,root) %{_mandir}/man8/ssh-keysign.8* | 367 | %attr(0644,root,root) %{_mandir}/man8/ssh-keysign.8* |
367 | %attr(0644,root,root) %{_mandir}/man8/ssh-pkcs11-helper.8* | 368 | %attr(0644,root,root) %{_mandir}/man8/ssh-pkcs11-helper.8* |
369 | %attr(0644,root,root) %{_mandir}/man8/ssh-sk-helper.8* | ||
368 | %endif | 370 | %endif |
369 | %if %{scard} | 371 | %if %{scard} |
370 | %attr(0755,root,root) %dir %{_datadir}/openssh | 372 | %attr(0755,root,root) %dir %{_datadir}/openssh |
@@ -422,6 +424,9 @@ fi | |||
422 | %endif | 424 | %endif |
423 | 425 | ||
424 | %changelog | 426 | %changelog |
427 | * Mon Jul 20 2020 Damien Miller <djm@mindrto.org> | ||
428 | - Add ssh-sk-helper and corresponding manual page. | ||
429 | |||
425 | * Sat Feb 10 2018 Darren Tucker <dtucker@dtucker.net> | 430 | * Sat Feb 10 2018 Darren Tucker <dtucker@dtucker.net> |
426 | - Update openssl-devel dependency to match current requirements. | 431 | - Update openssl-devel dependency to match current requirements. |
427 | - Handle Fedora >=6 openssl 1.0 compat libs. | 432 | - Handle Fedora >=6 openssl 1.0 compat libs. |
diff --git a/contrib/ssh-copy-id b/contrib/ssh-copy-id index b83b83619..392f64f94 100644 --- a/contrib/ssh-copy-id +++ b/contrib/ssh-copy-id | |||
@@ -1,6 +1,7 @@ | |||
1 | #!/bin/sh | 1 | #!/bin/sh |
2 | 2 | ||
3 | # Copyright (c) 1999-2016 Philip Hands <phil@hands.com> | 3 | # Copyright (c) 1999-2020 Philip Hands <phil@hands.com> |
4 | # 2017 Sebastien Boyron <seb@boyron.eu> | ||
4 | # 2013 Martin Kletzander <mkletzan@redhat.com> | 5 | # 2013 Martin Kletzander <mkletzan@redhat.com> |
5 | # 2010 Adeodato =?iso-8859-1?Q?Sim=F3?= <asp16@alu.ua.es> | 6 | # 2010 Adeodato =?iso-8859-1?Q?Sim=F3?= <asp16@alu.ua.es> |
6 | # 2010 Eric Moret <eric.moret@gmail.com> | 7 | # 2010 Eric Moret <eric.moret@gmail.com> |
@@ -33,13 +34,15 @@ | |||
33 | # Shell script to install your public key(s) on a remote machine | 34 | # Shell script to install your public key(s) on a remote machine |
34 | # See the ssh-copy-id(1) man page for details | 35 | # See the ssh-copy-id(1) man page for details |
35 | 36 | ||
37 | # shellcheck shell=dash | ||
38 | |||
36 | # check that we have something mildly sane as our shell, or try to find something better | 39 | # check that we have something mildly sane as our shell, or try to find something better |
37 | if false ^ printf "%s: WARNING: ancient shell, hunting for a more modern one... " "$0" | 40 | if false ^ printf "%s: WARNING: ancient shell, hunting for a more modern one... " "$0" |
38 | then | 41 | then |
39 | SANE_SH=${SANE_SH:-/usr/bin/ksh} | 42 | SANE_SH=${SANE_SH:-/usr/bin/ksh} |
