ssh-keyscan for ssh2

Wayne Davison wayne at blorf.net
Mon Jun 11 07:03:50 EST 2001


On Thu, 7 Jun 2001, Markus Friedl wrote:
>         fatal_add_cleanup(fatal_callback, NULL);

I had wanted to also suppress the error, but I suppose that's not
strictly necessary.

Here's a version of my patch that uses your suggestion for changing the
handling of fatal errors, works with the latest changes to the ssh2
connect code, and also updates the ssh-keyscan man page.

..wayne..
-------------- next part --------------
Index: ssh-keyscan.1
--- ssh-keyscan.1	2001/04/19 20:31:02	1.5
+++ ssh-keyscan.1	2001/06/10 20:58:41
@@ -15,14 +15,20 @@
 .Nd gather ssh public keys
 .Sh SYNOPSIS
 .Nm ssh-keyscan
-.Op Fl t Ar timeout
-.Op Ar -- | host | addrlist namelist
-.Op Fl f Ar files ...
+.Op Fl v46
+.Op Fl T Ar timeout
+.Op Fl t Ar type
+.Op Fl -
+.Op Ar host | addrlist namelist
+.Op Fl f Ar files
+.Ar ...
 .Sh DESCRIPTION
 .Nm
 is a utility for gathering the public ssh host keys of a number of
 hosts.  It was designed to aid in building and verifying
 .Pa ssh_known_hosts
+and
+.Pa ssh_known_hosts2
 files.
 .Nm
 provides a minimal interface suitable for use by shell and perl
@@ -47,14 +53,43 @@
 have begun after you created your ssh_known_hosts file.
 .Sh OPTIONS
 .Bl -tag -width Ds
-.It Fl t
+.It Fl v
+Verbose mode.
+Causes
+.Nm
+to print debugging messages about its progress.
+.It Fl 4
+Forces
+.Nm
+to use IPv4 addresses only.
+.It Fl 6
+Forces
+.Nm
+to use IPv6 addresses only.
+.It Fl T
 Set the timeout for connection attempts.  If 
 .Pa timeout
 seconds have elapsed since a connection was initiated to a host or since the
 last time anything was read from that host, then the connection is
 closed and the host in question considered unavailable.  Default is 5
 seconds.
-.It Fl f
+.It Fl t Ar type
+Specifies the type of the key to fetch from the following hosts.
+The possible values are
+.Dq rsa1
+for protocol version 1 and
+.Dq rsa
+or
+.Dq dsa
+for protocol version 2.
+Multiple values may be specified by separating them with commas.
+The default is
+.Dq rsa1 .
+Specifying the
+.Pa -t
+option again later on the line will change the value for the hostnames that
+follow, allowing you to get different key-types from different hosts.
+.It Fl f Ar filename
 Read hosts or 
 .Pa addrlist namelist
 pairs from this file, one per line.
@@ -65,40 +100,68 @@
 will read hosts or 
 .Pa addrlist namelist
 pairs from the standard input.
+It is legal to specify multiple
+.Pa -f
+options and to intermingle them with literal hostnames in any order.
 .El
 .Sh EXAMPLES
 .Pp
-Print the host key for machine
-.Pa hostname :
+Print the
+.Pa rsa1
+host key for machine
+.Pa host1
+and the
+.Pa dsa
+host key for machine
+.Pa host2 :
 .Bd -literal
-ssh-keyscan hostname
+ssh-keyscan host1 -t dsa host2
 .Ed
 .Pp
 Find all hosts from the file
 .Pa ssh_hosts
 which have new or different keys from those in the sorted file
-.Pa ssh_known_hosts :
+.Pa ssh_known_hosts2 :
 .Bd -literal
-$ ssh-keyscan -f ssh_hosts | sort -u - ssh_known_hosts | \e\ 
-	diff ssh_known_hosts -
+$ ssh-keyscan -t rsa,dsa -f ssh_hosts | \e\ 
+	sort -u - ssh_known_hosts2 | diff ssh_known_hosts2 -
 .Ed
 .Pp
 .Sh FILES
 .Pp
 .Pa Input format:
+.Bd -literal
 1.2.3.4,1.2.4.4 name.my.domain,name,n.my.domain,n,1.2.3.4,1.2.4.4
+.Ed
 .Pp
-.Pa Output format:
+.Pa Output format for rsa1 keys:
+.Bd -literal
 host-or-namelist bits exponent modulus
+.Ed
+.Pp
+.Pa Output format for rsa and dsa keys:
+.Bd -literal
+host-or-namelist keytype base64-encoded-key
+.Ed
+.Pp
+Where
+.Pa keytype
+is either
+.Dq ssh-rsa
+or
+.Dq ssh-dsa .
 .Pp
 .Pa /etc/ssh_known_hosts
 .Sh BUGS
 It generates "Connection closed by remote host" messages on the consoles
-of all the machines it scans.
+of all the machines it scans if the server is older than version 2.9.
 This is because it opens a connection to the ssh port, reads the public
 key, and drops the connection as soon as it gets the key.
 .Sh SEE ALSO
 .Xr ssh 1 ,
 .Xr sshd 8
-.Sh AUTHOR
+.Sh AUTHORS
 David Mazieres <dm at lcs.mit.edu>
+wrote the initial version, and
+Wayne Davison <wayned at users.sourceforge.net>
+added support for ssh protocol 2.
Index: ssh-keyscan.c
--- ssh-keyscan.c	2001/03/14 18:37:13	1.26
+++ ssh-keyscan.c	2001/06/10 20:58:42
@@ -19,10 +19,16 @@
 
