[openssh-commits] [openssh] 02/06: upstream: allow ssh-keyscan to find security key hostkeys
git+noreply at mindrot.org
git+noreply at mindrot.org
Mon Dec 16 14:20:44 AEDT 2019
This is an automated email from the git hooks/post-receive script.
djm pushed a commit to branch master
in repository openssh.
commit 9b6e30b96b094ad787511a5b989253e3b8fe1789
Author: djm at openbsd.org <djm at openbsd.org>
Date: Sun Dec 15 19:47:10 2019 +0000
upstream: allow ssh-keyscan to find security key hostkeys
OpenBSD-Commit-ID: 1fe822a7f714df19a7e7184e3a3bbfbf546811d3
---
ssh-keyscan.c | 24 +++++++++++++++++++++---
1 file changed, 21 insertions(+), 3 deletions(-)
diff --git a/ssh-keyscan.c b/ssh-keyscan.c
index 5de0508d..a5e64407 100644
--- a/ssh-keyscan.c
+++ b/ssh-keyscan.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keyscan.c,v 1.130 2019/09/06 05:23:55 djm Exp $ */
+/* $OpenBSD: ssh-keyscan.c,v 1.131 2019/12/15 19:47:10 djm Exp $ */
/*
* Copyright 1995, 1996 by David Mazieres <dm at lcs.mit.edu>.
*
@@ -61,12 +61,14 @@ int ssh_port = SSH_DEFAULT_PORT;
#define KT_ECDSA (1<<2)
#define KT_ED25519 (1<<3)
#define KT_XMSS (1<<4)
+#define KT_ECDSA_SK (1<<5)
+#define KT_ED25519_SK (1<<6)
#define KT_MIN KT_DSA
-#define KT_MAX KT_XMSS
+#define KT_MAX KT_ED25519_SK
int get_cert = 0;
-int get_keytypes = KT_RSA|KT_ECDSA|KT_ED25519;
+int get_keytypes = KT_RSA|KT_ECDSA|KT_ED25519|KT_ECDSA_SK|KT_ED25519_SK;
int hash_hosts = 0; /* Hash hostname on output */
@@ -259,6 +261,16 @@ keygrab_ssh2(con *c)
"ecdsa-sha2-nistp384,"
"ecdsa-sha2-nistp521";
break;
+ case KT_ECDSA_SK:
+ myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = get_cert ?
+ "sk-ecdsa-sha2-nistp256-cert-v01 at openssh.com" :
+ "sk-ecdsa-sha2-nistp256 at openssh.com";
+ break;
+ case KT_ED25519_SK:
+ myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = get_cert ?
+ "sk-ssh-ed25519-cert-v01 at openssh.com" :
+ "sk-ssh-ed25519 at openssh.com";
+ break;
default:
fatal("unknown key type %d", c->c_keytype);
break;
@@ -735,6 +747,12 @@ main(int argc, char **argv)
case KEY_XMSS:
get_keytypes |= KT_XMSS;
break;
+ case KEY_ED25519_SK:
+ get_keytypes |= KT_ED25519_SK;
+ break;
+ case KEY_ECDSA_SK:
+ get_keytypes |= KT_ECDSA_SK;
+ break;
case KEY_UNSPEC:
default:
fatal("Unknown key type \"%s\"", tname);
--
To stop receiving notification emails like this one, please contact
djm at mindrot.org.
More information about the openssh-commits
mailing list