summaryrefslogtreecommitdiff
path: root/ssh-keyscan.c
diff options
context:
space:
mode:
Diffstat (limited to 'ssh-keyscan.c')
-rw-r--r--ssh-keyscan.c71
1 files changed, 57 insertions, 14 deletions
diff --git a/ssh-keyscan.c b/ssh-keyscan.c
index 57d88429b..7fe61e4e1 100644
--- a/ssh-keyscan.c
+++ b/ssh-keyscan.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-keyscan.c,v 1.101 2015/04/10 00:08:55 djm Exp $ */ 1/* $OpenBSD: ssh-keyscan.c,v 1.105 2016/02/15 09:47:49 dtucker Exp $ */
2/* 2/*
3 * Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>. 3 * Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
4 * 4 *
@@ -60,6 +60,7 @@ int ssh_port = SSH_DEFAULT_PORT;
60#define KT_ECDSA 8 60#define KT_ECDSA 8
61#define KT_ED25519 16 61#define KT_ED25519 16
62 62
63int get_cert = 0;
63int get_keytypes = KT_RSA|KT_ECDSA|KT_ED25519; 64int get_keytypes = KT_RSA|KT_ECDSA|KT_ED25519;
64 65
65int hash_hosts = 0; /* Hash hostname on output */ 66int hash_hosts = 0; /* Hash hostname on output */
@@ -267,11 +268,32 @@ keygrab_ssh2(con *c)
267 int r; 268 int r;
268 269
269 enable_compat20(); 270 enable_compat20();
270 myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = 271 switch (c->c_keytype) {
271 c->c_keytype == KT_DSA ? "ssh-dss" : 272 case KT_DSA:
272 (c->c_keytype == KT_RSA ? "ssh-rsa" : 273 myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = get_cert ?
273 (c->c_keytype == KT_ED25519 ? "ssh-ed25519" : 274 "ssh-dss-cert-v01@openssh.com" : "ssh-dss";
274 "ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521")); 275 break;
276 case KT_RSA:
277 myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = get_cert ?
278 "ssh-rsa-cert-v01@openssh.com" : "ssh-rsa";
279 break;
280 case KT_ED25519:
281 myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = get_cert ?
282 "ssh-ed25519-cert-v01@openssh.com" : "ssh-ed25519";
283 break;
284 case KT_ECDSA:
285 myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = get_cert ?
286 "ecdsa-sha2-nistp256-cert-v01@openssh.com,"
287 "ecdsa-sha2-nistp384-cert-v01@openssh.com,"
288 "ecdsa-sha2-nistp521-cert-v01@openssh.com" :
289 "ecdsa-sha2-nistp256,"
290 "ecdsa-sha2-nistp384,"
291 "ecdsa-sha2-nistp521";
292 break;
293 default:
294 fatal("unknown key type %d", c->c_keytype);
295 break;
296 }
275 if ((r = kex_setup(c->c_ssh, myproposal)) != 0) { 297 if ((r = kex_setup(c->c_ssh, myproposal)) != 0) {
276 free(c->c_ssh); 298 free(c->c_ssh);
277 fprintf(stderr, "kex_setup: %s\n", ssh_err(r)); 299 fprintf(stderr, "kex_setup: %s\n", ssh_err(r));
@@ -296,23 +318,39 @@ keygrab_ssh2(con *c)
296} 318}
297 319
298static void 320static void
299keyprint(con *c, struct sshkey *key) 321keyprint_one(char *host, struct sshkey *key)
300{ 322{
301 char *host = c->c_output_name ? c->c_output_name : c->c_name; 323 char *hostport;
302 char *hostport = NULL;
303 324
304 if (!key)
305 return;