40 | if printf 'true ^ false\n' | "$SANE_SH" | 43 | if printf 'true ^ false\n' | "$SANE_SH" |
41 | then | 44 | then |
42 | printf "'%s' seems viable.\n" "$SANE_SH" | 45 | printf "'%s' seems viable.\\n" "$SANE_SH" |
43 | exec "$SANE_SH" "$0" "$@" | 46 | exec "$SANE_SH" "$0" "$@" |
44 | else | 47 | else |
45 | cat <<-EOF | 48 | cat <<-EOF |
@@ -51,16 +54,16 @@ then | |||
51 | a bug describing your setup, and the shell you used to make it work. | 54 | a bug describing your setup, and the shell you used to make it work. |
52 | 55 | ||
53 | EOF | 56 | EOF |
54 | printf "%s: ERROR: Less dimwitted shell required.\n" "$0" | 57 | printf '%s: ERROR: Less dimwitted shell required.\n' "$0" |
55 | exit 1 | 58 | exit 1 |
56 | fi | 59 | fi |
57 | fi | 60 | fi |
58 | 61 | ||
59 | most_recent_id="$(cd "$HOME" ; ls -t .ssh/id*.pub 2>/dev/null | grep -v -- '-cert.pub$' | head -n 1)" | 62 | # shellcheck disable=SC2010 |
60 | DEFAULT_PUB_ID_FILE="${most_recent_id:+$HOME/}$most_recent_id" | 63 | DEFAULT_PUB_ID_FILE=$(ls -t "${HOME}"/.ssh/id*.pub 2>/dev/null | grep -v -- '-cert.pub$' | head -n 1) |
61 | 64 | ||
62 | usage () { | 65 | usage () { |
63 | printf 'Usage: %s [-h|-?|-f|-n] [-i [identity_file]] [-p port] [[-o <ssh -o options>] ...] [user@]hostname\n' "$0" >&2 | 66 | printf 'Usage: %s [-h|-?|-f|-n] [-i [identity_file]] [-p port] [-F alternative ssh_config file] [[-o <ssh -o options>] ...] [user@]hostname\n' "$0" >&2 |
64 | printf '\t-f: force mode -- copy keys without trying to check if they are already installed\n' >&2 | 67 | printf '\t-f: force mode -- copy keys without trying to check if they are already installed\n' >&2 |
65 | printf '\t-n: dry run -- no keys are actually copied\n' >&2 | 68 | printf '\t-n: dry run -- no keys are actually copied\n' >&2 |
66 | printf '\t-h|-?: print this help\n' >&2 | 69 | printf '\t-h|-?: print this help\n' >&2 |
@@ -69,18 +72,18 @@ usage () { | |||
69 | 72 | ||
70 | # escape any single quotes in an argument | 73 | # escape any single quotes in an argument |
71 | quote() { | 74 | quote() { |
72 | printf "%s\n" "$1" | sed -e "s/'/'\\\\''/g" | 75 | printf '%s\n' "$1" | sed -e "s/'/'\\\\''/g" |
73 | } | 76 | } |
74 | 77 | ||
75 | use_id_file() { | 78 | use_id_file() { |
76 | local L_ID_FILE="$1" | 79 | local L_ID_FILE="$1" |
77 | 80 | ||
78 | if [ -z "$L_ID_FILE" ] ; then | 81 | if [ -z "$L_ID_FILE" ] ; then |
79 | printf "%s: ERROR: no ID file found\n" "$0" | 82 | printf '%s: ERROR: no ID file found\n' "$0" |
80 | exit 1 | 83 | exit 1 |
81 | fi | 84 | fi |
82 | 85 | ||
83 | if expr "$L_ID_FILE" : ".*\.pub$" >/dev/null ; then | 86 | if expr "$L_ID_FILE" : '.*\.pub$' >/dev/null ; then |
84 | PUB_ID_FILE="$L_ID_FILE" | 87 | PUB_ID_FILE="$L_ID_FILE" |
