summaryrefslogtreecommitdiffstats
path: root/ssh-keyscan.c
diff options
context:
space:
mode:
authordjm@openbsd.org <djm@openbsd.org>2023-02-10 05:56:30 +0100
committerDamien Miller <djm@mindrot.org>2023-02-10 06:12:42 +0100
commitd651f5c9fe37e61491eee46c49ba9fa03dbc0e6a (patch)
tree68af6f6192662f1a1ed98c4234bfde344761eadf /ssh-keyscan.c
parentupstream: add a `sshd -G` option that parses and prints the (diff)
downloadopenssh-d651f5c9fe37e61491eee46c49ba9fa03dbc0e6a.tar.xz
openssh-d651f5c9fe37e61491eee46c49ba9fa03dbc0e6a.zip
upstream: let ssh-keygen and ssh-keyscan accept
-Ohashalg=sha1|sha256 when outputting SSHFP fingerprints to allow algorithm selection. bz3493 ok dtucker@ OpenBSD-Commit-ID: e6e07fe21318a873bd877f333e189eb963a11b3d
Diffstat (limited to 'ssh-keyscan.c')
-rw-r--r--ssh-keyscan.c22
1 files changed, 16 insertions, 6 deletions
diff --git a/ssh-keyscan.c b/ssh-keyscan.c
index 1318c2fa6..ad574eaf5 100644
--- a/ssh-keyscan.c
+++ b/ssh-keyscan.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keyscan.c,v 1.149 2022/12/26 19:16:03 jmc Exp $ */
+/* $OpenBSD: ssh-keyscan.c,v 1.150 2023/02/10 04:56:30 djm Exp $ */
/*
* Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
*
@@ -40,6 +40,7 @@
#include "sshbuf.h"
#include "sshkey.h"
#include "cipher.h"
+#include "digest.h"
#include "kex.h"
#include "compat.h"
#include "myproposal.h"
@@ -80,6 +81,8 @@ int print_sshfp = 0; /* Print SSHFP records instead of known_hosts */
int found_one = 0; /* Successfully found a key */
+int hashalg = -1; /* Hash for SSHFP records or -1 for all */
+
#define MAXMAXFD 256
/* The number of seconds after which to give up on a TCP connection */
@@ -314,7 +317,7 @@ keyprint_one(const char *host, struct sshkey *key)
found_one = 1;
if (print_sshfp) {
- export_dns_rr(host, key, stdout, 0);
+ export_dns_rr(host, key, stdout, 0, hashalg);
return;
}
@@ -698,9 +701,8 @@ static void
usage(void)
{
fprintf(stderr,
- "usage: %s [-46cDHv] [-f file] [-p port] [-T timeout] [-t type]\n"
- "\t\t [host | addrlist namelist]\n",
- __progname);
+ "usage: ssh-keyscan [-46cDHv] [-f file] [-p port] [-T timeout] [-t type]\n"
+ " [-O option] [host | addrlist namelist]\n");
exit(1);
}
@@ -726,7 +728,7 @@ main(int argc, char **argv)
if (argc <= 1)
usage();
- while ((opt = getopt(argc, argv, "cDHv46p:T:t:f:")) != -1) {
+ while ((opt = getopt(argc, argv, "cDHv46O:p:T:t:f:")) != -1) {
switch (opt) {
case 'H':
hash_hosts = 1;
@@ -766,6 +768,14 @@ main(int argc, char **argv)
optarg = NULL;
argv[fopt_count++] = optarg;
break;
+ case 'O':
+ /* Maybe other misc options in the future too */
+ if (strncmp(optarg, "hashalg=", 8) != 0)
+ fatal("Unsupported -O option");
+ if ((hashalg = ssh_digest_alg_by_name(
+ optarg + 8)) == -1)
+ fatal("Unsupported hash algorithm");
+ break;
case 't':
get_keytypes = 0;
tname = strtok(optarg, ",");