diff options
Diffstat (limited to 'ssh-keyscan.c')
| -rw-r--r-- | ssh-keyscan.c | 38 |
1 files changed, 29 insertions, 9 deletions
diff --git a/ssh-keyscan.c b/ssh-keyscan.c index 258123ae8..381fb0844 100644 --- a/ssh-keyscan.c +++ b/ssh-keyscan.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssh-keyscan.c,v 1.115 2017/06/30 04:17:23 dtucker Exp $ */ | 1 | /* $OpenBSD: ssh-keyscan.c,v 1.119 2018/03/02 21:40:15 jmc Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>. | 3 | * Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>. |
| 4 | * | 4 | * |
| @@ -46,6 +46,7 @@ | |||
| 46 | #include "hostfile.h" | 46 | #include "hostfile.h" |
| 47 | #include "ssherr.h" | 47 | #include "ssherr.h" |
| 48 | #include "ssh_api.h" | 48 | #include "ssh_api.h" |
| 49 | #include "dns.h" | ||
| 49 | 50 | ||
| 50 | /* Flag indicating whether IPv4 or IPv6. This can be set on the command line. | 51 | /* Flag indicating whether IPv4 or IPv6. This can be set on the command line. |
| 51 | Default value is AF_UNSPEC means both IPv4 and IPv6. */ | 52 | Default value is AF_UNSPEC means both IPv4 and IPv6. */ |
| @@ -57,15 +58,18 @@ int ssh_port = SSH_DEFAULT_PORT; | |||
| 57 | #define KT_RSA (1<<1) | 58 | #define KT_RSA (1<<1) |
| 58 | #define KT_ECDSA (1<<2) | 59 | #define KT_ECDSA (1<<2) |
| 59 | #define KT_ED25519 (1<<3) | 60 | #define KT_ED25519 (1<<3) |
| 61 | #define KT_XMSS (1<<4) | ||
| 60 | 62 | ||
| 61 | #define KT_MIN KT_DSA | 63 | #define KT_MIN KT_DSA |
| 62 | #define KT_MAX KT_ED25519 | 64 | #define KT_MAX KT_XMSS |
| 63 | 65 | ||
| 64 | int get_cert = 0; | 66 | int get_cert = 0; |
| 65 | int get_keytypes = KT_RSA|KT_ECDSA|KT_ED25519; | 67 | int get_keytypes = KT_RSA|KT_ECDSA|KT_ED25519; |
| 66 | 68 | ||
| 67 | int hash_hosts = 0; /* Hash hostname on output */ | 69 | int hash_hosts = 0; /* Hash hostname on output */ |
| 68 | 70 | ||
| 71 | int print_sshfp = 0; /* Print SSHFP records instead of known_hosts */ | ||
| 72 | |||
| 69 | #define MAXMAXFD 256 | 73 | #define MAXMAXFD 256 |
| 70 | 74 | ||
| 71 | /* The number of seconds after which to give up on a TCP connection */ | 75 | /* The number of seconds after which to give up on a TCP connection */ |
| @@ -235,6 +239,10 @@ keygrab_ssh2(con *c) | |||
| 235 | myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = get_cert ? | 239 | myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = get_cert ? |
| 236 | "ssh-ed25519-cert-v01@openssh.com" : "ssh-ed25519"; | 240 | "ssh-ed25519-cert-v01@openssh.com" : "ssh-ed25519"; |
| 237 | break; | 241 | break; |
| 242 | case KT_XMSS: | ||
| 243 | myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = get_cert ? | ||
| 244 | "ssh-xmss-cert-v01@openssh.com" : "ssh-xmss@openssh.com"; | ||
| 245 | break; | ||
| 238 | case KT_ECDSA: | 246 | case KT_ECDSA: |
| 239 | myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = get_cert ? | 247 | myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = get_cert ? |
| 240 | "ecdsa-sha2-nistp256-cert-v01@openssh.com," | 248 | "ecdsa-sha2-nistp256-cert-v01@openssh.com," |
| @@ -280,6 +288,11 @@ keyprint_one(const char *host, struct sshkey *key) | |||
| 280 | char *hostport; | 288 | char *hostport; |
| 281 | const char *known_host, *hashed; | 289 | const char *known_host, *hashed; |
| 282 | 290 | ||
| 291 | if (print_sshfp) { | ||
| 292 | export_dns_rr(host, key, stdout, 0); | ||
| 293 | return; | ||
| 294 | } | ||
| 295 | |||
| 283 | hostport = put_host_port(host, ssh_port); | 296 | hostport = put_host_port(host, ssh_port); |
| 284 | lowercase(hostport); | 297 | lowercase(hostport); |
| 285 | if (hash_hosts && (hashed = host_hash(host, NULL, 0)) == NULL) | 298 | if (hash_hosts && (hashed = host_hash(host, NULL, 0)) == NULL) |
