- markus@cvs.openbsd.org 2001/08/05 23:18:20

[ssh-keyscan.1 ssh-keyscan.c] ssh 2 support; from wayned@users.sourceforge.net
2001-08-06 22:41:30 +00:00 · 2001-08-06 22:41:30 +00:00 · 325e70c90f
parent ddfb1e3a89
commit 325e70c90f
3 changed files with 300 additions and 96 deletions
--- a/5
+++ b/5
@ -138,6 +138,9 @@
   - jakob@cvs.openbsd.org 2001/08/03 10:31:30
     [ssh-add.c ssh-agent.c ssh-keyscan.c]
     improve usage(). ok markus@
   - markus@cvs.openbsd.org 2001/08/05 23:18:20
     [ssh-keyscan.1 ssh-keyscan.c]
     ssh 2 support; from wayned@users.sourceforge.net
 20010803
 - (djm) Fix interrupted read in entropy gatherer. Spotted by markus@ on
@ -6248,4 +6251,4 @@
 - Wrote replacements for strlcpy and mkdtemp
 - Released 1.0pre1
-$Id: ChangeLog,v 1.1462 2001/08/06 22:06:35 mouring Exp $
+$Id: ChangeLog,v 1.1463 2001/08/06 22:41:30 mouring Exp $
--- a/ssh-keyscan.1
+++ b/ssh-keyscan.1
@ -1,4 +1,4 @@
-.\"	$OpenBSD: ssh-keyscan.1,v 1.9 2001/08/02 18:37:35 mpech Exp $
+.\"	$OpenBSD: ssh-keyscan.1,v 1.10 2001/08/05 23:18:20 markus Exp $
 .\"
 .\" Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
 .\"
@ -14,9 +14,13 @@
 .Nd gather ssh public keys
 .Sh SYNOPSIS
 .Nm ssh-keyscan
-.Op Fl t Ar timeout
+.Op Fl v46
-.Op Ar -- | host | addrlist namelist
+.Op Fl p Ar port
-.Op Fl f Ar files ...
+.Op Fl T Ar timeout
 .Op Fl t Ar type
 .Op Fl f Ar file
 .Op Ar host | addrlist namelist
 .Op Ar ...
 .Sh DESCRIPTION
 .Nm
 is a utility for gathering the public ssh host keys of a number of
@ -37,14 +41,28 @@ any encryption.
 .Pp
 The options are as follows:
 .Bl -tag -width Ds
-.It Fl t
+.It Fl p Ar port
 Port to connect to on the remote host.
 .It Fl T
 Set the timeout for connection attempts.  If
 .Pa timeout
 seconds have elapsed since a connection was initiated to a host or since the
 last time anything was read from that host, then the connection is
 closed and the host in question considered unavailable.  Default is 5
 seconds.
-.It Fl f
+.It Fl t Ar type
 Specifies the type of the key to fetch from the following hosts.
 The possible values are
 .Dq rsa1
 for protocol version 1 and
 .Dq rsa
 or
 .Dq dsa
 for protocol version 2.
 Multiple values may be specified by separating them with commas.
 The default is
 .Dq rsa1 .
 .It Fl f Ar filename
 Read hosts or
 .Pa addrlist namelist
 pairs from this file, one per line.
@ -55,6 +73,19 @@ is supplied instead of a filename,
 will read hosts or
 .Pa addrlist namelist
 pairs from the standard input.
 .It Fl v
 Verbose mode.
 Causes
 .Nm
 to print debugging messages about its progress.
 .It Fl 4
 Forces
 .Nm
 to use IPv4 addresses only.
 .It Fl 6
 Forces
 .Nm
 to use IPv6 addresses only.
 .El
 .Sh SECURITY
 If you make an ssh_known_hosts file using
@ -67,7 +98,10 @@ On the other hand, if your security model allows such a risk,
 can help you detect tampered keyfiles or man in the middle attacks which
 have begun after you created your ssh_known_hosts file.
