Bugzilla – Attachment 3127 Details for
Bug 2821
ssh-keyscan cannot generate SSHFP fingerprints
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Add ssh-keyscan -D flag for output in SSHFP format
bz2821.diff (text/plain), 3.24 KB, created by
Damien Miller
on 2018-02-23 13:55:26 AEDT
(
hide
)
Description:
Add ssh-keyscan -D flag for output in SSHFP format
Filename:
MIME Type:
Creator:
Damien Miller
Created:
2018-02-23 13:55:26 AEDT
Size:
3.24 KB
patch
obsolete
>diff --git a/ssh-keyscan.1 b/ssh-keyscan.1 >index aa4a2ae..6c088ee 100644 >--- a/ssh-keyscan.1 >+++ b/ssh-keyscan.1 >@@ -15,7 +15,7 @@ > .Sh SYNOPSIS > .Nm ssh-keyscan > .Bk -words >-.Op Fl 46cHv >+.Op Fl 46cDHv > .Op Fl f Ar file > .Op Fl p Ar port > .Op Fl T Ar timeout >@@ -56,6 +56,12 @@ Forces > to use IPv6 addresses only. > .It Fl c > Request certificates from target hosts instead of plain keys. >+.It Fl D >+Print keys found as SSHFP DNS records. >+The default is to print keys in a format usable as a >+.Xr ssh 1 >+.Pa known_hosts >+file. > .It Fl f Ar file > Read hosts or > .Dq addrlist namelist >@@ -159,6 +165,10 @@ $ ssh-keyscan -t rsa,dsa,ecdsa,ed25519 -f ssh_hosts | \e > .Sh SEE ALSO > .Xr ssh 1 , > .Xr sshd 8 >+.%R RFC 4255 >+.%T "Using DNS to Securely Publish Secure Shell (SSH) Key Fingerprints" >+.%D 2006 >+.Re > .Sh AUTHORS > .An -nosplit > .An David Mazieres Aq Mt dm@lcs.mit.edu >diff --git a/ssh-keyscan.c b/ssh-keyscan.c >index 0afc717..498dc30 100644 >--- a/ssh-keyscan.c >+++ b/ssh-keyscan.c >@@ -40,6 +40,7 @@ > #include "hostfile.h" > #include "ssherr.h" > #include "ssh_api.h" >+#include "dns.h" > > /* Flag indicating whether IPv4 or IPv6. This can be set on the command line. > Default value is AF_UNSPEC means both IPv4 and IPv6. */ >@@ -60,6 +61,8 @@ int get_keytypes = KT_RSA|KT_ECDSA|KT_ED25519; > > int hash_hosts = 0; /* Hash hostname on output */ > >+int print_sshfp = 0; /* Print SSHFP records instead of known_hosts */ >+ > #define MAXMAXFD 256 > > /* The number of seconds after which to give up on a TCP connection */ >@@ -260,6 +263,11 @@ keyprint_one(const char *host, struct sshkey *key) > char *hostport; > const char *known_host, *hashed; > >+ if (print_sshfp) { >+ export_dns_rr(host, key, stdout, 0); >+ return; >+ } >+ > hostport = put_host_port(host, ssh_port); > lowercase(hostport); > if (hash_hosts && (hashed = host_hash(host, NULL, 0)) == NULL) >@@ -477,7 +485,8 @@ congreet(int s) > confree(s); > return; > } >- fprintf(stderr, "# %s:%d %s\n", c->c_name, ssh_port, chop(buf)); >+ fprintf(stderr, "%c %s:%d %s\n", print_sshfp ? ';' : '#', >+ c->c_name, ssh_port, chop(buf)); > keygrab_ssh2(c); > confree(s); > } >@@ -601,7 +610,7 @@ static void > usage(void) > { > fprintf(stderr, >- "usage: %s [-46cHv] [-f file] [-p port] [-T timeout] [-t type]\n" >+ "usage: %s [-46cDHv] [-f file] [-p port] [-T timeout] [-t type]\n" > "\t\t [host | addrlist namelist] ...\n", > __progname); > exit(1); >@@ -628,7 +637,7 @@ main(int argc, char **argv) > if (argc <= 1) > usage(); > >- while ((opt = getopt(argc, argv, "cHv46p:T:t:f:")) != -1) { >+ while ((opt = getopt(argc, argv, "cDHv46p:T:t:f:")) != -1) { > switch (opt) { > case 'H': > hash_hosts = 1; >@@ -636,6 +645,9 @@ main(int argc, char **argv) > case 'c': > get_cert = 1; > break; >+ case 'D': >+ print_sshfp = 1; >+ break; > case 'p': > ssh_port = a2port(optarg); > if (ssh_port <= 0) { >diff --git a/ssh-keyscan/Makefile b/ssh-keyscan/Makefile >index 871ac91..e4896ea 100644 >--- a/ssh-keyscan/Makefile >+++ b/ssh-keyscan/Makefile >@@ -3,7 +3,7 @@ > .PATH: ${.CURDIR}/.. > > SRCS= ssh-keyscan.c >-SRCS+= atomicio.c cleanup.c compat.c hostfile.c ssh_api.c >+SRCS+= atomicio.c cleanup.c compat.c hostfile.c ssh_api.c dns.c > SRCS+= ${SRCS_BASE} ${SRCS_KEX} ${SRCS_KEXC} ${SRCS_KEXS} ${SRCS_KEY} \ > ${SRCS_PKT} ${SRCS_UTL} > PROG= ssh-keyscan
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Flags:
dtucker
:
ok+
Actions:
View
|
Diff
Attachments on
bug 2821
: 3127