85 | else | 88 | else |
86 | PUB_ID_FILE="$L_ID_FILE.pub" | 89 | PUB_ID_FILE="$L_ID_FILE.pub" |
@@ -93,7 +96,7 @@ use_id_file() { | |||
93 | ErrMSG=$( { : < "$f" ; } 2>&1 ) || { | 96 | ErrMSG=$( { : < "$f" ; } 2>&1 ) || { |
94 | local L_PRIVMSG="" | 97 | local L_PRIVMSG="" |
95 | [ "$f" = "$PRIV_ID_FILE" ] && L_PRIVMSG=" (to install the contents of '$PUB_ID_FILE' anyway, look at the -f option)" | 98 | [ "$f" = "$PRIV_ID_FILE" ] && L_PRIVMSG=" (to install the contents of '$PUB_ID_FILE' anyway, look at the -f option)" |
96 | printf "\n%s: ERROR: failed to open ID file '%s': %s\n" "$0" "$f" "$(printf "%s\n%s\n" "$ErrMSG" "$L_PRIVMSG" | sed -e 's/.*: *//')" | 99 | printf "\\n%s: ERROR: failed to open ID file '%s': %s\\n" "$0" "$f" "$(printf '%s\n%s\n' "$ErrMSG" "$L_PRIVMSG" | sed -e 's/.*: *//')" |
97 | exit 1 | 100 | exit 1 |
98 | } | 101 | } |
99 | done | 102 | done |
@@ -105,80 +108,37 @@ if [ -n "$SSH_AUTH_SOCK" ] && ssh-add -L >/dev/null 2>&1 ; then | |||
105 | GET_ID="ssh-add -L" | 108 | GET_ID="ssh-add -L" |
106 | fi | 109 | fi |
107 | 110 | ||
108 | while test "$#" -gt 0 | 111 | while getopts "i:o:p:F:fnh?" OPT |
109 | do | 112 | do |
110 | [ "${SEEN_OPT_I}" ] && expr "$1" : "[-]i" >/dev/null && { | ||
111 | printf "\n%s: ERROR: -i option must not be specified more than once\n\n" "$0" | ||
112 | usage | ||
113 | } | ||
114 | |||
115 | OPT= OPTARG= | ||
116 | # implement something like getopt to avoid Solaris pain | ||
117 | case "$1" in | ||
118 | -i?*|-o?*|-p?*) | ||
119 | OPT="$(printf -- "$1"|cut -c1-2)" | ||
120 | OPTARG="$(printf -- "$1"|cut -c3-)" | ||
121 | shift | ||
122 | ;; | ||
123 | -o|-p) | ||
124 | OPT="$1" | ||
125 | OPTARG="$2" | ||
126 | shift 2 | ||
127 | ;; | ||
128 | -i) | ||
129 | OPT="$1" | ||
130 | test "$#" -le 2 || expr "$2" : "[-]" >/dev/null || { | ||
131 | OPTARG="$2" | ||
132 | shift | ||
133 | } | ||
134 | shift | ||
135 | ;; | ||
136 | -f|-n|-h|-\?) | ||
137 | OPT="$1" | ||
138 | OPTARG= | ||
139 | shift | ||
140 | ;; | ||
141 | --) | ||
142 | shift | ||
143 | while test "$#" -gt 0 | ||
144 | do | ||
145 | SAVEARGS="${SAVEARGS:+$SAVEARGS }'$(quote "$1")'" | ||
146 | shift | ||
147 | done | ||
148 | break | ||
149 | ;; | ||
150 | -*) | ||
151 | printf "\n%s: ERROR: invalid option (%s)\n\n" "$0" "$1" | ||
152 | usage | ||
153 | ;; | ||
154 | *) | ||
155 | SAVEARGS="${SAVEARGS:+$SAVEARGS }'$(quote "$1")'" | ||
156 | shift | ||
157 | continue | ||
158 | ;; | ||
159 | esac | ||
160 | 113 | ||
161 | case "$OPT" in | 114 | case "$OPT" in |
162 | -i) | 115 | i) |
116 | [ "${SEEN_OPT_I}" ] && { | ||
117 | printf '\n%s: ERROR: -i option must not be specified more than once\n\n' "$0" | ||
118 | usage | ||
119 | } | ||