 #include <openssl/bn.h>
 
+#include <setjmp.h>
 #include "xmalloc.h"
 #include "ssh.h"
 #include "ssh1.h"
 #include "key.h"
+#include "kex.h"
+#include "compat.h"
+#include "myproposal.h"
+#include "packet.h"
+#include "dispatch.h"
 #include "buffer.h"
 #include "bufaux.h"
 #include "log.h"
@@ -30,7 +36,19 @@
 
 static int argno = 1;		/* Number of argument currently being parsed */
 
-int family = AF_UNSPEC;		/* IPv4, IPv6 or both */
+/* Flag indicating whether IPv4 or IPv6.  This can be set on the command line.
+   Default value is AF_UNSPEC means both IPv4 and IPv6. */
+#ifdef IPV4_DEFAULT
+int IPv4or6 = AF_INET;
+#else
+int IPv4or6 = AF_UNSPEC;
+#endif
+
+#define KT_RSA1	1
+#define KT_DSA	2
+#define KT_RSA	4
+
+int get_keytypes = KT_RSA1;	/* Get only RSA1 keys by default */
 
 #define MAXMAXFD 256
 
@@ -48,6 +66,8 @@
 fd_set *read_wait;
 size_t read_wait_size;
 int ncon;
+int nonfatal_fatal = 0;
+jmp_buf kexjmp;
 
 /*
  * Keep a connection structure for each file descriptor.  The state
@@ -63,11 +83,13 @@
 	int c_plen;		/* Packet length field for ssh packet */
 	int c_len;		/* Total bytes which must be read. */
 	int c_off;		/* Length of data read so far. */
+	int c_keytype;		/* Only one of KT_RSA1, KT_DSA, or KT_RSA */
 	char *c_namebase;	/* Address to free for c_name and c_namelist */
 	char *c_name;		/* Hostname of connection for errors */
 	char *c_namelist;	/* Pointer to other possible addresses */
 	char *c_output_name;	/* Hostname of connection for output */
 	char *c_data;		/* Data read from this fd */
+	Kex *c_kex;		/* The key-exchange struct for ssh2 */
 	struct timeval c_tv;	/* Time at which connection gets aborted */
 	TAILQ_ENTRY(Connection) c_link;	/* List of connections in timeout order. */
 } con;
@@ -261,8 +283,8 @@
 	return (tok);
 }
 