| @@ -377,7 +390,7 @@ conalloc(char *iname, char *oname, int keytype) | |||
| 377 | fdcon[s].c_len = 4; | 390 | fdcon[s].c_len = 4; |
| 378 | fdcon[s].c_off = 0; | 391 | fdcon[s].c_off = 0; |
| 379 | fdcon[s].c_keytype = keytype; | 392 | fdcon[s].c_keytype = keytype; |
| 380 | gettimeofday(&fdcon[s].c_tv, NULL); | 393 | monotime_tv(&fdcon[s].c_tv); |
| 381 | fdcon[s].c_tv.tv_sec += timeout; | 394 | fdcon[s].c_tv.tv_sec += timeout; |
| 382 | TAILQ_INSERT_TAIL(&tq, &fdcon[s], c_link); | 395 | TAILQ_INSERT_TAIL(&tq, &fdcon[s], c_link); |
| 383 | FD_SET(s, read_wait); | 396 | FD_SET(s, read_wait); |
| @@ -411,7 +424,7 @@ static void | |||
| 411 | contouch(int s) | 424 | contouch(int s) |
| 412 | { | 425 | { |
| 413 | TAILQ_REMOVE(&tq, &fdcon[s], c_link); | 426 | TAILQ_REMOVE(&tq, &fdcon[s], c_link); |
| 414 | gettimeofday(&fdcon[s].c_tv, NULL); | 427 | monotime_tv(&fdcon[s].c_tv); |
| 415 | fdcon[s].c_tv.tv_sec += timeout; | 428 | fdcon[s].c_tv.tv_sec += timeout; |
| 416 | TAILQ_INSERT_TAIL(&tq, &fdcon[s], c_link); | 429 | TAILQ_INSERT_TAIL(&tq, &fdcon[s], c_link); |
| 417 | } | 430 | } |
| @@ -497,7 +510,8 @@ congreet(int s) | |||
| 497 | confree(s); | 510 | confree(s); |
| 498 | return; | 511 | return; |
| 499 | } | 512 | } |
| 500 | fprintf(stderr, "# %s:%d %s\n", c->c_name, ssh_port, chop(buf)); | 513 | fprintf(stderr, "%c %s:%d %s\n", print_sshfp ? ';' : '#', |
| 514 | c->c_name, ssh_port, chop(buf)); | ||
| 501 | keygrab_ssh2(c); | 515 | keygrab_ssh2(c); |
| 502 | confree(s); | 516 | confree(s); |
| 503 | } | 517 | } |
| @@ -545,7 +559,7 @@ conloop(void) | |||
| 545 | con *c; | 559 | con *c; |
| 546 | int i; | 560 | int i; |
| 547 | 561 | ||
| 548 | gettimeofday(&now, NULL); | 562 | monotime_tv(&now); |
| 549 | c = TAILQ_FIRST(&tq); | 563 | c = TAILQ_FIRST(&tq); |
| 550 | 564 | ||
| 551 | if (c && (c->c_tv.tv_sec > now.tv_sec || | 565 | if (c && (c->c_tv.tv_sec > now.tv_sec || |
| @@ -621,8 +635,8 @@ static void | |||
| 621 | usage(void) | 635 | usage(void) |
| 622 | { | 636 | { |
| 623 | fprintf(stderr, | 637 | fprintf(stderr, |
| 624 | "usage: %s [-46cHv] [-f file] [-p port] [-T timeout] [-t type]\n" | 638 | "usage: %s [-46cDHv] [-f file] [-p port] [-T timeout] [-t type]\n" |
| 625 | "\t\t [host | addrlist namelist] ...\n", | 639 | "\t\t [host | addrlist namelist]\n", |
| 626 | __progname); | 640 | __progname); |
| 627 | exit(1); | 641 | exit(1); |
| 628 | } | 642 | } |
| @@ -650,7 +664,7 @@ main(int argc, char **argv) | |||
| 650 | if (argc <= 1) | 664 | if (argc <= 1) |
| 651 | usage(); | 665 | usage(); |
| 652 | 666 | ||
| 653 | while ((opt = getopt(argc, argv, "cHv46p:T:t:f:")) != -1) { | 667 | while ((opt = getopt(argc, argv, "cDHv46p:T:t:f:")) != -1) { |
| 654 | switch (opt) { | 668 | switch (opt) { |
| 655 | case 'H': | 669 | case 'H': |
| 656 | hash_hosts = 1; | 670 | hash_hosts = 1; |
| @@ -658,6 +672,9 @@ main(int argc, char **argv) | |||
| 658 | case 'c': | 672 | case 'c': |
| 659 | get_cert = 1; | 673 | get_cert = 1; |
| 660 | break; | 674 | break; |
| 675 | case 'D': | ||
| 676 | print_sshfp = 1; | ||
| 677 | break; | ||
| 661 | case 'p': | 678 | case 'p': |
| 662 | ssh_port = a2port(optarg); | 679 | ssh_port = a2port(optarg); |
| 663 | if (ssh_port <= 0) { | 680 | if (ssh_port <= 0) { |
| @@ -706,6 +723,9 @@ main(int argc, char **argv) | |||
| 706 | case KEY_ED25519: | 723 | case KEY_ED25519: |
| 707 | get_keytypes |= KT_ED25519; | 724 | get_keytypes |= KT_ED25519; |
| 708 | break; | 725 | break; |
| 726 | case KEY_XMSS: | ||
| 727 | get_keytypes |= KT_XMSS; | ||
| 728 | break; | ||
| 709 | case KEY_UNSPEC: | 729 | case KEY_UNSPEC: |
| 710 | default: | 730 | default: |
| 711 | fatal("Unknown key type \"%s\"", tname); | 731 | fatal("Unknown key type \"%s\"", tname); |