diff options
author | djm@openbsd.org <djm@openbsd.org> | 2023-02-10 05:56:30 +0100 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2023-02-10 06:12:42 +0100 |
commit | d651f5c9fe37e61491eee46c49ba9fa03dbc0e6a (patch) | |
tree | 68af6f6192662f1a1ed98c4234bfde344761eadf /ssh-keyscan.c | |
parent | upstream: add a `sshd -G` option that parses and prints the (diff) | |
download | openssh-d651f5c9fe37e61491eee46c49ba9fa03dbc0e6a.tar.xz openssh-d651f5c9fe37e61491eee46c49ba9fa03dbc0e6a.zip |
upstream: let ssh-keygen and ssh-keyscan accept
-Ohashalg=sha1|sha256 when outputting SSHFP fingerprints to allow algorithm
selection. bz3493 ok dtucker@
OpenBSD-Commit-ID: e6e07fe21318a873bd877f333e189eb963a11b3d
Diffstat (limited to 'ssh-keyscan.c')
-rw-r--r-- | ssh-keyscan.c | 22 |
1 files changed, 16 insertions, 6 deletions
diff --git a/ssh-keyscan.c b/ssh-keyscan.c index 1318c2fa6..ad574eaf5 100644 --- a/ssh-keyscan.c +++ b/ssh-keyscan.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keyscan.c,v 1.149 2022/12/26 19:16:03 jmc Exp $ */ +/* $OpenBSD: ssh-keyscan.c,v 1.150 2023/02/10 04:56:30 djm Exp $ */ /* * Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>. * @@ -40,6 +40,7 @@ #include "sshbuf.h" #include "sshkey.h" #include "cipher.h" +#include "digest.h" #include "kex.h" #include "compat.h" #include "myproposal.h" @@ -80,6 +81,8 @@ int print_sshfp = 0; /* Print SSHFP records instead of known_hosts */ int found_one = 0; /* Successfully found a key */ +int hashalg = -1; /* Hash for SSHFP records or -1 for all */ + #define MAXMAXFD 256 /* The number of seconds after which to give up on a TCP connection */ @@ -314,7 +317,7 @@ keyprint_one(const char *host, struct sshkey *key) found_one = 1; if (print_sshfp) { - export_dns_rr(host, key, stdout, 0); + export_dns_rr(host, key, stdout, 0, hashalg); return; } @@ -698,9 +701,8 @@ static void usage(void) { fprintf(stderr, - "usage: %s [-46cDHv] [-f file] [-p port] [-T timeout] [-t type]\n" - "\t\t [host | addrlist namelist]\n", - __progname); + "usage: ssh-keyscan [-46cDHv] [-f file] [-p port] [-T timeout] [-t type]\n" + " [-O option] [host | addrlist namelist]\n"); exit(1); } @@ -726,7 +728,7 @@ main(int argc, char **argv) if (argc <= 1) usage(); - while ((opt = getopt(argc, argv, "cDHv46p:T:t:f:")) != -1) { + while ((opt = getopt(argc, argv, "cDHv46O:p:T:t:f:")) != -1) { switch (opt) { case 'H': hash_hosts = 1; @@ -766,6 +768,14 @@ main(int argc, char **argv) optarg = NULL; argv[fopt_count++] = optarg; break; + case 'O': + /* Maybe other misc options in the future too */ + if (strncmp(optarg, "hashalg=", 8) != 0) + fatal("Unsupported -O option"); + if ((hashalg = ssh_digest_alg_by_name( + optarg + 8)) == -1) + fatal("Unsupported hash algorithm"); + break; case 't': get_keytypes = 0; tname = strtok(optarg, ","); |