-void
-keyprint(char *host, char *output_name, char *kd, int len)
+Key *
+keygrab_ssh1(con *c)
 {
 	static Key *rsa;
 	static Buffer msg;
@@ -271,12 +293,12 @@
 		buffer_init(&msg);
 		rsa = key_new(KEY_RSA1);
 	}
-	buffer_append(&msg, kd, len);
-	buffer_consume(&msg, 8 - (len & 7));	/* padding */
+	buffer_append(&msg, c->c_data, c->c_plen);
+	buffer_consume(&msg, 8 - (c->c_plen & 7));	/* padding */
 	if (buffer_get_char(&msg) != (int) SSH_SMSG_PUBLIC_KEY) {
-		error("%s: invalid packet type", host);
+		error("%s: invalid packet type", c->c_name);
 		buffer_clear(&msg);
-		return;
+		return NULL;
 	}
 	buffer_consume(&msg, 8);		/* cookie */
 
@@ -289,10 +311,54 @@
 	(void) buffer_get_int(&msg);
 	buffer_get_bignum(&msg, rsa->rsa->e);
 	buffer_get_bignum(&msg, rsa->rsa->n);
+
 	buffer_clear(&msg);
+
+	return (rsa);
+}
+
+int
+hostjump(Key *hostkey)
+{
+	longjmp(kexjmp, (int)hostkey);
+}
+
+Key *
+keygrab_ssh2(con *c)
+{
+	int j;
 
-	fprintf(stdout, "%s ", output_name ? output_name : host);
-	key_write(rsa, stdout);
+	packet_set_connection(c->c_fd, c->c_fd);
+	enable_compat20();
+	myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = c->c_keytype == KT_DSA?
+	    "ssh-dss": "ssh-rsa";
+	c->c_kex = kex_setup(myproposal);
+	c->c_kex->check_host_key = hostjump;
+
+	if (!(j = setjmp(kexjmp))) {
+		nonfatal_fatal = 1;
+		dispatch_run(DISPATCH_BLOCK, &c->c_kex->done, c->c_kex);
+		fprintf(stderr, "Impossible! dispatch_run() returned!\n");
+		exit(1);
+	}
+	nonfatal_fatal = 0;
+	xfree(c->c_kex);
+	c->c_kex = NULL;
+	packet_close();
+	if (j < 0)
+		j = 0;
+
+	return (Key*)(j);
+}
+
+void
+keyprint(con *c, Key *key)
+{
+	if (!key)
+		return;
+
+	fprintf(stdout, "%s ", c->c_output_name ? c->c_output_name : c->c_name);
+	key_write(key, stdout);
 	fputs("\n", stdout);
 }
 
@@ -305,7 +371,7 @@
 
 	snprintf(strport, sizeof strport, "%d", SSH_DEFAULT_PORT);
 	memset(&hints, 0, sizeof(hints));
-	hints.ai_family = family;
+	hints.ai_family = IPv4or6;
 	hints.ai_socktype = SOCK_STREAM;
 	if ((gaierr = getaddrinfo(host, strport, &hints, &aitop)) != 0)
 		fatal("getaddrinfo %s: %s", host, gai_strerror(gaierr));
@@ -330,7 +396,7 @@
 }
 
 int
-conalloc(char *iname, char *oname)
+conalloc(char *iname, char *oname, int keytype)
 {
 	int s;
 	char *namebase, *name, *namelist;
@@ -359,6 +425,7 @@
 	fdcon[s].c_data = (char *) &fdcon[s].c_plen;
 	fdcon[s].c_len = 4;
 	fdcon[s].c_off = 0;
+	fdcon[s].c_keytype = keytype;
 	gettimeofday(&fdcon[s].c_tv, NULL);
 	fdcon[s].c_tv.tv_sec += timeout;
 	TAILQ_INSERT_TAIL(&tq, &fdcon[s], c_link);
@@ -378,6 +445,7 @@
 	if (fdcon[s].c_status == CS_KEYS)
 		xfree(fdcon[s].c_data);
 	fdcon[s].c_status = CS_UNUSED;
+	fdcon[s].c_keytype = 0;
 	TAILQ_REMOVE(&tq, &fdcon[s], c_link);
 	FD_CLR(s, read_wait);
 	ncon--;
@@ -397,21 +465,16 @@
 {
 	int ret;
 	con *c = &fdcon[s];
-	char *iname, *oname;
 