 .Sh EXAMPLES
-Print the host key for machine
+.Pp
 Print the
 .Pa rsa1
 host key for machine
 .Pa hostname :
 .Bd -literal
 ssh-keyscan hostname
@ -78,20 +112,36 @@ Find all hosts from the file
 which have new or different keys from those in the sorted file
 .Pa ssh_known_hosts :
 .Bd -literal
-$ ssh-keyscan -f ssh_hosts | sort -u - ssh_known_hosts | \e\ 
+ssh-keyscan -t rsa,dsa -f ssh_hosts | \e\ 
-	diff ssh_known_hosts -
+	sort -u - ssh_known_hosts | diff ssh_known_hosts -
 .Ed
 .Sh FILES
 .Pa Input format:
 .Bd -literal
 1.2.3.4,1.2.4.4 name.my.domain,name,n.my.domain,n,1.2.3.4,1.2.4.4
 .Ed
 .Pp
-.Pa Output format:
+.Pa Output format for rsa1 keys:
 .Bd -literal
 host-or-namelist bits exponent modulus
 .Ed
 .Pp
 .Pa Output format for rsa and dsa keys:
 .Bd -literal
 host-or-namelist keytype base64-encoded-key
 .Ed
 .Pp
 Where
 .Pa keytype
 is either
 .Dq ssh-rsa
 or
 .Dq ssh-dsa .
 .Pp
 .Pa /etc/ssh_known_hosts
 .Sh BUGS
 It generates "Connection closed by remote host" messages on the consoles
-of all the machines it scans.
+of all the machines it scans if the server is older than version 2.9.
 This is because it opens a connection to the ssh port, reads the public
 key, and drops the connection as soon as it gets the key.
 .Sh SEE ALSO
@ -99,3 +149,6 @@ key, and drops the connection as soon as it gets the key.
 .Xr sshd 8
 .Sh AUTHORS
 David Mazieres <dm@lcs.mit.edu>
 wrote the initial version, and
 Wayne Davison <wayned@users.sourceforge.net>
 added support for protocol version 2.
--- a/ssh-keyscan.c
+++ b/ssh-keyscan.c
@ -7,7 +7,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: ssh-keyscan.c,v 1.25 2001/08/03 10:31:30 jakob Exp $");
+RCSID("$OpenBSD: ssh-keyscan.c,v 1.26 2001/08/05 23:18:20 markus Exp $");
 #if defined(HAVE_SYS_QUEUE_H) && !defined(HAVE_BOGUS_SYS_QUEUE_H)
 #include <sys/queue.h>
@ -18,18 +18,37 @@ RCSID("$OpenBSD: ssh-keyscan.c,v 1.25 2001/08/03 10:31:30 jakob Exp $");
 #include <openssl/bn.h>
 #include <setjmp.h>
 #include "xmalloc.h"
 #include "ssh.h"
 #include "ssh1.h"
 #include "key.h"
 #include "kex.h"
 #include "compat.h"
 #include "myproposal.h"
 #include "packet.h"
 #include "dispatch.h"
 #include "buffer.h"
 #include "bufaux.h"
 #include "log.h"
 #include "atomicio.h"
 #include "misc.h"
-static int argno = 1;		/* Number of argument currently being parsed */
+/* Flag indicating whether IPv4 or IPv6.  This can be set on the command line.
   Default value is AF_UNSPEC means both IPv4 and IPv6. */
 #ifdef IPV4_DEFAULT
 int IPv4or6 = AF_INET;
 #else
 int IPv4or6 = AF_UNSPEC;
 #endif
-int family = AF_UNSPEC;		/* IPv4, IPv6 or both */
+int ssh_port = SSH_DEFAULT_PORT;
 #define KT_RSA1       1
 #define KT_DSA        2
 #define KT_RSA        4
 int get_keytypes = KT_RSA1;   /* Get only RSA1 keys by default */
 #define MAXMAXFD 256
@ -47,6 +66,8 @@ char *__progname;
 fd_set *read_wait;
 size_t read_wait_size;
 int ncon;
 int nonfatal_fatal = 0;
 jmp_buf kexjmp;
 /*
 * Keep a connection structure for each file descriptor.  The state
@ -62,11 +83,13 @@ typedef struct Connection {
 	int c_plen;		/* Packet length field for ssh packet */
 	int c_len;		/* Total bytes which must be read. */
 	int c_off;		/* Length of data read so far. */
 	int c_keytype;		/* Only one of KT_RSA1, KT_DSA, or KT_RSA */
 	char *c_namebase;	/* Address to free for c_name and c_namelist */
 	char *c_name;		/* Hostname of connection for errors */
