- djm@cvs.openbsd.org 2011/10/18 05:00:48

[ssh-add.1 ssh-add.c]
     new "ssh-add -k" option to load plain keys (skipping certificates);
     "looks ok" markus@
This commit is contained in:
Damien Miller 2011-10-18 16:06:33 +11:00
parent c51a5ab2c6
commit 8f4279e4ab
3 changed files with 27 additions and 13 deletions

View File

@ -16,6 +16,10 @@
[auth-options.c key.c] [auth-options.c key.c]
remove explict search for \0 in packet strings, this job is now done remove explict search for \0 in packet strings, this job is now done
implicitly by buffer_get_cstring; ok markus implicitly by buffer_get_cstring; ok markus
- djm@cvs.openbsd.org 2011/10/18 05:00:48
[ssh-add.1 ssh-add.c]
new "ssh-add -k" option to load plain keys (skipping certificates);
"looks ok" markus@
20111001 20111001
- (dtucker) [openbsd-compat/mktemp.c] Fix compiler warning. ok djm - (dtucker) [openbsd-compat/mktemp.c] Fix compiler warning. ok djm

View File

@ -1,4 +1,4 @@
.\" $OpenBSD: ssh-add.1,v 1.55 2010/10/28 18:33:28 jmc Exp $ .\" $OpenBSD: ssh-add.1,v 1.56 2011/10/18 05:00:48 djm Exp $
.\" .\"
.\" Author: Tatu Ylonen <ylo@cs.hut.fi> .\" Author: Tatu Ylonen <ylo@cs.hut.fi>
.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -35,7 +35,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\" .\"
.Dd $Mdocdate: October 28 2010 $ .Dd $Mdocdate: October 18 2011 $
.Dt SSH-ADD 1 .Dt SSH-ADD 1
.Os .Os
.Sh NAME .Sh NAME
@ -43,7 +43,7 @@
.Nd adds private key identities to the authentication agent .Nd adds private key identities to the authentication agent
.Sh SYNOPSIS .Sh SYNOPSIS
.Nm ssh-add .Nm ssh-add
.Op Fl cDdLlXx .Op Fl cDdkLlXx
.Op Fl t Ar life .Op Fl t Ar life
.Op Ar .Op Ar
.Nm ssh-add .Nm ssh-add
@ -110,6 +110,9 @@ and retry.
.It Fl e Ar pkcs11 .It Fl e Ar pkcs11
Remove keys provided by the PKCS#11 shared library Remove keys provided by the PKCS#11 shared library
.Ar pkcs11 . .Ar pkcs11 .
.It Fl k
When loading keys into the agent, load plain private keys only and skip
certificates.
.It Fl L .It Fl L
Lists public key parameters of all identities currently represented Lists public key parameters of all identities currently represented
by the agent. by the agent.

View File

@ -1,4 +1,4 @@
/* $OpenBSD: ssh-add.c,v 1.101 2011/05/04 21:15:29 djm Exp $ */ /* $OpenBSD: ssh-add.c,v 1.102 2011/10/18 05:00:48 djm Exp $ */
/* /*
* Author: Tatu Ylonen <ylo@cs.hut.fi> * Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -139,11 +139,11 @@ delete_all(AuthenticationConnection *ac)
} }
static int static int
add_file(AuthenticationConnection *ac, const char *filename) add_file(AuthenticationConnection *ac, const char *filename, int key_only)
{ {
Key *private, *cert; Key *private, *cert;
char *comment = NULL; char *comment = NULL;
char msg[1024], *certpath; char msg[1024], *certpath = NULL;
int fd, perms_ok, ret = -1; int fd, perms_ok, ret = -1;
Buffer keyblob; Buffer keyblob;
@ -219,6 +219,9 @@ add_file(AuthenticationConnection *ac, const char *filename)
fprintf(stderr, "Could not add identity: %s\n", filename); fprintf(stderr, "Could not add identity: %s\n", filename);
} }
/* Skip trying to load the cert if requested */
if (key_only)
goto out;
/* Now try to add the certificate flavour too */ /* Now try to add the certificate flavour too */
xasprintf(&certpath, "%s-cert.pub", filename); xasprintf(&certpath, "%s-cert.pub", filename);
@ -253,6 +256,7 @@ add_file(AuthenticationConnection *ac, const char *filename)
if (confirm != 0) if (confirm != 0)
fprintf(stderr, "The user must confirm each use of the key\n"); fprintf(stderr, "The user must confirm each use of the key\n");
out: out:
if (certpath != NULL)
xfree(certpath); xfree(certpath);
xfree(comment); xfree(comment);
key_free(private); key_free(private);
@ -347,13 +351,13 @@ lock_agent(AuthenticationConnection *ac, int lock)
} }
static int static int
do_file(AuthenticationConnection *ac, int deleting, char *file) do_file(AuthenticationConnection *ac, int deleting, int key_only, char *file)
{ {
if (deleting) { if (deleting) {
if (delete_file(ac, file) == -1) if (delete_file(ac, file) == -1)
return -1; return -1;
} else { } else {
if (add_file(ac, file) == -1) if (add_file(ac, file, key_only) == -1)
return -1; return -1;
} }
return 0; return 0;
@ -383,7 +387,7 @@ main(int argc, char **argv)
extern int optind; extern int optind;
AuthenticationConnection *ac = NULL; AuthenticationConnection *ac = NULL;
char *pkcs11provider = NULL; char *pkcs11provider = NULL;
int i, ch, deleting = 0, ret = 0; int i, ch, deleting = 0, ret = 0, key_only = 0;
/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
sanitise_stdfd(); sanitise_stdfd();
@ -400,8 +404,11 @@ main(int argc, char **argv)
"Could not open a connection to your authentication agent.\n"); "Could not open a connection to your authentication agent.\n");
exit(2); exit(2);
} }
while ((ch = getopt(argc, argv, "lLcdDxXe:s:t:")) != -1) { while ((ch = getopt(argc, argv, "klLcdDxXe:s:t:")) != -1) {
switch (ch) { switch (ch) {
case 'k':
key_only = 1;
break;
case 'l': case 'l':
case 'L': case 'L':
if (list_identities(ac, ch == 'l' ? 1 : 0) == -1) if (list_identities(ac, ch == 'l' ? 1 : 0) == -1)
@ -467,7 +474,7 @@ main(int argc, char **argv)
default_files[i]); default_files[i]);
if (stat(buf, &st) < 0) if (stat(buf, &st) < 0)
continue; continue;
if (do_file(ac, deleting, buf) == -1) if (do_file(ac, deleting, key_only, buf) == -1)
ret = 1; ret = 1;
else else
count++; count++;
@ -476,7 +483,7 @@ main(int argc, char **argv)
ret = 1; ret = 1;
} else { } else {
for (i = 0; i < argc; i++) { for (i = 0; i < argc; i++) {
if (do_file(ac, deleting, argv[i]) == -1) if (do_file(ac, deleting, key_only, argv[i]) == -1)
ret = 1; ret = 1;
} }
} }