diff options
Diffstat (limited to 'ssh-keyscan.c')
-rw-r--r-- | ssh-keyscan.c | 20 |
1 files changed, 16 insertions, 4 deletions
diff --git a/ssh-keyscan.c b/ssh-keyscan.c index a816a220e..15059f6fa 100644 --- a/ssh-keyscan.c +++ b/ssh-keyscan.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-keyscan.c,v 1.116 2017/11/25 06:46:22 dtucker Exp $ */ | 1 | /* $OpenBSD: ssh-keyscan.c,v 1.117 2018/02/23 05:14:05 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>. | 3 | * Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>. |
4 | * | 4 | * |
@@ -46,6 +46,7 @@ | |||
46 | #include "hostfile.h" | 46 | #include "hostfile.h" |
47 | #include "ssherr.h" | 47 | #include "ssherr.h" |
48 | #include "ssh_api.h" | 48 | #include "ssh_api.h" |
49 | #include "dns.h" | ||
49 | 50 | ||
50 | /* Flag indicating whether IPv4 or IPv6. This can be set on the command line. | 51 | /* Flag indicating whether IPv4 or IPv6. This can be set on the command line. |
51 | Default value is AF_UNSPEC means both IPv4 and IPv6. */ | 52 | Default value is AF_UNSPEC means both IPv4 and IPv6. */ |
@@ -66,6 +67,8 @@ int get_keytypes = KT_RSA|KT_ECDSA|KT_ED25519; | |||
66 | 67 | ||
67 | int hash_hosts = 0; /* Hash hostname on output */ | 68 | int hash_hosts = 0; /* Hash hostname on output */ |
68 | 69 | ||
70 | int print_sshfp = 0; /* Print SSHFP records instead of known_hosts */ | ||
71 | |||
69 | #define MAXMAXFD 256 | 72 | #define MAXMAXFD 256 |
70 | 73 | ||
71 | /* The number of seconds after which to give up on a TCP connection */ | 74 | /* The number of seconds after which to give up on a TCP connection */ |
@@ -280,6 +283,11 @@ keyprint_one(const char *host, struct sshkey *key) | |||
280 | char *hostport; | 283 | char *hostport; |
281 | const char *known_host, *hashed; | 284 | const char *known_host, *hashed; |
282 | 285 | ||
286 | if (print_sshfp) { | ||
287 | export_dns_rr(host, key, stdout, 0); | ||
288 | return; | ||
289 | } | ||
290 | |||
283 | hostport = put_host_port(host, ssh_port); | 291 | hostport = put_host_port(host, ssh_port); |
284 | lowercase(hostport); | 292 | lowercase(hostport); |
285 | if (hash_hosts && (hashed = host_hash(host, NULL, 0)) == NULL) | 293 | if (hash_hosts && (hashed = host_hash(host, NULL, 0)) == NULL) |
@@ -497,7 +505,8 @@ congreet(int s) | |||
497 | confree(s); | 505 | confree(s); |
498 | return; | 506 | return; |
499 | } | 507 | } |
500 | fprintf(stderr, "# %s:%d %s\n", c->c_name, ssh_port, chop(buf)); | 508 | fprintf(stderr, "%c %s:%d %s\n", print_sshfp ? ';' : '#', |
509 | c->c_name, ssh_port, chop(buf)); | ||
501 | keygrab_ssh2(c); | 510 | keygrab_ssh2(c); |
502 | confree(s); | 511 | confree(s); |
503 | } | 512 | } |
@@ -621,7 +630,7 @@ static void | |||
621 | usage(void) | 630 | usage(void) |
622 | { | 631 | { |
623 | fprintf(stderr, | 632 | fprintf(stderr, |
624 | "usage: %s [-46cHv] [-f file] [-p port] [-T timeout] [-t type]\n" | 633 | "usage: %s [-46cDHv] [-f file] [-p port] [-T timeout] [-t type]\n" |
625 | "\t\t [host | addrlist namelist] ...\n", | 634 | "\t\t [host | addrlist namelist] ...\n", |
626 | __progname); | 635 | __progname); |
627 | exit(1); | 636 | exit(1); |
@@ -650,7 +659,7 @@ main(int argc, char **argv) | |||
650 | if (argc <= 1) | 659 | if (argc <= 1) |
651 | usage(); | 660 | usage(); |
652 | 661 | ||
653 | while ((opt = getopt(argc, argv, "cHv46p:T:t:f:")) != -1) { | 662 | while ((opt = getopt(argc, argv, "cDHv46p:T:t:f:")) != -1) { |
654 | switch (opt) { | 663 | switch (opt) { |
655 | case 'H': | 664 | case 'H': |
656 | hash_hosts = 1; | 665 | hash_hosts = 1; |
@@ -658,6 +667,9 @@ main(int argc, char **argv) | |||
658 | case 'c': | 667 | case 'c': |
659 | get_cert = 1; | 668 | get_cert = 1; |
660 | break; | 669 | break; |
670 | case 'D': | ||
671 | print_sshfp = 1; | ||
672 | break; | ||
661 | case 'p': | 673 | case 'p': |
662 | ssh_port = a2port(optarg); | 674 | ssh_port = a2port(optarg); |
663 | if (ssh_port <= 0) { | 675 | if (ssh_port <= 0) { |