 	char *c_namelist;	/* Pointer to other possible addresses */
 	char *c_output_name;	/* Hostname of connection for output */
 	char *c_data;		/* Data read from this fd */
 	Kex *c_kex;		/* The key-exchange struct for ssh2 */
 	struct timeval c_tv;	/* Time at which connection gets aborted */
 	TAILQ_ENTRY(Connection) c_link;	/* List of connections in timeout order. */
 } con;
@ -262,8 +285,8 @@ strnnsep(char **stringp, char *delim)
 	return (tok);
 }
-static void
+static Key *
-keyprint(char *host, char *output_name, char *kd, int len)
+keygrab_ssh1(con *c)
 {
 	static Key *rsa;
 	static Buffer msg;
@ -272,12 +295,12 @@ keyprint(char *host, char *output_name, char *kd, int len)
 		buffer_init(&msg);
 		rsa = key_new(KEY_RSA1);
 	}
-	buffer_append(&msg, kd, len);
+	buffer_append(&msg, c->c_data, c->c_plen);
-	buffer_consume(&msg, 8 - (len & 7));	/* padding */
+	buffer_consume(&msg, 8 - (c->c_plen & 7));	/* padding */
 	if (buffer_get_char(&msg) != (int) SSH_SMSG_PUBLIC_KEY) {
-		error("%s: invalid packet type", host);
+		error("%s: invalid packet type", c->c_name);
 		buffer_clear(&msg);
-		return;
+		return NULL;
 	}
 	buffer_consume(&msg, 8);		/* cookie */
@ -290,10 +313,70 @@ keyprint(char *host, char *output_name, char *kd, int len)
 	(void) buffer_get_int(&msg);
 	buffer_get_bignum(&msg, rsa->rsa->e);
 	buffer_get_bignum(&msg, rsa->rsa->n);
 	buffer_clear(&msg);
-	fprintf(stdout, "%s ", output_name ? output_name : host);
+	return (rsa);
-	key_write(rsa, stdout);
+}
 static int
 hostjump(Key *hostkey)
 {
 	longjmp(kexjmp, (int)hostkey);
 }
 static int
 ssh2_capable(int remote_major, int remote_minor)
 {
 	switch (remote_major) {
 	case 1:
 		if (remote_minor == 99)
 			return 1;
 		break;
 	case 2:
 		return 1;
 	default:
 		break;
 	}
 	return 0;
 }
 static Key *
 keygrab_ssh2(con *c)
 {
 	int j;
 	packet_set_connection(c->c_fd, c->c_fd);
 	enable_compat20();
 	myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = c->c_keytype == KT_DSA?
 	    "ssh-dss": "ssh-rsa";
 	c->c_kex = kex_setup(myproposal);
 	c->c_kex->verify_host_key = hostjump;
 	if (!(j = setjmp(kexjmp))) {
 		nonfatal_fatal = 1;
 		dispatch_run(DISPATCH_BLOCK, &c->c_kex->done, c->c_kex);
 		fprintf(stderr, "Impossible! dispatch_run() returned!\n");
 		exit(1);
 	}
 	nonfatal_fatal = 0;
 	xfree(c->c_kex);
 	c->c_kex = NULL;
 	packet_close();
 	if (j < 0)
 		j = 0;
 	return (Key*)(j);
 }
 static void
 keyprint(con *c, Key *key)
 {
 	if (!key)
 		return;
 	fprintf(stdout, "%s ", c->c_output_name ? c->c_output_name : c->c_name);
 	key_write(key, stdout);
 	fputs("\n", stdout);
 }
@ -304,9 +387,9 @@ tcpconnect(char *host)
 	char strport[NI_MAXSERV];
 	int gaierr, s = -1;
-	snprintf(strport, sizeof strport, "%d", SSH_DEFAULT_PORT);
+	snprintf(strport, sizeof strport, "%d", ssh_port);
 	memset(&hints, 0, sizeof(hints));
-	hints.ai_family = family;
+	hints.ai_family = IPv4or6;
 	hints.ai_socktype = SOCK_STREAM;
 	if ((gaierr = getaddrinfo(host, strport, &hints, &aitop)) != 0)
 		fatal("getaddrinfo %s: %s", host, gai_strerror(gaierr));
@ -331,7 +414,7 @@ tcpconnect(char *host)
 }
 static int
-conalloc(char *iname, char *oname)
+conalloc(char *iname, char *oname, int keytype)
 {
 	int s;
 	char *namebase, *name, *namelist;
@ -360,6 +443,7 @@ conalloc(char *iname, char *oname)
 	fdcon[s].c_data = (char *) &fdcon[s].c_plen;
 	fdcon[s].c_len = 4;
 	fdcon[s].c_off = 0;
 	fdcon[s].c_keytype = keytype;