306 if (hash_hosts && (host = host_hash(host, NULL, 0)) == NULL) 325 if (hash_hosts && (host = host_hash(host, NULL, 0)) == NULL)
307 fatal("host_hash failed"); 326 fatal("host_hash failed");
308 327
309 hostport = put_host_port(host, ssh_port); 328 hostport = put_host_port(host, ssh_port);
310 fprintf(stdout, "%s ", hostport); 329 if (!get_cert)
330 fprintf(stdout, "%s ", hostport);
311 sshkey_write(key, stdout); 331 sshkey_write(key, stdout);
312 fputs("\n", stdout); 332 fputs("\n", stdout);
313 free(hostport); 333 free(hostport);
314} 334}
315 335
336static void
337keyprint(con *c, struct sshkey *key)
338{
339 char *hosts = c->c_output_name ? c->c_output_name : c->c_name;
340 char *host, *ohosts;
341
342 if (key == NULL)
343 return;
344 if (get_cert || (!hash_hosts && ssh_port == SSH_DEFAULT_PORT)) {
345 keyprint_one(hosts, key);
346 return;
347 }
348 ohosts = hosts = xstrdup(hosts);
349 while ((host = strsep(&hosts, ",")) != NULL)
350 keyprint_one(host, key);
351 free(ohosts);
352}
353
316static int 354static int
317tcpconnect(char *host) 355tcpconnect(char *host)
318{ 356{
@@ -369,6 +407,7 @@ conalloc(char *iname, char *oname, int keytype)
369 if (fdcon[s].c_status) 407 if (fdcon[s].c_status)
370 fatal("conalloc: attempt to reuse fdno %d", s); 408 fatal("conalloc: attempt to reuse fdno %d", s);
371 409
410 debug3("%s: oname %s kt %d", __func__, oname, keytype);
372 fdcon[s].c_fd = s; 411 fdcon[s].c_fd = s;
373 fdcon[s].c_status = CS_CON; 412 fdcon[s].c_status = CS_CON;
374 fdcon[s].c_namebase = namebase; 413 fdcon[s].c_namebase = namebase;
@@ -639,7 +678,7 @@ static void
639usage(void) 678usage(void)
640{ 679{
641 fprintf(stderr, 680 fprintf(stderr,
642 "usage: %s [-46Hv] [-f file] [-p port] [-T timeout] [-t type]\n" 681 "usage: %s [-46cHv] [-f file] [-p port] [-T timeout] [-t type]\n"
643 "\t\t [host | addrlist namelist] ...\n", 682 "\t\t [host | addrlist namelist] ...\n",
644 __progname); 683 __progname);
645 exit(1); 684 exit(1);
@@ -657,6 +696,7 @@ main(int argc, char **argv)
657 extern int optind; 696 extern int optind;
658 extern char *optarg; 697 extern char *optarg;
659 698
699 ssh_malloc_init(); /* must be called before any mallocs */
660 __progname = ssh_get_progname(argv[0]); 700 __progname = ssh_get_progname(argv[0]);
661 seed_rng(); 701 seed_rng();
662 TAILQ_INIT(&tq); 702 TAILQ_INIT(&tq);
@@ -667,11 +707,14 @@ main(int argc, char **argv)
667 if (argc <= 1) 707 if (argc <= 1)
668 usage(); 708 usage();
669 709
670 while ((opt = getopt(argc, argv, "Hv46p:T:t:f:")) != -1) { 710 while ((opt = getopt(argc, argv, "cHv46p:T:t:f:")) != -1) {
671 switch (opt) { 711 switch (opt) {
672 case 'H': 712 case 'H':
673 hash_hosts = 1; 713 hash_hosts = 1;
674 break; 714 break;
715 case 'c':
716 get_cert = 1;
717 break;
675 case 'p': 718 case 'p':
676 ssh_port = a2port(optarg); 719 ssh_port = a2port(optarg);
677 if (ssh_port <= 0) { 720 if (ssh_port <= 0) {
generated by cgit v1.2.3 (git 2.39.1) at 2024-08-29 23:34:57 +0000