163 | SEEN_OPT_I="yes" | 120 | SEEN_OPT_I="yes" |
164 | use_id_file "${OPTARG:-$DEFAULT_PUB_ID_FILE}" | 121 | use_id_file "${OPTARG:-$DEFAULT_PUB_ID_FILE}" |
165 | ;; | 122 | ;; |
166 | -o|-p) | 123 | o|p|F) |
167 | SSH_OPTS="${SSH_OPTS:+$SSH_OPTS }$OPT '$(quote "$OPTARG")'" | 124 | SSH_OPTS="${SSH_OPTS:+$SSH_OPTS }-$OPT '$(quote "${OPTARG}")'" |
168 | ;; | 125 | ;; |
169 | -f) | 126 | f) |
170 | FORCED=1 | 127 | FORCED=1 |
171 | ;; | 128 | ;; |
172 | -n) | 129 | n) |
173 | DRY_RUN=1 | 130 | DRY_RUN=1 |
174 | ;; | 131 | ;; |
175 | -h|-\?) | 132 | h|\?) |
176 | usage | 133 | usage |
177 | ;; | 134 | ;; |
178 | esac | 135 | esac |
179 | done | 136 | done |
137 | #shift all args to keep only USER_HOST | ||
138 | shift $((OPTIND-1)) | ||
139 | |||
140 | |||
180 | 141 | ||
181 | eval set -- "$SAVEARGS" | ||
182 | 142 | ||
183 | if [ $# = 0 ] ; then | 143 | if [ $# = 0 ] ; then |
184 | usage | 144 | usage |
@@ -189,16 +149,18 @@ if [ $# != 1 ] ; then | |||
189 | fi | 149 | fi |
190 | 150 | ||
191 | # drop trailing colon | 151 | # drop trailing colon |
192 | USER_HOST=$(printf "%s\n" "$1" | sed 's/:$//') | 152 | USER_HOST="$*" |
193 | # tack the hostname onto SSH_OPTS | 153 | # tack the hostname onto SSH_OPTS |
194 | SSH_OPTS="${SSH_OPTS:+$SSH_OPTS }'$(quote "$USER_HOST")'" | 154 | SSH_OPTS="${SSH_OPTS:+$SSH_OPTS }'$(quote "$USER_HOST")'" |
195 | # and populate "$@" for later use (only way to get proper quoting of options) | 155 | # and populate "$@" for later use (only way to get proper quoting of options) |
196 | eval set -- "$SSH_OPTS" | 156 | eval set -- "$SSH_OPTS" |
197 | 157 | ||
158 | # shellcheck disable=SC2086 | ||
198 | if [ -z "$(eval $GET_ID)" ] && [ -r "${PUB_ID_FILE:=$DEFAULT_PUB_ID_FILE}" ] ; then | 159 | if [ -z "$(eval $GET_ID)" ] && [ -r "${PUB_ID_FILE:=$DEFAULT_PUB_ID_FILE}" ] ; then |
199 | use_id_file "$PUB_ID_FILE" | 160 | use_id_file "$PUB_ID_FILE" |
200 | fi | 161 | fi |
201 | 162 | ||
163 | # shellcheck disable=SC2086 | ||
202 | if [ -z "$(eval $GET_ID)" ] ; then | 164 | if [ -z "$(eval $GET_ID)" ] ; then |
203 | printf '%s: ERROR: No identities found\n' "$0" >&2 | 165 | printf '%s: ERROR: No identities found\n' "$0" >&2 |
204 | exit 1 | 166 | exit 1 |
@@ -209,6 +171,7 @@ fi | |||
209 | populate_new_ids() { | 171 | populate_new_ids() { |
210 | local L_SUCCESS="$1" | 172 | local L_SUCCESS="$1" |
211 | 173 | ||
174 | # shellcheck disable=SC2086 | ||
212 | if [ "$FORCED" ] ; then | 175 | if [ "$FORCED" ] ; then |
213 | NEW_IDS=$(eval $GET_ID) | 176 | NEW_IDS=$(eval $GET_ID) |
214 | return | 177 | return |
@@ -218,17 +181,20 @@ populate_new_ids() { | |||
218 | eval set -- "$SSH_OPTS" | 181 | eval set -- "$SSH_OPTS" |
