- djm@cvs.openbsd.org 2011/10/18 05:00:48
[ssh-add.1 ssh-add.c] new "ssh-add -k" option to load plain keys (skipping certificates); "looks ok" markus@
This commit is contained in:
parent
c51a5ab2c6
commit
8f4279e4ab
|
@ -16,6 +16,10 @@
|
||||||
[auth-options.c key.c]
|
[auth-options.c key.c]
|
||||||
remove explict search for \0 in packet strings, this job is now done
|
remove explict search for \0 in packet strings, this job is now done
|
||||||
implicitly by buffer_get_cstring; ok markus
|
implicitly by buffer_get_cstring; ok markus
|
||||||
|
- djm@cvs.openbsd.org 2011/10/18 05:00:48
|
||||||
|
[ssh-add.1 ssh-add.c]
|
||||||
|
new "ssh-add -k" option to load plain keys (skipping certificates);
|
||||||
|
"looks ok" markus@
|
||||||
|
|
||||||
20111001
|
20111001
|
||||||
- (dtucker) [openbsd-compat/mktemp.c] Fix compiler warning. ok djm
|
- (dtucker) [openbsd-compat/mktemp.c] Fix compiler warning. ok djm
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
.\" $OpenBSD: ssh-add.1,v 1.55 2010/10/28 18:33:28 jmc Exp $
|
.\" $OpenBSD: ssh-add.1,v 1.56 2011/10/18 05:00:48 djm Exp $
|
||||||
.\"
|
.\"
|
||||||
.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
|
.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||||
.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||||
|
@ -35,7 +35,7 @@
|
||||||
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||||
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||||
.\"
|
.\"
|
||||||
.Dd $Mdocdate: October 28 2010 $
|
.Dd $Mdocdate: October 18 2011 $
|
||||||
.Dt SSH-ADD 1
|
.Dt SSH-ADD 1
|
||||||
.Os
|
.Os
|
||||||
.Sh NAME
|
.Sh NAME
|
||||||
|
@ -43,7 +43,7 @@
|
||||||
.Nd adds private key identities to the authentication agent
|
.Nd adds private key identities to the authentication agent
|
||||||
.Sh SYNOPSIS
|
.Sh SYNOPSIS
|
||||||
.Nm ssh-add
|
.Nm ssh-add
|
||||||
.Op Fl cDdLlXx
|
.Op Fl cDdkLlXx
|
||||||
.Op Fl t Ar life
|
.Op Fl t Ar life
|
||||||
.Op Ar
|
.Op Ar
|
||||||
.Nm ssh-add
|
.Nm ssh-add
|
||||||
|
@ -110,6 +110,9 @@ and retry.
|
||||||
.It Fl e Ar pkcs11
|
.It Fl e Ar pkcs11
|
||||||
Remove keys provided by the PKCS#11 shared library
|
Remove keys provided by the PKCS#11 shared library
|
||||||
.Ar pkcs11 .
|
.Ar pkcs11 .
|
||||||
|
.It Fl k
|
||||||
|
When loading keys into the agent, load plain private keys only and skip
|
||||||
|
certificates.
|
||||||
.It Fl L
|
.It Fl L
|
||||||
Lists public key parameters of all identities currently represented
|
Lists public key parameters of all identities currently represented
|
||||||
by the agent.
|
by the agent.