 	gettimeofday(&fdcon[s].c_tv, NULL);
 	fdcon[s].c_tv.tv_sec += timeout;
 	TAILQ_INSERT_TAIL(&tq, &fdcon[s], c_link);
@ -379,6 +463,7 @@ confree(int s)
 	if (fdcon[s].c_status == CS_KEYS)
 		xfree(fdcon[s].c_data);
 	fdcon[s].c_status = CS_UNUSED;
 	fdcon[s].c_keytype = 0;
 	TAILQ_REMOVE(&tq, &fdcon[s], c_link);
 	FD_CLR(s, read_wait);
 	ncon--;
@ -398,21 +483,16 @@ conrecycle(int s)
 {
 	int ret;
 	con *c = &fdcon[s];
 	char *iname, *oname;
-	iname = xstrdup(c->c_namelist);
+	ret = conalloc(c->c_namelist, c->c_output_name, c->c_keytype);
 	oname = xstrdup(c->c_output_name);
 	confree(s);
 	ret = conalloc(iname, oname);
 	xfree(iname);
 	xfree(oname);
 	return (ret);
 }
 static void
 congreet(int s)
 {
-	char buf[80], *cp;
+	char buf[256], *cp;
 	size_t bufsiz;
 	int n = 0;
 	con *c = &fdcon[s];
@ -434,12 +514,34 @@ congreet(int s)
 	}
 	*cp = '\0';
 	fprintf(stderr, "# %s %s\n", c->c_name, buf);
-	n = snprintf(buf, sizeof buf, "SSH-1.5-OpenSSH-keyscan\r\n");
+	if (c->c_keytype != KT_RSA1) {
 		int remote_major, remote_minor;
 		char remote_version[sizeof buf];
 		if (sscanf(buf, "SSH-%d.%d-%[^\n]\n",
 		    &remote_major, &remote_minor, remote_version) == 3)
 			compat_datafellows(remote_version);
 		else
 			datafellows = 0;
 		if (!ssh2_capable(remote_major, remote_minor)) {
 			debug("%s doesn't support ssh2", c->c_name);
 			confree(s);
 			return;
 		}
 	}
 	n = snprintf(buf, sizeof buf, "SSH-%d.%d-OpenSSH-keyscan\r\n",
 	    c->c_keytype == KT_RSA1? PROTOCOL_MAJOR_1 : PROTOCOL_MAJOR_2,
 	    c->c_keytype == KT_RSA1? PROTOCOL_MINOR_1 : PROTOCOL_MINOR_2);
 	if (atomicio(write, s, buf, n) != n) {
 		error("write (%s): %s", c->c_name, strerror(errno));
 		confree(s);
 		return;
 	}
 	if (c->c_keytype != KT_RSA1) {
 		keyprint(c, keygrab_ssh2(c));
 		confree(s);
 		return;
 	}
 	c->c_status = CS_SIZE;
 	contouch(s);
 }
@ -472,7 +574,7 @@ conread(int s)
 			c->c_status = CS_KEYS;
 			break;
 		case CS_KEYS:
-			keyprint(c->c_name, c->c_output_name, c->c_data, c->c_plen);
+			keyprint(c, keygrab_ssh1(c));
 			confree(s);
 			return;
 			break;
@ -536,86 +638,128 @@ conloop(void)
 	}
 }
-static char *
+static void
-nexthost(int argc, char **argv)
+do_host(char *host)
 {
-	static Linebuf *lb;
+	char *name = strnnsep(&host, " \t\n");
 	int j;
-	for (;;) {
+	for (j = KT_RSA1; j <= KT_RSA; j *= 2) {
-		if (!lb) {
+		if (get_keytypes & j) {
-			if (argno >= argc)
+			while (ncon >= MAXCON)
-				return (NULL);
+				conloop();
-			if (argv[argno][0] != '-')
+			conalloc(name, *host ? host : name, j);
 				return (argv[argno++]);
 			if (!strcmp(argv[argno], "--")) {
 				if (++argno >= argc)
 					return (NULL);
 				return (argv[argno++]);
 			} else if (!strncmp(argv[argno], "-f", 2)) {
 				char *fname;
 				if (argv[argno][2])
 					fname = &argv[argno++][2];
 				else if (++argno >= argc) {
 					error("missing filename for `-f'");
 					return (NULL);
 				} else
 					fname = argv[argno++];
 				if (!strcmp(fname, "-"))
 					fname = NULL;
 				lb = Linebuf_alloc(fname, error);
 			} else
 				error("ignoring invalid/misplaced option `%s'",
 				    argv[argno++]);
 		} else {
 			char *line;
 			line = Linebuf_getline(lb);
 			if (line)
 				return (line);
 			Linebuf_free(lb);
 			lb = NULL;
 		}
 	}
 }
 static void
 fatal_callback(void *arg)
 {
 	if (nonfatal_fatal)
 		longjmp(kexjmp, -1);
 }
 static void
 usage(void)
 {