219 | 182 | ||
220 | umask 0177 | 183 | umask 0177 |
221 | local L_TMP_ID_FILE=$(mktemp ~/.ssh/ssh-copy-id_id.XXXXXXXXXX) | 184 | local L_TMP_ID_FILE |
185 | L_TMP_ID_FILE=$(mktemp ~/.ssh/ssh-copy-id_id.XXXXXXXXXX) | ||
222 | if test $? -ne 0 || test "x$L_TMP_ID_FILE" = "x" ; then | 186 | if test $? -ne 0 || test "x$L_TMP_ID_FILE" = "x" ; then |
223 | printf '%s: ERROR: mktemp failed\n' "$0" >&2 | 187 | printf '%s: ERROR: mktemp failed\n' "$0" >&2 |
224 | exit 1 | 188 | exit 1 |
225 | fi | 189 | fi |
226 | local L_CLEANUP="rm -f \"$L_TMP_ID_FILE\" \"${L_TMP_ID_FILE}.stderr\"" | 190 | local L_CLEANUP="rm -f \"$L_TMP_ID_FILE\" \"${L_TMP_ID_FILE}.stderr\"" |
191 | # shellcheck disable=SC2064 | ||
227 | trap "$L_CLEANUP" EXIT TERM INT QUIT | 192 | trap "$L_CLEANUP" EXIT TERM INT QUIT |
228 | printf '%s: INFO: attempting to log in with the new key(s), to filter out any that are already installed\n' "$0" >&2 | 193 | printf '%s: INFO: attempting to log in with the new key(s), to filter out any that are already installed\n' "$0" >&2 |
194 | # shellcheck disable=SC2086 | ||
229 | NEW_IDS=$( | 195 | NEW_IDS=$( |
230 | eval $GET_ID | { | 196 | eval $GET_ID | { |
231 | while read ID || [ "$ID" ] ; do | 197 | while read -r ID || [ "$ID" ] ; do |
232 | printf '%s\n' "$ID" > "$L_TMP_ID_FILE" | 198 | printf '%s\n' "$ID" > "$L_TMP_ID_FILE" |
233 | 199 | ||
234 | # the next line assumes $PRIV_ID_FILE only set if using a single id file - this | 200 | # the next line assumes $PRIV_ID_FILE only set if using a single id file - this |
@@ -261,21 +227,52 @@ populate_new_ids() { | |||
261 | fi | 227 | fi |
262 | if [ -z "$NEW_IDS" ] ; then | 228 | if [ -z "$NEW_IDS" ] ; then |
263 | printf '\n%s: WARNING: All keys were skipped because they already exist on the remote system.\n' "$0" >&2 | 229 | printf '\n%s: WARNING: All keys were skipped because they already exist on the remote system.\n' "$0" >&2 |
264 | printf '\t\t(if you think this is a mistake, you may want to use -f option)\n\n' "$0" >&2 | 230 | printf '\t\t(if you think this is a mistake, you may want to use -f option)\n\n' >&2 |
265 | exit 0 | 231 | exit 0 |
266 | fi | 232 | fi |
267 | printf '%s: INFO: %d key(s) remain to be installed -- if you are prompted now it is to install the new keys\n' "$0" "$(printf '%s\n' "$NEW_IDS" | wc -l)" >&2 | 233 | printf '%s: INFO: %d key(s) remain to be installed -- if you are prompted now it is to install the new keys\n' "$0" "$(printf '%s\n' "$NEW_IDS" | wc -l)" >&2 |
268 | } | 234 | } |
269 | 235 | ||
236 | # installkey_sh [target_path] | ||
237 | # produce a one-liner to add the keys to remote authorized_keys file | ||
238 | # optionally takes an alternative path for authorized_keys | ||
