diff options
Diffstat (limited to 'ssh-keyscan.c')
-rw-r--r-- | ssh-keyscan.c | 47 |
1 files changed, 37 insertions, 10 deletions
diff --git a/ssh-keyscan.c b/ssh-keyscan.c index 7db0e10e5..0e5ca609a 100644 --- a/ssh-keyscan.c +++ b/ssh-keyscan.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-keyscan.c,v 1.102 2015/10/24 22:56:19 djm Exp $ */ | 1 | /* $OpenBSD: ssh-keyscan.c,v 1.103 2015/11/08 22:30:20 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>. | 3 | * Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>. |
4 | * | 4 | * |
@@ -60,6 +60,7 @@ int ssh_port = SSH_DEFAULT_PORT; | |||
60 | #define KT_ECDSA 8 | 60 | #define KT_ECDSA 8 |
61 | #define KT_ED25519 16 | 61 | #define KT_ED25519 16 |
62 | 62 | ||
63 | int get_cert = 0; | ||
63 | int get_keytypes = KT_RSA|KT_ECDSA|KT_ED25519; | 64 | int get_keytypes = KT_RSA|KT_ECDSA|KT_ED25519; |
64 | 65 | ||
65 | int hash_hosts = 0; /* Hash hostname on output */ | 66 | int hash_hosts = 0; /* Hash hostname on output */ |
@@ -267,11 +268,32 @@ keygrab_ssh2(con *c) | |||
267 | int r; | 268 | int r; |
268 | 269 | ||
269 | enable_compat20(); | 270 | enable_compat20(); |
270 | myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = | 271 | switch (c->c_keytype) { |
271 | c->c_keytype == KT_DSA ? "ssh-dss" : | 272 | case KT_DSA: |
272 | (c->c_keytype == KT_RSA ? "ssh-rsa" : | 273 | myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = get_cert ? |
273 | (c->c_keytype == KT_ED25519 ? "ssh-ed25519" : | 274 | "ssh-dss-cert-v01@openssh.com" : "ssh-dss"; |
274 | "ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521")); | 275 | break; |
276 | case KT_RSA: | ||
277 | myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = get_cert ? | ||
278 | "ssh-rsa-cert-v01@openssh.com" : "ssh-rsa"; | ||
279 | break; | ||
280 | case KT_ED25519: | ||
281 | myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = get_cert ? | ||
282 | "ssh-ed25519-cert-v01@openssh.com" : "ssh-ed25519"; | ||
283 | break; | ||
284 | case KT_ECDSA: | ||
285 | myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = get_cert ? | ||
286 | "ecdsa-sha2-nistp256-cert-v01@openssh.com," | ||
287 | "ecdsa-sha2-nistp384-cert-v01@openssh.com," | ||
288 | "ecdsa-sha2-nistp521-cert-v01@openssh.com" : | ||
289 | "ecdsa-sha2-nistp256," | ||
290 | "ecdsa-sha2-nistp384," | ||
291 | "ecdsa-sha2-nistp521"; | ||
292 | break; | ||
293 | default: | ||
294 | fatal("unknown key type %d", c->c_keytype); | ||
295 | break; | ||
296 | } | ||
275 | if ((r = kex_setup(c->c_ssh, myproposal)) != 0) { | 297 | if ((r = kex_setup(c->c_ssh, myproposal)) != 0) { |
276 | free(c->c_ssh); | 298 | free(c->c_ssh); |
277 | fprintf(stderr, "kex_setup: %s\n", ssh_err(r)); | 299 | fprintf(stderr, "kex_setup: %s\n", ssh_err(r)); |
@@ -304,7 +326,8 @@ keyprint_one(char *host, struct sshkey *key) | |||
304 | fatal("host_hash failed"); | 326 | fatal("host_hash failed"); |
305 | 327 | ||
306 | hostport = put_host_port(host, ssh_port); | 328 | hostport = put_host_port(host, ssh_port); |
307 | fprintf(stdout, "%s ", hostport); | 329 | if (!get_cert) |
330 | fprintf(stdout, "%s ", hostport); | ||
308 | sshkey_write(key, stdout); | 331 | sshkey_write(key, stdout); |
309 | fputs("\n", stdout); | 332 | fputs("\n", stdout); |
310 | free(hostport); | 333 | free(hostport); |
@@ -318,7 +341,7 @@ keyprint(con *c, struct sshkey *key) | |||
318 | 341 | ||
319 | if (key == NULL) | 342 | if (key == NULL) |
320 | return; | 343 | return; |
321 | if (!hash_hosts && ssh_port == SSH_DEFAULT_PORT) { | 344 | if (get_cert || (!hash_hosts && ssh_port == SSH_DEFAULT_PORT)) { |
322 | keyprint_one(hosts, key); | 345 | keyprint_one(hosts, key); |
323 | return; | 346 | return; |
324 | } | 347 | } |
@@ -384,6 +407,7 @@ conalloc(char *iname, char *oname, int keytype) | |||
384 | if (fdcon[s].c_status) | 407 | if (fdcon[s].c_status) |
385 | fatal("conalloc: attempt to reuse fdno %d", s); | 408 | fatal("conalloc: attempt to reuse fdno %d", s); |
386 | 409 | ||
410 | debug3("%s: oname %s kt %d", __func__, oname, keytype); | ||
387 | fdcon[s].c_fd = s; | 411 | fdcon[s].c_fd = s; |
388 | fdcon[s].c_status = CS_CON; | 412 | fdcon[s].c_status = CS_CON; |
389 | fdcon[s].c_namebase = namebase; | 413 | fdcon[s].c_namebase = namebase; |
@@ -654,7 +678,7 @@ static void | |||
654 | usage(void) | 678 | usage(void) |
655 | { | 679 | { |
656 | fprintf(stderr, | 680 | fprintf(stderr, |
657 | "usage: %s [-46Hv] [-f file] [-p port] [-T timeout] [-t type]\n" | 681 | "usage: %s [-46Hcv] [-f file] [-p port] [-T timeout] [-t type]\n" |
658 | "\t\t [host | addrlist namelist] ...\n", | 682 | "\t\t [host | addrlist namelist] ...\n", |
659 | __progname); | 683 | __progname); |
660 | exit(1); | 684 | exit(1); |
@@ -682,11 +706,14 @@ main(int argc, char **argv) | |||
682 | if (argc <= 1) | 706 | if (argc <= 1) |
683 | usage(); | 707 | usage(); |
684 | 708 | ||
685 | while ((opt = getopt(argc, argv, "Hv46p:T:t:f:")) != -1) { | 709 | while ((opt = getopt(argc, argv, "cHv46p:T:t:f:")) != -1) { |
686 | switch (opt) { | 710 | switch (opt) { |
687 | case 'H': | 711 | case 'H': |
688 | hash_hosts = 1; | 712 | hash_hosts = 1; |
689 | break; | 713 | break; |
714 | case 'c': | ||
715 | get_cert = 1; | ||
716 | break; | ||
690 | case 'p': | 717 | case 'p': |
691 | ssh_port = a2port(optarg); | 718 | ssh_port = a2port(optarg); |
692 | if (ssh_port <= 0) { | 719 | if (ssh_port <= 0) { |