-	iname = xstrdup(c->c_namelist);
-	oname = xstrdup(c->c_output_name);
+	ret = conalloc(c->c_namelist, c->c_output_name, c->c_keytype);
 	confree(s);
-	ret = conalloc(iname, oname);
-	xfree(iname);
-	xfree(oname);
 	return (ret);
 }
 
 void
 congreet(int s)
 {
-	char buf[80], *cp;
+	char buf[256], *cp;
 	size_t bufsiz;
 	int n = 0;
 	con *c = &fdcon[s];
@@ -433,12 +496,27 @@
 	}
 	*cp = '\0';
 	fprintf(stderr, "# %s %s\n", c->c_name, buf);
-	n = snprintf(buf, sizeof buf, "SSH-1.5-OpenSSH-keyscan\r\n");
+	if (c->c_keytype != KT_RSA1) {
+		char remote_version[sizeof buf];
+
+		if (sscanf(buf, "SSH-%*d.%*d-%[^\n]\n", remote_version) == 1)
+			compat_datafellows(remote_version);
+		else
+			datafellows = 0;
+	}
+	n = snprintf(buf, sizeof buf, "SSH-%d.%d-OpenSSH-keyscan\r\n",
+	    c->c_keytype == KT_RSA1? PROTOCOL_MAJOR_1 : PROTOCOL_MAJOR_2,
+	    c->c_keytype == KT_RSA1? PROTOCOL_MINOR_1 : PROTOCOL_MINOR_2);
 	if (atomicio(write, s, buf, n) != n) {
 		error("write (%s): %s", c->c_name, strerror(errno));
 		confree(s);
 		return;
 	}
+	if (c->c_keytype != KT_RSA1) {
+		keyprint(c, keygrab_ssh2(c));
+		confree(s);
+		return;
+	}
 	c->c_status = CS_SIZE;
 	contouch(s);
 }
@@ -471,7 +549,7 @@
 			c->c_status = CS_KEYS;
 			break;
 		case CS_KEYS:
-			keyprint(c->c_name, c->c_output_name, c->c_data, c->c_plen);
+			keyprint(c, keygrab_ssh1(c));
 			confree(s);
 			return;
 			break;
@@ -539,49 +617,99 @@
 nexthost(int argc, char **argv)
 {
 	static Linebuf *lb;
+	char *fname, *tname;
 
 	for (;;) {
-		if (!lb) {
-			if (argno >= argc)
-				return (NULL);
-			if (argv[argno][0] != '-')
-				return (argv[argno++]);
-			if (!strcmp(argv[argno], "--")) {
+		if (lb) {
+			char *line;
+
+			line = Linebuf_getline(lb);
+			if (line)
+				return (line);
+			Linebuf_free(lb);
+			lb = NULL;
+		}
+		if (argno >= argc)
+			return (NULL);
+		if (argv[argno][0] != '-')
+			return (argv[argno++]);
+		while (*++(argv[argno])) {
+			switch (argv[argno][0]) {
+			case '-':
 				if (++argno >= argc)
 					return (NULL);
 				return (argv[argno++]);
-			} else if (!strncmp(argv[argno], "-f", 2)) {
-				char *fname;
-
-				if (argv[argno][2])
-					fname = &argv[argno++][2];
+			case 'f':
+				if (argv[argno][1])
+					fname = &argv[argno][1];
 				else if (++argno >= argc) {
 					error("missing filename for `-f'");
 					return (NULL);
 				} else
-					fname = argv[argno++];
+					fname = argv[argno];
 				if (!strcmp(fname, "-"))
 					fname = NULL;
 				lb = Linebuf_alloc(fname, error);
-			} else
+				goto double_break;
+			case 't':
+				get_keytypes = 0;
+				tname = &argv[argno][1];
+				if (!*tname) {
+					if (++argno >= argc) {
+						error("missing types for `-t'");
+						return (NULL);
+					}
+					tname = argv[argno];
+				}
+				tname = strtok(tname, ",");
+				while (tname) {
+					int type = key_type_from_name(tname);
+					switch (type) {
+					case KEY_RSA1:
+						get_keytypes |= KT_RSA1;
+						break;
+					case KEY_DSA:
+						get_keytypes |= KT_DSA;
+						break;
+					case KEY_RSA:
+						get_keytypes |= KT_RSA;
+						break;
+					case KEY_UNSPEC:
+						fatal("unknown key type %s\n",
+						    tname);
+					}
+					tname = strtok(NULL, ",");
+				}
+				goto double_break;
+			case '4':
+				IPv4or6 = AF_INET;
+				break;
+			case '6':
+				IPv4or6 = AF_INET6;
+				break;
+			default:
 				error("ignoring invalid/misplaced option `%s'",
-				    argv[argno++]);
-		} else {
-			char *line;
-
-			line = Linebuf_getline(lb);
-			if (line)
-				return (line);
-			Linebuf_free(lb);
-			lb = NULL;
+				    argv[argno]);
+				goto double_break;
+			}
 		}
+double_break:
+		argno++;
 	}
 }
 