239 | installkeys_sh() { | ||
240 | local AUTH_KEY_FILE=${1:-.ssh/authorized_keys} | ||
241 | |||
242 | # In setting INSTALLKEYS_SH: | ||
243 | # the tr puts it all on one line (to placate tcsh) | ||
244 | # (hence the excessive use of semi-colons (;) ) | ||
245 | # then in the command: | ||
246 | # cd to be at $HOME, just in case; | ||
247 | # the -z `tail ...` checks for a trailing newline. The echo adds one if was missing | ||
248 | # the cat adds the keys we're getting via STDIN | ||
249 | # and if available restorecon is used to restore the SELinux context | ||
250 | INSTALLKEYS_SH=$(tr '\t\n' ' ' <<-EOF) | ||
251 | cd; | ||
252 | umask 077; | ||
253 | mkdir -p $(dirname "${AUTH_KEY_FILE}") && | ||
254 | { [ -z \`tail -1c ${AUTH_KEY_FILE} 2>/dev/null\` ] || echo >> ${AUTH_KEY_FILE}; } && | ||
255 | cat >> ${AUTH_KEY_FILE} || | ||
256 | exit 1; | ||
257 | if type restorecon >/dev/null 2>&1; then | ||
258 | restorecon -F .ssh ${AUTH_KEY_FILE}; | ||
259 | fi | ||
260 | EOF | ||
261 | |||
262 | # to defend against quirky remote shells: use 'exec sh -c' to get POSIX; | ||
263 | printf "exec sh -c '%s'" "${INSTALLKEYS_SH}" | ||
264 | } | ||
265 | |||
270 | REMOTE_VERSION=$(ssh -v -o PreferredAuthentications=',' -o ControlPath=none "$@" 2>&1 | | 266 | REMOTE_VERSION=$(ssh -v -o PreferredAuthentications=',' -o ControlPath=none "$@" 2>&1 | |
271 | sed -ne 's/.*remote software version //p') | 267 | sed -ne 's/.*remote software version //p') |
272 | 268 | ||
269 | # shellcheck disable=SC2029 | ||
273 | case "$REMOTE_VERSION" in | 270 | case "$REMOTE_VERSION" in |
274 | NetScreen*) | 271 | NetScreen*) |
275 | populate_new_ids 1 | 272 | populate_new_ids 1 |
276 | for KEY in $(printf "%s" "$NEW_IDS" | cut -d' ' -f2) ; do | 273 | for KEY in $(printf "%s" "$NEW_IDS" | cut -d' ' -f2) ; do |
277 | KEY_NO=$(($KEY_NO + 1)) | 274 | KEY_NO=$((KEY_NO + 1)) |
278 | printf "%s\n" "$KEY" | grep ssh-dss >/dev/null || { | 275 | printf '%s\n' "$KEY" | grep ssh-dss >/dev/null || { |
279 | printf '%s: WARNING: Non-dsa key (#%d) skipped (NetScreen only supports DSA keys)\n' "$0" "$KEY_NO" >&2 | 276 | printf '%s: WARNING: Non-dsa key (#%d) skipped (NetScreen only supports DSA keys)\n' "$0" "$KEY_NO" >&2 |
280 | continue | 277 | continue |
281 | } | 278 | } |
@@ -283,20 +280,25 @@ case "$REMOTE_VERSION" in | |||
283 | if [ $? = 255 ] ; then | 280 | if [ $? = 255 ] ; then |
284 | printf '%s: ERROR: installation of key #%d failed (please report a bug describing what caused this, so that we can make this message useful)\n' "$0" "$KEY_NO" >&2 | 281 | printf '%s: ERROR: installation of key #%d failed (please report a bug describing what caused this, so that we can make this message useful)\n' "$0" "$KEY_NO" >&2 |
