Attachment #3127 for bug #2821

View | Details | Raw Unified | Return to bug 2821
Collapse All | Expand All

Lines 15-21 Link Here

(-)a/ssh-keyscan.1 (-1 / +11 lines)
15	.Sh SYNOPSIS	15	.Sh SYNOPSIS
16	.Nm ssh-keyscan	16	.Nm ssh-keyscan
17	.Bk -words	17	.Bk -words
18	.Op Fl 46cHv	18	.Op Fl 46cDHv
19	.Op Fl f Ar file	19	.Op Fl f Ar file
20	.Op Fl p Ar port	20	.Op Fl p Ar port
21	.Op Fl T Ar timeout	21	.Op Fl T Ar timeout
Lines 56-61 Forces Link Here
56	to use IPv6 addresses only.	56	to use IPv6 addresses only.
57	.It Fl c	57	.It Fl c
58	Request certificates from target hosts instead of plain keys.	58	Request certificates from target hosts instead of plain keys.
		59	.It Fl D
		60	Print keys found as SSHFP DNS records.
		61	The default is to print keys in a format usable as a
		62	.Xr ssh 1
		63	.Pa known_hosts
		64	file.
59	.It Fl f Ar file	65	.It Fl f Ar file
60	Read hosts or	66	Read hosts or
61	.Dq addrlist namelist	67	.Dq addrlist namelist
Lines 159-164 $ ssh-keyscan -t rsa,dsa,ecdsa,ed25519 -f ssh_hosts \| \e Link Here
159	.Sh SEE ALSO	165	.Sh SEE ALSO
160	.Xr ssh 1 ,	166	.Xr ssh 1 ,
161	.Xr sshd 8	167	.Xr sshd 8
		168	.%R RFC 4255
		169	.%T "Using DNS to Securely Publish Secure Shell (SSH) Key Fingerprints"
		170	.%D 2006
		171	.Re
162	.Sh AUTHORS	172	.Sh AUTHORS
163	.An -nosplit	173	.An -nosplit
164	.An David Mazieres Aq Mt dm@lcs.mit.edu	174	.An David Mazieres Aq Mt dm@lcs.mit.edu

Lines 40-45 Link Here

(-)a/ssh-keyscan.c (-3 / +15 lines)
40	#include "hostfile.h"	40	#include "hostfile.h"
41	#include "ssherr.h"	41	#include "ssherr.h"
42	#include "ssh_api.h"	42	#include "ssh_api.h"
		43	#include "dns.h"
43		44
44	/* Flag indicating whether IPv4 or IPv6. This can be set on the command line.	45	/* Flag indicating whether IPv4 or IPv6. This can be set on the command line.
45	Default value is AF_UNSPEC means both IPv4 and IPv6. */	46	Default value is AF_UNSPEC means both IPv4 and IPv6. */
Lines 60-65 int get_keytypes = KT_RSA\|KT_ECDSA\|KT_ED25519; Link Here
60		61
61	int hash_hosts = 0; /* Hash hostname on output */	62	int hash_hosts = 0; /* Hash hostname on output */
62		63
		64	int print_sshfp = 0; /* Print SSHFP records instead of known_hosts */
		65
63	#define MAXMAXFD 256	66	#define MAXMAXFD 256
64		67
65	/* The number of seconds after which to give up on a TCP connection */	68	/* The number of seconds after which to give up on a TCP connection */
Lines 260-265 keyprint_one(const char host, struct sshkey key) Link Here
260	char *hostport;	263	char *hostport;
261	const char known_host, hashed;	264	const char known_host, hashed;
262		265
		266	if (print_sshfp) {
		267	export_dns_rr(host, key, stdout, 0);
		268	return;
		269	}
		270
263	hostport = put_host_port(host, ssh_port);	271	hostport = put_host_port(host, ssh_port);
264	lowercase(hostport);	272	lowercase(hostport);
265	if (hash_hosts && (hashed = host_hash(host, NULL, 0)) == NULL)	273	if (hash_hosts && (hashed = host_hash(host, NULL, 0)) == NULL)
Lines 477-483 congreet(int s) Link Here
477	confree(s);	485	confree(s);
478	return;	486	return;
479	}	487	}
480	fprintf(stderr, "# %s:%d %s\n", c->c_name, ssh_port, chop(buf));	488	fprintf(stderr, "%c %s:%d %s\n", print_sshfp ? ';' : '#',
		489	c->c_name, ssh_port, chop(buf));
481	keygrab_ssh2(c);	490	keygrab_ssh2(c);
482	confree(s);	491	confree(s);
483	}	492	}
Lines 601-607 static void Link Here
601	usage(void)	610	usage(void)
602	{	611	{
603	fprintf(stderr,	612	fprintf(stderr,
604	"usage: %s [-46cHv] [-f file] [-p port] [-T timeout] [-t type]\n"	613	"usage: %s [-46cDHv] [-f file] [-p port] [-T timeout] [-t type]\n"
605	"\t\t [host \| addrlist namelist] ...\n",	614	"\t\t [host \| addrlist namelist] ...\n",
606	__progname);	615	__progname);
607	exit(1);	616	exit(1);
Lines 628-634 main(int argc, char **argv) Link Here
628	if (argc <= 1)	637	if (argc <= 1)
629	usage();	638	usage();
630		639
631	while ((opt = getopt(argc, argv, "cHv46p:T:t:f:")) != -1) {	640	while ((opt = getopt(argc, argv, "cDHv46p:T:t:f:")) != -1) {
632	switch (opt) {	641	switch (opt) {
633	case 'H':	642	case 'H':
634	hash_hosts = 1;	643	hash_hosts = 1;
Lines 636-641 main(int argc, char **argv) Link Here
636	case 'c':	645	case 'c':
637	get_cert = 1;	646	get_cert = 1;
638	break;	647	break;
		648	case 'D':
		649	print_sshfp = 1;
		650	break;
639	case 'p':	651	case 'p':
640	ssh_port = a2port(optarg);	652	ssh_port = a2port(optarg);
641	if (ssh_port <= 0) {	653	if (ssh_port <= 0) {

Lines 3-9 Link Here

(-)a/ssh-keyscan/Makefile (-1 / +1 lines)
3	.PATH: ${.CURDIR}/..	3	.PATH: ${.CURDIR}/..
4		4
5	SRCS= ssh-keyscan.c	5	SRCS= ssh-keyscan.c
6	SRCS+= atomicio.c cleanup.c compat.c hostfile.c ssh_api.c	6	SRCS+= atomicio.c cleanup.c compat.c hostfile.c ssh_api.c dns.c
7	SRCS+= ${SRCS_BASE} ${SRCS_KEX} ${SRCS_KEXC} ${SRCS_KEXS} ${SRCS_KEY} \	7	SRCS+= ${SRCS_BASE} ${SRCS_KEX} ${SRCS_KEXC} ${SRCS_KEXS} ${SRCS_KEY} \
8	${SRCS_PKT} ${SRCS_UTL}	8	${SRCS_PKT} ${SRCS_UTL}
9	PROG= ssh-keyscan	9	PROG= ssh-keyscan

Return to bug 2821