diff options
Diffstat (limited to 'ssh-keyscan.c')
-rw-r--r-- | ssh-keyscan.c | 38 |
1 files changed, 29 insertions, 9 deletions
diff --git a/ssh-keyscan.c b/ssh-keyscan.c index 258123ae8..381fb0844 100644 --- a/ssh-keyscan.c +++ b/ssh-keyscan.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-keyscan.c,v 1.115 2017/06/30 04:17:23 dtucker Exp $ */ | 1 | /* $OpenBSD: ssh-keyscan.c,v 1.119 2018/03/02 21:40:15 jmc Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>. | 3 | * Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>. |
4 | * | 4 | * |
@@ -46,6 +46,7 @@ | |||
46 | #include "hostfile.h" | 46 | #include "hostfile.h" |
47 | #include "ssherr.h" | 47 | #include "ssherr.h" |
48 | #include "ssh_api.h" | 48 | #include "ssh_api.h" |
49 | #include "dns.h" | ||
49 | 50 | ||
50 | /* Flag indicating whether IPv4 or IPv6. This can be set on the command line. | 51 | /* Flag indicating whether IPv4 or IPv6. This can be set on the command line. |
51 | Default value is AF_UNSPEC means both IPv4 and IPv6. */ | 52 | Default value is AF_UNSPEC means both IPv4 and IPv6. */ |
@@ -57,15 +58,18 @@ int ssh_port = SSH_DEFAULT_PORT; | |||
57 | #define KT_RSA (1<<1) | 58 | #define KT_RSA (1<<1) |
58 | #define KT_ECDSA (1<<2) | 59 | #define KT_ECDSA (1<<2) |
59 | #define KT_ED25519 (1<<3) | 60 | #define KT_ED25519 (1<<3) |
61 | #define KT_XMSS (1<<4) | ||
60 | 62 | ||
61 | #define KT_MIN KT_DSA | 63 | #define KT_MIN KT_DSA |
62 | #define KT_MAX KT_ED25519 | 64 | #define KT_MAX KT_XMSS |
63 | 65 | ||
64 | int get_cert = 0; | 66 | int get_cert = 0; |
65 | int get_keytypes = KT_RSA|KT_ECDSA|KT_ED25519; | 67 | int get_keytypes = KT_RSA|KT_ECDSA|KT_ED25519; |
66 | 68 | ||
67 | int hash_hosts = 0; /* Hash hostname on output */ | 69 | int hash_hosts = 0; /* Hash hostname on output */ |
68 | 70 | ||
71 | int print_sshfp = 0; /* Print SSHFP records instead of known_hosts */ | ||
72 | |||
69 | #define MAXMAXFD 256 | 73 | #define MAXMAXFD 256 |
70 | 74 | ||
71 | /* The number of seconds after which to give up on a TCP connection */ | 75 | /* The number of seconds after which to give up on a TCP connection */ |
@@ -235,6 +239,10 @@ keygrab_ssh2(con *c) | |||
235 | myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = get_cert ? | 239 | myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = get_cert ? |
236 | "ssh-ed25519-cert-v01@openssh.com" : "ssh-ed25519"; | 240 | "ssh-ed25519-cert-v01@openssh.com" : "ssh-ed25519"; |
237 | break; | 241 | break; |
242 | case KT_XMSS: | ||
243 | myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = get_cert ? | ||
244 | "ssh-xmss-cert-v01@openssh.com" : "ssh-xmss@openssh.com"; | ||
245 | break; | ||
238 | case KT_ECDSA: | 246 | case KT_ECDSA: |
239 | myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = get_cert ? | 247 | myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = get_cert ? |
240 | "ecdsa-sha2-nistp256-cert-v01@openssh.com," | 248 | "ecdsa-sha2-nistp256-cert-v01@openssh.com," |
@@ -280,6 +288,11 @@ keyprint_one(const char *host, struct sshkey *key) | |||
280 | char *hostport; | 288 | char *hostport; |
281 | const char *known_host, *hashed; | 289 | const char *known_host, *hashed; |
282 | 290 | ||
291 | if (print_sshfp) { | ||
292 | export_dns_rr(host, key, stdout, 0); | ||
293 | return; | ||
294 | } | ||
295 | |||
283 | hostport = put_host_port(host, ssh_port); | 296 | hostport = put_host_port(host, ssh_port); |
284 | lowercase(hostport); | 297 | lowercase(hostport); |
285 | if (hash_hosts && (hashed = host_hash(host, NULL, 0)) == NULL) | 298 | if (hash_hosts && (hashed = host_hash(host, NULL, 0)) == NULL) |