285 | else | 282 | else |
286 | ADDED=$(($ADDED + 1)) | 283 | ADDED=$((ADDED + 1)) |
287 | fi | 284 | fi |
288 | done | 285 | done |
289 | if [ -z "$ADDED" ] ; then | 286 | if [ -z "$ADDED" ] ; then |
290 | exit 1 | 287 | exit 1 |
291 | fi | 288 | fi |
292 | ;; | 289 | ;; |
290 | dropbear*) | ||
291 | populate_new_ids 0 | ||
292 | [ "$DRY_RUN" ] || printf '%s\n' "$NEW_IDS" | \ | ||
293 | ssh "$@" "$(installkeys_sh /etc/dropbear/authorized_keys)" \ | ||
294 | || exit 1 | ||
295 | ADDED=$(printf '%s\n' "$NEW_IDS" | wc -l) | ||
296 | ;; | ||
293 | *) | 297 | *) |
294 | # Assuming that the remote host treats ~/.ssh/authorized_keys as one might expect | 298 | # Assuming that the remote host treats ~/.ssh/authorized_keys as one might expect |
295 | populate_new_ids 0 | 299 | populate_new_ids 0 |
296 | # in ssh below - to defend against quirky remote shells: use 'exec sh -c' to get POSIX; | ||
297 | # 'cd' to be at $HOME; add a newline if it's missing; and all on one line, because tcsh. | ||
298 | [ "$DRY_RUN" ] || printf '%s\n' "$NEW_IDS" | \ | 300 | [ "$DRY_RUN" ] || printf '%s\n' "$NEW_IDS" | \ |
299 | ssh "$@" "exec sh -c 'cd ; umask 077 ; mkdir -p .ssh && { [ -z "'`tail -1c .ssh/authorized_keys 2>/dev/null`'" ] || echo >> .ssh/authorized_keys ; } && cat >> .ssh/authorized_keys || exit 1 ; if type restorecon >/dev/null 2>&1 ; then restorecon -F .ssh .ssh/authorized_keys ; fi'" \ | 301 | ssh "$@" "$(installkeys_sh)" \ |
300 | || exit 1 | 302 | || exit 1 |
301 | ADDED=$(printf '%s\n' "$NEW_IDS" | wc -l) | 303 | ADDED=$(printf '%s\n' "$NEW_IDS" | wc -l) |
302 | ;; | 304 | ;; |
diff --git a/contrib/ssh-copy-id.1 b/contrib/ssh-copy-id.1 index ae75c79a5..b75a88365 100644 --- a/contrib/ssh-copy-id.1 +++ b/contrib/ssh-copy-id.1 | |||
@@ -1,5 +1,5 @@ | |||
1 | .ig \" -*- nroff -*- | 1 | .ig \" -*- nroff -*- |
2 | Copyright (c) 1999-2013 hands.com Ltd. <http://hands.com/> | 2 | Copyright (c) 1999-2016 hands.com Ltd. <http://hands.com/> |
3 | 3 | ||
4 | Redistribution and use in source and binary forms, with or without | 4 | Redistribution and use in source and binary forms, with or without |
5 | modification, are permitted provided that the following conditions | 5 | modification, are permitted provided that the following conditions |
diff --git a/contrib/suse/openssh.spec b/contrib/suse/openssh.spec index a2789052d..e6459e82d 100644 --- a/contrib/suse/openssh.spec +++ b/contrib/suse/openssh.spec | |||
@@ -13,7 +13,7 @@ | |||
13 | 13 | ||
14 | Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation | 14 | Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation |
15 | Name: openssh | 15 | Name: openssh |
16 | Version: 8.3p1 | 16 | Version: 8.4p1 |
17 | URL: https://www.openssh.com/ | 17 | URL: https://www.openssh.com/ |
18 | Release: 1 | 18 | Release: 1 |
19 | Source0: openssh-%{version}.tar.gz | 19 | Source0: openssh-%{version}.tar.gz |
@@ -75,6 +75,8 @@ patented algorithms to separate libraries (OpenSSL). | |||
75 | This package contains an X Window System passphrase dialog for OpenSSH. | 75 | This package contains an X Window System passphrase dialog for OpenSSH. |
76 | 76 | ||
77 | %changelog | 77 | %changelog |
78 | * Mon Jul 20 2020 Damien Miller <djm@mindrto.org> | ||
79 | - Add ssh-sk-helper and corresponding manual page. | ||
78 | * Wed Oct 26 2005 Iain Morgan <imorgan@nas.nasa.gov> | 80 | * Wed Oct 26 2005 Iain Morgan <imorgan@nas.nasa.gov> |
79 | - Removed accidental inclusion of --without-zlib-version-check | 81 | - Removed accidental inclusion of --without-zlib-version-check |
80 | * Tue Oct 25 2005 Iain Morgan <imorgan@nas.nasa.gov> | 82 | * Tue Oct 25 2005 Iain Morgan <imorgan@nas.nasa.gov> |
@@ -211,6 +213,7 @@ rm -rf $RPM_BUILD_ROOT | |||
211 | %attr(0755,root,root) %{_libdir}/ssh/sftp-server | 213 | %attr(0755,root,root) %{_libdir}/ssh/sftp-server |
212 | %attr(4711,root,root) %{_libdir}/ssh/ssh-keysign | 214 | %attr(4711,root,root) %{_libdir}/ssh/ssh-keysign |
213 | %attr(0755,root,root) %{_libdir}/ssh/ssh-pkcs11-helper | 215 | %attr(0755,root,root) %{_libdir}/ssh/ssh-pkcs11-helper |
216 | %attr(0755,root,root) %{_libdir}/ssh/ssh-sk-helper | ||
214 | %attr(0644,root,root) %doc %{_mandir}/man1/scp.1* | 217 | %attr(0644,root,root) %doc %{_mandir}/man1/scp.1* |
215 | %attr(0644,root,root) %doc %{_mandir}/man1/sftp.1* | 218 | %attr(0644,root,root) %doc %{_mandir}/man1/sftp.1* |
216 | %attr(0644,root,root) %doc %{_mandir}/man1/ssh.1* | 219 | %attr(0644,root,root) %doc %{_mandir}/man1/ssh.1* |
@@ -224,6 +227,7 @@ rm -rf $RPM_BUILD_ROOT | |||
224 | %attr(0644,root,root) %doc %{_mandir}/man8/sftp-server.8* | 227 | %attr(0644,root,root) %doc %{_mandir}/man8/sftp-server.8* |
225 | %attr(0644,root,root) %doc %{_mandir}/man8/ssh-keysign.8* | 228 | %attr(0644,root,root) %doc %{_mandir}/man8/ssh-keysign.8* |
226 | %attr(0644,root,root) %doc %{_mandir}/man8/ssh-pkcs11-helper.8* | 229 | %attr(0644,root,root) %doc %{_mandir}/man8/ssh-pkcs11-helper.8* |
230 | %attr(0644,root,root) %doc %{_mandir}/man8/ssh-sk-helper.8* | ||
227 | %attr(0644,root,root) %doc %{_mandir}/man8/sshd.8* | 231 | %attr(0644,root,root) %doc %{_mandir}/man8/sshd.8* |
228 | %attr(0644,root,root) /var/adm/fillup-templates/sysconfig.ssh | 232 | %attr(0644,root,root) /var/adm/fillup-templates/sysconfig.ssh |
229 | 233 | ||