diff options
Diffstat (limited to 'ssh-keyscan.c')
-rw-r--r-- | ssh-keyscan.c | 64 |
1 files changed, 28 insertions, 36 deletions
diff --git a/ssh-keyscan.c b/ssh-keyscan.c index 6a9292487..d49d79ad7 100644 --- a/ssh-keyscan.c +++ b/ssh-keyscan.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-keyscan.c,v 1.111 2017/04/30 23:13:25 djm Exp $ */ | 1 | /* $OpenBSD: ssh-keyscan.c,v 1.112 2017/04/30 23:18:44 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>. | 3 | * Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>. |
4 | * | 4 | * |
@@ -54,11 +54,13 @@ int IPv4or6 = AF_UNSPEC; | |||
54 | 54 | ||
55 | int ssh_port = SSH_DEFAULT_PORT; | 55 | int ssh_port = SSH_DEFAULT_PORT; |
56 | 56 | ||
57 | #define KT_RSA1 1 | 57 | #define KT_DSA (1) |
58 | #define KT_DSA 2 | 58 | #define KT_RSA (1<<1) |
59 | #define KT_RSA 4 | 59 | #define KT_ECDSA (1<<2) |
60 | #define KT_ECDSA 8 | 60 | #define KT_ED25519 (1<<3) |
61 | #define KT_ED25519 16 | 61 | |
62 | #define KT_MIN KT_DSA | ||
63 | #define KT_MAX KT_ED25519 | ||
62 | 64 | ||
63 | int get_cert = 0; | 65 | int get_cert = 0; |
64 | int get_keytypes = KT_RSA|KT_ECDSA|KT_ED25519; | 66 | int get_keytypes = KT_RSA|KT_ECDSA|KT_ED25519; |
@@ -94,7 +96,7 @@ typedef struct Connection { | |||
94 | int c_plen; /* Packet length field for ssh packet */ | 96 | int c_plen; /* Packet length field for ssh packet */ |
95 | int c_len; /* Total bytes which must be read. */ | 97 | int c_len; /* Total bytes which must be read. */ |
96 | int c_off; /* Length of data read so far. */ | 98 | int c_off; /* Length of data read so far. */ |
97 | int c_keytype; /* Only one of KT_RSA1, KT_DSA, or KT_RSA */ | 99 | int c_keytype; /* Only one of KT_* */ |
98 | sig_atomic_t c_done; /* SSH2 done */ | 100 | sig_atomic_t c_done; /* SSH2 done */ |
99 | char *c_namebase; /* Address to free for c_name and c_namelist */ | 101 | char *c_namebase; /* Address to free for c_name and c_namelist */ |
100 | char *c_name; /* Hostname of connection for errors */ | 102 | char *c_name; /* Hostname of connection for errors */ |
@@ -435,6 +437,20 @@ congreet(int s) | |||
435 | size_t bufsiz; | 437 | size_t bufsiz; |
436 | con *c = &fdcon[s]; | 438 | con *c = &fdcon[s]; |
437 | 439 | ||
440 | /* send client banner */ | ||
441 | n = snprintf(buf, sizeof buf, "SSH-%d.%d-OpenSSH-keyscan\r\n", | ||
442 | PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2); | ||
443 | if (n < 0 || (size_t)n >= sizeof(buf)) { | ||
444 | error("snprintf: buffer too small"); | ||
445 | confree(s); | ||
446 | return; | ||
447 | } | ||
448 | if (atomicio(vwrite, s, buf, n) != (size_t)n) { | ||
449 | error("write (%s): %s", c->c_name, strerror(errno)); | ||
450 | confree(s); | ||
451 | return; | ||
452 | } | ||
453 | |||
438 | for (;;) { | 454 | for (;;) { |
439 | memset(buf, '\0', sizeof(buf)); | 455 | memset(buf, '\0', sizeof(buf)); |
440 | bufsiz = sizeof(buf); | 456 | bufsiz = sizeof(buf); |
@@ -477,38 +493,14 @@ congreet(int s) | |||
477 | c->c_ssh->compat = compat_datafellows(remote_version); | 493 | c->c_ssh->compat = compat_datafellows(remote_version); |
478 | else | 494 | else |
479 | c->c_ssh->compat = 0; | 495 | c->c_ssh->compat = 0; |
480 | if (c->c_keytype != KT_RSA1) { | 496 | if (!ssh2_capable(remote_major, remote_minor)) { |
481 | if (!ssh2_capable(remote_major, remote_minor)) { | 497 | debug("%s doesn't support ssh2", c->c_name); |
482 | debug("%s doesn't support ssh2", c->c_name); | ||
483 | confree(s); | ||
484 | return; | ||
485 | } | ||
486 | } else if (remote_major != 1) { | ||
487 | debug("%s doesn't support ssh1", c->c_name); | ||
488 | confree(s); | 498 | confree(s); |
489 | return; | 499 | return; |
490 | } | 500 | } |
491 | fprintf(stderr, "# %s:%d %s\n", c->c_name, ssh_port, chop(buf)); | 501 | fprintf(stderr, "# %s:%d %s\n", c->c_name, ssh_port, chop(buf)); |
492 | n = snprintf(buf, sizeof buf, "SSH-%d.%d-OpenSSH-keyscan\r\n", | 502 | keygrab_ssh2(c); |
493 | c->c_keytype == KT_RSA1? PROTOCOL_MAJOR_1 : PROTOCOL_MAJOR_2, | 503 | confree(s); |
494 | c->c_keytype == KT_RSA1? PROTOCOL_MINOR_1 : PROTOCOL_MINOR_2); | ||
495 | if (n < 0 || (size_t)n >= sizeof(buf)) { | ||
496 | error("snprintf: buffer too small"); | ||
497 | confree(s); | ||
498 | return; | ||
499 | } | ||
500 | if (atomicio(vwrite, s, buf, n) != (size_t)n) { | ||
501 | error("write (%s): %s", c->c_name, strerror(errno)); | ||
502 | confree(s); | ||
503 | return; | ||
504 | } | ||
505 | if (c->c_keytype != KT_RSA1) { | ||
506 | keygrab_ssh2(c); | ||
507 | confree(s); | ||
508 | return; | ||
509 | } | ||
510 | c->c_status = CS_SIZE; | ||
511 | contouch(s); | ||
512 | } | 504 | } |
513 | 505 | ||
514 | static void | 506 | static void |
@@ -606,7 +598,7 @@ do_host(char *host) | |||
606 | 598 | ||
607 | if (name == NULL) | 599 | if (name == NULL) |
608 | return; | 600 | return; |
609 | for (j = KT_RSA1; j <= KT_ED25519; j *= 2) { | 601 | for (j = KT_MIN; j <= KT_MAX; j *= 2) { |
610 | if (get_keytypes & j) { | 602 | if (get_keytypes & j) { |
611 | while (ncon >= MAXCON) | 603 | while (ncon >= MAXCON) |
612 | conloop(); | 604 | conloop(); |