upstream: allow ssh-keyscan to find security key hostkeys

OpenBSD-Commit-ID: 1fe822a7f714df19a7e7184e3a3bbfbf546811d3
This commit is contained in:
djm@openbsd.org 2019-12-15 19:47:10 +00:00 committed by Damien Miller
parent 56584cce75
commit 9b6e30b96b
1 changed files with 21 additions and 3 deletions

View File

@ -1,4 +1,4 @@
/* $OpenBSD: ssh-keyscan.c,v 1.130 2019/09/06 05:23:55 djm Exp $ */ /* $OpenBSD: ssh-keyscan.c,v 1.131 2019/12/15 19:47:10 djm Exp $ */
/* /*
* Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>. * Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
* *
@ -61,12 +61,14 @@ int ssh_port = SSH_DEFAULT_PORT;
#define KT_ECDSA (1<<2) #define KT_ECDSA (1<<2)
#define KT_ED25519 (1<<3) #define KT_ED25519 (1<<3)
#define KT_XMSS (1<<4) #define KT_XMSS (1<<4)
#define KT_ECDSA_SK (1<<5)
#define KT_ED25519_SK (1<<6)
#define KT_MIN KT_DSA #define KT_MIN KT_DSA
#define KT_MAX KT_XMSS #define KT_MAX KT_ED25519_SK
int get_cert = 0; int get_cert = 0;
int get_keytypes = KT_RSA|KT_ECDSA|KT_ED25519; int get_keytypes = KT_RSA|KT_ECDSA|KT_ED25519|KT_ECDSA_SK|KT_ED25519_SK;
int hash_hosts = 0; /* Hash hostname on output */ int hash_hosts = 0; /* Hash hostname on output */
@ -259,6 +261,16 @@ keygrab_ssh2(con *c)
"ecdsa-sha2-nistp384," "ecdsa-sha2-nistp384,"
"ecdsa-sha2-nistp521"; "ecdsa-sha2-nistp521";
break; break;
case KT_ECDSA_SK:
myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = get_cert ?
"sk-ecdsa-sha2-nistp256-cert-v01@openssh.com" :
"sk-ecdsa-sha2-nistp256@openssh.com";
break;
case KT_ED25519_SK:
myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = get_cert ?
"sk-ssh-ed25519-cert-v01@openssh.com" :
"sk-ssh-ed25519@openssh.com";
break;
default: default:
fatal("unknown key type %d", c->c_keytype); fatal("unknown key type %d", c->c_keytype);
break; break;
@ -735,6 +747,12 @@ main(int argc, char **argv)
case KEY_XMSS: case KEY_XMSS:
get_keytypes |= KT_XMSS; get_keytypes |= KT_XMSS;
break; break;
case KEY_ED25519_SK:
get_keytypes |= KT_ED25519_SK;
break;
case KEY_ECDSA_SK:
get_keytypes |= KT_ECDSA_SK;
break;
case KEY_UNSPEC: case KEY_UNSPEC:
default: default:
fatal("Unknown key type \"%s\"", tname); fatal("Unknown key type \"%s\"", tname);