|
||||||
|
|
25
ssh-add.c
25
ssh-add.c
|
@ -1,4 +1,4 @@
|
||||||
/* $OpenBSD: ssh-add.c,v 1.101 2011/05/04 21:15:29 djm Exp $ */
|
/* $OpenBSD: ssh-add.c,v 1.102 2011/10/18 05:00:48 djm Exp $ */
|
||||||
/*
|
/*
|
||||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||||
|
@ -139,11 +139,11 @@ delete_all(AuthenticationConnection *ac)
|
||||||
}
|
}
|
||||||
|
|
||||||
static int
|
static int
|
||||||
add_file(AuthenticationConnection *ac, const char *filename)
|
add_file(AuthenticationConnection *ac, const char *filename, int key_only)
|
||||||
{
|
{
|
||||||
Key *private, *cert;
|
Key *private, *cert;
|
||||||
char *comment = NULL;
|
char *comment = NULL;
|
||||||
char msg[1024], *certpath;
|
char msg[1024], *certpath = NULL;
|
||||||
int fd, perms_ok, ret = -1;
|
int fd, perms_ok, ret = -1;
|
||||||
Buffer keyblob;
|
Buffer keyblob;
|
||||||
|
|
||||||
|
@ -219,6 +219,9 @@ add_file(AuthenticationConnection *ac, const char *filename)
|
||||||
fprintf(stderr, "Could not add identity: %s\n", filename);
|
fprintf(stderr, "Could not add identity: %s\n", filename);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* Skip trying to load the cert if requested */
|
||||||
|
if (key_only)
|
||||||
|
goto out;
|
||||||
|
|
||||||
/* Now try to add the certificate flavour too */
|
/* Now try to add the certificate flavour too */
|
||||||
xasprintf(&certpath, "%s-cert.pub", filename);
|
xasprintf(&certpath, "%s-cert.pub", filename);
|
||||||
|
@ -253,6 +256,7 @@ add_file(AuthenticationConnection *ac, const char *filename)
|
||||||
if (confirm != 0)
|
if (confirm != 0)
|
||||||
fprintf(stderr, "The user must confirm each use of the key\n");
|
fprintf(stderr, "The user must confirm each use of the key\n");
|
||||||
out:
|
out:
|
||||||
|
if (certpath != NULL)
|
||||||
xfree(certpath);
|
xfree(certpath);
|
||||||
xfree(comment);
|
xfree(comment);
|
||||||
key_free(private);
|
key_free(private);
|
||||||
|
@ -347,13 +351,13 @@ lock_agent(AuthenticationConnection *ac, int lock)
|
||||||
}
|
}
|
||||||
|
|
||||||
static int
|
static int
|
||||||
do_file(AuthenticationConnection *ac, int deleting, char *file)
|
do_file(AuthenticationConnection *ac, int deleting, int key_only, char *file)
|
||||||
{
|
{
|
||||||
if (deleting) {
|
if (deleting) {
|
||||||
if (delete_file(ac, file) == -1)
|
if (delete_file(ac, file) == -1)
|
||||||
return -1;
|
return -1;
|
||||||
} else {
|
} else {
|
||||||
if (add_file(ac, file) == -1)
|
if (add_file(ac, file, key_only) == -1)
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
return 0;
|
return 0;
|
||||||
|
@ -383,7 +387,7 @@ main(int argc, char **argv)
|
||||||
extern int optind;
|
extern int optind;
|
||||||
AuthenticationConnection *ac = NULL;
|
AuthenticationConnection *ac = NULL;
|
||||||
char *pkcs11provider = NULL;
|
char *pkcs11provider = NULL;
|
||||||
int i, ch, deleting = 0, ret = 0;
|
int i, ch, deleting = 0, ret = 0, key_only = 0;
|
||||||
|
|
||||||
/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
|
/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
|
||||||
sanitise_stdfd();
|
sanitise_stdfd();
|
||||||
|
@ -400,8 +404,11 @@ main(int argc, char **argv)
|
||||||
"Could not open a connection to your authentication agent.\n");
|
"Could not open a connection to your authentication agent.\n");
|
||||||
exit(2);
|
exit(2);
|
||||||
}
|
}
|
||||||
while ((ch = getopt(argc, argv, "lLcdDxXe:s:t:")) != -1) {
|
while ((ch = getopt(argc, argv, "klLcdDxXe:s:t:")) != -1) {
|
||||||
switch (ch) {
|
switch (ch) {
|
||||||
|
case 'k':
|
||||||
|
key_only = 1;
|
||||||
|
break;
|
||||||
case 'l':
|
case 'l':
|
||||||
case 'L':
|
case 'L':
|
||||||
if (list_identities(ac, ch == 'l' ? 1 : 0) == -1)
|
if (list_identities(ac, ch == 'l' ? 1 : 0) == -1)
|
||||||
|
@ -467,7 +474,7 @@ main(int argc, char **argv)
|
||||||
default_files[i]);
|
default_files[i]);
|
||||||
if (stat(buf, &st) < 0)
|
if (stat(buf, &st) < 0)
|
||||||
continue;
|
continue;
|
||||||
if (do_file(ac, deleting, buf) == -1)
|
if (do_file(ac, deleting, key_only, buf) == -1)
|
||||||
ret = 1;
|
ret = 1;
|
||||||
else
|
else
|
||||||
count++;
|
count++;
|
||||||
|
@ -476,7 +483,7 @@ main(int argc, char **argv)
|
||||||
ret = 1;
|
ret = 1;
|
||||||
} else {
|
} else {
|
||||||
for (i = 0; i < argc; i++) {
|
for (i = 0; i < argc; i++) {
|
||||||
if (do_file(ac, deleting, argv[i]) == -1)
|
if (do_file(ac, deleting, key_only, argv[i]) == -1)
|
||||||
ret = 1;
|
ret = 1;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue