logging RSA key IDs

Fri Feb 4 01:43:40 EST 2000

On Thu, Feb 03, 2000 at 08:43:40AM +0100, Markus Friedl wrote:
> On Wed, Feb 02, 2000 at 03:58:54PM -0800, Phil Karn wrote:
> > Thanks. The patch works as intended, though I have no tool to map
> > those key fingerprints back into the actual keys listed in
> > .ssh/authorized_keys...
> 
> 	% ssh-keygen -l -f FILE
> works for files with one key only, e.g. identity.pub.
> i'am happy to accept patches that make this work
> for authorized_keys and known_hosts.

try this.

Index: ssh-keygen.c
===================================================================
RCS file: /home/markus/cvs/ssh/ssh-keygen.c,v
retrieving revision 1.14
diff -u -r1.14 ssh-keygen.c

--- ssh-keygen.c	1999/11/24 19:53:52	1.14
+++ ssh-keygen.c	2000/02/03 14:42:37
@@ -76,9 +76,10 @@
 void
 do_fingerprint(struct passwd *pw)
 {
-	char *comment;
+	char *comment = NULL;
 	RSA *public_key;
 	struct stat st;
+	int invalid = 0;
 
 	if (!have_identity)
 		ask_filename(pw, "Enter file in which the key is");
@@ -87,37 +88,60 @@
 		exit(1);
 	}
 	public_key = RSA_new();
-	if (!load_public_key(identity_file, public_key, &comment)) {
-		char *cp, line[1024];
+	if (load_public_key(identity_file, public_key, &comment)) {
+		printf("%d %s %s\n", BN_num_bits(public_key->n),
+		    fingerprint(public_key->e, public_key->n),
+		    comment);
+		RSA_free(public_key);
+	} else {
 		BIGNUM *e, *n;
-		int dummy, invalid = 0;
-		FILE *f = fopen(identity_file, "r");
-		n = BN_new();
-		e = BN_new();
-		if (f && fgets(line, sizeof(line), f)) {
-			cp = line;
-			line[strlen(line) - 1] = '\0';
-			if (auth_rsa_read_key(&cp, &dummy, e, n)) {
-				public_key->e = e;
-				public_key->n = n;
-				comment = xstrdup(cp ? cp : "no comment");
-			} else {
-				invalid = 1;
+		FILE *f;
+		char *cp, line[1024];
+		int dummy;
+
+		invalid = 1;
+		f = fopen(identity_file, "r");
+		if (f != NULL) {
+			n = BN_new();
+			e = BN_new();
+			while (fgets(line, sizeof(line), f)) {
+				line[strlen(line) - 1] = '\0';
+
+				/* Skip leading whitespace, empty and comment lines. */
+				for (cp = line; *cp == ' ' || *cp == '\t'; cp++)
+					;
+				if (!*cp || *cp == '\n' || *cp == '#')
+					continue ;
+				if (*cp < '0' || *cp > '9') {
+					int quoted = 0;
+					comment = cp;
+					for (; *cp && (quoted || (*cp != ' ' && *cp != '\t')); cp++) {
+						if (*cp == '\\' && cp[1] == '"')
+							cp++;	/* Skip both */
+						else if (*cp == '"')
+							quoted = !quoted;
+					}
+					if (*cp == '\0')
+						continue;
+					*cp++ = '\0';
+				}
+				if (auth_rsa_read_key(&cp, &dummy, e, n)) {
+					invalid = 0;
+					comment = *cp ? cp : comment;
+					printf("%d %s %s\n", BN_num_bits(n),
+					    fingerprint(e, n),
+					    comment ? comment : "no comment");
+				}
 			}
-		} else {
-			invalid = 1;
-		}
-		if (invalid) {
-			printf("%s is not a valid key file.\n", identity_file);
 			BN_free(e);
 			BN_free(n);
-			exit(1);
+			fclose(f);
 		}
 	}
-	printf("%d %s %s\n", BN_num_bits(public_key->n),
-	       fingerprint(public_key->e, public_key->n),
-	       comment);
-	RSA_free(public_key);
+	if (invalid) {
+		printf("%s is not a valid key file.\n", identity_file);
+		exit(1);
+	}
 	exit(0);
 }
 
@@ -310,7 +334,7 @@
 usage(void)
 {
 	printf("ssh-keygen version %s\n", SSH_VERSION);
-	printf("Usage: %s [-b bits] [-p] [-c] [-f file] [-P pass] [-N new-pass] [-C comment]\n", __progname);
+	printf("Usage: %s [-b bits] [-p] [-c] [-l] [-f file] [-P pass] [-N new-pass] [-C comment]\n", __progname);
 	exit(1);
 }
 