-	fprintf(stderr, "Usage: %s [options] [ host | addrlist namelist ]\n",
+	fprintf(stderr, "Usage: %s [options] host ...\n",
 	    __progname);
 	fprintf(stderr, "Options:\n");
 	fprintf(stderr, "  -t timeout  Set connection timeout.\n");
 	fprintf(stderr, "  -f file     Read hosts or addresses from file.\n");
 	fprintf(stderr, "  -p port     Connect to the specified port.\n");
 	fprintf(stderr, "  -t keytype  Specify the host key type.\n");
 	fprintf(stderr, "  -T timeout  Set connection timeout.\n");
 	fprintf(stderr, "  -v          Verbose; display verbose debugging messages.\n");
 	fprintf(stderr, "  -4          Use IPv4 only.\n");
 	fprintf(stderr, "  -6          Use IPv6 only.\n");
 	exit(1);
 }
 int
 main(int argc, char **argv)
 {
-	char *host = NULL;
+	int debug_flag = 0, log_level = SYSLOG_LEVEL_INFO;
 	int opt, fopt_count = 0;
 	char *tname;
 	extern int optind;
 	extern char *optarg;
 	__progname = get_progname(argv[0]);
 	TAILQ_INIT(&tq);
-	if (argc <= argno)
+	if (argc <= 1)
 		usage();
-	if (argv[1][0] == '-' && argv[1][1] == 't') {
+	while ((opt = getopt(argc, argv, "v46p:T:t:f:")) != -1) {
-		argno++;
+		switch (opt) {
-		if (argv[1][2])
+		case 'p':
-			timeout = atoi(&argv[1][2]);
+			ssh_port = a2port(optarg);
-		else {
+			if (ssh_port == 0) {
-			if (argno >= argc)
+				fprintf(stderr, "Bad port '%s'\n", optarg);
 				exit(1);
 			}
 			break;
 		case 'T':
 			timeout = atoi(optarg);
 			if (timeout <= 0)
 				usage();
-			timeout = atoi(argv[argno++]);
+			break;
-		}
+		case 'v':
-		if (timeout <= 0)
+			if (!debug_flag) {
 				debug_flag = 1;
 				log_level = SYSLOG_LEVEL_DEBUG1;
 			}
 			else if (log_level < SYSLOG_LEVEL_DEBUG3)
 				log_level++;
 			else
 				fatal("Too high debugging level.");
 			break;
                case 'f':
 			if (strcmp(optarg, "-") == 0)
 				optarg = NULL;
 			argv[fopt_count++] = optarg;
 			break;
 		case 't':
 			get_keytypes = 0;
 			tname = strtok(optarg, ",");
 			while (tname) {
 				int type = key_type_from_name(tname);
 				switch (type) {
 				case KEY_RSA1:
 					get_keytypes |= KT_RSA1;
 					break;
 				case KEY_DSA:
 					get_keytypes |= KT_DSA;
 					break;
 				case KEY_RSA:
 					get_keytypes |= KT_RSA;
 					break;
 				case KEY_UNSPEC:
 					fatal("unknown key type %s\n", tname);
 				}
 				tname = strtok(NULL, ",");
 			}
 			break;
 		case '4':
 			IPv4or6 = AF_INET;
 			break;
 		case '6':
 			IPv4or6 = AF_INET6;
 			break;
 		case '?':
 		default:
 			usage();
 		}
 	}
-	if (argc <= argno)
+	if (optind == argc && !fopt_count)
 		usage();
 	log_init("ssh-keyscan", log_level, SYSLOG_FACILITY_USER, 1);
 	fatal_add_cleanup(fatal_callback, NULL);
 	maxfd = fdlim_get(1);
 	if (maxfd < 0)
 		fatal("%s: fdlim_get: bad value", __progname);
@ -632,18 +776,22 @@ main(int argc, char **argv)
 	read_wait = xmalloc(read_wait_size);
 	memset(read_wait, 0, read_wait_size);
-	do {
+	if (fopt_count) {
-		while (ncon < MAXCON) {
+		Linebuf *lb;
-			char *name;
+		char *line;
 		int j;
-			host = nexthost(argc, argv);
+		for (j = 0; j < fopt_count; j++) {
-			if (host == NULL)
+			lb = Linebuf_alloc(argv[j], error);
-				break;
+			while ((line = Linebuf_getline(lb)) != NULL)
-			name = strnnsep(&host, " \t\n");
+				do_host(line);
-			conalloc(name, *host ? host : name);
+			Linebuf_free(lb);
 		}
-		conloop();
+	}
-	} while (host);
+
 	while (optind < argc)
 		do_host(argv[optind++]);
 	while (ncon > 0)
 		conloop();