@@ -377,7 +390,7 @@ conalloc(char *iname, char *oname, int keytype) | |||
377 | fdcon[s].c_len = 4; | 390 | fdcon[s].c_len = 4; |
378 | fdcon[s].c_off = 0; | 391 | fdcon[s].c_off = 0; |
379 | fdcon[s].c_keytype = keytype; | 392 | fdcon[s].c_keytype = keytype; |
380 | gettimeofday(&fdcon[s].c_tv, NULL); | 393 | monotime_tv(&fdcon[s].c_tv); |
381 | fdcon[s].c_tv.tv_sec += timeout; | 394 | fdcon[s].c_tv.tv_sec += timeout; |
382 | TAILQ_INSERT_TAIL(&tq, &fdcon[s], c_link); | 395 | TAILQ_INSERT_TAIL(&tq, &fdcon[s], c_link); |
383 | FD_SET(s, read_wait); | 396 | FD_SET(s, read_wait); |
@@ -411,7 +424,7 @@ static void | |||
411 | contouch(int s) | 424 | contouch(int s) |
412 | { | 425 | { |
413 | TAILQ_REMOVE(&tq, &fdcon[s], c_link); | 426 | TAILQ_REMOVE(&tq, &fdcon[s], c_link); |
414 | gettimeofday(&fdcon[s].c_tv, NULL); | 427 | monotime_tv(&fdcon[s].c_tv); |
415 | fdcon[s].c_tv.tv_sec += timeout; | 428 | fdcon[s].c_tv.tv_sec += timeout; |
416 | TAILQ_INSERT_TAIL(&tq, &fdcon[s], c_link); | 429 | TAILQ_INSERT_TAIL(&tq, &fdcon[s], c_link); |
417 | } | 430 | } |
@@ -497,7 +510,8 @@ congreet(int s) | |||
497 | confree(s); | 510 | confree(s); |
498 | return; | 511 | return; |
499 | } | 512 | } |
500 | fprintf(stderr, "# %s:%d %s\n", c->c_name, ssh_port, chop(buf)); | 513 | fprintf(stderr, "%c %s:%d %s\n", print_sshfp ? ';' : '#', |
514 | c->c_name, ssh_port, chop(buf)); | ||
501 | keygrab_ssh2(c); | 515 | keygrab_ssh2(c); |
502 | confree(s); | 516 | confree(s); |
503 | } | 517 | } |
@@ -545,7 +559,7 @@ conloop(void) | |||
545 | con *c; | 559 | con *c; |
546 | int i; | 560 | int i; |
547 | 561 | ||
548 | gettimeofday(&now, NULL); | 562 | monotime_tv(&now); |
549 | c = TAILQ_FIRST(&tq); | 563 | c = TAILQ_FIRST(&tq); |
550 | 564 | ||
551 | if (c && (c->c_tv.tv_sec > now.tv_sec || | 565 | if (c && (c->c_tv.tv_sec > now.tv_sec || |
@@ -621,8 +635,8 @@ static void | |||
621 | usage(void) | 635 | usage(void) |
622 | { | 636 | { |
623 | fprintf(stderr, | 637 | fprintf(stderr, |
624 | "usage: %s [-46cHv] [-f file] [-p port] [-T timeout] [-t type]\n" | 638 | "usage: %s [-46cDHv] [-f file] [-p port] [-T timeout] [-t type]\n" |
625 | "\t\t [host | addrlist namelist] ...\n", | 639 | "\t\t [host | addrlist namelist]\n", |
626 | __progname); | 640 | __progname); |
627 | exit(1); | 641 | exit(1); |
628 | } | 642 | } |
@@ -650,7 +664,7 @@ main(int argc, char **argv) | |||
650 | if (argc <= 1) | 664 | if (argc <= 1) |
651 | usage(); | 665 | usage(); |
652 | 666 | ||
653 | while ((opt = getopt(argc, argv, "cHv46p:T:t:f:")) != -1) { | 667 | while ((opt = getopt(argc, argv, "cDHv46p:T:t:f:")) != -1) { |
654 | switch (opt) { | 668 | switch (opt) { |
655 | case 'H': | 669 | case 'H': |
656 | hash_hosts = 1; | 670 | hash_hosts = 1; |
@@ -658,6 +672,9 @@ main(int argc, char **argv) | |||
658 | case 'c': | 672 | case 'c': |
659 | get_cert = 1; | 673 | get_cert = 1; |
660 | break; | 674 | break; |
675 | case 'D': | ||
676 | print_sshfp = 1; | ||
677 | break; | ||
661 | case 'p': | 678 | case 'p': |
662 | ssh_port = a2port(optarg); | 679 | ssh_port = a2port(optarg); |
663 | if (ssh_port <= 0) { | 680 | if (ssh_port <= 0) { |
@@ -706,6 +723,9 @@ main(int argc, char **argv) | |||
706 | case KEY_ED25519: | 723 | case KEY_ED25519: |
707 | get_keytypes |= KT_ED25519; | 724 | get_keytypes |= KT_ED25519; |
708 | break; | 725 | break; |
726 | case KEY_XMSS: | ||
727 | get_keytypes |= KT_XMSS; | ||
728 | break; | ||
709 | case KEY_UNSPEC: | 729 | case KEY_UNSPEC: |
710 | default: | 730 | default: |
711 | fatal("Unknown key type \"%s\"", tname); | 731 | fatal("Unknown key type \"%s\"", tname); |