 void
+fatal_callback(void *arg)
+{
+	if (nonfatal_fatal)
+		longjmp(kexjmp, -1);
+}
+
+void
 usage(void)
 {
-	fatal("usage: %s [-t timeout] { [--] host | -f file } ...", __progname);
+	fatal("usage: %s [-v46] [-T timeout] { [-t type] [--] host | -f file } ...",
+	    __progname);
 	return;
 }
 
@@ -589,6 +717,7 @@
 main(int argc, char **argv)
 {
 	char *host = NULL;
+	int debug_flag = 0, log_level = SYSLOG_LEVEL_INFO;
 
 	__progname = get_progname(argv[0]);
 	TAILQ_INIT(&tq);
@@ -596,21 +725,46 @@
 	if (argc <= argno)
 		usage();
 
-	if (argv[1][0] == '-' && argv[1][1] == 't') {
-		argno++;
-		if (argv[1][2])
-			timeout = atoi(&argv[1][2]);
-		else {
-			if (argno >= argc)
-				usage();
-			timeout = atoi(argv[argno++]);
+	while (argv[argno][0] == '-') {
+		while (*++(argv[argno])) {
+			switch (argv[argno][0]) {
+			case 'T':
+				if (argv[argno][1])
+					timeout = atoi(&argv[argno][1]);
+				else {
+					if (++argno >= argc)
+						usage();
+					timeout = atoi(argv[argno]);
+				}
+				if (timeout <= 0)
+					usage();
+				goto double_break;
+			case 'v':
+				if (!debug_flag) {
+					debug_flag = 1;
+					log_level = SYSLOG_LEVEL_DEBUG1;
+				}
+				else if (log_level < SYSLOG_LEVEL_DEBUG3)
+					log_level++;
+				else
+					fatal("Too high debugging level.");
+				break;
+			default:
+				if (*--(argv[argno]) != '-')
+					fatal("Please separate options T and v from any other options.");
+				goto triple_break;
+			}
 		}
-		if (timeout <= 0)
-			usage();
+double_break:
+		argno++;
 	}
+triple_break:
 	if (argc <= argno)
 		usage();
 
+	log_init("ssh-keyscan", log_level, SYSLOG_FACILITY_USER, 1);
+	fatal_add_cleanup(fatal_callback, NULL);
+
 	maxfd = fdlim_get(1);
 	if (maxfd < 0)
 		fatal("%s: fdlim_get: bad value", __progname);
@@ -623,6 +777,9 @@
 	fdcon = xmalloc(maxfd * sizeof(con));
 	memset(fdcon, 0, maxfd * sizeof(con));
 
+	init_rng();
+	seed_rng();
+
 	read_wait_size = howmany(maxfd, NFDBITS) * sizeof(fd_mask);
 	read_wait = xmalloc(read_wait_size);
 	memset(read_wait, 0, read_wait_size);
@@ -630,12 +787,16 @@
 	do {
 		while (ncon < MAXCON) {
 			char *name;
+			int j;
 
 			host = nexthost(argc, argv);
 			if (host == NULL)
 				break;
 			name = strnnsep(&host, " \t\n");
-			conalloc(name, *host ? host : name);
+			for (j = KT_RSA1; j <= KT_RSA; j *= 2) {
+				if (get_keytypes & j)
+					conalloc(name, *host ? host : name, j);
+			}
 		}
 		conloop();
 	} while (host);


More information about the openssh-unix-dev mailing list